How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework
|
|
- Lambert Short
- 8 years ago
- Views:
Transcription
1 How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework Jacques Benoit, Cooper Power Systems Inc., Energy Automations Solutions - Cybectec Robert O Reilly, Cooper Power Systems Inc. Energy Automations Solutions - Cybectec Abstract This paper addresses the challenges faced by utilities and/or integration companies during deployment and engineering phases of automation and integration projects, with regards to complying with the new cyber-security requirements set out by NERC. This paper will focus on approaches to these new challenges to ensure the project stays within schedule and budget, from the point of view of substation requirements, management and of the different SCADA systems. Introduction This technical paper will discuss the challenges of minimizing the impact of adding NERC CIP compliance to an ongoing project consisting of updating a substation s automation systems. Originally aimed at providing faster access to a higher amount of operational and non-operation data within a substation framework, the changeover is an opportunity to upgrade some of the protection and metering devices. But now, the project must also include compliance with cyber-security requirements. While at first glance NERC requirements may seem to be an insurmountable task, when one takes a closer look at the standards, it becomes obvious that proper planning and best practices are the key to accomplishing compliance. Moreover, proper planning will minimize the impact of NERC CIP compliance on the project s budget and timeline. From a project implementation point of view, NERC CIP mainly describes what is required from utilities, but does not provide any technical information on how to implement a project to meet those requirements. This leaves a lot of room for interpretation and implementation.
2 From a project viewpoint, one must decide quickly which requirements would normally be addressed outside of a project scope and hence would not impact adversely its timeline or budget. Since they should be the responsibility of other groups within the organization, we will not discuss the following CIP standards in this paper: CIP-001 CIP-008 CIP-009 Sabotage Reporting Incident reporting and Response Planning Recovery Plans for Critical Cyber Assets Instead, we will discuss how the following key CIP requirements have a direct impact on your ongoing project and should be addressed in any ongoing project: CIP Reference # CIP-002-R3 CIP-003-R4.1 CIP-003-R5.1 CIP-003-R6 CIP-004-R2 CIP-004-R3 CIP-004-R4 CIP-005-R2 CIP-006-R2 CIP-007-R1 CIP-007-R2 CIP-007-R3 CIP-007-R4 CIP-007-R5 General Description Critical cyber asset identification Critical cyber asset information to be protected (items defined by management team) Access control (personnel cleared to access protected information) Change control and configuration management Training of all personnel (operation, technical, contractors, etc.) Personnel risk assessment Personnel access to critical cyber assets Electronic access controls (ensure electronic access is only permitted to approved personnel) Physical access controls Test procedures (supplied by others) Ports and Services (ensure only the required ports and services are active, all others are turned off) Security patch management Malicious software prevention Account management For the readers convenience, we have summarized the different CIP requirements in the appendix. The Original Project The example chosen is that of modernizing an existing substation automation system. This type of project was selected because it is probably the worst case: not only is new equipment added, but legacy equipment is also kept in the substation. The implementation must be done while keeping legacy systems in operation. Moreover, the project must allow for compliance with all applicable
3 CIP requirements, and be able to pass a compliance audit near the end of the project. We will use the example of a typical legacy substation which has been in operation for more than fifteen years and undergone normal additions required by increased client demand. In most cases, such substations would resemble the following diagram.
