case study

CIP Program Development

A medium impact coal-fired generation plant in ReliabilityFirst needed to build a CIP program in the early days of CIP. We've helped build and maintain it from v3 to v5, and beyond.

The Beginning

NST began work in 2007 and has assisted with the virtually all aspects of the development, documentation, and implementation of a sustainable CIP compliance program. Prior to the Effective Dates of the first version of the CIP Standards (the latter half of 2009), NST helped define, document and implement a risk-based assessment methodology, required by CIP-002, to identify Critical Assets and associated Critical Cyber Assets. Once it was established their SCADA/EMS systems comprised Critical Cyber Assets, NST helped develop and implement the documented policies and procedures necessary for compliance with Standards CIP-003 through CIP-009.

Next Steps

Following the Federal Energy Regulatory Commission’s (FERC) approval of CIP Version 5 in late 2013, NST assisted with the CIP compliance program changes and upgrades made necessary by the replacement of risk-based assessment identification of Critical Cyber Assets with the identification of BES Cyber Systems based on “bright-line criteria” in a new version of CIP-002, by updates to CIP Standards CIP-003 through CIP-009, and by the introduction of two new CIP Standards, CIP-010 and CIP-011.

Overall Support

Since CIP Version 5 became effective in 2016, NST has continued to assist with policy and procedure changes made necessary by additional revisions to the CIP Standards, including CIP-013 and related Supply Chain revisions to CIP-005 and CIP-010. Most recently, NST helped modify the Cyber Security Incident Response Plan in preparation for an updated version of CIP-008 that became effective on January 1, 2020.

Overall, NST consultants have helped create documents ranging from high-level policies, to RSAWs, to detailed work instructions. Activities performed in support of SMEs have ranged from CIP training, to offering opinions on whether the approaches to specific CIP requirements are adequate, to providing highly technical assistance with BES Cyber System and network configurations. NST has performed numerous required cyber vulnerability assessments and has actively supported them during their last three Regional Entity CIP compliance audits.

Continue reading
All Case studies
Button switch

The Original
NERC CIP Team

Want to go above and beyond? Keep clicking.
Or just call NST today.