NERC Compliance Featured Article
NERC Compliance, IT Security, Identity Intelligence and EAM
February 14, 2012
NERC compliance is an issue that’s more discussed than understood today.
The North American Electric Reliability Corporation was founded in 1968 as a means of “ensuring the reliability of the bulk power system in North America,” according to NERC’s (News - Alert) Web page, with the mission of developing and enforcing reliability standards and conducing adequacy assessments annually, “via a 10-year forecast and winter and summer forecasts.”
Today, thanks to the U.S. Federal Energy Regulatory Commission, NERC has legal authority not only to devise mandatory standards for the field, but also to enforce reliability standards on users, owners, and operators in the United States and parts of Canada. Compliance is complicated, according to AlertEnterprise officials, due to “the combination of IT Security for cyber critical assets, the creation of electronic security perimeters and tracking physical access to critical assets for employees and contractors.”
Part of NERC compliance in addition to IT Security, according to AlertEnterprise officials is Identity Intelligence. These capabilities allow for a business layer to deal with the inherent complexity of the integration required for bringing together multiple enterprise apps. It includes -- and simplifies, when done correctly -- onboarding and offboarding In fact, AlertEnterprise officials say, “IT and non-IT assets can be compared in single view.”
Identity Intelligence also helps incorporate analytics, forensics and reporting, company officials say, as other security technologies see their boundaries blur. And Enterprise Access Management is how one controls access, whether it’s to IT systems, other company assets or control systems. Let’s face it, we’d all agree with AlertEnterprise officials when they say that hey, integrating all these disparate systems is “laborious, time-consuming and fraught with risk.” That’s why the company has developed a way to give their customers a software layer which lets users made decisions and take actions “aligned with the business.”
IT Security’s a huge one, though. Recently, AlertEnterprise officials announced that they would participate in sponsoring cyber security initiatives spearheaded by the National Electric Sector Cybersecurity Organization, an independent public-private partnership operated by EnergySec.
According to AlertEnterprise officials, the idea is to help NESCO “foster and enhance cyber security best practices through an avenue of information sharing within the electric sector,” using NESCO’s contacts and resources to bring together utilities, federal agencies, regulators and researchers to compare notes on dealing with cyber security threats and other pressing issues.
In fact, as AlertEnterprise CEO Jasvir Gill said in a statement, "AlertEnterprise has a game-changing vision to secure the electric grid from acts of sabotage and threat. We will work with EnergySec, through NESCO, to promote new security methodologies and best practices for the bulk electric grid and its critical infrastructure.”
David Sims is a contributing editor for TMCnet. To read more of David’s articles, please visit his columnist page. He also blogs for TMCnet here.Edited by
Jamie Epstein