CIP R2 BES Assets Containing Low Impact BCS. Lisa Wood, CISA, CBRA, CBRM Compliance Auditor Cyber Security
|
|
- Ethelbert Young
- 8 years ago
- Views:
Transcription
1 CIP R2 BES Assets Containing Low Impact BCS Lisa Wood, CISA, CBRA, CBRM Compliance Auditor Cyber Security
2 Slide 2 About Me Been with WECC for 5 years 1 ½ years as a Compliance Program Coordinator 2 Years as an Associate Compliance Auditor 1 Year as a Compliance Auditor, Cyber Security OPSGEAR for 1 year Risk JPMorgan Chase for 7 years
3 Slide 3 Agenda Day 1 Recap CIP R2 Low Impact Update Attachment 1 overview Attachment G (per section) Examples of Evidence (per section) Considerations (per section) Questions
4 Slide 4 Day 1 Recap Discussed SDT updates to Low Impact (CIP R2), and Guidelines and Technical Basis Overview of CIP Applied IRC to BILL s BES Assets Determined impact rating for each BES Asset Identified which of BILL s BES Assets fell into Low impact rating
5 Slide x166.jpg
6 Slide 6 Low Impact Progress Changes to Requirement language Added Attachment 1 & 2 Developed a tiered approach to implementation timeline of Low Impact Newly defined terms: Low Impact External Routable Connectivity Low Impact BES Cyber System Electronic Access Point
7 Slide 7 CIP R1 Policies R1. Each Responsible Entity shall review and obtain CIP Senior Manager approval at least once every 15 calendar months for one or more documented cyber security policies that collectively address the following topics: 1.2 For its assets identified in CIP-002 containing low impact BES Cyber Systems, if any: Cyber security awareness; Physical security controls; Electronic access controls for Low Impact External Routable Connectivity (LERC) and Dial-up Connectivity; and Cyber Security Incident response (NERC, 2015, CIP Cyber Security, p.5)
8 Slide 8 CIP R2 Language R2. Each Responsible Entity with at least one asset identified in CIP-002 containing low impact BES Cyber Systems shall implement one or more documented cyber security plan(s) for its low impact BES Cyber Systems that include the sections in Attachment 1. [Violation Risk Factor: Lower] [Time Horizon: Operations Planning] Note: An inventory, list, or discrete identification of low impact BES Cyber Systems or their BES Cyber Assets is not required. Lists of authorized users are not required. (NERC, 2015, CIP Cyber Security, p.8)
9 Slide 9 Attachment 1 Added Attachment 1 Required Sections for Cyber Security Plan(s) for Assets Containing Low Impact BES Cyber Systems (LIBCS). Includes the four (4) subject matter areas that were developed in response to FERC s concerns in Order 791 relative to specific controls and objective criteria for Low-impact BCS: Cyber Security Awareness Physical Security Controls Electronic Access Controls Cyber Security Incident Response
10 Slide 10 Attachment 1 (continued) Provides flexibility on how to apply the required security controls Utilization of High and Medium Impact BCS policies, procedures, and processes for your Low Impact BCS Can develop Cyber Security plans by asset or group of assets
11 Slide 11 Attachment 2 Added Attachment 2 Examples of Evidence for Cyber Security Plan(s) for Assets Containing Low Impact BES Cyber Systems High level, non-prescriptive Is not all-inclusive
12 Slide 12 Important Actions/Dates Ballot came back February 2, 2015 Board of Trustees Approval February 12, 2015 Filed with FERC February 13, 2015 Pending Regulatory decision
13 Slide 13 Tiered Approach to Implementation
14 Slide 14 Newly Defined Terms Low Impact External Routable Connectivity (LERC) Direct user-initiated interactive access or a direct device-todevice connection to a low impact BES Cyber System(s) from a Cyber Asset outside the asset containing those low impact BES Cyber System(s) via a bi-directional routable protocol connection. Point-to-point communications between intelligent electronic devices that use routable communication protocols for time-sensitive protection or control functions between Transmission station or substation assets containing low impact BES Cyber Systems are excluded from this definition (examples of this communication include, but are not limited to, IEC GOOSE or vendor proprietary protocols). (NERC, 2015, Definition of Terms, p. 1)
