Global economic commerce has become almost wholly dependent upon constant, reliable availability of electricity. This is nowhere more true than in the interconnected Internet world, which drives global commerce and has become deeply enmeshed in modern society. Paradoxically, the capabilities of an interconnected world have created a great vulnerability point in ensuring uninterrupted flow of electric powerwww.cechina.cn, and have raised
    

    security of the utility industry’s critical assets to a level of paramount concern. Assets that have a dialup or IP connection—including SCADA, HMICONTROL ENGINEERING China版权所有, and other Control systems—became subject to new rules this year that aim to lessen the threat.
        As of June 30控制工程网版权所有, 2009, all high voltage electric transmission and distribution (T&D) operators in the bulk electric system have to be in compliance with regulations specified by version 2 of the North American Electric Reliability Council’s Cyber Security Standard (NERC CIP). And they must begin collecting and logging data to become auditably compliant by July 1, 2010. The power generation owner and operator deadlines follow these dates by six months. This is a major milestone in moving toward securing critical cyber assets (CCAs) in the electric utility infrastructure of North America. It also offers lessons for other industries.

        ‘Each responsible entity has to start with having a good cyber policy in place. Outside of IT, this hasn’t existed before.’ —Roger PanCONTROL ENGINEERING China版权所有, Emerson Process Management 
        In general, the NERC CIP regulations have tasked operators to: comprehensively identify CCAs; develop security management controls; have personnel training in place; have detection and prevention measures in force; and have response planCONTROL ENGINEERING China版权所有, and notification and recovery procedure