Taken as a whole, the North Electric Reliability Corporation (NERC) CIP Standards 002-009 are supposed to offer comprehensive protection and regulation of sensitive data. Critical Cyber Assets and specific non-critical Assets require a variety of protocols for protection, from protecting actual physical access to cyber security and personnel access and training.
CIP standard violations do happen, either with or without intent and even accidental violations need to be reported and monitored. The following five standards have the highest number of all-time violations.
Top 5 Most Often Violated CIP Standards
CIP 007: This NERC standard requires responsible parties to prevent and be aware of both Critical Cyber Assets and specific non-critical Cyber Assets as defined by the NERC. CIP 007 covers everything – from the installation of new protocols and software and ensuring that new additions do not negatively impact existing cyber security protections, up to monitoring and protecting of current assets. Assets need to be protected from external and internal harm due to accident, negligence or actual criminal intent. This is the most frequently violated standard, with a record 52 all-time violations.
CIP 004: This NERC standard applies specifically to the employees or vendors allowed to access, use or read sensitive data and have access to Critical Cyber Assets. CIP 004 applies to both in house staff and vendors and requires that anyone granted access to cyber assets be trained and have an awareness of the sensitive nature of the information and equipment they are working with or around. A documented personnel risk assessment, proper security training and accurate records are a must. CIP 004 is the second most frequently violated standard, with a total of 32 violations.
CIP 005: This standard requires an electronic security perimeter for each facility that houses Critical Cyber Assets. The security perimeter is designed to stop leaks and prevent unauthorized access. From documenting personnel and system access to actually preventing outside access to the network, CIP 005 is basically designed to be a cyber, virtual fence that safeguards critical materials. This standard has been violated 16 times.
CIP 006: The housing of hardware and equipment and protections of hard physical assets is covered under NERC CIP 006. This section requires a fully enclosed, six wall border whenever possible as a physical deterrent to cybercrime. By protecting the tools and hardware, the physical security and personnel safeguard the actual equipment used by Critical Cyber Assets. This physical asset protection standard has been violated 15 times.
CIP 003: This standard, violated 12 times, requires that Responsible Entities appoint and train the correct staff or team members to fill critical safety positions and responsibilities and to maintain compliance to NERC standards. Leadership includes assuming responsibility for compliance to all of the relevant CIP standards, from 002-009 and for the cyber security of the facility or entity as well. The staffer in charge of compliance must maintain records of both the security measures sand the personnel with access to critical data and update these records on a regular basis.
From paperwork to actual physical security, the NERC standards that are most often violated cover all aspects of cyber security. For truly secure data, networks and physical settings, all of the standards need to be met at by every Responsible Entity. In many cases, training and increased security awareness and buy in by key team members can ward off trouble and keep essential networks secure.
Violations like these can easily be avoided if employees are updated with NERC standards necessary for quality and excellence.