NERC Critical Infrastructure Protection (CIP)

NERC Critical Infrastructure Protection (CIP)

January 29-30, 2025 | Online :: Central Time

“The EUCI NERC CIP training class was very thorough and beneficial for my current role. The instructors were extremely knowledgeable and experienced in the nuances of both the standards and their application and implementation.” Project Officer, NETL

NERC has developed a set of mandatory and enforceable Critical Infrastructure Protection (CIP) standards to address these risks. These standards have evolved since their initial adoption and now cover all Bulk Electric System Assets and their related Cyber Assets, categorized by risk levels. This means that all registered entities and their assets are included in the program.

In this course, you’ll gain a deep understanding of the NERC CIP standards, including their history, current state, and future developments. Each standard will be thoroughly explored, highlighting its purpose and requirements.

Additionally, you’ll learn about NERC’s compliance and monitoring efforts for the CIP standards. This course aims to equip all staff members with the necessary knowledge to understand the complexities of NERC compliance, foster a culture of compliance and reliability, and prepare for upcoming CIP audits. Don’t miss this opportunity to enhance your understanding of NERC CIP and strengthen your organization’s security and compliance measures.

Special discounted rates available for groups of five or more so register your whole team today!

Learning Outcomes

  • Review the background for the NERC Critical Infrastructure Standards and discuss major recent revisions
  • Review the scope and purpose of the NERC Critical Infrastructure Protection (CIP) standards
  • Examine the NERC CIP requirements: Current version and upcoming revisions
  • Assess the confidentiality provisions of the CIP standards
  • Explain how violations are determined and identify which CIP standards are the most violated and why
  • Discuss the challenges utilities face in defining a compliance program across the corporate functions necessary for CIP compliance (operations, information technology, corporate security, human resources, etc.)
  • Define a culture of compliance and its importance in the compliance monitoring and enforcement process
  • Examine strategies to build an internal CIP compliance program in such a diverse environment
  • Analyze the audit process for CIP standards and demonstrate strategies for success before, during, and after an audit

Agenda

Wednesday, January 29, 2025 : Central Time

8:45 – 9:00 a.m.
Log In and Welcome

12:00 – 1:00 p.m.
Lunch Break

9:00 a.m. – 4:00 p.m.
Course Timing

Short breaks will be taken throughout the sessions (30 minutes total)

History and Background of NERC CIP

  • Reliability standards

NERC CIP Version 5/7 – New Definitions

  • Review of the intent and purpose of each standard
  • Understanding each of the requirements
  • Departments involved in meeting the intent

Physical and Cyber Security – Part 1

  • Bulk electric system (BES) cyber system categorization
  • Security management controls
  • Personnel & training
  • Electronic security perimeters
  • How to build, communicate and demonstrate a “culture of compliance”  
    • Culture of compliance in mitigation
  • Audit process and preparation 
    • Preparing for an audit: what to do before, during, and after an on-site compliance audit: successful strategies and avoiding common pitfalls 
    • Discuss the settlement process after a violation has been found 
    • Recognize how NERC compliance fits with other enterprise compliance needs and risk management 
    • Managing documentation and evidence 
    • Demonstrating a culture of compliance with auditors 
  • System security management 
  • Physical security plan 
  • Incident reporting and response planning 

         

        Thursday, January 30, 2025 : Central Time

        8:45 – 9:00 a.m.
        Log In

        9:00 a.m. – 12:00 p.m.
        Course Timing

        Short breaks will be taken throughout the sessions (15 minutes total)

        Physical and Cyber Security – Part 2

        • Recovery plans for BES cyber systems 
        • Organizing for compliance  
        • Configuration change management and vulnerability assessments 
        • Information Protection 
        • Managing documentation and evidence 

        NERC CIP Tools and Resources

        • “Tools” and NERC CIP compliance
        • Active vulnerability assessment tools
        • Danger: Active scanning of ICS environments is risky business!
        • Emerging issues and new standards

        Instructors

        Eric Smith, Senior Cyber Security Reliability Consultant, Burns & McDonnell

        Mr. Smith is an analytical and results-driven NERC CIP specialist bringing along 20+ years of experience with expert understanding of NERC CIP reliability standards, specifically cyber security and network architecture standards. Skillful in developing and implementing successful internal compliance programs that have been tested through numerous audits and certifications in the WECC region as well as RF and NPCC. Proficient in developing CIP programs for Medium and Low impact BES cyber systems, focused on GO/GOP, TO/TOP, and BA entities in the hydro, storage and renewable energy arenas. Mr. Smith is a creative and innovative solution leader developing results based in the NERC CIP, NIST 800, ISO 27000, and corporate business standards. Mr. Smith drives organizations to maintain focus on achieving a solid sustainable cyber security compliance program through preparation of communication documents to promulgate information related to the NERC CIP Reliability Compliance Program. He is a self-driven leader with the ability to thrive in a fast-paced environment coupled with proficiency to think outside the box as well as effective team working and communication skills.


        Dr. Trey Melcher CISSP, CISM, CRISC, Associate Reliability Consultant, Burns & McDonnell

        Trey is an Associate Reliability Consultant in the Governance, Risk, Cybersecurity & Compliance practice at Burns & McDonnell. He has worked with the NERC Reliability Standards since 2008 working for a Regional Entity and with several Registered Entities. He has a big picture perspective on all aspects of developing, maintaining, and maturing compliance programs.