15 Slide 15 Newly Defined Terms (continued) Low Impact BES Cyber System Electronic Access Point (LEAP) A Cyber Asset interface that controls Low Impact External Routable Connectivity (LERC). The Cyber Asset containing the LEAP may reside at a location external to the asset or assets containing low impact BES Cyber Systems. (NERC, 2015, Definition of Terms, p. 1)
16 Slide 16 Newly Defined Terms What is the reason for them? To differentiate the obligations and implementations of Low Impact BCS from the High and Medium Impact BCS
17 Slide 17 Attachment G: Pre-Audit Data Request Provide: (a) a list of BES assets [R1.3] that contain Low Impact BCS, as determined by the application of the CIP IRC, (b) plan documentation (c) documentation the plans were implemented
18 Slide 18 Audit Approach Does the entity have a list of BES assets containing low impact BES Cyber Systems? Does the entity have documented Cyber Security Plan(s) for low impact BCS? Did the entity implement the plans and controls in Attachment 1?
19 Slide 19 Examples of Evidence Spreadsheet or list of BES assets containing Low Impact BCS Cyber Security Plan(s) documentation Evidence of implementation of the Cyber Security Plan(s) and associated controls
20 Slide 20 Attachment 1 Section 1. Cyber Security Awareness
21 Slide 21 Attachment 1 - Section 1 1. Cyber Security Awareness: Each Responsible Entity shall reinforce, at least once every 15 calendar months, cyber security practices, (which may include associated physical security practices).
22 Slide 22 Attachment G: Pre-Audit Data Request Section 1 Cyber Security Awareness Provide plan documentation including policies, programs, and processes. Provide documentation that the reinforcement of cyber security practices occurred at least once every 15 calendar months.
23 Slide 23 Audit Approach Did the entity document the cyber security practices? Do the practices cover the protection of Low Impact BES Cyber Systems (logical or physical)? What is the entity s process for reinforcing the documented cyber security practices? Did the entity follow the documented processes for reinforcing the cyber security practices once every 15 months?
24 Slide 24 Examples of Evidence Cyber Security Awareness Plan Documentation Evidence of reinforcement Direct Communications s Memos Computer-based training What else?
25 Slide 25 Examples of Evidence Evidence of reinforcement (continued) Indirect Communications Posters Intranet Brochures Company Newsletters Coffee mugs Management Support and Reinforcement Presentations w/ agenda and topics
26 Slide 26 Cyber Security Awareness Considerations Five do s for a Security Awareness program: 1. Ensure executive support and management buyin 2. Make it fun 3. Include posters, newsletters, tips, and reminders 4. Focus on changing behaviors 5. Solicit end-user ideas
27 Slide 27 Security Awareness Resources SANS Securing the Human Resources anning Planning Measuring results Posters
28 Slide 28 Attachment 1 Section 2. Physical Security Controls
29 Speaker Intro: Darren T. Nielsen, CPP, PSP, PCI, CISA, CBRM, CBRA, 25 years Physical Security Experience Marine Corps Veteran (PRP) Retired Law Enforcement Officer 8 years Critical Infrastructure Protection Program ASIS Utilities Security Council - Chair ASIS Physical Security Council Degrees: M.Ad. (Leadership Emphasis) w/distinction- Northern Arizona University BA- Police Science- Ottawa University (Summa Cum Laude)
30 30 OVERVIEW Known Unknown Suggestions
31 Slide 31 Audit Approach-Low Impact shall control physical access, based on need as determined by the responsible entity Need should be a business justification based on a risk determination Risk = Threat x Vulnerability x Consequence
32 Slide 32 Section 2 - Audit Approach Risk = Threat x Vulnerability x Consequence Threat Who or what could damage the facility or asset(s)? Vulnerability How easily could that damage be carried out? Consequence How bad would the damage be in the larger picture? W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
33 Slide 33 Attachment G: CIP R2 Evidence Section 2 Physical Security Controls Provide (a) documentation of the selected controls, (b) an explanation and rationale for the selected controls, and (c) documented policies, procedures, and processes for controlling physical access, specific to those controls. Provide documentation that the selected controls were implemented to control access to the asset, if any, or the location of the BES Cyber System within the asset; and the Cyber Asset containing LEAP, if any.
