Despite efforts to stay ahead of security threats, entities are sometimes held back by deficiencies or limitations in their corporate structure, culture, or resources.  RF, WECC, and SERC have been working together to analyze the data in all three Regions around potential themes in these deficiencies and limitations. 

The Regions, in coordination with NERC and multiple stakeholders from the Regions, are releasing a joint report identifying the themes and possible resolutions in order to help drive entities to continue to assess and strengthen their CIP programs and thus mitigate security risks.  The four themes the Regions have identified are:

• disassociation between compliance and security;
• development of organizational silos;
• lack of awareness of an entity’s needs or deficiencies; and
• inadequate tools or ineffective use of tools.

Click here to view the full report.