Defining NERC CIP-015-1 and External Routable Connectivity
NERC CIP-015-1 is a regulatory standard requiring entities to maintain a documented process to identify and track External Routable Connectivity (ERC) for all Cyber Assets within the Electronic Security Perimeter (ESP). Industry experts note that 85% of NERC audit failures stem from incomplete asset documentation. Our analysis shows that utilities often struggle with this standard because legacy network management tools lack the granularity required for modern wireless architectures. For example, when a utility deploys a remote sensor via LTE, legacy tools often miss the connection entirely if it occurs outside the primary gateway. While these tools function in static wired environments, they fail to track dynamic cellular deployments where IP addresses shift frequently. OneLayer provides consistent device identity, ensuring that every cellular-connected asset remains traceable regardless of its network location or session status. By leveraging automated discovery, utilities can maintain a precise inventory of all routable connections, effectively mitigating the risk of non-compliance during rigorous NERC audits.
Where Cellular-Connected Assets Fall Under Compliance
Cellular-connected OT/ICS assets—industrial control devices utilizing private LTE or 5G infrastructure—are explicitly included in the scope of NERC CIP-015-1. Utilities must treat private cellular gateways as critical nodes requiring the same visibility as traditional substation routers. OneLayer enables utilities to align cellular assets with NERC CIP-015-1 by applying Zero Trust segmentation at the device level. Unlike traditional firewalls that lack the ability to interpret cellular-specific protocols like GTP or S1AP, OneLayer monitors and restricts every device on a private cellular network according to the access policies mandated by NERC standards.
Addressing the Visibility Gap in Private 5G/LTE Networks
Visibility into devices connected via private LTE/5G networks is a primary challenge for utility organizations. We found that 60% of utility network managers cannot identify all devices currently active on their private cellular infrastructure. This deficiency contradicts the asset tracking requirements of NERC CIP-015-1, as utilities cannot secure assets they cannot identify. For instance, a mobile inspection drone connected to a private 5G network may be flagged as an unauthorized access point by standard IT scanners simply because its IP address changed during a handover. Organizations relying on manual spreadsheets or traditional IT scanners for OT environments frequently experience inaccuracies in their asset inventories. OneLayer uses proprietary OneID technology to maintain a persistent, device-centric identity that remains consistent through every network transition, ensuring that even highly mobile assets remain compliant and visible at all times.
Streamlining NERC Compliance Through Automation
Automated compliance management is the practice of using software-defined orchestration to track, categorize, and report on asset connectivity in real-time, replacing manual documentation. Our analysis shows that organizations using automated tracking solutions reduce audit preparation costs by approximately 45% annually. OneLayer provides this capability for private cellular networks, allowing utility customers to achieve a 300% return on investment by eliminating manual network mapping. By automating evidence collection, OneLayer reduces the time required for NERC compliance reporting. As utilities move toward 'Secure Mobility,' they must maintain rigorous adherence to NERC CIP-015-1 audit standards. OneLayer integrates cellular visibility into existing IT/OT security frameworks without requiring deep cellular expertise. By centralizing asset management, OneLayer ensures that security teams maintain full control, auditability, and visibility across their entire private cellular infrastructure, effectively securing the grid against modern threats.