To combat the ever changing physical and
cyber-threats landscape, entities continue to improve their tools, expertise,
and defense strategies. Yet, despite these efforts to stay ahead of security
threats, entities are sometimes held back by deficiencies or limitations in
their corporate structure, culture, or resources.
In 2014, RF, in coordination with NERC and several
stakeholders, began analyzing data around potential themes in these
deficiencies and limitations and released its findings in early 2015 in the
first edition of the CIP themes report. Now, RF, SERC, and WECC have been working
together to analyze the data in the three Regions around potential themes. The Regions handle large volumes of noncompliance and their territories cover a large part of the United States and parts of Canada and Mexico. This
collaboration has helped identify new areas for improvement and potential
resolutions to some of the deficiencies and allowed for validation of the data
in each Region.
RF, SERC, and WECC, in coordination with NERC and several
stakeholders from the three Regions, plan to issue a joint report in early 2018 in
order to help drive entities to continue to assess and strengthen their CIP
programs and thus mitigate security risks.