I concur with the CSC 2.0 reports findings.
The entire electric industry would be better served by MS-ISAC. This would enable info sharing across the entire electric industry and with other critical infrastructure operators AND it would save US electricity customers $38 million that currently funds the restricted access E-ISAC operation. This report further justifies why we need the CISA CIRCIA regulation in place to protect parties that report cyber-incidents.
There are several people that have greatly benefited from having a cozy relationship with NERC and E-ISAC, and will seek to preserve E-ISAC for their own benefit.
"Concerns over the E-ISAC and NERC relationship are overblown, according to security consultant Tom Alrich."
I disagree Tom. The entire electric industry would see improved information sharing with removal of E-ISAC and replace it with the MS-ISAC and DOE's ETAC, under DOE_CESER and CISA oversight.
The following Recommendations are provided in the Cyberspace Solarium Report 2.0;
Recommendations
Rewrite PPD-21 for a New Era
1. Clearly identify strategic changes.
2. Assign responsibilities and ensure accountability for routine updates of key strategic documents.
3. Clarify CISA’s roles and responsibilities as NRMA.
4. Resolve questions around the organization and designation of critical infrastructure sectors and assigned SRMAs.
5. Provide guidance on SRMA organization and operation.
6. Facilitate accountability.
Support the PPD-21 Rewrite With Implementation and Resourcing Efforts
7. Strengthen CISA’s capabilities to execute its NRMA responsibilities.
8. Resource SRMAs for the responsibilities they have.
9. Identify a more effective way to catalog, support, and protect priority infrastructure.
10. Develop functional information-sharing capacity across all sectors.
11. Organize public-private collaboration to mitigate systemic and cross-sector risk.
12. Ensure effective emergency response.