SANS ICS reposted this
Vice President, Cybersecurity and Digital Transformation at EIP | ICS/OT Security Specialist, Educator, and Policy Architect | Shaping a Resilient Energy Sector through Strategic Vision & Collaborative Leadership
Something “compliance” this way comes… This weekend I’m taking to the home studio (setup courtesy of the SANS Institute) to record a new update for SANS ICS456: Essentials for North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection. With industry facing the most impactful updates to NERC CIP requirements in nearly a decade, it’s the perfect time to ramp for getting GCIP certified— the only independent certification addressing NERC CIP compliance programs from GIAC Certifications. ICS456 will help prepare any student attempting that exam and this recording will provide a new OnDemand version for students! While this course focuses on the current set of mandatory and enforceable requirements, we will showcase updated content on recent threats and best practices for securing real-time power systems operations. For the past year, you’ve only been able to take ICS456 in-person and I’m personally looking forward to OnDemand students getting additional flexibility to learn more about NERC CIP and fit their busy schedules! The course includes: 🔹 5 Sections covering all NERC CIP requirements with the “what” and “how” best practices, including technology to enable both security and compliance 🔹 Over 20 hands-on labs to reinforce technical topics, ranging from creating ESPs, to real-world ICS threat detection platforms, to forensics, and more! 🔹 Best practices to have not just a successful NERC CIP audit, but to change the culture of compliance and security and “bake it in” to the DNA of your utility If you’re interested in taking the most comprehensive course on power systems protection and NERC CIP compliance (something I wish we had 15 years ago!), you can pre-register for the OnDemand version of ICS456 here: https://lnkd.in/eTHyQJ6 cc author credit to Tim Conway and Ted Gutierrez
IMO, the NARUC/DOE CPG's are more broadly applicable across the entire energy industry and are in harmony with NSM-22 goals and objectives by providing baseline cybersecurity practices across all critical infrastructure.