Security Awareness Blog

All things NERC CIP @SANSICS

Ted GutierrezIf you know anything about SANS you probably know that it's the world's largest provider of cyber security training and certification to professionals at governments and commercial institutions. We understand that the only defense against advanced cyber attackers are the skills that SANS teaches and we take that responsibility very seriously. We also know that a significant concern today is the need to protect the critical infrastructure essential to providing basic services to a society and that the foundation of those critical infrastructures is a reliable bulk electric system (BES).

What you may not know is that SANS is developing training tailored specifically to help electric system asset owners and operators meet their responsibilities related to ensuring the security of the cyber systems critical to the operation of the BES. Last week SANS announced the availability of the CIP V5 CBT program addressing the requirements of NERC CIP-004-5.1 R1 and NERC CIP-004-.5.1 R2. SANS is also developing IC456: Essentials for NERC Critical Infrastructure Protection which is a 5-day, in-depth course covering not only the standards and requirements, but also the regulatory structure, standards development process, the history of NERC CIP, and most importantly practical approaches for implementing a secure and compliant CIP program.

For a sneak peek at ICS456, please join us at the NERC GridSecCon event on October 14 where we will be presenting day-1 of the course. Now in its 5th annual run, the conference brings together professionals from industry and government to share security trends, policy changes, and lessons learned specific to the electricity sub-sector. I hope you'll join me at the conference and to stay abreast of all the SANS ICS activity follow us on Twitter @SANSICS and @Gutierrez_Ted.

Ted Gutierrez, CISSP, GICSP, and GCIH, is the ICS & NERC CIP Product Manager at the SANS Institute. Ted was formerly the Director of Operations Technology & NERC Compliance at Northern Indiana Public Service Company (NIPSCO) where he was responsible for compliance to NERC 693 and CIP standards and the support of the related operations technology systems. Ted has over twenty-five years of experience working in the electric utility, information technology and manufacturing industries.