NERC CIP: Introduction to the North American Electric Reliability Corporation

Overview:

When North America was electrifying in the first three decades of the 20th century, most cities and towns had a single electric utility that generated all the power used by the town and distributed it to residential, commercial and industrial users. However, by the 1930s, as demand for electric power grew everywhere and it became hard for utilities to assure a constant supply of power to everyone that wanted it, utilities started buying and selling power with each other. As a result, an interconnected grid was formed, without any overall supervision or regulation.

By the 1960s, serious blackouts started occurring due to lack of coordination among individual utilities, including a 1965 blackout of parts of 11 states and one province (Ontario) in the Northeast, as well as New York City. Under pressure from the Federal Power Commission (predecessor to FERC), in 1968 a group of electric utilities founded the National Electric Reliability Council (NERC), which was later renamed the North American Electric Reliability Corporation (with the same initials). 

NERC developed standards for utilities, intended to prevent blackouts like those experienced in earlier years. These standards were voluntary, but the utilities for the most part followed them; widespread power outages were thought to be a thing of the past.

However, in August 2003, the most serious and widespread power outage ever in North America cut power to 50 million people in the Northeast US and almost the entire province of Ontario. One of the principal causes of this outage was that a major utility in Ohio had not been properly trimming trees under high voltage transmission lines, even though this was “required” by one of the voluntary NERC standards. 

As a result of the Northeast Blackout, in 2005 the US Congress passed the Energy Policy Act. Section 215 of the Act mandated that the Federal Energy Regulatory Commission (FERC) create or contract an Electric Reliability Organization (ERO) to develop and audit compliance with a set of Reliability Standards for the North American power grid. In 2006, NERC was chosen to be the ERO; most of NERC’s voluntary reliability standards were rewritten as mandatory standards, carrying significant fines for non-compliance. NERC continues to enforce the existing Reliability Standards and to develop new standards.

In 2006, a NERC Standards Drafting Team started developing the first version of the CIP (Critical Infrastructure Protection) Reliability Standards. These standards were aimed at protecting the Industrial Control Systems (ICS) that monitor and control the North American Bulk Electric System (BES); they were approved by FERC in January 2008. 

The NERC CIP standards have expanded and gone through many revisions since 2008. This series of webinar courses includes at least eight courses that relate to CIP, starting with “Introduction to NERC CIP”. 

Why you should Attend:

If you work in the electric power industry, either for an electric utility or an Independent Power Producer (including renewables producers), you owe it to yourself to become knowledgeable on NERC and the over 100 NERC Reliability Standards; these include the 13 (soon to be 14) NERC CIP cybersecurity standards. Even if you don’t have a job with “NERC” or “compliance” in its title, you may well have a role to play in maintaining compliance with one or more NERC standards, since there can be huge financial penalties for non-compliance. 

Also, if you work for a company that provides products or services to the power industry, especially if they are used in operations, you need to understand which NERC standards affect your job, so you will not inadvertently be responsible for a NERC violation by your customer. 

Areas Covered in the Session:

• How NERC originated in 1967
• How it took on a regulatory role in 2006, when FERC designated it the official Electric Reliability Organization (ERO)
• How NERC carries out audits and assesses potential violations
• Brief overview of the NERC Operations and Planning (O&P) standards (includes all NERC Reliability Standards except the 13 NERC CIP standards)
• Short description of the NERC Functional Model
• Brief summary of NERC’s Standards Development process

Who Will Benefit:

• CISO and staff, Training Department, NERC Compliance Department, T&D Operations, and other departments in target companies who are concerned with operational security and compliance
• Sales and Technical Support Departments (for vendors to the power industry)
• Individual employees who know NERC CIP is important to the company and want to learn about it to further their career. 

People who work in other industries (or for consulting organizations), who would like to hear what lessons can be learned from the power industry’s experience with CIP