Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

11/21/2013
02:17 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Survey: Majority Of Energy IT Professionals Do Not Understand NERC CIP Version 5 Requirements

In addition, 57 percent do not have the automation tools in place to efficiently prepare for their next NERC CIP audit

PORTLAND, OREGON -- November 21, 2013 -- Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, today announced the results of a survey on NERC CIP Compliance. The online survey was conducted from July through September 2013 and evaluated the attitudes of more than 100 IT professionals.

According to a report by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), the energy industry faced more cyberattacks than any other industry sector from October 2012 through May 2013, and a successful attack on any of the country's sixteen critical infrastructure sectors could have devastating results. However, Tripwire's survey indicates that IT professionals are still unclear on the most recent version of North American Electric Reliability Corporation's (NERC) critical infrastructure protection (CIP) security controls.

The survey reveals that 70% of the respondents have a clear understanding of current NERC CIP compliance requirements. However, that confidence quickly evaporates in the face of the upcoming version – 62% of respondents say they do not understand the requirements of NERC CIP version 5.

"NERC CIP version 5 represents significant security and compliance changes and will affect most of North America's power and utilities companies," said Jeff Simon, director of service solutions for Tripwire. "Although version 5 has been submitted but not yet approved by the Federal Energy Regulatory Commission, power and utility companies still need to understand the impact of the increase in scope and the need for automation. NERC CIP version 5 should already be a key part of their 2014 initiatives."

Additional survey findings include:

55% are currently preparing to comply with NERC CIP version 5.

83% believe CIP version 5 will enhance the security of the Bulk Electric System (BES).

63% collect the majority of evidence needed for NERC CIP compliance audits manually or with limited support from automation.

57% do not have the automation tools in place to efficiently prepare for their next NERC CIP audit.

Tripwire has helped registered entities achieve and maintain NERC compliance since 2008. With Tripwire's NERC Solution Suite, organizations can access award-winning security configuration management and incident detection solutions, along with specialized intelligence including policy rules, correlation rules, tools, templates, customized reports and dashboards. Together with customized services from NERC-experienced consultants, the NERC Solution Suite dramatically reduces the time and resources required to pass NERC CIP audits and minimize audit findings.

For more information, please visit: http://www.tripwire.com/company/research/update-nerc-survey-data/.

About Tripwire

Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Learn more at www.tripwire.com, get security news, trends and insights at http://www.tripwire.com/state-of-security/ or follow us on Twitter @TripwireInc.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20934
PUBLISHED: 2020-11-28
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
CVE-2020-29368
PUBLISHED: 2020-11-28
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
CVE-2020-29369
PUBLISHED: 2020-11-28
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
CVE-2020-29370
PUBLISHED: 2020-11-28
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
CVE-2020-29371
PUBLISHED: 2020-11-28
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.