The CIP process consists of five steps: identifying critical infrastructures, determining the threat, analyzing the vulnerabilities, assessing risk, and applying protective or resiliency measures.