NERC/CIP is committed to protecting the bulk power system against cybersecurity compromises that could lead to maloperation or instability. On November 22, 2013, Federal Energy Regulatory Commission (FERC) approved Version 5 of the critical infrastructure protection cybersecurity standards (CIP Version 5), which represent significant progress in mitigating cyber risks to the bulk power system.

The Critical Infrastructure Protection Committee (CIPC) was formed to help NERC advance the physical security and cybersecurity of the critical electricity infrastructure of North America. The committee consists of both NERC-appointed regional representatives and technical subject matter experts. CIPC coordinates NERC’s security initiatives and serves as an expert advisory panel to the NERC Board of Trustees, standing committees in the areas of physical security and cybersecurity, and the Electricity Information Sharing and Analysis Center (E-ISAC). CIPC is responsible for:

• Coordinating and communicating with organizations responsible for physical security and cybersecurity in all electricity industry segments and other critical infrastructure sectors, as appropriate
• Liaising with governments on critical infrastructure protection (CIP) matters
• Coordinating with the other NERC committees and working groups to ensure the highest degree of collaboration possible
• Establishing and maintaining an information-reporting procedure for CIP among industry segments and with governments, as appropriate
• Developing, periodically reviewing, and revising (as appropriate) security guidelines
• Assisting in the development and implementation of NERC Reliability Standards
• Conducting forums and workshops related to the scope of CIPC

Activities

CIPC plays an active role in the development of CIP standards. CIPC works closely with NERC operating and planning committees to identify needs for new or revised CIP standards and initiate standards actions by submitting standards authorization requests. The committee also reviews draft CIP standards authorization requests and provides comments. CIPC provides expert resources in technical subject matter to support the development of CIP standards and serves as a forum for education, sharing of views, and informed debate of CIP standards. CIPC uses the knowledge gathered in this forum to develop reference documents that inform the electricity subsector about CIP standards and facilitate their implementation. Additionally, CIPC shares knowledge by conducting workshops related to CIP standards and their development.

Impact on the Electricity Subsector

CIPC educates the electricity subsector to maintain physical and cyber infrastructure security by:

• Protecting: Including physical security, cybersecurity, emergency preparedness and response, business continuity planning, and recovery from a catastrophic event with emphasis on deterring, preventing, limiting, and recovering from terrorist attacks
• Deterring: Dissuade an entity from attempting an attack
• Preventing: Cause an attempted attack to fail
• Limiting: Constrain consequences of an attack in time and scope
• Recovering: Return to normalcy quickly and without unacceptable consequences in the interim

CIPC’s membership of regional representatives and subject matter experts works to ensure that CIP functions vital to the industry are fully integrated and coordinated with the U.S. and Canadian governments.

Reference: https://www.nerc.com/comm/CIPC/Pages/default.aspx