Nice Situator for Electric Utilities and Nerc-Cip Compliance. Copyright 2013 NICE Systems Ltd. All rights reserved.

Transcription

1 Nice Situator for Electric Utilities and Nerc-Cip Compliance Copyright 2013 NICE Systems Ltd. All rights reserved.

2 Important Notice NICE Systems Ltd. shall bear no responsibility or liability to a client or to any person or entity with respect to liability, loss or damage caused or alleged to be caused directly or indirectly by any NICE product. This includes, but is not limited to, any interruption of service, loss of business or anticipatory profits or consequential damage resulting from the use or operation of any NICE products. Information in this document is subject to change without notice and does not represent a commitment on the part of NICE Systems Ltd. The systems described in this document are furnished under a license agreement or non-disclosure agreement. All information included in this document, such as text, graphics, photos, logos and images, is the exclusive property of NICE Systems Ltd. and protected by United States and international copyright laws. Permission is granted to view and photocopy (or print) materials from this document for personal, non-commercial use only. Any other copying, distribution, retransmission or modification of the information in this document, whether in electronic or hard copy form, without the express prior written permission of NICE Systems Ltd., is strictly prohibited. In the event of any permitted copying, redistribution or publication of copyrighted material, no changes in, or deletion of, author attribution, trademark legend or copyright notice shall be made. This product is covered by one or more of the following US patents: 5,216,744 5,457,782 6,246,752 6,615,193 6,865,604 7,010,106 7,305,082 7,474,633 7,587,454 7,705,880 7,751,590 RE41,292 5,274,738 5,911,134 6,249,570 6,694,374 6,871,229 7,010,109 7,333,445 7,532,744 7,599,475 7,714,878 7,761,544 5,289,368 5,937,029 6,252,946 6,728,345 6,880,004 7,058,589 7,346,186 7,545,803 7,631,046 7,716,048 7,770,221 5,325,292 6,044,355 6,252,947 6,775,372 6,937,706 7,085,728 7,383,199 7,546,173 7,660,297 7,720,706 7,788,095 5,339,203 6,115, ,194 6,785,369 6,959,079 7,152,018 7,386,105 7,573,421 7,664,794 7,725,318 7,801,288 5,396,371 6,122,665 6,330,025 6,785,370 6,965,886 7,203,655 7,392,160 7,577,246 7,665,114 7,728,870 7,822,605 5,446,603 6,192,346 6,542,602 6,856,343 6,970,829 7,240,328 7,436,887 7,581,001 7,683,929 7,738,459 7,848,947 NICE Disclaimer: NICE Disclaimer: We own the following trademarks in different countries: 360º View, Alpha, ACTIMIZE, Actimize logo, Customer Feedback, Dispatcher Assessment, Encorder, enicelink, Executive Connect, Executive Insight, FAST, FAST alpha Blue, FAST alpha Silver, FAST Video Security, Freedom, Freedom Connect, IEX, Interaction Capture Unit, Insight from Interactions, Investigator, Last Message Replay, Mirra, My Universe, NICE, NICE logo, NICE Analyzer, NiceCall, NiceCall Focus, NiceCLS, NICE Inform, NICE Learning, NiceLog, NICE Perform, NiceScreen, NICE SmartCenter, NICE Storage Center, NiceTrack, NiceUniverse, NiceUniverse Compact, NiceVision, NiceVision Alto, NiceVision Analytics, NiceVision ControlCenter, NiceVision Digital, NiceVision Harmon y, NiceVision Mobile, NiceVision Net, NiceVision NVSAT, NiceVision Pro, Performix, Playback Organizer, Renaissance, Scenario Replay, ScreenSense, Tienna, TotalNet, TotalView, Universe, Wordnet are trademarks and/or registered trademarks of NICE Systems Ltd. All other trademarks are the property of their respective owners. All contents of this document are: Copyright 2011 NICE Systems Ltd. All rights reserved.

3 Table of Contents Overview... 1 Business Challenges... 1 Data Consolidation and Unified Management in Complex Environments... 1 Inconsistent Event Response... 1 High Rate of Employee Turnover and Increased Training Costs... 2 Increased Threats and Risk... 2 Complex and Ever-changing Reporting Requirements... 2 Physical Security and NERC CIP... 2 How the NICE Situation Management Solution Delivers NERC CIP Compliance... 3 NICE Solution Highlights... 3 Unified Management, Centralized Control... 3 Consistent Event Response and Exception Management... 4 NERC CIP Requirements that can be Implemented in NICE Situator... 6 Examples of General Procedures Embedded in NICE Situator... 7 Situation Management and the Electric Generation/Transmission Control Rooms... 7 NICE Situator Deployment in an Electric Utility SOC... 7 Meeting NERC CIP Personnel and Training Requirements (CIP-004)... 7 NICE Situator NERC CIP Capability Highlights... 8 NICE Situator Physical Security Compliance Automation... 9 List of Figures Figure 1: Identifying what happened, where it happened and what to do in NICE Situator...3 Figure 2: A sampling of NERC-CIP related Quick Launch buttons in NICE Situator... 5 Figure 3: NERC-CIP related new incident popup notification alert...6 Figure 4: Complying with NERC-CIP using NICE Situator...10

