NERC Adds Heavier Fines, CIP Violations to Latest Enforcement Actions
NERC is mad as hell, and they’re not going to take it anymore.
Okay, maybe that’s stretching it a bit, but take a look at their latest batch of tougher enforcement actions that hit some regulated entities with some heavy penalties.
Former cyber security specialist in FERC’s Office of Electric Reliability Randal Blanchette believes the upswing can be partially attributed to the simple fact that more and more entities are being audited for CIP-002 through CIP-009 generally. “There are also more complexities [for companies to comply with] as newer revisions come out,” he adds. We’ve talked to Randal before about confusing NERC regulations.
But Abidance Consulting’s James Holler says NERC is “flexing its muscle a bit.” They’ve been “nice” to regulated entities up until now, “but now they are saying it’s over.”
He noted a lot of six figure fines among this recent slew of penalties. “Those who didn’t take NERC seriously better start doing so now.” NERC observers tell us that in the past, few NERC citations carried a price tag for regulated entities. “We gave you a break and you took advantage of it,” is Holler’s view of NERC’s new attitude. “Some of you were slow to get your compliance programs in order and NERC wants to show they mean business now.”