Join UTC | Contact Us | Site Map | Suggestions


UTC UTC UTC

Home
E-mail This Page Share Printer Friendly Version Print Discuss Discuss A- A+

Utilities Should Be Working Now on NERC CIP Compliance

August 21, 2007

For More Information
Kristy Weinshel
202.833.6815
kristy.weinshel@utc.org

Utilities Should Be Working Now on NERC CIP Compliance

Washington, D.C. – Many utilities have taken steps to comply with new North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards aimed at protecting the electric power grid from cyber attack, but few utilities are CIP-compliant, and there is much work to be done. The eight proposed CIP Reliability Standards, submitted by NERC to the Federal Energy Regulatory Commission (FERC) in 2006, will be adopted as federal regulations sometime in the next several months. However, a very tight compliance timeline is, and likely will remain, in place. Utilities that do not meet audit requirements will face stiff penalties for non-compliance when audits begin in 2009.

Entities responsible for NERC compliance face a number of obstacles in their efforts to address cyber security: manpower is limited and utilities and transmission companies must prioritize work that keeps electricity flowing. But, utilities have no choice but to establish compliance programs now if they are going to be ready for NERC audits.

"We are encouraging our members, and in fact all utilities, not to delay preparing for CIP compliance," says William R. Moroney, president and CEO of the Utilities Telecom Council. "We've heard from our members how demanding it can be to coordinate all the necessary steps for compliance. Yet NERC compliance is essential to not only avoid potential hefty fines, but also to secure current and next-generation infrastructure from potentially disastrous cyber attack."

The Utilities Telecom Council (UTC) has produced a report – NERC Cyber Standards: Ten Steps to Compliance – to help utilities navigate through this complex process. The report partitions the CIP compliance process into 10 manageable steps to help utilities to design a program that efficiently organizes utility personnel and resources to comply with NERC CIP Standards. The report evaluates FERC’s latest input into the standards and, among other things, discusses:
  • Establishing a compliance "roadmap",and conducting a "gap analysis" to identify the difference between existing security measures in comparison to the CIP standards;
  • Identifying a list of all cyber assets, and Electronic Security Perimeters (ESPs) that need to be secured;
  • Choosing an appropriate methodology to assess critical cyber assets, and automatically generate documentation to support a NERC audit; and more.
    •
NERC CIP Standards: Ten Steps to Compliance addresses all aspects of the NERC requirements, and provides detailed specific technical guidance from industry experts on securing critical assets from attack. For more information on the report, or to order a copy, contact research@utc.org or call 202.872.0030.

Utilities Telecom Council
The Utilities Telecom Council (UTC) is a global trade association dedicated to creating a favorable business, regulatory, and technological environment for entities that own, manage, or provide critical telecommunications systems in support of their core services. Founded in 1948, UTC has evolved into a dynamic organization that represents the broad communications interests of electric, gas, and water utilities; natural gas pipelines; other critical infrastructure entities; and other industry stakeholders.

# # #