Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity)

Size: px
Start display at page:

Download "Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity)"

Transcription

1 Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity) Abstract Strong identity management enforced with digital authentication mechanisms has become the leading requirement to improve cyber security for utility operations. Utility operators don t really care how it works as long as they are confident that it does work. They want a solution that is standards-based, is interoperable with the commonly installed applications, and is extendable for legacy systems to lower the cost of ownership. General recommendations for a cryptographically-based cyber security solution are well defined in the American Gas Association s Report No. 12, Part 1, and commercial products are now available to implement these requirements. This paper presents, from a utility operator s point of view, the requirements to securely manage the keying material to protect SCADA communications and to access the maintenance ports of field devices. This paper also outlines areas of future investigation needed for a comprehensive solution. An introduction to the retrofit solution A retrofit solution to enhance access control and to protect information exchanged over Supervisory Control and Data Acquisition (SCADA) asynchronous serial communication channels and dial-up to the maintenance ports of field devices is now a reality. Recommendations for a cryptographically-based cyber security solution are well defined in American Gas Association (AGA) Report No. 12, Part 1. Recommended architecture A cryptographic module, called a CM, may be configured to protect SCADA communications (SCM) or configured to protect communications to the maintenance ports of field devices (MCM). If the term CM is used, it applies to either configuration. Figure 1 shows the recommended architecture to implement this solution. Retrofit requires the use of cryptography embedded in a SCADA Cryptographic Module (SCM) installed inline on the communication channel. SCMs should require minimal modification to existing hardware or software of the SCADA Master, Front End Processor (FEP), field device, or field technician s laptop computer. The field device may be a Remote Terminal Unit (RTU) or another Intelligent Electronic Device (IED) such as a communication processor or substation host. Some legacy devices may not have the capability to accept any modification. For this reason, the retrofit solution should, for the most part, be designed for no modification to the SCADA Master FEP, RTU and IED. Even if minimum modification is required, there would be significant cost to recertify these components if software or hardware is changed. Cryptographic module configurations It is common to build a cryptographic module that will operate in one of two modes; one box that can be operated in either mode. If a cryptographic module is configured to protect SCADA communications it is called a SCADA Cryptographic Module (SCM). If a cryptographic module is configured to protect access to the field device maintenance port and to protect the data communicated to and from the access port, it is called a Maintenance Cryptographic Module (MCM). All CMs have a local management port for configuration management. This port is used to squirt initial keying material into the CM and to set default parameters prior to field installation. Authorized personnel may access a local CM management port on site, /06/$20.00 (C) 2006 IEEE 1

2 or, if that port is connected to a communication interface it may be accessed remotely (commonly referred to as out-of-band communications). SCM configurations If a modem rack is used to support multiple SCADA communication channels, it is common to install SCMs in a rack configuration rather than stacking individual SCMs. This configuration is shown in Figure 1. SCMs at the field location may be installed on a point-to-point communication network or on a multidrop communication channel. If a multidrop communication channel is used, the SCM must have the capability to operate in a mixed mode because some field units on the multidrop may be protected and others may not. This capability also provides a more graceful cut-over to operations because the field SCMs can be turned on when ready, rather than all at once. Mixed mode operation is the one reason that the SCM must be able to interrogate the native communication protocol; in this case to get the address for each field device for which the message is intended. The other reason the SCM must interrogate the native communication protocol is to detect end of message. MCM configurations Protection of access to the maintenance ports and protecting data communicated over these channels may use an MCM at both ends of the communication channel, or one MCM at the field end of the communication channel and cryptographic software loaded on the field technician s laptop computer. Figure 1 shows the configuration with software and one MCM on each communication channel, because it is less costly and simpler to manage. This configuration is preferred. The field technician s laptop computer must include an available USB port that will accept an Authentication Key to satisfy the requirement for two factor authentication. Although a SmartCard device may be used to provide two factor authentication, it is not preferred because of cost, extra equipment (SmartCard reader), and it is not easy for field technicians to use. Secure cryptographic management system A Secure Cryptographic Management System (SCMS) is a critical component of the solution set needed for a system to cryptographically protect SCADA communications. Key management schemes must provide the capability to control the distribution, use, and to update cryptographic keys. Figure 1 shows the three SCMS subsystems of the recommended architecture. An administrative workstation equipped with a USB port for inserting the authentication key, which provides the authorization for the SCMS operator to manage all SCMS functions. A secure key management appliance used to store all keying materials. This appliance may be implemented as part of the administrative workstation, or as a separate unit that includes the function of a proxy server for key management. A key distribution system used to create and distribute keying material, and to store all the information about the configuration and status of CMs and authentication keys. Although SCMS is shown located in the SCADA control center, the SCMS may be located in any secure facility with the appropriate communication capability. AGA 12, Part 1, Addendum 1 (a work in progress) will specify the recommended practice for key establishment and use, classification and control of keys based on their intended use, requirements for the distribution of public keys, architectures supporting automated key updates in distributed systems, and the roles of trusted third parties. Systems capable of providing cryptographic services require techniques for initialization and key distribution. In addition, a protocol is needed for on-line (or in-band) update of keying material when that is the only means of remote communications, key backup and recovery, key revocation (probably the most difficult problem), and for managing certificates in certificate-based systems. Although AGA 12-1 Addendum 1 addresses key management to protect SCADA 2

