CIP v5 Foundations and Generation Focus Training – Denver, CO – April 17-18, 2014

This special educational event includes a 2-day opportunity to obtain the foundational NERC CIP Version 5 knowledge you need to successfully be compliant with this set of security standards. The second day of the event is a focus on Generation facilities diving into specific CIP Version 5 and cyber security considerations. Don’t miss the opportunity learn from two of the leading experts in this field: Steve Parker from EnergySec and Michael Toecker, PE form Digital Bond. (scroll down for detailed course descriptions)

In Partnership with:


 EnergySec/NESCO Members receive a 30% discount. Click here to obtain your discount code(s) for 2014 events.


We have group rates! * Please call 877-267-4732 to receive a group rate code.

Group Size      Discount
4-7       5%
8-11      10%
12 or more      15%

* Does not apply to already discounted options such as the NESCO Member discount.


Renaissance Denver Hotel, 3801 Quebec Street, Denver, CO 40209 | 1-303-399-7500

Day 1 – NERC CIP Version 5 Foundations Course

For many, CIP Version 3 has become rote knowledge – the terms, requirements and approaches are well engrained into their day-to-day activities. CIP Version 5 is a dramatic change that is likely to challenge even the most seasoned CIP compliance professional.

EnergySec’s team of experts, with years of relevant industry experience in cyber security and NERC CIP auditing, have created this one-day course to prepare you for the transition to CIP version 5. This course is perfect for both seasoned NERC CIP professionals seeking to ensure a smooth transition to version 5, as well as those new to NERC CIP who wish to jump start the learning process on these important standards.

Attendees will come away from this one-day course prepared to face version 5. In this course we will:

  • Explain the 19 terms with new or revised definitions and other important terms that are still undefined
  • Describe the 13 categories of assets to which requirements apply
  • Explain the new bright line criteria and the three tier (High/Medium/Low) approach to asset classification
  • Walk through a detailed mapping and discussion of the new, revised, and retired requirements
  • Discuss the two new standards in version 5
  • Explore future changes that may result from the FERC Order on version 5
  • Provide references and discussion on the pertinent NERC filings and FERC rulings on these standards

Join us for an incredible opportunity to help prepare your organization for NERC CIP Version 5 compliance. All attendees will receive full printed and electronic copies of the course materials, plus free access to future versions of the course for a period of 12 months and access to the course alumni email discussion forums. Course materials are regularly reviewed and updated to reflect the latest NERC guidance, formal interpretations, FERC rulings, regional audit approaches, and other relevant items.


Structural Changes

Version 5 has significant changes in the format and layout of the standards. This unit provides an explanation of the new format, table-based requirements and applicability sections, measures, and the guidelines and technical basis sections.

Implementation Plan

This unit will cover the V5 implementation plan explaining the timelines for compliance for various types of facilities, BES Cyber Systems, and impact levels.

Documentation, Measures, and Evidence

Version 5 has eliminated some explicit documentation requirements, but also added specific measures by which compliance may be assessed. This unit will explain the necessary modifications.


There are 19 new or revised definitions of terms used in version 5. This unit will provide an explanation of how these changes will affect you existing compliance activities.

Cyber Asset Categories

Requirements in version 5 contain an applicability table listing the categories of assets that are in scope for that requirement. This unit explains how existing programs will need to adjust to handle the 13 categories of assets to which requirements apply.

Bright Lines and Asset Identification

– Version 5 employs a radically different approach to identifying and categorizing cyber assets. The previously used RBAM approach is gone, replaced by bright line criteria and a three-tier approach to asset categorization. This unit explains the new process.

Things You Can Stop Doing

Many requirements have undergone significant changes in version 5. Additionally, FERC recently approved retirement of some existing standards. This unit will detail compliance activities which may no longer be needed.

Things You Need to Start Doing

Version 5 contains two new standards and a number of significantly modified requirements. This unit will introduce these standards and explain the new, modified, and relocated requirements to provide an understanding of new activities that will be required to comply with version 5.

Things You Need to do Differently

Version has updated many existing requirements. This unit discusses adjustments you may need to make to your existing programs and processes.

Future Changes

In the order approving V5, FERC ordered NERC to make modifications in several areas. This unit will discuss the required changes, and explain how these changes may affect future compliance efforts.


Day 2  – Generation Technical Training: Focus for NERC CIP and Cyber Security


This course is intended for Generation engineers and technicians that are developing their cyber security program, IT personnel who are expected to work with generation networks and systems, or those who have a responsibility for cyber security and/or NERC CIP at their company. This course has been modified to link with the NERC CIP 5 Foundations course concepts, so attendees will be able to reference concepts and ideas from Foundations, and discuss applying them to their site.

