NERC, also known as The North American Electric Reliability Corporation, issued CIP (Critical Infrastructure Protection) cyber security standards in 2003. These were introduced to safeguard the electrical systems. However, in 2006, FERC (the Federal Energy Regulatory Commission) approved the proposed standards, thereby making them mandatory. Hence, CIP cyber security standards became enforceable across all bulk power system users, operators and owners.Furthermore, those bulk power system users or operators who failed to take the needed security precautions and steps were therefore exposed to the electric cooperative and greater risk such as:
- High chances of service disruption
- Regulatory fines/penalties
All this has led to the increasing demand for gap analysis and risk assessment. Companies like Keentel Engineering can help utility and IPPs perform a gap analysis. This Risk Assessment utilizes a risk-based approach much needed to identify critical infrastructure vulnerabilities throughout the entire enterprise. It helps:
- Protect network access points along with cyber assets
- Assess its effectiveness against the industry standards
- Determine and evaluate current risk
- Build an improved security posture
- Successfully meet compliance requirements
Gap Analysis—Areas of Focus
Gap analysis focuses on the following areas:
- Ensuring sensitive data is secure
- Providing sufficient information for making better risk management decision
- Ensuring the network is secure
- Ensuring the systems are securely configured
- Managing, protecting, and securing confidential customer data and BES cyber assets
Therefore, a gap analysis is designed to assist the organization in identifying potential gaps in the security processes and systems. This analysis is primarily designed to help organizations prepare for the process of attaining NERC CIP compliance. Throughout the process, the assessors work cohesively with the organization’s technical, management, and assurance teams, providing a clear picture of the company’s overall compliance.
Although no NERC entity is 100 percent immune to cyber attacks, a proactive and all-encompassing strategy can indeed eliminate or lower many threats. Hence, getting your security right is crucial for compliance and reliability.
Therefore, it makes sense to invest in gap analysis to get a clear idea of the current state of your security and desired state in compliance with CIP NERC requirements. Moreover, the recommendations provided in the gap analysis should be immediately implemented and used to address and minimize the risks adequately.
