NERC Critical Infrastructure Protection (CIP)

September 27-28, 2023 | Online :: Central Time

0923-nerc-cip

“This is a great course to attend to gather a better understanding and a deeper knowledge of the NERC CIP standard. I gained exceptional knowledge and example from this course that is extremely helpful to implementing the standards and to make sure we have the current standards understood correctly and implemented correctly. The course provided great examples an inside view of what the industry is expected to do and what the auditors expect.” Corporate Cyber Security Operations Tech Analyst, NPPD

“This class is a must-do for anyone involved in CIP Physical/Cyber Security. Very glad I came.” Compliance Superintendent, Alameda Municipal Power

NERC has developed a set of mandatory and enforceable Critical Infrastructure Protection (CIP) standards to address these risks. These standards have evolved since their initial adoption and now cover all Bulk Electric System Assets and their related Cyber Assets, categorized by risk levels. This means that all registered entities and their assets are included in the program. 

In this course, you’ll gain a deep understanding of the NERC CIP standards, including their history, current state, and future developments. Each standard will be thoroughly explored, highlighting its purpose and requirements. 

Additionally, you’ll learn about NERC’s compliance and monitoring efforts for the CIP standards. This course aims to equip all staff members with the necessary knowledge to understand the complexities of NERC compliance, foster a culture of compliance and reliability, and prepare for upcoming CIP audits. Don’t miss this opportunity to enhance your understanding of NERC CIP and strengthen your organization’s security and compliance measures. 

Special discounted rates available for groups of five or more so register your whole team today! 

Learning Outcomes

• Review the background for the NERC Critical Infrastructure Standards and discuss major recent revisions
• Review the scope and purpose of the NERC Critical Infrastructure Protection (CIP) standards
• Examine the NERC CIP requirements: Current version and upcoming revisions
• Assess the confidentiality provisions of the CIP standards
• Explain how violations are determined and identify which CIP standards are the most violated and why
• Discuss the challenges faced by utilities in defining a compliance program across the corporate functions necessary for CIP compliance (operations, information technology, corporate security, human resources, etc.)
• Define a culture of compliance and its importance in the compliance monitoring and enforcement process
• Examine strategies to build an internal CIP compliance program in such a diverse environment
• Analyze the audit process for CIP standards and demonstrate strategies for success before, during, and after an audit

Wednesday, September 27, 2023 : Central Time

 

Short breaks will be taken throughout the sessions (15 minutes total)

History and Background of NERC CIP

• Reliability standards

NERC CIP Version 5/7 – New Definitions

• Review of the intent and purpose of each standard
• Understanding each of the requirements
• Departments involved in meeting the intent

NERC CIP Physical and Cyber Security – Part 1

• Bulk electric system (BES) cyber system categorization
• Security management controls
• Personnel & training
• Electronic security perimeters
• How to build, communicate and demonstrate a “culture of compliance.”  
  • Culture of compliance in mitigation 

Thursday, September 28, 2023 : Central Time

 

Short breaks will be taken throughout the sessions (30 minutes total throughout the day) 

NERC CIP Physical and Cyber Security – Part 2

• Audit process and preparation 
  • Preparing for an audit: what to do before, during, and after an on-site compliance audit: successful strategies and avoiding common pitfalls 
  • Discuss the settlement process after a violation has been found 
  • Recognize how NERC compliance fits with other enterprise compliance needs and risk management 
  • Managing documentation and evidence 
  • Demonstrating a culture of compliance with auditors 

• System security management 
• Physical security plan 
• Incident reporting and response planning 
• Recovery plans for BES cyber systems 
• Organizing for compliance  
• Configuration change management and vulnerability assessments 
• Information Protection 
• Managing documentation and evidence 

NERC CIP Tools and Resources

• “Tools” and NERC CIP compliance
• Active vulnerability assessment tools
• Danger: Active scanning of ICS environments is risky business!
• Emerging issues and new standards

Eric Smith, Senior NERC CIP Compliance Consultant, Burns & McDonnell

Mr. Smith is an analytical and results-driven NERC CIP specialist bringing along 20+ years of experience with expert understanding of NERC CIP reliability standards, specifically cyber security and network architecture standards. Skillful in developing and implementing successful internal compliance programs that have been tested through numerous audits and certifications in the WECC region as well as RF and NPCC. Proficient in developing CIP programs for Medium and Low impact BES cyber systems, focused on GO/GOP, TO/TOP, and BA entities in the hydro, storage and renewable energy arenas. Mr. Smith is a creative and innovative solution leader developing results based in the NERC CIP, NIST 800, ISO 27000, and corporate business standards. Mr. Smith drives organizations to maintain focus on achieving a solid sustainable cyber security compliance program through preparation of communication documents to promulgate information related to the NERC CIP Reliability Compliance Program. He is a self-driven leader with the ability to thrive in a fast-paced environment coupled with proficiency to think outside the box as well as effective team working and communication skills.

