Malicious Software Prevention for NERC CIP-007 Compliance: Protective Controls for Operating Systems and Supporting Applications
|
|
- Samantha McGee
- 8 years ago
- Views:
Transcription
1 Malicious Software Prevention for NERC CIP-007 Compliance: Protective Controls for Operating Systems and Supporting Applications Matthew E. Luallen, Founder, Cybati / Past Co- Founder of Encari Paul J. Feldman, Chairman of the Midwest ISO, Independent Director of Western Electricity Reliability Council (WECC) Executive Summary Utilities attempting to meet the North American Electric Reliability Corporation "Critical Infrastructure Protection" (NERC CIP) requirements have encountered an unexpected, but very serious conundrum in the cyber- security realm: should they strive to meet the spirit or letter of the regulations? The potential penalties are compelling, up to $1,000,000 per day of non- compliance per a requirement; however, "checking the box" and simply meeting the letter of the NERC CIP requirements should not be the primary goal. Increasing security for security s sake should not be the goal either. All solutions must focus on meeting the true intention of the NERC CIP requirements the same goal that has driven investments since the dawn of the electric infrastructure: protecting the reliability and availability of the Bulk Electric System (BES). Utilities could "check the box" and meet the letter of the regulations by implementing and maintaining traditional security solutions (e.g., blacklist- based antivirus, emergency security patches). However, security teams have discovered that these solutions may not only fail to protect reliability and availability, they may negatively impact the goals themselves. For example, on critical Process Control Systems (PCS) at the core of the electric infrastructure, blacklist- based applications may impose unacceptable performance burdens, while vulnerability patches may jeopardize stability, be delayed by the PCS vendor, or affect system availability during application and / or system reloading. Fortunately, there is another way to truly meet the spirit of the NERC CIP requirements: application whitelisting. Application whitelisting modifies the traditional antivirus and host security approach and turns it 180 degrees. Rather than maintaining an exponentially enlarging blacklist of detected malicious software, this newer and more powerful technology enforces a relatively small whitelist of the authorized applications for each system. Application whitelisting automatically eliminates all unauthorized applications by ensuring that only approved applications can execute, including the prevention of even unknown malware. This paper will explain why application whitelisting may serve as a compensating control for NERC CIP- 007, R3 (security patching) and solution for CIP- 007, R4 (anti- malware). Application whitelisting also stops all unknown applications from executing; therefore, depending upon installation options,
2 the same application whitelisting implementation may simultaneously aid utilities in meeting NERC CIP- 003, R6 (change control and configuration management). Cyber-security of the Electric Infrastructure Almost every aspect of American life depends on the reliable delivery of electricity from producing goods to saving lives, from defending the country to conducting electronic banking and commerce. Quite simply, the electric infrastructure is one of the United States most critical resources and needs to be protected as such. The importance of the electric infrastructure is not news to utilities and regulators. Over the years, technologies and regulations have been implemented with the singular goal of ensuring the reliability and availability of electric power through the high voltage electrical infrastructure (the Bulk Electric System or BES). The BES grid has been architected to prevent cascading power failures and to continue functioning whenever one generator or transmission line fails ("N- " failure protection). The industry has done a remarkable job lately in dealing with these N- 1 situations that are often the result of natural disasters or some other rare event. But what happens when there are multiple, simultaneous failures or system manipulations rather than just one? The grid is not currently equipped to handle this situation, referred to by many as the "N- x" failure situation. The cost of building a redundant, balanced ability to respond to this situation is prohibitive at best, and potentially even mathematically impossible. Fortunately, the odds of a natural event or a physical attack creating this situation have been so low that the investments weren t warranted. Today, nature is not the biggest concern when it comes to potential N- x situations. That distinction belongs to cyber- attacks. Whether for extortion or terrorism, cyber- attacks against the electric infrastructure are particularly ominous because they can easily be designed to create an N- x attack situation. Realizing this fact, the industry and regulators have been working to create standards and implement technologies to thwart these attempts. The North American Electric Reliability Corporation (NERC), a self- regulatory organization that is subject to oversight by the U.S. Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada, is a primary player in this effort. NERC s mission is to ensure the reliability of the bulk power system in North America. Specific to cyber- attacks and their ability to create N- x situations, NERC has worked with the electric industry to create a set of requirements known as the NERC CIP ("Critical Infrastructure Protection") Cyber Security Standards to protect the grid s most critical assets. Utilities throughout North America are focused on the NERC CIP standards and reliability of the Bulk Electric System but under a new and evolving regime of mandatory compliance and possible fines. Philosophies of "carrot" versus "stick" have not been fully worked out to establish a system whose focus is clearly reliability, and the danger of a compliance focus (at the possible expense of reliability) is real. Every company needs to examine its own goals and motivations in this regard to ensure a continued focus on reliability with compliance as a byproduct rather than THE product. While reliability and compliance can go hand in hand, the industry still has
