Dissertation/Thesis Abstract

Exploring the Impact of NERC CIP Regulatory Compliance on Risk and Security for Bulk Electric System Grid Cyber-Attacks: A Qualitative Phenomenological Study
by Duffey, H. Thomas J., IV, D.B.A., Northcentral University, 2018, 344; 13424701
Abstract (Summary)

The United States bulk electric system (BES) is a key target for cyber-attacks. This qualitative phenomenological study addressed the issue of the risk of information warfare and targeting by rogue entities or enemy nation-states. The specific problem was poor implementation of current NERC CIP standards, resulting in sizeable per violation monetary penalties. The purpose was to explore the essence of the phenomenon of organizational investments in regulatory compliance controls, as it relates to resource challenges, organizational prioritization, and standards interpretation difficulties. The intent was to determine whether organizations continue to focus on the doing the minimum to become compliant and if the current NERC CIP compliance investments made by electric energy entities equate to mitigated risk and increased security for the BES. The research approach included semi-structured interviews with current and former NERC CIP auditors. A textual analysis of the data included removal of all potentially identifying information from audio recordings and field notes. The findings supported the sparse literature currently available. The top identified organizational priorities were reliability and operation, “the board” and revenue, and cost control. Human resources was the most significant resource challenge. Top categories for verbiage challenges included vagueness and prescriptiveness. The top three areas of interpretation difficulty were patch management, port security, and BES categorization. Participants expressed mixed feelings about the risk mitigation effectiveness of the current standards, saying they required further maturity to increase BES security. Recommendations included augmenting implementation of the NERC CIP standards with best business practices and security control frameworks like the National Institute of Standards and Technology (NIST). Future research recommendations included expanding participation to cover all NERC regions and comparing/contrasting results with other countries.

Indexing (document details)
Advisor: Kabia, Milton, Converso, Judy
Commitee: Bakari, Marie, Barrett, Christopher, Polastri, Patricia, Settles, Tanya
School: Northcentral University
Department: Business and Technology Management
School Location: United States -- California
Source: DAI-B 80/06(E), Dissertation Abstracts International
Subjects: Computer Engineering, Industrial engineering, Energy
Keywords: Bulk electric system, Critical infrastructure protection, Electric, Industrial control systems, NERC CIP, Regulatory
Publication Number: 13424701
ISBN: 9780438819177
Copyright © 2019 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy