State Of NERC CIP, European Update and OT Security Community

Unsolicited Response

English - April 24, 2024 12:45 - 46 minutes - 42.6 MB - ★★★★★ - 12 ratings
Technology iiot dalepeterson digitalbond icssecurity scadahacking scadasecurity Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: Book Interview: Introduction To SBOM And VEX

Next Episode: 2024 Threat Report – OT Cyber Attacks with Physical Consequences

Patrick Miller has OT cybersecurity experience as an asset owner, PacificCorp. As a regulator and one of the first NERC CIP auditors with WECC. As a community organizer creating and leading EnergySec and the BeerISAC. And as an entrepreneur creating and leading a number of consulting practices. He is currently the Founder of Ampyx Cyber.

In this episode Patrick and Dale discuss:

Why Patrick changed the company name and selected Talinn as the location for the new European office.

The major differences in approaches to OT cybersecurity and risk management between Europe and the US. (more than just regulatory differences)

What has the EU learned or improved on regulation from NERC CIP.

What is the current state of NERC CIP regulatory risk? Are the regulated entities understanding and meeting the standards’ requirements?

The challenge of slow NERC CIP modifications, eg virtualization and cloud.

Bad standard & good regulator v. good standard & bad regulator.

Should water follow the NERC CIP model as recommended by AWWA?

How Patrick is dealing with AI.

Links

Ampyx Cyber: https://ampyxcyber.com

Patrick’s Critical Assets Podcast: https://amperesec.com/podcast

Subscribe to Dale’s ICS Security Friday News & Notes: https://friday.dale-peterson.com/signup

Advertise on Unsolicited Response: https://dale-peterson.com/advertising/