NERC Compliance Management: Protecting Critical Cyber Assets
ABS Group Safety, Risk and Compliance Services
The North American Electric Reliability Corporation (NERC) Cybersecurity Standards are known as Critical Infrastructure Protection (CIP) Standards 002 through 014. The CIP standards are mandatory for certain entities and require the protection of all critical cyber assets that could impact bulk electric system reliability.
These standards are intended to protect against losing control of the bulk electric system through improper cyber and/or physical access to control equipment (i.e. a cyber-attack). This loss of control could result in equipment damage and blackouts, compromising not only commercial interests but the public sector as well.
NERC CIP 014-2: Third Party Reviews
In April 2013, an attack on a California substation by unknown individuals highlighted the need for increased attention to Physical Security practices. On May 13, 2014, NERC approved the NERC CIP 014-1 standard to specifically address substation physical security. NERC subsequently amended its CIP 014-1 standard and issued NERC CIP 014-2, which became effective on October 2, 2015. The NERC CIP 014-2 standard consists of six major requirements and 18 sub-requirements for compliance.
A brief explanation of the requirements are as follows:
|Requirement 1:||Outlines elements of a risk assessment, which must be completed at least once every 30 months|
|Requirement 3:||Pertains to control centers that control the critical substations|
|Requirement 4:||Defines the elements for conducting a required threat analysis|
|Requirement 5:||Describes the fundamentals of a physical security plan|
|Requirement 6:||Specifies a
Our Approach: Industrial Security Solutions
ABS Group has the safety, risk and cybersecurity asset management expertise to conduct independent