Cybersecurity
Kristine Martz is Principal Product Advisor for Dragos Inc. and has over fifteen years of experience in power and utilities cybersecurity and regulatory compliance, with expertise in NERC standards and real-time systems security.
As utilities prepare for compliance with the newly approved NERC CIP-015-1 standard, a recurring point of discussion has emerged: what exactly is meant by a baseline in the context of Internal Network Security Monitoring (INSM)?
For many in the electric sector, the term baseline immediately evokes CIP-010-4 Requirement R1, a well-established standard for configuration management. But CIP-015-1 introduces a fundamentally different concept: behavioral baselining. Understanding this distinction is critical for both compliance and cybersecurity effectiveness.
CIP-010-4 R1: Configuration Baselines for System Integrity
CIP-010-4 R1 requires Responsible Entities to develop and maintain configuration baselines for BES Cyber Systems and a specific scope of associated assets. These baselines include:
Operating systems and firmware versions;
Commercial, open-source, and custom software;
Figure 1 - Why the Distinction Matters
Logical network accessible ports; and
Security patches applied.