NERC-CIP Version 5 Refines, Expands

Dec. 7, 2013
On April 13, the Federal Energy Regulatory Commission (FERC) proposed Version 5 Critical Infrastructure Protection Reliability Standards, CIP-002-5 through 011-5.

The entire list, which contains two new sections (the last two), includes:

  • CIP- 002-5 – BES Cyber Assets and Cyber Systems
  • CIP- 003-5 – Security Management Controls
  • CIP- 004-5 – Personnel and Training
  • CIP- 005-5 – Electronic Security Perimeters
  • CIP- 006-5 – Physical Security of Critical Cyber Assets
  • CIP- 007-5 – Systems Security Management
  • CIP- 008-5 – Incident Reporting and Response Planning
  • CIP- 009-5 – Recovery Plans for Critical Cyber Assets
  • CIP- 0010-5 – Configuration Management and Vulnerability Assessment
  • CIP- 0011-5 – Information Protection

Bulk electricity supply (BES) gets much focus. That includes defining a BES cyber asset as one that would adversely impact one or more facilities, systems or equipment at a BES site—if the asset is unavailable, degraded or misused. Three provisos exist, though:

  • All this would need to occur within 15 minutes of the cyber asset’s required operation or, should they occur, mis-operation or non-operation.
  • Anything affected, when needed, would have to already be destroyed, degraded or not available when needed.
  • Adverse effects would have to interfere with reliable BES operation.

An important change in Version 5 is that unofficial Version 4’s critical and non-critical classifications were recast as high, medium and low impact levels. Large control centers would be the only high-impact operation. Smaller control centers as well as generation and transmission would comprise medium-impact operations. All other operations would be low-impact.

One other substantial change jettisons the “one size fits all” security of Versions 1-4 for Version 5’s security based on the BES reliability impact.

Sponsored Recommendations

Crisis averted: How our AI-powered services helped prevent a factory fire

Discover how Schneider Electric's services helped a food and beverage manufacturer avoid a factory fire with AI-powered analytics.

How IT Can Support More Sustainable Manufacturing Operations

This eBook outlines how IT departments can contribute to amanufacturing organization’s sustainability goals and how Schneider Electric's products and...

Three ways generative AI is helping our services experts become superheroes

Discover how we are leveraging generative AI to empower service experts, meet electrification demands, and drive data-driven decision-making

How AI can support better health – for people and power systems

Discover how AI is revolutionizing healthcare and power system management. Learn how AI-driven analytics empower businesses to optimize electrical asset performance and how similar...