NERC CIP for Low Impact Entities

This one-day course is designed for individuals working at utilities that have only low impact systems subject to the NERC CIP standards. This course will provide the detailed knowledge and understanding needed to achieve compliance with NERC CIP version 6.

Background

Terminology

Asset identification

  • How do you know you have only low impact systems?
  • low impact versus out of scope, what’s the difference?
  • What does CIP-002 require?
  • How do you document and defend your CIP-002 BES Cyber System Categorization process

Policy and management requirements

  • CIP Senior Manager
  • Cybersecurity Policies
  • Security plans for low impact systems

Low impact requirements

  • Incident Response planning
  • Physical Security requirements
  • Electronic security, LERC and LEAP
  • Security Awareness programs

Documenting compliance

  • What type of evidence is required
  • What to expect in an audit
  • Writing effective RSAW narratives

NERC’s Compliance Monitoring and Enforcement program

  • What you need to know
  • Inherent Risk Assessments
  • Internal Controls Evaluations
  • Internal Compliance Program reviews
  • Self-reporting and Self-certification
  • The audit process

Denver, CO – September 20, 2016
Columbus, OH – October 11, 2016
San Antonio, TX – November 8, 2016


Steven_Parker 112x150

Steven Parker

Steven Parker, CISA, CISSP, is President of EnergySec, and is a founding director of the organization. He has been engaged in critical infrastructure protection within the electric sector since 2001, including 8 years as a senior security staff member at PacifiCorp.  Mr. Parker was also part of the team that established the NERC CIP audit program at the Western Electricity Coordinating Council (WECC).  His experience includes a broad range of security disciplines including e-commerce, identity management, intrusion detection, forensics, incident response and investigations, security event monitoring, and NERC CIP compliance.

Wally Magda Headshot 112x150

Wally Magda

Wally Magda is a recognized cyber security expert for Industrial Control Systems (ICS) with over 22 years of utility experience. His deep security experience spans military, nuclear missile command and control, intelligence agencies, corporate enterprise and industrial control systems. He is a retired Western Electricity Coordinating Council (WECC) NERC CIP auditor.

Wally currently brings his passion and unique experience into conducting cyber and physical security training courses and assessments specific to ICS and NERC CIP.

He has a Bachelor of Science degree in Management Information Systems (MIS). His professional certifications include ISACA Certified Information Systems Auditor (CISA), ISC2 Certified Information Systems Security Professional (CISSP), ISA Certified Automation Professional (CAP), SANS GIAC Global Industrial Cyber Security Professional (GICSP) & Certified Incident Handler (GCIH), ASIS Physical Security Professional (PSP). He is also a Senior Member of the Information Systems Security Association (ISSA).

Brent Castagnetto Headshot 112x150

Brent Castagnetto

Brent most recently served as Manager, CIP Audits and Investigations for the Western Electricity Coordinating Council (WECC), the organization charged with compliance oversight for the Western Interconnection. Brent has more than six years direct experience auditing the CIP standards and helping the industry with compliance.
 
 

Leonard Chamberlin Headshot 112x150

Leonard Chamberlin

Leonard Chamberlin is a graduate of Tulane University with a B.S. in Computer Science.  He is a Certified Information Systems Security Professional (CISSP) with over 17 years of experience in large-scale digital network engineering, information technology, and industrial control system security.  During seven of those years, he was a consultant for Entergy in New Orleans, responsible for design, procurement, configuration, installation, monitoring, maintenance, training, documentation, change management, disaster recovery, and North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) compliance of their IP-based substation communications.  Prior to his time at Entergy, Leonard’s consulting work focused primarily on telecommunications clients, including partnering to create his own consulting firm.

Most recently, Leonard completed five years of service as an Energy Industry Analyst focusing on cyber security for the Federal Energy Regulatory Commission (FERC).  Leonard worked in the Office of Electric Reliability and in the Office of Energy Infrastructure Security.   Leonard was technical lead on audits (both observational and FERC-led), network architecture reviews, investigations, and NERC notice of penalties teams.  Leonard was team-lead for office involvement in the development of the National Institute of Standards and Technology (NIST) cybersecurity framework, resulting from Executive Order 13636.  He also participated in the NIST Smart Grid Interoperability Panel and Federal Smart Grid Task Force.

Leonard is currently a senior consultant with Archer Energy Solutions, using his unique experiences as both a regulator and as a cybersecurity professional in IT/OT environments to assist clients in improving their security postures and NERC CIP compliance programs.  Leonard also recently attained Certified Information Systems Auditor (CISA) certification.

Leonard holds a level four proficiency in Japanese, which has helped ensure successful projects when working with Japanese clients and delegations in the past.  Leonard is continuing his Japanese studies and hopes to eventually put those skills to use to facilitate improved collaboration with the Japanese on mutual threat actors and vulnerabilities that our two countries face.

Bryan Carr Headshot 112x150

Bryan Carr

Bryan most recently served as a Senior Auditor for Cyber and Physical Security at WECC for the past four years. Prior to joining WECC, he served as CIP Compliance Program Manager at PacifiCorp, a large investor-owned utility in the northwest U.S. Bryan has a very strong background in generation environments.