NERC CIP & Cyber Security

Home NERC CIP & Cyber Security

NERC CIP Standards

Critical Infrastructure Protection (CIP) involves protection of vital physical and Cyber Systems in order to preserve the physical and economic security of the electrical grid. NAES facilitates compliance with CIP-002 through CIP-011 for Low, Medium, and High Impact facilities and cyber systems. Protection of Bulk Electric System critical assets ranks among our highest priorities at NAES. We help you ensure compliance with NERC CIP Standards in all six NERC Reliability Regions, providing complete oversight of your CIP compliance program as well as consulting services, training, and audit preparation.

Contact

NAES Corporation Michiko Sell Photo

Michiko

Sr. NERC Reliability Specialists

Contact Michiko

NERC CIP Compliance

NAES is a leader in NERC Standards Program development and implementation. NAES is an operator of power plants, with approximately 170 plants currently operated across the U.S., Canada, and Mexico. NAES is registered as the GO and/or GOP for approximately 40 facilities across all six regions. As such, NAES understands the importance of NERC compliance and our team of SMEs provides expertise for our fleet of NAES-operated plants and other registered entities.

Visit NERC CIP

NERC CIP Compliance

NAES is a leader in NERC Standards Program development and implementation. NAES is an operator of power plants, with approximately 170 plants currently operated across the U.S., Canada, and Mexico. NAES is registered as the GO and/or GOP for approximately 40 facilities across all six regions. As such, NAES understands the importance of NERC compliance and our team of SMEs provides expertise for our fleet of NAES-operated plants and other registered entities.

Visit NERC CIP

CIP Assessments

NAES offers a variety of Assessments that support and assist in evidencing compliance with NERC CIP Services. The following offerings are applicable to High, Medium and Low Impact BES Cyber Systems.

Visit CIP Assessments

CIP Assessments

NAES offers a variety of Assessments that support and assist in evidencing compliance with NERC CIP Services. The following offerings are applicable to High, Medium and Low Impact BES Cyber Systems.

Visit CIP Assessments

Cyber Security

NAES recognizes that compliance with NERC CIP standards does not equate to robust Cyber Security. NAES is continuously developing new Cyber Security services. The following services are available now.

Visit Cyber Security

Cyber Security

NAES recognizes that compliance with NERC CIP standards does not equate to robust Cyber Security. NAES is continuously developing new Cyber Security services. The following services are available now.

Visit Cyber Security

Cyber Security Awareness

Ensure your facility stays aware of cyber security best practices. Bookmark this page to save posters, short training videos, and other material that can be used to assist in your organization’s Cyber Security Awareness.

Visit Cyber Security Awareness

Cyber Security Awareness

Ensure your facility stays aware of cyber security best practices. Bookmark this page to save posters, short training videos, and other material that can be used to assist in your organization’s Cyber Security Awareness.

Visit Cyber Security Awareness

Supply Chain Management

CIP-013 becomes measurable on 7/1/2020, and NAES has already developed a Supply Chain Risk Management Program (SCRMP) document for our Medium and High Impact clientele. Through working with our clientele, we have created and continue to fine tune a program that is repeatable, flexible, and meets the tenets of the standard requirements as it pertains to assessing supply chain risks.

Visit Supply Chain Management

Supply Chain Management

CIP-013 becomes measurable on 7/1/2020, and NAES has already developed a Supply Chain Risk Management Program (SCRMP) document for our Medium and High Impact clientele. Through working with our clientele, we have created and continue to fine tune a program that is repeatable, flexible, and meets the tenets of the standard requirements as it pertains to assessing supply chain risks.

Visit Supply Chain Management

More Coming Soon

Training

An essential element of all good NERC CIP programs is training. NAES NERC Services has developed a CIP 101 training program, covering CIP & Cyber Security for operators with any level of experience. In addition, NAES offers annual Operator Training that traverses both Ops and Planning and CIP requirements to ensure that your Operators have the tools they need to appropriately respond to events as they arise.

More Coming Soon

Training

An essential element of all good NERC CIP programs is training. NAES NERC Services has developed a CIP 101 training program, covering CIP & Cyber Security for operators with any level of experience. In addition, NAES offers annual Operator Training that traverses both Ops and Planning and CIP requirements to ensure that your Operators have the tools they need to appropriately respond to events as they arise.

Electronic Access Controls Evaluation

Now Required

The NAES NERC Team can assist power plant owners and operators in evaluating electronic access points at their facilities in order to show compliance with NERC standard  CIP-003-7, now CIP-003-8.  Our NERC cyber security experts utilize the Network Perceptions NPView Software to conduct the evaluation. This is the same tool used by all the NERC Regional Entities to evaluate system configurations and firewall rules during NERC audits. This service offering ensures that your facility will be made aware of potential security risks associated with your existing system configuration. NAES can assist you with addressing any identified issues.

The NERC Cyber Security Experts will:

  • Evaluate firewall rules – including the level of risk associated with each rule
  • Populate an Access Control List
  • Develop a high level Network Topology Drawing, provided in Visio
  •  Conduct a Configuration Analysis of BCS connectivity to determine if the BCS is appropriately protected
  • Train all employees on controls and requirements

Optional Add-Ons:

  • Physical walk-down of plant Cyber Assets
  • Assistance with Inventory & Development of a BES Cyber Asset List
  • Assistance with Identification and Classification of BES Cyber Systems

 

For more information, contact our team.

Contact Our Team Today

Contact Us

Network Perception Case Study

Network Perception

 

“Thanks for all the help during the outage. Gregg did a great job covering the second shift for both engineering and other plant support contractors working on the backshift. He was thorough, had great input, and was keenly aware of safety.”

John Kersch Engineering Manager Carneys Point