---

Dr. Trey Melcher CISSP, CISM, CRISC, Associate Reliability Consultant, Burns & McDonnell 

Trey is an Associate Reliability Consultant in the Governance, Risk, Cybersecurity & Compliance practice at Burns & McDonnell. He has worked with the NERC Reliability Standards since 2008 working for a Regional Entity and with several Registered Entities. He has a big picture perspective on all aspects of developing, maintaining, and maturing compliance programs. 

---

Ingrid Rayo, GCIP, GICSP, ILO (TX), Associate Reliability Consultant, Burns & McDonnell 

Ingrid is an Associate Reliability Consultant in the Governance, Risk, Cybersecurity & Compliance practice at Burns & McDonnell. Ingrid has 25 years of experience working in various facets of Information Technology. For the past 15 years she has driven organizations to maintain their focus on achieving a solid sustainable cyber security compliance program while formulating and implementing advanced technology and business solutions to meet a diversity of needs. Prior to Burns & McDonnell, Ingrid worked for several large utilities developing and supporting cyber security programs.  She is an active member and serves: 

• InfraGard 
• E-ISAC GridEx VII Design Team 
• Texas Volunteer Incident Response Team  
• Department of Homeland Security (DHS) Infrastructure Liaison Officer 
• Securing Solar for the Grid (S2G) Industry Advisory Board 

---

John Biasi, Solutions Architect Manager, Burns & McDonnell 

John is a Solutions Architect Manager in the Governance, Risk, Cybersecurity, & Compliance practice at Burns & McDonnell. John has 23 years of experience focused on designing secure and compliant solutions for critical infrastructure. John worked for a large investor-owned utility for 6 years, and as a cyber security consultant for the last 9 years. 

We will be using Microsoft Teams to facilitate your participation in the upcoming event. You do not need to have an existing Teams account in order to participate in the broadcast – the course will play in your browser and you will have the option of using a microphone to speak with the room and ask questions, or type any questions in via the chat window and our on-site representative will relay your question to the instructor.

• IMPORTANT NOTE: After November 30 you will not be able to join a Teams meeting using Internet Explorer 11. Microsoft recommends downloading and installing the Teams app if possible. You may also use the Edge browser or Chrome.
• You will receive a separate email with a unique link to a personalized landing page which will include links to join all sessions of this event.
• If you are using a microphone, please ensure that it is muted until such time as you need to ask a question.
• The remote meeting connection will be open approximately 30 minutes before the start of the course. We encourage you to connect as early as possible in case you experience any unforeseen problems.

Please Note: This event is being conducted entirely online. All attendees will connect and attend from their computer, one connection per purchase. For details please see our FAQ

If you are unable to attend at the scheduled date and time, we make recordings available to all attendees for 7 days after the event

REGISTER NOW FOR THIS EVENT:

NERC Critical Infrastructure Protection (CIP)

September 27-28, 2023 | Online

Your registration may be transferred to a member of your organization up to 24 hours in advance of the event. Cancellations must be received on or before August 25, 2023 in order to be refunded and will be subject to a US $195.00 processing fee per registrant. No refunds will be made after this date. Cancellations received after this date will create a credit of the tuition (less processing fee) good toward any other EUCI event. This credit will be good for six months from the cancellation date. In the event of non-attendance, all registration fees will be forfeited. In case of conference cancellation, EUCIs liability is limited to refund of the event registration fee only. For more information regarding administrative policies, such as complaints and refunds, please contact our offices at 303-770-8800

Credits

EUCI is accredited by the International Accreditors for Continuing Education and Training (IACET) and offers IACET CEUs for its learning events that comply with the ANSI/IACET Continuing Education and Training Standard. IACET is recognized internationally as a standard development organization and accrediting body that promotes quality of continuing education and training.

EUCI is authorized by IACET to offer 0.9 CEUs for this event.

Requirements for Successful Completion of Program  

Participants must sign in/out each day and be in attendance for the entirety of the course to be eligible for continuing education credit.  

Instructional Methods  

PowerPoint presentations will be used in this course.  

---

Upon successful completion of this event, program participants interested in receiving CPE credits will receive a certificate of completion.

Course CPE Credits: 10.5
There is no prerequisite for this Course.
Program field of study: Specialized Knowledge
Program Level: Basic
Delivery Method: Group-Live
Advanced Preperation: None

EUCI is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org

 

 

Who Should Attend

• NERC registered entity personnel with compliance responsibilities
• Compliance managers and directors
• Generation owners and operators, including Independent Power Producers and renewable energy project developers
• Transmission owners and operators, including merchant transmission projects
• Attorneys and regulators
• RTO/ISO staff