NERC Critical Infrastructure Protection (CIP) Training Course with hands-on labs (Online, Onsite and Classroom Live)
The Critical Infrastructure Protection (CIP) set of standards was developed by the North American Electric Reliability Corporation (NERC) to ensure the protection of any assets used to operate North America’s Bulk Electric System (BES). Any entity that owns or operates any type of BES in the United States, Canada and Mexico must be compliant with NERC CIP requirements.
This NERC Critical Infrastructure Protection (CIP) Training workshop provides a thorough review and analysis of NERC CIP standards currently subject to enforcement, as well as the ones that are subject to the future enforcement. It discusses the history and background of NERC CIP, the process of development and implementation of new standards, the role of the Federal Energy Regulatory Commission (FERC) and Regional Entities, the reasons behind common compliance violations, and best practices for building an effective compliance program.
Duration: 5 days
- Five days of training with an expert instructor
- ENO Security-led walkthroughs and demonstrations
- 100% Satisfaction Guarantee
- We can adapt this NERC Critical Infrastructure Protection (CIP) Training course to your group’s background and work requirements at little to no added cost.
- If you are familiar with some aspects of this NERC Critical Infrastructure Protection (CIP) Training course, we can omit or shorten their discussion.
- We can adjust the emphasis placed on the various topics or build the NERC Critical Infrastructure Protection (CIP) Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
- If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the NERC Critical Infrastructure Protection Training course in manner understandable to lay audiences.
Audience / Target Group
The intended audience for our NERC Critical Infrastructure Protection Training program are:
- Bulk Electrical System (BES) asset owners and operators
- Operations and support personnel
- Compliance managers, coordinators and analysts
- Professionals responsible for Critical Infrastructure Protection
- Anyone who wants to learn more about the NERC CIP standards
NERC Critical Infrastructure Protection (CIP) Training - Objectives:
After attending this NERC Critical Infrastructure Protection Training Workshop, you will be able to:
- Thoroughly understand the purpose and specific requirements of current and upcoming NERC CIP standards
- Implement best practices for building an effective NERC CIP compliance program
- Evaluate the impact of emerging trends on BES Cyber Systems
NERC Critical Infrastructure Protection (CIP) Training - Course Content:
- Introduction to NERC, FERC and NERC CIP
- Short history of NERC CIP
- What does it mean to comply with NERC CIP?
- Audit considerations
- The NERC standards development process
- Interpretation questions
- How a NERC CIP program works
- Fines are going up!
- What are the currently-enforceable CIP standards? What is coming soon?
- CIP-002: Sets scope for NERC CIP
- CIP-003: Security awareness, security training, security policies and low impact requirements
- New version of CIP-003 coming 1/1/20, including electronic access control for low impact assets
- CIP-004: Personnel
- CIP-005: Firewalls, electronic security perimeters, interactive remote access
- CIP-006: Physical security of BES Cyber Systems
- CIP-007: Systems security management
- CIP-008: Incident response plans
- CIP-009: Backup and recovery plans
- CIP-010: Configuration management, security vulnerability assessments, laptops and USB sticks
- CIP-011: Information protection, device disposal or reuse
- CIP-012: Protection of communications between control centers (coming 2021 or 2022?)
- CIP-013: Supply chain security (in force 7/1/20)
- CIP-014: Physical protection of key substations
- Current standards drafting initiatives
- Incorporating virtualization into the existing standards
- BES Cyber System information in the cloud
- Version 2 of CIP-013
- The biggest issue in NERC CIP today: Why can’t we put BES Cyber Systems in the cloud?
- Not a very happy story at this point
- However, it will inevitably happen
What’s the longer-term direction for NERC CIP?
- Risk-based standards
- “Real-time” standards development
- Will CIP be taken away from NERC and FERC?
Whether you are looking for general information or have a specific question, we want to help!