The NERC CIP-014 regulations require substations to implement specific controls to minimize physical, cyber, and operational security risks.

The CIP-014 security standard identifies and protects transmission stations and transmission substations, and their associated primary control centers. If these stations are rendered inoperable or damaged as a result of a physical attack, the grid could suffer widespread instability, uncontrolled separation, or cascading within an interconnection. We can help providers continually comply with this regulation, securing these vital stations.


Clients with a need to meet the requirements of CIP-014 will benefit from a thorough, third party assessment of transmission station, transmission substation, and primary control center security.


Due to our work advising high-level utility executives as well as Information Technology and Operations Technology staff, SecureState is uniquely positioned to offer critical infrastructure protection services combined with the technical skills needed to develop new methodologies for testing the newest energy technology. We have created leading edge exploit tools for use in the energy industry, such as Termineter, and work with energy companies to manage CIP-014 regulations concerning substation security.

Detailed Approach

SecureState will conduct security assessments of the plans developed to cover transmission stations, transmission substations, and primary control centers, to ensure that proper controls exist to minimize physical, cyber, and operational security risks.

This includes the following assessments:

  • Resiliency or security measures designed collectively to deter, detect, delay, assess, communicate, and respond to potential physical threats and vulnerabilities identified during the evaluation conducted in Requirement R4.
  • Law enforcement contact and coordination information.
  • A timeline for executing the physical security enhancements and modifications specified in the physical security plan.
  • Provisions to evaluate evolving physical threats, and their corresponding security measures, to the Transmission station(s), Transmission substation(s), or primary Control Center(s).

SecureState will use information from the R4 assessment to generate site-specific plans for each in-scope facility. SecureState then develops a roadmap that aligns the site physical security plan with CIP 014 requirements.

Get Started!