NERC publishes Lessons Learned documents to provide industry participants with technical and understandable information that helps them maintain the reliability of the bulk electric system. NERC has a history of not identifying control system incidents as being cyber-related. NERC issued two Lessons Learned documents in 2025: “Loss of Monitoring and Control Due to a Communication Failure Between Control Centers” and “Loss of SCADA/EMS Monitoring and Control – GPS Clock Failure”. Neither Lessons Learned document identified the incidents as being cyber-related despite both incidents experiencing loss of monitoring and control that affected the bulk electric system. Consequently, the utilities cybersecurity organizations may not be aware of these Lessons Learned documents. It is not clear why NERC continues to downplay identifying control system incidents as being cyber-related as it only makes the electric industry more susceptible to cyberattacks by creating a false sense of security.
