NERC CIP Standards Background and Basics

The North American Electic Reliability Corporation (NERC) is an international regulatory organization that works to reduce risks to power grid infrastructure. They do this through the continual development of a set of regulatory standards in addition to education, training, and certifications for industry personnel.

NERC Subcommittees

NERC manages several subcommittees in order to cover the breadth of their efforts to keep the energy grid safe from cyberattack:

  • Compliance and certification committee
  • Critical infrastructure protection committee
  • Operating committee
  • Personnel certification governance committee
  • Planning committee
  • Reliability issues steering committee
  • Standards committee

Who Uses NERC Reliability Standards

Cybersecurity professionals who work within the electrical grid and other critical infrastructure supply industries are mandated to comply with NERC CIP (CIP meaning critical infrastructure protection). NERC CIP standards are enforced by audit, so energy organizations are required to spend substantial time, resources and budget making sure that their systems stay in compliance with the standard.

This can prove difficult, as the CIP standards require they implement a complex set of cybersecurity controls around their physical and cyber assets and maintain ongoing proof of NERC compliance for auditors. Organizations often implement cybersecurity software and hardware solutions to automate NERC CIP compliance within their systems.

The vision for the Electric Reliability Organization Enterprise, which is comprised of NERC and the six Regional Entities, is a highly reliable and secure North American bulk power system. Our mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid.​

— NERC

The Importance of Physical Security for Critical Assets

Critical assets are those that sustain the delivery of your product—be it the treatment of water and wastewater or the power supply for your local grid. A critical asset-based approach puts the safety, reliability (Read more...)