On September 14, 2020, the Federal Energy Regulatory Commission (FERC) and the North American Electricity Reliability Corporation (NERC) published a report titled Cyber Planning for Response and Recovery Study (CYPRES) that addresses incident response and recovery (IRR) planning and emphasizes best practices for the electric utility industry.
As part of a joint staff review, FERC partnered with NERC and its Regional Entities to conduct interviews with eight different entities varying in size and function to discuss their IRR approach. The CYPRES report was developed based on their observations of the entities’ defensive capabilities and on the effectiveness of their IRR plans. Along with best practices, the report identifies common elements among the entities’ IRR plans, includes important resources for addressing cyber threats, and highlights the value of team preparation and training.
Along with the in-depth questions around the IRR plans, the joint team interviews also focused on the need to support incident response. This included topics such as examining how employees who oversee and maintain various aspects of the plans ensure proper testing, appropriate staffing levels, funding, and training. Throughout the CYPRES report, team preparation and training are common elements and included in the various observations, key take-aways and best practices. Engaging a competent, experienced third-party consultant to assist with IRR planning, implementation and training can be a key factor to maintaining a solid program with best practice attributes.
Proven Compliance Solutions Inc. (PCS) has assisted multiple entities throughout the US and Canada with the development of their Cyber Security Incident Response Plans. Our CIP experts have provided extensive training and have developed and facilitated Cyber Security Incident Response Tabletop Exercises to meet the requirements of CIP-003 and CIP-008. This includes facilitator and participant guides, along with assistance in documenting lessons learned, updating plans, and assuring required notifications are made following the plan updates. PCS provides a full range of consulting services for both CIP and O&P NERC Standards, as well as our Standards Compliance Intelligence Portal (SCIP). For more information on how we can assist your organization with IRR plans/activities or any other NERC Reliability Standards compliance needs, contact Dale Zahn at dzahn@provencompliance.com or (262) 436-4116. To learn more about Proven Compliance Solutions Inc., visit our website at www.provencompliance.com.
