EnergyNewswatch

NERC Fundamentals and Compliance/Critical Infrastructure Protection

Live Streaming Online September 19-21, 2022

A BankWebinars.com Program

Click Here to register ($2195 ($1195 each course)

If you are unable to attend at the scheduled date and time, we make recordings available to all registrants for three business days after the event

NERC Fundamentals and Compliance

September 19-20, 2022 | Online :: Central Time

“Good introduction and history into the world of NERC compliance.” GM-Engineering Services, Duke Energy

“Very informative and time well spent.” Compliance Superintendent, Alameda Municipal Power

Entities registered with the North American Electric Reliability Corporation (NERC) continue to address the complexities of NERC reliability standards implementation, on-going compliance and enforcement. Full audit schedules ensure the stakes remain high (as evidenced by the recent $10 million fine imposed on a Registered Entity). Critical Infrastructure Protection (CIP) standards involve an added level of complexity.

With an increasing number of generation and transmission projects being proposed and built, it’s important to understand the implications of being a NERC-registered entity and the complicated and, often, costly compliance process.  A host of important factors can significantly impact operations. One of the key tenets supporting compliance, or which can mitigate a penalty, is having a robust compliance program.  To demonstrate a culture of compliance, a registered entity must show an enterprise-wide commitment to the process. 

This course is an overview of NERC standards, compliance, and monitoring and will provide the necessary background for staff with compliance responsibilities to understand the concepts and complexities of NERC compliance to build a culture of compliance and reliability and prepare for audits. The course will help registered entities understand the background for the NERC standards, proven methods of compliance and how to best organize evidence to demonstrate compliance during an audit.

Learning Outcomes

  • Define the role of FERC, NERC and Regional Entities
  • Review the background for the NERC standards and discuss major recent revisions
  • Explain how regional entities calculate violations
  • Discuss how to comply with the most difficult standards
  • Define a culture of compliance and its importance in the compliance monitoring and enforcement process
  • Examine strategies to build an internal compliance program
  • Examine the NERC CIP requirements
  • Analyze the audit process and demonstrate strategies for success before, during, and after an audit
  • Review emerging trends in NERC compliance including:
    • Standards on Physical Security and Supply Chain Management
    • Geomagnetic Disturbances
    • Distributed Energy Resources

Agenda

MONDAY, SEPTEMBER 19, 2022

9:00 a.m. – 4:00 p.m. Central Time

Overview of NERC Reliability Standards and Requirements

  • NERC as the ERO
  • Important definitions used in Reliability Standards
  • Overview of entity registration

Introduction to NERC Compliance

  • Standards background and drafting process
  • Results-based standards
  • Compliance and enforcement
    • Lessons learned
    • Technical rationale vs. implementation guides
    • Standards efficiency review
  • Risk-based compliance highlights
    • Inherent risk assessment
    • Internal controls evaluation
    • Find, fix, track and report
    • Sanction guidelines

NERC Compliance in Practice

  • Defining a culture of compliance and​ building, communicating and demonstrating a culture of compliance​
  • Role of a culture of compliance​ in mitigation​
  • Preparing for an audit:​ what to do before, during and after an on-site compliance audit
  • Settlement process
  • Managing documents and evidence
  • Demonstrating a culture of compliance

TUESDAY, SEPTEMBER 20, 2022

9:00 a.m. – 12:00 p.m. Central Time

Preparing for NERC Compliance Audits

  • How to build, communicate and demonstrate a “culture of compliance”
    • Culture of compliance in mitigation
  • Preparing for an audit:  what to do before, during and after an on-site compliance audit: successful strategies and avoiding common pitfalls
  • Discuss the settlement process after a violation has been found
  • Recognize how NERC compliance fits with other enterprise compliance needs and risk management
  • Managing documentation and evidence
  • Demonstrating a culture of compliance to auditors

 

NERC Critical Infrastructure Protection (CIP)