3 work to do to ensure that is truly the case. In the meantime each company needs to ask the question "Do our budget processes, organizational structures, reward systems, and senior management actions support a culture of reliability, or is reliability secondary to compliance. Companies must understand that the answers to this question will drive different actions throughout the organization with ultimately different consequences. Security of Critical Cyber Assets: Introduction to NERC CIP-007 "Checking the box" and simply meeting the letter of the NERC CIP requirements should not be the goal. Increasing security for security s sake should not be the goal either. All solutions must focus on meeting the true intention of the NERC CIP requirements and balance appropriately the delicate security model the same goal that has driven investments since the dawn of the electric infrastructure: protecting the reliability and availability of electricity delivery. All stakeholders the asset owners, customers and the government, must contemplate a thorough understanding of the risks. The owners and the shareholders need and deserve a fair return on their investments, the customers want to safely procure a valuable commodity with high reliability and low cost, while the government needs to manage risk across all 18 Critical Infrastructures / Key Resources (CI/KR). The NERC CIP standards provide a convenient roadmap for the assets that need controlling/protecting from cyber- attacks, "Critical Cyber Assets" (CCA) and Non- Critical Cyber Assets (NCCA) located within an Electronic Security Perimeter (ESP). While there are nine NERC CIP requirements, this paper focuses on the requirements that are directly related to securing the critical process control systems at the core of the electric infrastructure: Energy Management Systems (EMS), Distributed or Digital Control Systems (DCS), and Plant Control Systems (PCS). The primary anti- malware requirement is located within NERC CIP- 007, and the most relevant sections associated with application whitelisting are as follows: CIP-007-R3: Security Patch Management: The Responsible Entity, either separately or as a component of the documented configuration management process specified in CIP- 003 Requirement R6, shall establish and document a security patch management program for tracking, evaluating, testing, and installing applicable cyber security software patches for all Cyber Assets within the Electronic Security Perimeter(s). o o R3.1: The Responsible Entity shall document the assessment of security patches and security upgrades for applicability within thirty calendar days of availability of the patches or upgrades R3.2: The Responsible Entity shall document the implementation of security patches. In any case where the patch is not installed, the Responsible Entity shall document compensating measure(s) applied to mitigate risk exposure or an acceptance of risk. CIP-007-R4: Malicious Software Prevention: The Responsible Entity shall use Antivirus software and other malicious software ("malware") prevention tools, where technically
4 feasible, to detect, prevent, deter, and mitigate the introduction, exposure, and propagation of malware on all Cyber Assets within the Electronic Security Perimeter(s). o o R4.1: The Responsible Entity shall document and implement Antivirus and malware prevention tools. In the case where Antivirus software and malware prevention tools are not installed, the Responsible Entity shall document compensating measure(s) applied to mitigate risk exposure or an acceptance of risk. R4.2: The Responsible Entity shall document and implement a process for the update of Antivirus and malware prevention "signatures." The process must address testing and installing the signatures. The rest of this paper will outline how utilities can best meet these requirements and simultaneously improve the infrastructure s overall security, reliability and availability in a manner that is consistent with the operational reality of control systems. Unique Operational Realities of Critical Control Systems Any discussion about the security of control systems must begin with an understanding of the realities of these critical implementations realities that traditional security solutions simply cannot handle. While the list is long, there are four major challenges that deserve mention: 1. Many control systems are isolated and not always connected to the Internet; therefore, the systems are unable to consistently download the latest antivirus signatures or patches, leaving them vulnerable even to known attacks. 2. Most control systems cannot be rebooted or can only be rebooted at specific times in very tight maintenance windows, making unplanned installations of operating system or application patches infeasible. 3. Control systems generally have limited memory and hardware resources available making them unable to handle the performance impacts of resource- hungry security applications, including blacklist- based antivirus. 4. Many security systems today are running on older operating systems that are no longer supported and for which patches are no longer created. As a real world example, a global energy company headquartered in the northeast USA, was concerned about the use of blacklist- based antivirus solutions on the execution of real- time applications for its power generating plant control systems operations. The company s Critical Cyber Assets include operator interfaces (a.k.a. Human Machine Interfaces or HMI) in the DCS/PCS environment that are critical to reliable and safe operation of their assets and data historians. While a typical energy management (a.k.a. Supervisory Control and Data Acquisition or SCADA) system used by utilities for control of electricity production and delivery over large geographic areas can tolerate two second status and ten second analog updates, acceptable HMI operations in a generating plant
