The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) compliance program has been in place for many years. Most North American power utilities already have some level of adherence. However, as technology and cybersecurity concerns advance, the requirements are frequently updated and are becoming more prescriptive.
With the recent updates and mandates for NERC CIP 13 (related to supply chain management) and increased interest in NERC CIP 7 (related to systems security management), we have seen a significant uptake in questions from customers and requests for assistance with audits and responses. To make things easier on everyone, we recently published a white paper explaining NERC CIP requirements and mapping grid security solutions, techniques, and services to the requirements.
On June 2nd, I’ll be presenting on the key elements of this white paper in a live webcast. Together with Sunil Maryala, we’ll demonstrate solutions that can help achieve compliance. Don’t miss the event. Register now!
The prospect of a NERC CIP audit can be intimidating, time consuming, and costly. The burden grows exponentially when grid operators manage heterogeneous environments consisting of point solutions and proprietary systems that aren’t integrated. In addition to standard reports, auditors often request additional proof of compliance while on site. The idea behind these last minute or ad-hoc requests is to see the processes and practices in action and to confirm that the organization’s plan and documentation are in fact comprehensive and aligned.
A holistic security architecture with proven integration reduces the cost and operational overhead associated with achieving and demonstrating compliance. Ideally, IT and operational technology (OT) are aligned around security, with IT correctly adapted for the operational network. This allows operators to leverage the experience and systems within IT. A well thought-out, implemented, and operationally-effective security posture requires a partnership between IT and OT, and starts at the foundation — the network.
Along with our NERC CIP white paper, Cisco solutions engineers have designed a comprehensive architecture for grid security and NERC CIP compliance with systems that are proven to work together. The Grid Security Cisco Validated Design (CVD) is regularly updated to include new compliance requirements, technologies and best practices. It provides a validated blueprint for our utility customers to build secure networks while addressing their compliance concerns by aligning to NERC CIP mandates.
With this white paper and CVD, our goal is to assist and support utility organizations with a comprehensive and validated network architecture that addresses cybersecurity at the core of the solution. Additionally, the solution compliance requirements are layered with reliability improvements for the grid. The solution is cost effective and sensitive to both Capital Expenditure (CapEx) and Operational Expenditure (OpEx) concerns of a utility operator.
To receive monthly updates on cybersecurity, subscribe to the Cisco IoT Security Newsletter.