NERC Critical Infrastructure Protection (CIP)

NERC Critical Infrastructure Protection (CIP)

November 18-19, 2021 | Online :: Central Time

“Very good basic foundation to inform new compliance personnel on standards functions.” Reliability Compliance Specialist O&P, WAPA

“Excellent for NERC beginners.” Regulatory and Compliance Specialist Senior, Colorado Springs Utilities

“This class is a must do for anyone involved in CIP Physical/Cyber Security. Very glad I came.” Compliance Superintendent, Alameda Municipal Power

This session will provide an overview of the NERC CIP Reliability Standards. The electric grid in North America is at the top of the list of critical infrastructures maintained by Presidential Directive by the Department of Homeland Security and it is recognized that the remaining critical infrastructures will not function without a reliable supply of electricity.  As a result, cyber and physical security for electric utilities is at the forefront of the legislators and regulators agenda following recent cyber and physical attacks in the US and elsewhere in the world.

To address these risks, the North American Electric Reliability Corporation (NERC) has developed and maintained a set of Critical Infrastructure Protection (CIP) standards that are mandatory and enforceable.  These standards have undergone significant change since they were first adopted in FERC Order 706.  These standards have been extended to include all Bulk Electric System Assets and their related Cyber Assets each categorized as High, Medium, and Lower Risk assets thereby extending the program to all registered entities and all bulk electric system assets at some level.

This course will provide a deep fundamental understanding of the NERC CIP standards including a history of their development, an understanding of the present standards, and a view of what is coming in future standard development.  The course will also provide a detailed overview of each standard, its fundamental purpose, and the intent of each requirement.

Developing programs to meet the intent of the standard is challenging since compliance with the standards requires disciplines from several key corporate functions including electric system operations, information technology, corporate security, and human resources at a minimum.  This course will also review organizational structures for successful implementation and their experiences.  This course will also provide an overview of compliance and monitoring efforts that NERC will conduct for the CIP standards and is designed to give the necessary background for all staff to understand the concepts and complexities of NERC compliance in order to communicate and build a culture of compliance and reliability and prepare for upcoming CIP audits.

Learning Outcomes

  • Review the background for the NERC Critical Infrastructure Standards and discuss major recent revisions
  • Review the scope and purpose of the NERC Critical Infrastructure Protection (CIP) standards
  • Examine the NERC CIP requirements: Current version and upcoming revisions
  • Assess the confidentiality provisions of the CIP standards
  • Explain how violations are determined and identify which CIP standards are the most violated and why
  • Discuss the challenges faced by utilities in defining a compliance program across the corporate functions necessary for CIP compliance (operations, information technology, corporate security, human resources, etc.)
  • Define a culture of compliance and its importance in the compliance monitoring and enforcement process
  • Examine strategies to build an internal CIP compliance program in such a diverse environment
  • Analyze the audit process for CIP standards and demonstrate strategies for success before, during, and after an audit

 

Agenda

Thursday, November 18, 2021 : Central Time

12:30 – 1:00 p.m.
Log In and Welcome

1:00 – 4:00 p.m.
Course Timing

Short breaks will be taken throughout the sessions   

  • History and background of NERC CIP
  • Reliability standards
  • CIP Version 5 – New definitions
    • Review of the intent and purpose of each standard
    • Understanding each of the requirements
    • Departments involved in meeting the intent
  • Bulk electric system (BES) cyber system categorization
  • Security management controls
  • Personnel & training
  • Electronic security perimeters

Friday, November 19, 2021 : Central Time

8:50 – 9:00 a.m.
Log In

12:00 – 12:30 p.m.
Lunch Break

9:00 a.m. – 4:00 p.m.
Course Timing

Short breaks will be taken throughout the sessions   

  • Physical security plan
  • Audit process and preparation
  • System security management
  • Incident reporting/response planning
  • Recovery plans for BES cyber systems
  • Organizing for compliance
  • Configuration change management and vulnerability assessments
  • Information protection
  • Managing documentation and evidence
  • Tools and resources
    • “Tools” and NERC CIP compliance
    • Active vulnerability assessment tools
    • Danger: Active scanning of ICS environments is risky business!
    • Emerging issues and new standards

