SANS Institute to Offer Computer-based NERC Critical Infrastructure Protection Training

Bethesda, Md. – SANS Institute, the global leader in information security training, has joined forces with industry leaders to develop training that helps ensure the reliability of the North American bulk electric system. The complimentary SANS webcast, taking place July 15, 2015, will discuss the Challenges and Strategies for Addressing the NERC CIP Version 5 Training Requirements.

The NERC Critical Infrastructure Protection (CIP) Version 5 standards which address the security of cyber assets essential to the reliable operation of the North American bulk electric system become enforceable on April 1, 2016. Compared to previous versions, the Version 5 standards include significantly increased training requirements for persons with authorized access to those cyber assets. The new standards which increase the number of facilities subject to the CIP requirements also result in an increase in the number of personnel requiring training. However developing, deploying, and maintaining the needed training content can be a challenge for most entities. The CIP standards are complex and in the case of the training standards, identifying the topics that must be covered is not necessarily obvious and getting it wrong can result in security gaps and penalties. Adding to the challenge, entities subject to earlier versions of the standards often had difficulty dedicating the internal resources needed to keep their custom training materials current. Those choosing to outsource their training efforts were quickly confronted with the high cost of custom training development.

To help the electric industry address the challenges of NERC CIP training, SANS has developed the CIP Version 5 CBT program consisting of thirteen individual modules addressing forty-nine topic areas. The training was developed by SANS team members experienced in developing and supporting NERC CIP compliance programs. The development team also worked with an Advisory Board consisting of fifteen CIP practitioners from electric utilities, Independent System Operators and a former NERC auditor. The Advisory Board participated throughout the development process beginning with defining what the training should include, and provided feedback on module scripts, video imagery, and end-of-module quiz questions. The result is an affordable training program that is consistent, technically accurate, highly engaging, and backed by the SANS reputation for quality.

The CIP Version 5 CBT program includes training on the role of the regulatory agencies, the requirements of the NERC CIP Version 5 standards, physical and cyber access controls, and the cyber-risks associated with operating interconnected computer systems. By also providing the ability to link to custom content, each module gives North American bulk power system owners and operators an opportunity to incorporate their internal cyber security policies and procedures that correspond to the module topic.

To learn more about the SANS CIP Version 5 CBT program, including an overview of each module and a full-length example, and to register for the NERC CIP Version 5 Webinar visit:

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (