NERC-CIP Compliance

Electrical System Reliability in the Digital Age

When it comes to something as critical as electric delivery in North America, even a minor IT problem can cause major havoc. Since a vast majority of the power grid is controlled with IT assets, ensuring continual system uptime of these assets is extremely critical. As such, the North American Electric Reliability Corporation (NERC), which is a non-profit organization that exists to ensure reliable electric delivery, has established Critical Infrastructure Protection (CIP) Cyber Security Standards to help safeguard this vital industry.

The NERC-CIP standards provide a framework to identify and protect critical infrastructure assets. A key tenant to this framework is integrity. As in any critical environment, security controls are put in place to minimize unauthorized access and changes that can have a negative effect on operations. Strict change control procedures and documentation are also emphasized by NERC-CIP to support this effort. While these are quite necessary, they are only applicable to approved changes and do little or nothing to prevent unexpected deviations caused by malicious software, direct hacking, and other advanced persistent threats.

From a NERC-CIP perspective, critical infrastructure protection encompasses far more than traditional IT assets. Supervisory Control and Data Acquisition (SCADA) systems, which are integral to the actual operation of utility and manufacturing plants, contain many non-traditional components that fall within these requirements. Complex threats such as Stuxnet demonstrated that rogue changes in the cyber realm could result in catastrophic changes in the physical world. The implications are scary when you consider the potential physical damage, safety concerns, and economic impact that can be caused by these new threats.

The CimTrak Solution for NERC-CIP Compliance

You deploy a number of security solutions to keep your network safe, but even with significant defenses in place, the nature of threats is constantly escalating. As a last line of defense, CimTrak’s cutting edge technology gives you the capability to proactively mitigate IT and SCADA system changes that can make you non-compliant and worse yet, cause a disruption in power delivery. The ability to respond to a potential problem in real-time, without human intervention, should be a high priority. CimTrak provides much needed security while also ensuring accountability required in a NERC-CIP environment.