Last updated Sep 10th, 2021 by Ellen Fischl-Bodner

Reality-check time for power grid networks. It's the final countdown. Following the “stay of execution” this winter, power grid utilities are in the home stretch mobilizing for the deadline for compliance with NERC … Critical Infrastructure Protection (CIP) V5 Cyber Security Standard Version 5. And in the aftermath of the Ukraine cyber-attack – cited at RSA 2016 as one of the seven most dangerous new attack techniques -- more countries around the world are using CIP V5 as a reference standard to bolster network security for their power grids, for example, in Australia, Brazil, Russia and others.

Some extremely painful pain-points. It's understandable why utilities filed with the U.S. federal agency FERC for the “stay of execution” extension - the initial deadline was nearly mission impossible. Even today with the final countdown, there are huge challenges for compliance and maintaining audit-readiness going forward:

  • Understanding the power grid network environment and gaining visibility, due to complexity of heterogeneous infrastructures, e.g., legacy technologies alongside next-gen technologies that are physical as well as virtualized
  • Creating and submitting compliance plans for transitioning to CIP Version 5
  • Re-certifying policies (and enforcing them)
  • Cataloging Cyber Assets and categorizing Cyber Systems according to Impact Ratings
  • Network security change processes – the whole gamut for transitioning to CIP Version 5 -- formalizing, automating and documenting network-security change workflows

Some good news. Recently, we've receive lots of positive feedback from our customers in the energy sector. In particular, new customers who've turned to us in the last year specifically for their challenges in meeting the pressing CIP V5 compliance deadline – all emphasized what they've now have gained with Tufin:

  • Visibility and control over their entire power grid network environment
  • Segmentation according to more stringent CIP V5 requirements (by Cyber Systems, Impact Ratings) with simplified management from a single console
  • Ability to enforce enterprise-wide security policy across the board for workflows for change processes, risk assessment, exceptions management
  • Full audit readiness to demonstrate compliance

Another important factor global customers have reiterated has been Tufin's proven expertise in the energy industry in providing solutions for the cyber security challenges that power-grid enterprises face, especially for their compliance needs.

So, although the clock is ticking for power grid networks, it's not too late to benefit from solutions for continuous compliance and audit readiness. Learn more: