The One Thing your Utility Security Program is Missing

Published by Axio

Ever since the Federal Energy Regulatory Commission approved mandatory cybersecurity standards for the nation’s grid, self-proclaimed gurus and experts have been making a headache of things. The Critical Infrastructure Protection (CIP) standards are one of the few compliance requirements that can monetarily penalize asset owners/operators for poor cybersecurity hygiene. And all the cool kids want to be CIP “ninjas.” But how do hiring managers, engineers, or IT peers know that the person they are talking to is really a CIP master?

Late last year, SANS announced a new certification for electric grid stakeholders interested in verifying their CIP chops—the GIAC Critical Infrastructure Protection (GCIP) certification ( ). The multi-hour exam tests participants on all the necessary knowledge and skills needed to execute a successful utility security program, including:

  • BES Cyber System identification and strategies for lowering their impact rating
  • Nuances of NERC defined terms and CIP standards applicability
  • Strategic implementation approaches for supporting technologies
  • Recurring tasks and strategies for CIP program maintenance

The exam is great for life-long CIP experts and newbies who want to take that next step in their career. Moreover, it covers the entire CIP universe—so you know any GCIP certified personnel will be a well-rounded security professional with an understanding of compliance, technical aptitude, and all the various components to not just be compliant, but to be secure.

The certification is accompanied by a course from SANS, the foremost leader in security training —ICS456: Essentials for NERC CIP ( ). The course is not a prerequisite for taking the certification, but the amount of information you will be given over 5 days (and 25 hands-on labs!) will definitely help out any one looking to prove themselves with the GCIP.

Contact Axio today to learn more about how your organization can better manage cyber risk.

NIST releases the Cybersecurity Framework V1.1 Draft 2 with new guidance. In February 2014, the US National Institute of Standards and Technology (NIST) released the first version of the Cybersecurity Framework (CSF), as directed from Executive Order 13636. Later that year, Congress passed the Cybersecurity Enhancement Act and solidified NIST’s role with critical infrastructure owners…

Being first is usually thought of as a good thing. Except when it’s not. Take the recent Equifax data breach, for example. It’s the first of its kind in many ways—not the least of which is its overall impact on the average American—but in no way is this a good thing. Unless you have been…