Practical Cybersecurity Frameworks Applied to Real World Problems
- Marriott Portland Downtown Waterfront, Portland
Day 1 - NERC CIP Version 5 Foundations Course
For many, CIP Version 3 has become rote knowledge - the terms, requirements and approaches are well engrained into their day-to-day activities. CIP Version 5 is a dramatic change that is likely to challenge even the most seasoned CIP compliance professional.
EnergySec's team of experts, with years of relevant industry experience in cyber security and NERC CIP auditing, have created this one-day course to prepare you for the transition to CIP version 5. This course is perfect for both seasoned NERC CIP professionals seeking to ensure a smooth transition to version 5, as well as those new to NERC CIP who wish to jump start the learning process on these important standards.
Attendees will come away from this one-day course prepared to face version 5. In this course we will:
Join us for an incredible opportunity to help prepare your organization for NERC CIP Version 5 compliance. All attendees will receive full printed and electronic copies of the course materials, plus free access to future versions of the course for a period of 12 months and access to the course alumni email discussion forums. Course materials are regularly reviewed and updated to reflect the latest NERC guidance, formal interpretations, FERC rulings, regional audit approaches, and other relevant items.
Version 5 has significant changes in the format and layout of the standards. This unit provides an explanation of the new format, table-based requirements and applicability sections, measures, and the guidelines and technical basis sections.
This unit will cover the V5 implementation plan explaining the timelines for compliance for various types of facilities, BES Cyber Systems, and impact levels.
Documentation, Measures, and Evidence
Version 5 has eliminated some explicit documentation requirements, but also added specific measures by which compliance may be assessed. This unit will explain the necessary modifications.
There are 19 new or revised definitions of terms used in version 5. This unit will provide an explanation of how these changes will affect you existing compliance activities.
Cyber Asset Categories
Requirements in version 5 contain an applicability table listing the categories of assets that are in scope for that requirement. This unit explains how existing programs will need to adjust to handle the 13 categories of assets to which requirements apply.
Bright Lines and Asset Identification
Version 5 employs a radically different approach to identifying and categorizing cyber assets. The previously used RBAM approach is gone, replaced by bright line criteria and a three-tier approach to asset categorization. This unit explains the new process.
Things You Can Stop Doing
Many requirements have undergone significant changes in version 5. Additionally, FERC recently approved retirement of some existing standards. This unit will detail compliance activities which may no longer be needed.
Things You Need to Start Doing
Version 5 contains two new standards and a number of significantly modified requirements. This unit will introduce these standards and explain the new, modified, and relocated requirements to provide an understanding of new activities that will be required to comply with version 5.
Things You Need to do Differently
Version has updated many existing requirements. This unit discusses adjustments you may need to make to your existing programs and processes.
In the order approving V5, FERC ordered NERC to make modifications in several areas. This unit will discuss the required changes, and explain how these changes may affect future compliance efforts.
Day 2 and 3 - NERC CIP Version 5 Deep Dive
Version 5 of the NERC CIP standards is a significant rewrite with numerous new, revised, and relocated requirements, numerous new or revised definitions, and two new standards. Additionally, the structure and approach to requirements has changed with four tiers of requirements covering thirteen different categories of assets.
EnergySec's team of experts, with years of relevant industry experience in cyber security and NERC CIP auditing, have created this two-day deep dive to provide an in-depth look at these standards and their requirements. This course is appropriate for both seasoned NERC CIP professionals seeking a greater understanding of version 5, as well as those new to NERC CIP seeking in-depth knowledge of these standards. Attendees will come away with detailed knowledge of version 5, and be prepared to tackle the challenges and complexities of compliance while avoiding audit pitfalls.
All attendees will receive full printed and electronic copies of the course materials, plus free access to future versions of the course for a period of 12 months and access to the course alumni email discussion forums. Course materials are regularly reviewed and updated to reflect the latest NERC guidance, formal interpretations, FERC rulings, regional audit approaches, and other relevant items.
Proper identification of cyber assets is critical for compliance. This unit will explain asset identification methodologies, bright line criteria, impact level determination, types of assets that must be considered, and more
Cyber Security Policies
The requirements for cyber security policies are changed. This unit will walkthrough the elements required to be addressed in policies for each of the three asset impact levels.
Training and Awareness
Version 5 has revised and expanded requirements for personnel training. This unit provides an explanation of the requirements for training and awareness, including the specific topics that must be addressed for various job roles.
