Fundamentals of Cyber Security for Utilities

Live Streaming Online September 14-15, 2022

A Program

Click Here to register ($1195)

If you are unable to attend at the scheduled date and time, we make recordings available to all registrants for three business days after the event

Like other parts of critical infrastructure, utilities face advancing cyber security threats to their corporate and field environments.  Regulators, such as NERC and FERC, have mandated in their jurisdictions that these threats be addressed ultimately through compliance with NERC CIP requirements.  However, because of the complex nature of control systems, utility cyber security programs face much greater challenges in providing needed cyber security controls for BES Cyber Assets (BCA) and BES Cyber Systems (BCS).  Further complicating the situation are newer digital components being implemented that are challenging many preconceived notions of how technology is used in power generation and delivery.

As the options for access and control become more complicated, cyber security becomes more important to the overall safety of the environment.  Threats are rapidly evolving, and the industry is struggling to balance asset availability with cyber security to keep malicious actors at bay.  Regulators continue to refine their guidance, and the industry is racing to keep up.  Notwithstanding growing questions and concerns from Utility Boards of Directors over cyber security, each audit of compliance requirements yields new insight into regulator concerns over cyber security in the energy industry.

This course is an in-depth introduction to cyber security issues facing utilities today. It is meant as a primer to give the necessary background for all staff to understand the concepts and complexities of cyber security and compliance with NERC CIP Standards. 

Learning Outcomes

  • Evaluate current value at risk from cyber security threats facing electric utilities 
  • Analyze cyber threats and vulnerabilities 
  • Define, assess, and manage security risk for smart grid 
  • Review NERC CIP, key implementation strategies, and current events 
  • Discuss the convergence of IT and cyber security departments, internal and external communication strategies, and building cross-functional teams 
  • Examine practical techniques for risk management and data protection  
  • Discuss holistic cyber security program strategies focused on prevention 



9:00 a.m. – 5:00 p.m. Central Time

Threats to Energy Infrastructure – Understanding the Cyber Threat Landscape and Value at Risk

  • Introduction to cyber attacks and defenses
  • Current cyber security threats facing electric utilities
  • Common vulnerabilities and consequences 

Continuation of Value at Risk: Threats to Energy Infrastructure

  • Threat impacts to control systems
  • Upcoming cyber security challenges for utilities

Security of Smart Grids: How Cyber Security is Affecting its Future

  • Defining, assessing, and managing security risks affecting smart grid
  • Compliance and distribution systems
  • NIST standards
    • Existing standards and those in development
    • Practical impacts to utility cyber security practices
  • Cyber threats and vulnerabilities to communication networks
    • Field maintenance and test equipment
    • Wide Area Network communications
    • Field communication with Internal IT assets

NERC CIP: Implementation and Preparing for Subsequent Versions

  • Definition and review of the current version of NERC CIP and key differences from previous versions 
  • Introduction and description for each of the NERC CIP standards
  • Review of common violations and root causes


9:00 a.m. – 12:30 p.m. Central Time

Continuation of NERC CIP Discussion and Resolving Implementation Challenges

  • Brief coverage of the regulatory landscape around NERC CIP
  • Discuss key factors of each NERC CIP version along with implementation strategies
  • Identify what to expect from future NERC CIP versions

Integrating Cyber Security Across the Utility

  • Internal cyber security strategy
  • Cyber Security integration across the utility
    • Cross-functional teams
    • Roles and responsibilities
  • End-to-end cyber security from back office to core business