White Papers

*Note: CRSI white papers are available to all members of Registered Entities or electric utilities. 

New and Modified 693 Standards: Preparing for Regulatory Change

November 15, 2016 - Published by Jonathan Roe

Preparing for Regulatory Change NERC does not overly concern itself with the impact modified or new Reliability Standards will have on Regional Entities (REs). However, NERC does try to ensure REs have sufficient time to implement requirements into their organizational...

The CFATS Act of 2014

August 11, 2016 - Published by Jonathan Roe

Concerns about the hazards of high-risk chemicals triggering significant damage and loss of life as population density has placed more people near chemical facilities and along freight train routes was growing prior to the 9/11 event.   After 9/11, the industry...

How to Conduct a NERC CIP CVA

August 9, 2016 - Published by Jonathan Roe

In 2006, NERC adopted the CIP Standards. The Standards establish the minimum requirements needed to ensure the security of the electronic information exchange supporting the bulk power system. Yet, industry feedback at conferences and meetings before and after the Standards were...

NERC Audit Preparation as an Extension of Your CIP Program

July 25, 2016 - Published by Jonathan Roe

Successfully passing a NERC CIP version 5/6 audit can be an arduous undertaking, yet many entities get through it with a manageable amount of stress and minimal disruption to normal operations.  I am frequently asked, “Why is it that NERC...

Low Impact CIP Requirements

June 30, 2016 - Published by Jonathan Roe

This whitepaper provides an overview of FERC-approved requirements that entities must follow for Facilities determined to include low impact BES Cyber Systems and future directions that have been assigned to the current drafting team. In addition, the paper makes the...

Configuration Change Management of BES Cyber Assets in NERC CIP

May 31, 2016 - Published by Jonathan Roe

The North American Electric Reliability Corporation (NERC) has dramatically emphasized configuration change management by providing it with its own Standard and as such configuration change management demands special attention. Additionally, though NERC has dedicated a section within the Critical Infrastructure Protection (CIP) Standards...

NERC’s JRO and CFR

May 31, 2016 - Published by Jonathan Roe

The North American Electric Reliability Corporation (NERC) requires that all owners, operators and users of the Bulk Electric System (BES) register for the functions in the NERC Functional Model applicable to their organization. This is a relatively straightforward process for most entities. However,...

Implementing a Vulnerability Management Program

May 31, 2016 - Published by Jonathan Roe

The purpose of this paper is to explain the scope of a Vulnerability Management Program, explain the need for having a Vulnerability Management Program with several strategies by which your organization can improve processes reducing the time that your technical staff addresses vulnerabilities...

CSIRT Methodologies

May 31, 2016 - Published by Jonathan Roe

The Computer Security Incident Response Team (CSIRT) program comprises formal procedures for information security incident management and subsequent communication to relevant parties. These CSIRT Procedures provide a framework by which information security incidents or events are mitigated and communicated in a manner allowing...

Trend Analysis

May 31, 2016 - Published by Jonathan Roe

Companies waste thousands of dollars every year with Band-Aid fixes after an incident occurs. However, a better solution is to create a trend analysis program to better track, monitor, and link incidents to enable seeing the bigger picture. Trend analysis...

Efficient. Effective. Sustainable.

Let's Talk Solutions