FERC - NERC Compliance

icon_10The NERC (North American Electric Reliability Corporation) is a self-regulatory body responsible for ensuring energy industry compliance with Critical Infrastructure Protection (CIP) standards. These rules require organizations that deliver bulk electricity to the North American electrical power grid to identify and protect critical cyber assets. FERC (Federal Energy Regulatory Commission) oversees the power industry, but gives NERC the responsibility for maintaining and complying with CIP standards.

Bulk power suppliers must define methods, processes, and procedures for securing critical cyber assets, as well as the non-critical cyber assets within the electronic security perimeter. "Cyber assets" are loosely defined as all "programmable electronic devices and communication networks including hardware, software, and data."

Basic rules on FERC/NERC compliance:

·        Continuously monitor electronic access to critical cyber assets

·        Create and maintain a cyber security policy

·        Maintain documentation of the security perimeter, all interconnected cyber assets, and all electronic access points

·        Identify and implement electronic access controls for access to critical cyber assets within the electronic security perimeter, maintain documentation of the electronic access controls, and update that documentation at least annually

·        Protect information associated with critical cyber assets, plus policies and practices used to keep them secure

·        Establish system management policies and procedures for configuring and securing critical cyber assets

·        Document electronic incident response actions, including roles and responsibilities assigned by individual or job function.

GTB’s Data Protection solutions provide comprehensive NERC CIP data loss prevention for any energy company, utility or independent system operator that must protect its valuable cyber assets.

Advantages include:

Detection Accuracy:  GTB’s AccuMatch™ detection suite, recognized as having the highest accuracy in the industry .

Monitor and prevent sensitive data usage – Network, Advanced Endpoint, eDiscovery with real-time Data Classification plus content aware digital rights management: GTB Technologies provides the ability to monitor and block data loss on ANY PROTOCOL (including email, IM, Web, Secure Web (HTTP over SSL), FTP, P2P, and generic TCP. Endpoint protection includes storage devices such as USB drives, CD/DVDs, etc.

Internal controls: GTB Technologies allows organizations to demonstrate internal controls to comply with FERC /NERC requirements.  These requirements mandate the establishment, documentation, and maintenance of electronic access to critical cyber assets.