NERC Critical Infrastructure Protection (CIP) Training
NERC Critical Infrastructure Protection (CIP) Training workshop – Hands-on
The NERC Critical Infrastructure Protection (CIP) set of standards was developed by the North American Electric Reliability Corporation (NERC) to ensure the protection of any assets used to operate North America’s Bulk Electric System (BES). Any entity that owns or operates any type of BES in the United States, Canada and Mexico must be compliant with NERC CIP requirements.
This NERC Critical Infrastructure Protection (CIP) Training workshop provides a thorough review and analysis of NERC CIP standards currently subject to enforcement, as well as the ones that are subject to the future enforcement. It discusses the history and background of NERC CIP, the process of development and implementation of new standards, the role of the Federal Energy Regulatory Commission (FERC) and Regional Entities, the reasons behind common compliance violations, and best practices for building an effective compliance program.
- Five days of training with an expert instructor
- Walkthroughs and demonstrations
- NERC CIP Training Guide
- 100% Satisfaction Guarantee
NERC Critical Infrastructure Protection (CIP) Training workshop – Customize it
- We can adapt this NERC Critical Infrastructure Protection (CIP) Training workshop course to your group’s background and work requirements at little to no added cost.
- If you are familiar with some aspects of this NERC Critical Infrastructure Protection (CIP) Training workshop course, we can omit or shorten their discussion.
- We can adjust the emphasis placed on the various topics or build the NERC Critical Infrastructure Protection Training workshop around the mix of technologies of interest to you (including technologies other than those included in this outline).
- If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the NERC Critical Infrastructure Protection (CIP) Training workshop course in manner understandable to lay audiences.
NERC Critical Infrastructure Protection (CIP) Training workshop – Audience/Target Group
The target audience for this NERC CIP Training workshop course:
- Bulk Electrical System (BES) asset owners and operators
- Operations and support personnel
- Compliance managers, coordinators and analysts
- Professionals responsible for Critical Infrastructure Protection
- Anyone who wants to learn more about the NERC CIP standards
NERC Critical Infrastructure Protection (CIP) Training workshop – Objectives:
Upon completing this NERC CIP Training workshop course, learners will be able to meet these objectives:
- Thoroughly understand the purpose and specific requirements of current and upcoming NERC CIP standards
- Implement best practices for building an effective NERC CIP compliance program
- Evaluate the impact of emerging trends on BES Cyber Systems
- Describe identification and documentation requirements of the Critical Cyber Assets associated with the Critical Assets
- Describe roles and responsibilities for minimum security management controls to protect Critical Cyber Assets
- Discuss requirements for identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets
- Describe implementation of physical security programs for the protection of Critical Cyber Assets
- Define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets
- Ensure the identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
- Ensure that recovery plans are put in place for Critical Cyber Assets and that these plans with established business continuity and disaster recovery techniques and practices
NERC Critical Infrastructure Protection (CIP) Training workshop – Course Content
- Introduction to NERC, FERC and NERC CIP
- Short history of NERC CIP
- What does it mean to comply with NERC CIP?
- Audit considerations
- The NERC standards development process
- Interpretation questions
- How a NERC CIP program works
- Fines are going up!
- What are the currently-enforceable CIP standards? What is coming soon?
- CIP-002: Sets scope for NERC CIP
- CIP-003: Security awareness, security training, security policies and low impact requirements
- New version of CIP-003 coming 1/1/20, including electronic access control for low impact assets
- CIP-004: Personnel
- CIP-005: Firewalls, electronic security perimeters, interactive remote access
- CIP-006: Physical security of BES Cyber Systems
- CIP-007: Systems security management
- CIP-008: Incident response plans
- CIP-009: Backup and recovery plans
- CIP-010: Configuration management, security vulnerability assessments, laptops and USB sticks
- CIP-011: Information protection, device disposal or reuse
- CIP-012: Protection of communications between control centers (coming 2021 or 2022?)
- CIP-013: Supply chain security (in force 7/1/20)
- CIP-014: Physical protection of key substations
- Current standards drafting initiatives
- Incorporating virtualization into the existing standards
- BES Cyber System information in the cloud
- Version 2 of CIP-013
- The biggest issue in NERC CIP today: Why can’t we put BES Cyber Systems in the cloud?
- Not a very happy story at this point
- However, it will inevitably happen
- What’s the longer-term direction for NERC CIP?
- Risk-based standards
- “Real-time” standards development
- Will CIP be taken away from NERC and FERC?
NERC Critical Infrastructure Protection (CIP) Training Course wrap-up