Author: Bill Hawk | September 29, 2017

NERC has filed mandatory standard CIP-013-1 for supply chain risk management, requiring controls to mitigate cyber threats and their impact to the reliable operation of the Bulk Electric System. It is important that utilities carefully integrate the required new procurement processes with existing procedures to minimize impacts and maximize effectiveness.

The Key Requirements Include:

  • A Cyber Security Risk Management Plan with formal documented operating processes to protect against supply chain risks.
  • Security controls for industrial control systems that address software integrity and authenticity; vendor remote access; information system planning; and vendor risk management and procurement controls.
  • Risks to cyber systems must be identified and addressed during the planning, acquisition, and deployment phases of the system life cycle.

Utilities should review their processes and systems, track industry developments, identify existing controls, and plan to develop, adopt, and integrate new controls necessary to meet the requirements of NERC’s mandatory supply chain standards.

Contact Us

Related Services

View All Services
trc-bill-hawk
Bill Hawk

Bill Hawk is TRC’s Director of Private Networks Engineering. He is a Professional Engineer with over 35 years of experience in the planning, design and implementation of all aspects of utility networks and communications systems, security systems and Smart Grid/Distribution Automation systems. His areas of expertise include technology, project planning, requirements definition, project team management and project coordination. Bill has successfully completed numerous large telecommunications and security projects with local, municipal and state utilities, governments, school districts, commercial and industrial businesses, universities and university systems. Contact Bill at BHawk@trccompanies.com.

4ca51773-yankowski-1
Alan Yankowski

TRC's Cyber Security Program Manager, Alan Yankowski has 30 years of experience directing complex projects that build and optimize organizational processes, measurement systems and infrastructure in a variety of industries. He has worked on physical and cyber security threat and vulnerability assessments for transit ports, public buildings, utilities and chemical facilities. He is experienced in a broad array of security programs and methodologies, including CFATS, NERC CIP, FEMA 426/452, FEMA 455 IRVS, and FTA. He holds a BA in Chemistry from the University of Rochester.