Length: 4 Days
NERC CIP Training Bootcamp
The Atlanta-based nonprofit North American Electric Reliability Corporation (NERC) was formed in 2006 to address security issues as well as develop standards for power system operation, assess resource adequacy and provide educational and training resources.
NERC’s Critical Infrastructure Protection (CIP) plan was originally approved in 2008 as a set of requirements that relate to the preparedness and response to serious incidents that involve the critical infrastructure of a region or nation.
The various CIP standards cover everything from identifying and categorizing assets, to reporting sabotage, to ensuring security plans that limit physical and electronic access are in place. CIP-008 covers reporting cyber security incidents, and CIP-009 focuses on recovery plans and techniques following breaches. CIP-010 and CIP-011, focusing on change and vulnerability management and information protection, are also enforceable.
NERC CIP exists because serious cybersecurity and other types of threats exist to the U.S. power grid. One report showed that more than one in four energy industry respondents admitted that their company had been hit by a damaging cyberattack. About 75 percent of the respondents said they were very worried about the possibility of cyberattacks interrupting their operations, and 77 percent said they planned on investing more capitol in managing cyber risk.
A few years ago, a report that appeared in USA Today shocked many by claiming that the U.S. electric grid faced physical or online attacks about 100 times a year. And, according to the U.S. government’s Mission Support Center analysis report, it’s likely that many more cyber incidents occur than are reported.
A Global State of Information Survey reports that more than half of total cyber incidents involve advanced persistent threats or sophisticated actors. The majority of incidents are categorized as having an unknown access vector.
In other words, while the organization confirmed the hacking, forensic evidence did not point to a method used for intrusion because of lack of detection and monitoring capabilities within the compromised utility network.
NERC CIP has been given the power by the U.S. and Canada to impose fines, sanctions and other punitive actions against any owners, operators or users of bulk electric system found with compliance issues.
NERC CIP can fine any of these three groups up to $1 million per day, per violation; that is assuming the penalty is commensurate with the gravity of the violation. Most often, the seriousness of the fine relates to the overall reliability of the system, amount of cooperation given by the organization, purposefulness of the violation and attempts at concealment.
The benefits of NERC CIP compliance are considerable, such as:
- Refined power grid protection
- Improved operational control
- Upgraded environmental awareness
- Enhanced understanding of costs
- Improved readiness for disruptions
Training in NERC CIP standards is highly recommended as these standards necessitate implementing a complex set of cybersecurity controls around their physical and cyber assets and maintain ongoing proof of NERC compliance for auditors.
NERC CIP Training Bootcamp Crash Course by Tonex
NERC CIP Training Bootcamp, North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) training bootcamp is a crash course style training program designed and created to meet the needs of the electric in regards to CIP compliance: Cyber Security for NERC CIP Versions 5 & 6 Compliance.
This crash course is perfect for Security specialists, CIP Senior Manager, analysts, designer engineers, system operators, directors of CIP compliance, VPs of operations.
NERC Critical Infrastructure Protection (CIP) training bootcamp is a 4-day crash course empowers attendees with knowledge and skills covering version 5/6 standards. NERC Critical Infrastructure Protection training bootcamp addresses the role of FERC, NERC and the Regional Entities.
Learn approaches for identifying and categorizing BES Cyber Systems and requirements to implement and comply the standards including strategies for the version 5/6 requirements.
Tonex is the industry leader in Cybersecurity and NERC CIP. Our courses are planned, designed and developed by NERC CIP experts in CIP implementation and audits.