34 Slide 34 Section 2 - Audit Approach What are the controls the entity selected and why? The why is where the entity should explain how they determined the need for the selected controls ( based on need as determined by the Responsible Entity ) Do the policies, procedures, and processes address the selected controls? Did the entity implement the controls?
35 Slide 35 Section 2 Audit Approach (cont.) Do the selected controls address the Asset or the location of the LIBCS? Does the entity have any LEAPs and do they have controls in place to control physical access to the LEAP?
36 Slide 36 Components of Physical Security Access Control Perimeter or barrier Access Points Doors Windows Ducts Locks and/or Security Guard Monitoring Alert or alarm when the barrier has been crossed Human observation Direct Video Alarm system Logging Who crossed the barrier? When did they cross it?
37 Slide 37 Examples of Evidence Documentation of security controls including rationale for selecting those controls May include: Physical security plan/program Site-specific plans List of controls for each LIBCS Evidence of security control implementation Photographs Direct Observation Access Logs Diagrams/Facility Maps
38 Slide 38 Attachment 1 Section 3. Electronic Access Controls
39 Morgan King, CISSP-ISSAP, CISA Slide 39 Senior Compliance Auditor, Cyber Security
40 Requirement R2, Attachment 1, Section 3 Electronic Access Controls Slide 40 Establishment of boundary protections From devices external to the asset containing the low impact BES Cyber Systems Control communication either into the asset containing low impact BES Cyber System(s) At the low impact BES Cyber System itself Reduce the risks associated with uncontrolled communication using routable protocols or Dial-up Connectivity February 5, 2015
41 Slide 41 Attachment 1 Section 3 3. Electronic Access Controls: Each Responsible Entity shall : 3.1 For LERC, if any, implement a LEAP to permit only necessary inbound and outbound bi-directional routable protocol access; and 3.2 Implement authentication of all Dial-up Connectivity, if any, that provides access to low impact BES Cyber Systems, per Cyber Asset capability. February 5, 2015
42 Requirement R2, Attachment 1, Section 3 Guidelines and Technical Basis electronic access control used in the general sense, i.e., to control access, and not in the specific technical sense requiring authentication, authorization, and auditing. Slide 42 February 5, 2015
43 Low Impact External Routable Connectivity (LERC) Slide 43 Direct user-initiated interactive access or a direct device-to- device connection to a low impact BES Cyber System(s) from a Cyber Asset outside the asset containing those low impact BES Cyber System(s) via a bi-directional routable protocol connection. Point-topoint communications between intelligent electronic devices that use routable communication protocols for time- sensitive protection or control functions between Transmission station or substation assets containing low impact BES Cyber Systems are excluded from this definition (examples of this communication include, but are not limited to, IEC GOOSE or vendor proprietary protocols). February 5, 2015
44 Slide 44 LERC and ERC LERC Direct user initiated interactive access or a direct device to device connection to a low impact BES Cyber System(s) from a Cyber Asset outside the asset containing those low impact BES Cyber System(s) via a bi directional routable protocol connection ERC The ability to access a BES Cyber System from a Cyber Asset that is outside of its associated Electronic Security Perimeter via a bi-directional routable protocol connection February 5, 2015
45 Slide 45 Determining LERC Direct user-initiated LERC exists if a person is sitting at another device outside of the asset containing the low impact BES Cyber System Person can connect to logon, configure, read, or interact, etc Device-to-device Devices outside of the asset containing the low impact BES Cyber System sending or receiving bi-directional routable communication from or to the low impact BES Cyber System February 5, 2015
