NERC Critical Infrastructure Protection (CIP) Training

NERC Critical Infrastructure Protection (CIP) Training: The NERC Critical Infrastructure Protection (CIP) set of standards was developed by the North American Electric Reliability Corporation (NERC) to ensure the protection of any assets used to operate North America’s Bulk Electric System (BES). Any entity that owns or operates any type of BES in the United States, Canada and Mexico must be compliant with NERC CIP requirements.

This NERC Critical Infrastructure Protection (CIP) workshop provides a thorough review and analysis of NERC CIP standards currently subject to enforcement, as well as the ones that are subject to the future enforcement. It discusses the history and background of NERC CIP, the process of development and implementation of new standards, the role of the Federal Energy Regulatory Commission (FERC) and Regional Entities, the reasons behind common compliance violations, and best practices for building an effective compliance program.

What’s Included:

  • Five days of training with an expert instructor
  • Walkthroughs and demonstrations
  • NERC CIP Training Guide
  • 100% Satisfaction Guarantee

NERC Critical Infrastructure Protection (CIP) TrainingDuration: 5 days

  • We can adapt this NERC Critical Infrastructure Protection (CIP) course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this NERC Critical Infrastructure Protection (CIP) course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the NERC Critical Infrastructure Protection (CIP) Course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the NERC Critical Infrastructure Protection (CIP) course in manner understandable to lay audiences.

The target audience for this NERC Critical Infrastructure Protection (CIP) course:

  • Bulk Electrical System (BES) asset owners and operators
  • Operations and support personnel
  • Compliance managers, coordinators and analysts
  • Professionals responsible for Critical Infrastructure Protection
  • Anyone who wants to learn more about the NERC CIP standards

The knowledge and skills that a learner must have before attending this NERC Critical Infrastructure Protection (CIP) course are:

  • N/A
NERC Critical Infrastructure Protection (CIP) Training - OBJECTIVES

Upon completing this NERC Critical Infrastructure Protection (CIP) course, learners will be able to meet these objectives:

  • Review the background for the NERC Critical Infrastructure Standards and discuss major recent revisions
  • Review the scope and purpose of the NERC Critical Infrastructure Protection (CIP) standards
  • Examine the NERC CIP requirements: Current version and upcoming revisions
  • Assess the confidentiality provisions of the CIP standards
  • Explain how violations are determined and identify which CIP standards are the most violated and why
  • Discuss the challenges faced by utilities in defining a compliance program across the corporate functions necessary for CIP compliance (operations, information technology, corporate security, human resources, etc.)
  • Define a culture of compliance and its importance in the compliance monitoring and enforcement process
  • Examine strategies to build an internal CIP compliance program in such a diverse environment
  • Analyze the audit process for CIP standards and demonstrate strategies for success before, during, and after an audit
NERC Critical Infrastructure Protection (CIP) Training - COURSE SYLLABUS
  • Introduction to NERC, FERC and NERC CIP
  • Short history of NERC CIP
  • What does it mean to comply with NERC CIP?
    • Audit considerations
    • The NERC standards development process
    • Interpretation questions
    • How a NERC CIP program works
    • Fines are going up!
  • What are the currently-enforceable CIP standards? What is coming soon?
  • CIP-002: Sets scope for NERC CIP
  • CIP-003: Security awareness, security training, security policies and low impact requirements
    • New version of CIP-003 coming 1/1/20, including electronic access control for low impact assets
  • CIP-004: Personnel
  • CIP-005: Firewalls, electronic security perimeters, interactive remote access
  • CIP-006: Physical security of BES Cyber Systems
  • CIP-007: Systems security management
  • CIP-008: Incident response plans
  • CIP-009: Backup and recovery plans
  • CIP-010: Configuration management, security vulnerability assessments, laptops and USB sticks
  • CIP-011: Information protection, device disposal or reuse
  • CIP-012: Protection of communications between control centers (coming 2021 or 2022?)
  • CIP-013: Supply chain security (in force 7/1/20)
  • CIP-014: Physical protection of key substations
    • Current standards drafting initiatives
    • Incorporating virtualization into the existing standards
    • BES Cyber System information in the cloud
    • Version 2 of CIP-013
  • The biggest issue in NERC CIP today: Why can’t we put BES Cyber Systems in the cloud?
    • Not a very happy story at this point
    • However, it will inevitably happen
  • What’s the longer-term direction for NERC CIP?
    • Risk-based standards
    • “Real-time” standards development
    • Will CIP be taken away from NERC and FERC?

NERC Critical Infrastructure Protection (CIP) Training Course wrap-up

NERC Critical Infrastructure Protection (CIP) Training Course Wrap-Up

Whether you are looking for general information or have a specific question, we want to help.
Request More Information

    Time frame: