+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

Understanding the NERC-CIP Regulations for Critical Infrastructure Organizations, 2018

  • Report

  • 90 Pages
  • October 2018
  • Region: Global
  • Frost & Sullivan
  • ID: 4655859

With Stricter Enforcement Protocols Set to go into Effect by 2019, Critical National Infrastructure Organizations are Rapidly Implementing Specific Security Measures to Achieve Full Compliance

The most significant threat is no longer threats to human lives or property from physical attacks - rather the threat lies in more covert warfare tactics, including cyber-attacks and attacks that can cripple, obstruct, or destroy operations within critical infrastructure facilities, such as utility companies, communications towers, ports, manufacturing facilities, or other critical services. In order to protect critical national infrastructure (CNI) entities from these more sophisticated attacks and ensure proper security postures, the North America Electric Reliability Corporation (NERC) has updated its Critical Infrastructure Protections (CIP) regulations to encourage CNI organizations to improve their security posture; protect their information and operational technology systems, networks, and physical assets; and plan for how to keep their networks and assets secure through a continually advancing technological environment. The NERC-CIP regulations provide specific guidance, requirements, and measures for CNI organizations to follow to protect their current assets, enforce proper security protocols and standards, plan for and respond to any security incidents accordingly, and ensure their assets remain protected from malicious actors.

Research Scope
This research service includes all of the NERC-CIP regulations as written by the NERC Organization, as well as the listed measurements and evidence required for critical infrastructure. Each CIP includes the specified requirements for each compliance category as well as types of documentation, evidence, and plans to show requirements have been met. This service also includes analyst insight into the specific tasks to be performed for each requirement and a clear listing of evidence types for CNI organizations to provide in order to show compliance. This service further details some of the key vendors offering compliance technology solutions, consulting expertise in NERC-CIP regulations, or both types of services for customers. This listing, however, is not exhaustive of all vendors in the market.

Key Information

  • NERC-CIP listings for requirements 002-011, and CIP-014
  • Listing of CIP measurements to show compliance
  • History of the NERC Organization and the evolution of the requirements
  • Key changes to the NERC-CIP regulatory enforcement and raised security profiles for CNI organizations
  • Summary of requirement listings and key takeaways for CNI organizations
  • Listing of key vendors and specialization

Key Issues Addressed

  • What are the full regulatory requirements for NERC-CIP compliance?
  • What is the history behind the evolution of the NERC-CIP requirements?
  • What documentation, measurements, or evidence do critical infrastructure entities need to provide to show compliance?
  • Who are some of the key vendors who can help critical infrastructure customers reach full compliance?
  • What NERC-CIP requirements do these vendors’ solutions help customers to achieve?

Table of Contents

1. Understanding The NERC-CIP Regulations For Critical Infrastructure Organizations, 2018
2. Executive Summary
Key Findings
3. Definitions
4. Evolution of NERC-CIP Requirements
The New Cyber Threat - Critical Infrastructure Sites
Critical Infrastructure Sites Already Targeted
Standardizing the Regulatory Environment
Revised Standards to Meet Changing Technology Needs
5. Drivers and Restraints
Market Drivers
Drivers Explained
Market Restraints
Restraints Explained
6. Regulatory Breakdown
Introduction to NERC-CIP Regulations
CIP-002: Classification of BES Systems
CIP-003: Security Management Controls
CIP-004 Personnel and Training
CIP-005 Electronic Security Perimeters
CIP-006 Physical Security of BES Cyber Systems
CIP-007 Cybersecurity Systems Management
CIP-008 Cybersecurity Incident Reporting and Response Planning
CIP-009 Recovery Plans for BES Cyber Systems
CIP-010 Configuration Change Management and Vulnerability Assessments
CIP-011 Cybersecurity Information Protection
CIP-014 Physical Security
7. Key Vendors
Vendor Landscape per Regulation
Solution Providers or Consultancies
8. Growth Opportunities
Growth Opportunity 1 - Consultancy Services
Growth Opportunity 2 - Industrial-Specific Cyber Solutions
Growth Opportunity 3 - Ongoing Security Convergence
Growth Opportunity 4 - Partner Networks for Full Compliance
Strategic Imperatives for Success and Growth
9. The Last Word - 3 Big Predictions
Legal Disclaimer
10. Appendix
List of Exhibits