5 environment are based on a one second maximum response time and refresh rate. Operational testing on a plant data historian demonstrated that blacklist- based applications imposed an unacceptable burden on response time and refresh rates through higher processor loading and additional network traffic between the control system cyber assets. Additionally, the generating company s stringent uptime standards made unplanned patches especially those that required rebooting unfeasible. The company was also concerned that automatic delivery of blacklist signature updates over the Internet or Intranet poses risk to application reliability and requires opening ports in firewalls that pose a threat to the security of the generating plant cyber assets; management of these risks requires additional resources. In the end, traditional solutions can be implemented to simply meet the "check boxes" of the requirements, but utilities are forced to choose between various suboptimal outcomes when they do. These outcomes may include increased management costs, impacted performance and availability, and a false sense of security. Specifically: CIP-007, R3 Compliance: Patch management systems can meet the requirement if managed and implemented correctly on a consistent on- going basis using defined and approved procedures. CIP-007, R4 Compliance: Antivirus solutions can meet the requirement if managed and implemented correctly on a consistent on- going basis using defined and approved procedures. Performance Impacts: Blacklist scans impose an unacceptable performance burden on these critical systems this is especially the case on older systems with limited resources. System Availability: Control systems high availability is jeopardized by patches that require the rebooting of systems during normal operating hours. Complexity Risk: Even if patch management and traditional antivirus solutions are perfectly implemented, the fact that they introduce an element of continued implementation complexity versus alternatives is an added risk. False Sense of Security: Blacklisting solutions are ineffective against unknown, zero day and targeted malware, rootkits and most memory attacks. Systems without consistent connectivity may be exposed to even known threats if signatures are not updated or patches have not been applied. Out- of- support legacy systems (for which patches will never be available) will remain unprotected against even known vulnerabilities. Even in the face of this daunting list of operational inconsistencies, utilities would still implement traditional security solutions if they were highly effective at securing systems or if they were the only option to meet the NERC CIP requirements. The reality is that they are neither. Security professionals (and even the antivirus vendors themselves) agree that blacklisting is no longer sufficient to defeat today s threats. Blacklisting cannot address whole classes of malware threats and attacks (e.g., zero- day exploits, targeted attacks, memory exploits, rootkits, etc.) and independent tests show blacklisting solutions detection rates continue to drop. An alternative approach exists Cyber Asset Application Whitelisting.
6 Why Cyber Asset Application Whitelisting is a Viable Solution Application whitelisting takes the traditional antivirus approach and turns it 180 degrees. Rather than maintaining an exponentially enlarging blacklist of known malicious software, this new and powerful technology enforces a relatively small whitelist of the authorized applications for each computer. By ensuring that only approved applications can execute, application whitelisting automatically eliminates all unauthorized applications including even unknown malware. This approach meets the actual intention of the NERC CIP requirements: preventing all unauthorized applications from executing on Critical Cyber Assets. While this paper is not intended to explain all of the technical intricacies of how application whitelisting solutions work, leading solutions are built on two fundamental principles. First and foremost, the solutions are designed to enforce a relatively small list of known and approved applications rather than chase a huge and exponentially growing list of detected malware. For instance, to protect your home would you rather issue house keys to all family members and friends that are allowed access (whitelist) or define restrictions for each individual in the world that is not allowed access (blacklist)? This paradigm shift occurred in the mid 1990 s for firewall technology as entities began implementing "deny by default" firewall rules implemented for the past five years leveraging the whitelisting model. The solution must also be designed to easily handle the addition of new applications or updates without increasing management overhead or requiring any changes to the company s existing operational approaches. For application whitelisting to enforce a list of known and approved applications, each of the following must occur. The solution must have a way of building or acquiring the whitelist of applications for any given computer preferably from the computer itself since no two computers are alike. Also, the solution must securely and efficiently enforce the whitelist on the computer. And finally, the solution must have the ability to report any attempts to violate the security policies it is enforcing. These three capabilities together provide the security required to protect the computer, while at the same time reporting on system status. The whitelist enforcement mechanism is best deployed in the form of a tamper- proof client installed on each computer or endpoint. It is crucial that local users or malicious programs cannot circumvent the enforcement provided by this engine, so the client must function in the operating system itself. Through tight integration with the operating system, the solution is able to protect the system and have the greatest efficiency it essentially functions as part of the operating system rather than an add- on security feature. From within the operating system, the client reads in the whitelist, and ensures that only those applications on the whitelist are allowed to run. This process begins during boot time when the operating system is starting, and then checks all executables that load to ensure they are authorized. The client only performs checks when a new application or process attempts to start, so the ongoing performance impact is imperceptibly low compared to blacklist antivirus scans. It is paramount that asset owners work with control system vendors to include this type of capability directly in to the control system software and/or hardware. Control system vendors of IEDS, RTUs, Relays, Synchrophasors and other hardware and software need to ensure that their future systems are protected by default application whitelisting is an excellent step in the correct direction.
