Through SANS, I had the opportunity to take ICS456: Essentials for NERC Critical Infrastructure Protection following the SANS ICS Summit in May 2023. My graduate research is centered in the cybersecurity of electric power systems, and my focus is specifically on the automation of vulnerability and patch analysis processes— including those required for NERC CIP compliance under CIP-007 R2. I had some level of familiarity with the CIP standards, but I’m not responsible for implementing standards or maintaining compliance at an electric utility. In many ways, I knew just enough to know that there was a vast ocean of things I didn't know.

When I told colleagues that I took a five-day NERC CIP course, many of them responded with “Wow, I’m sorry”—but then, I could respond and tell them that, in fact, I had a great time. The CIP standards were explained clearly and thoroughly, but they were also discussed in the context of their creation and development. “Quirks” in the standards that are confusing when viewed individually suddenly become clearer when they are fit into the history of the regulation.

As a graduate student, it can be difficult to find opportunities to interact with professionals in the field. Academic conferences do not typically have a strong industry presence, and funding is not always available for travel to industry conferences or professional training. The opportunity not only to take this class, but to take it in-person with other students, many of whom were from electric utilities, was invaluable.

Because of the things I learned in ICS456, I have been able to better direct and inform my research and that of others in my lab. I feel better positioned to facilitate collaboration between academia and industry. I even took the GIAC exam and achieved my GCIP certification in September.

None of this would have been possible without the generosity of SANS and the dedication of the SANS ICS faculty.