Safeguarding the U.S. power grid against a potential cyberattack remains a high priority for regulators and utilities alike. While there has been no loss of load in North America from a cyberattack, the threat is at an all-time high, according to NERC.
The changes proposed in the white paper address the biggest complaints of the current reporting structure, which fails to identify the violator and the type of violation. NERC previously defended the CIP reporting structure by claiming that its confidentiality promotes self-reporting and keeps sensitive information out of the hands of potential attackers.
U.S. lawmakers as well as advocacy group Public Citizen have raised concerns about this structure, claiming it protects utilities and other generating companies from prioritizing cybersecurity.