Corporate Risk Solutions provides NERC CIP 001-009 Reliability Standards Support through our expert security consultants. Corporate Risk Solutions has been contracted by a Regional Reliability Organization to conduct NERC Audits.

Electric Utility Security & NERC CIP Compliance

The NERC CIP Reliability Standards are clearly in the forefront of all electric utilities today, especially for those that must comply with the Critical Infrastructure Protection (CIP) Cyber Security Standards 001-009. The reason for this is simple: increased customer expectations on reliability, investor confidence, and of course, government scrutiny stemming from the passing of the Energy Power Act of 2005. With the implementation of the Act, for the first time ever, Registered Entities within the electric industry are liable for fines up to $1 million per day, per violation. Further, the evaluation of risk has changed with the likelihood of an incident happening to a new de facto standard of 100%. This statement of risk means clearly that electric utilities will be the victim of a criminal, environmental activist, cyber security attack or terrorist attack at some point and their responsibilities should be based on mitigation of the event to ensure reliability of the Bulk Electric Power Grid.

Corporate Risk Solutions is the industry leader in NERC CIP Compliance support working with both electric utility companies and electric company providers. Our experience with utility companies includes municipal electric companies; electric cooperatives; small, medium and large investor owned utilities and merchant operations. Our Electric Utility Provider clients include Smart Grid, Wind Power and Generation Systems Management companies. We have performed NERC CIP-001 through CIP-009 Compliance projects for most types of registered organizations (GO/GOP/TO/TOP/BA/TP/RC/LSE/DP, etc.) within NERC.

As a demonstration of our expertise with the NERC CIP Standards, we have been contracted by one of the Regional Reliability Organizations to assist them with the NERC Audits in 2009 and 2010. Furthermore, Corporate Risk Solutions has six (6) security consultants who have completed the Fundamentals of Auditing for NERC Compliance Course, a course reserved only for companies who have been contracted by a Regional Reliability Organization.

Corporate Risk Solutions has an unequalled level of knowledge, understanding, and experience with the NERC CIP Reliability Standards. We have a large team of professional, credentialed, NERC experienced security consultants in-house to address each of the specific NERC CIP security requirements, including Planning, Policy Development, Procedures, Cyber/Logical Security, Personnel Risk Assessments, Security Education & Awareness Training, Physical Security, Command & Control, Change Control Management, and Redundant/Failover Operations. Our consultants are expertly trained and have in-depth knowledge and extensive experience in each Standard of the NERC CIP Reliability Standards:

CIP-001 – Sabotage Reporting
CIP-002 – Critical Cyber Assets
CIP-003 – Security Management Controls
CIP-004 – Personnel & Training
CIP-005 – Electronic Security
CIP-006 – Physical Security
CIP-007 – Systems Security Management
CIP-008 – Incident Reporting and Response Planning
CIP-009 – Recovery Plans

Corporate Risk Solutions has provided electric utility security and NERC CIP security consulting compliance support to more than 40 utilities across the U.S. and internationally, including alternative energy (wind generation) and Smart Grid. We have also provided these services to several electric utility industry providers, such as GE Energy, Vestas Wind Energy, and CURRENT Group. Further, as part of our efforts on behalf of these utilities, we have interacted with most of the regional organizations including: SPP, TRE, WECC, SERC, RFC, and FRCC.

With regards to NERC and the NERC CIP Reliability Standards, here are a few facts that make our team unique:

Extensive experience conducting Gap Analysis, Mock Audits, and completing NERC CIP Compliance work for utilities
Utility “Team Member” providing Audit support during Regional NERC CIP Spot Checks
Six (6) Consultants who have successfully completed the NERC Fundamentals of Auditing Course
Contracted by a Regional Entity to conduct NERC CIP Audits for 2009/2010
Drafting Team Member for the NERC CIP 002-1 thru 009-1 Standards
Drafting Team Member of the Violations Risk Factors
Drafting Team Member of the UA-1200 Standards
Participation in numerous NERC UA 1200 Readiness Audits resulting in Examples of Excellence and Positive Observations
Attendees at NERC CIP Cyber Security Standards Training Workshops
Presenter/Participant at Regional NERC CIP “How To” Workshops
Active Participant in Quarterly NERC CIPC Meetings & Active Participant in Various Regional Entities’ CIPWG Teams
Member of the NERC Security Guidelines ES-ISAC Reporting Drafting Team
Certified in NSA/DHS/Electric Industry-Recognized Risk Assessment Methodologies, including: NSA’s InfoSec Assessment Methodology, Sandia National Laboratories Risk Assessment Methodologies – Transmission Systems [RAM-T]), Crime Prevention Through Environmental Design, ASIS International – Risk Assessment Methodologies

Corporate Risk Solutions also offers expert support with the operational requirements through our strategic partnership with Utility Compliance Services, another premier security consulting firm that specializes in providing solutions with the operational standards of NERC.

Services Offered by Corporate Risk Solutions

NERC Regulatory (CIP) Compliance
Mock Audits (specifically designed to help utilities prepare for a scheduled NERC Audit or Spot Check)
Gap Analysis (typically reserved for utilites that have a “Good Compliance Program” but that want a third-party review and recommendations of how to improve their program)
On-Site Audit Assistance
Risk Based Assessment Methodology Development & Implementation Support
Policy and Procedural Development
Evidentiary Documentation
Cyber Vulnerability Assessments
Cyber Penetration Testing
Risk & Vulnerability Assessments
Personnel Risk Assessment Screening Programs
Business Continuity Planning and Testing
Employee Security Training Programs
Physical Systems Technical Requirements, Design, Specifications and Budgeting
Project Management, Security Build Out/Implementation and Vendor Vetting
Security (Information, Logical/Cyber, Physical and Personnel) Master Planning
Managed Consulting Services

Utility Client Listing

Ameren Services
Aquila
City of Glendale Water & Power
City of Tallahassee – Electric Utility
Colorado Electric
Colorado Public Service
Colorado Springs Utilities
CURRENT Group
DOW Chemical
Duquesne Light
FirstEnergy Corporation
Fluor Hanford
GE Energy
General Public Utilities, Inc.
Great Lakes Energy
Green Country Energy
Holyoke Gas & Electric
Independence Power & Light
JEA
Kansas City Power & Light
Kelson Holdings (4 Separate Entities)
Michigan Gas & Electric
Michigan Gas Utilities
Midwest ISO
Missouri Public Service
OGE
Pedernales Electric Cooperative
People’s Natural Gas – Minnesota
People’s Natural Gas – Nebraska
PJM Interconnection
PPL Corporation
Seminole Electric Cooperative
Southwest Power Pool (SPP)
Sunflower Electric Power Corporation
Texas Municipal Power Agency
Tucson Electric Power
Vestas Wind Energy
We Energies
West Plains Energy
Wisconsin Public Services

To receive a quote for services and/or to hold a specific date for your project, please call Travis Emerson at 913-322-5404 or contact Corporate Risk Solutions here.