4 Overview The North American Electric Reliability Corporation (NERC) is a non-government organization which has statutory responsibility to regulate bulk power system users, owners and operators through the adoption and enforcement of standards for fair, ethical and efficient practices. Along with the Regional Reliability Organizations, NERC has the legal authority to enforce compliance with NERC Reliability Standards, which it achieves through a rigorous program of monitoring, audits and investigations, and the imposition of financial penalties and other enforcement actions for non-compliance. As part of these regulations, NERC has established the Critical Infrastructure Protection (CIP) standards. These standards specify the implementation of a holistic security approach to protect the bulk electric systems in North America. Energy companies and utilities across the US must move quickly towards compliance to the CIP standards. Achieving NERC CIP compliance and maintaining it is a daunting task. With the consequences for noncompliance both costly and risk increasing, the electric utilities industry faces significant challenges in ensuring and sustaining effective, efficient compliance. This white paper reviews aspects of the electric utility industry s operating environment and how the NICE solution comprehensively address the challenges of implementing NERC CIP standards around physical security and sustaining compliance. Business Challenges Faced with the increased scope of new technologies and growing regulatory compliance requirements, electric utilities are seeking ways to address challenges such as: Consolidation and effective management of huge amounts of data in multi-site environments Enforcing consistent event response according to NERC CIP standards Increased training costs and time as a result of high employee turnover rate Increased threats and risks while budgets are constant Achieving and sustaining NERC CIP compliance Data Consolidation and Unified Management in Complex Environments Electric utilities function in challenging environments, with multiple sites some unmanned and many remote. In addition, growing expectations for continuously improving, cost-effective safety, security and operations has dramatically increased the scope of new technologies and sensors that are deployed across the organization s sites, sending vast amounts of information into the security control room. The continuous trend of mergers and acquisitions among power utilities increases the number of different brands and technologies that are used in the organization and the number of siloed systems that need to be monitored. This information overload reduces control room operator efficiency and increases the risk of human error. Inconsistent Event Response Most electric utilities do not have the necessary policies, procedures and processes in place to adequately meet NERC CIP requirements and to handle events consistently and effectively. In addition, many utilities find it difficult to take written procedures and implement them in actual security control room day-to-day operations and then make sure that every event is handled and documented according to those procedures. With the dynamic nature of the NERC CIP standards, the challenge increases. 1

5 High Rate of Employee Turn over and Increased Training Costs Electric utilities must ensure that all security operators within the organization are not only familiar with NERC CIP standards and the organizational procedures that result from these standards, but will follow these procedures consistently in all circumstances. This becomes particularly challenging since many security operators are contracted workers with a high turnover rate. The result is a costly and time-consuming training and certification process which must cover complex procedures and a variety of differing IT and security systems from multiple vendors each with a different look and feel. And still, this does not ensure that procedures and response will be followed and acted upon. Increased Threats and Risk The electric utility industry faces more threats than ever in the form of terror, crime, vandalism and increasingly, costly copper theft: As potential terror targets, the ramifications of damage to the bulk electric system could be severe Crime, sabotage and vandalism are no less of an issue. Not only costly to replace or repair, these incidents can affect the service provided by organizations to the surrounding population and impact public image With a direct correlation between the price of copper and the rate of theft, incidents of copper theft are on the rise as the price of copper has reached an all time high going from approximately $1.25 per pound in 2009 to around $4 a pound in 2011 Complex and Ever-changing Reporting Requirements Physical Security and NERC CIP With NERC s requirement to develop and enforce mandatory reliability standards, new and increasing threats make regulatory compliance even more necessary. Additionally, the costly penalties associated with non-compliance are prohibitive, and can be up to $1 million per day. While significant attention and resources have been devoted to the compliance of the cyber security aspects of NERC CIP, given the potential consequences of the above listed threats, physical security should be considered with as much focus. In the following section, we will show you how NICE solutions were designed to respond to the electric utility industry s challenging environment, mitigate threats and risk while achieving and maintaining NERC CIP compliance. How the NICE Situation Management Solution Delivers NERC CIP Compliance NICE Situator, the leading Situation Management solution, integrates and correlates information in real time from multiple and diverse systems across the enterprise. At the same time, it coordinates the most effective and compliant responses, ensuring that everyone in the security management and operational chains know what is happening, where it s happening and how to respond. An ongoing challenge to electric utilities is creating a verified audit trail and having a proper reporting mechanism. While crucial to regulatory compliance, debriefing, investigation and prosecutorial actions, reporting is also extremely time-consuming, costly and damaging when done inaccurately. 2

