Despite efforts to stay ahead of security threats,
entities are sometimes held back by deficiencies or limitations in their
corporate structure, culture, or resources. RF, WECC, and SERC have been
working together to analyze the data in all three Regions around potential
themes in these deficiencies and limitations.
The Regions, in coordination with NERC and multiple
stakeholders from the Regions, are releasing a joint report identifying the
themes and possible resolutions in order to help drive entities to continue to
assess and strengthen their CIP programs and thus mitigate security
risks. The four themes the Regions have identified are:
disassociation between compliance and security;
development of organizational silos;
lack of awareness of an entity’s needs or deficiencies; and
inadequate tools or
ineffective use of tools.
Click here to view the full report.