CIP-012 Remote Connectivity

By Michael Ahmad
CIP Cyber and Physical Security Analyst

According to the 2025 Electric Reliability Organization (ERO) Enterprise Reliability Risk Priorities Report, telecommunication networks are increasingly relied on for Bulk Power System (BPS) operations, supporting Real-time monitoring, remote control, emergency response, and system restoration. This growing dependence has resulted in an expanded attack surface for cybersecurity threats to Real-time communications and reliable grid operations. In response, the ERO Enterprise identified remote connectivity as a risk element in the 2026 Compliance Monitoring and Enforcement Program (CMEP) Implementation Plan (IP).

The purpose of CIP-012-1 is to address the confidentiality and integrity of Real-time Assessment (RTA) and Real-time monitoring (RTM) data being transmitted between Control Centers. Per the Standard, Responsible Entities are required to identify the following:

  • Security protections that mitigate risks posed by unauthorized disclosure (confidentiality) and unauthorized modification (integrity) of RTA and RTM data
  • Where such security protections are applied
  • The responsibilities of each entity when Control Centers are owned or operated by different entities

CIP-012-1 establishes expectations for confidentiality and integrity, but it does not directly target availability. Accordingly, the Federal Energy Regulatory Commission (FERC) has approved CIP-012-2, which builds on the current version by incorporating supplemental language concerning data availability and recovery. Following the effective date of July 1, 2026, Responsible Entities will be required to identify risk mitigation strategies pertaining to the availability of RTA and RTM data, as well as methods to initiate the recovery of communication links.

Applying defense-in-depth remains an important aspect of maintaining communication resilience. While Responsible Entities should consider an approach that conforms to their unique circumstances, some best practices include:

  • Layering both physical and logical safeguards
  • Utilizing up-to-date security protocols
  • Integrating CIP-012 controls into existing plans and processes, such as disaster recovery and business continuity plans

For more information and further guidance on implementing best practices related to the protection of data in transit, Texas RE encourages Responsible Entities to consult the National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5.

Helpful Links

Texas RE Info Sheet
Acronym Guide
Mailing Lists
Texas RE Welcome Packet
Ethics Hotline
OATI webPortal
Visit Texas RE

Follow Us

Contact Us

Email Us
  8000 Metropolis Drive, Building A, Suite 300 Austin, Texas 78744
512-583-4900

©2023 Texas Reliability Entity. All rights reserved.
Privacy Policy | Terms of Use