The Power of Regulation Versus Well-Oiled Industry Standards

The power industry is currently on NERC CIP Version 6 of its regulatory requirements with future regulations expected on supply chain security. Oil and gas (O&G) has no such regulatory regime, but it does have standards that it uses to reduce cybersecurity risk, such as NIST 800-82 and IEC 62443. For O&G, compliance is an internally generated activity. So, which of these two approaches – regulated or not regulated – is best for industrial control system (ICS) cybersecurity? Does following a government mandated regime better secure an industry, or is self-regulation the answer?

Industry experts David Batz, senior director of Cyber and Infrastructure Security at Edison Electric Institute, and Jason Haward-Grau, chief information security officer at PAS Global, discuss how leaders in the power and O&G industries are addressing compliance and cybersecurity standards.

About This Transcript
This paper is a transcription of the webinar hosted by POWER magazine, “The Power of Regulation Versus Well-Oiled Industry Standards.”