How to Know You Meet the NERC CIP Cybersecurity Requirements

Technical difficulties are dreaded by everyone, whether it be during a school program, government announcement, or even your regular online streaming.

In today’s age of Covid-19 technical difficulties seem to be especially painful. Random power outages or internet problems can be enough to completely disconnect a student from their school and an employee from their work.

Of course, certain processes and standards are kept to ensure the quality of service from certain utility companies. After all, if there wasn’t a standard to be followed companies could simply under-perform and simply blame things on the weather.

NERC CIP

One of the main guides that keep utility companies in line is the NERC CIP Standards. You might be wondering, What is the NERC CIP?

The National Electrical Reliability Council or NERC

This is an organization dedicated to ensuring quality service from utility companies. They have been active since 1968 and have slowly grown to take on more responsibilities.

Originally, the NERC was there to simply promote reliable transmission of electricity for power companies in North America. They have been releasing the CIP standards that serve as a checklist for power companies.

The CIP or Critical Infrastructure Protection Standards promote proper service through adequate training, tools, contingency plans, and many more. This standard grows as time passes because of new technology, threats, and even needs.

The NERC CIP Standards serve as the main basis for utility companies around the world. As they constantly improve their standards the companies around the globe attempt to keep up with the ever-growing checklist.

The NERC CIP Standards make a great point of reference for power and utility companies. Some companies are not required to meet these standards but that doesn’t mean they shouldn’t take a look at it.

NERC CIP Cybersecurity Requirements

As mentioned, the CIP standards are composed of different criteria to make sure that utility companies provide a reliable and effective service. These range from the training of employees up to resource management.

City with lights

The NERC CIP Standards are publicly posted and you can find hundreds of articles discussing their various aspects.

Here are a few of the main NERC CIP Standards that can give you a quick idea if your company is on par with the global requirements.

1. CIP-002-5.1 a BES Cyber System Categorization

This involves understanding the different machines and processes involved. Through BES Cyber System Categorization, companies can group assets based on their impact.

Through this sort of system, any failure can be properly managed since they are already grouped by importance and overall impact on the entire process. There are certain programs such as Tenable that specialize in this CIP standard.

Tenable helps to represent accurate reports of specific impact groups. These reports can help employees and even machines to act accordingly in the event of any form of failure.

2. CIP-003-8 Security Management Controls

This standard is all about having security management controls that are tailored to guard BES Cyber Systems. These controls help to protect specific assets and the entire process from any form of compromise.

These Security Management Controls don’t only protect certain assets but also ensure accountability. Making sure that those under supervision are safe and functioning accordingly.

3. CIP-004-6 Personnel & Training

This standard is probably one of the easiest to understand. This doesn’t involve any fancy or technical jargon. It is all about having informed personnel know what they are doing when it comes to handling tools and other responsibilities.

This standard specifically targets companies to conduct their personnel risk assessment and ensure that the employees aren’t a vulnerability.

Something as simple as constant security awareness and checking can go a long way towards the overall protection of an organization

4. CIP-008-6 Incident Reporting and Response Planning

This standard is dedicated to appropriate responses and reporting. In case of an incident , employees and machines are aware of what they need to do.

These can be counted as contingency plans that stop groups of people from panicking. Through these plans, the most effective response can be constantly used. These plans provide an opportunity to have problems or incidents be handled efficiently and effectively.

This standard also allows for incidents to be reported properly. Certain bits of information are taken note of for future reference. These all help to work towards the security of the entire company.

Responding to an incident is different for every field of work. There are numerous articles online that discuss different ways to respond to incidents. These online guides provide random people with what the NERC CIP Standards provide for power companies. They provide a plan.

Other NERC CIP Standards

The NERC CIP Standards currently have ​​12 critical infrastructure protection requirements. These include the aforementioned standards along with a handful of other ones.

Electric Tower

Here is a complete list of the 12 critical infrastructure protection requirements. These serve as the main basis for power companies in North America and around the globe.

  1. CIP-002-5.1a BES Cyber System Categorization
  2. CIP-003-8 Security Management Controls
  3. CIP-004-6 Personnel & Training
  4. CIP-005-6 Electronic Security Perimeter(s)
  5. CIP-006-6 Physical Security of BES Cyber Systems
  6. CIP-007-6 System Security Management
  7. CIP-008-6 Incident Reporting and Response Planning
  8. CIP-009-6 Recovery Plans for BES Cyber Systems
  9. CIP-010-3 Configuration Change Management and Vulnerability Assessments
  10. CIP-011-2 Information Protection
  11. CIP-013-1 Supply Chain Risk Management
  12. CIP-014-2 Physical Security

Conclusion

A Lot of people are reliant on staying connected through virtual means. For a bunch of people today staying connected means staying in school, having a job, and even being updated with the world.

This is the age of the Covid pandemic and technical difficulties tend to hit just a bit harder than usual. Thankfully, certain organizations keep power and utility companies in check.

One of the most prominent organizations would be the National Electrical Reliability Council or the NERC. With their constantly growing CIP Standards, power companies deliver reliable and adequate service.

This organization may be focused on North America but its standards have been a guide to different companies and organizations around the globe. Their CIP Standards are posted publicly and provide companies with the idea of a “reliable power company”.

Even if your company is not required to keep up with the NERC CIP Standards it can still give insight towards future adjustments and improvements.

LEAVE A REPLY

Please enter your comment!
Please enter your name here