North American Electric Reliability Corporation/Critical Infrastructure Protection - NERC CIP

The risks to our nation's critical energy infrastructure are growing every day. From the introduction of new technologies such as Smart Meters, to new and emerging technical and physical threats, the need for comprehensive data security in the energy sector is vital. In response to these threats, the North American Electric Reliability Corporation (NERC) has established a series of Critical Infrastructure Protection (CIP) standards to ensure that energy producers, distributors and other organizations vital to the Smart Grid implement appropriate measures to protect critical infrastructure assets. NERC CIP is comprised of eight specific standards that address a broad range of information security controls, including asset identification, electronic security perimeters and incident reporting and response.

Pursuant to the Federal Power Act of 2005, in January 2008, the Federal Energy Regulatory Commission (FERC) approved a set of mandatory reliability standards for the protection of critical infrastructure associated with the electric power industry.  NERC, CIP-002 through CIP-009 provide a framework for the identification and protection of critical cyber assets to support reliable operation of the bulk power system. Applicable to virtually all users, owners, and operators of the power grid, these standards include key elements of network security best practices, such as:

Identification and change control for critical systems

Boundary protection and access control

Monitoring and detection of unauthorized access

Vulnerability assessment

Incident response


More Information