The compliance processes that many United States bulk electric system (utility) owners and operators use to comply with North American Electric Reliability Corporation (NERC) critical infrastructure protection (CIP) standards are not sustainable.
It is possible, however, to create a sustainable NERC CIP program that goes beyond assuring compliance to protect critical infrastructure assets from attacks. Utilities should focus on creating a continuous cycle of activities—or a life-cycle of sustainability—to help overcome challenges.
Utilities invest a great deal of time and energy in interpreting NERC CIP standards and defining the policies, processes, roles and responsibilities, and technical controls that the utilities must implement to assure compliance. In this context, some of the greatest challenges include:
- Categorizing assets
- Identifying compliance requirements
- Managing the collection of evidence
- Identifying where gaps exist
- Documenting auditable results
- Ensuring robust management and reporting
- Defining and executing remediation plans
Achieving optimal protection
These steps can lead utilities to a point at which they can maintain compliance and experience business benefits beyond avoiding expensive penalties:
- Understand where you stand today.
- Establish a sustainability strategy and governance framework.
- Establish an actionable plan to build the foundational components of a sustainable program.
- Begin industrializing key NERC CIP processes.
Benefits of a sustainable NERC CIP program
Utilities can reach a point at which they not only maintain compliance efficiently but also experienced business benefits beyond avoiding expensive penalties and negative publicity. Benefits include:
- Greater operational control
- Improved situational awareness
- More control of operations and maintenance costs
- Better preparedness for future disruptive technologies
- Stronger power-grid protection