CIP consulting since 2003.
‍
Because sometimes you just want to hire someone who's done it before.

THE WIZARDS

OF CIP

REGIONAL REACH

We've got clients everywhere. That means every quirk a NERC Regional Audit could throw your way, we've seen.

REGIONAL REACH

We have clients everywhere. That means anything your Region throws your way, we've seen.

Label with teal dot and text reading NST Clients

BRIEF OVERVIEW

Making an Impact

NST makes an impact on every part of the grid. We've worked with the smallest municipally-owned cooperatives, to the largest investor-owned utilities in North America, and ISO/RTO organizations in every single NERC Region.

That's High Impact. Pun intended.

Generation

LOW + MEDIUM IMPACT

Hydros to nukes. Gas to solar. Wind powered, coal fired, and battery storage too.

15MW. 1,500+ MW. And more!

Transmission

LOW + MEDIUM IMPACT

From a single mile of 145kV, up to thousands of miles of 345kV, and every low impact and medium impact substation in between...we've heard "the hum".

Control Centers

LOW + MEDIUM + HIGH IMPACT

Primaries and backups. Data centers. Dispatch, monitor, balance, and control.

SERVICES

NERC CIP COMPLIANCE

NERC CIP is our bread and butter. Nobody's been doing it longer. Nobody has more experts on their team.

ALL NERC CIP SERVICES

Roles and Responsibilities

NERC CIP crosses a lot of "swim lanes" and hits different departments, well...differently. Plus our clients don't all divvy up the tasks the same way.

But whoever ends up carrying the ball, we can help with the blocking and tackling.

CASE STUDIES

Compliance

You’re doing governance, risk, oversight, quality assurance, and external communication with Regions and NERC. Maybe you want a Mock Audit or a Gap Assessment. Maybe you want help filling out the NERC ERT or writing RSAWs. Maybe you want to develop and document Internal Controls. Maybe you should give us a call.

Security

You need to monitor HR to make sure they initiate the process to remove access rights to former employees after they're terminated. You lock doors, check key cards, and keep track of inventories of assets. And you still need to produce evidence to support compliance.

OT/IT

You worry about network functionality and are required to make sure that various nodes within the system are able to talk with each other (and not with anything else). Maybe you want help to actually patch systems. Maybe you want to run a tabletop exercise to simulate a security incident. Maybe you want to better configure your baselines for BES Cyber Assets and Systems, and ensure that changes in configurations are captured.

Power Engineering

You make turbines turn, pumps pump, and electrons flow. You operate sensors monitoring data on fuels being burned, cooling devices being run, air intake valves, spinning windmills, sun-bathing solar panels, and water pressure behind dams. You have to generate evidence that may eventually be reviewed during an audit.

Purchasing/Legal

You might be new to CIP! CIP-013 and Supply Chain Risk Management fall on you. You have to vet your vendors, understand the risks they pose to the BES, and support the Compliance team with a whole bunch of evidence that didn't even exist before 2020.