The Cost of Security Management for North America Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Compliance

This paper provides a model for assessing a utility's cost for implementing an in-house Security Management function in support of NERC CIP requirements. The purpose of this model is to provide a basis of comparison that may be used to evaluate alternative Security Management proposals, both in-house and available through managed service providers. On October 19, 2006, the Federal Energy Regulatory Commission (FERC) approved its Notice Of Proposed Rulemaking (NOPR) on Reliability Standards. In a unanimous vote, the five Commissioners elected to adopt the Security and Reliability Standards proposed by the North American Electric Reliability Council (NERC), which FERC certified as the US's single Electric Reliability Organization (ERO) in July.