Genetec Guides Utility Companies on Security System Support for NERC CIP Compliance

How to select a security system that supports compliance with NERC CIP

Genetec has published a guide for utility companies on how to select a security system that supports compliance with the Critical Infrastructure Protection plan (CIP) of the North American Electric Reliability Corporation (NERC). The 12 published NERC standards are aimed at regulating, enforcing, monitoring and managing the security of the Bulk Electric System (BES) in North America. A subset of the full guidance follows.

CIP-002-5.1a: Cybersecurity – management controls. The goal is to categorize different BES Cyber Systems based on potential impact levels to understand how to manage vulnerabilities better and protect assets while regularly maintaining and reviewing them. Look for a security system that can provide an up-to-date breakdown of all connected devices and their statuses, to simplify the review process and quickly identify any that require immediate attention.

CIP-005-6: Cybersecurity - electronic security perimeter(s). This standard aims to secure access to BES Cyber Systems by keeping critical assets within a designated electronic security perimeter and closely monitoring them in case of suspicious activity. Organizations should ensure all security systems connected to the network infrastructure require secure authentication, encrypted communications, and users that have role-based permissions to access critical assets. Make sure an activity trail report of access is available to simplify investigations/audits.

CIP-008-6: Cybersecurity – incident reporting and response planning. To comply, put in place procedures to identify, classify, and respond to cybersecurity incidents and keep complete records of the incident and management process to report to the Electricity Information Sharing and Analysis Center (E-ISAC) for forensic analysis. A centralized security system that keeps a complete log of network activity and access, as well as a full history of the asset configuration data, will simplify investigation and recovery when required. Utilities should look for technology partners that can provide emergency support in case of a catastrophic system failure or cyberattacks.

CIP-013-1: Cybersecurity – supply chain risk management. Utilities should aim to develop a plan to identify and assess risk to BES posed by vendor products or services. It is important to ensure all critical vendors that are supporting the smooth functioning of the BES have clear cybersecurity guidelines in place that will not put the BES at risk. Ensure system providers do not have access to your system by default without consent, particularly in system-to-system remote access. Here are six questions to ask vendors to manage supply chain risk better.

Featured

  • Security Today Announces The Govies Government Security Award Winners for 2025

    Security Today is pleased to announce the 2025 winners in The Govies Government Security Awards. The awards honor outstanding government security products in a variety of categories. Read Now

  • Survey: 60 Percent of Organizations Using AI in IT Infrastructure

    Netwrix, a cybersecurity provider focused on data and identity threats, today announced the release of its annual global 2025 Cybersecurity Trends Report based on a global survey of 2,150 IT and security professionals from 121 countries. It reveals that 60% of organizations are already using artificial intelligence (AI) in their IT infrastructure and 30% are considering implementing AI. Read Now

  • New Research Reveals Global Video Surveillance Industry Perspectives on AI

    Axis Communications, the global industry leader in video surveillance, has released its latest research report, ‘The State of AI in Video Surveillance,’ which explores global industry perspectives on the use of AI in the security industry and beyond. The report reveals current attitudes on AI technologies thanks to in-depth interviews with AI experts from Axis’ global network and a comprehensive survey of more than 5,800 respondents, including distributors, channel partners, and end customers across 68 countries. The resulting insights cover AI integration and the opportunities and challenges that exist with regard to security, safety, business intelligence, and operational efficiency. Read Now

  • SIA Urges Tariff Relief for Security Industry Products

    Today, the Security Industry Association has sent a letter to U.S. Trade Representative Jamieson Greer and U.S. Secretary of Commerce Howard Lutnick requesting relief from tariffs for security industry products and asking that the Trump administration formulate a process that allows companies to apply for product-specific exemptions. The security industry is an important segment of the U.S. economy, contributing over $430 billion in total economic impact and supporting over 2.1 million jobs. Read Now

  • Report Shows Cybercriminals Continue Pivot to Stealthier Tactics

    IBM recently released the 2025 X-Force Threat Intelligence Index highlighting that cybercriminals continued to pivot to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined. IBM X-Force observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks. Read Now

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.