NERC Cyber Security Standards: Risk Based Methodology
Why this work is in the frame
A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.
Bibliographic record
Abstract
NERC CIP-002 R1.2 requires Responsible Entities to identify their critical assets using a risk-based methodology. Risk-based methodologies usually consider the threat (likelihood) of an event and its consequences. The IESO 1 recognizes that cyber attacks will happen; therefore our risk-based methodology focuses on the mitigation of consequences. Critical assets are those which, if destroyed, degraded or otherwise made unavailable, would affect the reliability or operability of the Bulk Electric System. In the context of cyber security, a denial of service attack makes the asset unavailable. A loss of control and/or monitoring of critical assets would have a significant impact on reliability, including our ability to restore after a partial or total blackout. However, we must also protect these assets from unauthorized operation. Multiple element contingencies without accompanying faults are very probable for a scenario where a malicious party takes control of a critical asset such as a transmission substation. In Ontario, the criteria used in determining critical assets address the traditional ‘impact on the interconnection ’ for asset loss, but also consider our ability to restore after a blackout as essential in maintaining an adequate level of reliability and mitigating the impact on public health and safety. The criteria were developed in consultation with Ontario’s Emergency Preparedness Task Force, which includes key market participants and government representatives. It includes a cross-reference to the requirements of NERC CIP-002, which describe the types of assets that must be considered. In developing the criteria, we considered: The list of bulk power system elements derived using NPCC A-10 Criteria for Classification of Bulk Power System Elements, An additional assessment using the non-fault based extreme contingencies as listed
Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.
Full frame distilled prediction
Teacher imitationNot calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.
Codex and Gemma teacher scores by category
| Category | Codex | Gemma |
|---|---|---|
| Metaresearch | 0.001 | 0.000 |
| Meta-epidemiology (narrow) | 0.000 | 0.000 |
| Meta-epidemiology (broad) | 0.000 | 0.000 |
| Bibliometrics | 0.000 | 0.000 |
| Science and technology studies | 0.000 | 0.000 |
| Scholarly communication | 0.000 | 0.000 |
| Open science | 0.000 | 0.000 |
| Research integrity | 0.000 | 0.000 |
| Insufficient payload (model declined to judge) | 0.003 | 0.000 |
Machine scores (provisional)
The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.
Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it