Last year, I had the honor to be asked by Microsoft to
co-author an e-book
with Bilal Khursheed, Worldwide Power and Utilities Leader for Microsoft,
titled “Navigating NERC CIP compliance in the cloud”. It was quite an
interesting experience, since I’ve never seen a team of people invest so much
time (over at least four months) in creating a document, polishing every word
and continually revising each page.
I’ll let you read the book, but I’ll point out that it’s not
just about CIP and the cloud. I think the real purpose is to reach out to NERC
entities that have been afraid to use the cloud much if at all, for fear of
running afoul of CIP.
The message? Entities with only low impact assets have never
had anything to worry about regarding using the cloud, and entities with medium
and/or high impact assets can now (since January 1) feel a lot better about
storing and utilizing BES Cyber System Information (BCSI) in the cloud – as well
as using SaaS applications[i].
Even more importantly, there are lots of other operations which NERC entities have
always been able to use in the cloud. Those entities should now feel much
better about trying them.
As I pointed out recently,
the cloud is no longer just something that’s nice for electric utilities to
have. Instead, it’s becoming more and more essential to utility operations,
including security. There’s probably no better example of what I mean than this
one.
Any opinions expressed in this
blog post are strictly mine and are not necessarily shared by any of the
clients of Tom Alrich LLC. If you would like to comment on what you have
read here, I would love to hear from you. Please email me at tom@tomalrich.com.
My book "Introduction to SBOM and VEX" is now available in paperback and Kindle versions! For background on the book and the link to order it, see this post.
[i] However,
there are certainly compliance obligations due to the new or revised CIP requirements.
These are described at a high level in the e-book, but will be addressed by
Microsoft in more detail later.
No comments:
Post a Comment