Capitol Hill hosts Cybersecurity Framework Workshop; ISOs/RTOs submit comments

The U.S. Department of Commerce and the National Institute of Standards and Technology (NIST) hosted a Cybersecurity Framework Workshop in Washington, DC on April 3 to discuss implementation of the Obama Administration’s executive order calling for the creation of voluntary cybersecurity standards for critical digital infrastructure.

Tim Roxey, Chief Cybersecurity Officer for the North American Electric Reliability Corporation (NERC), and on behalf of the Electricity Sector Information Sharing & Analysis Center, explained current Critical Infrastructure Protection (CIP) standards and the process through which standards are designed and implemented.

Stakeholder comments were due on April 8 and seven domestic ISOs/RTOs submitted joint comments through the ISO/RTO Council (IRC), noting that the electric industry has broad cybersecurity experience both in implementing mandatory NERC standards, sharing best practices among various organizations, and participating in cybersecurity worker training and research and development projects. The IRC comments cautioned against the creation of broader standards that conflict with current CIP obligations. IRC recommended that NIST not “create additional obligations, duplicate, or create conflicting requirements relative to the extensive standards applicable to the electricity sector.”