Energy Automation Solutions (EAS)
 
  Energy Automation Solutions (EAS)
Smart Grid Solutions Services Training/Events News Literature PowerCentral Français

Advanced Metering Infrastructure

AMR/AMI

EH Power Supply and Repeater

Condition Based Maintenance

Capacitors

Power Breakers

Transformers

Data Access at the Enterprise

IED Manager Suite

Graphical User Interface

Energy Theft

Theft Detection

Feeder Outage Management

Smart Sensor
Self Healing Grid

Integration at the Substation

HMI

RTU

Data Concentrator
Substation Grade Computer
Protocols Converter

Peak Load Management

Demand Response

Distributed Generation

Relays & Controls

Protective Relays

Recloser Controls

Regulator Controls

Switch Controls

Underground Distribution Switchgear Controls

Security In Depth

Building a Secure Foundation for the Smart Grid
NERC CIP Compliance

At the Substation

At the Corporate Level

For Rotating Devices

System Modeling and Simulation

Power Engineering Solutions

Volt/VAR Management

Capacitor Bank Control

 

 

 Home > Products > NERC CIP Compliance

NERC CIP Compliance

Critical Infrastructure Protection (CIP)

The USA's Federal Energy Regulatory Commission (FERC) has chosen North American Electric Reliability Council (NERC) as the critical infrastructure protection coordinator for the electrical sector. NERC's CIP standards were adopted in 2006. These standards specify the minimum requirements to support the reliability of the electrical system. All organizations who are involved with the bulk electrical network in North America are subject to these standards.

NERC's implementation calendar plans for all organizations to be fully compliant and pass audits by 2010.

NERC CIP Compliance

A simple security server is not sufficient to become CIP-compliant. NERC CIP compliance deals with physical, electronic and personnel security, along with training and awareness programs.

NERC CIP standards ensure centralized access as well as information on field components, and the ability to provide access and security of these components. These standards also ensure the documenting and auditing of all critical infrastructure protection programs.

Electronic Security (CIP-002, 003, 005, 007, and 009)

Utilities that make up the bulk electric system must:

  • Keep an inventory of all electronics that either are part of the critical assets list or a necessary to the operation of critical assets
  • Protect access to these critical cyber-assets on a need to know basis
  • Create an electronic security perimeter that prevents unauthorized users from accessing any critical cyber-asset, whether they are outside or inside the corporate network
  • Ensure that all electronic cyber-assets are secure via user account management, equipment password management, and secure networking policies
  • Implement and test a critical cyber-asset recovery plan

Physical Security (CIP-006)

Utilities must ensure the physical security of all critical cyber-assets:

  • A physical security perimeter must be in place around all critical cyber-assets
  • All physical access points to critical cyber-assets must be identified and controlled
  • An access log must be maintained for all critical cyber-assets, via keycards, video or manual log

Personnel Security (CIP-004)

Each person who accesses critical cyber-assets, including the utility's personnel, contract workers and vendors, must be investigated to assess the risk that he or she poses to security.

Training and Awareness (CIP-004)

Everyone who has access to critical cyber-assets, including the utility's personnel, contract workers and vendors, must be trained regarding cyber-security.

Audits and Documentation (All CIP standards)

All CIP standards require mandatory documentation and review of all procedures and policies every year.

Recovery Plans (CIP-009)

NERC's CIP requires a mandatory recovery plan. A compliant recovery plan includes:

  • Backup strategies
  • Data restoration strategies
  • Spare parts and equipment

NERC, FERC, ERO: Where They Come Together

The North American Electric Reliability Council (NERC) was created in 1968 to ensure that North America's electrical network is secure, adequate, and reliable. Until 2005, NERC's standard were applied on a self-regulatory basis.

The Federal Energy Regulatory Commission (FERC) oversees the transmission of electricity, natural gas and oil in the USA.

With the Energy Policy Act of 2005 (EPAct), FERC and NERC came together. The EPAct made FERC in charge of the commerce of electricity, along with its reliability. Moreover, the EPAct created the Electric Reliability Organization (ERO), which covers North America and is under the power of FERC in the USA. The ERO's role is to ensure and enforce compliance with reliability and security standards of electric power networks.

FERC chose NERC as the ERO for the United States, which makes compliance to NERC's Critical Infrastructure Protection (CIP) standards mandatory.

NERC and FERC can now impose penalties on non-compliant utilities.

For More Information

For more information on how Cooper Power Systems' products line put you on the path to NERC CIP compliance, request our white paper.

Number Title Type
B1100-09004

 Providing Secure and Reliable Access to
Substation IEDs		 PDF

 

Associated Information with this Section

Cybectec SMP Gateway
Yukon IED Manager
R.E.I.D. Idea Relay
NERC CIP Compliance


References

www.nerc.com
www.ferc.gov


More information

Contacts

 

Cyber-Security
Building a Secure Foundation for the Smart Grid

 
  Trademarks | Questions? Comments. Click here
Copyright © 2000-2010 Cooper Industries, Inc. All rights reserved.