The course will examine and impart established cyber security concepts in the context of a Generation Station. Emphasis will be on how cyber security measures have been successfully and unsuccessfully applied in the generation environment, strategies for implementation and operation, common problems and solutions. Additionally, course will cover procuring cyber security services and moving forward in a world where cyber security is a new operational risk. And finally, the course will discuss vulnerabilities in control systems, and introduce all students to tools used by penetration testers and hackers to better prepare them for challenges ahead.

Course material will utilize a Model Generation Station, which will facilitate discussion of how cyber security applies specific parts of a generation plant, and situations which may occur at plants.  Labs will include a mixture of automation systems and devices.

Course is half lecture, and half lab and exercise based. Topics are presented by the instructor for consideration, and labs/exercises are intended to reinforce concepts. Exercises consist of discussions, drawings, and spreadsheets targeted towards the concepts presented. Labs consist of hands on experience with tools, techniques, and other resources for cyber security in a generation environment.

Course Objectives

  1. To introduce control system cyber security measures and their application to the NERC CIP regulations in the context of the Generation Plant
  2. To provide common problems encountered and solutions when applying cyber security protections to a Generation Plant
  3. To familiarize students with the technical aspects of NERC CIP compliance, specifically the CIP-002, CIP-005, and CIP-007 regulations.
  4. To provide hands on instruction for cyber security tools, programs, and vulnerability assessment devices.
  5. To provide a consistent call to action regarding improvements to vendor offerings.

Course Topics

  1. Introduction and Description of Model Plant
  2. Identifying Devices and Systems Critical to Generation Operation (Applies to CIP-002)
  3. Designing a Concept Perimeter (Applies to CIP-005)
  4. Cyber Security Measures for Systems and Devices (Applies to CIP-007)
  5. Specifying and Procuring Cyber Security Services for Generation
  6. Tools and Techniques Lab

Required Supplies
Students require a laptop where they have administrative access, running Windows XP or Windows 7. Students must install VMWare Player, or another VMWare product, before  training, as the labs will utilize some non-Windows tools.

Laptops should also have the following software installed, or the an equivalent (in parentheses):

  1. Microsoft Office (Open Office)
  2. Adobe Acrobat Reader (Foxit PDF)

Comments, Questions, Improvements
All comments on the training material, and improvements, are most welcome. Cyber Security for Power Generation is a topic that deserves significant attention due to new regulations and a greater awareness of the vulnerability of these systems. A goal of this training to gather ideas, practices, problems, and solutions into a single learning experience for generation professionals, and input from those professionals is necessary for improvement.


Instructor Biographies

Steve ParkerSteven  Parker – CISSP, CISA | EnergySec

Steven Parker, CISA, CISSP, is the EnergySec Vice President of Technology Research and Projects.with the Energy Sector Security Consortium (EnergySec).  He was part of the grassroots effort that led to the formation of EnergySec, and has served on its board of directors since 2008.

Steven’s experience includes more than a decade of full-time security work at critical infrastructure organizations including the Western Electricity Coordinating Council, PacifiCorp, and US Bank.  He has contributed to a broad range of security projects covering areas such as e-commerce, identity management, intrusion detection, forensics, and security event monitoring.



Michael Toecker, PEMichael Toecker, PE | Digital Bond 

Michael Toecker is a Professional Engineer specializing in the cyber security of industrial control systems, and predominately those within the electric power sector.  A graduate of the University of Missouri-Rolla’s accredited Computer Engineering program, he has a focused background in the development of computer systems, hardware engineering, electronics, networking, and computer programming.

Toecker started his career at the consulting engineering firm Burns and McDonnell, working specifically for electric power infrastructure owners on cyber security and compliance projects.  While at Burns and McDonnell, Mr. Toecker participated in successful penetration tests directed at Energy SCADA infrastructure, led multiple cyber security assessments of generation, transmission and control center facilities.  In addition, Mr. Toecker has worked federal control system security projects, namely assessments of massive building control systems. Toecker continues his work on ensuring the cyber security and reliability of automation systems at Digital Bond.




Any cancellations received more than one month before the start of the session will be refunded 50% of the tuition of the course registered.  Any cancellations that are received less than one month before the start of the session, will not be eligible for a refund.  The cancellation must be sent in writing to or to EnergySec, 8440 SE Sunnybrook Blvd Suite 206, Clackamas OR 97015.


One postponement without a penalty fee is permitted. Any further request for postponement will receive a refund of 50% of the course tuition and new registration will be mandatory at a session date in the same calendar year.

Tags: , , , , , , , , , , , ,

Comments are closed.