NERC is a regulatory body that regulates the security of various power system generation entities in the United States. Every bulk power delivery system is required to fulfill multiple standards set by the NERC.
We talk about important NERC compliance standards that the bulk power system generation entities must follow and their importance in this article.
The CIP-002-5.1a NERC CIP Standard
The CIP-002-5.1a NERC CIP Standard is a collection of policies and procedures that focuses on protecting bulk-power systems, which are used to transmit electric power from power generating stations to substations that deliver electricity to homes and businesses. The CIP-002-5.1a NERC CIP Standard is used to ensure that equipment is selected and maintained based on its importance to the bulk-power system.
CIP-003-6 NERC CIP Standard
The CIP-003-6 NERC CIP Standard is designed to ensure that Bulk-Electrical Systems (BES) do not suffer disruptive cyber-security breaches. The purpose of the CIP-003-6 NERC CIP Standard is to protect bulk-electrical systems used in the generation, transmission, and distribution of electrical energy. This protocol is intended to work in conjunction with the CIP-004-6 NERC CIP Standards and used by all owners and operators of bulk-electrical systems.
CIP-004-6 NERC CIP Standard
The CIP-004-6 NERC Standard outlines training and education requirements for personnel to ensure that cyber systems within the bulk-power system are adequately protected.
This guideline is mandatory to be followed by all Critical Infrastructure Operators, Critical Cyber Assets Operators, and Digital Assets Operators.
CIP-005-5 NERC CIP Standard
The CIP-005-5 standard aims to strengthen the cybersecurity perimeters of the electronic networks and communications systems in the electric utility sector.
This guideline is also meant to help organizations identify and allocate all of their electronic equipment. This is needed for all the tasks which are related to the transmission and distribution of electricity.
It also ensures that the Electronic Security Perimeters are all in place so that there is no interference in the transmission and distribution of electricity.
CIP-007-6 NERC CIP Standard
CIP-007-6 for System Security Management is a set of guidelines that focuses on planning and efficiently executing system security management. It guides protecting the control system from cyber attacks and other forms of unauthorized access and tampering.
For example, the document states that an organization should have a patch management system that can scan all systems for vulnerabilities and update software as necessary. The document also details password requirements for users and administrators and how they should be implemented to minimize hackers’ risk of gaining access to systems.
This document also includes various things like:
- Implementation of malicious code detection software
- Configuration and accessibility of input and output ports
- Various Password protocols
The CIP-007-6 replaces the previous CIP-007-3 and is more complex and detailed.
CIP-008-5 NERC CIP Standard
The CIP-008-5 in Incident Reporting and Response Planning document mandates that every organization within the US energy infrastructure (grid, power, and gas) must adhere to stringent cybersecurity standards. CIP-008-5 many five objectives, including an essential requirement to implement a multi-tier cybersecurity incident response plan (CIRP).
The CIRP needs to be supported by an incident reporting process that needs to be reviewed and updated at least once every year.
CIP-011-2 NERC CIP Standard
The CIP-011-2 guideline is intended to help protect what it terms ‘BES Cyber System Information.’ This information can be considered a valuable asset to organizations, one that must be protected from unauthorized disclosure.
The CIP-011-2 guideline also requires organizations to protect and store the BES Cyber System Information adequately.
The various NERC CIP standards discussed in this article imply that bulk-power system entities must comply with these standards. NERC compliance is required by the law. Any bulk-power system entity failing to comply with these standards becomes liable for legal action.