Site loading image

Regulatory Updates

New NERC Standards Help Protect Against Cyber Attacks

Dwayne Stradford and Larry Fitzgerald | May 23, 2024

As part of NERC’s ongoing effort to bolster Critical Infrastructure Protection (CIP) requirements and enable the implementation of a security improvement concept known as virtualization, the organization has developed and approved standard modifications as well as a new standard focused on internal network security monitoring (INSM). CIP-015-1 will be submitted for FERC approval and will lead to new compliance obligations.

Extensive Revisions Support Enhanced Security through Virtualization

NERC’s efforts to enable utility use of virtual operating control technologies for Bulk Electric System (BES) Cyber Systems respond to the directives in FERC Order No. 822. In addition to the new CIP-015-1, revisions are being submitted for 11 CIP Reliability Standards, including new and revised Glossary of Terms definitions.

The proposed revisions accommodate the best cyber operating technologies and are intended to create an enduring and resilient family of CIP reliability standards in the face of a fast-moving technology field. Implementation of virtualization technologies allows for the application of enhanced cyber security controls and the ability to move access controls from the edge of communications networks to inside them. These newer security controls allow the industry to provide tighter security by moving access controls from an outer perimeter, closer to the actual code performing reliability related control tasks. The revised standards cover:

  • Cyber Asset and BES Cyber Asset Definitions to Implement Virtualization
  • Network and Externally Accessible Devices Security
  • Transmission Owner (TO) Control Centers Performing Transmission Operator (TOP) Obligations
  • Virtualization

CIP-015-1 Improves Internal Network Monitoring

The new CIP-015-1 closes a security gap identified in FERC Order No. 887. It improves the probability of detecting anomalous or unauthorized network activity to facilitate improved response and recovery from an attack. Internal Network Security Monitoring (INSM) related requirements focus on all high and medium-impact BES Cyber Systems including those with external routable connectivity.

CIP-015-1 requires internal network security monitoring within a trusted Critical Infrastructure Protection networked environment for all high impact BES Cyber Systems with and without external routable connectivity and medium impact BES Cyber Systems with external routable connectivity. The new standard is designed to require the power industry to keep its cyber based operating systems ahead of cyber-attacks. The INSM concept is expected to ensure early detection of network activity indicative of an attack, increasing the probability of early detection and allowing for quicker mitigation and recovery from cyber-attacks.

CIP-015-1 will require utilities to:

  • Implement, using a risk-based rationale, network data feed(s) to monitor network activity; including connections, devices, and network communications.
  • Implement one or more method(s) to detect anomalous network activity using the network data feed(s)
  • Implement one or more method(s) to evaluate anomalous network activity detected to determine further action(s).

Next Steps

NERC is expected to submit the two filings to FERC in response to the recent directives. The approval timeline varies based on FERC’s priorities and the expedited nature of the request. Stakeholders should proactively work to enhance their cybersecurity efforts, considering the forthcoming NERC CIP-015 standard. TRC’s cybersecurity experts, with extensive experience in all power system control subject areas, can provide an independent review of your compliance plans to meet these new mandatory regulations. Stay ahead by aligning your strategies with the proposed requirements to ensure seamless compliance.


FERC Order No. 822
Modifications to CIP Standards – Project Page
Project 2016-02 Implementation Plan
FERC Order No. 887
INSM related CIP standard change CIP-015 – Project Page
CIP-015-1 Implementation Plan

Your Trusted Regulatory Advisor

TRC closely follows the national, provincial, and state regulatory trends in all regions of North America. Our approach to power system security, engineering, planning, design, construction and commissioning testing, balances solutions that incorporate industry reliability risk trends, mandatory reliability standard requirements, regulatory guidance, compliance obligations, best practices, operational goals, and budgets. With expertise in power system planning, engineering, and operations. TRC supports public utilities and private energy providers in their efforts to stay ahead of the regulatory curve and to meet or exceed regulatory requirements as they evolve.

This regulatory update is provided as a service to TRC’s utility clients, helping to keep you informed of forward-looking issues that will impact your company’s electric system reliability risks along with related topics regarding regulatory developments, to help you achieve your company’s business goals.

Dwayne Stradford

Dwayne Stradford serves as TRC’s NERC Compliance Director in the Power Division. He is leading and coordinating TRC’s NERC compliance support services with our various power utility clients. He is an accomplished, diverse energy professional with over 30 years of engineering experience regarding real-time transmission operations, short/long term transmission planning, NERC Reliability Compliance Standards (both NERC-CIP and NERC O&P), Transmission Reliability Assurance, utility scale renewables integration, FERC Regulatory/RTO policy, and Project Management. He spent the bulk of his career (close to two decades) working for AEP but has considerable working experience in the electric utility industry as a professional consultant. He has worked with utility clients on transmission and generation related projects in all three interconnections, so he has breadth of regional BES experience throughout the entire country. Please contact Dwayne Stradford for more information.

Larry Fitzgerald

Larry Fitzgerald, CPTED, PSP, CPP leads TRC’s national Security and Emergency Management Practice, where he has supported security many different types of Critical Infrastructure, including dozens of utilities. He has assessed security, developed security master plans, security designs, developed policies, provided training, and overall security consulting/strategy for clients nationwide. Contact Larry at

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Read our Privacy Policy.