NERC CIP Training Bootcamp | Crash Course

Length: 4 Days

NERC CIP Training Bootcamp

The Atlanta-based nonprofit North American Electric Reliability Corporation (NERC) was formed in 2006 to address security issues as well as develop standards for power system operation, assess resource adequacy and provide educational and training resources.

NERC’s Critical Infrastructure Protection (CIP) plan was originally approved in 2008 as a set of requirements that relate to the preparedness and response to serious incidents that involve the critical infrastructure of a region or nation.

The various CIP standards cover everything from identifying and categorizing assets, to reporting sabotage, to ensuring security plans that limit physical and electronic access are in place. CIP-008 covers reporting cyber security incidents, and CIP-009 focuses on recovery plans and techniques following breaches. CIP-010 and CIP-011, focusing on change and vulnerability management and information protection, are also enforceable.

NERC CIP exists because serious cybersecurity and other types of threats exist to the U.S. power grid. One report showed that more than one in four energy industry respondents admitted that their company had been hit by a damaging cyberattack. About 75 percent of the respondents said they were very worried about the possibility of cyberattacks interrupting their operations, and 77 percent said they planned on investing more capitol in managing cyber risk.

A few years ago, a report that appeared in USA Today shocked many by claiming that the U.S. electric grid faced physical or online attacks about 100 times a year. And, according to the U.S. government’s Mission Support Center analysis report, it’s likely that many more cyber incidents occur than are reported.

A Global State of Information Survey reports that more than half of total cyber incidents involve advanced persistent threats or sophisticated actors. The majority of incidents are categorized as having an unknown access vector.

In other words, while the organization confirmed the hacking, forensic evidence did not point to a method used for intrusion because of lack of detection and monitoring capabilities within the compromised utility network.

NERC CIP has been given the power by the U.S. and Canada to impose fines, sanctions and other punitive actions against any owners, operators or users of bulk electric system found with compliance issues.

NERC CIP can fine any of these three groups up to $1 million per day, per violation; that is assuming the penalty is commensurate with the gravity of the violation. Most often, the seriousness of the fine relates to the overall reliability of the system, amount of cooperation given by the organization, purposefulness of the violation and attempts at concealment.

The benefits of NERC CIP compliance are considerable, such as:

• Refined power grid protection
• Improved operational control
• Upgraded environmental awareness
• Enhanced understanding of costs
• Improved readiness for disruptions

Training in NERC CIP standards is highly recommended as these standards necessitate implementing a complex set of cybersecurity controls around their physical and cyber assets and maintain ongoing proof of NERC compliance for auditors.

NERC CIP Training Bootcamp Crash Course by Tonex

NERC CIP Training Bootcamp,  North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) training bootcamp is a crash course style training program designed and created to meet the needs of the electric in regards to CIP compliance: Cyber Security for NERC CIP Versions 5 & 6 Compliance.

This crash course is perfect for Security specialists, CIP Senior Manager, analysts, designer engineers, system operators, directors of CIP compliance, VPs of operations.

NERC Critical Infrastructure Protection (CIP) training bootcamp is a 4-day crash course empowers attendees with knowledge and skills covering version 5/6 standards. NERC Critical Infrastructure Protection training bootcamp addresses the role of FERC, NERC and the Regional Entities.

Learn approaches for identifying and categorizing BES Cyber Systems and requirements to implement and comply the standards including strategies for the version 5/6 requirements.

Tonex is the industry leader in Cybersecurity and NERC CIP. Our courses are planned, designed and developed by NERC CIP experts in CIP implementation and audits.

Learn how NERC Critical Infrastructure Protection (CIP) requirements address physical security and cybersecurity of the critical electricity infrastructure of North America including:

• References to NERC CIP associated documents
• CIP-002-3: CYBER SECURITY — CRITICAL CYBER ASSET IDENTIFICATION
• CIP-003-5: CYBER SECURITY — SECURITY MANAGEMENT CONTROL
• CIP-004-3: CYBER SECURITY — PERSONNEL & TRAINING
• CIP-005-5: CYBER SECURITY — ELECTRONIC SECURITY PERIMETER(S)
• CIP-006-3C: CYBER SECURITY — PHYSICAL SECURITY OF CRITICAL CYBER ASSET (S)
• CIP-007-3: CYBER SECURITY — SYSTEMS SECURITY MANAGEMENT
• CIP-008-3: CYBER SECURITY — INCIDENT REPORTING AND RESPONSE PLANNIN
• CIP-009-3: CYBER SECURITY — RECOVERY PLANS FOR CRITICAL CYBER ASSET
• CIP-010-3: CYBER SECURITY — CONFIGURATION CHANGE MANAGEMENT AND VULNERABILITY ASSESSMENTS
• CIP-011-1: CYBER SECURITY — INFORMATION PROTECTION
• References to Implementation Plan for Cyber Security Standards
• References to Mandatory Reliability Standards for CIP
• Guidance for Enforcement of CIP Standards
• References to NERC CIP Rules
• Best practices for managing NERC Compliance
• Protecting: physical security, cybersecurity, emergency preparedness and response
• Business continuity planning, and recovery from a catastrophic event with emphasis on deterring, preventing, limiting, and recovering from terrorist attacks
• BES Cyber System Categorization
• Critical Cyber Asset Identification
• Security Management Controls
• Personnel & Training
• Electronic Security Perimeter(s)
• Physical Security of Critical Cyber Assets
• Systems Security Management
• Incident Reporting and Response Planning
• Recovery Plans for Critical Cyber Assets
• Deterring to dissuade an entity from attempting an attack
• Preventing  to cause an attempted attack to fail
• Limiting  to constrain consequences of an attack in time and scope
• Recovering – to return to normalcy quickly and without unacceptable consequences in the interim
• Operating, Planning, and Critical Infrastructure Protection Committee
• Security Guidelines
• Control Systems Security
• Cyber Security Analysis
• Operating Security
• Business Continuity Guideline
• Physical Security
• Protecting Sensitive Information
• Security Policy
• Bulk Electric System Security Metrics
• Personnel Security Clearances
• Compliance Enforcement and Input

Learn about:

• Concepts behind The Energy Policy Act of 2005 (Energy Policy Act)
• Concepts behind Federal Energy Regulatory Commission (Commission or FERC) authority
• Concepts behind Reliability of the bulk power system, commonly referred to as the bulk electric system or the power grid
• Concepts behind Mandatory cybersecurity reliability standards
• Energy Independence and Security Act of 2007 (EISA)
• Role of National Institute of Standards and Technology (NIST) for smart grid guidelines and standards

NERC CIP Training Bootcamp