Are You Ready For NERC CIP V5?

Nick Santora | April 1, 2015

Well starting today, you have exactly 1 year to get ready for NERC CIP V5 compliance if your organization has High or Medium Impact Assets. We know that we can’t just flip a switch and go from a CIP V3 program to a CIP V5 program. We also know that we can’t go from a non-CCA CIP V3 program to a full CIP V5 program.

NERC, the Regions, industry, and the V5 Transition Advisory Group are working very hard to develop NERC Lessons Learned and other guidance products. Over the past few years there have been a lot of gripes, a lot of complaints, and a lot of should haves. But the fact of the matter is, CIP V5 is real and it’s coming. With so many challenges ahead, NERC compliance is truly becoming a priority for anyone with the acronym CIP in their title.

Since we are in heat of March Madness, how about a basketball analogy. Imagine a basketball game between team Industry and team CyberThreats. Team CyberThreats doesn’t play by the rules, their roster is constantly expanding, and no one ever gets called for a foul. It seems very unfair but that’s how this game is played.

NERC and FERC also have a role in this game, coaching for team Industry. NERC and FERC design the plays, but the industry is actually playing the game. Industry players and the coaching staff may not always see eye to eye, but it is important to remember they are all on the same team and share the same opponent.

So here is the catch. While the lead may swing back and forth, no one ever truly “wins.” You can’t win a game that never ends.

So you might be asking yourself, “What does any of this have to do with CIP compliance?” Think of NERC CIP as a coach’s playbook, building the foundation of strategic plays for the game. NERC CIP will continue to be utilized when building a foundation of cybersecurity controls.

Whether you are a regulator, industry member, contractor, or vendor, I am asking you to support team Industry and NERC CIP. Get involved with the Lessons Learned process, the standards drafting process, and any other ongoing activities at NERC. CIP V5 is coming, so take advantage of every opportunity available to contribute and engage your organization with CIP.

Looking for guidance with your CIP V5 program? Contact Curricula today.

Author: Nick Santora
  • Nick Santora

CISSP, CISA, Chief Executive Officer of Curricula.