The North American Electric Reliability Corporation Critical Infrastructure Protection standards are the guiding set of principles by which U.S. power companies must abide. In its mission statement, NERC describes its function as assuring "the reliability of the bulk power system in North America." Its industry standards, therefore, are an effort to maintain this reliability - and hold those who threaten it accountable.
Between sanctions, remedial actions and penalties, there are consequences that await entities found in violation of NERC. Through a system of compliance enforcement, NERC finds violators and holds them to task in accordance with sanction guidelines. Over the years, NERC's Compliance Monitoring and Enforcement Program (CMPE) has racked up a lot of violators. In its first-ever compliance violation statistics release - covering the fourth quarter of 2008 - the CMPE reported that there were 1,812 enforceable violations.
For power plants, being NERC compliant is not just about avoiding penalties - it is also about maintaining public safety. For power plants, the vulnerabilities that accompany a lack of NERC compliance could lead to attacks that might endanger public safety and jeopardize human lives. With global terrorists now setting their sights on critical infrastructure, the need has never been greater to defend organizations within this sector.
Compliance with NERC happens at the intersection of emerging technology and comprehensive management. When these two elements are paired, power organizations are left with an infrastructure that will hopefully not be singled out by those hunting for NERC violators - and, more importantly, a platform that will be very difficult to attack. Here are five key tips that power plants can follow to ensure NERC compliance:
Entrust delivers industry-leading solutions that help users simplify NERC compliance. With a multitude of threats looming for critical infrastructure organizations, there's no question about the immediate need for robust security tools.
Entrust's security solutions for critical infrastructure offer power plants the tools they need to remain safe in a threat-heavy world. That tool is Entrust IdentityGuard, an either in-house or managed security solution that covers all the bases as far as the management and authentication of digital identities. Entrust IdentityGuard's strength and versatility as a security option make it the go-to choice for organizations seeking the highest level of identity protection. For power plants, this is the only level that should be pursued.