3 communications, the same recommendations apply to management of keying material for other enterprise requirements. The AGA 12 project team has a clearly defined objective, which is to develop the framework for one key management system, and thereby avoid creating a unique key management system just for SCADA communications. Scope of this paper The scope of this paper is limited to the implementation requirements for the SCMS as needed to create and manage the keying material for all configurations of the CMs and authentication keys. The problem space and end-user options The purpose of this section is to describe the problem space and end-user options from two points of view. An end-user s operational view of cyber security management is from the time the cryptographic modules, laptop computer software, authentication keys, and SCMS is delivered, through deployment and commissioning, normal operation, repair and maintenance, and decommissioning. A supplier s view of cyber security management functions and capabilities is to determine what is needed throughout its life cycle. Note: bold italic text is used to highlight operational considerations that need to be considered by the supplier. The magnitude of SCADA operations and remote access to field devices Although SCADA operations and remote access to field devices procedures and communication capabilities vary widely, this paper uses one example to illustrate the requirements imposed on a comprehensive SCMS. Operational entities and organizational fiefdoms A hypothetical large energy company providing both gas distribution and electric transmission and distribution services is used as an example to illustrate the need for a comprehensive solution. In this example, gas distribution and electric transmission and distribution are part of the utility enterprise but operate separately. One SCMS, which is an extension of existing Information Technology (IT) policies and procedures throughout the enterprise, is desired for both gas and electric operations. Extending IT policies and procedures for both gas and electric operations through out the enterprise leads to the following SCMS derived requirements. 1. The SCMS must provide the capability for centralized control but decentralized execution to ensure a homogeneous application of IT security policy extensions with efficient operational implementation and management of keying materials. 2. For a large utility described in this example, central control should be implemented through policy rather than physical or logical management of keying material. For a small utility, central control may be implemented through both policy and physical or logical management of keying material. The SCMS must provide the capability to adapt to either environment. 3. The SCMS must provide the capability to establish a sub-enterprise level of control one for gas operation and one for electric operation. It is for this reason that AGA 12-1 recommends ANSI X9.69, which describes the implementation of cyber security for an enterprise, domains within the enterprise, and organizational units within the domain. For both gas and electric operations, it is usual practice that one or more control centers are active to provide regional control, and that one or more backup control centers are on standby to take over in case of an emergency. Furthermore, it is reasonable to assume that each control center operates independently with its own staff and communication channels to field equipment. 4. The recommended architecture shown in Figure 1 should be replicated in each control center. Although Figure 1 describes a retrofit solution, the same requirements apply to an IP-based network solution and an embedded solution. 3

4 One approach is to establish domains within each sub-enterprise. Each control center could represent a domain but there will be at least one other domain needed to include those organization units that support the domain of each control center (e.g., organizations such as Engineering, Field Maintenance). If the utility establishes one enterprise (no sub-enterprises), then each operation, one for gas operation and one for electric operation, could be domains within the enterprise. Communication issues this can get ugly It is common for one operation entity, such as gas distribution, to use a communication protocol, such as Modbus, that is different from the other operational entity. It is also common in a single operation entity to find a mix of a legacy protocol and a more modern protocol, such as DNP 3. And keep in mind, these communication protocols may be at different stages of deployment and commissioning. As described in AGA 12, Part 1, leased line, dial up telephone, and radio communication are the primary targets for the retrofit solution. Although not addressed in AGA 12, Part 1, VSAT-based communication is becoming more popular; for example, some utilities have as many as 200 substations operating SCADA over satellite communications. Multi-drop communication channels operating at 1200 bps to 19.2 Kbps are common. The most common speed is 9600 bps with a polling frequency of 5 seconds. Some channels may have 10 drops, but more commonly they are configured with 5 or 6 drops. In very rare instances, we found a radio channel operating at 1200 bps was configured with 100 drops. Not all field devices need to be protected. In general the installation of SCMs on SCADA communication channels will be phased in, thus creating the need for the Master Station SCMs (or head-end SCMs in a daisy chain configuration as described in AGA 12 Part 1) to operate in a mixed mode. SCMs compliant with AGA 12, Part 1 need to be designed to operate over the most common protocols, operate in a multi-drop and mixed mode configurations. In accordance with cyber security policy, the SCMS must provide the capability to manage keying material needed to support all CM operational modes. 5. Because of the need to support mixed mode and phased deployment, the SCMS must provide the capability to remotely distribute keying material to CMs. The assumption is that CMs are installed but operating in a bypass mode until they are activated. Some consideration needs to be given to providing the SCMS with the capability to securely change a CM from normal operation to operating in a bypass mode. The consequence may be an unacceptable security risk. 6. Distribution of keying material to field CMs may accomplished using one or more of the following approaches: In-band communication channels, Modems (including wireless) if they are provided to support communication to local CM management port, Site visit and load keying material via local CM management port, Load keying material prior to installation and commissioning of CM. SCMS management within the control center Figure 1 shows connectivity between the SCMS Key Management Appliance and the multi-channel SCM rack to the local management port of each SCM in the rack. It is not unreasonable to assume that this communication be implemented over an IPbased LAN. 7. For IP based communication between the SCMS Key Management Appliance and local management ports of each SCM in the multichannel SCM rack, the SCM local management port must have the capability to interface to an IP-based network. 8. For serial based communication between the SCMS Key Management Appliance and each local management 4

