/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsPORTLAND, USA: Tripwire, Inc., provider of risk-based security and compliance management solutions, has announced the results of a survey on NERC CIP Compliance.
According to a report by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), the energy industry faced more cyberattacks than any other industry sector from October 2012 through May 2013, and a successful attack on any of the country's sixteen critical infrastructure sectors could have devastating results.
However, Tripwire's survey indicates that IT professionals are still unclear on the most recent version of North American Electric Reliability Corporation's (NERC) critical infrastructure protection (CIP) security controls.
The survey reveals that 70 percent of the respondents have a clear understanding of current NERC CIP compliance requirements. However, that confidence quickly evaporates in the face of the upcoming version - 62 percent of respondents say they do not understand the requirements of NERC CIP version 5.
"NERC CIP version 5 represents significant security and compliance changes and will affect most of North America's power and utilities companies," said Jeff Simon, director of service solutions for Tripwire.
"Although version 5 has been submitted but not yet approved by the Federal Energy Regulatory Commission, power and utility companies still need to understand the impact of the increase in scope and the need for automation. NERC CIP version 5 should already be a key part of their 2014 initiatives," added Simon.
Additional survey findings include:
* 55 percent are currently preparing to comply with NERC CIP version 5.
* 83 percent believe CIP version 5 will enhance the security of the Bulk Electric System (BES).
* 63 percent collect the majority of evidence needed for NERC CIP compliance audits manually or with limited support from automation.
* 57 percent do not have the automation tools in place to efficiently prepare for their next NERC CIP audit.