Power Industry Webinar Production & Promotion

Getting Grounded on CIP-013-1 Requirements for Bulk Electric Systems

test alt tag

Specific topics covered will include:

  • Considerations in implementing a comprehensive cyber security solution

  • How to identify threats, risks and gaps in control from internal and third parties and the proposed CIP-013-1 Reliability Standard

  • Best practices in cyber security incident handling and response management

In this webinar, we will discuss the new requirements from NERC CIP-013-1, Cyber Security Supply Chain Risk Management. Join us as we address requirements from the Standard that address security objectives, including: (1) software integrity and authenticity, (2) vendor remote access, (3) information system planning and (4) vendor risk management and procurement controls.

Below are some of the questions discussed during the webinar:

  • Is there a way to counter situations when a vendor refuses (or simply fails) to disclose when access is no longer needed for employees?

  • Once a vendor remediates findings, should we just wait until the next assessment to review the remediation?

  • If you use a patch management program such as Windows SCCM, can this be used to support your integrity check and validation of the update/patch?

  • Who should perform the vendor risk assessments? Procurement, ERM, IT, NERC CIP Compliance, the utility?

  • How is the vendor community responding to these contractual cybersecurity requirements?

  • What's the recommended level of effort (cost) for vendor cybersecurity assessments? Including a range from minimal accepted assessment to preferred rigorous assessment.