4 Fig. 1 - Existing substation automation before project
5 The first order of business when moving an ongoing project towards NERC compliance is to plan for the substation s auditability As the project engineer, one must keep in mind that the plan must be approved by the company s NERC committee, and that deadlines and budgets are not expected to be impacted. A Review of the Project Usually, projects are planned and budgeted with preliminary engineering performed more than 18 months before actual implementation. This delay can create an issue relating to equipment and software costs, as well as delivery lead times. The first project review for CIP compliance will require the retrieval of all information on the previously selected components for the project. Then all potential critical cyber-assets will need to be documented. The list will finally be reviewed to ensure that the security requirements can be met with the equipment that had been originally selected. The initial substation planned architecture is presented below:
6 Fig. 2 - Automation overview diagram of planned project
7 It is important to review any potential new features of the equipment that had originally been selected in the planning stages of the project. Quite often, the product contains new features/capabilities that will in the end save time in the detailed engineering and commissioning phases. Hence, although one may feel the operation is time-consuming at first, it will probably save time by the end of the project. What remains to be examined is the increased paperwork and preliminary audit added to the factory acceptance test (FAT). The risk assessment portion could be performed during the audit and FAT. The project should be executed with a best practice approach which should bring the risk within a manageable context. Establishing the Security Perimeter The connection between the substation and the corporate WAN had been planned using a router and firewall. This setup had been approved by the IT group. In view of the NERC CIP requirements for an electronic perimeter, this configuration can no longer be considered adequate. For instance, this device does not meet the access control and logging requirements. Most substations also contain older devices such as power meters and DFRs with limited communications capabilities. These devices require some form of protocol converter. Also, in addition to the main access points, the EMS group requires the use of a dial-up connection for remote access to the metering equipment. Dial-up access is flagged as a major potential security risk by NERC CIP standards. Now it is clear to the engineering team that using only a router will not comply with NERC CIP s required electronic security perimeter. One might recommend a gateway device in addition to the router. Gateway devices usually provide secure communications capabilities using modem connections, serial, and TCP/IP. They create a single point of access to the substation making it easier to secure the electronic perimeter. Although they will vary form vendor to vendor, these gateway devices usually also provide an additional firewall and security features. Isolating the substation s critical assets and physically installing them in strategic and secure locations within the substation also helps to meet the CIP physical perimeter security requirements.
8 Equipment Inventory Once the electronic security perimeter has been defined, the inventory of equipment must be established and documented. Although this seems a difficult task on the onset, it is more easily prepared than one might think. All the information required is already available so that equipment data is brought back to the central systems (be it SCADA, EMS, Asset Management, or others) via the intelligent gateway. Designing how information is to move from substation to control center will also help define what information is more important. During this phase it is recommended to have short and to the point brainstorming sessions with the different groups wishing to have access and to have them document their requirements. One might be surprised how demands are reduced when written versions are required. Once this information has been identified, the intelligent gateway can be used to limit access to this information. Access levels and user groups should be used to only allow specified systems and users read or write access. Any other system should not be allowed to retrieve/operate on the information. For information which is made available via the intelligent gateway; the unit s security environment should be configured to let only the specified computer system(s) access the specified and approved information. This information should be documented for future auditing requirements. Access Control, Personnel Risk Assessment, Access to Cyber Assets and Account Management Before NERC CIP standards, these points were not normally part of a project. However, CIP standards make their assessment and documentation mandatory. Fortunately, help usually can be found in other groups within one s organization. Human resources and senior management can define access levels and the personnel who will have them, as well as perform the personnel risk assessment. This should not impact the project s budget. Only documentation of those accesses would remain to be produced. One can use a central security server or the intelligent gateway s security features to manage accounts. Obviously, central account management is much more efficient in providing comprehensive authentication and simplifies meeting the NERC requirement of being able to remove access rights rapidly. Central