7 Application whitelisting solutions also monitor activity to aid in NERC CIP- 007, R6 compliance. For example, a solution can log attempts to overwrite protected applications on the computer or attempts to run unauthorized applications. The solution can also periodically remove all unauthorized applications that may have been copied to the Cyber Asset, ensuring the pristine condition of the Cyber Asset is maintained. Compliance reports can show the system configuration has been maintained and any unauthorized executables that have been removed thereby providing supporting evidence that is necessary for NERC CIP- 003, R6. Addressing another one of application whitelisting s fundamental principles, an application whitelisting solution must be able to automatically without requiring real- time IT involvement update the whitelist whenever new applications are added or existing ones are upgraded. Even in a controlled environment like energy systems, the Cyber Assets must eventually be updated with newer applications or patches. Some of these requirements are driven by compliance and company policies, while others are required to implement new functionality. Innovative whitelisting solutions allow authorized change while still maintaining security on the Cyber Asset. The term being applied to this process is "Trusted Change". All trusted change is built on this simple concept: IT establishes multiple "sources of trust" from which users and Cyber Assets can install applications or upgrades. As long as the users and Cyber Assets receive the applications or upgrades from these trusted sources, the applications or upgrades can be automatically added to the whitelist without any additional IT involvement. The additions are transparent and friction- free. Examples of trusted sources include trusted applications, trusted digital signatures, trusted updaters, and even trusted users. By preventing all unauthorized applications and malware from executing, application whitelisting simultaneously serves as a compensating control for NERC CIP- 007, R3 and a solution for CIP- 007, R4 in a way that also increases security and protects the availability / reliability of electricity delivery. Specifically: CIP-007, R3 Compliance: By preventing the execution of malware including those that are deposited via vulnerabilities that haven t been patched or via memory- based attacks like DLL injections application whitelisting is a compensating control until the PCS vendor approved security patches are installed during regular maintenance windows. CIP-007, R4 Compliance: Application whitelisting may currently meet CIP- 007, R4 (since it is clearly an anti- malware solution) or it may be considered a compensating control (since it eliminates all unauthorized applications from executing). Security: Application whitelisting, or deny by default, is far more effective than blacklisting because it prevents all malware, whether known or unknown. Leading versions stop rootkits and prevent memory attacks like DLL injections and attempts to write to kernel memory as well. Additionally, application whitelisting provides protection for out- of- support legacy Cyber Assets for which patches will never be available.
8 Performance Impacts: Since the whitelists are relatively small and only run when an application attempts to execute, the performance impact is imperceptible. System Availability: Control systems high availability is protected because the Cyber Assets are not required to be rebooted during normal operating hours. Application Whitelisting Aids in Complying with NERC CIP-003, R6 and CIP-007, R6 While the bulk of this paper has been focused on meeting the true intention of NERC CIP- 007 R3 and R4, preventing the execution of any malware, the reality is that application whitelisting prevents the execution of all unauthorized applications not just malicious ones. Unauthorized applications are a focus of NERC CIP- 003, R6: CIP-003, R6: Change Control and Configuration Management: The Responsible Entity shall establish and document a process of change control and configuration management for adding, modifying, replacing, or removing Critical Cyber Asset hardware or software, and implement supporting configuration management activities to identify, control and document all entity or vendor related changes to hardware and software components of Critical Cyber Assets pursuant to the change control process. Application whitelisting may aid in stopping a non- compliant, unapproved activity pursuant to CIP- 003, R6 by providing attempted change detection and actual execution restriction of unauthorized applications. Application whitelisting solutions also typically include baselining and reporting to aid in the generation of evidence pursuant to CIP- 007, R6 Security Status Monitoring: CIP-007, R6: Security Status Monitoring: The Responsible Entity shall ensure that Cyber Assets within the Electronic Security Perimeter, as technically feasible, implement automated tools or organizational process controls to monitor system events that are related to cyber security. Any identified security event may be a result of poorly defined procedures and executed practices of change control and configuration management or actual attempted Cyber Asset manipulation that should be managed and escalated according to an entities CIP- 008 Cyber Security Incident Response Plan (CSIRP). Other benefits of application whitelisting in lieu of blacklisting for control system host computers include: Eliminate the need to test and update blacklist signatures per CIP- 007, R4.2. Control system hosts need not be continuously connected to an external network to maintain a high degree of protection against malware.
