[ANSWERED] What is the NERC CIP?

To put it into simple terms, energy is the ability to do work.

There are many different types of energy. Chemical, mechanical, nuclear, and gravitational are some forms of energy just to name a few.

Throughout this blog we’re talking about electrical energy.

In 2022, electrical energy consumption in the United States added up to 4,050 terawatt hours.

In case you didn’t know, a terawatt is a unit of power equal to one trillion watts. That’s a lot of power!

So It’s no surprise that most of our world today relies on energy consumption. More than we may realize and more specifically electrical energy.

Think about your day-to-day activities…how much of that requires electricity? I’m assuming like my own answer, it’s a lot.

We must know how to properly manage it. Uncle Ben from Spider-Man said it best, “With great power comes great responsibility.”

If not managed properly, the consequences can be quite detrimental and leave significant impacts on the way things operate.

Thus the importance of NERC and NERC CIP is what we’re focusing on in this blog. 

Table of Contents

NERC Backstory

Here’s a short history lesson about how NERC came to be.

Now what would you do in the event of a blackout? I’m talking about no access to power. What if this went on for a few hours…or days…or weeks? Civilization as we know it would be in shambles!

Let’s go back to November 9, 1965, at 5:26 PM to be exact.

An electrical power outage failure between Ontario, Canada and Niagara Falls resulted in quite a significant blackout. This blackout left many Northeastern states as well as portions of Canada in darkness for 14 hours.

Imagine the chaos. Traffic lights are out, no electricity, and worst of all…no internet! Could you imagine? I’m kidding, this event occurred before the internet existed. All jokes aside, this was quite a significant event. The event went down in history as the Northeast blackout of 1965.

There were other events similar to this. The New York City blackout of 1977 affected most of New York City from July 13th to July 14th.

Multiple strikes of lighting from a storm in Westchester County hit a Con Ed substation on the Hudson River. These series of lightning bolt strikes caused circuit breakers to trip which overloaded transmission lines causing blackouts.

Government bodies and regulatory agencies recognized the need for structure in this area to decrease blackouts like the significant ones we just described. Bulk power systems need protection from not only natural causes but also human interference.

Other blackout instances were occurring in America around this time as well.

In 1968, the electric utility industry formed a group to bring light to their concerns called the Committee on Power System Reliability (CPSR).

As a result of this, NERC came into existence in 1968. NERC is short for the North American Electric Reliability Corporation.

NERC exists to ensure the reliability and security of the North American bulk power system.

Bulk power systems are the motherboard of electrical energy. A bulk power system is any electrical device with terminals that can connect to other electrical devices. Electrical devices include generators, circuit breakers, transmission lines, and more.

It’s like one big electrical delivery system. Electricity travels via power lines to get where it needs to go. It all begins with power plants. The power plants create the electricity which then gets delivered via power lines to your local homes and businesses.

We can see the importance of safeguarding bulk power systems by a real-life example as well as understanding what exactly they do.

NERC is a non-profit regulatory agency headquartered in Atlanta, Georgia. It’s a government body that’s responsible for enforcing both regulations and rules concerning the North American bulk power system for the public and the economy to ensure compliance. 

NERC vs FERC

FERC is the Federal Energy Regulatory Commission.

It’s another government agency that regulates the interstate transmission of electricity. FERC has jurisdiction over reliability standards.

FERC certified NERC as the Electronic Return Originator - ERO.

This gave NERC the responsibility for developing and enforcing mandatory electric reliability standards under the Commission’s oversight in North America.

NERC develops and enforces standards for the operation, planning, and security of the electric grid to protect against widespread outages.

FERC reviews, approves, and also enforces the standards developed. They work together to reduce risks to the reliability and security of bulk power systems.

NERC also monitors the performance and compliance of entities responsible for operating and maintaining the grid, this includes the area of security.

There are similarities, but ultimately they’re 2 different government agencies that have different responsibilities. 

The NERC Critical Infrastructure Protection (CIP) standards are mandatory security regulations hand-crafted to protect the Bulk Electric System from cyber threats.

This was a group effort between NERC and FERC after analyzing the necessary needs.