9 user management may however require new servers and software, which would normally be expensed from the IT budget. Change Control Although change control and configuration management may seem new, most project managers who have been through a number of projects understand this as the mandatory documentation process to control risk during an automation upgrade project. Hence it is usually planned in the original weekly review list. At this point already seven items of your CIP requirements list have been addressed or planned for: CIP-002-R3 CIP-003-R4.1 CIP-003-R5.1 CIP-003-R6 CIP-004-R3 CIP-004-R4 CIP-005-R2 CIP-007-R5 Critical cyber asset identification Critical cyber asset information to be protected Access control Change control and configuration management Personnel risk assessment Personnel access to critical cyber assets Electronic access controls Account management So far, there was very little impact on budget or timelines, except for delays regarding reviews of personnel risk and their security clearance. However, this requirement is usually the responsibility of human resources for personnel and of the purchasing group for the contractors. Security Patch Management and Malicious Software Prevention The manufacturer of the gateway device will usually provide the tools to properly handle any patch management and prevent malicious software. Many techniques exist and it is not in the scope of this paper to decide which approach is better for this facet of the CIP requirements. Suffice it to mention that today, tools and equipment are available for this purpose. However, it is still up to the project team to validate that these tools will perform as required by the project and corporation. Test Procedures and Port Blocking During the final engineering phase, one should prepare a framework of the testing methodologies that could be required to validate the new automation system and its integration into the current substations operations. This is usually
10 done with the help of the vendor or the integrator. When dealing with a change/addition to an existing substation, careful planning must performed to ensure that the system will interface and react properly and promptly to the substation operation requirements. This detailed testing phase is the most appropriate time to check that all of the ports and services not required by applications are turned off. This can be done remotely, since it is easy to forget this type of work during commissioning of the systems at the substation. The IT group can provide the tools required for these tests. However, vulnerability testing should not be performed on a live system as it may render it inoperable. If possible, one should change the default ports. For example, DNP3 via TCP/IP uses port by default. With newer systems and applications, this can be changed, hence preventing anybody from accessing your system by trying to ping the standard ports.
11 Fig. 3 Overview drawing of the final concept for the new automation systems
12 Personnel Training Training is usually the last item on a project s list. In today s complex operational environment it should not be neglected. Personnel training has always been a priority for most organizations and is planned and budgeted accordingly. NERC CIP standards simply require more detailed documentation regarding training sessions, attendees and the personnel s ability to react appropriately in different situations. Training should be a requirement from all vendors providing the software/hardware for the project. The training should include detailed hands-on lessons with the applications, hardware and general software. Security Software Security software should be chosen together with the IT group and should provide a centralized approach, where it is easier to manage access rights and users, data logging, intrusion monitoring and system health monitoring. Local security should also be implemented in the substation, for onsite personnel. Local security must provide the capability of being integrated into the centralized approach to simplify overall user and application management but also to provide the capability for the security to be available at the local level when connection(s) to the centralized systems is not available. Conclusion Proper planning is the key to minimizing the impact of NERC CIP standards on a project s timeline and budget. Individual steps towards NERC CIP compliance are not complex: they simply require a little more effort on the documentation and planning sides. When one has experience with retrofit projects, proper documentation and training become a life-saver at project s end.
13 Appendix: CIP Standard Solutions Breakdown Requirement Description Solution CIP-002-R3 Critical cyber asset Reuse project inventory identification CIP-003-R4.1 Critical cyber asset information to be protected Review with different groups requiring access to information CIP-003-R5.1 Access control Seek access models from upper management, use centralized authentication model CIP-003-R6 Change control and configuration management Reuse project change management infrastructure CIP-004-R2 Training of all personnel Improve documentation CIP-004-R3 Personnel risk assessment Human Resources and Purchasing to conduct assessments CIP-004-R4 Personnel access to critical cyber assets Seek access models from upper management, use centralized authentication model CIP-005-R2 Electronic access controls Use centralized authentication model CIP-006-R2 Physical access controls Install card reader or video camera CIP-007-R1 Test procedures Use exhaustive FAT procedures CIP-007-R2 Ports and Services Reassign ports when possible, use intelligent gateway to restrict access CIP-007-R3 Security Patch Management Use intelligent gateway with security patch management feature built-in CIP-007-R4 Malicious software prevention Use intelligent gateway with malicious software prevention feature built-in CIP-007-R5 Account management Use centralized authentication model
The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.