46 Slide 46 IEC Complex protocol that has many uses both intra and inter substation communications Exemption language in the LERC definition is specifically crafted for those time sensitive messages does not exclude Control Center communication but rather excludes the communication between the intelligent electronic devices themselves GOOSE messages are only Layer aware RTU, using a Layer 3 routed protocol to a concentrator-like device communication would not be exempted from the CIP Standards February 5, 2015
47 Slide 47 Attachment G: CIP R2 Evidence Section 3 Electronic Access Controls For all Low Impact BES Assets containing LERC and/or Dial-up Connectivity, provide documentation of the controls designed to protect LIBCS using LERC and/or Dial-up Connectivity: For any LERC, configuration files of its associated LEAP(s). Documented controls and/or configuration files to authenticate all Dial-up Connectivity. Confirmation that the controls been implemented February 5, 2015
48 Slide 48 Guidelines and Technical Basis How does WECC consider G&TB for approach Used for just that guideline and basis Does not address every possible iteration to consider Audit to language of the requirement February 5, 2015
49 Slide 49 Section 3 - Audit Approach Is there LERC and/or Dial-up Connectivity? For any LERC, is there an established LEAP? If so, does that LEAP only permit necessary inbound and outbound access Are there controls to authenticate all Dial-up Connectivity? Have the controls been implemented? February 5, 2015
50 Examples of Evidence Slide 50 Implementing LEAP Configuration files and other documentation showing that inbound and outbound connections for any LEAP(s) are confined to only those the Responsible Entity deems necessary: Restricted IP addresses, ports, or services The entity s rationale for the necessary connections Documentation of Dial-up Connectivity authentication: Dial-out only to a preprogrammed number to deliver data, Dial-back modems, Modems that must be remotely controlled by the control center or control room, and/or Configuration files of dial-up access controls Asset capability exception must be well documented February 5, 2015
51 Reference Models Diagram 1 Host-based firewall Diagram 2 Security device Diagram 3 Location X security device Diagram 4 IP/Serial converter, directly addressable Diagram 6 No direct access, layer 7 break or authentication, no LERC Diagram 5 No bi-directional routable communication, no LERC Diagram 7 Mixed impact Cyber Asset w/ LEAP and EAP *Responsible Entities may have additional configurations not identified below. February 5, 2015
52 Slide 52 Guidance Diagram 1 February 5, 2015
53 Slide 53 Host-Based LEAP /etc/sysconfig/ipchains February 5, 2015
54 Slide 54 Guidance Diagram 2 (NERC, 2014, CIP-003-7: Cyber Security, p. 34) February 5, 2015
55 Slide 55 Diagram 2 LEAP February 5, 2015
56 Slide 56 Guidance Diagram 4 (NERC, 2014, CIP-003-7: Cyber Security, p. 36) February 5, 2015
57 Slide 57 Guidance Diagram 3 (NERC, 2014, CIP-003-7: Cyber Security, p. 35) February 5, 2015
58 Slide 58 Guidance Diagram 6 (NERC, 2014, CIP-003-7: Cyber Security, p. 38) February 5, 2015
59 Slide 59 Additional Considerations Regarding Reference Model - 3, would the topology shown remain valid if both Low Impact BES Assets were connected through a layer 2 switch before connecting to the LEAP shown at Location X and a cyber asset was added at each location that functioned as a authentication break as shown in Reference Model 6? February 5, 2015
60 Slide 60 Additional Considerations February 5, 2015
61 Slide 61 Additional Considerations February 5, 2015
62 Slide 62 Additional Considerations MAC filtering switch(config-if)# switchport port-security mac-address 0011.D9D0.00BE Private VLANs An entity should not consider utilizing layer 2 switch controls to segment mixed BCS Impact ratings Use of site-to-site tunnels February 5, 2015
63 Slide 63 Guidance Diagram 5 February 5, 2015
64 Slide 64 Guidance Diagram 7 (NERC, 2014, CIP-003-7: Cyber Security, p. 39) February 5, 2015
65 Slide
66 Slide 66 Attachment 1 Section 4. Cyber Security Incident Response
67 Slide 67 Attachment 1 Section 4 Section 4 Cyber Security Incident Response Have one or more Cyber Security Incident response plan(s), either by asset or group of assets, which shall include: 4.1 Identification, classification, and response to Cyber Security Incidents; 4.2 Determination of whether an identified Cyber Security Incident is a Reportable Cyber Security Incident and subsequent notification to the Electricity Sector Information Sharing and Analysis Center (ES-ISAC), unless prohibited by law; 4.3 Identification of the roles and responsibilities for Cyber Security Incident response by groups or individuals;