September 20-21, 2022 | Online :: Central Time

“This is a great course to attend to gather a better understanding and a deeper knowledge of the NERC CIP standard. I gained exceptional knowledge and example from this course that is extremely helpful to implementing the standards and to make sure we have the current standards understood correctly and implemented correctly. The course provided great examples an inside view of what the industry is expected to do and what the auditors expect.” Corporate Cyber Security Operations Tech Analyst, NPPD

“This class is a must-do for anyone involved in CIP Physical/Cyber Security. Very glad I came.” Compliance Superintendent, Alameda Municipal Power

This session will provide an overview of the NERC CIP Reliability Standards. The electric grid in North America is at the top of the list of critical infrastructures maintained by Presidential Directive by the Department of Homeland Security and it is recognized that the remaining critical infrastructures will not function without a reliable supply of electricity.  As a result, cyber and physical security for electric utilities is at the forefront of the legislators and regulators agenda following recent cyber and physical attacks in the US and elsewhere in the world.

To address these risks, the North American Electric Reliability Corporation (NERC) has developed and maintained a set of Critical Infrastructure Protection (CIP) standards that are mandatory and enforceable.  These standards have undergone significant change since they were first adopted in FERC Order 706.  These standards have been extended to include all Bulk Electric System Assets and their related Cyber Assets each categorized as High, Medium, and Lower Risk assets thereby extending the program to all registered entities and all bulk electric system assets at some level.

This course will provide a deep fundamental understanding of the NERC CIP standards including a history of their development, an understanding of the present standards, and a view of what is coming in future standard development.  The course will also provide a detailed overview of each standard, its fundamental purpose, and the intent of each requirement.

Developing programs to meet the intent of the standard is challenging since compliance with the standards requires disciplines from several key corporate functions including electric system operations, information technology, corporate security, and human resources at a minimum.  This course will review organizational structures for successful implementation and their experiences.  This course will also provide an overview of compliance and monitoring efforts that NERC will conduct for the CIP standards and is designed to give the necessary background for all staff to understand the concepts and complexities of NERC compliance in order to communicate and build a culture of compliance and reliability and prepare for upcoming CIP audits.

Learning Outcomes

  • Review the background for the NERC Critical Infrastructure Standards and discuss major recent revisions
  • Review the scope and purpose of the NERC Critical Infrastructure Protection (CIP) standards
  • Examine the NERC CIP requirements: Current version and upcoming revisions
  • Assess the confidentiality provisions of the CIP standards
  • Explain how violations are determined and identify which CIP standards are the most violated and why
  • Discuss the challenges faced by utilities in defining a compliance program across the corporate functions necessary for CIP compliance (operations, information technology, corporate security, human resources, etc.)
  • Define a culture of compliance and its importance in the compliance monitoring and enforcement process
  • Examine strategies to build an internal CIP compliance program in such a diverse environment
  • Analyze the audit process for CIP standards and demonstrate strategies for success before, during, and after an audit

Agenda

TUESDAY, SEPTEMBER 20, 2022

1:00 – 4:00 p.m. Central Time

History and Background of NERC CIP

  • Reliability standards

NERC CIP Version 5 – New Definitions

    • Review of the intent and purpose of each standard
    • Understanding each of the requirements
    • Departments involved in meeting the intent

NERC CIP Physical and Cyber Security – Part 1

  • Bulk electric system (BES) cyber system categorization
  • Security management controls
  • Personnel & training
  • Electronic security perimeters

WEDNESDAY, SEPTEMBER 21, 2022

9:00 a.m. – 4:00 p.m. Central Time

 

NERC CIP Physical and Cyber Security – Part 2

  • Physical security plan
  • Audit process and preparation
  • System security management
  • Incident reporting/response planning
  • Recovery plans for BES cyber systems
  • Organizing for compliance
  • Configuration change management and vulnerability assessments
  • Information protection
  • Managing documentation and evidence

NERC CIP Tools and Resources

    • “Tools” and NERC CIP compliance
    • Active vulnerability assessment tools
    • Danger: Active scanning of ICS environments is risky business!
    • Emerging issues and new standards

 



d