Critical Infrastructure Protection (CIP): Security problems exist despite compliance
The North American Electric Reliability Corporation (NERC) serves more than 300 million people in North America as the electric reliability organization under the Federal Energy Regulatory Commission (FERC). In 2013, the FERC approved changes and additions to Critical Infrastructure Protection (CIP) Reliability Standards, also known as CIP v5, which are a set of requirements for securing the assets responsible for operating the bulk power system.
CIP is just one of 14 mandatory NERC standards that are subject to enforcement in the U.S. However, it gets a good deal of attention because this regulation is centered on the physical security and cybersecurity of assets deemed to be critical to the electricity infrastructure. Within CIP, there are eleven reliability standards currently subject to enforcement under CIP v5, but there are plans to introduce more in the future.