How Proactive Video Monitoring Ensures Compliance with NERC CIP Guidelines

In January 2019, the North American Electric Reliability Corporation (NERC) asked the Federal Energy Regulatory Commission to approve a settlement issuing a record $10 million fine against an unidentified utility resulting from violations of Critical Infrastructure Protection (CIP) standards occurring from 2015 to 2018. NERC Critical Infrastructure Protection (CIP) Standards apply to cybersecurity and physical security planning and preparation for organizations and agencies part of the North American Bulk Electric System and the planning and preparation efforts to deal with national and regional critical infrastructure threats.

Although none of the unidentified utility’s violations resulted in outages, NERC concluded that the cumulative effect of the violations posed a serious risk to the reliability of the U.S. power grid because “many of the violations involved long durations, multiple instances of non-compliance, and repeated failures to implement physical and cyber security protections.” This record fine demonstrates how costly non-compliance can be and that committing to implementing physical security protections is a must for utility organizations. Many of the compliance challenges that utility companies face are directly related to longstanding security challenges.  Minimizing risks and liabilities is difficult across multiple facilities with remote, unmanned locations. Utility companies have traditionally addressed the situation with security guards, video surveillance cameras and fencing, which are all insufficient for numerous reasons:

  • Video cameras document activity but do not prevent crime
  • Fencing and other physical perimeter protections can be easily bypassed
  • On-site security guards are expensive and subject to fatigue and distractions
  • Incident reporting is a labor-intensive process and typically not comprehensive in documenting events


Netwatch Proactive Video Monitoring (PVM) provides you with peace of mind knowing your site locations, no matter how remote, are safe and secure and in compliance with NERC CIP regulations.

Here’s how it works…

  • Netwatch PVM enlists the expertise of highly trained Intervention Specialists who have specialized skillsets to detect, analyze and address potential threats as they are unfolding in real-time. This enables them to respond instantly with the best course of action to de-escalate or minimize harm to people, property, and assets.
  • Netwatch maintains best-in-class PVM Communication Monitoring Centers based in the United States with geo-diversity to maintain continuous vigilance of utility properties with total redundancy. These highly diversified and advanced security monitoring centers ensure constant and uninterrupted surveillance by a team of experienced security professionals.
  • PVM Communication Monitoring Centers employ cutting-edge surveillance and communication technologies including the latest advancements in AI-driven analytics, to ensure the highest levels of proactive situational awareness.
  • Netwatch specializes in providing security for commercially managed properties such as utility companies. By knowing your distinct security challenges and nuances, Netwatch PVM transcends traditional security services to support you’re your specific security and compliance needs.

Let’s take a look at some specific CIP regulations and how Netwatch PVM helps you address them.

CIP-006-5 Physical Security of BES Cyber Systems

B. Requirements and Measures

R1. Each Responsible Entity shall implement, in a manner that identifies, assesses, and corrects deficiencies, one or more documented physical security plans that collectively include all of the applicable requirement parts in CIP-006-5 Table R1 – Physical Security Plan

1.4 Monitor for unauthorized access through a physical access point into a Physical Security Perimeter.

1.5 Issue an alarm or alert in response to detected unauthorized access through a physical access point into a Physical Security Perimeter to the personnel identified in the BES Cyber Security Incident response plan within 15 minutes of detection.

Protecting the Perimeter

Utility sites must keep individuals with dangerous intentions off their property. The most effective solution is to monitor the perimeter and all external areas proactively with Netwatch proactive video monitoring (PVM) solution before they can physically damage a site’s infrastructure or equipment. PVM leverages smart technology through a purpose-built platform and dedicated, highly trained US-based intervention specialists that monitor unwanted behavior 24/7 and 365 days a year so potential threats can be identified immediately. Also, by leveraging PVM, utility companies can augment their guard services, a significant advantage for facilities with large difficult-to-walk perimeters or located in remote, hard-to-reach areas where guards cannot patrol.

NERC CIP-014-2 Physical Security states:

R5. Each Transmission Owner that identified a Transmission station, Transmission substation, or primary control center in Requirement R1…shall develop and implement a documented physical security plan(s) that covers their respective Transmission station(s), Transmission substation(s), and primary control center(s)…The physical security plan(s) shall include the following attributes:

5.1. Resiliency or security measures designed collectively to deter, detect, delay, assess, communicate, and          respond to potential physical threats and vulnerabilities identified during the evaluation conducted inRequirement R4.

5.2. Law enforcement contact and coordination information.

Detecting and Assessing Physical Threats

Connecting to your video surveillance system, the Netwatch Platform incorporates an Intelligent Alarm Learning System powered by machine learning algorithms to help determine which alarms are a nuisance or false versus events requiring immediate attention. The Netwatch Alarm Learning System provides our highly trained intervention specialists with a queue of alarms requiring immediate attention, allowing them to focus on real issues, real threats, and begin to take immediate steps to deter those threats.

Once an alert is received, our highly trained agents at one of our state-of-the-art monitoring centers swiftly assess the situation over a live video feed, determining the threat level and taking action.

Deterring Physical Threats

Netwatch’s highly trained intervention specialists deliver live audio warnings, speaking directly to intruders to leave the premises and letting them know that they are being watched and recorded. In 98% of cases, a live warning stops criminals from proceeding any further.

Communicating and Responding to Physical Security Threats

In the small number of instances where live audio warnings do not deter intruders, our intervention specialists will launch the proper response following a set of customer pre-determined protocols. Depending on the situation, this may be notifying law enforcement, alerting keyholders, or taking another action requested by the organization. With the policy-based measures set into motion, the specialist will remain in video and audio contact with the incident until the site is fully secured.

After the incident is resolved, Netwatch delivers a detailed incident report documenting step-by-step the events that occurred – the time and place of the incident, how the intervention specialist interacted with the site, and the outcome of the event, including still images of what occurred at the event. Issued to key contacts within utility organizations, the report is available within 24 hours of the incident for compliance verification and audits, insurance claims, and follow-up with law enforcement.

Netwatch PVM  provides utility companies  with the highest levels of safety, security and NERC CIP and other industry-specific and government mandates by delivering  specialized support to reduce threats and liabilities.

Speak with one of our security experts today to learn how PVM can best protect your organization.