Learn how NERC Critical Infrastructure Protection (CIP) requirements address physical security and cybersecurity of the critical electricity infrastructure of North America including:
- References to NERC CIP associated documents
- CIP-002-3: CYBER SECURITY — CRITICAL CYBER ASSET IDENTIFICATION
- CIP-003-5: CYBER SECURITY — SECURITY MANAGEMENT CONTROL
- CIP-004-3: CYBER SECURITY — PERSONNEL & TRAINING
- CIP-005-5: CYBER SECURITY — ELECTRONIC SECURITY PERIMETER(S)
- CIP-006-3C: CYBER SECURITY — PHYSICAL SECURITY OF CRITICAL CYBER ASSET (S)
- CIP-007-3: CYBER SECURITY — SYSTEMS SECURITY MANAGEMENT
- CIP-008-3: CYBER SECURITY — INCIDENT REPORTING AND RESPONSE PLANNIN
- CIP-009-3: CYBER SECURITY — RECOVERY PLANS FOR CRITICAL CYBER ASSET
- CIP-010-3: CYBER SECURITY — CONFIGURATION CHANGE MANAGEMENT AND VULNERABILITY ASSESSMENTS
- CIP-011-1: CYBER SECURITY — INFORMATION PROTECTION
- References to Implementation Plan for Cyber Security Standards
- References to Mandatory Reliability Standards for CIP
- Guidance for Enforcement of CIP Standards
- References to NERC CIP Rules
- Best practices for managing NERC Compliance
- Protecting: physical security, cybersecurity, emergency preparedness and response
- Business continuity planning, and recovery from a catastrophic event with emphasis on deterring, preventing, limiting, and recovering from terrorist attacks
- BES Cyber System Categorization
- Critical Cyber Asset Identification
- Security Management Controls
- Personnel & Training
- Electronic Security Perimeter(s)
- Physical Security of Critical Cyber Assets
- Systems Security Management
- Incident Reporting and Response Planning
- Recovery Plans for Critical Cyber Assets
- Deterring to dissuade an entity from attempting an attack
- Preventing to cause an attempted attack to fail
- Limiting to constrain consequences of an attack in time and scope
- Recovering – to return to normalcy quickly and without unacceptable consequences in the interim
- Operating, Planning, and Critical Infrastructure Protection Committee
- Security Guidelines
- Control Systems Security
- Cyber Security Analysis
- Operating Security
- Business Continuity Guideline
- Physical Security
- Protecting Sensitive Information
- Security Policy
- Bulk Electric System Security Metrics
- Personnel Security Clearances
- Compliance Enforcement and Input
Learn about:
- Concepts behind The Energy Policy Act of 2005 (Energy Policy Act)
- Concepts behind Federal Energy Regulatory Commission (Commission or FERC) authority
- Concepts behind Reliability of the bulk power system, commonly referred to as the bulk electric system or the power grid
- Concepts behind Mandatory cybersecurity reliability standards
- Energy Independence and Security Act of 2007 (EISA)
- Role of National Institute of Standards and Technology (NIST) for smart grid guidelines and standards
Who Should Attend:
- CIP Compliance
- IT cybersecurity
- ICS and SCADA cybersecurity
- EMS cybersecurity
- Field and security operations
- Incident response
- Project managers
- CIP Auditors
- Any other staff from electrical utilities who are maintaining cyber security standards across their enterprise and substations
- Generation, transmission and distribution staff working to meet NERC CIP standards
Program Learning Objectives:
- Discuss requirements for reliable operation of the Bulk Electric System
- List CIP categories of assets to which CIP requirements apply
- Describe asset classification criteria and tiers: High/Medium/Low
- List similarities and differences between CIP standards in version 5 and 6
- Describe NERC filings and FERC rulings on these standards
- Deep Dive into the CIP 5/6 requirements and obligations/expectations
- Discuss sabotage reporting process
- Describe identification and documentation requirements of the Critical Cyber Assets associated with the Critical Assets
- Describe roles and responsibilities for minimum security management controls to protect Critical Cyber Assets
- Discuss requirements for identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets
- Describe implementation of physical security programs for the protection of Critical Cyber Assets
- Define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets
- Ensure the identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
- Ensure that recovery plans are put in place for Critical Cyber Assets and that these plans with established business continuity and disaster recovery techniques and practices
Program Coverage and Highlights of Enforcement:
- NERC CIP requirements
- Highlights of NERC CIP 5 & 6
- Overview of Cyber Security for NERC CIP Versions 5 & 6 Compliance
- Asset Identification and Governance
- Access Control and Monitoring
- System Management
- Information Protection and Response
- CIP Process highlights
- BES Cyber System Categorization
- High and medium impact BES vs. low impact BES
- Operational Technology (OT) security
- Highlights of known ICS vulnerabilities
- Configuration Change Management & Vulnerability Assessments
- Cyber Security for NERC CIP Compliance
- Electronic Security Perimeter(s)
- Information Protection
- Incident Reporting and Response Planning
- Personnel & Training
- Physical Security
- Physical Security of BES Cyber Systems
- Recovery Plans for BES Cyber Systems
- Sabotage Reporting
- Security Management Controls
- System Security Management
- Best Practice specifications
- Reference Architecture
- Gap and Cyber Vulnerability Assessments
- Firewall/Network intrusion detection
- Access Management
- Centralized Patch Management
- Security Information & Event Management
- Automated Back-up & Recovery
- Network Segmentation
- Intrusion Prevention System (IPS)
- Protocol Inspection
- Security Factory Acceptance Testing (FAT)
- Multi vendor testing
- Cyber Asset Protection
- System Design, Reliability and Configuration
- Baseline Documentation
- Change Control Services
- Ports & services, applications & protocols
- Equipment changes
- Decommission plan
NERC CIP Training Bootcamp