Tom Alrich's Blog

Tuesday, April 30, 2019

Have we had the first grid cyber attack?

A very interesting story by the always-interesting Blake Sobczak came out in E&E News this morning (and thanks to Blake for forwa...

Thursday, April 25, 2019

A threat I didn’t know about

Blake Sobczak and Pete Behr of E&E News published a really excellent story today about the large transformer issue. I was expecti...

Wednesday, April 24, 2019

EPRI's new Cyber Security Procurement Methodology

In my post yeseterday, I mentioned that Tobias Whitney had spoken to my sub-group of the NERC CIPC Supply Chain Working Group, and discusse...

Tuesday, April 23, 2019

Supply chain security lessons from the medical device industry – part I

Nowadays, I try to avoid multi-part posts, since it seems that most of the time I never deliver all of the parts I promised. But I thin...

Thursday, April 18, 2019

CIP-013: Risk Management vs. Best Practices

I hope it’s obvious by now that I firmly believe CIP-013 is a standard for risk management, as stated in the Purpose (found in Section...

Friday, April 12, 2019

CIP-013 and acceptance of risk

A longtime principle of risk management - for financial risks, general business risks, security risks, etc. – is acceptance of risk. To...

Thursday, April 4, 2019

The best resource for CIP-013 compliance

I want to repeat again (and I’m not being redundant. I mean this is the third post where I’ve said it) that anyone seriously involved i...

View web version

About Me

Tom Alrich

View my complete profile

Powered by Blogger.