NERC is the North American Electric Reliability Corporation. Their job is to monitor and maintain the standards for the North American “Bulk power transmission.” Essentially, NERC watches over all large electrical power stations and the dispersion of large amounts of electrical power throughout the United States, Canada and Mexico.
Although usually taken for granted, Critical Infrastructure connects east to west, north to south, and ensures businesses and homes can operate on a daily basis. With the news reports of hurricanes, mudslides, and fires, it’s easy to think that natural disasters are the main threat against such infrastructure. However, cyber attacks increasingly threaten the functionality of Critical Infrastructure. Even in the cybersecurity world, the top priority tends to lean toward information security. To draw more attention to the vulnerabilities of Critical Infrastructure and to improve industry cyber security standards, the North American Electric Reliability Corporation (NERC) formulated a Critical Infrastructure Protection (CIP) plan. The NERC-CIP standards work to improve the security and infrastructure protection of North America’s power bulk system by protecting physical and cyber assets.
Security threats against utilities have been a constant focus for bulk power systems (BPS) for decades. After a massive outage in August 14, 2003, 50 million people in the Northeastern United States (U.S.) and parts of Canada were left without power for most of the evening. The problem that federal authorities dealt with in the aftermath of the blackout was how to handle those responsible for the blackout. Since there was an absence of federal regulations related to a blackout of this magnitude and no federally mandated processes that BPS operators needed to follow, it was impossible to fine those responsible.
The electric utility industry is built on a foundation that requires an ultimate level of security to operate effectively. As hackers multiply and their level of sophistication increases rapidly, the electric utility industry must also evolve its cybersecurity defense capabilities. A recent survey of 140 North American electric utilities found that 88% of respondents expect cyberattacks to increase within the next 2 to 3 years. That figure is meteoric and most likely slightly distressing for those bulk power system (BPS) operators that haven’t gotten up to speed on patching their software vulnerabilities quite yet.
Access to a stable power source is a central component of our daily lives in the modern United States. Power generation, transmission, and delivery has been designated critical infrastructure in the United States, and as such is subject to heightened regulatory scrutiny and security requirements.
One of the most important regulatory bodies ensuring the security of our critical power infrastructure is the North American Electric Reliability Corporation (NERC). NERC is a not-for-profit corporation that has been granted regulatory authority over the bulk power delivery system in the United States. Maintaining compliance with NERC regulatory standards is an ongoing requirement for entities that fall within the scope of the bulk power system. In this article, we’ll break down what NERC is, what NERC does, and outline how entities within the bulk power system can achieve Nerc compliance through a Nerc compliance program.
Flashback to August 14, 2003 when North America experienced its worst blackout to date with more than 50 million people losing power in the Northeastern and Midwestern United States and parts of Canada. Less than 3 years prior to this massive blackout, the North American Electric Reliability Corporation (NERC) had been appointed as the electric utility industrys primary point of contact with the U.S. government for national security and critical infrastructure protection issues. After nearly eight (8) months of investigations into the record-breaking blackouts, NERC found that the prevention of future blackouts could be done through making Reliability Standards mandatory and enforceable through the U.S. federal government.