Critical Infrastructure Protection (CIP) NERC Training

Critical Infrastructure Protection (CIP) NERC Training

The Atlanta-based nonprofit North American Electric Reliability Corporation (NERC) was formed in 2006 to address power grid security issues as well as develop standards for power system operation, assess resource adequacy and provide educational and training resources.

NERC oversees eight regional reliability entities and encompasses all of the interconnected power systems of the contiguous United States, Canada and Mexico. NERC’s Critical Infrastructure Protection (CIP) plan was originally approved in 2008 as a set of requirements that relate to the preparedness and response to serious incidents that involve the critical infrastructure of a region or nation.

Today it’s critical that all stakeholders involved in the electric power grid industry understand NERC’s CIP standards due to an environment where power grid elements are prime targets of cybercriminals.

When computer systems are not properly secured, it may lead to catastrophic problems, disclosure of sensitive information, and frauds. Users with unauthorized access can easily exploit security vulnerabilities in a network if they are present.  Therefore, threat and vulnerability management to secure critical infrastructure protection (CIP) became vital.

Addressing vulnerability and risk concerns entails following all NERC-CIP reliability standards to ensure that all potential threats have been remediated.  This isn’t a task to put on the back-burner.

The process of achieving full NERC-CIP compliance requires BPS operators to undergo vulnerability assessments (VAs) every 15 months. BPS operators are also required to self-report the documentation of their findings in these VAs to NERC.

NERC takes compliance very seriously. Failure by utility companies to comply with the NERC CIP regulations can result in substantial penalties. It’s believed that these fines can run as high as $1 million a day.

NERC’S position is that it’s paramount for utility executives to know regulations that cover procedures and equipment. Other must-learn matters include:

• Sabotage reporting
• Identification and documentation/physical security of critical cyber assets
• Application of at least minimum security management
• Comprehensive reporting of cybersecurity incidents
• Recovery plans following business continuity and disaster recovery practices

NERC also requires utilities to send their employees to some kind of cybersecurity training (such as offered by Tonex). That’s because employees are often the weakest cyber link. Cybersecurity specialists say most major security breaches involve a human being doing something wrong, dangerous or just plain dumb somewhere along the way.

Critical Infrastructure Protection (CIP) NERC Training Course by Tonex

Critical Infrastructure Protection (CIP) NERC training course will teach you the CIP standards developed by Federal Energy Regulatory Commission (FERC) and North American Electric Reliability Corporation (NERC) and will help you to understand the requirements for personnel and training, physical security of Bulk Electric Systems (BES) cybersecurity and information protection.

NERC is committed to protect the BES against cybersecurity compromises leading to instability. The goal of each new CIP version is to improve the technical security requirements for BES and expectations for compliance and enforcement.

Tonex, a leader in the teaching industry with more than 15 years of experience in providing seminars, workshops and hands on training as well as comprehensive training courses, is pleased to offer a detailed training for Critical Infrastructure Protection (CIP) training based on  the NERC standard.

This training is based on protection of transient electronic devices used at low-impact bulk electric system cyber systems, protection of communication network components between control centers and low-impact external routable connectivity standards.

This course covers a variety of topics in CIP of cyber systems such as: introduction to CIP, threat assessment and vulnerability assessment in CIP, review of NERC CIP program, bulk electric system cyber system categorization, security management control, cybersecurity awareness, asset identification, access control and monitoring, system security management, incident response and CIP audit/compliance program.

Our instructors at Tonex will teach you the CIP remote access control assessment, risk identification related to remote access related threats, vulnerability assessment and mitigation control for vulnerabilities through critical infrastructure protection (CIP) NERC training.

Learn about structural changes and implementation plans for modified format of CIP, asset identification, cyber asset categories, bright line criteria, impact level determination and asset categorization.

Learn about communication related requirements, electronic security perimeters, interactive remote access, physical protection of communication devices, network elements and transient devices.

Critical Infrastructure Protection (CIP) NERC also covers the main requirements for configuration change management and vulnerability assessment to ensure the effective change control moreover, incident response and disaster recovery plan will be introduced to identify, classify, communicate and manage the roles and responsibilities in case incident occurs.

This course also offers a set of real-world case studies, hands on experiments and class discussions in order to give you a clear idea about CIP, and makes you prepared for challenges in your organization.

Audience

Critical Infrastructure Protection (CIP) NERC training is a 2-day course designed for:

• IT and ICS cybersecurity personnel
• Field support personnel and security operators
• Auditors, vendors and team leaders
• All individuals who need to understand the Critical Infrastructure Protection (CIP) NERC concepts
• Electric utility engineers working in electric industry security
• System personnel worried about NERC standard for system security
• System operators and individuals in electric utility organizations
• Independent system operator personnel working with utility companies
• Electric utility personnel who recently started career involved with Critical Infrastructure Protection (CIP) NERC standards
• Technicians, operators, and maintenance personnel who are or will be working at electric utility companies
• Investors and contractors who plan to make investments in electric industry considering security standards
• Managers, accountants, and executives of electric industry

Training Objectives

Upon completion of Critical Infrastructure Protection (CIP) NERC training course, the attendees are able to:

• Understand the new terms and revised definitions of CIP NERC standard
• Learn about Cyber asset categories
• Apply gap analysis with new standards applications
• Recognize the role FERC and NERC on CIP
• Determine the requirements to implement strategies for CIP
• Apply CIP requirements to balance cybersecurity benefits and regulatory compliances
• Understand how the electric sector regulatory structure fit into the reliability standards
• Explore BES cyber asset identification to protect grids
• Learn about common physical controls and monitoring schemes in CIP
• Understand the system security management requirements and compliance challenges
• Apply vulnerability assessment for ensuring the stable operation of system
• Apply methods in order to identify, classify and response to each incident in CIP