        Ben Gregson, Senior Reliability Consultant/Governance, Risk, Cybersecurity, and Compliance, Burns & McDonnell

        Ben is a Senior Reliability Consultant in the Governance, Risk, Cybersecurity & Compliance practice at Burns & McDonnell. He started in the industry in 2016, shortly after the effective date of CIP Version 5, working as a NERC certified auditor and team lead for Texas RE. He then transitioned to working on CIP program development and acquisition transitioning for a large Responsible Entity. He’s now a consultant for Burns and McDonnell focusing on CIP and cyber security.


        John Biasi, Solutions Architect Manager, Burns & McDonnell

        John is a Solutions Architect Manager in the Governance, Risk, Cybersecurity, & Compliance practice at Burns & McDonnell. John has 23 years of experience focused on designing secure and compliant solutions for critical infrastructure. John worked for a large investor-owned utility for 6 years, and as a cyber security consultant for the last 9 years.

        Online Delivery

        We will be using Microsoft Teams to facilitate your participation in the upcoming event. You do not need to have an existing Teams account in order to participate in the broadcast – the course will play in your browser and you will have the option of using a microphone to speak with the room and ask questions, or type any questions in via the chat window and our on-site representative will relay your question to the instructor.

        • Microsoft recommends downloading and installing the Teams app if possible. You may also use the Edge browser or Chrome.
        • You will receive a separate email with a unique link to a personalized landing page which will include links to join all sessions of this event.
        • If you are using a microphone, please ensure that it is muted until such time as you need to ask a question.
        • The remote meeting connection will be open approximately 30 minutes before the start of the course. We encourage you to connect as early as possible in case you experience any unforeseen problems.

        Register

        Please Note: This event is being conducted entirely online. All attendees will connect and attend from their computer, one connection per purchase. For details please see our FAQ

        If you are unable to attend at the scheduled date and time, we make recordings available to all attendees for 7 days after the event

        REGISTER NOW FOR THIS EVENT:

        NERC Critical Infrastructure Protection (CIP)

        January 29-30, 2025 | Online
        Individual attendee(s) - $ 1195.00 each

        Volume pricing also available

        Individual attendee tickets can be mixed with ticket packs for complete flexibility

        Pack of 5 attendees - $ 5,075.00 (15% discount)
        Pack of 10 attendees - $ 9,560.00 (20% discount)
        Pack of 20 attendees - $ 17,925.00 (25% discount)

        This event is related and may be of interest.

        NERC Fundamentals and Compliance

        January 16, 2025 | Online
        Individual attendee(s) - $ 895.00 each

        Volume pricing also available

        Individual attendee tickets can be mixed with ticket packs for complete flexibility

        Pack of 5 attendees - $ 3,800.00 (15.083798882682% discount)
        Pack of 10 attendees - $ 7,160.00 (20% discount)
        Pack of 20 attendees - $ 13,425.00 (25% discount)

        Your registration may be transferred to a member of your organization up to 24 hours in advance of the event. Cancellations must be received on or before December 27, 2024 in order to be refunded and will be subject to a US $195.00 processing fee per registrant. No refunds will be made after this date. Cancellations received after this date will create a credit of the tuition (less processing fee) good toward any other EUCI event. This credit will be good for six months from the cancellation date. In the event of non-attendance, all registration fees will be forfeited. In case of conference cancellation, EUCIs liability is limited to refund of the event registration fee only. For more information regarding administrative policies, such as complaints and refunds, please contact our offices at 303-770-8800

        CEUs

        Credits

        AP_Logo

        EUCI is accredited by the International Accreditors for Continuing Education and Training (IACET) and offers IACET CEUs for its learning events that comply with the ANSI/IACET Continuing Education and Training Standard. IACET is recognized internationally as a standard development organization and accrediting body that promotes quality of continuing education and training.

        EUCI is authorized by IACET to offer 0.9 CEUs for this event

        Requirements for Successful Completion of Program  

        Participants must sign in/out each day and be in attendance for the entirety of the course to be eligible for continuing education credit.  

        Instructional Methods  

        PowerPoint presentations will be used in this course.  


        Upon successful completion of this event, program participants interested in receiving CPE credits will receive a certificate of completion.

        Course CPE Credits: 10.5
        There is no prerequisite for this Course.
        Program field of study: Specialized Knowledge
        Program Level: Basic
        Delivery Method: Group Internet Based
        Advanced Preparation: None

        CpeEUCI is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org

         

        Who Should Attend

        Utility and contractor/vendor professionals that work with Fossil Fuel Power Generation, Renewable Energy Generation (solar power, wind power, hydroelectric power, or geothermal energy), Transmission Systems, Distribution Systems, Microgrid Systems, and Grid Interconnections.

        • Chief Information Security Officer (CISO)
        • Energy Infrastructure Security Manager
        • Power Plant Manager
        • Grid Operations Manager
        • Transmission System Operator
        • Distribution System Operator
        • Cybersecurity Analyst
        • Compliance Manager
        • Physical Security Manager
        • Risk Manager
        • Control Systems Engineer
        • IT Manager
        • Network Administrator
        • System Operator
        • Cybersecurity Consultant
        • Regulatory Affairs Specialist
        • Emergency Preparedness Manager
        • Asset Management Analyst
        • Smart Grid Specialist
        • Energy Storage Systems Engineer