WASHINGTON, D.C. – NERC developed a practice guide to facilitate the deployment of network monitoring solutions in response to the Department of Energy’s (DOE) 100-day plan. The guide addresses the application of NERC’s Critical Infrastructure Protection (CIP) Reliability Standards during such deployments. DOE’s initiative, which was launched on April 20, advances technologies that provide increased and/or enhanced cyber visibility, detection and response capabilities for utilities’ industrial control systems (ICS) and operational technology (OT) networks to better protect the nation’s grid.
While many entities have already deployed these types of technologies within their OT environments, NERC anticipates an increase in deployments across industry to enhance threat detection and response capabilities, in light of the 100-day plan. To provide additional transparency on how CIP standards apply in connection with these deployments, NERC developed the practice guide formally titled the ERO Enterprise CMEP Practice Guide: Network Monitoring Sensors, Centralized Collectors and Information Sharing. The guide outlines a framework for a common approach to auditing compliance with the CIP Reliability Standards when a registered entity deploys detection and monitoring technologies that include network monitoring sensors and centralized data collectors and may involve the sharing of data collected with third parties.
NERC is supportive of the DOE’s initiative encouraging the deployment of network monitoring solutions to enhance the overall cyber defenses of the electricity industry and promote increased information sharing.
Full Announcement