Instructor

Jerome Farquharson, Global Practice Manager, Burns & McDonnell

Mr. Farquharson is the Global Practice Director of Burns & McDonnell’s Compliance and Critical Infrastructure Protection practice. He leads with a multi-disciplined background of cyber and physical security, information systems and business advisory consulting.  Mr. Farquharson has provided technology-oriented advisement for numerous Fortunes 500 companies across the nation and possesses cross-industry expertise.  He possesses a unique blend of technical, business and project management skills to effectively provide value to diverse client and industry verticals.  Mr. Farquharson is an experienced Security Network Engineer with 17 years IT experience that includes experience in Network Design Implementation using the NIST, ISO, ISA and FISMA standards as well as 10 years of regulatory compliance experience with HIPPA, FERC, and NERC standards.  As the leader of Burns & McDonnell’s Compliance and Critical Infrastructure Protection practice, Mr. Farquharson has spent the past eleven years implementing internal compliance programs, evaluating security architectures and risk assessments medium and large sized IOU, Municipality and Cooperative environments.  He has presented educational papers at numerous industry conferences and forums to address transmission and generation operational compliance issues.  He has performed numerous compliance audits for large investor owned utilities to determine the level of regulatory exposure and define mitigation strategies to minimize penalty.  Mr. Farquharson is actively involved with the NERC subcommittees and regional Information Systems Audit and Control Associations. His initiatives have helped define security, regulatory compliance and utility technology solutions for critical infrastructure organizations such as electric utilities, government facilities and process industries. Mr. Farquharson has also successfully completed the Fundamentals of Auditing for NERC Compliance Training Course.

Online Delivery

We will be using Microsoft Teams to facilitate your participation in the upcoming event. You do not need to have an existing Teams account in order to participate in the broadcast – the course will play in your browser and you will have the option of using a microphone to speak with the room and ask questions, or type any questions in via the chat window and our on-site representative will relay your question to the instructor.

  • IMPORTANT NOTE: After November 30 you will not be able to join a Teams meeting using Internet Explorer 11. Microsoft recommends downloading and installing the Teams app if possible. You may also use the Edge browser or Chrome.
  • You will receive a meeting invitation will include a link to join the meeting.
  • Separate meeting invitations will be sent for the morning and afternoon sessions of the course.
    • You will need to join the appropriate meeting at the appropriate time.
  • If you are using a microphone, please ensure that it is muted until such time as you need to ask a question.
  • The remote meeting connection will be open approximately 30 minutes before the start of the course. We encourage you to connect as early as possible in case you experience any unforeseen problems.

Register

Please Note: This event is being conducted entirely online. All attendees will connect and attend from their computer, one connection per purchase. For details please see our FAQ

If you are unable to attend at the scheduled date and time, we make recordings available to all registrants for three business days after the event

Event Standard RateAttendees
Single Connection - NERC Critical Infrastructure Protection (CIP)US $ 1195.00
Pack of 5 connectionsUS $ 4,780.00
Pack of 10 ConnectionsUS $ 8,365.00
Pack of 20 ConnectionsUS $ 14,340.00
Call us at 303.770.8800 if you have any specific questions on the volume discounts
* all other discounts do not apply to license packs

This event has the following related events:

NERC Fundamentals and ComplianceUS $ 1195.00
Pack of 5 connectionsUS $ 4,780.00
Pack of 10 ConnectionsUS $ 8,365.00
Pack of 20 ConnectionsUS $ 14,340.00

By registering I indicate I agree with EUCI's privacy policy and understand I may receive emailed reports, articles, event invitations and other information related to products and services from EUCI and any of our business partners. I understand I may unsubscribe at any time by clicking the link included in emails.

Take advantage of these discounts!

  • Attend the Course and NERC Fundamentals and Compliance and pay US $ 2,195.00 per attendee (save US $ 195.00 each)

Cancellation Policy

Your registration may be transferred to a member of your organization up to 24 hours in advance of the event. Cancellations must be received on or before October 15, 2021 in order to be refunded and will be subject to a US $195.00 processing fee per registrant. No refunds will be made after this date. Cancellations received after this date will create a credit of the tuition (less processing fee) good toward any other EUCI event. This credit will be good for six months from the cancellation date. In the event of non-attendance, all registration fees will be forfeited. In case of conference cancellation, EUCIs liability is limited to refund of the event registration fee only. For more information regarding administrative policies, such as complaints and refunds, please contact our offices at 303-770-8800

Secured By:

CEUs

Credits

AP_Logo

EUCI has been accredited as an Authorized Provider by the International Association for Continuing Education and Training (IACET).  In obtaining this accreditation, EUCI has demonstrated that it  complies with the ANSI/IACET Standard which is recognized internationally as a standard of good practice. As a result of their Authorized Provider status, EUCI is authorized to offer IACET CEUs for its programs that qualify under the ANSI/IACET Standard.

EUCI is authorized by IACET to offer 1.0 CEUs for this event.

Requirements for Successful Completion of Program  

Participants must sign in/out each day and be in attendance for the entirety of the course to be eligible for continuing education credit.  

Instructional Methods  

PowerPoint presentations will be used in this course. 

Who Should Attend

  • NERC registered entity personnel with compliance responsibilities
  • Compliance managers and directors
  • Generation owners and operators, including Independent Power Producers and renewable energy project developers
  • Transmission owners and operators, including merchant transmission projects
  • Attorneys and regulators
  • RTO/ISO staff