NERC's proposal has the industry scrambling.
Christian Hamaker is managing editor of Public Utilities Fortnightly.
As the balloting process for new cyber-security standards from the North American Electric Reliability Council (NERC) drew to a close, the industry group was gearing up for the difficult tasks ahead: ensuring rapid implementation of the new standards among NERC's members.
The new standards are scheduled for approval no later than Nov. 1, 2005, with compliance assessments to follow in 2006.
"Everybody would like to have [complied] yesterday, but the reality of it is that it's going to be a couple of years out before real compliance is there," says Dave Harries, system administrator with Pacificorp.
But first the new NERC standards, CIP-002-1 (Critical Infrastructure Protection) through CIP-009-10, need to be approved by NERC's membership-with the final balloting process scheduled shortly after press time for this article. The new standards advance and expand upon the NERC 1200 standard, adopted by NERC in August 2003, following approval by the industry in July 2003, although the timing of the approval, not too long after the Sept. 11, 2001, terrorist attacks, wasn't tied to those attacks.