NERC CIP Training Bootcamp, a 4-Day Hands-on Cybersecurity Certificate
NERC CIP Training Bootcamp, North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) training bootcamp is a crash course style training program designed and created to meet the needs of the electric in regards to CIP compliance: Cyber Security for NERC CIP Versions 5 & 6 Compliance. Security specialists, CIP Senior Manager, analysts, designer engineers, system operators, directors of CIP compliance, VPs of operations.
NERC Critical Infrastructure Protection (CIP) training bootcamp is a 5-day crash course empowers attendees with knowledge and skills covering version 5/6 standards. NERC Critical Infrastructure Protection training bootcamp addresses the role of FERC, NERC and the Regional Entities.
Learn approaches for identifying and categorizing BES Cyber Systems and requirements tio implement and comply the standards including strategies for the version 5/6 requirements.
TONEX is the industry leader in Cyber Security and NERC CIP. Our courses are planned, designed and developed by NERC CIP experts in CIP implementation and audits. Learn how NERC Critical Infrastructure Protection (CIP) requirements address physical security and cybersecurity of the critical electricity infrastructure of North America including:
- References to NERC CIP associated documents
- References to Implementation Plan for Cyber Security Standards
- References to Mandatory Reliability Standards for CIP
- Guidance for Enforcement of CIP Standards
- References to NERC CIP Rules
- Best practices for managing NERC Compliance
- Protecting: physical security, cybersecurity, emergency preparedness and response
- Business continuity planning, and recovery from a catastrophic event with emphasis on deterring, preventing, limiting, and recovering from terrorist attacks
- Sabotage Reporting
- Critical Cyber Asset Identification
- Security Management Controls
- Personnel & Training
- Electronic Security Perimeter(s)
- Physical Security of Critical Cyber Assets
- Systems Security Management
- Incident Reporting and Response Planning
- Recovery Plans for Critical Cyber Assets
- Deterring to dissuade an entity from attempting an attack
- Preventing to cause an attempted attack to fail
- Limiting to constrain consequences of an attack in time and scope
- Recovering – to return to normalcy quickly and without unacceptable consequences in the interim
- Operating, Planning, and Critical Infrastructure Protection Committee
- Security Guidelines
- Control Systems Security
- Cyber Security Analysis
- Operating Security
- Business Continuity Guideline
- Physical Security
- Protecting Sensitive Information
- Security Policy
- Bulk Electric System Security Metrics
- Personnel Security Clearances
- Compliance Enforcement and Input
Learn about:
- Concepts behind The Energy Policy Act of 2005 (Energy Policy Act)
- Concepts behind Federal Energy Regulatory Commission (Commission or FERC) authority
- Concepts behind Reliability of the bulk power system, commonly referred to as the bulk electric system or the power grid
- Concepts behind Mandatory cybersecurity reliability standards
- Energy Independence and Security Act of 2007 (EISA)
- Role of National Institute of Standards and Technology (NIST) for smart grid guidelines and standards
Who Should Attend:
- CIP Compliance
- IT cybersecurity
- ICS and SCAD cybersecurity
- EMS cybersecurity
- Field and security operations
- Incident response
- Project managers
- CIP Auditors
- Any other staff from electrical utilities who are maintaining cyber security standards across their enterprise and substations
- Generation, transmission and distribution staff working to meet NERC CIP standards
Program Learning Objectives:
- Discuss requirements for reliable operation of the Bulk Electric System
- List CIP categories of assets to which CIP requirements apply
- Describe asset classification criteria and tiers: High/Medium/Low
- List similarities and differences between CIP standards in version 5 and 6
- Describe NERC filings and FERC rulings on these standards
- Deep Dive into the CIP 5/6 requirements and obligations/expectations
- Discuss sabotage reporting process
- Describe identification and documentation requirements of the Critical Cyber Assets associated with the Critical Assets
- Describe roles and responsibilities for minimum security management controls to protect Critical Cyber Assets
- Discuss requirements for identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets
- Describe implementation of physical security programs for the protection of Critical Cyber Assets
- Define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets
- Ensure the identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
- Ensure that recovery plans are put in place for Critical Cyber Assets and that these plans with established business continuity and disaster recovery techniques and practices
Program Coverage and Highlights of Enforcement:
- NERC CIP requirements
- HIghlights of NERC CIP 5 & 6
- Overview of Cyber Security for NERC CIP Versions 5 & 6 Compliance
- Asset Identification and Governance
- Access Control and Monitoring
- System Management
- Information Protection and Response
- CIP Process highlights
- BES Cyber System Categorization
- High and medium impact BES vs. low impact BES
- Operational Technology (OT) security
- Highlights of known ICS vulnerabilities
- Configuration Change Management & Vulnerability Assessments
- Cyber Security for NERC CIP Compliance
- Electronic Security Perimeter(s)
- Information Protection
- Incident Reporting and Response Planning
- Personnel & Training
- Physical Security
- Physical Security of BES Cyber Systems
- Recovery Plans for BES Cyber Systems
- Sabotage Reporting
- Security Management Controls
- System Security Management
- Best Practice specifications
- Reference Architecture
- Gap and Cyber Vulnerability Assessments
- Firewall/Network intrusion detection
- Access Management
- Centralized Patch Management
- Security Information & Event Management
- Automated Back-up & Recovery
- Network Segmentation
- Intrusion Prevention System (IPS)
- Protocol Inspection
- Security Factory Acceptance Testing (FAT)
- Multi vendor testing
- Cyber Asset Protection
- System Design, Reliability and Configuration
- Baseline Documentation
- Change Control Services
- Ports & services, applications & protocols
- Equipment changes
- Decommission plan