Automating NERC CIP Cybersecurity Assessments
By Jeff Pack
Performing cybersecurity vulnerability assessments for NERC CIP substations is normally a task that involves extensive manual effort. There are several checks and documentation steps required to complete the assessment. POWER Engineers has performed and participated in NERC CIP cybersecurity vulnerability assessments for several organizations and provides recommendations and lessons learned for improving and automating the process. The cybersecurity vulnerability assessment is a key process for maintaining an acceptable level of residual risk in the substation operational environment. With a selection of automation tools and process refinement, this formidable task can be improved to have less impact on staff and improve the accuracy and quality of the results.