Login

Register

Login

Register

#cybersecurity | #hackerspace |

To Be or Not to Be: BCSI in the Cloud?


With regard to BCSI (BES (Bulk Electric System) Cyber System Information) in the cloud, responsible entity sentiments at the moment may be akin to Prince Hamlet as he contemplated death and suicide, “bemoaning the pain and unfairness of life but acknowledging that the alternative might be worse.”

As currently written and subject to enforcement, components of CIP-011-2 quite frankly make it near impossible to be compliant in designating a cloud-hosted BCSI repository much less actually choosing to store documentation classified as such in your favorite Document Management SaaS.

I won’t debate whether or not this is a decision any responsible and security-conscious steward of BCSI would make lightly, but it is an inevitability that the question will be posed to those of you who are Tripwire admins. From purely a compliance monitoring perspective, I wanted to take some time to enlighten you about some capabilities in the Tripwire suite of solutions that you can leverage. But first, a word on the Standard Drafting Team’s (SDT) recent activity.

On January 16th, 2020 the SDT held a webinar titled “BES Cyber System Information Access Management” to report on the progress of the new CIP-011 draft and solicit industry comment. A recording is available here, and the slides can be found here.

As a Tripwirean (not sure if this is a newly minted term?), I was particularly intrigued by a newly proposed sub-requirement, CIP-011-3 R1.4. This is focused on risk and requires the entity to perform a risk assessment to figure out how to protect the BCSI they will store in the cloud based on the risk it presents. It starts off with “Process(es) to identify, assess, and mitigate risks in cases where vendors store Responsible Entity’s BES Cyber System Information.”



Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW