Protecting Critical Infrastructure finds ready audience
In our new book, Protecting Critical Infrastructure, Karl Perman and I approached the NERC CIP Standards with a broad brush. It just seemed like a lot of people could really benefit from an easy-to-read reference covering NERC CIP.
This became apparent to us the more we worked with different people in the industry. We found a lot of knowledge but we also found a lot of gaps, usually due to the fact that most of us are directly impacted by – or responsible for – only a portion of the scope covered by NERC CIP. We know our part in great depth, but we have more limited knowledge in others. Sure enough, I think we hit the spot.
After only being released on Friday, April 15th, our book is doing amazingly well considering the narrow focus of the critical infrastructure protection for the electric industry. Being in the top 100 of the Corporate Governance section on Amazon is pretty impressive for such a specialized book.
We’re really glad that this book is turning out to be valuable to so many people. I think our approach has made a real difference. Starting with a general discussion of the purpose of each NERC CIP Standard helps to place the “what is it” and “why does it matter” into perspective. It’s always important to know why we do things, not just do them.
Taking the next step deeper, we cover what needs to actually be done for each, tying them to the measures in the NERC CIP Standards. That brings together the “what it is” and “why it matters” with “what we must do,” to paint a very understandable picture. “We do this, in this way, because it matters for this reason.” That’s the picture we all need to have for each of the NERC CIP Standards.
Adding in the matrix at the end of each chapter indicating what artifacts (sources of evidentiary documentation), enablers (technologies capable of enabling the robust and efficient performance of critical infrastructure protection program elements), and triggers (the method(s) by which the activity related to this Requirement is invoked) apply to each requirement helped fill in some gaps for the “how will we do this?” challenge.
By covering these different perspectives lightly, the resulting book is consumable for just about anyone, and that, I think, was the last important detail. We wanted a book that anyone could read, and have a reasonable understanding of what Protecting Critical Infrastructure and NERC CIP are all about.