Security Awareness Blog

The Internet of CIP Things (IoCT)

tim-conwayEditor's Note: Tim Conway is the Technical Director of ICS and SCADA programs at SANS. Below he discusses the impact of the Internet of CIP Things.

You have likely heard of the Internet of Things, which encompasses the interconnected network of "stuff" that has become completely intertwined in every part of your life. I present to you the Internet of CIP Things for your consideration, which encompasses the interconnected network of CIP activity that absolutely consumes your life if you work in this field. Without pulling out the old-timer card and going back through the history of CIP Things, let's just focus on the CIP Things of now. Without further ado ? the Internet of CIP Things Top 10 list aka-CIP things you should be paying attention to:

  • Maintain current compliance with V3 ? keep on keeping on
  • Implement projects for V5 ? hoping and praying your interpretations and implementation strategy is correct (see items 6 ? 9)
  • Transition to maintaining your CIP V 5 program ? waiting to see what kind of a Frankenstein you have designed and how difficult it will be to maintain
  • Preparing for the next V5 wave ? trying to understand how much "Low" work is waiting around the corner in 2017 and what an RAI looks like in the wild
  • Waiting for V6 ? what will V6 do to your V5 plans and what other directives may be added to drive a V7
  • Monitoring the Implementation study ? understanding what approaches worked for the brave 6
  • Loving the Lessons Learned ? reviewing, commenting, confirming your approach
  • Did you get the memo ? CAN's, CAR's and now CAM's so long Lessons Learned, I barely knew ya
  • V5 Transition update ? I thought I got the memo but now I can't find it
  • Monitor future Standards development work ? more changes are coming; we will beat the Rocky movies! I am predicting my kids will be working CIP 13 (the unlucky CIP) in six years.

As you can see there is a lot happening in the Internet of CIP Things and this list includes only a few of the more impactful items. While there is definitely confusion and a relatively high level of change occurring right now, we also have industry experts working on all sides of the Internet of CIP Things, who are extremely dedicated and passionate about their jobs. This brings up IoCT item number 11) people are things too ? Keep your team happy, CIP experts are in demand and the need for them is only increasing, especially if the insurance industry knows what they are talking about.

Bio: Tim Conway is the Technical Director - ICS and SCADA programs at SANS. Responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. Formerly, the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO). Responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric. Previously, an EMS Computer Systems Engineer at NIPSCO for eight years, with responsibility over the control system servers and the supporting network infrastructure. Former Chair of the RFC CIPC, current Chair of the NERC CIP Interpretation Drafting Team, member of the NESCO advisory board, current Chair of the NERC CIPC GridEx Working Group, and Chair of the NBISE Smart Grid Cyber Security panel.