S4X16

For those of you who don’t know, Digital Bond’s S4X16 Week is considered by many to be the leading Industrial Cyber Security conference in the world. This year’s conference will be held Jan. 12-14 in Miami Beach, and I’m told you can still sign up for it.

I bring this up because I will be one of the presenters – although the official word this year is “performers” - at their Main Stage event at the Jackie Gleason Theatre on Jan. 12. I got into this because Dale Peterson, the founder and president of Digital Bond, asked me last summer if I would discuss an interesting topic: how I would rewrite NERC CIP if I had carte blanche to do so.

When Dale asked me this, I thought it was a very intriguing subject, although of not much practical interest because the idea of rewriting CIP from scratch was a) wildly improbable and b) not really necessary. In other words, I thought that what was needed to make CIP a workable set of standards was just to rewrite a few parts of it (primarily CIP-002); a wholesale rewrite wasn’t needed and would be very unlikely in any case.

Well, things have changed since then. I will soon be writing at length (the only way I know how to write, of course) about why there is no point in simply trying to fix a few parts of CIP v5. In my opinion, the whole current CIP framework needs to be rewritten; my presentation will lay out how I would rewrite it, from a high level. The details will come in future blog posts. Whether it’s probable this will happen…that’s something I will work on – in my presentation, blog posts, etc.

Dale’s mandate to all of the performers is that our presentations be entertaining, and he has provided the talent resources to us to make this happen. I won’t reveal more details, but I venture to say that my “performance” – and probably the others that day – will be very entertaining. Come if you can.

The views and opinions expressed here are my own and don’t necessarily represent the views or opinions of Deloitte Advisory.