Aspiring to CIP Compliance for Water and Wastewater Utilities, Even Though You Don’t Have To

Given cross-sector dependencies with electric utilities, many water and wastewater utilities are familiar with the North American Electric Reliability Corporation (NERC) and its Critical Infrastructure Protection (CIP) Reliability Standards. Some larger and more resourced water and wastewater utilities reference NERC CIP standards as they are applicable to many cybersecurity practices. Perhaps you are a smaller utility feeling the pressure to focus more effort on cybersecurity after the Oldsmar Florida incident, but aren’t sure where to start or who to ask. A recent post from TripWire offers some high-level thoughts about NERC CIP to provide familiarity with some of its requirements. While compliance does not equal security, NERC CIP is a set of controls that smaller utilities can aspire, even though they aren’t required to. Read more at TripWire.