Tom Alrich's Blog

Wednesday, November 20, 2024

NERC CIP: Is there a risk of over-concentration in the cloud?

Most of the discussion of cloud risks in the power industry has focused on cybersecurity: Is it safe to deploy critical infrastructure syste...

Tuesday, November 19, 2024

Some good news regarding CPE

Today, Patrick Garrity of VulnCheck sent me this link to a blog post they just put up. Here’s a very high-level summary: 1. Vuln...

Sunday, November 17, 2024

CIP in the cloud: Can we fix EACMS before BCS? Probably not.

The NERC Project 2023-09 Risk Management for Third-Party Cloud Services Standards Drafting Team (SDT) is currently finalizing a revised S...

Sunday, November 10, 2024

How will NERC entities assess their CSPs?

I participated in the third of the four panels in NERC’s successful Cloud Technical Conference on November 1. Two of the three questions t...

Tuesday, November 5, 2024

Reply to Boris Polishuk, Cybellum – November 5, 2024

From Tom Alrich : Boris is Chief Architect of Cybellum, the Israeli company that is one of the leading service providers in the SBOM wor...

Sunday, November 3, 2024

When will the “NERC CIP in the cloud” problem be solved for good? You won’t like the answer…

NERC’s 6-hour virtual Cloud Technical Conference on November 1 was quite successful. The conference included three panels of industry types ...

Wednesday, October 30, 2024

Sorry for the late notice…

I just learned that a NERC webinar that was originally scheduled for tomorrow, but which I thought had been postponed, will in fact take pla...

View web version

About Me

Tom Alrich

View my complete profile

Powered by Blogger.