9 The application environment for control system hosts is relatively static after initial Cyber Asset commissioning. The use of application whitelisting requires minimal management resources compared to blacklisting. Conclusion In addition to superior protection against even zero- day attacks, application whitelisting is gaining a following because it addresses the operational realities associated with control system implementations that blacklist- based solutions cannot. First, application whitelisting continues to provide protection without requiring signature or patch updates, so it can function in Cyber Assets that are not connected to the Internet. Second, whitelist- protected control systems remain online until regularly scheduled maintenance windows, instead of requiring downtime for emergency vulnerability patches. Third, application whitelisting solutions typically do not impact control system performance a significant advantage over resource- hungry security applications like blacklist- based antivirus. Fourth, resource requirements for management of application whitelisting for control system hosts is minimal compared to blacklisting because of the relatively static application environment in power plant control systems. And finally, leading application whitelisting solutions provide protection for control systems that are built on older, unsupported operating systems for which no patches are available. For all of these reasons, application whitelisting is a solid option for utilities trying to secure control systems, to meet NERC CIP requirements, and to protect the overall availability and reliability of the BES in North America. Information Note: The views expressed in this paper are the authors own and not necessarily associated with any organization that the authors serve in Board, Client, or Advisory Board roles.
Verve Security Center
Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationStandard CIP 007 3 Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for securing
More informationStandard CIP 007 3a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationPatching & Malicious Software Prevention CIP-007 R3 & R4
Patching & Malicious Software Prevention CIP-007 R3 & R4 Scope Compliance Assessment Summary Introspection & Analysis Program-In Review Maturity Model review Control Design review Process Components of
More informationE-Commerce Security Perimeter (ESP) Identification and Access Control Process
Electronic Security Perimeter (ESP) Identification and Access Control Process 1. Introduction. A. This document outlines a multi-step process for identifying and protecting ESPs pursuant to the North American
More informationeguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life
Executive s Guide to Windows Server 2003 End of Life Facts About Windows Server 2003 Introduction On July 14, 2015 Microsoft will end support for Windows Sever 2003 and Windows Server 2003 R2. Like Windows
More informationLogRhythm and NERC CIP Compliance
LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationBSM for IT Governance, Risk and Compliance: NERC CIP
BSM for IT Governance, Risk and Compliance: NERC CIP Addressing NERC CIP Security Program Requirements SOLUTION WHITE PAPER Table of Contents INTRODUCTION...................................................
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationEndpoint Security: Moving Beyond AV
Endpoint Security: Moving Beyond AV An Ogren Group Special Report July 2009 Introduction Application whitelisting is emerging as the security technology that gives IT a true defense-in-depth capability,
More informationDeveloping A Successful Patch Management Process
Developing A Successful Patch Management Process White Paper FoxGuard Solutions, Inc. August 2014 Introduction Almost every day, new vulnerabilities are discovered and disclosed to software vendors, who
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationDriving Company Security is Challenging. Centralized Management Makes it Simple.
Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationBest Practices in ICS Security for System Operators. A Wurldtech White Paper
Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationThe first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.
