What is NERC CIP Compliance?

The North American Electric Reliability Corporation (NERC) develops and enforces CIP (Critical Infrastructure Protection) Reliability Standards corresponding to the Bulk Power System (BPS). Users, owners, and operators of the BPS under NERC jurisdiction serve more than 334 million people in the US, Canada, and northern Baja California, Mexico with their electricity.

The NERC Security Guideline for the Electricity Sector addresses risks that can arise in the daily business of electricity organizations and practices to help mitigate these risks. An information security policy is recommended as an integral part of these organizations’ policies. Certain entities under NERC jurisdiction are required to have training and awareness programs to further the mitigation process.¹

One of the main concerns that electricity sector organizations expressed was that sensitive information could be used “to damage critical facilities, disrupt electric operations, or harm individuals” if the information was put into the wrong hands. 1 This concern has also been featured on 60 minutes in 2009, and in the Wall Street Journal just last month:

“The U.S. could suffer a coast-to-coast blackout if saboteurs knocked out just nine of the country’s 55,000 electric-transmission substations on a scorching summer day…” ²

The amount of electronic sensitive data keeps rising in time. Therefore, it is crucial to have a process in place to identify, classify, label, secure, and properly share the sensitive information to protect both the electricity organizations and consumers.

This is where our Sensitive Data Discovery tools come into play. STEALTHbits is able to aligns with the Security Guidelines for NERC CIP compliance by:

• Quickly and efficiently identifying where sensitive data exists relating to the “production, processing, storage, transmission, disposal” and permitted disclosure of the information¹
• Profiling where the greatest risks exist based upon key factors such as the number of people with access to the data and the type of access they have
• Beginning to classify information under the Guideline’s suggested categories of Public, Company, and Restricted by remediating on the data

Are STEALTHbits solutions the end-all, be-all to solve all your DLP woes? No. Rather, our software solutions were designed to address a particularly difficult set of requirements that even the big DLP vendors fall short of fulfilling – Unstructured Data that is hiding in virtually every corner of your network. We employ a very logical workflow to:

1. Identify where data exists
2. Profile the Risk associated with each data location by pinpointing who has access to the data, what type of access they have, and what type of data exists there
3. Leverage dozens of preconfigured criteria sets and the ability to create highly accurate, custom scans to find where sensitive data exists
4. Secure the data through a variety of built-in actions and reporting capabilities

¹ Security Guideline for the Electricity Sector: Protecting Sensitive Information

² https://online.wsj.com/news/articles/SB10001424052702304020104579433670284061220

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:

Name

Email*