Network Encryption from CipherOptics
 
 
 Company Overview
 Executive Team
 Board of Directors
 Executive Advisory Board
 Newsroom
 In the News
 Trophy Room
 Press Releases
 Careers
 Solutions Overview
 Network Encryption
 MPLS Security
 Metro Ethernet Security
 International Data Protection
 Network Security & Data Protection
 Disaster Recovery
 Point-to-Point Encryption
 Real-time & High-volume Applications
 Secure Information Sharing
 Products Overview
 CipherEngine™
 Security Gateways
 Service Offerings
 Resource Center
 Compliance Overview
 HIPAA Compliance
 Sarbanes-Oxley Compliance
 GLBA Compliance
 CA SB 1386 Compliance
 PCI DSS Compliance
 Basel II Compliance
 FERPA Compliance
 FFIEC Compliance
 ISO 17799 Compliance
 NERC Cyber Security
 Government Overview
 Government Regulations
 FISMA Compliance
 DoD 8100.2 Compliance
 NISPOM Compliance
 DCID 6/3 Compliance
 Government Security News
 10Gig Network Encryption
 Partner Overview
 Strategic Partners
 Resellers
 Technology Partners
 Become a Partner
 Partner Portal Login
 Contact Information
 Web Contact Form
 Support
 
   

Compliance
Quick Links
Secure Information
Sharing
 White Papers
CipherEngine
Resource Center
Compliance Video
Regulatory Compliance Overview Video
Watch the video
Contact Us
1-877-878-6655
info@cipheroptics.com
Request more information

Click here to chat with a CipherOptics representative
Available Monday - Friday
9am - 5:30pm EST
Home > Compliance > NERC Cyber Security Compliance

NERC Cyber Security Compliance

The North American Electric Reliability Council (NERC) has issued eight reliability standards on cyber security. These Cyber Security Standards, effective June 1, 2006, provide a cyber security framework for the identification and protection of critical cyber assets to support reliable operations of the bulk electric system. Electric power providers must begin work or show substantial compliance by mid-2007 and show auditable compliance by mid-2010.

How does CipherOptics help?
CipherOptics CipherEngine enables Secure Information Sharing, which assures the confidentiality, authenticity, and integrity of data in motion on any network. Our approach to protecting both your network and your data is to deny access to everyone, permit by exception. With that as our driving force, our solutions provide you with both encryption and authentication of all your critical information.

We use 256-bit AES encryption that is approved by the government for "sensitive but unclassified" information; our solutions authenticate networks and packets, as well as, protect data. Using the robust secure hash algorithm (SHA-1) to verify the integrity of the data, rejecting any packets that have been manipulated or altered.

Best practice for NERC cyber security compliance requires a layered approach to network and data security. By protecting all data on your organization's network, CipherOptics is an important component of this comprehensive security strategy.

What does CipherOptics do?
CipherOptics is the leader in network-wide encryption. Offering an innovative policy and key management solution, coupled with high speed, low latency encryption technology, CipherOptics helps their customers mitigate the risk of data leakage, loss and theft over any network.

Who is affected by NERC?
All entities responsible for planning, operating, and using the bulk electric system must comply with NERC reliability standards. This encompasses essentially all the power systems of the contiguous United States, Canada, and part of Mexico.

What are the requirements of NERC?
NERC's board approved Cyber Security Standards CIP-002 through CIP-009 in May 2006, replacing the Urgent Action Cyber Security Standards of August 2003 that were in place. These eight new standards address different aspects of cyber security. Like several other security regulations, NERC Cyber Security Standards mandate the goals for information security without prescribing specific solutions.

Standard CIP-007, titled "Systems Security Management," "requires responsible entities to define methods, processes, and procedures for securing those systems determined to be critical cyber assets, as well as the non-critical cyber assets within the electronic security perimeter. ("Cyber assets" are defined as all "programmable electronic devices and communication networks including hardware, software, and data.") This standard has nine requirements related to network and system security. Requirement number eight (R8) calls for an annual cyber vulnerability assessment along with remediation or mitigation of the identified vulnerabilities.

What are the penalties for NERC non-compliance?
Though not yet put in place, penalties for non-compliance are forthcoming. Under the present system for maintaining reliability, industry compliance is mandatory but it is not yet enforceable; thus NERC has largely been limited to conducting compliance reviews. On August 8, 2005, President Bush signed H.R. 6, The Energy Policy Act of 2005, into law. The law contains provisions that will make compliance with NERC standards mandatory and enforceable. NERC is currently working with industry and government to implement the reliability provisions of that law.

How do organizations comply with NERC?
In order to comply with the Cyber Security Standards, electric power providers must demonstrate the reliability, adequacy, and security of technology resources (including software, electronic data, computers, and communications networks) that interact with electric system operations. They must also close any security gaps that are identified in the vulnerability assessment.

One of the most basic network security measures is the protection of critical data when it is most vulnerable-traveling over internal or shared external networks. Organizations must ensure the integrity, authenticity, and confidentiality of critical data in transit.

Helpful Resources
NERC Standard CIP-007-1 (Systems Security Management)
NERC Standards CIP-002 through CIP-009 Implementation Plan
 
Copyright 2002-2008 CipherOptics, Inc. | All rights reserved | 1-877-878-6655
Trademark and Legal Notices | Privacy Policy | Site Map