No one really knows what would happen if the North American power grid system suddenly failed. But no one other than bad actors really want to find out.
This is why the Atlanta-based nonprofit North American Electric Reliability Corporation (NERC) was formed in 2006. NERC addresses security issues as well as develop standards for power system operation, assess resource adequacy and provide educational and training resources.
NERC also oversees eight regional reliability entities and encompasses all of the interconnected power systems of the contiguous United States, Canada and Mexico.
NERC’s Critical Infrastructure Protection (CIP) plan was originally approved in 2008 as a set of requirements that relate to the preparedness and response to serious incidents that involve the critical infrastructure of a region or nation. CIP emphasis the need for greater training in order to keep North America’s electric grid secure.
In actuality, CIP is just one of 14 mandatory NERC standards that are subject to enforcement in the U.S. However, it gets a good deal of attention because this regulation is centered on the physical security and cybersecurity of assets deemed to be critical to the electricity infrastructure.
This is a big deal. That’s why NERC takes mandatory compliance very seriously. Failure by utility companies to comply with the NERC CIP regulations can result in substantial penalties. It’s believed that these fines can run as high as $1 million a day.
NERC CIP compliance involves a number of steps and tools, such as creating and enacting response plans for incidents; managing personnel access to critical assets physically, electronically and remotely; and employee education sessions.
To be NERC CIP compliant, bulk power supply owners and operators must ensure they’ve enacted the measures contained in all of the enforceable CIP standards such as CIP-002 which outlines the categorization system used to determine which assets are “critical.” Identifying items are that critical assets is the first step in becoming compliant.
CIP-003 on the other hand outlines controls for managing security and CIP-004 provides standards for training personnel to be CIP compliant. CIP-005 and 006 focus on creating security perimeters, both electronically and physically, while CIP-007 provides information on managing system security. CIP-008 and 009 deal with what happens after an incident occurs: how to report it and implement recovery plans. CIP-010 addresses change management and vulnerabilities. CIP-011 lays out standards for protecting information and the new CIP-014 addresses the need for physical security.
NERC CIP Training
Tonex helps organizations and utilities meet compliance standards, especially in the area of employee education sessions.
Tonex offers two classes in NERC CIP Training: a five-day hands on NERC CIP Training Bootcamp / Crash Course and a two-day Critical Infrastructure Protection (CIP) NERC Training.
NERC CIP Training courses empowers attendees with knowledge and skills covering version 5/6 standards and addresses the role of FERC, NERC and the Regional Entities.
Additionally, participants learn approaches for identifying and categorizing BES Cyber Systems and requirements to implement and comply the standards including strategies for the version 5/6 requirements.
Who Should Attend?
- Security Specialists
- CIP Senior Managers
- Analysts, designer engineers, system operators, directors of CIP compliance and VPs of operations.
Why Choose Tonex?
Tonex is the industry leader in cybersecurity and NERC CIP. Our courses are planned, designed and developed by NERC CIP experts in CIP implementation and audits.
Ratings tabulated from student feedback post-course evaluations show an amazing 98 percent satisfaction score.
Presenting highly customized learning solutions is what we do. For over 30 years Tonex has worked with organizations in improving their understanding and capabilities in topics often with new development, design, optimization, regulations and compliances that, frankly, can be difficult to comprehend.
Contact us for more information, questions, comments.