State Of NERC CIP, European Update and OT Security Community

Patrick Miller has OT cybersecurity experience as an asset owner, PacificCorp. As a regulator and one of the first NERC CIP auditors with WECC. As a community organizer creating and leading EnergySec and the BeerISAC. And as an entrepreneur creating and leading a number of consulting practices. He is currently the Founder of Ampyx Cyber.

In this episode Patrick and Dale discuss:

• Why Patrick changed the company name and selected Talinn as the location for the new European office.

• The major differences in approaches to OT cybersecurity and risk management between Europe and the US. (more than just regulatory differences)

• What has the EU learned or improved on regulation from NERC CIP.

• What is the current state of NERC CIP regulatory risk? Are the regulated entities understanding and meeting the standards’ requirements?

• The challenge of slow NERC CIP modifications, eg virtualization and cloud.

• Bad standard & good regulator v. good standard & bad regulator.

• Should water follow the NERC CIP model as recommended by AWWA?

• How Patrick is dealing with AI.

Links

• Ampyx Cyber: https://ampyxcyber.com

• Patrick’s Critical Assets Podcast: https://amperesec.com/podcast

• Subscribe to Dale’s ICS Security Friday News & Notes: https://friday.dale-peterson.com/signup

• Advertise on Unsolicited Response: https://dale-peterson.com/advertising/