Dear Readers,

BetterGrids has produced a concept whitepaper for ‘OpenCIP’ outlining how the utility industry can use End-to-End Encryption technology for Secure Grid Integration.

This paper is oriented to energy industry leaders and policymakers responsible for addressing emergent cyber-security risks related to inter-enterprise data exchange. It assumes a basic working knowledge of external data communications practices, technologies, terminology, risks, and compliance reporting obligations. Suggested readers include utility officers and technical architects responsible for information protection, cyber-security, operating risks, and compliance. The concept whitepaper can be downloaded here: https://www.bettergrids.org/opencip-concept-whitepaper


Please feel free to use this thread to discuss the OpenCIP concept and submit any questions, comments, feedback, etc. Additionally, we seek support from national regulatory standards and policymakers at NERC, FERC, NIST, IEC, IEEE, DOE, NARUC, Electric Reliability Organization (ERO) levels.

BetterGrids.org volunteers from several utilities, ISOs, reliability organizations, and consultants contributed to the OpenCIP whitepaper. Their contributions are much appreciated and acknowledged on the last page.

As noted in the whitepaper, we plan to reach out to several industry organizations to engage them in the OpenCIP discussion. Our list currently includes NIST, IEEE, IEC, NERC, FERC, DOE, Reliability Organizations, NARUC, EPRI, CEATI, EEI, APPA, NRECA, CEC, NYSERTA. Any other organization we should reach out to? Feel free to reach out to your industry contacts to engage. Any suggestion as to how to connect with NIST?

NIST has a process called the National Online Informative References (OLIR) Program which as outlined by NIST "facilitate(s) subject matter experts in defining standardized Online Informative References (OLIRs), which are relationships between elements of their documents and elements of other documents like the NIST Cybersecurity Framework, NIST Privacy Framework, and NIST Special Publication 800-53." The catalog has a number of postings that align with the OpenCIP whitepaper and this would be a good way to get exposure.