In case you haven’t heard of Protect our Power yet, you should – and
now I’m going to rectify that problem. PoP is an organization dedicated to
securing the US grid. A key focus is best practices for cyber security, since they
believe that the NERC CIP standards are inflexible and take far too long to
change – and I won’t argue with that position!
Their annual Best
Practices in Utility Cybersecurity conference is always held the day before
Distributech begins, and in the same location. In 2020, the conference will be
held January 27 in San Antonio, where Distributech opens the next day. I can
think of four good reasons why you should attend:
- The conference has
a great lineup of interesting speakers,
which this year includes yours truly (whether I’m interesting is left as
an exercise for the reader - my kids are divided on the issue). My topic will be “Supply Chain CIP-13 - Best
Practices to pursue while accomplishing Compliance as a byproduct”. Of course,
the dirty little secret of my presentation will be that, since CIP 13
leaves the content of the supply chain security risk management plan
almost entirely up to the entity, there is no conflict at all between
adopting best practices and compliance – indeed, they’re one and the same.
- Speaking right
before me is the inimitable Monta
Elkins, whose topic is “Vulnerability Disclosure”. Knowing Monta, and
knowing how important this question is for supply chain security, I’m very
much looking forward to hearing him speak.
- Distributech is an
amazing show. Your $175 (!) fee for the Best Practices conference includes
admission to the Distributech exhibition. And if you want to attend the Distributech
conference, which runs at the same time in the same convention center, you
will receive a 15% discount (I’ve attended the conference several times,
and always found it to be very good, including a good cybersecurity
track).
- But to be honest,
my biggest reason for wanting to be at the show this year is…that it will
be in San Antonio. It moves around among several cities, but San Antonio
is really special. If you’ve never been there, I can promise you’ll be
very impressed. The history is just great. The downtown has great
architecture, very well preserved from about 100 years ago (although the
city itself was founded in 1719, when the Mission San Antonio de Valero
was established – now known as the Alamo –which is just about three blocks
from the convention center), and the River Walk…well, I had
always thought this must be some sort of hokey tourist attraction. When I finally
saw it, I confirmed it’s definitely a tourist attraction, but it’s hardly
hokey. It’s about 90 years old, and it’s simply beautiful (my favorite
activity is running along it in the morning before heading to my day’s
activities) – and wonderfully integrated with all of the hotels,
restaurants, office buildings, etc. that open onto it.
Hope to see you there!
Any opinions expressed in this blog post are strictly mine
and are not necessarily shared by any of the clients of Tom Alrich LLC.
If you would like to comment on what you have read here, I
would love to hear from you. Please email me at tom@tomalrich.com. Please keep
in mind that if you’re a NERC entity, Tom Alrich LLC can help you with NERC CIP
issues or challenges like what is discussed in this post – especially on
compliance with CIP-013. My offer of a free webinar on CIP-013, specifically
for your organization, remains open to NERC entities and vendors of hardware or
software components for BES Cyber Systems. To discuss this, you can email me at
the same address.
No comments:
Post a Comment