5 port on the SCM in the multichannel SCM rack, each SCM local management port must support one of two options: Dedicated communication channel between each SCM management port and the Key Management Appliance, Use of a port share or port switch connected to one serial communication channel to the Key Management Appliance. SCMS management within the field site Figure 1 shows multiple SCMs and MCMs in the remote field site. Although the local management port is only shown on the SCM, a local management port is also required on each MCM. Again, it is not unreasonable to assume that this communication be implemented over an IP-based LAN. 9. For IP-based communication between the SCMS Key Management Appliance and local management port of each CM (SCM and MCM) within the remote field site, the CM local management port must have the capability to interface to an IP-based network. 10. For serial based communication between the SCMS Key Management Appliance and the local management port on each CM within the remote field site, each CM local management port must support one or more options: Provide the capability to use a dedicated communication channel between each CM management port and the Key Management Appliance, Provide the capability to use a port share or port switch connected to one serial communication channel to the Key Management Appliance, Provide the capability to use a local connection to each CM management port from an authorized computer and user. SCMS management of authentication keys As reported by Gellings, Samototyi & Howe in the IEEE Power & Energy magazine September/October 2004, p.43, The Future s Smart Delivery System, disgruntled employees are one of the most perceived intrusion threats. The most perceived threats to power controls are information leakage, intercepting and altering control settings, authorization violation, integrity violation, and bypassing controls. In response to this insider threat, Identity Management (IM) and Role Based Access Control (RBAC) managed by organization units unique to each utility operation are needed. Clearly, the use of RBAC managed by organization units unique to each utility operation is needed. Although the organizational structure for operations may differ widely from utility to utility, the example shown in Figure 2 is useful to identify roles and responsibilities that must be managed by the SCMS. The basic idea portrayed in this example is the separation of roles and responsibilities between three organization units within the Power Delivery domain. Service Center is responsible for substation operations and maintenance, Operations is responsible for 24/7 power system operations, and Engineering and Planning is responsible for engineering and equipment performance. It is important to note that the Dispatcher in Operations is responsible for and has the authority to exercise system control of the power system. Local control within a substation is a separate organizational function wherein the on-site substation operator has responsibility and authority for equipment control as related to the maintenance of the equipment. Engineering and Planning is a mixed breed. Engineering includes Protection Engineering which has the responsibility and authority to change setting related to power system protection but no authority to exercise equipment or power system control. A parallel organization within Engineering and Planning is responsible for equipment performance. The field technicians have the authority to perform diagnosis but no authority to change settings or exercise local control that is, they have a read only privilege. If diagnosis indicates that repair or maintenance is required, the field technician prepares a report and sends it to the Service Center for appropriate action. 5

6 Each of these organizational units may be supported by field engineers representing the vendors that supplied the equipment. These vendors may have similar but restricted authority to support the respective organizations. The SCMS authority given to vendors may vary. One approach is to only allow vendors to simply identify who will support a specific task, and the utility organizational unit authority then issues the needed certificates and credentials to that individual. This minimizes the trust needed in the vendor s internal control processes but adds to the work load of the utility organization supported. Another approach is to empower the vendor as an organizational unit authority, which then allows the vendor to manage identity, authorization and use privileges in accordance with prespecified conditions. This reduces the work load on the utility organization supported but requires more trust in the vendor s internal control processes. The above example for vendors is applicable to the business partnerships that have prespecified contract relationships. In either case, a risk assessment is needed to determine the degree of trust to be placed in a third party and the necessary oversight required to ensure that this trust is warranted. The SCMS must support all approaches to be compliant with security policies and procedures of each utility. Before discussing effective management of certificates of authorization and privileges, it is useful to understand the special case of dial-up access to the maintenance ports of field devices. Figure 3 describes an example of identity management, access rights and authorization privileges afforded by blending the recommendation of AGA 12, Part 1, with existing use of passwords. The current practice is to load the IED vendor toolkit software on the field technician s laptop computer. The technician dials the auto-answering modem and when a connection is established, a password is entered and the IED (RTU, for example) verifies the session password. When verified, the technician now has level 1 (read), level 2 (write: change settings), or level 3 (factory settings) privileges. It is also common practice to permit the technician to change the password of equal or lower level. The relationship between the organizational units shown in Figure 2 and the access and authorization shown in Figure 3 is represented by Group designations in Figure 3. For example, Groups 1 and 6 have access and authorization for the RTU only. They do not have access to other IEDs. For the AGA 12 retrofit solution, changes to existing field device (IED or RTU) software is to be avoided. For the AGA 12 embedded solution, this may not be a problem. As shown in Figure 3, ANSI X9.69 compliant software is loaded on the laptop computer and some of these software components are loaded on the Authentication Key. As a minimum, the identity certificate should be on the authentication key to enforce two factor authentications required by AGA 12, Part 1. More sophisticated authentication keys will accept permission credentials and combiner. A CM operating in the MCM mode is placed between the auto answering modem and a port switch that connects to the maintenance ports of each RTU or IED in Figure 1. In this configuration, one MCM protects access to all field device maintenance ports. As a minimum, the MCM will issue a challenge to the X9.69 identity certificate to ensure that the user has access rights to the field device maintenance ports. This keying material must be managed by the SCMS. Credentials which contain the predefined permissions can also be used to enhance the control of user authorization to perform selected action. However, in addition to MCM software, this may require changes to the field device software depending on the level of control required. Effective authorization certificate and privilege management Because the SCMS manages the certificates of authorization and privileges across this organizational structure, it must provide the capabilities needed to support the functions described below. 11. Because of the organization structure and operational philosophy described by Figure 2 it seems reasonable to 6

7 establish a domain of responsibility for Power System Operation. A parallel or subordinate domain could, if needed altogether, be established for each support vendor. Each domain is empowered to execute and manage its keying material as specified in ANSI X9.69 this is viewed as distributed execution within the centralized control of the Enterprise Authority. As stated before, centralized control ensures that proper extension of the enterprise security policies and procedure are enforced through all domains and organizations, including support vendors and business partnerships. 12. Within each domain, and in compliance with ANSI X9.69, organizational units are responsible for assigning rights and privileges to all entities (people and devices) for which they are responsible. This requires that each domain and organizational unit replicate the SCMS, or selected components of the SCMS that is described in Figure 2, and include those functions needed for their assigned responsibilities. The challenge of issuing, changing, or revoking certificates and privileges Any organization will experience normal turnover of personnel, termination of personnel, and changing roles and responsibility of personnel as they move or add assignments that cross organizational units and many times across domains. For example, it is very common that personnel experienced in power delivery operations will leave the company and go to work for a supplier of equipment used by that company. Therefore, the SCMS must provide the capability to issue, change, or revoke certificates of authorization and privileges in a timely response to organizational and domain changes. 13. Identity management, authorization and privileges need to be assignable for a selected time period and managed by the organizational unit authority(s) that have direct supervision over the tasks performed by the individual. This will probably require agreements of cooperation between domain authorities and between organizational unit authorities as described in ANSI X Individual certificates need to be stored on an Authentication Key that is assigned in accordance with company policies and procedures to any individual. 15. Secure distribution of keying material or revocation of keying material over modems, Wide Area Network (WAN), and the Internet as shown in Figure 1 needs to be supported by the SCMS. Although these requirements seem logical, a reliable, timely, and cost effective implementation is not a simple matter. Revocation lists are commonly used in IT systems, but implementation of these lists creates significant communication, CPU, and memory requirements in cryptographic modules. Several alternative mechanisms are under investigation at this time. Revocation lists can be managed easily by the Key Management Appliance and Administrative Workstation, but this would require that each CM (SCM and MCM) exchange messages with the SCMS to verify that the sending entity has valid access authorization and privileges. Keying material can be issued with short user-settable timeouts so that certificates of authorization and privileges are automatically revoked when their time expires. Field test and evaluation are needed to determine the best techniques. SCMS alarm processing AGA 12, Part 1, requires that all CMs record all events and output an alarm related to a CM anomalous event. How this is implemented is not specified in AGA 12, Part 1. The SCMS needs to provide the capability to receive and process in a timely manner all alarms related to a CM anomalous event. 16. CM alarms detected in a field CM need to be recorded by the field device and reported as alarms through normal SCADA communication channels to the SCADA master. 7

8 17. CM alarms detected within the control center need to be reported as alarms to the SCADA Operator. 18. CM alarms received by the SCADA master need to be communicated to the Key Management Appliance and Administrative Workstation for review and processing by the SCMS operator. 19. The SCMS operator at the SCMS Administrative Workstation needs to have the capability to process alarms related to an anomalous CM event, and to issue the necessary correction action in accordance with predefined policies and procedures in a timely manner. Alarm processing is another area that needs further research in the following areas: Timely and effective methods to deliver alarms to the appropriate administrative workstation for review and processing. Intrusion Detection System (IDS) functions need to be integrated into the SCMS in either an embedded or associate subsystem. Furthermore, adaptive-learning algorithms need to be developed to support the IDS requirements. Trusted 3 rd party SCMS provider All SCMS requirements may be assigned to a trusted 3 rd party SCMS provider under the appropriate terms and conditions negotiated between the utility and the trusted 3 rd party SCMS provider. This will be the subject of a future paper. 3. More research is needed to develop effective alarm processing and timely corrective action mechanisms and procedures. 4. Because some legacy devices do not have the capability to accept any modification, the retrofit solution must be designed to operate without changes to the SCADA Master, Front End Processor, Remote Terminal Unit, or Intelligent Electronic Device in the field. 5. The SCADA cryptographic module must have the capability to operate in a mixed mode on a multi-drop communication channel because some field devices may be protected and some may not. 6. Significant improvements to provide secure access to the maintenance ports of field devices can now be achieved at low cost, and easily be justified with a simple business case, which compares the cost of shutting down the dial-up and sending crews to the field site to perform the same functions locally with the cost of securing remote communications. References 1. AGA Report Number 12, Part 1, Cryptographic Protection of SCADA Communications General Requirements. The latest version of AGA 12, Part 1 is available from holsteindk@adelphia.net. 2. ANSI X , Framework for Key Management Extensions 3. IEEE Power and Energy magazine, September October 2004, see page 43. Conclusions and suggested research The top 6 findings from this study are: 1. A comprehensive solution is needed to avoid building stovepipe solutions, each unique to a specific organizational entity or fiefdom within the end-user s enterprise. 2. Extensive field testing is needed to evaluate the best approach to manage keying materials. A cost effect method to manage keying materials needed for SCADA communication security and secure access to the maintenance ports is the greatest challenge at this time. 8

9 Figure 1 Recommended retrofit architecture Figure 2 Example organizational for utility operations 9

10 Figure 3 Example of access rights and authorization privileges for maintenance 10

NSTB. AGA 12, Part 2 Performance Test Plan. Mark Hadley, Kristy Huston Pacific Northwest National Laboratories. November 2006. National SCADA Test Bed

NSTB. AGA 12, Part 2 Performance Test Plan. Mark Hadley, Kristy Huston Pacific Northwest National Laboratories. November 2006. National SCADA Test Bed U.S. Department of Energy Office of Electricity Delivery and Energy Reliability AGA 12, Part 2 Performance Test Plan Mark Hadley, Kristy Huston Pacific Northwest National Laboratories November 2006 NSTB

More information

ISACA rudens konference

ISACA rudens konference ISACA rudens konference 8 Novembris 2012 Procesa kontroles sistēmu drošība Andris Lauciņš Ievads Kāpēc tēma par procesa kontroles sistēmām? Statistics on incidents Reality of the environment of industrial

More information

Cyber Security for Utility Operations. Final Report. Period of Performance October, 2003 April, 2005

