GE MDS Assists Customers with Wireless NERC/CIP Compli ance In July 2006, the North American Electric For more detailed information on how GE MDS Reliability Council’s (NERC) Critical wireless solutions can help your organization meet Infrastructure Protection (CIP) standards went NERC/CIP standards, please download our whitepa- into effect with CIP compliance audits slated per, GE MDS Solutions Help Electric Utilities Comply to begin in 2007. The question now facing many with NERC/CIP Cyber Security Standards, at www. utility organizations is, “are we ready?” gemds.com/e/cip, or call 585.242.9600. According to NERC, the intent of the CIP Cyber Security Standards is “to ensure that all entities responsible for the reliability of the Bulk Electric Systems in North America identify and protect Critical Cyber Assets that control or could impact the reliability of the Bulk Electric Systems.”

What can you do to comply? The standards outline specific requirements to protect access to communications devices and networks that use routable protocols, such as TCP/IP. When non-routable serial protocols, which are typically used in SCADA, are transported over IP—a common practice—they must then adhere to the same requirements of routable protocols. There is an additional note of interest for utility companies not required to follow these new standards. According to a recent report completed by the Utilities Telecom Council (UTC), “...even if a utility does not fall under the standards, many other utilities are obliged to comply, and those companies will have to be comfortable with the security of their dealings with other utilities...” UTC and other industry experts expect the standards eventually to have wider acceptance than NERC’s current authority. The GE MDS solution There are eight different CIP standards covering everything from Security Management Controls and Critical Cyber Assets, to Incident Reporting and Recovery Plans. Each one of the eight standards defines a series of specific requirements. GE MDS radios help electric organizations meet several CIP standards with features such as RADIUS authentication, SNMP traps, multi-character password requirements, and physical port permissions.