CIPS Overview Introduction The reliability of the energy grid depends not only on physical assets, but cyber assets. The North American Electric Reliability Corporation (NERC) realized that, along with
More informationNERC CIP Ports & Services. Part 2: Complying With NERC CIP Documentation Requirements
NERC CIP Ports & Services Part 2: Complying With NERC CIP Documentation Requirements White Paper FoxGuard Solutions, Inc. November 2014 Defining Ports And Services In part 2 of our Ports and Services white
More informationFERC, NERC and Emerging CIP Standards
Protecting Critical Infrastructure and Cyber Assets in Power Generation and Distribution Embracing standards helps prevent costly fines and improves operational efficiency Bradford Hegrat, CISSP, Principal
More informationThe North American Electric Reliability Corporation ( NERC ) hereby submits
December 8, 2009 VIA ELECTRONIC FILING Kirsten Walli, Board Secretary Ontario Energy Board P.O Box 2319 2300 Yonge Street Toronto, Ontario, Canada M4P 1E4 Re: North American Electric Reliability Corporation
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002
ForeScout CounterACT and Compliance An independent assessment on how network access control maps to leading compliance mandates and helps automate GRC operations June 2012 Overview Information security
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationNERC CIP Compliance with Security Professional Services
NERC CIP Compliance with Professional Services The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is
More informationThe Advantages of an Integrated Factory Acceptance Test in an ICS Environment
The Advantages of an Integrated Factory Acceptance Test in an ICS Environment By Jerome Farquharson, Critical Infrastructure and Compliance Practice Manager, and Alexandra Wiesehan, Cyber Security Analyst,
More informationDocument ID. Cyber security for substation automation products and systems
Document ID Cyber security for substation automation products and systems 2 Cyber security for substation automation systems by ABB ABB addresses all aspects of cyber security The electric power grid has
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationWaterfall for NERC-CIP Compliance
Waterfall for NERC-CIP Compliance Using Waterfall s Unidirectional Security Solution to Achieve True Security & NERC-CIP Compliance Date: Jul. 2009 The material in this document is proprietary to Waterfall
More informationTRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More informationCIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016
CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016 My name is Jacob Olcott and I am pleased to share some observations on
More informationEnd of Support Should Not End Your Business. Challenge of Legacy Systems
End of Support Should Not End Your Business When software vendors announce a product end-of-life (EOL), customers typically have 24 to 30 months to plan and execute their migration strategies. This period
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More informationWHITE PAPER. Running. Windows Server 2003. in a Post-Support World. By Nick Cavalancia
Running Windows Server 2003 in a Post-Support World By Nick Cavalancia TABLE OF CONTENTS Introduction 1 The Challenge of Staying on Windows Server 2003 2 Building a Vulnerability Mitigation Strategy 4
More informationNERC Cyber Security Standards
SANS January, 2008 Stan Johnson Manager of Situation Awareness and Infrastructure Security Stan.johnson@NERC.net 609-452-8060 Agenda History and Status of Applicable Entities Definitions High Level of
More informationSummary of CIP Version 5 Standards
Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have
More informationBest Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper
Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationChange and Configuration Management
Change and Configuration Management for CIP Compliance OCTOBER 21, 2009 Developed with: Presenters Bart Thielbar, CISA Senior Research hanalyst Sierra Energy Group, a Division of Energy Central CIP-003,
More informationData Security Concerns for the Electric Grid
Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid The U.S. power grid infrastructure is a vital component of modern society and commerce, and represents a critical
More informationCyber Security Seminar KTH 2011-04-14
Cyber Security Seminar KTH 2011-04-14 Defending the Smart Grid erik.z.johansson@se.abb.com Appropriate Footer Information Here Table of content Business Drivers Compliance APT; Stuxnet and Night Dragon
More informationProtecting productivity with Plant Security Services
Protecting productivity with Plant Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. siemens.com/plant-security-services
More informationCONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT
Energy Research and Development Division FINAL PROJECT REPORT CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT Prepared for: Prepared by: California Energy Commission KEMA, Inc. MAY 2014 CEC
More informationWindows XP End-of-Life Handbook for Upgrade Latecomers
s Why Windows XP End-of-Life Handbook for Upgrade Latecomers s Why Introduction Windows XP end of life is April 8, 2014. Do you have Windows XP systems but can t upgrade to Windows 7 or Windows 8, or can
More informationNERC CIP Whitepaper How Endian Solutions Can Help With Compliance
NERC CIP Whitepaper How Endian Solutions Can Help With Compliance Introduction Critical infrastructure is the backbone of any nations fundamental economic and societal well being. Like any business, in
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationManaging Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services
Managing Vulnerabilities for PCI Compliance White Paper Christopher S. Harper Managing Director, Agio Security Services PCI STRATEGY Settling on a PCI vulnerability management strategy is sometimes a difficult
More informationABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?
ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security? Agenda Threats Risk Assessment Implementation Validation Advanced Security Implementation Strategy
More informationGE Measurement & Control. Cyber Security for NERC CIP Compliance
GE Measurement & Control Cyber Security for NERC CIP Compliance GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used for purposes
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationTechnology Solutions for NERC CIP Compliance June 25, 2015
Technology Solutions for NERC CIP Compliance June 25, 2015 2 Encari s Focus is providing NERC CIP Compliance Products and Services for Generation and Transmission Utilities, Municipalities and Cooperatives
More informationCloud Computing for SCADA
Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry
More informationReclamation Manual Directives and Standards
Vulnerability Assessment Requirements 1. Introduction. Vulnerability assessment testing is required for all access points into an electronic security perimeter (ESP), all cyber assets within the ESP, and
More informationTHREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS
THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS Learn more about Symantec security here OVERVIEW Data and communication protection isn t a problem limited to large enterprises. Small and
More informationCritical Infrastructure Security: The Emerging Smart Grid. Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn
Critical Infrastructure Security: The Emerging Smart Grid Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn Overview Assurance & Evaluation Security Testing Approaches
More informationNorth American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)
Whitepaper North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5) NERC-CIP Overview The North American Electric Reliability Corporation (NERC) is a
More informationDecrease your HMI/SCADA risk
Decrease your HMI/SCADA risk Key steps to minimize unplanned downtime and protect your organization. Are you running your plant operations with serious risk? Most industrial applications lack recommended
More informationCyber Security for NERC CIP Version 5 Compliance
GE Measurement & Control Cyber Security for NERC CIP Version 5 Compliance imagination at work Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security Management Controls...
More informationeguide: Designing a Continuous Response Architecture 5 Steps For Windows Server 2003 End of Life Success
: Designing a Continuous Response Architecture 5 Steps For Windows Server 2003 End of Life Success FAST FACTS Over 10 Million Windows Server 2003 Devices Still In Use Less Than 250 Days To Windows Server
More informationCompliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme
Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme avecto.com Contents Introduction to the scheme 2 Boundary firewalls and internet gateways 3 Secure configuration
More informationApplication Whitelisting - Extend your Security Arsenal? Mike Baldi Cyber Security Architect Honeywell Process Solutions
Application Whitelisting - Extend your Security Arsenal? Mike Baldi Cyber Security Architect Honeywell Process Solutions 1 Agenda What is Application Whitelisting (AWL) Protection provided by Application
More informationNERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice
NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to
More informationPCI Data Security Standards (DSS)
ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants
More informationHow to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework
How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework Jacques Benoit, Cooper Power Systems Inc., Energy Automations Solutions - Cybectec Robert O Reilly, Cooper
More informationCDM Hardware Asset Management (HWAM) Capability
CDM Hardware Asset Management (HWAM) Capability Department of Homeland Security Office of Cybersecurity and Communications Federal Network Resilience Table of Contents 1 PURPOSE AND SCOPE... 2 2 THREAT
More informationVirtual Patching: a Proven Cost Savings Strategy
Virtual Patching: a Proven Cost Savings Strategy An Ogren Group Special Report December 2011 Executive Summary Security executives, pushing the limits of traditional labor-intensive IT patch processes
More informationContinuous Compliance for Energy and Nuclear Facility Cyber Security Regulations
Continuous Compliance for Energy and Nuclear Facility Cyber Security Regulations Leveraging Configuration and Vulnerability Analysis for Critical Assets and Infrastructure May 2015 (Revision 2) Table of
More informationImplementation Plan for Version 5 CIP Cyber Security Standards
Implementation Plan for Version 5 CIP Cyber Security Standards April 10September 11, 2012 Prerequisite Approvals All Version 5 CIP Cyber Security Standards and the proposed additions, modifications, and
More informationSecurity in the smart grid
Security in the smart grid Security in the smart grid It s hard to avoid news reports about the smart grid, and one of the media s favorite topics is security, cyber security in particular. It s understandable
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationGE Measurement & Control. Cyber Security for Industrial Controls
GE Measurement & Control Cyber Security for Industrial Controls Contents Overview...3 Cyber Asset Protection (CAP) Software Update Subscription....4 SecurityST Solution Options...5 Centralized Account
More informationICS CYBER SECURITY RKNEAL, INC. Protecting Industrial Control Systems: An Integrated Approach. Critical Infrastructure Protection
