Project Profile

NERC Cybersecurity and Critical Infrastructure Protection for Renewable Operators

Read how ABS Group helped a fast growing renewable energy manufacturer and operations service provider in the Power sector assess its cybersecurity policies and procedures to achieve compliance with NERC Critical Infrastructure Protection (CIP) standards.

Project Objectives

#1

Identify key gaps in existing cybersecurity procedures against NERC CIP standards

#2

Meet anticipated market demands for robust cybersecurity procedures in advance of formal requirement by NERC

#3

Provide a training solution to promote staff awareness and fluency in cybersecurity standards and practices

#4

Train staff as to NERC standards and requirements, as well as procedures to maintain compliance

Project Overview

The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards are evolving quickly to address a variety of threats, including the potential for cyber attacks, and other risks in the U.S. power market. New entrants to the market, such as renewable energy companies, are coming under NERC regulation, and many are proactively reviewing their cybersecurity protocols and tools to confirm that they have adequate programs in place to mitigate risk, meet client expectations and achieve regulatory compliance.

With our team of experts who have over two decades of experience in NERC CIP compliance management, ABS Group was requested to assist a new renewable energy company with assessing gaps in its cybersecurity program and recommending improvements to address these gaps and verify readiness to comply with all applicable NERC standards. Specifically, ABS Group provided guidance for developing a NERC CIP cybersecurity compliance program as well as training to personnel who will oversee its successful implementation.

Client Needs

Assess existing and appropriate cybersecurity procedures and infrastructure needed to comply with NERC CIP cyberesecurity standards
Understand gaps and risks associated with cyber threats and CIP
Meet regulatory requirements and client expectations in accordance with NERC

Our Solution

ABS Group has one of the most experienced NERC consulting teams in North America, with particular expertise in the eight NERC regions. Our NERC experts have been at the forefront of guiding new standards and were involved in the development of NERC CIP standards, which gives us a unique understanding of the implementation process to help confirm compliance.

With direct insight into the criteria used by NERC to determine High, Medium and Low Impact for Registered Entities, as well as a wide area view of the reliability of the bulk electric system, we counseled the client as to how NERC compliance functions. The following solution was tailored to the client's specific need to address cybersecurity and compliance with CIP standards.

Determine Applicable NERC Standards

Our NERC Compliance experts in the ABS Group Power team worked closely with the client to assess the organization's operations to determine if and how the client was required to formally register under the NERC criteria for Generator Operator under the functional model guidelines.

Perform Gap Analysis and Provide Recommendations

We then evaluated the client's existing cybersecurity and other policies and procedures to identify gaps in compliance with the requirements of the applicable NERC standards. The cybersecurity gap assessment identified the appropriate procedures, processes and tools required to demonstrate compliance and facilitate more reliable, safer operations.

We provided support to help the client understand how to close these gaps and recommended developing and implementing a NERC compliance program to reduce uncertainties and increase organizational effectiveness.

Develop Improved Policies and Procedures

ABS Group worked with the client to write and develop an effective Internal Compliance Program with improved internal policies and procedures that address NERC requirements. This included developing NERC Reliability Standard Audit Worksheets (RSAWs) for auditing purposes on each applicable standard.

Conduct Cybersecurity Awareness Training

In order to support the client with enhancing its cybersecurity program, we provided training to educate key operations and management staff about the applicable standards and promote readiness to implement the program.

From The Knowledge Center

Infographic: Managing the Risks of Integrating IT and OT Systems

Value Delivered

New Build Risk Assessment

The renewable energy operator developed a strong compliance program facilitated by ABS Group's knowledgeable NERC team. Our experience providing gap assessments, NERC RSAW preparation, Notice of Alleged Violation remediation and documentation management services in accordance with NERC CIP standards provided additional value to the client's understanding of both its cyber safety vulnerability and need to implement a compliance program to protect its critical infrastructure.

Our guidance helped the client enhance its cybersecurity and provided an overall CIP compliance management and training solution that will meet NERC requirements, as well as address the client customers' expectations for state-of-the-art cybersecurity measures and protections in the operation of their renewable energy plants.

Additional Resources

Cyber vulnerability is one of the top risks facing government, industry and society as each relies on a number of critical information infrastructures. Request our Data Analytics and Cyber Risk Management Toolkit to learn more about our cybersecurity capabilities and Data Analytics and Data Management services.

Subscribe to Our Knowledge Center

We're committed to sharing our knowledge, lessons learned and best practices to support safer, more reliable assets and operations. Subscribe to receive periodic notifications for upcoming webinars, insights and informational resources from our Knowledge Center.

Ask an Expert

About

Industries

Solutions

Knowledge Center

News and Events

Training