Personnel Risk Assessments
This unit lays out the requirements for identity verification and background checks for personnel with access to in-scope assets.
Access Management and Revocation
The requirements related to access management have been among the most violated CIP standards. In Version 5, these requirements are reorganized and expanded. This unit provides an in-depth discussion of access management, including the types of access that must be managed, approval and tracking requirements, and revocation procedures.
Electronic Security Perimeters
Electronic Security Perimeters are perhaps the most important aspect of the CIP standards. This unit contains detailed technical explanations of the requirements for Electronic Security Perimeters, Electronic Access Points, and Electronic Access Control and Monitoring Systems.
Interactive Remote Access
The requirements related to remote access contain some of the most significant changes in version 5. This unit will provide a technical discussion of the requirements for control of remote access to BES Cyber Systems.
FERC raised concerns about the security of communication networks in its order approving V5. They also instructed NERC to develop new or modified Reliability Standards that address the protection of communication networks. This unit discusses approaches for protecting networks and preparing for future requirements.
Physical security requirements have been changed, and now contain four tiers of requirements based on the impact level and connectivity of BES Cyber Systems. This unit will explain these changes and layout the differing requirements for each tier of assets.
Ports and Services
This unit covers requirements related to control of ports and services on Cyber Assets
The management of security patches is an important control which has new requirements in version 5. This unit will provide practical advice to meeting these new requirements.
Malicious Code Prevention
Malicious code is one of the biggest threats to critical systems. This unit will explain the changes version 5 has brought to requirements on this topic, and discuss methods for the control of malware.
Transient Systems Protection
In its order approving version 5 of the CIP standards, FERC instructed NERC to develop requirements that address the security of transient systems. This unit discusses recommended practices and explores the types of requirements which may be applied to this category of assets in the future.
System Access Control
This unit provides a detailed review of the technical access control requirements in version 5, including new and revised requirements for shared accounts, password controls, and interactive access.
Security Event Monitoring
It is now recognized that 100% prevention of successful cyber attacks is not feasible. Detection and response are critical, and the revised requirements for security event logging are at the core of these important capabilities. This unit will prepare you for compliance, and lay a foundation for an effective security monitoring capability.
Once a security event is detected, a quick and effective response is critical. This unit will detail the requirements in version 5 for response to Cyber Security Incidents
When an event occurs, rapid detection and response may not be enough to prevent significant impacts to cyber systems. In those circumstances, the ability to quickly and fully recover are essential. This unit walks through version 5 requirements for recovery plans for BES Cyber Systems, and prepares you to be prepared for the worst.
Configuration Change Management
Version 5 has taken a very different approach to configuration management, including an entirely new standard on that topic. Requirements have been consolidated into this new standard, and new ones have been added. This unit explains these changes and starts you on the road to effective configuration management and change control for your critical systems.
This unit will explain the new and updated requirements for vulnerability assessments in version 5.
The more attackers know about your systems, the easier it is for them to get in. This unit discusses the requirements for protection of information that could lead to compromise if exposed, including the safe disposal and redeployment of cyber assets.
Low Impact Assets
FERC has ordered NERC to develop objective criteria to evaluate the sufficiency of cyber protections for low impact assets. This unit will discuss the current state of development and possible outcomes from this effort. It will also suggest ways to address this issue and get a head start on future requirements.
High Frequency Security Obligations
Version 5 contains a number of requirements which constitute "High Frequency Security Obligations", activities which occur repeatedly for a large number of individuals or assets. This unit discusses approaches for achieving the required 100% compliance in these circumstances, examines the concerns about the FERC rejected language of "identify, assess, and correct", and identifies possible alternative approaches that may be proposed in this area.
Technical Feasibility Exceptions
In version 5, a number of the requirements that were previously subject to Technical Feasibility Exceptions (TFEs) have been modified. Additionally, new requirements have been written that may require TFEs in some circumstances. This unit reviews these requirements, provides a discussion of the TFE process, and explains what we know about the TFE process for CIP version 5.
Gotchas and Opportunities
Compliance can be a tricky endeavor, but can also provide the impetus for greater security. This unit will discuss some of the traps, pitfalls, and common mistakes that lead to violations, as well as key areas in which compliance activities can be leveraged to improve overall security.
Documentation and Evidence
Although many documentation requirements have been removed in version 5, documentation is more important than ever to demonstrating compliance. This unit suggests approaches to documentation and evidence that ensure audit readiness.
Tips for Audit Success
A compendium of tips that provide for smoother audits, happier auditors, and improved outcomes.