Securing America’s Critical Infrastructure: Strengthening Compliance with NERC Cybersecurity Standards

Authors

  • Udoka Ngozi Nwizu Western Governor’s University

DOI:

https://doi.org/10.47941/jts.2636

Keywords:

Critical Infrastructure Protection, Cybersecurity Resilience, NERC CIP Compliance, Threat Intelligence Sharing, Infrastructure Modernization

Abstract

Purpose: Critical infrastructure, including energy, transportation, and water systems, is increasingly vulnerable to cyber threats and physical attacks. This paper examines the current state of America’s critical infrastructure security, focusing on the challenges posed by sophisticated cyberattacks, aging infrastructure, and regulatory compliance. The study evaluates the effectiveness of existing security frameworks, including the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards, and highlights gaps in their implementation.
Methodology: A qualitative methodology is used, incorporating case studies, regulatory reports, and expert analyses to assess risks and propose solutions. Notable incidents, such as the Colonial Pipeline ransomware attack and foreign cyber intrusions, illustrate the urgency of enhancing cybersecurity measures.
Findings: The findings reveal that many infrastructures sectors struggle with outdated technology, inadequate funding, and insufficient workforce training, making them susceptible to attacks. Additionally, compliance with security regulations is often reactive rather than proactive, limiting the overall effectiveness of defence mechanisms.
Unique Contribution to Theory, Policy and Practice: The study recommends investing in advanced cybersecurity technologies, such as AI-driven threat detection, strengthening public-private partnerships for better intelligence sharing, and modernizing regulatory frameworks to be more adaptive to emerging threats to address these challenges. Additionally, workforce training programs and supply chain security enhancements are crucial for long-term resilience. These insights contribute to the development of more robust policies and practical strategies for securing America’s critical infrastructure against evolving threats.
Keywords: Critical Infrastructure Protection, Cybersecurity Resilience, NERC CIP Compliance, Threat Intelligence Sharing, Infrastructure Modernization

Downloads

Download data is not yet available.

References

Anisetti, M., Ardagna, C., Cremonini, M., Damiani, E., Sessa, J., & Costa, L. (2020). P A P E R Security Threat Landscape. https://www.concordia-h2020.eu/wp-content/uploads/2021/03/White_paper_SecurityThreats.pdf

Bhardwaj, G., Gupta, R., Srivastava, A. P., & Vikram Singh, S. (2021, April 1). Cyber Threat Landscape of G4 Nations: Analysis of Threat Incidents & Response Strategies. IEEE Xplore. https://doi.org/10.1109/ICIEM51511.2021.9445307

Chang, T., Wen, G., Alaeddini, S., Li, D., Bolton, C., Marshall, L., Tabatabai, S., & Nguyen, T. (2022). Development and Implementation of Practical Processes for NERC CIP-010 Compliance Evaluation. https://doi.org/10.1109/cpre55809.2022.9776559

Christensen, D., Martin, M., Gantumur, E., & Mendrick, B. (2019). Risk Assessment at the Edge: Applying NERC CIP to Aggregated Grid-Edge Resources. The Electricity Journal, 32(2), 50–57. https://doi.org/10.1016/j.tej.2019.01.018

Drury, J., Carter, H., Cocking, C., Ntontis, E., Tekin Guven, S., & Amlôt, R. (2019). Facilitating Collective Psychosocial Resilience in the Public in Emergencies: Twelve Recommendations Based on the Social Identity Approach. Frontiers in Public Health, 7. https://doi.org/10.3389/fpubh.2019.00141

Easterly, J., & Fanning, T. (2023, May 7). The attack on colonial pipeline: What we’ve learned & what we’ve done over the past two years. Cybersecurity and Infrastructure Security Agency. https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-done-over-past-two-years

Hilt, D. W. (2018). Critical Infrastructure Protection Required on Electric Grid Continually Changing. Natural Gas & Electricity, 34(8), 9–15. https://doi.org/10.1002/gas.22040

Iii, G. A. F., & El-Sheikh, E. (2022). NERC CIP Standards: Review, Compliance, and Training. Global Perspectives on Information Security Regulations: Compliance, Controls, and Assurance. https://www.igi-global.com/chapter/nerc-cip-standards/302386

Kaloudi, N., & Li, J. (2020). The AI-Based Cyber Threat Landscape. ACM Computing Surveys (CSUR), 53(1), 1–34. https://doi.org/10.1145/3372823

Mallick, A., & Nath, R. (2024). Navigating the Cyber security Landscape: A Comprehensive Review of Cyber-Attacks, Emerging Trends, and Recent Developments. https://worldscientificnews.com/wp-content/uploads/2024/01/WSN-1901-2024-1-69-1.pdf

Marron, J., Gopstein, A., & Bogle, D. (2021). Benefits of an Updated Mapping between the NIST Cybersecurity Framework and the NERC Critical Infrastructure Protection Standards. https://doi.org/10.6028/nist.cswp.09292021

Mathas, C.-M., Grammatikakis, K.-P., Vassilakis, C., Kolokotronis, N., Bilali, V.-G., & Kavallieros, D. (2020). Threat landscape for smart grid systems. Proceedings of the 15th International Conference on Availability, Reliability and Security. https://doi.org/10.1145/3407023.3409229

Mukhopadhyay, I. (2022). Cyber Threats Landscape Overview Under the New Normal. ICT Analysis and Applications, 729–736. https://doi.org/10.1007/978-981-16-5655-2_70

Nevius, D. (2023). The History of the North American Electric Reliability Corporation Helping Owners, Operators, and Users of the Bulk Power System Assure Reliability and Security for More Than 50 Years. https://www.nerc.com/news/Documents/NERCHistoryBook.pdf

Pieterse, H. (2021). The Cyber Threat Landscape in South Africa: A 10-Year Review. The African Journal of Information and Communication, 28(28). https://doi.org/10.23962/10539/32213

Rahman, M. R., Mahdavi-Hezaveh, R., & Williams, L. (2022). What are the attackers doing now? Automating cyberthreat intelligence extraction from text on pace with the changing threat landscape: A survey. ACM Computing Surveys. https://doi.org/10.1145/3571726

Richardson, L. C., Connell, N. D., Lewis, S. M., Pauwels, E., & Murch, R. S. (2019). Cyberbiosecurity: A Call for Cooperation in a New Threat Landscape. Frontiers in Bioengineering and Biotechnology, 7. https://doi.org/10.3389/fbioe.2019.00099

Saeed, S., Altamimi, S. A., Alkayyal, N. A., Alshehri, E., & Alabbad, D. A. (2023). Digital Transformation and Cybersecurity Challenges for Businesses Resilience: Issues and Recommendations. Sensors, 23(15). https://doi.org/10.3390/s23156666

Shad, M. R. (2019). Cyber Threat Landscape and Readiness Challenge of Pakistan. Strategic Studies, 39(1), 1–19. https://www.jstor.org/stable/48544285

U.S. Department of Energy. (2023). Department of Energy. Energy.gov. https://www.energy.gov/

Xu, S. (2020). The Cybersecurity Dynamics Way of Thinking and Landscape. https://doi.org/10.1145/3411496.3421225

Downloads

Published

2025-04-11

How to Cite

Nwizu, U. N. (2025). Securing America’s Critical Infrastructure: Strengthening Compliance with NERC Cybersecurity Standards. Journal of Technology and Systems, 7(2), 33–47. https://doi.org/10.47941/jts.2636

Issue

Vol. 7 No. 2 (2025)

Section

Articles

License

Copyright (c) 2025 Udoka Ngozi Nwizu

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution (CC-BY) 4.0 License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.