November 10, 2014

CIP-002 Critical Cyber Asset Identification

NERC Standards CIP-002 through CIP-009 provide a cyber security framework for the identification and protection of Critical Cyber Assets to support reliable operation of the Bulk Electric System.

These standards recognize the differing roles of each entity in the operation of the Bulk Electric System, the criticality and vulnerability of the assets needed to manage Bulk Electric System  reliability, and the risks to which they are exposed.

Business and operational demands for managing and maintaining a reliable Bulk Electric System increasingly rely on Cyber Assets supporting critical reliability functions and processes to communicate with each other, across functions and organizations, for services and data. This results in increased risks to these Cyber Assets.

Standard CIP-002-5.1 requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System. These Critical Assets are to be identified through the application of a risk-based assessment.

Applicability
Within the text of Standard CIP-002-5.1, “Responsible Entity” shall mean:

  • Reliability Coordinator
  • Balancing Authority
  • Interchange Authority
  • Transmission Service Provider
  • Transmission Owner
  • Transmission Operator
  • Generator Owner
  • Generator Operator
  • Load Serving Entity
  • NERC
  • Regional Entity

The following are exempt from Standard CIP-002-5.1:

  • Facilities regulated by the U.S. Nuclear Regulatory Commission or the Canadian Nuclear Safety Commission.
  • Cyber Assets associated with communication networks and data communication links between discrete Electronic Security Perimeters.

See the NERC website for more details regarding Critical Infrastructure Protection Standards.

SureID and Force 5 Partner to Deliver Innovative Vetting and Cost Recovery OfferingPress Release