With the mission of improving the bulk power system reliability and security in North America, the North American Electric Reliability Council (NERC) develops and reinforces standards to ensure system reliability, monitors the bulk power system, defines future adaptations, audits owners, operators, and users for preparedness, and educates and trains industry personnel.
In May 2006, NERC implemented Critical Infrastructure Protection (CIP), which establishes a framework with the minimum requirements needed to ensure reliability and improve IT infrastructure supporting the system. This is the Cyber Security Framework.
NERC CIP has issued nine reliability standards on cyber security with the purpose of identifying and protecting critical cyber assets:
- NERC - CIP 001 1 - Sabotage Reporting
- NERC - CIP 002 1 - Cyber Security - Critical Cyber Asset Identification
- NERC - CIP 003 1 - Cyber Security - Security Management Controls
- NERC - CIP 004 1 - Cyber Security - Personnel & Training
- NERC - CIP 005 1 - Cyber Security - Electronic Security Perimeter(s)
- NERC - CIP 006 1 - Cyber Security - Physical Security of Critical Cyber Assets
- NERC - CIP 007 1 - Cyber Security - Systems Security Management
- NERC - CIP 008 1 - Cyber Security - Incident Reporting and Response Planning
- NERC - CIP 009 1 - Cyber Security - Recovery Plans for Critical Cyber Assets
To help electric utility firms comply with the NERC CIP standards, Modulo has developed a specific knowledge base that allows companies to identify and manage the controls required by the standard.
Modulo Risk Manager inventories assets supporting the system infrastructure and stores them in a centralized repository, implements a process for risk assessment, and provides recommendations to implement controls defined by NERC CIP based on best practices. It also ranks assets and identifies most critical cyber assets, thereby assisting with prioritization of actions and investments.
Modulo Risk Manager allows the organization to manage risks and ensure compliance with all the standards defined by NERC CIP in an integrated and user-friendly fashion, reducing or eliminating silos and reducing costs.
How Modulo Risk Manager help your business with NERC CIP compliance:
- Repository of evidence and audit support
- Cyber assets inventory and repository
- Risk analysis of system-related technological assets, individuals and environments
- Integrates with the business continuity plan, helping manage cyber asset recovery plans and supporting tests
- Generates executive and technical reports
- Generates index- and metrics-based risk scorecard
- Improves decision making and assists with prioritization of actions and financial resources
- Provides a geo-referenced risks overview (can be viewed with Google Earth)
- Provides detailed recommendations to support implementation of controls
- Providing a framework that enables future activity to take place in a consistent and controlled manner
- Controls maintenance
- Provides self-assessment process