Who’s responsible for following the NERC CIP standards? These standards are a requirement for all who have access to bulk power systems in America. This includes electric utilities, independent system operators, and regional transmission organizations.

While NERC is implementing these standards, FERC is enforcing them. 

FERC has the authority to hold those who are in non-compliance with NERC CIP standards to penalties. 

NERC CIP Standards

All of the NERC CIP standards are in regard to the electric power industry or bulk power systems. They all promote security and protection. These standards serve as guidelines for required entities to follow as well as how to do it. They kind of spell it out quite plainly. For example, let’s look at 3 of many NERC CIP standards

CIP-001: Sabotage Reporting

CIP-001 lays out all of the requirements for what to do and how to report sabotage if they occur. These standards ensure a prompt report occurs for any sabotages.

They also help with starting points on how to respond as well as mitigate threats. It all goes back to NERC’s main purpose which is to ensure the security and reliability of bulk power systems. 

CIP-002: Asset Identification and Classification

A lot of these standards are exactly how they sound. CIP-002 is the requirements for identifying critical assets and classifying them within the electric power industry. The purpose of this is to identify assets before a potential threat occurs to strengthen those assets and prevent any potential disruptions. 

CIP-003: Policy and Governance

CIP-003 paves the way for how to develop and put cybersecurity policies and governance processes into practice. It promotes security as well as safeguarding those critical assets we mentioned in the previous policy. 

Importance of Following NERC CIP

As I said before The NERC CIP standards ensure the reliability and security of the North American power grid. It’s quite serious. 

A cyberattack on bulk power systems could result in some pretty detrimental situations. This includes threats such as widespread power outages, economic disruption, and even death. 

There is a risk of receiving fines if required entities fail to comply with NERC CIP standards. Most fines fall in the five-figure range

Serious violations can cost millions of dollars and bad publicity which can create management challenges with stakeholders, shareholders, and regulators.

Benefits of NERC CIP

There are quite a lot of benefits to following NERC CIP standards. 

Being NERC CIP Compliant helps to reduce the risk of cyberattacks. Not only are you more aware of critical assets and can utilize them to reduce cyberattack risks, but being NERC CIP compliant also helps you know exactly what to do in the event a cyberattack were to occur.

This ultimately leads to problem solving at an exponential rate as well as salvaging as much as possible. 

When you are NERC CIP compliant it helps you to avoid costly fines. As we went over, if FERC finds you in non-compliance, depending on the situation at hand the fines can range anywhere from thousands of dollars, to hundreds of thousands, to millions! 

Some other costs that aren’t monetary. Events such as blackouts and cyberattacks can occur, leaving places within North America as well as some parts of neighboring continents and countries in darkness. 

This puts our worlds on pause and takes time, effort, and money to fix. There’s also the result of death in extreme cases. Electrical power is not something to take lightly. 

NERC CIP compliance puts your organization in a positive light. Having compliance increases customer satisfaction and loyalty. More people and businesses will be willing to work and come alongside you when they see you are knowledgeable and actively following NERC CIP standards. Partners can worry a bit less knowing you’ve got things under control. 

Conclusion

Many people may not be aware of the significance of the electrical industry as well as bulk power systems.

American society has come a long way from creating the Committee of Power System Reliability to coming up with NERC which works alongside FERC to ensure the safety and reliability of the bulk power systems.

There are now enforced standards that ensure the safety of our electrical power systems.

More specifically, NERC CIP standards ensure the safety and reliability of bulk power systems regarding cybersecurity. The standards set forth requirements for all that have access to bulk power systems in America such as electric utilities, independent system operators, and regional transmission organizations.

Following the standards leads to great benefits such as increased security, customer loyalty and awareness, NERC compliance, avoidance of heavy fines, and more. On the other side of that, the consequences are quite heavy resulting in disaster.

Safeguarding electrical energy is so important! Bulk power systems are all connected, almost like one big highway. Energy is traveling from place to place to get where it needs to go. Let’s keep electrical traffic (electricity) moving in the right direction on safeways. We can start by making sure responsible entities follow NERC CIP standards.