NERC CIP-003-9 - What You Need to Know About the New Requirements and How to Comply (Part 1)

NERC CIP-003-9 is a set of cybersecurity requirements designed to protect the critical cyber assets of power generation facilities. Compliance with these NERC CIP cybersecurity standards is essential for ensuring the security and reliability of the North American power grid.

By April 1, 2026, all Responsible Entities must be compliant with the new NERC CIP-003-9 standard. This change involves a more proactive cybersecurity approach in compliance with the new section 6, as outlined in "Project 2020-03 Supply Chain Low Impact Revisions".

This 3-part webinar series is tailored for those with intermediate knowledge about NERC CIP, breaking down the changes and their impact in the field. 

In Part 1 of the webinar series, we focus on the new Section 6 "Vendor Electronic Remote Access Security Controls."

What We Cover

The new Section 6 "Vendor Electronic Remote Access Security Controls" and the process that requires implementation:

• 6.1 – Method(s) for determining vendor electronic remote access

• 6.2 – Method(s) for disabling vendor electronic remote access

• 6.3 – Method(s) for detecting known or suspected inbound and outbound malicious communications for vendor electronic remote access
  
  

Moderator

Keon McEwen, SOC Director - Industrial Cybersecurity, ABS Group

With over seven years of experience in OT technologies, Keon McEwen's expertise includes cybersecurity, control systems, automation and data. Keon has a strong knowledge in OT/ICS systems and related compliance requirements including NIST, IMO, ISO and NERC CIP. As the ISOC Global Lead, Keon collaborates with clients and team leaders to manage threat alerts throughout the ISOC client's environments. Previously, he oversaw government cybersecurity projects and managed the ABS Group cyber lab where he introduced simulation and virtual capabilities from conception. He holds a bachelor’s degree in Electrical Engineering with a specialization in computers and embedded systems and has a security+ certification. 

Presenters

Ben Stirling,  Director - Industrial Cybersecurity, ABS Group

Ben Stirling has over 15 years of experience working in the power, industrial and oil and gas industries. He works closely with global leaders, OEMs and technology providers, among others, to develop integrated technology solutions and secure architectures. Ben's expertise in control systems, passion for protecting the world's infrastructure and deep knowledge of NERC CIP, NIST, ITIL, ISA 99/IEC 62443 and MITRE ATT&CK for ICS has positioned him as a thought leader in securing industrial environments. Ben has a proven track record of working with industry clients to recognize and mitigate cybersecurity risks to infrastructure, process and human safety.

Michiko Sell,  NERC CIP Services Supervisor,  NAES Corporation

Michiko has over 30 years of combined experience that includes NERC, AKCIP, ARSCIP standards compliance management, auditing, accounting, financial analysis, budget and financial forecasting, strategic planning, power marketing, new power resource analysis, contract management and negotiations. Ms. Sell led the CIPv5 transition effort for her prior employer and her experience traverses both the Cyber Security and Operations and Planning Standards. Her hands-on experience includes Reliability Policy and Compliance Management, Reliability Compliance Auditing, Program/Procedure Writing, Compliance GAP Analysis and Compliance Risk Assessments.

Joe Baxter, Director -  Solutions Engineering, Network Perception

With more than 20 years of experience, Joe Baxter is an expert in regulatory compliance and IT and OT systems, with deep expertise in infrastructure and total conversions. He specializes in the design of compliance systems, efficient networks, network security and databases, with a particular interest in the creation of cybersecurity policies, procedures and audit responses in the electrical and financial sectors. In the past, Joe has worked at NERC, SERC, Jack Henry, AECI, Burns & McDonnell and ABB, among other organizations.

About NAES Corporation

NAES Corporation (www.naes.com) is an independent services company dedicated to optimizing the performance of energy facilities across the power generation, oil & gas and petrochemical industries. NAES applies its deep experience in operations, maintenance, construction, engineering and technical support to build, operate and maintain plants that run safely, reliably and cost-effectively. NAES is a wholly owned subsidiary of ITOCHU Corporation. With operations in over 80 countries covering a broad range of industries, ITOCHU ranks among the world’s largest corporations.

About Network Perception

Network Perception proactively protects industrial control systems by ensuring network access security as the first line of perimeter defense. Our monitoring software provides complete network transparency and continuous mapping to better support cybersecurity compliance and enable greater cyber resiliency. For more information, visit www.network-perception.com.

About ABS Group

ABS Group of Companies, Inc. (www.abs-group.com), through its operating subsidiaries, provides technical advisory and certification services to support the safety and reliability of high-performance assets and operations in the oil, gas and chemical, power generation, marine, offshore and government sectors, among others. Headquartered in Houston, Texas, ABS Group operates with more than 1,000 professionals globally. ABS Group is a subsidiary of ABS (www.eagle.org), a leading marine and offshore classification society.