CIP consulting since 2003.

Because sometimes you just want to hire someone who's done it before.

THE WIZARDS

OF CIP

REGIONAL REACH

We've got clients everywhere. That means every quirk a NERC Regional Audit could throw your way, we've seen.

REGIONAL REACH

We have clients everywhere. That means anything your Region throws your way, we've seen.
Label with teal dot and text reading NST Clients
BRIEF OVERVIEW

Making an Impact

NST makes an impact on every part of the grid. We've worked with the smallest municipally-owned cooperatives, to the largest investor-owned utilities in North America, and ISO/RTO organizations in every single NERC Region.

That's High Impact. Pun intended.

Generation

LOW + MEDIUM IMPACT
Hydros to nukes. Gas to solar. Wind powered, coal fired, and battery storage too.

15MW.  1,500+ MW. And more!

Transmission

LOW + MEDIUM IMPACT
From a single mile of 145kV, up to thousands of miles of 345kV, and every low impact and medium impact substation in between...we've heard "the hum".

Control Centers

LOW + MEDIUM + HIGH IMPACT
Primaries and backups. Data centers. Dispatch, monitor, balance, and control.
SERVICES

NERC CIP COMPLIANCE

NERC CIP is our bread and butter. Nobody's been doing it longer. Nobody has more experts on their team.
NST Cyber Security

Roles and Responsibilities

NERC CIP crosses a lot of "swim lanes" and hits different departments, well...differently. Plus our clients don't all divvy up the tasks the same way.

But whoever ends up carrying the ball, we can help with the blocking and tackling.
CASE STUDIES
Button switch

Compliance

You’re doing governance, risk, oversight, quality assurance, and external communication with Regions and NERC. Maybe you want a Mock Audit or a Gap Assessment. Maybe you want help filling out the NERC ERT or writing RSAWs. Maybe you want to develop and document Internal Controls. Maybe you should give us a call.
Security
You need to monitor HR to make sure they initiate the process to remove access rights to former employees after they're terminated. You lock doors, check key cards, and keep track of inventories of assets. And you still need to produce evidence to support compliance.
OT/IT
You worry about network functionality and are required to make sure that various nodes within the system are able to talk with each other (and not with anything else). Maybe you want help to actually patch systems. Maybe you want to run a tabletop exercise to simulate a security incident. Maybe you want to better configure your baselines for BES Cyber Assets and Systems, and ensure that changes in configurations are captured.
Power Engineering
You make turbines turn, pumps pump, and electrons flow. You operate sensors monitoring data on fuels being burned, cooling devices being run, air intake valves, spinning windmills, sun-bathing solar panels, and water pressure behind dams. You have to generate evidence that may eventually be reviewed during an audit.
Purchasing/Legal
You might be new to CIP! CIP-013 and Supply Chain Risk Management fall on you. You have to vet your vendors, understand the risks they pose to the BES, and support the Compliance team with a whole bunch of evidence that didn't even exist before 2020.

Information + Cyber Security

What does good cyber hygiene look like?
How does it contribute to compliance?
It starts with the click of a button.
LEARN MORE
Button switch
NST Cyber Security
NST Cyber Security
NST Cyber Security

Risk + Regulatory
Solutions

We're more than a CIP shop. FERC Dam Safety, TSA Pipeline, NIST, and ISO.
LEARN MORE
Button switch

THE ORIGINAL
NERC CIP TEAM

Love that you're still here,
but why don’t you just call us?