6 NICE Solution Highlights Meeting the business challenges faced by modern electric utilities, NICE Situator: Consolidates and manages the vast amount of data flowing into control rooms from all connected security systems Automates processes to ensure consistent event response and exception management capabilities Helps organizations meet and sustain regulatory compliance requirements even dynamic requirements such as NERC-CIP Unified Management, Centralized Control NICE Situator merges all access control systems, video cameras, perimeter protection sensors, geo- location systems, communication systems, web feeds, fire and safety systems, HR systems, other data sources and operating procedures into a single unified platform. NICE Situator then fuses, correlates and prioritizes all data from these disparate systems. At any point, only the most relevant data is displayed on a single intuitive user interface to the operator with clear guidelines, ensuring that the operator has everything needed to manage the situation according to the organization s policies, SOPs (Standard Operating Procedures) and regulations. In a multi-operator environment, Situator ensures that only the right people see the right information resulting in consistent and efficient response as well as freeing up other operators to work on other tasks without interruption. Evolving incidents can be assigned to multiple stakeholders at once, allowing operators to collaborate on managing an incident. One example is assigning tasks or sharing information between the physical and cyber security teams in while handling incidents. Figure 1: Identifying what happened, where it happened and what to do with NICE Situator. 3

7 Consistent Event Response and Exception Management NICE Situator is able to identify potential or unfolding situations by intelligently connecting the dots between seemingly unrelated events. Furthermore, NICE Situator enforces processes, automates specific tasks and complex workflows, and intelligently adapts them as an event unfolds to reduce the risk of human error. This not only ensures that the right action is taken at the right time by empowering organizations and their personnel to make consistent, effective and informed decisions, it also ensures compliance with NERC CIP regulations. The exception management principles inherent in NICE Situator make it possible to design modular response workflows that can adapt automatically or on-demand as situations develop. Featuring an industry-leading intelligent correlation engine, NICE Situator is used to correlate security, safety, IT and operations data streams. Based on customer configurable business logic, suspected patterns are evaluated and appropriate alerts are generated, presented to the user and trigger pre-configured workflows. Situator supports both the definition of business rules and dynamic workflows. Business rules are easily definable through a graphic wizard. Dynamic workflows are designed using a Microsoft Visio-like drag-and-drop Graphical User Interface, allowing logical elements and actions to be configured by the administrator to create virtually any custom business logic required. Initiating an Incident in NICE Situator NICE Situator, an incident occurs: Automatically when triggered by sensor alarms (rule based) Automatically via scheduled time-based triggers On-demand via Quick Launch buttons which enable operators to quickly and easily trigger predefined actions when responding to emergency situations or to automate routine actions.typical automatic activation examples are: sending notification to responders and command post; generating reports; activating announcements; commanding external systems according to regular daily schedules; etc. Figure 2: A sampling of NERC-CIP related Quick Launch buttons in NICE Situator. NICE Situator correlates all incoming data, analyzes an unfolding event for immediate situational awareness and automatically presents all relevant information, procedures and workflows in a consistent, pre-defined response to the operator in the Incidents view. Operators are directed to handle relevant incidents when they receive situation alerts in the form of pop-up notifications. 4

8 Figure 3: NERC-CIP related new incident pop-up notification alert. In addition, Situator provides a highly flexible mechanism for incident escalation definition and management. NERC CIP Requirements that can be Implemented in NICE Situator Below are some examples of various NERC CIP requirements that can be automated by NICE Situator: Procedures for immediate review and handling of unauthorized access attempts such as: door forced open, multiple unauthorized card swipes and others (NERC CIP- 006 R5) Workflow for the review of access authorization requests and revocation of access authorizations (NERC CIP 006 R1.5) Implementation of response plan, handling procedures and communications plans (NERC CIP-008 R1) Automated classification and characterization of incidents by correlating security alerts with geographical information (GIS), and other relevant information such as time of day (NERC CIP-006 R1.1) Workflow for logging and maintaining visitor access logs via phone calls to SOC at remote sites that are routinely unmanned, eliminating the need to maintain paper logs onsite (NERC CIP-006 R1.6.1) Procedures for maintenance and testing by control room operators and on-site personnel (NERC CIP-006 R8) Implementation of incident reporting process (NERC CIP- 008 R1.3) Examples of General Procedures Embedded in NICE Situator Below are some examples of general standard (security and safety) operating procedures that are embedded and automated by NICE Situator: Penetration of the secured facility s perimeter Assault with a firearm Person in restricted area Sensor failure Duress button activation Disconnected gateway Door held open Cooper theft Shelter in place Smoke and/or fire Chemical spill Explosion of a gas pipe 5

