How are 6 million Ohio consumers affected by poor cybersecurity execution to follow a federal Cybersecurity Framework (CSF)? Here on the FirstEnergy website, on the webpage, they state that their NERC CIP standard is protecting your consumer PII and PFI data. If you do not know, the NERC organization is part of a US Federal Agency called FERC which is part of the US Department of Energy. That same federal agency has been mandated for many years to adopt the NIST CSF robust standards as well as all US Federal agencies. And when you review the NERC CIPs and have met with them as we have, they have figured out as have many third- and fourth-party vendors, how to bypass the Federal CSF requirements. It took hackers to uncover their obvious vulnerability that any NIST trained auditor could spot in an internal and external assessment of their network. It took risking 6 million Ohioan’s data to make a change in their network’s customer portal that probably took a whole 5 days to implement. Some old school standards organizations are going to fight hard to delay the implementation of the NIST CSF and the Zero Trust Security Model standards, because it is easier to meet their own contrived requirements. Here’s today’s project. If you are on the FERC or NERC Board, schedule an online meeting and adopt the NIST CSF and the Zero Trust Security Model standard. What is not going to change is the US movement to a federal model. What needs to change is poor auditing to outdated error filled approaches that put US consumers at risk.
ISO 27001, 31000, 9001, 14001, 45001, and NIST 800-171 certified, TechR2 does complete cybersecurity framework audits of organizations. The 31000 framework is the worldwide standard for risk management. If you find your internal and external cyber audits are not complete, contact TechR2. If you do not find your vulnerabilities, the perpetrators will.