Thursday, June 12, 2025

Please subscribe!

 

My name is Tom Alrich. In 2013, I started writing a blog about upcoming changes in the NERC CIP cybersecurity standards for the electric power industry. Since then, I have written over 500 posts about CIP and about 700 on other cybersecurity topics. I estimate that I have around 1,000 - 2,000 regular readers worldwide, with 20-30,000 pageviews per month.

I also lead the OWASP SBOM Forum and the OWASP Vulnerability Database Working Group. These groups are currently focused on two issues, which I also discuss extensively in my blog. The two issues are:

  • How to address the lack of machine-readable software identifiers in most new CVE vulnerability records, especially in the National Vulnerability Database (NVD).
  • How to design, fund and implement a free Global Vulnerability Database (GVD). This will provide a single "intelligent front end" to major vulnerability databases worldwide, without requiring creation of a hugely expensive single database.

The other area on which I have been, and will continue to be, focused is the NERC CIP cybersecurity standards. The biggest concern in CIP compliance today is the fact that the larger electric utilities and IPPs are currently "forbidden" to utilize cloud services for their OT assets - while at the same time, software developers are continually moving toward cloud-only delivery of their software.

This is obviously not a sustainable situation. Last year, a new NERC Standards Drafting Team started working on new and/or revised CIP standards to address this problem. I will continue to write about the major issues involved with the new standards, as well as how electric utilities can utilize the cloud today.

In my 12 years of writing this blog, I have been told many times that I should either accept advertising or charge a subscription fee. Neither of those options appeals to me. However, this is becoming an increasingly untenable situation, since I can't continue writing the blog without some financial support.

I would very much appreciate if everyone who reads my posts could donate a $20-$25 “subscription fee” once a year (of course, I welcome larger amounts as well!). Can you help this blog continue?

Thank you! 

If you would like to comment on what you have read here, I would love to hear from you. Please email me at tom@tomalrich.com.

 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)