CIPS Overview Introduction The reliability of the energy grid depends not only on physical assets, but cyber assets. The North American Electric Reliability Corporation (NERC) realized that, along with
More informationCyber Security Compliance (NERC CIP V5)
Cyber Security Compliance (NERC CIP V5) Ray Wright NovaTech, LLC Abstract: In December 2013, the Federal Energy Regulatory Commission (FERC) issued Order No. 791 which approved the Version 5 CIP Reliability
More informationMaking the most out of substation IEDs in a secure, NERC compliant manner
Making the most out of substation IEDs in a secure, NERC compliant manner Jacques Benoit, Product Marketing Manager, Cybectec Inc. Jean-Louis Pâquet, Chief of Technology, Cybectec Inc. Abstract An increasing
More informationRuggedCom Solutions for
RuggedCom Solutions for NERC CIP Compliance Rev 20080401 Copyright RuggedCom Inc. 1 RuggedCom Solutions Hardware Ethernet Switches Routers Serial Server Media Converters Wireless Embedded Software Application
More informationNERC CIP Tools and Techniques
NERC CIP Tools and Techniques Supplemental Project - Introduction Webcast Scott Sternfeld, Project Manager Smart Grid Substation & Cyber Security Research Labs ssternfeld@epri.com (843) 619-0050 October
More informationOpen Enterprise Architectures for a Substation Password Management System
CIGRÉ Canada 21, rue d Artois, F-75008 PARIS (154) Conference on Power Systems http : //www.cigre.org Toronto, October 4-6, 2009 Open Enterprise Architectures for a Substation Password Management System
More informationNERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com
NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)
More informationSummary of CIP Version 5 Standards
Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationThe Advantages of an Integrated Factory Acceptance Test in an ICS Environment
The Advantages of an Integrated Factory Acceptance Test in an ICS Environment By Jerome Farquharson, Critical Infrastructure and Compliance Practice Manager, and Alexandra Wiesehan, Cyber Security Analyst,
More informationJohn M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com
NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)
More informationINTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT
Utilities WHITE PAPER May 2013 INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT Table of Contents Introduction...3 Problem Statement...4 Solution Requirements...5 Components of an Integrated
More informationUtility Telecom Forum. Robert Sill, CEO & President Aegis Technologies February 4, 2008
Utility Telecom Forum Robert Sill, CEO & President Aegis Technologies February 4, 2008 1 Agenda Asked to describe his job, Mike Selves, director of Emergency Management and Homeland Security in Johnson
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationSecuring Distribution Automation
Securing Distribution Automation Jacques Benoit, Cooper Power Systems Serge Gagnon, Hydro-Québec Luc Tétreault, Hydro-Québec Western Power Delivery Automation Conference Spokane, Washington April 2010
More informationE-Commerce Security Perimeter (ESP) Identification and Access Control Process
Electronic Security Perimeter (ESP) Identification and Access Control Process 1. Introduction. A. This document outlines a multi-step process for identifying and protecting ESPs pursuant to the North American
More informationSCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards
SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which
More informationInformation Shield Solution Matrix for CIP Security Standards
Information Shield Solution Matrix for CIP Security Standards The following table illustrates how specific topic categories within ISO 27002 map to the cyber security requirements of the Mandatory Reliability
More informationInnovative Defense Strategies for Securing SCADA & Control Systems
1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet
More informationOlav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord
Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord Implementation of Cyber Security for Yara Glomfjord Speaker profile Olav Mo ABB
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationTRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More informationImplementation Plan for Version 5 CIP Cyber Security Standards
Implementation Plan for Version 5 CIP Cyber Security Standards April 10September 11, 2012 Prerequisite Approvals All Version 5 CIP Cyber Security Standards and the proposed additions, modifications, and
More informationRedesigning automation network security
