As Safeguards Consulting supports all types of utility clients, with electrical utilities being our largest group, we have been involved with the security compliance requirements for electrical utilities for many years.

The guiding compliance requirements for electrical utilities is the NERC Critical Infrastructure Protection (CIP) requirements within their reliability standards: https://www.nerc.com

As we look back on this process, the need for defining security standards is well recognized and the goal of the CIP requirements had great intentions, but as we see the effect today, we must ask: Are these CIP requirements inspirational, or simply aspirational?

Safeguards Consulting has taken these requirements seriously with the focus on the primary intent of the security requirements (as explained in the detailed addenda), but there is a great deal of flexibility in the application of the requirements and we have seen some lackluster implementations that “meet” the compliance language.

As we regularly see, the design and implementation of security solutions is equally as important as the overarching security plan and operations, so it truly does matter which players are on each team… This is where the commitment and experience can make a drastic difference in the real-world effectiveness of professional security operations.