The North American Electric Reliability Corporation (NERC) is the international regulatory authority whose mission is to assure the reliability and security of the bulk power system in North America. NERC develops and enforces reliability standards for the supply of power in the United States and Canada, as well as northern Baja California, Mexico.
Regarding cybersecurity, the NERC created the Critical Infrastructure Protection (CIP) standards, which identifies a set of cyber controls and protections that power suppliers and generators must address. To be NERC CIP compliant, power supply owners and operators must ensure implementation of security requirements documented in the CIP standards. Under the NERC CIP, you are required to identify critical assets and regularly perform a risk analysis. Failure to fully comply can result in significant fines and penalties.
DirectDefense services can fully support your security program in becoming NERC CIP compliant. Our consultants can assist with the implementation of NERC CIP standards or perform a third-party audit in the following enforceable areas of the CIP standards:
Critical Asset Identification
- Cyber System Categorization
- Personnel & Training
- Electronic Security Perimeter(s)
- Physical Security
- System Security Management
- Incident Reporting and Response Planning
- Disaster Recovery
- Change Management
- Vulnerability Assessment