White Paper WP152006EN Redesigning automation network security Presented at Power and Energy Automation Conference (PEAC), Spokane, WA, March 2014 Jacques Benoit Eaton s Cooper Power Systems Abstract The
More informationStandard CIP 007 3a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationNovaTech NERC CIP Compliance Document and Product Description Updated June 2015
NovaTech NERC CIP Compliance Document and Product Description Updated June 2015 This document describes the NovaTech Products for NERC CIP compliance and how they address the latest requirements of NERC
More informationNERC CIP Whitepaper How Endian Solutions Can Help With Compliance
NERC CIP Whitepaper How Endian Solutions Can Help With Compliance Introduction Critical infrastructure is the backbone of any nations fundamental economic and societal well being. Like any business, in
More informationManage Utility IEDs Remotely while Complying with NERC CIP
Manage Utility IEDs Remotely while Complying with NERC CIP Disclaimer and Copyright The information regarding the products and solutions in this document are subject to change without notice. All statements,
More informationApproved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2
Texas Wesleyan Firewall Policy Purpose... 1 Scope... 1 Specific Requirements... 1 PURPOSE Firewalls are an essential component of the Texas Wesleyan information systems security infrastructure. Firewalls
More informationAutomating NERC CIP Compliance for EMS. Walter Sikora 2010 EMS Users Conference
Automating NERC CIP Compliance for EMS Walter Sikora 2010 EMS Users Conference What do we fear? Thieves / Extortionists Enemies/Terrorists Stuxnet Malware Hacker 2025 Accidents / Mistakes 9/21/2010 # 2
More informationStandard CIP 007 3 Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for securing
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationCompleted. Document Name. NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method
NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method R2 Critical Asset Identification R3 Critical Cyber Asset Identification Procedures and Evaluation
More informationCONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT
Energy Research and Development Division FINAL PROJECT REPORT CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT Prepared for: Prepared by: California Energy Commission KEMA, Inc. MAY 2014 CEC
More informationGE Measurement & Control. Cyber Security for NERC CIP Compliance
GE Measurement & Control Cyber Security for NERC CIP Compliance GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used for purposes
More informationCyber Security for NERC CIP Version 5 Compliance
GE Measurement & Control Cyber Security for NERC CIP Version 5 Compliance imagination at work Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security Management Controls...
More informationIT Security and OT Security. Understanding the Challenges
IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control
More informationDocument ID. Cyber security for substation automation products and systems
Document ID Cyber security for substation automation products and systems 2 Cyber security for substation automation systems by ABB ABB addresses all aspects of cyber security The electric power grid has
More informationNorth American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)
Whitepaper North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5) NERC-CIP Overview The North American Electric Reliability Corporation (NERC) is a
More informationSecure Substation Automation for Operations & Maintenance
Secure Substation Automation for Operations & Maintenance Byron Flynn GE Energy 1. Abstract Today s Cyber Security requirements have created a need to redesign the Station Automation Architectures to provide
More informationBSM for IT Governance, Risk and Compliance: NERC CIP
BSM for IT Governance, Risk and Compliance: NERC CIP Addressing NERC CIP Security Program Requirements SOLUTION WHITE PAPER Table of Contents INTRODUCTION...................................................
More informationGE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance
GE Oil & Gas Cyber Security for NERC CIP Versions 5 & 6 Compliance Cyber Security for NERC CIP Versions 5 & 6 Compliance 2 Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security
More informationVerve Security Center
Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution
More informationEffective Use of Assessments for Cyber Security Risk Mitigation
White Paper Effective Use of Assessments for Cyber Security Risk Mitigation Executive Summary Managing risk related to cyber security vulnerabilities is a requirement for today s modern systems that use
More informationDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...
