NERC Cybersecurity Compliance

NERC Cybersecurity Compliance

The North American Electric Reliability Corporation (NERC) is an international not-for-profit regulatory authority with the goals of assuring North America’s bulk power system is reliable and secure. NERC both develops and enforces reliability standards. NERC’s reliability standards extend to Canada, The United States of America, and northwestern portions of Mexico. NERC cybersecurity compliance needs factor into NERC regulations, which is understandable considering the growing concerns to keep power grids safe from possible attackers.

NERC compliance applies to owners and operators of bulk power systems which serve over 300 million North Americans. In the United States, the Federal Energy Regulatory Commission oversees NERC. Threatcare is the leader in proactive cyber defense, enabling companies to verify NERC cybersecurity compliance.

Reliability Standards include:

  • Annual assessments of seasonal and long-term reliability.
  • Awareness monitoring of the bulk power system.
  • Education, training, and certification of industry personnel.

NERC’s compliance monitoring measures reliability through assessment, investigation, evaluation, and audit. The development, adoption, and approval of standards by The Reliability Standards Development program is pursuant to Federal Energy Regulatory Commission (FERC), and in accordance with the Federal Power Act.

NERC enforces compliance and will issue sanctions to ensure confirmed violations are mitigated. NERC issues directives to address current violations and deter new ones. Confirmed violation sanctions are determined in accordance with NERC Sanction Guidelines, and are heavily based on risk factor and severity level. Following a violation, a mitigation plan must be submitted to NERC for approval, then executed.

Organizations choose the Threatcare Suite and its breach and attack simulation (BAS) technology software to verify proper NERC cybersecurity compliance practices.