NERC CIP-003-9 - What You Need to Know About the New Requirements and How to Comply (Part 1)
NERC CIP-003-9 is a set of cybersecurity standards designed to protect the critical cyber assets of power generation facilities. Compliance with these standards is essential for ensuring the security and reliability of the North American power grid.
By 2026 all power generation facilities must meet (at the very least) the medium impact standards to comply with the new NERC CIP-003-9. The changes included in "Project 2020-03 Supply Chain Low Impact Revisions" require a more proactive cybersecurity approach, following the new section 6.
In this 2-part webinar series, we will break down these changes and what they mean to people in the field. Catered to those with intermediate knowledge of NERC CIP, Part 1 will focus on the new Section 6 "Vendor Electronic Remote Access Security Controls."
What We Cover
The new Section 6 "Vendor Electronic Remote Access Security Controls" and the process that requires implementation:
6.1 – Method(s) for determining vendor electronic remote access
6.2 – Method(s) for disabling vendor electronic remote access
6.3 – Method(s) for detecting known or suspected inbound and outbound malicious communications for vendor electronic remote access
Keon McEwen, SOC Director - Industrial Cybersecurity, ABS Group
With over seven years of experience in OT technologies, Keon McEwen's expertise includes cybersecurity, control systems, automation and data. Keon has a strong knowledge in OT/ICS systems and related compliance requirements including NIST, IMO, ISO and NERC CIP. As the ISOC Global Lead, Keon collaborates with clients and team leaders to manage threat alerts throughout the ISOC client's environments. Previously, he oversaw government cybersecurity projects and managed the ABS Group cyber lab where he introduced simulation and virtual capabilities from conception. He holds a bachelor’s degree in Electrical Engineering with a specialization in computers and embedded systems and has a security+ certification.
Ben Stirling, Director - Industrial Cybersecurity, ABS Group
Ben Stirling has over 15 years of experience working in the power, industrial and oil and gas industries. He works closely with global leaders, OEMs and technology providers, among others, to develop integrated technology solutions and secure architectures. Ben's expertise in control systems, passion for protecting the world's infrastructure and deep knowledge of NERC CIP, NIST, ITIL, ISA 99/IEC 62443 and MITRE ATT&CK for ICS has positioned him as a thought leader in securing industrial environments. Ben has a proven track record of working with industry clients to recognize and mitigate cybersecurity risks to infrastructure, process and human safety.
Michiko Sell, NERC CIP Services Supervisor, NAES Corporation
Michiko is a highly accomplished NERC professional in the power industry. Her diverse work experience includes NERC/WECC standards compliance management, auditing, accounting, financial analysis, budget and financial forecasting, strategic planning, power marketing, new power resource analysis, contract management and negotiations. Ms. Sell led the CIPv5 transition effort for her prior employer and her experience traverses both the Cyber Security and Operations and Planning Standards. Her hands-on experience includes Reliability Policy and Compliance Management, Reliability Compliance Auditing, Program/Procedure Writing, Compliance GAP Analysis and Compliance Risk Assessments.
Joe Baxter, Director - Solutions Engineering, Network Perception
With more than 20 years of experience, Joe Baxter is an expert in regulatory compliance and IT and OT systems, with deep expertise in infrastructure and total conversions. He specializes in the design of compliance systems, efficient networks, network security and databases, with a particular interest in the creation of cybersecurity policies, procedures and audit responses in the electrical and financial sectors. In the past, Joe has worked at NERC, SERC, Jack Henry, AECI, Burns & McDonnell and ABB, among other organizations.
About NAES Corporation
NAES Corporation (www.naes.com) is an independent services company dedicated to optimizing the performance of energy facilities across the power generation, oil & gas and petrochemical industries. NAES applies its deep experience in operations, maintenance, construction, engineering and technical support to build, operate and maintain plants that run safely, reliably and cost-effectively. NAES is a wholly owned subsidiary of ITOCHU Corporation. With operations in over 80 countries covering a broad range of industries, ITOCHU ranks among the world’s largest corporations.
About Network Perception
Network Perception proactively protects industrial control systems by ensuring network access security as the first line of perimeter defense. Our monitoring software provides complete network transparency and continuous mapping to better support cybersecurity compliance and enable greater cyber resiliency. For more information, visit www.network-perception.com.
About ABS Group
ABS Group of Companies, Inc. (www.abs-group.com), through its operating subsidiaries, provides technical advisory and certification services to support the safety and reliability of high-performance assets and operations in the oil, gas and chemical, power generation, marine, offshore and government sectors, among others. Headquartered in Houston, Texas, ABS Group operates with more than 1,000 professionals globally. ABS Group is a subsidiary of ABS (www.eagle.org), a leading marine and offshore classification society.