NUCLEAR and NERC/CIP CYBER SECURITY COMPLIANCE TOOLS AVAILABLE
I read an article in the Washington Post recently about Congress giving the Department of Homeland Security a lot more authority on cyber security protection of critical infrastructure. The level of urgency and effort shown by the government is legitimate but the question is, does it have the right energy and expertise to make sure that the companies can meet the requirements in an appropriate manner and cost-effectively? For example, existing requirements such as NERC CIP compliance and NEI 08-09 implementation for nuclear power plants are complex. They require a lot of domain knowledge and subject matter expertise in plant digital systems, control system, and security perimeter of the substations. Congress is suggesting that DHS provide tools for enforcement and aggregation of vulnerability data. This is a step in the right direction. DHS may be a good source of aggregated vulnerability data. But the current DHS cyber security tools are poorly designed and do little to help secure the critical infrastructure. I do not believe there is any cyber security tool available from DHS to do either NERC CIP 002-009 or NEI 08-09 implementation effectively and efficiently.
Today there are cyber security tools available to measure compliance with cyber security requirements for nuclear power plants and those facilities under the jurisdiction of NERC/FERC. For example, my company, Wiznucleus offers a cyber security software system to facilitate compliance and determine what levels are met and how to mitigate security risks. CyberWiz-Pro™ and NERC-WIZ-PRO™ perform these required activities in an efficient and cost-effective manner using state-of-the art programming.
Check them out: http://localhost/wiznucleus