Cyber Security for Utility Operations. Final Report. Period of Performance October, 2003 April, 2005 Cyber Security for Utility Operations NETL Project M63SNL34 Sponsored by the U.S. DOE Office of Energy Assurance Managed by NETL Final Report Period of Performance October, 2003 April, 2005 Dennis Holstein

More information

Securing Distribution Automation

Securing Distribution Automation Securing Distribution Automation Jacques Benoit, Cooper Power Systems Serge Gagnon, Hydro-Québec Luc Tétreault, Hydro-Québec Western Power Delivery Automation Conference Spokane, Washington April 2010

More information

Building A Secure Microsoft Exchange Continuity Appliance

Building A Secure Microsoft Exchange Continuity Appliance Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building

More information

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT Utilities WHITE PAPER May 2013 INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT Table of Contents Introduction...3 Problem Statement...4 Solution Requirements...5 Components of an Integrated

More information

Wi-Fi Protected Access for Protection and Automation

Wi-Fi Protected Access for Protection and Automation Wi-Fi Protected Access for Protection and Automation a work in progress by CIGRE Working Group B5.22 Dennis K. Holstein on behalf of CIGRE B5.22 This is an interactive discussion Who is CIGRE B5.22 What

More information

E-Commerce Security Perimeter (ESP) Identification and Access Control Process

E-Commerce Security Perimeter (ESP) Identification and Access Control Process Electronic Security Perimeter (ESP) Identification and Access Control Process 1. Introduction. A. This document outlines a multi-step process for identifying and protecting ESPs pursuant to the North American

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

HANDBOOK 8 NETWORK SECURITY Version 1.0

HANDBOOK 8 NETWORK SECURITY Version 1.0 Australian Communications-Electronic Security Instruction 33 (ACSI 33) Point of Contact: Customer Services Team Phone: 02 6265 0197 Email: assist@dsd.gov.au HANDBOOK 8 NETWORK SECURITY Version 1.0 Objectives

More information

Document ID. Cyber security for substation automation products and systems

Document ID. Cyber security for substation automation products and systems Document ID Cyber security for substation automation products and systems 2 Cyber security for substation automation systems by ABB ABB addresses all aspects of cyber security The electric power grid has

More information

IT Security and OT Security. Understanding the Challenges

IT Security and OT Security. Understanding the Challenges IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control

More information

Facilitated Self-Evaluation v1.0

Facilitated Self-Evaluation v1.0 Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) Patricia Hoffman Facilitated Self-Evaluation v1.0 Assistant Secretary Office of Electricity Delivery and Energy Reliability U.S.

More information

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75 Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.

More information

RuggedCom Solutions for

RuggedCom Solutions for RuggedCom Solutions for NERC CIP Compliance Rev 20080401 Copyright RuggedCom Inc. 1 RuggedCom Solutions Hardware Ethernet Switches Routers Serial Server Media Converters Wireless Embedded Software Application

More information

Chapter 9. Communications and Networks. McGraw-Hill/Irwin. Copyright 2008 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 9. Communications and Networks. McGraw-Hill/Irwin. Copyright 2008 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 9 Communications and Networks McGraw-Hill/Irwin Copyright 2008 by The McGraw-Hill Companies, Inc. All rights reserved. Competencies (Page 1 of 2) Discuss connectivity, the wireless revolution,

More information

Out-of-Band Management: the Integrated Approach to Remote IT Infrastructure Management

Out-of-Band Management: the Integrated Approach to Remote IT Infrastructure Management WHITE PAPER Management: the Integrated Approach to Remote IT Management EXECUTIVE SUMMARY For decades, business imperatives for information technology (IT) have remained constant to cut costs and improve

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

Designing a security policy to protect your automation solution

Designing a security policy to protect your automation solution Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...

More information

Secure SCADA Communication Protocol Performance Test Results

Secure SCADA Communication Protocol Performance Test Results PNNL-17118 Secure SCADA Communication Protocol Performance Test Results M.D. Hadley K.A. Huston August 2007 Prepared for U.S. Department of Energy Office of Electricity Delivery and Energy Reliability

More information

Secure Substation Automation for Operations & Maintenance

Secure Substation Automation for Operations & Maintenance Secure Substation Automation for Operations & Maintenance Byron Flynn GE Energy 1. Abstract Today s Cyber Security requirements have created a need to redesign the Station Automation Architectures to provide

More information

A Comparison of Oil and Gas Segment Cyber Security Standards

A Comparison of Oil and Gas Segment Cyber Security Standards INEEL/EXT-04-02462 Revision 0 Control Systems Security and Test Center A Comparison of Oil and Gas Segment Cyber Security Standards Prepared by the Idaho National Engineering and Environmental Laboratory

More information

Security Issues with Integrated Smart Buildings

Security Issues with Integrated Smart Buildings Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern

More information

DIGITAL CONTROL SYSTEM PRODUCT SOLUTIONS

DIGITAL CONTROL SYSTEM PRODUCT SOLUTIONS Multi-function substation server Unlock the value of your substation data with Alstom s multi-function substation server Enabling the Smart Grid with Alstom's DAP server The is a multi-function substation

More information

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations

More information

CG Automation Solutions USA

CG Automation Solutions USA CG Automation Solutions USA (Formerly QEI Inc.) Automation Products and Solutions CG Automation Works for You INDUSTRY SOLUTIONS Electric T&D Utilities Renewable Energy Transit Authorities Public Power

More information

Chapter 1: Introduction

Chapter 1: Introduction Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure

More information

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808 cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