68 Slide 68 Attachment 1 Section 4 (cont.) 4.4 Incident handling for Cyber Security Incidents; 4.5 Testing the Cyber Security Incident response plan(s) at least once every 36 calendar months by: (1) responding to an actual Reportable Cyber Security Incident; (2) using a drill or tabletop exercise of a Reportable Cyber Security Incident; or (3) using an operational exercise of a Reportable Cyber Security Incident; and 4.6 Updating the Cyber Security Incident response plan(s), if needed, within 180 calendar days after completion of a Cyber Security Incident response plan(s) test or actual Reportable Cyber Security Incident.
69 Slide 69 Attachment G: CIP R2 Evidence Section 4 Cyber Security Incident Response Provide documentation the Cyber Security Incident Response plan includes the following: Procedures for identifying, classifying, and response to Cyber Security Incidents Procedure for determining whether an incident is reportable and for notification to the Electricity Sector Information Sharing and Analysis Center (ES-ISAC). Procedures for identifying the roles and responsibilities for Cyber Security Incident response by groups or individuals.
70 Slide 70 Attachment G: CIP R2 Evidence Procedures for handling Cyber Security Incidents Procedures for testing the Cyber Security Incident response plan at least once every 36 calendar months. Procedures for updating the Cyber Security Incident response plan(s), if needed, within 180 calendar days after an Incident response plan(s) test or an actual incident. Provide documentation the Cyber Security Incident response plan was implemented
71 Slide 71 Section 4 - Audit Approach Does the entity have a Cyber Security Incident Response plan and does it include the six (6) parts ( )? Is there evidence of the performance of testing? Was the plan updated within 180 calendar days after a test or incident? Did the entity have a reportable incident and can they demonstrate they followed the documented procedures?
72 Slide 72 Examples of Evidence Plan documentation including policies, procedures, or process documents with specific information that includes the six (6) parts Documentation of testing of the plan Documentation of any updates made to the plan
73 Cyber Security Incident Response Considerations Slide 73 Was the procedure followed? Was the incident response appropriate? Were the appropriate parties informed in a timely manner? Have changes been made to prevent a new or similar incident? What lessons have been learned form this incident?
74 Slide 74 Attachment G: Disclaimer Disclaimer The attachment G document specific to Low Impact assets is still in progress and may change to some degree, but these basic sets of evidence will be expected in the initial evidence package as of today.
75 Slide 75 Low Impact Lessons Learned None documented at this time As we get closer to April 1, 2017, NERC may provide lessons-learned that specifically address Low Impact BCS and the four (4) subject areas.
76 Slide 76 Mixed Impact Approach Section Section 1. Cyber Security Awareness Section 2. Physical Security Controls Section 3. Electronic Access Controls Section 4. Cyber Security Incident Response Approach Utilize the CIP R1, Security Awareness Program Consider how to demonstrate compliance Utilize CIP R1 Part 1.1, Physical Security Plan to define physical controls Utilize CIP R1, Part 1.2 identified Electronic Access Point Utilize CIP R1-R3 Relevant to Low impact Address the differences, specifically, testing (4.5) and updating the plan (4.6)
77 Slide 77 Low Only Impact Approach Use Attachment 1 as a starting point Add in the details of the plans and what controls you have in place Can be one document or four individual documents WICF is working on a Low Impact Cyber Security Plan
78 Slide 78 Low Impact BCS Audits What can you expect from an audit engagement perspective? Depends on the risk associated with the Low Impact assets and LIBCS A lot of new entities developing these programs WECC to provide more focused outreach? Implementation Study for Low Impact Assets?
