Preparing for a NERC Audit

Electric plants throughout North America are beefing up their cyber security programs to meet requirements set out by the North American Electric Reliability Corp. (NERC) of Princeton, N.J.

The Midland Cogeneration Venture, in Midland, Mich., recently implemented cyber security to meet NERC requirements. The driver behind the security project was meeting NERC standards and passing the NERC audit. “We’re trying to maintain all of the NERC compliance—passwords, antivirus, intrusion detection, firewall and everything,” says Scott Woodby, senior staff engineer, Midland Cogeneration Venture. “We’ve been working on it for a year.”

Woodby and his team brought together a number of vendors—including their automation vendor, Austin, Texas-based Emerson Process Management—to help beef up the plant’s security. “Emerson was involved, as well as our other outside vendors, “says Woodby. “That included Cisco Systems and our network engineering group.” He notes that the information technology department (IT) was not one of the main players in implementing security. “IT looked at this as plant resources,” says Woodby.

The plant accepts the reality that cyber security will be an ongoing project for the plant. “It’s going to be an ongoing process. We do weekly virus updates,” says Woodby.  “Plus, every time you install something, you have to look at its impact. You make a change in the network, even a benign change, and you have to make sure you didn’t shoot yourself in the foot.”

Related Feature - Cyber Security—A Must for the Grid
To read the feature article relating to this story, go to www.automationworld.com/feature-5824.

Subscribe to Automation World's RSS Feeds for Feature Articles

More in Control