Cyber security standards.

Navigating NERC cyber security CIP standards

The North American Electric Reliability Corporation (NERC) has proposed over 100 standards to ensure the reliability of the bulk power system in the United States and Canada. These standards include specific requirements to safeguard the cyber security of critical assets essential to reliable operation of the bulk power system.

Understanding NERC CIP and protecting critical assets

The NERC Critical Infrastructure Protection Standards (CIP-002 through CIP-009) set a baseline for critical infrastructure cyber security. KEMA has been working closely with utilities on protecting their critical assets. We also have been an active participant in the NERC CIP Committee in drafting the NERC cyber security standards.

KEMA offers a full range of NERC cyber security services including:

• identifying critical cyber assets (CIP-002)

• gap analysis (CIP-003 to CIP-009)

• process, procedures, training, and tracking

• compliance and compliance mechanisms. 

As part of our critical infrastructure protection activities, we have also worked with the U.S. Federal agencies and Canadian government public safety agency in establishing requirements for control system security. We also have been an active participant and contributor on the drafting team for the NERC cyber security standards (CIP-002 through CIP-009).

Worldwide, KEMA has developed and maintains relationships with many national and international organizations with potential interests in the developing field of cyber security standards, including the Centre for the Protection of National Infrastructure (CPNI) in the UK, the National Institute for Cyber Crime (NICC) in the Netherlands,

the Swedish Civil Contingencies Agency (MSB, formerly the Swedish Emergency Management Authority (SEMA)), and Bundesamt für Sicherheit in der Informationstechnik (BSI) in Germany, as well as the European Commission.