NERC CIP Training Seminars
NERC CIP Training Seminars: The Atlanta-based nonprofit North American Electric Reliability Corporation (NERC) addresses security issues as well as develop standards for power system operation, assess resource adequacy and provide educational and training resources.
This is also why NERC’s Critical Infrastructure Protection (CIP) plan was approved as a set of requirements that relate to the preparedness and response to serious incidents that involve the critical infrastructure of a region or nation.
Unquestionably, NERC takes the matter of compliance very seriously. Compliance involves utilities following standards such as creating and enacting plans for incidents and managing personnel access to critical assets physically, electronically and remotely.
This is a big deal. Failure by utility companies to comply with the NERC CIP regulations can result in substantial penalties with fines that may run as high as $1 million a day.
The problem is that the details of compliance are substantial. The NERC CIP plan consists of nine standards and 45 requirements covering the security of electronic perimeters and the protection of critical cyber assets. The plan also calls for personnel training, security management and disaster recovery planning.
Keeping abreast with compliance updates has become even more complicated. A few years ago NERC upgraded its standards from version 3 to version 5 without stopping at version 4. The additional requirements were many, including:
- Tiered compliance – This is all about increasing the complexity of documentation, as in unnecessary regulations no longer apply to low impact facilities, but at the same time, multiple compliance policies are in play.
- Encryption – An involved requirement about securing of data both across connections and stored on disk.
- Security Patches – This is about a mega dose of patches and updates. In v5, all security patches on every device are required to be known.
- Serial connections – In v5, companies are required to implement only serial connections as specified by the CIPs.
- Multifactor authentication – Two-factor authentication (2FA) or above is required to help organizations protect against common attacks, which includes brute force, phishing and social engineering.
Version 5 has also made it clear that utilities must have a system of record that inventories all of their computer and network assets. This has come about as a means to make visibility more prominent in security standardization.
NERC CIP Training
Tonex offers NERC CIP Training Bootcamp | Crash Course, a 5-day program designed and created to meet the needs of the electric in regards to CIP compliance.
Who Should Attend
- CIP Compliance
- IT cybersecurity
- ICS and SCAD cybersecurity
- EMS cybersecurity
- Field and security operations
- Incident response
- Project managers
- CIP Auditors
- Any other staff from electrical utilities who are maintaining cybersecurity standards across their enterprise and substations
- Generation, transmission and distribution staff working to meet NERC CIP standards
Related Course
— Critical Infrastructure Protection (CIP) NERC Training, a 2-day course that will teach you the CIP standards developed by Federal Energy Regulatory Commission (FERC) and North American Electric Reliability Corporation (NERC) and will help you to understand the requirements for personnel and training, physical security of Bulk Electric Systems (BES) cybersecurity and information protection.
Why Choose Tonex?
- Tonex is the industry leader in cybersecurity and NERC CIP. Our courses are planned, designed and developed by NERC CIP experts in CIP implementation and audits.
- For over 30 years Tonex has worked with organizations in improving their understanding and capabilities in topics often with new development, design, optimization, regulations and compliances.
- Ratings tabulated from student feedback post-course evaluations show an amazing 98 percent satisfaction score.
Contact us for more information, questions, comments.