Thursday, March 7, 2024

A great e-book from Microsoft on NERC CIP and the cloud


Last year, I had the honor to be asked by Microsoft to co-author an e-book with Bilal Khursheed, Worldwide Power and Utilities Leader for Microsoft, titled “Navigating NERC CIP compliance in the cloud”. It was quite an interesting experience, since I’ve never seen a team of people invest so much time (over at least four months) in creating a document, polishing every word and continually revising each page.

I’ll let you read the book, but I’ll point out that it’s not just about CIP and the cloud. I think the real purpose is to reach out to NERC entities that have been afraid to use the cloud much if at all, for fear of running afoul of CIP.

The message? Entities with only low impact assets have never had anything to worry about regarding using the cloud, and entities with medium and/or high impact assets can now (since January 1) feel a lot better about storing and utilizing BES Cyber System Information (BCSI) in the cloud – as well as using SaaS applications[i]. Even more importantly, there are lots of other operations which NERC entities have always been able to use in the cloud. Those entities should now feel much better about trying them.

As I pointed out recently, the cloud is no longer just something that’s nice for electric utilities to have. Instead, it’s becoming more and more essential to utility operations, including security. There’s probably no better example of what I mean than this one.

Any opinions expressed in this blog post are strictly mine and are not necessarily shared by any of the clients of Tom Alrich LLC. If you would like to comment on what you have read here, I would love to hear from you. Please email me at tom@tomalrich.com.

My book "Introduction to SBOM and VEX" is now available in paperback and Kindle versions! For background on the book and the link to order it, see this post.


[i] However, there are certainly compliance obligations due to the new or revised CIP requirements. These are described at a high level in the e-book, but will be addressed by Microsoft in more detail later.

No comments:

Post a Comment