FacebookTwitterEmail

Every week, the North American Electric Reliability Corporation (NERC) releases a “Standards, Compliance and Enforcement” bulletin. These documents contain important information on NERC’s Reliability Standards. Those include the Critical Infrastructure Protection (CIP), a suite of measures designed to help organizations secure their bulk assets and support the operability of North America’s bulk electric system.

Organizations need to keep up with these bulletins so that they can modify their compliance efforts accordingly. Towards that end, here is a roundup of the key security updates, including news surrounding CIP, that NERC made over the course of Q3 2021.

Date of Bulletin Overview of Update Description of Update
06/21/21 Informational compliance filing submitted to FERC NERC fulfilled an order released by the Federal Regulatory Energy Commission (FERC) in February 2020 by submitting an informational compliance filing. The publication included updates for Project 2016-02 and Project 2019-02, initiatives which concern revisions to Reliability Standards CIP-004-6 and CIP-011-2.
06/21/21 Conference call announced for Project 2020-04 Under Project 2020-04, the Standard Drafting Team responsible for modifying Reliability Standard CIP-012 announced open registration for a conference call on June 23 at 1:30 EST.
06/21/21 Registration opens for ReliabilityFirst workshop around network risks NERC shared a registration link for a ReliabilityFirst workshop exploring Design Structure Matrix (DSM) networked risks on June 30 at 1:00 EST.
06/28/21 Two new Implementation Guidance documents posted on NERC’s website NERC posted two new Implementation Guidance documents to its Compliance Guidance web page. The first concerned CIP-007-6 R1; the second covered CIP-004-6 and CIP-011-2.
06/28/21 Standards Committee Executive Committee (SCEC) votes by email to authorize initial posting of Reliability Standard CIP-003-X for comment period On June 24, SCEC received an email ballot to authorize the initial posting of Reliability Standard CIP-003-X and a corresponding Implementation Plan for a 45-day comment period. It considered this posting by Action without a Meeting on June 25.
06/28/21 Second session announced for Human Performance in Electric Power NERC invited interested parties to sign up for the second virtual session of Human Performance in Electric Power on July 15 at 1:00 EST. It explained that session speakers would discuss how human performance application can help to reduce risk and error when ensuring the reliability and security of the North American power grid.
07/12/21 Results disclosed for SCEC Reliability Standard CIP-003-X email ballot In the vote to authorize the initial posting of Reliability Standard CIP-003-X and its accompanying Implementation Guide, four SCEC members voted in the affirmative. Zero abstained, and zero rejected the motion.
07/12/21 Reliability Guideline for gas and electric organizations posted online NERC announced the posting of “Reliability Guideline: Gas and Electrical Operational Coordination Considerations,” a document which the Reliability and Security Technical Committee (RSTC) approved on June 8.
07/19/21 Release 2 launch of Align announced by ERO Enterprise The ERO Enterprise disclosed the Release 2 launch of Align, a tool for managing and tracking compliance monitoring and enforcement. The ERO Enterprise clarified that Release 2 comes with several new capabilities that build upon the functionality of Release 1.
07/26/21 Webinar announced for examining modifications to CIP Reliability Standards Under Project 2016-02, NERC opened registration for an August 4 webinar to discuss modifications to the CIP Reliability Standards.
07/26/21 Another Project 2020-04 conference call scheduled NERC announced registration for a July 29 conference call where the Drafting Team could share their progress on modifying Reliability Standard CIP-012.
08/02/21 Document, tool, and survey concerning organizations’ security and compliance posture posted online. On June 8, the Security Working Group (SWG) approved the Assessing and Reducing Risk Reference Document and Risk Tool. NERC noted that those two resources along with a related tool survey are now available online.
08/02/21 Agenda released for the NERC Technology and Security Committee’s quarterly meeting NERC shared the agenda package for its Technology and Security Committee’s presentation at its quarterly meeting scheduled for August 11-12.
08/09/21 Resources posted online for Project 2016-02 webinar NERC shared the streaming webinar and slide presentation for the Project 2016-02 webinar that took place on August 4.
08/09/21 Presentation files posted for the Technology and Security Committee’s presentation at NERC’s quarterly meeting In an update to its quarterly meeting resources, NERC shared the presentation files for its Technology and Security Committee’s segment.
08/16/21 The ERO Enterprise’s Non-Endorsed Implementation Guidance was updated to include two documents. According to NERC, the ERO Enterprise updated its Implementation Guidance tracking spreadsheet to include the two documents posted online by NERC on June 28. (See above.)
08/16/21 Conference call announced for Project 2021-03 NERC shared a registration link for a conference call with the Standard Drafting Team of Project 2021-03, CIP-002 Transmission Owner Control Centers, scheduled on August 19 at 1:00 EST.
08/16/21 2021 ERO Reliability Risk Priorities Report published In its 2021 ERO Reliability Risk Priorities Report, NERC identified evolving and interdependent risks. Those included security threats.
08/23/21 NERC unveils 2021 State of Reliability document Looking back at 2020, NERC found that the North American bulk power system experienced challenges including cyber threats in the context of the global pandemic. That’s just one of the findings of its 2021 State of Reliability.
08/23/21 Informational session scheduled for NERC’s Reliability and Security Technical Committee NERC posted a registration link and an agenda package for an informational session with its Reliability and Security Technical Committee. It scheduled the presentation for August 24 at 3:30 EST.
08/30/21 Information shared for Reliability and Security Technical Committee Meeting NERC shared information about the Reliability and Security Technical Committee’s meeting on September 8 (registration and agenda) and September 9 (registration and agenda).
08/30/21 Nomination period opened for E-ISAC Electricity Security Service Award Held in honor of Michael J. Assante, the E-ISAC Electricity Security Service Award recognizes teams who have significantly contributed to the security of the North American electricity industry. NERC clarified that parties could submit nominations until September 14 with the winner to be announced at GridSecCon 2021 on October 20.
08/30/21 E-ISACT’s GridEx VI scheduled for mid-November NERC shared a registration link for GridEx VI. Conducted by E-ISAC, the event simulates a cyber and physical attack on the North American electricity grid and other critical infrastructure. It’s scheduled for November 16-17.
09/13/21 Document clarifying storage and maintenance of information in compliance with ERO Enterprise published by NERC NERC released a guidance document clarifying the storage and maintenance of registered entity as well as ERO Enterprise-created or -provided information for compliance monitoring and enforcement activities in Align and in the ERO Enterprise’s Secure Evidence Locker (SEL).
09/20/21 NERC submits petition for approval of Reliability Standards CIP-004-7 and CIP-011-3 On September 15, NERC submitted four filings to NERC. One of them was a petition of approval for Reliability Standards CIP-004-7 and CIP-011-3.

Check back next quarter for another roundup of security-related updates. In the meantime, you can review NERC’s full list of bulletins here.

FacebookTwitterEmail