More informationSymphony Plus Cyber security for the power and water industries
Symphony Plus Cyber security for the power and water industries Symphony Plus Cyber Security_3BUS095402_(Oct12)US Letter.indd 1 01/10/12 10:15 Symphony Plus Cyber security for the power and water industries
More informationTechnology Solutions for NERC CIP Compliance June 25, 2015
Technology Solutions for NERC CIP Compliance June 25, 2015 2 Encari s Focus is providing NERC CIP Compliance Products and Services for Generation and Transmission Utilities, Municipalities and Cooperatives
More informationPCI v2.0 Compliance for Wireless LAN
PCI v2.0 Compliance for Wireless LAN November 2011 This white paper describes how to build PCI v2.0 compliant wireless LAN using Meraki. Copyright 2011 Meraki, Inc. All rights reserved. Trademarks Meraki
More informationLogRhythm and NERC CIP Compliance
LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate
More informationSupporting our customers with NERC CIP compliance. James McQuiggan, CISSP
Supporting our customers with NERC CIP compliance James, CISSP Siemens Energy Sector Energy products and solutions - in 6 Divisions Oil & Gas Fossil Power Generation Renewable Energy Service Rotating Equipment
More informationSIMPLIFYING THE PATCH MANAGEMENT PROCESS
SIMPLIFYING THE PATCH MANAGEMENT PROCESS www.icsupdate.com Monta Elkins Security Architect FoxGuard Solutions melkins@foxguardsolutions.com SIMPLIFYING THE PATCH MANAGEMENT PROCESS 2 SIMPLIFYING THE PATCH
More informationThe Importance of Cybersecurity Monitoring for Utilities
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More informationISACA rudens konference
ISACA rudens konference 8 Novembris 2012 Procesa kontroles sistēmu drošība Andris Lauciņš Ievads Kāpēc tēma par procesa kontroles sistēmām? Statistics on incidents Reality of the environment of industrial
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationRUGGEDCOM CROSSBOW. Secure Access Management Solution. siemens.com/ruggedcom. Edition 10/2014. Brochure
RUGGEDCOM CROSSBOW Secure Access Management Solution Brochure Edition 10/2014 siemens.com/ruggedcom Siemens RUGGEDCOM CROSSBOW Secure Access Manager and Station Access Controller Siemens RUGGEDCOM CROSSBOW
More informationIntroduction. Industry Changes
Introduction The Electronic Safety and Security Design Reference Manual (ESSDRM) is designed to educate and inform professionals in the safety and security arena. The ESSDRM discusses trends and expertise
More informationSecure Remote Substation Access Interest Group Part 3: Review of Top Challenges, CIPv5 mapping, and looking forward to 2014!
Secure Remote Substation Access Interest Group Part 3: Review of Top Challenges, CIPv5 mapping, and looking forward to 2014! October 3, 2013 Scott Sternfeld, Project Manager Smart Grid Substation & Cyber
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationPractical Considerations for Security
Practical Considerations for Security Steven Hodder GE Digital Energy, Multilin 1. Introduction This paper has been prepared to outline some practical security strategies for protection & control engineers
More informationSecure SCADA Network Technology and Methods
Secure SCADA Network Technology and Methods FARKHOD ALSIHEROV, TAIHOON KIM Dept. Multimedia Engineering Hannam University Daejeon, South Korea sntdvl@yahoo.com, taihoonn@paran.com Abstract: The overall
More informationUtility Modernization Cyber Security City of Glendale, California
Utility Modernization Cyber Security City of Glendale, California Cyber Security Achievements Cyber Security Achievements (cont) 1. Deploying IT Security Awareness training program Q4 2012 2. Purchased
More informationLessons Learned CIP Reliability Standards
Evidence for a requirement was not usable due to a lack of identifying information on the document. An entity should set and enforce a "quality of evidence" standard for its compliance documentation. A
More informationState of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005
State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationExperiment # 6 Remote Access Services
Experiment # 6 Remote Access Services 7-1 : Introduction Businesses today want access to their information anywhere, at any time. Whether on the road with customers or working from home, employees need
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationCybersecurity for Energy Delivery Systems 2010 Peer Review. William H. Sanders University of Illinois TCIPG: Network Access Policy Tool (NetAPT)
Cybersecurity for Energy Delivery Systems 2010 Peer Review Alexandria, VA July 20-22, 2010 William H. Sanders University of Illinois TCIPG: Network Access Policy Tool (NetAPT) (Joint work with David Nicol,
