What You Need to Know About Understanding NERC Cyber Security Standards

NERC Cyber Security Standards are constantly changing. Numerous government and non-government entities are stakeholders in the approval, implementation and enforcement process. The NERC Cyber Security Standards refer specifically to a suite of NERC Critical Infrastructure Protection Standards (CIP) which include:

  • CIP-002-5

  • CIP-003-5

  • CIP-004-5

  • CIP-005-5

  • CIP-006-5

  • CIP-007-5

  • CIP-008-5

  • CIP-009-5

  • CIP 010-1

  • The new CIP-011-1

Updates to the CIP Versionsshutterstock_76418776

In 2013, the Federal Energy Regulatory Commission (FERC) issued a Notice of Proposed Rulemaking which approved NERC’s Critical Infrastructure Protection Reliability Standards Version 5. At the time, CIP Version 3 Reliability Standards were in effect. FERC ruling means entities would essentially skip from Version 3 to Version 5, negating the mandatory compliance and enforcement of version 4 standards.

While CIP Version 5 will not become effective until after July 15, 2015, it is critical that entities begin moving towards compliance now.  Version 5 contains significant enhancements and changes from Version 3. In this transition period, entities should  begin the process to understand the updates and to implement the requirements.

New Cyber Security Standard: CIP-011-1

NERC CIP Version 5 contains across the board updates to the existing Version 3 standards. The most significant change in CIP Version 5 is increased and specific cyber security requirements, that were previously just recommendations versus mandatory standards. NERC CIP Version 5 mandates both encryption of data and public key infrastructure, as a tool for user authentication. These NERC cyber security standards are critical to help protect the reliability of the bulk power grid.

NERC CIP Version 5 also contains a  brand new standard, “Cyber Security—Information Protection”  or NERC CIP 011. This standard focuses solely on preventing unauthorized access to bulk energy entities cyber systems that could lead to instability in the the bulk energy grid.

The standard is applicable to just about everyone in the bulk power business:  

  • Balancing authorities

  • Distribution entities

  • Generator operators

  • Generator owners

  • Interchange coordinators/authorities

  • Reliability coordinators

  • Transmission operators

  • Transmission owners

Up to the Minute Compliance

NERC CIP standards demand up to the minute compliance to ensure the reliability and security of the North American grid. While the standards change—one thing does not: your entity is responsible for remaining compliant in order to protect the reliability of the power grid. Compliance can be a difficult enterprise without the proper tools. Portal Compliance from Versify Solutions offers a software solution for bulk power entities. Portal Compliance is preloaded with the latest NERC CIP standards and provides automated and manual data collection tools. For more information, contact us.