More information

Potential Targets - Field Devices

Potential Targets - Field Devices Potential Targets - Field Devices Motorola Field Devices: Remote Terminal Units ACE 3600 Front End Devices ACE IP Gateway ACE Field Interface Unit (ACE FIU) 2 Credential Cracking Repeated attempts to

More information

PrivyLink Cryptographic Key Server *

PrivyLink Cryptographic Key Server * WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology

More information

Fundamentals of Network Security - Theory and Practice-

Fundamentals of Network Security - Theory and Practice- Fundamentals of Network Security - Theory and Practice- Program: Day 1... 1 1. General Security Concepts... 1 2. Identifying Potential Risks... 1 Day 2... 2 3. Infrastructure and Connectivity... 2 4. Monitoring

More information

Secure Networks for Process Control

Secure Networks for Process Control Secure Networks for Process Control Leveraging a Simple Yet Effective Policy Framework to Secure the Modern Process Control Network An Enterasys Networks White Paper There is nothing more important than

More information

GE Measurement & Control. Cyber Security for NEI 08-09

GE Measurement & Control. Cyber Security for NEI 08-09 GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4

More information

Information Technology Branch Access Control Technical Standard

Information Technology Branch Access Control Technical Standard Information Technology Branch Access Control Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 5 November 20, 2014 Approved: Date: November 20,

More information

future data and infrastructure

future data and infrastructure White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal

More information

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3 ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3 TO THE Overview EXHIBIT T to Amendment No. 60 Secure Wireless Network Services are based on the IEEE 802.11 set of standards and meet the Commonwealth of Virginia

More information

WISE-4000 Series. WISE IoT Wireless I/O Modules

WISE-4000 Series. WISE IoT Wireless I/O Modules WISE-4000 Series WISE IoT Wireless I/O Modules Bring Everything into World of the IoT WISE IoT Ethernet I/O Architecture Public Cloud App Big Data New WISE DNA Data Center Smart Configure File-based Cloud

More information

How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework

How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework Jacques Benoit, Cooper Power Systems Inc., Energy Automations Solutions - Cybectec Robert O Reilly, Cooper

More information

What you don t know about industrial GSM/GPRS modem communications

What you don t know about industrial GSM/GPRS modem communications What you don t know about industrial GSM/GPRS modem communications A White Paper presented by: Ira Sharp Product Marketing Lead Specialist Phoenix Contact P.O. Box 4100 Harrisburg, PA 17111-0100 Phone:

More information

PLCs and SCADA Systems

PLCs and SCADA Systems Hands-On Programmable Logic Controllers and Supervisory Control / Data Acquisition Course Description This extensive course covers the essentials of SCADA and PLC systems, which are often used in close

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

CYBER SECURITY POLICY For Managers of Drinking Water Systems

CYBER SECURITY POLICY For Managers of Drinking Water Systems CYBER SECURITY POLICY For Managers of Drinking Water Systems Excerpt from Cyber Security Assessment and Recommended Approach, Final Report STATE OF DELAWARE DRINKING WATER SYSTEMS February 206 Kash Srinivasan

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323

More information

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is 1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the

More information

Security Testing in Critical Systems

Security Testing in Critical Systems Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base

More information

On the Road to. Duke takes the road less traveled and arrives at a new level of distribution automation.

On the Road to. Duke takes the road less traveled and arrives at a new level of distribution automation. On the Road to Intelligent CONTINUOUS REMOTE MONITORING INTEGRATED VOLT/VAR CONTROL Duke takes the road less traveled and arrives at a new level of distribution automation. LAYING A SOLID FOUNDATION In

More information

John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)

More information

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which

More information

Intel Active Management Technology Embedded Host-based Configuration in Intelligent Systems

Intel Active Management Technology Embedded Host-based Configuration in Intelligent Systems WHITE PAPER Intel vpro Technology Embedded Host-based Configuration in Intelligent Systems Easy activation of Intel vpro technology remote manageability without trade-offs in security, functionality, and

More information

Protect Identities for people, workstations, mobiles, networks

Protect Identities for people, workstations, mobiles, networks ot Corporate ID Protect Identities for people, workstations, mobiles, networks Address your security needs with the leader in the corporate identity market Corporate security challenges The security of

More information

OPERATIONS CAPITAL. The Operations Capital program for the test years is divided into two categories:

OPERATIONS CAPITAL. The Operations Capital program for the test years is divided into two categories: Filed: September 0, 00 EB-00-0 Tab Schedule Page of OPERATIONS CAPITAL.0 INTRODUCTION Operations Capital funds enhancements and replacements to the facilities required to operate the Hydro One Transmission

More information

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date: A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine

More information

The Advantages of an Integrated Factory Acceptance Test in an ICS Environment

The Advantages of an Integrated Factory Acceptance Test in an ICS Environment The Advantages of an Integrated Factory Acceptance Test in an ICS Environment By Jerome Farquharson, Critical Infrastructure and Compliance Practice Manager, and Alexandra Wiesehan, Cyber Security Analyst,

More information

How To Get A Power Station To Work With A Power Generator Without A Substation

How To Get A Power Station To Work With A Power Generator Without A Substation Wi-Fi Protected Access for Protection and Automation Key Material Authentication Key Presented to: 13 December 2006 Dennis K. Holstein on behalf of CIGRE B5.22 1 The good news and the bad news Who is CIGRE

More information

Network Security Guidelines. e-governance

Network Security Guidelines. e-governance Network Security Guidelines for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type

More information

SCADA. The Heart of an Energy Management System. Presented by: Doug Van Slyke SCADA Specialist

SCADA. The Heart of an Energy Management System. Presented by: Doug Van Slyke SCADA Specialist SCADA The Heart of an Energy Management System Presented by: Doug Van Slyke SCADA Specialist What is SCADA/EMS? SCADA: Supervisory Control and Data Acquisition Retrieves data and alarms from remote sites

More information

SCADA Systems. Make the most of your energy. March 2012 / White paper. by Schneider Electric Telemetry & Remote SCADA Solutions

SCADA Systems. Make the most of your energy. March 2012 / White paper. by Schneider Electric Telemetry & Remote SCADA Solutions SCADA Systems March 2012 / White paper by Schneider Electric Telemetry & Remote SCADA Solutions Make the most of your energy Summary Executive Summary... p 2 Introduction... p 3 Field Instrumentation...

