NERC Critical Infrastructure Protection (CIP)
June 6-7, 2019 | Denver, CO
If this event is of interest you may also be interested in this related event
NERC Fundamentals and Compliance, June 5-6, 2019 in Denver, CO
This session will provide an overview of the NERC CIP Reliability Standards. The electric grid in North America is at the top of the list of critical infrastructures maintained by Presidential Directive by the Department of Homeland Security and it is recognized that the remaining critical infrastructures will not function without a reliable supply of electricity. As a result, cyber and physical security for electric utilities is at the forefront of the legislators and regulators agenda following recent cyber and physical attacks in the US and elsewhere in the world.
To address these risks, the North American Electric Reliability Corporation (NERC) has developed and maintained a set of Critical Infrastructure Protection (CIP) standards that are mandatory and enforceable. These standards have undergone significant change since they were first adopted in FERC Order 706. These standards have been extended to include all Bulk Electric System Assets and their related Cyber Assets each categorized as High, Medium, and Lower Risk assets thereby extending the program to all registered entities and all bulk electric system assets at some level.
This course will provide a deep fundamental understanding of the NERC CIP standards including a history of their development, an understanding of the present standards, and a view of what is coming in future standard development. The course will also provide a detailed overview of each standard, its fundamental purpose, and the intent of each requirement.
Developing programs to meet the intent of the standard is challenging since compliance with the standards requires disciplines from several key corporate functions including electric system operations, information technology, corporate security, and human resources at a minimum. This course will also review organizational structures for successful implementation and their experiences. This course will also provide an overview of compliance and monitoring efforts that NERC will conduct for the CIP standards and is designed to give the necessary background for all staff to understand the concepts and complexities of NERC compliance in order to communicate and build a culture of compliance and reliability and prepare for upcoming CIP audits
- Review the background for the NERC Critical Infrastructure Standards and discuss major recent revisions
- Review the scope and purpose of the NERC Critical Infrastructure Protection (CIP) standards
- Examine the NERC CIP requirements: Current version and upcoming revisions
- Assess the confidentiality provisions of the CIP standards
- Explain how violations are determined and identify which CIP standards are the most violated and why
- Discuss the challenges faced by utilities in defining a compliance program across the corporate functions necessary for CIP compliance (operations, information technology, corporate security, human resources, etc.)
- Define a culture of compliance and its importance in the compliance monitoring and enforcement process
- Examine strategies to build an internal CIP compliance program in such a diverse environment
- Analyze the audit process for CIP standards and demonstrate strategies for success before, during, and after an audit
EUCI has been accredited as an Authorized Provider by the International Association for Continuing Education and Training (IACET). In obtaining this accreditation, EUCI has demonstrated that it complies with the ANSI/IACET Standard which is recognized internationally as a standard of good practice. As a result of their Authorized Provider status, EUCI is authorized to offer IACET CEUs for its programs that qualify under the ANSI/IACET Standard.
EUCI is authorized by IACET to offer 1.2 CEUs for this event.
Requirements for Successful Completion of Program
Participants must sign in/out each day and be in attendance for the entirety of the course to be eligible for continuing education credit.
This course will use PowerPoint presentations and group discussions.
Thursday, June 6, 2019
12:30 – 1:00 p.m. :: Registration
1:00 – 5:00 p.m. :: Course Timing
- History and background of NERC CIP
- Reliability standards
- CIP Version 5 – New definitions
- Review of the intent and purpose of each standard
- Understanding each of the requirements
- Departments involved in meeting the intent
- Bulk electric system (BES) cyber system categorization
- Security management controls
- Personnel & training
- Electronic security perimeters
Friday, June 7, 2019
8:00 – 8:30 a.m. :: Continental Breakfast
8:30 a.m. – 5:00 p.m. :: Course Timing
12:00 – 1:00 p.m. :: Group Luncheon
- Physical security plan
- Audit process and preparation
- System security management
- Incident reporting/response planning
- Recovery plans for BES cyber systems
- Organizing for compliance
- Configuration change management and vulnerability assessments
- Information protection
- Managing documentation and evidence
- Tools and resources
- “Tools” and NERC CIP compliance
- Active vulnerability assessment tools
- Danger: Active scanning of ICS environments is risky business!
- Emerging issues and new standards
Andrew Gallo, Director of Corporate Compliance Programs, Austin Energy
Andrew Gallo is the Director of Corporate Compliance Programs for Austin Energy in Austin, Texas. He is also the current Chairman of the NERC Standards Committee and has served on the Standards Committee for many years. He previously served as Chair of the Texas Reliability Entity’s Regional Standards Committee.
He served as the Chief Compliance Officer for Seattle City Light (SCL) from 2008 to 2010 and led SCL through its first on-site NERC Reliability Standards audit and Austin Energy through six Regional Entity (Texas RE) audits covering all of its registered functions (including CIP). Before Seattle, he was Assistant General Counsel for Electric Reliability Council of Texas, Inc. (ERCOT), where he worked on protocols compliance and other matters. Before becoming part of the electric industry, he worked in the oil and gas industry for approximately 17 years. He received a Juris Doctor degree from the College of William and Mary in Virginia in 1985 and a Bachelor of Arts degree from Hofstra University in New York in 1982.
EUCI Office Building Conference Center
4601 DTC Blvd, B-100
Denver CO, 80237
Hyatt Place Denver Tech Center
8300 E. Crescent Parkway
Greenwood Village, CO 80111
0.9 miles away
Call Central Reservations at 1-888-492-8847 and ask for the corporate rate under the Group Code: EUCI or visit https://denvertechcenter.place.hyatt.com/en/hotel/home.html?corp_id=102338 for the current EUCI rate.
(Hot Breakfast included and Free Shuttle to and from EUCI)
Other Nearby Hotels
Hyatt Regency Denver Tech Center
7800 E Tufts Ave
Denver, CO 80237
0.3 miles away
Hilton Garden Inn Denver Tech Center
7675 E Union Ave
Denver, CO 80237
0.6 miles away
Denver Marriott Tech Center
4900 S Syracuse St
Denver, CO 80237
0.7 miles away
Please Note: Confirmed speakers do not need to register and are encouraged to participate in all sessions of the event. If you are a speaker and have any questions please contact our offices at 1.303.770.8800
|Event||Early Bird Before |
Friday, May 17, 2019
|NERC Critical Infrastructure Protection (CIP)||US $ 1195.00||US $ 1395.00|
This event has the following related events:
|NERC Fundamentals and Compliance||US $ 1195.00||US $ 1395.00|
Take advantage of these discounts!
- Attend the Course and NERC Fundamentals and Compliance and pay US $ 1,995.00 per attendee (save US $ 395.00 each)
Register 3 Send 4th Free!
Any organization wishing to send multiple attendees to these conferences may send 1 FREE for every 3 delegates registered. Please note that all registrations must be made at the same time to qualify.
Your registration may be transferred to a member of your organization up to 24 hours in advance of the event. Cancellations must be received on or before January 01, 1970 in order to be refunded and will be subject to a US $195.00 processing fee per registrant. No refunds will be made after this date. Cancellations received after this date will create a credit of the tuition (less processing fee) good toward any other EUCI event. This credit will be good for six months from the cancellation date. In the event of non-attendance, all registration fees will be forfeited. In case of conference cancellation, EUCIs liability is limited to refund of the event registration fee only. For more information regarding administrative policies, such as complaints and refunds, please contact our offices at 303-770-8800