A Case Study: Addressing NERC CIP using an IAM Strategy
Given the increased relevance of NERC CIP compliance in the Energy sector over the last 12 months, we have been focusing on this topic from an Identity and Access Management (IAM) perspective since early this year. Our CTO, Ash Motiwala posted a couple of very good blog articles on this subject: A NERC CIP Quick Win = Recertification + Closed Loop Deprovisioning and An Introduction to NERC CIP Compliance and Identity & Access Management Technologies.
Next week, on Tuesday, May 11th from 3 to 4 pm EDT, we will be hosting a webinar featuring a case study by one of our clients in the Energy sector: PPL. Details for the event and the registration page are available here.
PPL, formerly known as PP&L or Pennsylvania Power and Light, is an energy company headquartered in Allentown, Pennsylvania. It currently controls over 11,000 megawatts (MW) of electrical generating capacity in the United States, primarily in Pennsylvania and Montana, and delivers electricity to 1.4 million customers in Pennsylvania.
I will be presenting, alongside Pete Johnson, Director of Information Assurance at PPL, and will be discussing their approach to streamlining and maintaining compliance with several regulatory requirements, with a specific focus on NERC CIP, using IAM. I had the opportunity to work directly with Pete and the PPL team in defining and starting the execution on their IAM strategy, and I believe that this case study will be valuable to any organization subject to multiple regulations in any vertical, not just Energy. Evidently, the stiff fines that are now enforceable by NERC (of up to US$1M per incident per day), are a very strong driver in the Energy vertical.
Consistent with our style, this session will be very "meat-and-potatoes". We intend to keep this vendor agnostic, without marketing jargon, focusing mainly on the practical knowledge and experience gained by PPL. Our intended audience is IT Managers, IT Professionals, CIO, CISO, COO, CTO, IT Directors, and Solution Architects. We are planning to leave time for a Q&A session towards the end, so I hope you can join us.
|If you are interested in setting up an IAM Workshop to help your organization get in line with NERC CIP regulations, here are a few things you could do: (1) Watch this webinar on IAM and NERC CIP, (2) Read this paper to learn how to define the appropriate stakeholders in your organization, and (3) Answer this IAM Workshop Questionnaire.|