The power industry is currently on NERC CIP Version 6 of its regulatory requirements with future regulations expected on supply chain security. Oil and gas (O&G) has no such regulatory regime, but it does have standards that it uses to reduce cybersecurity risk, such as NIST 800-82 and IEC 62443. For O&G, compliance is an internally generated activity. So, which of these two approaches – regulated or not regulated – is best for industrial control system (ICS) cybersecurity? Does following a government mandated regime better secure an industry, or is self regulation the answer?
Industry experts David Batz, senior director of Cyber and Infrastructure Security at Edison Electric Institute, and Jason Haward-Grau, chief information security officer at PAS Global, engage in a panel discussion moderated by Aaron Larson, editor at POWER Magazine, on how leaders in the power and O&G industries are addressing compliance and cybersecurity standards.
This paper is a transcription of the webinar hosted by POWER Magazine:
“The Power of Regulation Versus Well-Oiled Industry Standards”