79 Slide 79 Low Impact Applicable Requirements CIP R1 R2 Part 1.1 Part 1.2 Part 1.3 Part 2.1 Part 2.2 CIP R1 R2 R3 R4 Part 1.2 R1.2.1 R1.2.2 R1.2.3 R1.2.4
80 Slide 80 References NERC. (2015 January 23) CIP Cyber Security Security Management Controls, draft. Retrieved from: NERC. (2015 January 23) Definitions of Terms used in Standards. Retrieved from: ms_used_in_standard_clean.pdf NERC. (2015 January 23) Implementation Plan, Project CIP Version 5 Revisions. Retrieved from: an_clean.pdf
81 Slide 81 Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security Desk: Cell:
Notable Changes to NERC Reliability Standard CIP-005-5
MIDWEST RELIABILITY ORGANIZATION Notable Changes to NERC Reliability Standard CIP-005-5 Electronic Security Perimeter(s) Bill Steiner MRO Principal Risk Assessment and Mitigation Engineer MRO CIP Version
More informationCyber Security Standards: Version 5 Revisions. Security Reliability Program 2015
Cyber Security Standards: Version 5 Revisions Security Reliability Program 2015 Overview of Development Activities The Team Standard Drafting Team (SDT) appointed to address these revisions in Project
More informationSummary of CIP Version 5 Standards
Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have
More informationNorth American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)
Whitepaper North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5) NERC-CIP Overview The North American Electric Reliability Corporation (NERC) is a
More informationCyber Security Compliance (NERC CIP V5)
Cyber Security Compliance (NERC CIP V5) Ray Wright NovaTech, LLC Abstract: In December 2013, the Federal Energy Regulatory Commission (FERC) issued Order No. 791 which approved the Version 5 CIP Reliability
More informationCyber Security Standards Update: Version 5
Cyber Security Standards Update: Version 5 January 17, 2013 Scott Mix, CISSP CIP Technical Manager Agenda Version 5 Impact Levels Format Features 2 RELIABILITY ACCOUNTABILITY CIP Standards Version 5 CIP
More informationCIP-003-5 Cyber Security Security Management Controls
A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-5 3. Purpose: To specify consistent and sustainable security management controls that establish responsibility and
More informationE-Commerce Security Perimeter (ESP) Identification and Access Control Process
Electronic Security Perimeter (ESP) Identification and Access Control Process 1. Introduction. A. This document outlines a multi-step process for identifying and protecting ESPs pursuant to the North American
More informationCompleted. Document Name. NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method
NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method R2 Critical Asset Identification R3 Critical Cyber Asset Identification Procedures and Evaluation
More informationNERC Cyber Security Standards
SANS January, 2008 Stan Johnson Manager of Situation Awareness and Infrastructure Security Stan.johnson@NERC.net 609-452-8060 Agenda History and Status of Applicable Entities Definitions High Level of
More informationImplementation Plan for Version 5 CIP Cyber Security Standards
Implementation Plan for Version 5 CIP Cyber Security Standards April 10September 11, 2012 Prerequisite Approvals All Version 5 CIP Cyber Security Standards and the proposed additions, modifications, and
More informationReliabilityFirst CIP Evidence List CIP-002 through CIP-009 are applicable to RC, BA, IA, TSP, TO, TOP, GO, GOP, LSE, NERC, & RE
R1 Provide Risk Based Assessment Methodology (RBAM) R1.1 Provide evidence that the RBAM includes both procedures and evaluation criteria, and that the evaluation criteria are riskbased R1.2 Provide evidence
More informationCIP v5/v6 Implementation Plan CIP v5 Workshop. Tony Purgar October 2-3, 2014
CIP v5/v6 Implementation Plan CIP v5 Workshop Tony Purgar October 2-3, 2014 Revision History CIP v5/v6 Implementation Plan Change History Date Description Initial Release July 25, 2014 Revision V0.1 August-2014
More informationCIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationCIP-005-5 Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-5 3. Purpose: To manage electronic access to BES Cyber Systems by specifying a controlled Electronic Security
More informationStandard CIP 007 3a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for
