tag:blogger.com,1999:blog-1987420974894463968.post8063235834810164184..comments2024-03-21T03:56:54.312-05:00Comments on Tom Alrich's Blog: Why is CIP-013 a Good Standard?Tom Alrichhttp://www.blogger.com/profile/11926296316487964077noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-1987420974894463968.post-59751216683043655942017-09-20T06:44:14.749-05:002017-09-20T06:44:14.749-05:00I'm optimistic. Two things are of primary impo...I'm optimistic. Two things are of primary importance to start securing utility electronic control systems. Procurement requirements that specify "securable" equipment (AAA, crypto) and intrusion detection capability. How much of DHS recommendations make it into CIP-013 plans will be a measure of how effective this reg. will be. Now if we could only get intrusion detection we'd have far better guidance on where to efficiently spend on preventive controls. And we'd have the ability to make the risk based case for spending on cybersecurity controls.Anonymoushttps://www.blogger.com/profile/16816451158471007753noreply@blogger.com