Cyber Security Standards for Electric Power Systems

The North American Reliability Corporation or NERC has produced standards for Cyber Security for the power systems industry. Further details can be found here but a summary is described below. The standards are part of a full set of Reliability Standards including Emergency Preparedness and Operations and the full list of standards is listed and can be downloaded here.

NERC Cyber Security

The purpose of NERC's new cyber security standards is to ensure that all entities responsible for the reliability of the bulk electric systems of North America identify and protect critical cyber assets that control or could impact the reliability of the bulk electric systems. An urgent action cyber security standard was initially adopted in August 2003 and renewed for a second year in August 2004. NERC adopted permanent cyber security standards on May 2, 2006. On June 4, 2007 compliance with approved NERC Reliability Standards becomes mandatory and enforceable in the United States.

NERC CIP-002 to CIP-009

NERC's new cyber security standard was originally called NERC 1300, but this has changed to 8 separate standards, CIP-002 to CIP-009. As summarized in the table below, these standards contain definitions, policies, reporting requirements, and issues related to personnel security, electronics (or network) security, and physical security (such as access).

New Std #	Topic
CIP-002-1	Critical Cyber Assets
CIP-003-1	Security Management Controls
CIP-004-1	Personnel and Training
CIP-005-1	Electronic Security
CIP-006-1	Physical Security
CIP-007-1	Systems Security Management
CIP-008-1	Incident Reporting and Response Planning
CIP-009-1	Recovery Plans