NERC Adds Heavier Fines, CIP Violations to Latest Enforcement Actions

Article title
logo
Michael Causey
In NERC Compliance

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

NERC is mad as hell, and they’re not going to take it anymore.

Okay, maybe that’s stretching it a bit, but take a look at their latest batch of tougher enforcement actions that hit some regulated entities with some heavy penalties.

Former cyber security specialist in FERC’s Office of Electric Reliability Randal Blanchette believes the upswing can be partially attributed to the simple fact that more and more entities are being audited for CIP-002 through CIP-009 generally.  “There are also more complexities [for companies to comply with] as newer revisions come out,” he adds. We’ve talked to Randal before about confusing NERC  regulations.

But Abidance Consulting’s James Holler says NERC is “flexing its muscle a bit.” They’ve been “nice” to regulated entities up until now, “but now they are saying it’s over.”

He noted a lot of six figure fines among this recent slew of penalties. “Those who didn’t take NERC seriously better start doing so now.” NERC observers tell us that in the past, few NERC citations carried a price tag for regulated entities. “We gave you a break and you took advantage of it,” is Holler’s view of NERC’s new attitude. “Some of you were slow to get your compliance programs in order and NERC wants to show they mean business now.”

Leave a Reply

One Platform. Every Solution.
AssurX Quality + Compliance ManagementA single versatile system can improve quality, compliance and streamline workflow
Don't Miss A Post

Subscribe to our blog to receive an email when we publish new content.

Recommended posts
Recent Posts
Categories
One Platform. Every Solution.
AssurX Quality + Compliance ManagementA single versatile system can improve quality, compliance and streamline workflow