The North American Electric Reliability Corporation (NERC) is an international regulatory organization that works to reduce risks to power grid infrastructure. NERC administers a Critical Infrastructure Protection (CIP) program. These standards address the security of cyber assets that are critical to the operation of the North American electricity grid.
The NERC CIP plan consists of standards and requirements covering the security of electronic perimeters and the protection of critical cyber assets as well as personnel and training, security management and disaster recovery planning.
Any organization associated with electrical generation, transmission, and interconnection of the bulk power system in the United States, Canada, and part of Mexico is subject to NERC standards.
Compliance with the NERC CIP standards is mandatory. To be compliant, bulk power supply owners and operators must ensure they’ve enacted the measures contained in all of the enforceable CIP standards.
This includes identifying critical assets and regularly performing a risk analysis. Policies must be developed regarding critical assets. Meanwhile, organizations must enforce IT controls protecting access to critical cyber assets and they must have comprehensive contingency plans for cyber attacks, natural disasters and other unplanned events.
NERC’s compliance Violation Severity Levels (VSLs) range from low to severe and delineate the level to which a non-compliant entity missed their mark in the eyes of their auditor. Fines for noncompliance can reach up to $1,000,000 per day.
CyGov delivers streamlined, automated data collection and analysis, prioritized remediation guidance and real-time customized scoring to ease NERC CIP compliance for energy companies. CyGov has mapped NERC back to its control inventory allowing to share data across multiple frameworks through the platform, which creates time savings, money savings and more accurate data. Through the CyGov platform organizations can gain full visibility to their cyber risk levels and compliance.