Interested in bringing a course to your location? Do you have 10 or more people needing training?
We would love to help! Call us at 303-770-8800 or email [email protected] to discuss special pricing and information.
If this event is of interest, you may also be interested in NERC Compliance Fundamentals on October 17-18. Receive an additional discount for attending both events.
The electric grid in North America is at the top of the list of critical infrastructures maintained by Presidential Directive by the Department of Homeland Security and it is recognized that the remaining critical infrastructures will not function without a reliable supply of electricity. As a result, cyber and physical security for electric utilities is at the forefront of the legislators and regulators agenda following recent cyber and physical attacks in the US and elsewhere in the world.
To address these risks, the North American Electric Reliability Corporation (NERC) has developed and maintained a set of Critical Infrastructure Protection standards that are mandatory and enforceable. These standards have undergone significant change since they were first adopted in FERC Order 706. These standards have been extended to include all Bulk Electric System Assets and their related Cyber Assets each categorized as High, Medium, and Lower Risk assets thereby extending the program to all registered entities and all bulk electric system assets at some level.
This course will provide a deep fundamental understanding of the NERC CIP standards including a history of their development, an understanding of the present standards, and a view of what is coming in future standard development. The course will also provide a detailed overview of each standard, its fundamental purpose, and the intent of each requirement.
Developing programs to meet the intent of the standard is challenging since compliance with the standards requires disciplines from several key corporate functions including electric system operations, information technology, corporate security, and human resources at a minimum. This course will also review organizational structures for successful implementation and their experiences.
This course will also provide an overview of compliance and monitoring efforts that NERC will conduct for the CIP standards and is designed to give the necessary background for all staff to understand the concepts and complexities of NERC compliance in order to communicate and build a culture of compliance and reliability and prepare for upcoming CIP audits.
- Review the background for the NERC Critical Infrastructure Standards and discuss major recent revisions
- Understand the Scope and Purpose of the NERC Critical Infrastructure Protection (CIP) Standards
- Examine the NERC CIP requirements: Current version and upcoming revisions
- Understand the confidentiality provisions of the CIP Standards
- Explain how violations are determined and identify which CIP standards are the most violated and why
- Discuss the challenges faced by utilities in defining a compliance program across the corporate functions necessary for CIP compliance (operations, information technology, corporate security, human resources, etc.)
- Define a culture of compliance and its importance in the compliance monitoring and enforcement process
- Examine strategies to build an internal CIP compliance program in such a diverse environment
- Analyze the audit process for CIP standards and demonstrate strategies for success before, during, and after an audit
EUCI has been accredited as an Authorized Provider by the International Association for Continuing Education and Training (IACET). In obtaining this accreditation, EUCI has demonstrated that it complies with the ANSI/IACET Standard which is recognized internationally as a standard of good practice. As a result of their Authorized Provider status, EUCI is authorized to offer IACET CEUs for its programs that qualify under the ANSI/IACET Standard.
EUCI is authorized by IACET to offer 1.0 CEUs for this event.
Requirements for Successful Completion of Program
Participants must sign in/out each day and be in attendance for the entirety of the course to be eligible for continuing education credit.
This course will use PowerPoint presentations and group discussions.
Wednesday, October 18, 2017
12:30 – 1:00 p.m. :: Registration
1:00 p.m. – 5:00 p.m. :: Course Timing
History and Purpose of NERC Critical Infrastructure Protection Standards and Requirements
- History of the CIP Standards
- Urgent Action Standards
- NERC vs. FERC vs. Congress
- 706 Reliability Standards – The first enforceable standards
- CIP Version 5 and Version 6 Reliability Standards
- Review of the intent and purpose of each standard
- Understanding each of the requirements
- Departments involved in meeting the intent
- Meeting the requirements with outside contractors/vendors
- Confidentiality provisions
- New requirements for managing the information
- Analysis of most violated CIP standards: Hot spots to watch for
Thursday, October 19, 2017
8:00 – 8:30 a.m. :: Continental Breakfast
8:30 a.m. – 5:00 p.m. :: Course Timing
12:00 – 1:00 p.m. :: Group Luncheon
History and Purpose of NERC Critical Infrastructure Protection Standards and Requirements – continued
- Physical Security and CIP-014
- Coordination with other Physical Security requirements
- Audit processes and preparation for CIP standards
- RSAW preparation
- Data to provide and not to provide
- Common pitfalls
CIP Compliance in Practice
- Define “culture of compliance ” across the responsible areas
- Communication of risk and strategies to build, communicate and demonstrate a culture of compliance, as mandated by NERC
- Organizing for compliance
- Decentralized vs. centralized corporate security
- Options for organization
- The role of a culture of compliance in mitigation
- Confidentiality of the compliance process
- Recognize how NERC compliance fits with other enterprise compliance needs and risk management
- Managing documentation and evidence
- Demonstrating a culture of compliance to auditors for the CIP standards
- Decentralized vs. centralized corporate security
- Emerging Issues and New Standards
David W. Hilt, P.E., President and Owner of Grid Reliability Consulting
Mr. Hilt has nearly 40 years of experience in electric power system engineering, operation, and regulatory activities. He has been a manager responsible for the design, specification, and construction of electric substations from distribution to EHV including protective relaying. He has also managed transmission and resource planning activities for a major Midwestern electric and natural gas utility providing expert testimony before FERC and state regulators for transmission expansion and 20 year resource plans. Mr. Hilt has directed the development and installation of state estimation and OASIS systems for a Midwestern Reliability Coordination Center. As a Vice President at NERC, he led the development of the compliance monitoring and enforcement program for the bulk-power system reliability standards in North America working closely with the industry, FERC, and Canadian regulatory authorities. He also developed audit programs and event analysis and investigation preprocess. While at NERC he led the investigation of the August 2003 blackout in the Northeastern United States and Canada providing the technical input to the U.S. – Canada Power System Outage Task Force report. Mr. Hilt’s recent experience includes assessment of risk from physical attack and grid resiliency.
Hilton Garden Inn Toronto Airport
3311 Caroga Drive
Mississauga, Ontario L4V 1A3
To reserve your room, please call 1-905-678-0041
Please indicate that you are with the EUCI group to receive the group rate.
The room rate is $CAD 159.00 single or double plus applicable taxes.
Room Block Dates:
A room block has been reserved for the nights of October 16 – 18, 2017.
Rate Available Until:
Make your reservations prior to September 21, 2017. There are a limited number of rooms available at the conference rate. Please make your reservations early.