Tripwire Survey: NERC CIP Compliance Not Sufficient To Ensure Bulk Electric System Security
PORTLAND, OREGON — November 14, 2013 — Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, today announced the results of a survey on North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) compliance. The online survey was conducted from July through September 2013 and evaluated the attitudes of more than 100 IT professionals involved with NERC CIP compliance.
“Based on these results, only 30% of the industry feel they lack a clear understanding of the standards,” said Patrick Miller, partner and managing principal at The Anfield Group, a critical infrastructure security and compliance consultancy. “In reality, I think that number is higher. After we dig into the details and actually start implementing and auditing NERC CIPv5, I suspect many will realize their initial degree of understanding was overly optimistic.”
Key findings include:
70% believe they have a clear understanding of all the current NERC CIP requirements.
77% believe NERC CIP compliance is necessary to ensure the cybersecurity of the Bulk Electric System.
70%, however, do not believe that NERC CIP compliance is sufficient to ensure the cybersecurity of the Bulk Electric System.
“It is encouraging that a majority of respondents acknowledge the value of NERC CIP compliance and the key role it plays in energy cybersecurity,” said Jeff Simon, director of service solutions for Tripwire. “Most respondents also acknowledge that NERC CIP compliance alone is not sufficient to ensure cybersecurity – they know compliance is just the start of an effective cybersecurity strategy.”
Tripwire has helped more than 140 registered entities achieve and maintain NERC CIP compliance since 2008, and continues to invest in tools and processes that automate and simplify NERC CIP compliance.
For more information about this survey, please visit: http://www.tripwire.com/company/research/update-nerc-survey-data/.
Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Learn more at www.tripwire.com or follow us @TripwireInc on Twitter.