Training Outline

Critical Infrastructure Protection (CIP) NERC training course consists of the following lessons, which can be revised and tailored to the client’s need:

Introduction to CIP

• Scope of Critical Infrastructure (CI) and Critical Infrastructure Protection (CIP)
• CIP Concepts and Principles
• CI Information and Information Sharing
• CI Stakeholders and Sectors
• CIP Risk Management Model
• CIP Challenges
• CIP and Business Continuity Planning
• CIP in Asset Protection Organization

Threat Assessment and Vulnerability Assessment

• Hazards Approach to CIP
• Threat Assessment Methodologies
• Threat Sources
• Threat Level and CI Design
• Threat, Vulnerability and Risk
• Vulnerability Assessment Introduction
• Attributes of Vulnerability
• Vulnerability Assessment Methodologies

Review of NERC CIP Program

• History and Background of NERC
• Reliability Standards of NERC
• CIP Background
• CIP-001
• CIP-002: Identification and Documentation of Critical Cyber Assets
• CIP-003: Security Management Control
• CIP-004: Personnel Risk Assessment and Security Awareness Training
• CIP-005: Electronic Security Perimeters
• CIP-006 Physical Security Program
• CIP-007: Security Planning and Management
• CIP-008: Incident Identification and Incident Response
• CIP-009: Recovery Plans

Bulk Electric System (BES) Cyber System Categorization

• CIP-002 Version 5
• Criteria for Determining Impact Ratings
• Generating Units at a Single Plant Location
• BES Reactive Resources
• Transmission Facilities
• Interconnection Reliability Operating Limit (IROL)
• Control Centers and Backup Control Centers
• Low Impact Category for Control Centers and Transmission Stations
• Low Impact Category for Distribution Providers
• Low Impact Category of Special Protection Systems
• Impact Category Control: CIP-011-1

Security Management Control

• Review of CIP-003 Version 5
• Personnel and Training
• Electronic Security Perimeters: CIP-005-Version 5
• Interactive Remote Access
• System Security Management
• Incident Reporting and Response Planning
• Physical Security of BES Cyber Systems: CIP-006 Version 5
• Physical Security of Transmission Stations and Substations: CIP-014
• Recovery Plans for BES Cyber Systems
• Configuration Change Management
• Vulnerability Assessment
• Information Protection
• Responding to CIP Exceptional Circumstances
• Physical Access Control Systems (PACS)

Cybersecurity Awareness

• CIP-004 Version 5: Cybersecurity- Personnel and Training
• Security Awareness
• Cybersecurity Training
• Personnel Risk Assessment
• Access Management Program
• Access Revocation Program
• Interactive Remote Access: CIP-005 Version 5

Asset Identification

• Asset Classifications
• Bright Line Criteria
• Impact Level Determination
• High/Medium/Low Impact Systems
• NERC Functional Mode
• NERC Reliability Standards
• CIP History
• CIP-002: Cyber System Categorization
• CIP-003: Security Management Controls

Access Control and Monitoring

• CIP-005: Electronic Security Perimeters
• Interactive Remote Access
• External Routable Communication and Electronic Access Points
• Physical Access Control System (PACS) Maintenance and Testing
• Visitor Control
• Unauthorized Access Monitoring

System Security Management

• CIP-007 Version 5: System Security Management
• Ports and Services
• Security Patch Management
• Malicious Code prevention
• Account Management
• Security Event Monitoring
• CIP-010: Configuration Change Management and Vulnerability Assessment
• System Access Control

Incident Response

• CIP-008 Version 5: Incident Reporting and Response Planning
• Identify/Classify/Respond to Cybersecurity Incidents
• Reportable Cybersecurity Incident
• Roles and Responsibility of Incident Response Group
• Incident Handling Procedure
• Testing Cyber Security Incident Response Plan
• CIP-009 Version 5, Recovery Plans for BES Cyber Systems
• CIP-011-1 Information Protection
• System Backup
• Phases of Response and Recovery

CIP Audit and Compliance Program

• CIP Processes of Maintaining Compliance
• Audits
• Accountability
• Transparency
• Consistency
• Sustainability
• Audit Etiquette
• Compliance Framework
• Reliability Assurance Initiative
• Culture of Compliance
• Annual Assessment
• Gap Analysis
• TFE and Self Reporting
• Audit Tools

Hands On, Workshops, and Group Activities

• Labs
• Workshops
• Group Activities

Sample Workshops and Labs for Critical Infrastructure Protection (CIP) NERC Training 

• Types of Documentation in Scope of CIP Security Example
• Nmap Software For Vulnerability Assessment Case Study
• Assessment of Low/Medium/High Impact BES Cyber Systems
• PACS and Monitoring (EACMS) Assets
• Baseline Definition for Two Computers/Servers/Devices with Items in Common
• Security Patches and Functionality Patches Example
• Monitoring Requirements for new Field Devices such as PLCs, Relays, or Monitoring Devices
• Protection of Devices in Substations such as Transformer Monitoring Devices, Distribution Relays and PLCs.
• Physical Security Tests on Firewalls, IDS, and Proxies
• How to Preserve Incident Data, Integrity of Distributed Files
• Cybersecurity Capability Maturity Model (C2M2) Tutorial

Critical Infrastructure Protection (CIP) NERC Training