Grid Security is much more of a continuing process than a singular event, as evidenced by the evolution of the NERC CIP standards and the plethora of threats and risks facing the cyber assets of any utility.
BRIDGE NERC CIP consultants have unsurpassed backgrounds in OT and IT systems, in addition to NERC CIP and security credentials. This in-depth experience allows us to operate across traditional organizational boundaries, quickly comprehend your needs, build achievable NERC CIP Compliance plans, and provide support for implementations. Working with your compliance and cybersecurity leadership team, BRIDGE will establish strategies and roadmap plans, which are efficient, clear and effective for building sustainable solutions. Implementation activities are supported through tactical placement of individuals with specific OT and IT NERC CIP skills or strategic placement of complete solution teams with full PMO support.
The loss or short disruptions in electric services can compromise the health, safety and productivity of individuals and businesses throughout a region. Recognizing the magnitude of such a disruption, the U.S. Federal government has sought to harden the utility infrastructure through the enactment of NERC CIP regulatory policy, which mandates compliance to a set of operational standards.
BRIDGE NERC CIP consultants will help guide a utility organization through the development of a NERC CIP program that is realistic, achievable, and effective by:
The intent of the Health Check process is to ensure compliance and validate the organizational processes supporting continued compliance. Given the evolving nature of the NERC CIP standards the resulting recommendations and remediation actions can sometimes be far-reaching, costly and stressful to any organization. Our proven Health Check process provides accuracy, efficiency, and comprehensive alignment of recommendations with key business and technical stakeholders.
BRIDGE OT/IT NERC CIP consultants prepare a utility organization for NERC audit by:
CIP v5 leverages the Bright Line Criteria from v4 for the definition of in-scope assets and cyber assets and characterizes them as “Bulk Electric System (BES) Cyber Systems.” This generally leads to a much larger scope of assets, requiring a much deeper level of analysis of systems and their interactions/processes. The v5 asset classification process and supporting policies and procedures determine the costs, risks, and timeframes involved in meeting V5 compliance.
BRIDGE NERC CIP consultants will guide a utility organization through the critical process of BES Cyber Asset and BES Cyber System classification by: