| Per the NERC CIP Standards (Critical Infrastructure Protection), critical cyber assets must be inventoried. A cornerstone tenet of the NERC Cyber Security Standards is that non-critical cyber assets operated within the same Critical Asset Physical Security Perimeter as Critical Cyber Assets are equally subject to these requirements. For example, requirements for end user electronic access controls do not apply for Critical Cyber Assets using non-IP-routable SCADA protocols running over point-to-point lines, because the equipment/applications do not natively support internet protocol. Electronic access controls will be required for all future IP “hosts”, e.g., a relay with an IP stack. At the same time, it is not beyond the range of technical or practical capability for us to be able to inventory and document the existence of non-Critical Cyber Assets in use at a Critical Asset site. It is very important to understand Critical Cyber Asset definitions during an Electical Company's migration toward routed internet protocols. |