More information

A Systems Approach to HVAC Contractor Security

A Systems Approach to HVAC Contractor Security LLNL-JRNL-653695 A Systems Approach to HVAC Contractor Security K. M. Masica April 24, 2014 A Systems Approach to HVAC Contractor Security Disclaimer This document was prepared as an account of work sponsored

More information

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

Information Technology General Controls Review (ITGC) Audit Program Prepared by: Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the

More information

ADM:49 DPS POLICY MANUAL Page 1 of 5

ADM:49 DPS POLICY MANUAL Page 1 of 5 DEPARTMENT OF PUBLIC SAFETY POLICIES & PROCEDURES SUBJECT: IT OPERATIONS MANAGEMENT POLICY NUMBER EFFECTIVE DATE: 09/09/2008 ADM: 49 REVISION NO: ORIGINAL ORIGINAL ISSUED ON: 09/09/2008 1.0 PURPOSE The

More information

Spillemyndigheden s Certification Programme Information Security Management System

Spillemyndigheden s Certification Programme Information Security Management System SCP.03.00.EN.1.0 Table of contents Table of contents... 2 1 Objectives of the... 3 1.1 Scope of this document... 3 1.2 Version... 3 2 Certification... 3 2.1 Certification frequency... 3 2.1.1 Initial certification...

More information

ipad in Business Security

ipad in Business Security ipad in Business Security Device protection Strong passcodes Passcode expiration Passcode reuse history Maximum failed attempts Over-the-air passcode enforcement Progressive passcode timeout Data security

More information

Understanding Programmable Automation Controllers (PACs) in Industrial Automation

Understanding Programmable Automation Controllers (PACs) in Industrial Automation Understanding Programmable Automation Controllers (s) in Industrial Automation Meet the Modern Industrial Application Implementing a modern industrial application can present a challenging and sometimes

More information

RIG Acceptance Test (RAT) Procedures

RIG Acceptance Test (RAT) Procedures RIG Acceptance Test (RAT) Procedures RIG Acceptance Test (RAT) Procedure 0 Print Date 2 /20/2007 REVISION HISTORY REVISON NO. DATE DESCRIPTION 1.0 Initial Release 0 Update Logo and Links i RIG Acceptance

More information

An Introduction to SCADA-ICS System Security. Document Number IG-101 Document Issue 0.1 Issue date 03 February 2015

An Introduction to SCADA-ICS System Security. Document Number IG-101 Document Issue 0.1 Issue date 03 February 2015 An Introduction to SCADA-ICS System Security Document Number IG-101 Document Issue 0.1 Issue date 03 February 2015 Overview Supervisory Control And Data Acquisition (SCADA) for Industrial Control Systems

More information

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING 6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING The following is a general checklist for the audit of Network Administration and Security. Sl.no Checklist Process 1. Is there an Information

More information

San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions August 10, 2015. Electric Grid Operations

San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions August 10, 2015. Electric Grid Operations San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions August 10, 2015 Electric Grid Operations Director Electric Grid Operations: Responsible for overall transmission

More information

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams

More information

Designing secure networks for substation automation and control systems

Designing secure networks for substation automation and control systems Designing secure networks for substation automation and control systems Niculescu Eliodor Sorin, Rusta Constantin, Mircea Paul Mihai, Ruieneanu Liviu and Daianu Adrian Abstract Development of the energy

More information

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions AMD DAS (DASH, AMD Virtualization (AMD-V ) Technology, and Security) 1.0 is a term used to describe the various

More information

ICTTEN4051A Install configuration programs on PC based customer equipment

ICTTEN4051A Install configuration programs on PC based customer equipment ICTTEN4051A Install configuration programs on PC based customer equipment Release: 1 ICTTEN4051A Install configuration programs on PC based customer equipment Modification History Not Applicable Unit Descriptor

More information

CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS. Massimo Petrini (*), Emiliano Casale TERNA S.p.A.

CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS. Massimo Petrini (*), Emiliano Casale TERNA S.p.A. 21, rue d Artois, F-75008 PARIS D2-102 CIGRE 2012 http : //www.cigre.org CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS Massimo Petrini (*), Emiliano Casale

More information

Deployment Of Multi-Network Video And Voice Conferencing On A Single Platform

Deployment Of Multi-Network Video And Voice Conferencing On A Single Platform Deployment Of Multi-Network Video And Voice Conferencing On A Single Platform Technical White Paper Document Overview This document provides an overview of the issues, capabilities and benefits to be expected

More information

The Shift to Wireless Data Communication

The Shift to Wireless Data Communication The Shift to Wireless Data Communication Choosing a Cellular Solution for Connecting Devices to a WWAN Dana Lee, Senior Product Manager dana.lee@moxa.com Recent developments in the wireless and industrial

More information

R-Win. Smart Wireless Communication Management System

R-Win. Smart Wireless Communication Management System Smart Wireless Communication Management System General R-Win is a smart communications adapter for management of wireless communications in a SCADA/Distributed Control System. The R-Win system includes

More information

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.