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationCyber security measures in protection and control IEDs
Cyber security measures in protection and control IEDs K. Hagman 1, L.Frisk 1, J. Menezes 1 1 ABB AB, Sweden krister.hagman@se.abb.com Abstract: The electric power grids and power systems are critical
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationCIP-005-3 Electronic Security Perimeter (ESP) - Dan Mishra FRCC Compliance Workshop May 09-13, 2011
CIP-005-3 Electronic Security Perimeter (ESP) - Dan Mishra FRCC Compliance Workshop May 09-13, 2011 1 Purpose Specific NERC CIP-005 Requirements Underlying fundamentals of the ESP architecture Building
More informationSecure Remote Substation Access Solutions
Secure Remote Substation Access Solutions Supplemental Project - Introduction Webcast October 16, 2013 Scott Sternfeld, Project Manager Smart Grid Substation & Cyber Security Research Labs ssternfeld@epri.com
More information8/27/2015. Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354. Don t Wait Another Day
Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354 2015 FRWA Annual Conference Don t Wait Another Day 1 SCADA Subsystems Management Physical Connectivity Configuration Mgmt.
More informationDeploying VSaaS and Hosted Solutions Using CompleteView
SALIENT SYSTEMS WHITE PAPER Deploying VSaaS and Hosted Solutions Using CompleteView Understanding the benefits of CompleteView for hosted solutions and successful deployment architecture Salient Systems
More informationNetwork Client. Troubleshooting Guide FREQUENTLY ASKED QUESTIONS
Network Client Troubleshooting Guide 1 Network Client Troubleshooting Guide The first section of this guide answers some frequently asked questions (FAQs) about the operation of Intellex and the Network
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationINCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
More information7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationIntegrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi etieghi@visionautomation.
Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems Enzo M. Tieghi etieghi@visionautomation.it Security IT & Control System Security: where are we?
More informationNetwork/Cyber Security
Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes Security
More informationfuture data and infrastructure
White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationNERC Cyber Security Standards
SANS January, 2008 Stan Johnson Manager of Situation Awareness and Infrastructure Security Stan.johnson@NERC.net 609-452-8060 Agenda History and Status of Applicable Entities Definitions High Level of
More informationJoe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security
Joe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security CIP-005-3 Audit Approach, ESP Diagrams, Industry Best Practices September 24 25, 2013 SALT LAKE CITY, UTAH
More informationUsing the DNP3.0 Protocol via Digi Device Servers and Terminal Servers
Using the DNP3.0 Protocol via Digi Device Servers and Terminal Servers For years, electric power utilities have relied on Digi internal serial cards (i.e., DigiBoard solutions) to connect UNIX, Linux and
More informationPROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE0000191
Interim Techlogy Performance Report 3 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V1 Company Name: The Boeing Company November 19, 2013 1 Interim Techlogy Performance Report 3
More informationHow To Create A Network Access Control (Nac) Solution
Huawei Terminal Security Management Solution Create Enterprise Intranet Security Terminal Security Management Solution 01 Introduction According to the third-party agencies such as the Computer Security
More informationCyber Security and Privacy - Program 183
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
More informationNetworking Basics for Automation Engineers
Networking Basics for Automation Engineers Page 1 of 10 mac-solutions.co.uk v1.0 Oct 2014 1. What is Transmission Control Protocol/Internet Protocol (TCP/IP)------------------------------------------------------------
More informationSupplier IT Security Guide
Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More information1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network
WP 1004HE Part 5 1. Cyber Security White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network Table of Contents 1. Cyber Security... 1 1.1 What
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More information