On July 1, the North American Electric Reliability Corporation issued draft security guidelines providing guidance to entities that are required to identify Critical Cyber Assets under NERC Standard CIP-002 R3. Under that standard, certain entities must develop a list of Critical Cyber Assets that are essential to the operation of the entities’ Critical Assets.
As stated in the draft guidelines, CIP-002 R3 is applicable to Responsible Entities, which include reliability coordinators, balancing authorities, interchange authorities, transmission service providers, transmission and generator owners and operators, load serving entities, regional entities, and nuclear facilities that have non-safety Critical Assets not subject to the Nuclear Regulatory Commission’s cyber security regulations. Read more…