Critical Infrastructure Protection Technical White Paper ICS CYBER SECURITY Protecting Industrial Control Systems: An Integrated Approach The purpose of this white paper is to present a novel cyber security
More informationResilient and Secure Solutions for the Water/Wastewater Industry
Insert Photo Here Resilient and Secure Solutions for the Water/Wastewater Industry Ron Allen DA/Central and Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Your slides here Copyright 2011
More informationCIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationCyber Security Compliance (NERC CIP V5)
Cyber Security Compliance (NERC CIP V5) Ray Wright NovaTech, LLC Abstract: In December 2013, the Federal Energy Regulatory Commission (FERC) issued Order No. 791 which approved the Version 5 CIP Reliability
More informationTrend Micro OfficeScan 10 with File Reputation
Trend Micro OfficeScan 10 with File Reputation Part of Trend Micro Enterprise Security. A Revolutionary New Approach to Enterprise Endpoint Security A Trend Micro White Paper March 2009 I. DRAMATIC RISE
More informationHow ByStorm Software enables NERC-CIP Compliance
How ByStorm Software enables NERC-CIP Compliance The North American Electric Reliability Corporation (NERC) has defined reliability standards to help maintain and improve the reliability of North America
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationSecurity for NG9-1-1 SYSTEMS
The Next Generation of Security for NG9-1-1 SYSTEMS The Challenge of Securing Public Safety Agencies A white paper from L.R. Kimball JANUARY 2010 866.375.6812 www.lrkimball.com/cybersecurity L.R. Kimball
More informationTop Ten Compliance Issues for Implementing the NERC CIP Reliability Standard
Top Ten Compliance Issues for Implementing the NERC CIP Reliability Standard The North American Electric Reliability Corporation 1 s (NERC) CIP Reliability Standard is the most comprehensive and pervasive
More informationRunning A Fully Controlled Windows Desktop Environment with Application Whitelisting
Running A Fully Controlled Windows Desktop Environment with Application Whitelisting By: Brien M. Posey, Microsoft MVP Published: June 2008 About the Author: Brien M. Posey, MCSE, is a Microsoft Most Valuable
More informationInnovative Defense Strategies for Securing SCADA & Control Systems
1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet
More informationAchieving Compliance with the PCI Data Security Standard
Achieving Compliance with the PCI Data Security Standard June 2006 By Alex Woda, MBA, CISA, QDSP, QPASP This article describes the history of the Payment Card Industry (PCI) data security standards (DSS),
More informationCyber Essentials Questionnaire
Cyber Essentials Questionnaire Introduction The Cyber Essentials scheme is recommended for organisations looking for a base level Cyber security test where IT is a business enabler rather than a core deliverable.
More informationWhitepaper. Securing Visitor Access through Network Access Control Technology
Securing Visitor Access through Contents Introduction 3 The ForeScout Solution for Securing Visitor Access 4 Implementing Security Policies for Visitor Access 4 Providing Secure Visitor Access How it works.
More informationComputer System Security Updates
Why patch? If you have already deployed a network architecture, such as the one recommended by Rockwell Automation and Cisco in the Converged Plantwide Ethernet Design and Implementation Guide (http://www.ab.com/networks/architectures.html),
More informationCourse: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems
Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding
More informationLeveraging a Maturity Model to Achieve Proactive Compliance
Leveraging a Maturity Model to Achieve Proactive Compliance White Paper: Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance Contents Introduction............................................................................................
More informationTop 10 Compliance Issues for Implementing Security Programs
www.dyonyx.com Top 10 Compliance Issues for Implementing Security Programs This White Paper articulates the top ten issues that we have encountered in the design and implementation of comprehensive Security
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationTop Three POS System Vulnerabilities Identified to Promote Data Security Awareness
CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA
More informationKaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management. www.kaseya.com
Kaseya White Paper Endpoint Security Fighting Cyber Crime with Automated, Centralized Management www.kaseya.com To win the ongoing war against hackers and cyber criminals, IT professionals must do two
More informationChoosing Between Whitelisting and Blacklisting Endpoint Security Software for Fixed Function Devices
Choosing Between Whitelisting and Blacklisting Endpoint Security Software for Fixed Function Devices McAfee* application whitelisting combined with Intel vpro technology can improve security, increase
More informationInformation Shield Solution Matrix for CIP Security Standards
Information Shield Solution Matrix for CIP Security Standards The following table illustrates how specific topic categories within ISO 27002 map to the cyber security requirements of the Mandatory Reliability
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationIntegrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi etieghi@visionautomation.
Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems Enzo M. Tieghi etieghi@visionautomation.it Security IT & Control System Security: where are we?
More information