More information

CONTROL MICROSYSTEMS DNP3. User and Reference Manual

CONTROL MICROSYSTEMS DNP3. User and Reference Manual DNP3 User and Reference Manual CONTROL MICROSYSTEMS SCADA products... for the distance 48 Steacie Drive Telephone: 613-591-1943 Kanata, Ontario Facsimile: 613-591-1022 K2K 2A9 Technical Support: 888-226-6876

More information

Using Cellular RTU Technology for Remote Monitoring and Control in Pipeline and Well Applications

Using Cellular RTU Technology for Remote Monitoring and Control in Pipeline and Well Applications Using Cellular RTU Technology for Remote Monitoring and Control in Pipeline and Well Applications Steve Frank Business Development Manager Moxa Inc. Introduction Cellular technology minimizes site visits

More information

ACE3600 HIGH PERFORMANCE MONITORING & CONTROL REMOTE TERMINAL UNIT

ACE3600 HIGH PERFORMANCE MONITORING & CONTROL REMOTE TERMINAL UNIT HIGH PERFORMANCE MONITORING & CONTROL REMOTE TERMINAL UNIT PAGE 1 EMPOWER YOUR SCADA NETWORK Utilities, now more than ever, are facing newer and greater hurdles. Multiple wired and wireless communication

More information

Joe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security

Joe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security Joe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security CIP-005-3 Audit Approach, ESP Diagrams, Industry Best Practices September 24 25, 2013 SALT LAKE CITY, UTAH

More information

Websense Support Webinar: Questions and Answers

Websense Support Webinar: Questions and Answers Websense Support Webinar: Questions and Answers Configuring Websense Web Security v7 with Your Directory Service Can updating to Native Mode from Active Directory (AD) Mixed Mode affect transparent user

More information

Using HART with asset management systems

Using HART with asset management systems Using HART with asset management systems Since it s the most broadly deployed smart device platform, is HART the right choice for your plant? Here are some considerations for end users. John Yingst, Sr.

More information

Understanding SCADA System Security Vulnerabilities

Understanding SCADA System Security Vulnerabilities Understanding SCADA System Security Vulnerabilities Talking Points Executive Summary Common Misconceptions about SCADA System Security Common Vulnerabilities Affecting SCADA Networks Tactics to Strengthen

More information

Opengear Technical Note

Opengear Technical Note - Solutions for Avaya Installations Opengear Technical Note Jared Mallett - Product Marketing Manager Opengear solutions deliver cost-effective universal access to Avaya equipment and converged devices

More information

Wireless Communications for SCADA Systems Utilizing Mobile Nodes

Wireless Communications for SCADA Systems Utilizing Mobile Nodes , pp. 1-8 http://dx.doi.org/10.14257/ijsh.2013.7.5.01 Wireless Communications for SCADA Systems Utilizing Mobile Nodes Minkyu Choi Security Engineering Research Support Center, Daejon, Republic of Korea

More information

TRIPWIRE NERC SOLUTION SUITE

TRIPWIRE NERC SOLUTION SUITE CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering

More information

ABB North America. Substation Automation Systems Innovative solutions for reliable and optimized power delivery

ABB North America. Substation Automation Systems Innovative solutions for reliable and optimized power delivery ABB North America Substation Automation Systems Innovative solutions for reliable and optimized power delivery Substation Automation Systems Advanced substation automation, protection and control solutions

More information

Information Security Assessment and Testing Services RFQ # 28873 Questions and Answers September 8, 2014

Information Security Assessment and Testing Services RFQ # 28873 Questions and Answers September 8, 2014 QUESTIONS ANSWERS Q1 How many locations and can all locations be tested from a A1 5 locations and not all tests can be performed from a central location? central location. Q2 Connection type between location

More information

San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions June 4, 2015. Electric Grid Operations

San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions June 4, 2015. Electric Grid Operations San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions June 4, 2015 Electric Grid Operations Director Electric Grid Operations: Responsible for overall transmission

More information

SCADA/Business Network Separation: Securing an Integrated SCADA System

SCADA/Business Network Separation: Securing an Integrated SCADA System SCADA/Business Network Separation: Securing an Integrated SCADA System This white paper is based on a utility example but applies to any SCADA installation from power generation and distribution to water/wastewater

More information

NERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

NERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)

More information

Intel Enhanced Data Security Assessment Form

Intel Enhanced Data Security Assessment Form Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized

More information

Deploying iphone and ipad Security Overview

Deploying iphone and ipad Security Overview Deploying iphone and ipad Security Overview ios, the operating system at the core of iphone and ipad, is built upon layers of security. This enables iphone and ipad to securely access corporate services

More information

IT Networking and Security

IT Networking and Security elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer

More information

Achieving PCI-Compliance through Cyberoam

Achieving PCI-Compliance through Cyberoam White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit

More information

Considerations for Hybrid Communications Network Technology for Pipeline Monitoring

Considerations for Hybrid Communications Network Technology for Pipeline Monitoring Considerations for Hybrid Communications Network Technology for Pipeline Monitoring Craig Held White Paper April 2012 Abstract The concept of automation (and its corresponding technologies) is a primary

More information

Data and Command Encryption for SCADA

Data and Command Encryption for SCADA Data and Command Encryption for SCADA Kevin Mackie Smart Infrastructure Oil and Gas Division Schneider Electric Calgary, Canada Abstract This paper discusses the encryption of data and commands in oil

More information

Critical Controls for Cyber Security. www.infogistic.com

Critical Controls for Cyber Security. www.infogistic.com Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability

More information