NERC CIP-003-9: What Now? Response Requirements
NERC CIP-003-9 is a set of cybersecurity requirements designed to protect the critical cyber assets of power generation facilities. Compliance with these NERC CIP cybersecurity standards is essential for ensuring the security and reliability of the North American power grid.
By April 1, 2026, all Responsible Entities must be compliant with the new NERC CIP-003-9 standard. This change involves a more proactive cybersecurity approach in compliance with the new section 6, as outlined in "Project 2020-03 Supply Chain Low Impact Revisions".
This 3-part webinar series is tailored for those with intermediate knowledge about NERC CIP, breaking down the changes and their impact in the field.
In Part 3, the conclusion of our webinar series, our panelists will talk about the purpose of NERC CIP-003-9, Section 6, how to manage the information derived from implementation or preparation for the requirement, the triggering of other actionable processes from derived data and the key elements for evidence of compliance.
What We Cover
The underlying purpose of NERC-CIP-003-9, Section 6:
What you should do with the information derived from the implementation or preparation for the new requirement
Additional reporting requirements that should be considered
Information that needs to be included in the evidence of compliance
Keon McEwen, SOC Director - Industrial Cybersecurity, ABS Group
With over seven years of experience in OT technologies, Keon McEwen's expertise includes cybersecurity, control systems, automation and data. Keon has a strong knowledge in OT/ICS systems and related compliance requirements including NIST, IMO, ISO and NERC CIP. As the ISOC Global Lead, Keon collaborates with clients and team leaders to manage threat alerts throughout the ISOC client's environments. Previously, he oversaw government cybersecurity projects and managed the ABS Group cyber lab where he introduced simulation and virtual capabilities from conception. He holds a bachelor’s degree in Electrical Engineering with a specialization in computers and embedded systems and has a security+ certification.
Ben Stirling, Director - Industrial Cybersecurity, ABS Group
Ben Stirling has over 15 years of experience working in the power, industrial and oil and gas industries. He works closely with global leaders, OEMs and technology providers, among others, to develop integrated technology solutions and secure architectures. Ben's expertise in control systems, passion for protecting the world's infrastructure and deep knowledge of NERC CIP, NIST, ITIL, ISA 99/IEC 62443 and MITRE ATT&CK for ICS has positioned him as a thought leader in securing industrial environments. Ben has a proven track record of working with industry clients to recognize and mitigate cybersecurity risks to infrastructure, process and human safety.
Sean Thompson, NERC Services Supervisor, NAES Corporation
Sean Thompson has 23 years of diverse technical engineering experience ranging from operation of a nuclear propulsion plant to ensuring compliance with federal power generation regulatory requirements, with strong experience maintaining and establishing NERC Reliability Compliance Programs. He currently manages a team of NERC and FERC regulatory professionals that support for both NERC and Regional Reliability Standards and Gap analysis of pre-existing compliance programs to ensure compliance with NERC and Regional Reliability Standards.
Joe Baxter, Director - Solutions Engineering, Network Perception
With more than 20 years of experience, Joe Baxter is an expert in regulatory compliance and IT and OT systems, with deep expertise in infrastructure and total conversions. He specializes in the design of compliance systems, efficient networks, network security and databases, with a particular interest in the creation of cybersecurity policies, procedures and audit responses in the electrical and financial sectors. In the past, Joe has worked at NERC, SERC, Jack Henry, AECI, Burns & McDonnell and ABB, among other organizations.
About NAES Corporation
NAES Corporation (www.naes.com) is an independent services company dedicated to optimizing the performance of energy facilities across the power generation, oil & gas and petrochemical industries. NAES applies its deep experience in operations, maintenance, construction, engineering and technical support to build, operate and maintain plants that run safely, reliably and cost-effectively. NAES is a wholly owned subsidiary of ITOCHU Corporation. With operations in over 80 countries covering a broad range of industries, ITOCHU ranks among the world’s largest corporations.
About Network Perception
Network Perception proactively protects industrial control systems by ensuring network access security as the first line of perimeter defense. Our monitoring software provides complete network transparency and continuous mapping to better support cybersecurity compliance and enable greater cyber resiliency. For more information, visit www.network-perception.com.
About ABS Group
ABS Group of Companies, Inc. (www.abs-group.com), through its operating subsidiaries, provides technical advisory and certification services to support the safety and reliability of high-performance assets and operations in the oil, gas and chemical, power generation, marine, offshore and government sectors, among others. Headquartered in Houston, Texas, ABS Group operates with more than 1,000 professionals globally. ABS Group is a subsidiary of ABS (www.eagle.org), a leading marine and offshore classification society.