Spring is here, and that means generally cool, but not cold days.  Days where the wind blows through open windows, a light jacket is all you need for walking around, and both Daylight Savings Time and the axial tilt of this wonderful planet have graced us sunshine into the evenings.  These are the days when we have a chance to emerge from our electronic hibernation, away from our power-sucking gadgets in our winter nests, and enjoy the fellowship of our fellow humans.

And if you go to the Generation Focused Security Training in Denver on April 17th and 18th, you’ll also know that this is partly why Spring is big outage season for power stations in many parts of the United States.  You’d know that now is when the drop in electricity demand corresponding to the weather and human activities allows many power stations that have been running since ~October to come down for much needed maintenance and upgrades.

Now is your chance. The Generation Focused Security training is intended to communicate good cyber security concepts in the context of a generation station, and links those concepts with the paired NERC CIPv5 Foundations course offered by our partner, EnergySec.

Day 1 is the excellent CIP v5 Foundations course offered by EnergySec. The Foundations training will prepare attendees to face version 5. In this course we will:

  • Explain the 19 terms with new or revised definitions and other important terms that are still undefined
  • Describe the 13 categories of assets to which requirements apply
  • Explain the new bright line criteria and the three tier (High/Medium/Low) approach to asset classification
  • Walk through a detailed mapping and discussion of the new, revised, and retired requirements
  • Discuss the two new standards in version 5
  • Explore future changes that may result from the FERC Order on version 5
  • Provide references and discussion on the pertinent NERC filings and FERC rulings on these standards

Day 2 of the paired course will examine and impart established cyber security concepts in the context of a Generation Station, and link those concepts to the Foundations points from Day 1. The intructor shall discuss all concepts in the context of a model plant, designed to allow conversations on different control systems and networks. Emphasis will be on how cyber security measures have been successfully and unsuccessfully applied in the generation environment, strategies for implementation and operation, common problems and solutions. And finally, the course will discuss vulnerabilities in control systems, and introduce all students to tools used by penetration testers and hackers to better prepare them for challenges ahead.

As the generation business is different, so too are the ideas and concepts when applying cyber security concepts to the operating environment. And placing cyber security controls into the generation context will be increasingly important over the next two years, as more Generation is brought into the mix of NERC CIP regulations.

Those interested may register on the EnergySec website here. Cost for the paired training is $1,295.00 total, a savings of $100 is recognized when signing up for both courses.  Seats are limited to the first 25 participants, and EnergySec partners are offered their customary training discount.

title image by James Sarmiento (old account)