S4

If you’re just coming to this blog after my presentation yesterday at Digital Bond’s S4 conference, welcome! I promised at the end of the presentation (actually, all presenters were called “performers” this year, mainly because the new location at the Jackie Gleason Theatre in South Miami Beach allowed a very different experience. I tried to take advantage of this) that you could come to my blog for more information on the ideas I had presented.

I must say that the presentation is ahead of my blog. The presentation lays out at a high level how I think NERC CIP should be rewritten, and in my blog I’m still finishing up my case for why it should be rewritten in the first place (I came to the conclusion that this has to happen only a few weeks ago). But my previous post kind of sets a coda to that, although I’m sure I’ll have more to say about that topic, even while I’m laying out how I think the new CIP should work (which I’m sure will take months, since I do have a day job and I’m trying to have as many conversations with as many people as possible about what the new CIP should look like).

For anyone interested, I’ll be glad to send you my slides if you email me at talrich@deloitte.com. The “performances” were videotaped and will be posted on Digital Bond’s web site, although it may take a few weeks for that to happen. I’ll put up the link here when it is posted. I do think this may have been the first cyber security presentation ever that was accompanied by a gospel trio, but I’ll need to check my book of world records to confirm that.

However, in case you’re wondering, I’m not going to lose my focus on CIP versions 5 and 6, since these will undoubtedly be with us for at least 2-3 years (my fear is it will be longer than that, but I hope that’s not the case). NERC entities still need to do their best to comply with these standards, and I will still do my best to pass on whatever good advice I hear from others or think of myself. Even though I’m still in Miami Beach, it doesn’t mean I have my head in the clouds.

Meanwhile, I’d certainly welcome hearing from anyone who wants to write me (or to post comments on the blog) about how you think NERC CIP can be rewritten. Of course, I would never post what you say, even anonymously, without your permission.

  

The views and opinions expressed here are my own and don’t necessarily represent the views or opinions of Deloitte Advisory.