9 Situation Management and the Electric Generation/Transmission Control Rooms NICE Situator s capability to connect multiple systems in order to unify different sources of information is not limited to just the security control-room. it can also be used in other control rooms. One example is the electrical grid (transmission) or the electrical generation control rooms. NICE Situator integrates different operational systems such as SCADA, Historians, Energy Managements Systems (EMS) and others; it consolidates the information that needs to be presented to the operator, and identifies important alerts or situations. In the event that a response is necessary, NICE Situator uses its advanced task and workflows capabilities to advise the operator on the specific tasks that need to be performed. NICE Situator Deployment in an Electric Utility SOC The results achieved by one of the nation s largest electric utility providers spanning across 11 states illustrates the effectiveness of using NICE Situator to meet and sustain NERC-CIP compliance. This well known US IOU (investor-owned utility) leveraged the NICE solution to implement its physical security plan and maintain NERC- CIP compliance. By unifying their security platform, the IOU Security Operations Center has: Gone from managing 14 sites to 250 without increasing personnel Increased efficiency and reduced event-handling time by 60% Integrated and centralized more than 5000 sensors Self-added more than 2000 security procedures Reduced new operator training time from 10 weeks to 5 weeks Ensures NERC CIP physical security compliance at all times Meeting NERC CIP Personnel and Training Requirements (CIP-004) NERC CIP also contains requirements around personnel and training, which are usually managed by HR systems and other applications. NICE Situator can integrate with HR, access control and other systems in order to automate certain actions and to report on the status of personnel and training compliance policies. This provides a more complete view of the NERC CIP compliance status within the organization. NICE Situator NERC CIP Capability Highlights NICE Situator implements NERC CIP physical security policies and ensures they are consistently followed by control room operators no matter what their experience or expertise. As an open solution, Situator was designed to integrate with legacy systems of all kinds and at the same time is ready for future technology, requirements and regulations to meet the evolving needs of the electric utility industry. NICE Situator provides many NERC CIP compliance capabilities as illustrated by this partial list: The Situator planning tool enables customers to create multiple incident types Tasks and procedures can be adjusted to specific sites NICE Situator ensures that policies are consistently followed by control room operators For each procedure a time-stamped report is automatically generated detailing tasks/actions performed by the control room operator Reports can be generated in PDF format and serve as evidence of compliance during audits The NICE Situator Task Scheduler automatically reminds responsible personnel of deadlines for review/exercise/ testing to ensure they are not overlooked NICE Situator automatically informs managers, relevant personnel and cyber security teams of incidents and their status by using , SMS and mass notification systems Incident documentation is easily managed with reporting capabilities that consolidate all the relevant information into a single incident report 6

10 The process of using NICE Situator to meet NERC-CIP compliance is illustrated in Figure 5. Figure 4: Complying with NERC-CIP using NICE Situator. NICE Situator Physical Security Compliance Automation NICE Situator s comprehensive and multi-layered approach to addressing the needs of the electric utility industry is based on decades of experience providing solutions for some of the world s most security conscious environments and locations. Its proven technology and capabilities are in continual use, ensuring the security and compliance of organizations throughout North America and across the world. With a completely integrated and unified platform where tasks, procedures, and responses are pre-planned, often automated and always recorded, compliance and reporting can become a seamless event for the electric utilities industry with NICE Situator. 7

11 CONTACTS Global International HQ, Israel T F Americas, North America T F EMEA, Europe & Middle East T F Asia Pacific, Singapore Office T F The full list of NICE marks are the trademarks or registered trademarks of Nice Systems Ltd. For the full list of NICE trademarks, visit All other marks used are the property of their respective proprietors. ABOUT NICE systems NICE (NASDAQ: NICE) is the worldwide leader of software solutions that deliver strategic insights by capturing and analyzing mass quantities of structured and unstructured data in real time from multiple sources, including, phone calls, mobile apps, s, chat, social media, and video. NICE solutions enable organizations to take the Next-Best-Action to improve customer experience and business results, ensure compliance, fight financial crime, and safeguard people and assets. NICE solutions are used by over 25,000 organizations in more than 150 countries, including over 80 of the Fortune 100 companies. DATE 07/2013 P/N WP CONTENTS OF THIS DOCUMENT ARE COPYRIGHT 2013.