You must have heard of the Smart Grid recently from your energy provider or probably on the news; however, not 
everyone is aware of the grid, let alone Smart Grid. “The Grid” is referred to the electric grid, which constitutes a network of substations, transformers, transmission lines and many other related things that helps in delivering electricity to your homes and businesses from the power plant. It is basically what you plug into when you switch on your television, lights etc. at home or elsewhere.
Moving ahead, there is a requirement of a new, special kind of electric grid, which has been built from the bottom up to tackle the fast increasing computerized and digital equipment and the technology that depends on it, also, which could manage and automate the increasing requirement of electricity and its complexity in the 21st Century. The digital technology that permits this two-way communication between the customer and its utility, and the sensing along the transmission lines is what makes the grid smart. The smart grid will include computers, new technologies, controls and equipment working together and automation like the internet; however, in this particular case, these technologies will be working with the electrical grid to respond to the fast changing electric needs of ours digitally.
It is essential to address cybersecurity in order to enhance the security and reliability of the country’s electric grid. It is conceivably the most complex and important infrastructure that other sectors depend on to deliver essential, necessary services, which makes it all the more critical to ensure a resilient electric grid. The roles of electricity sector stakeholders have moved over the past two decades. There has been separate distinct markets for generation, transmission and delivery; vendors have undertaken new responsibilities to supply advanced technologies and improve security, and customers have become generators using distributed generation technologies.
About the Cybersecurity for Energy Delivery Systems Program
Enhancing the resilience and reliability of the nation’s energy infrastructure is one of the key missions of the Department of Energy (DOE) Office of Electricity Delivery and Energy Reliability. The cybersecurity of energy delivery systems plays a vital role in safeguarding the energy infrastructure and the fundamental function that it serves in our lives.
To provide assistance to the energy sector asset owners (electric, oil, and gas), OE designed the Cybersecurity for Energy Delivery Systems (CEDS) program by creating cybersecurity solutions for energy delivery systems through a focused research and development effort and integrated planning. To make advances in cybersecurity capabilities for energy delivery systems, the CEDS co-funds projects with industry partners.
Cybersecurity Risk Management Process (RMP):
The electricity subsector cybersecurity Risk Management Process (RMP) guideline was created by the Department of Energy (DOE), in collaboration with the North American Electric Reliability Corporation (NERC) and the National Institute of Standards and Technology (NIST). Utility-specific trade groups and members of industry were involved in authoring this guidance which is meant to be meaningful and tailored for the electricity subsector.
NERC CIP (critical infrastructure protection)
The NERC CIP (North American Electric Reliability Corporation critical infrastructure protection) plan is a set of requirements designed to secure the assets required for operating North America’s bulk electric system.
The NERC CIP plan includes 9 standards and 45 requirements that covers the protection of essential cyber assets and the security of electronic perimeters and also disaster recovery planning, security management and personnel and training.
- CIP-002-1: Critical Cyber Asset Identification
- CIP-003-1: Security Management Controls
- CIP-004-1: Personnel and Training
- CIP-005-1: Electronic Security Perimeters
- CIP-006-1: Physical Security of Critical Cyber Assets
- CIP-007-1: Systems Security Management
- CIP-008-1: Incident Reporting and Response Planning
- CIP-009-1: Recovery Plans for Critical Cyber Assets
Penalties for noncompliance
The penalties for noncompliance with the NERC CIP imposed by NERC (as the ERO), or by other regional entities that have been designated to act as enforcers by the NERC. The penalties comprises of sanctions or other actions against covered institutions, operators, users of the bulk electric system, power owners and also includes imposing fines.
The accurate penalties varies from country to country, given that NERC is a transnational institution that covers both Canada and the U.S. The Federal Power Act in the U.S. allows regional entities or NERC to levy civil penalties of up to $1 million per day, per violation, so long as the penalty is proportional to the seriousness of the violation. For determining the seriousness of the violation, NERC has laid out some factors in the NERC’s Sanctions Guidelines Document. It includes the risk that it pose to deliberate violations, overall reliability of the bulk electric system, the overall organization’s compliance program quality, attempts to concealing violations and so forth.
Join this webinar on Cyber Security for the Power Grid – NERC’s Infrastructure Requirements by our expert speaker Tamar Cerafici to get a detailed insight on this very crucial subject.
