Integrating NERC CIP Guidelines To The Australian Energy Sector
In this blog article, we examine the North American Electric Reliability Corporation (NERC) as a regulatory compliance framework that provides valuable guidance for the Australian Energy Sector.
Share This Article:
It’s no surprise that industrial environments have become increasingly valuable targets for malicious behaviour, and the Energy Sector is no exception. As energy grids are growing and changing, implementing new technologies and leveraging more commercial off-the-shelf products has the potential to increase the area available to attack. Aspects such as remote management functions and new communication bearers all play into additional risks across both physical and cyber security for asset owners and operators.
An excellent reference for the Australian Energy Industry is the North American Electric Reliability Corporation (NERC). The relevance of NERC CIP has been discussed in previous articles and is well worth reading.
The latest NERC updates aim to integrate cyber and physical security concepts to ensure that across aspects of planning, design and operations, the mitigations to physical and cyber risks are considered. This also aligns well with the more universal Industrial Automation and Control System (IACS) standards such as IEC 62443 where risk management activities are required as part of the system design.
Those of you familiar with systems engineering aspects would appreciate the focus on the day of operations planning such as CONOPS and detailed requirements analysis and validation. Arguably, NERC’s holistic approach may mirror some of these processes to ensure that the outcome is a secure, resilient and available energy system.
The release of the NERC strategy focuses on risk management concepts such as identifying, verifying and concentrating on delivering mitigations aiming to improve security integrations.
There are four core features that are mapped to the NERC Risk Framework, including:
- Cyber-Informed Transmission Planning
- Security Integrated Design and Operations
- Grid Transformation
- Emerging Technologies and Security Practices
The four features above can guide asset owners and operators to prioritise the risk and then link the policies that should be implemented, including a focus on implementation timeframes.
The strategy also aligns with other in-flight projects such as the IEEE Technical Report PES-TR105 which provides a foundation for establishing security integration concepts.
Although not specifically developed for the Australian energy sector, there are certainly takeaways from this strategy that align with current efforts such as the SOCI Risk Management Program.
Anchoram encourages the use of suitable strategies, frameworks and standards and endorses a risk-based approach to the design and operation of critical systems. Read the full updated NERC report.
Finding specialist resources who can provide objective and independent advisory within the Energy Sector in Australia can be challenging, the good news is that Anchoram has both the energy industry and academic expertise and provides client-focused outcomes with high-quality deliverables.
For more information about how Anchoram can assist your organisation, contact us anytime.
In this blog article, we examine the North American Electric Reliability Corporation (NERC) as a regulatory compliance framework that provides valuable guidance for the Australian Energy Sector.
Share This Article:
Categories
Subscribe
Subscribe to our newsletter and get the latest news and information from Anchoram.