Publication Target Date: July 21
Submission Deadline: July 18
Article Working Title: The Substation Problem: Distribution, Protection Relays, and Living Inside NERC CIP
Editorial Brief: Transmission and distribution is where cyber risk becomes most directly a public-safety and continuity risk, and where a compliance regime, NERC CIP in North America, shapes nearly every decision. The article should move past CIP as a checklist and examine the operational reality of securing substations and the distribution edge: protection relays and serial-to-Ethernet gateways that were never designed for authentication, the documented history of substation disconnection and loss of view and control in real grid attacks, and the tension between a low-impact classification that limits required controls and a real-world consequence that does not respect the classification. It should be specific about the compliance calendar that operators are living through — internal network security monitoring obligations and tightening remote-access requirements — and honest about the gap between a substation that is CIP-compliant and one that is actually defensible. Distribution utilities, often smaller and less resourced than transmission operators, face the same relay and gateway exposure with a fraction of the staff. The architectural lessons — segmenting field communications, validating relay configurations, knowing how to operate when you lose remote visibility — apply to any operator with geographically dispersed, lightly attended field assets, including pipelines and water.