More informationNERC CIP Implementation Prepared by David Grubbs City of Garland NERC Critical Infrastructure Protection Committee (CIPC) Municipal Systems are well represented on the NERC CIPC Committee David Grubbs,
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationInformation Shield Solution Matrix for CIP Security Standards
Information Shield Solution Matrix for CIP Security Standards The following table illustrates how specific topic categories within ISO 27002 map to the cyber security requirements of the Mandatory Reliability
More informationStandard CIP 004 3a Cyber Security Personnel and Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-3a 3. Purpose: Standard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access
More informationStandard CIP 003 1 Cyber Security Security Management Controls
A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-1 3. Purpose: Standard CIP-003 requires that Responsible Entities have minimum security management controls in place
More informationNovaTech NERC CIP Compliance Document and Product Description Updated June 2015
NovaTech NERC CIP Compliance Document and Product Description Updated June 2015 This document describes the NovaTech Products for NERC CIP compliance and how they address the latest requirements of NERC
More informationJoe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security
Joe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security CIP-005-3 Audit Approach, ESP Diagrams, Industry Best Practices September 24 25, 2013 SALT LAKE CITY, UTAH
More informationLessons Learned CIP Reliability Standards
Evidence for a requirement was not usable due to a lack of identifying information on the document. An entity should set and enforce a "quality of evidence" standard for its compliance documentation. A
More informationCIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments
CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationIRA Risk Factors Update for CIP. Ben Christensen Senior Compliance Risk Analyst, Cyber Security October 14, 2015
IRA Risk Factors Update for CIP Ben Christensen Senior Compliance Risk Analyst, Cyber Security October 14, 2015 2 Agenda Why the changes? What s new? Example of a Risk Factor How does this effect CIP V5?
More informationNERC CIP Whitepaper How Endian Solutions Can Help With Compliance
NERC CIP Whitepaper How Endian Solutions Can Help With Compliance Introduction Critical infrastructure is the backbone of any nations fundamental economic and societal well being. Like any business, in
More informationAlberta Reliability Standard Cyber Security Personnel & Training CIP-004-AB-5.1
Alberta Reliability Stard A. Introduction 1. Title: 2. Number: 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the bulk electric system from individuals
More informationSecFlow Security Appliance Review
Solution Paper. SecFlow Security Appliance Review NERC CIP version 5 Compliance Enabler July 2014 Abstract The alarming increase in cyber attacks on critical infrastructure poses new risk management challenges
More informationRedesigning automation network security
White Paper WP152006EN Redesigning automation network security Presented at Power and Energy Automation Conference (PEAC), Spokane, WA, March 2014 Jacques Benoit Eaton s Cooper Power Systems Abstract The
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationStandard CIP 007 3 Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for securing
More informationHow to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework
How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework Jacques Benoit, Cooper Power Systems Inc., Energy Automations Solutions - Cybectec Robert O Reilly, Cooper
More informationCIP-014-1 Physical Security. Nate Roberts CIP Security Auditor I
CIP-014-1 Physical Security Nate Roberts CIP Security Auditor I Notes Critical Infrastructure Protection (CIP) Standard CIP-014-1 is currently pending approval by the Federal Energy Regulatory Commission
More informationJohn M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com
NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)
More informationRuggedCom Solutions for
RuggedCom Solutions for NERC CIP Compliance Rev 20080401 Copyright RuggedCom Inc. 1 RuggedCom Solutions Hardware Ethernet Switches Routers Serial Server Media Converters Wireless Embedded Software Application
More informationAutomating NERC CIP Compliance for EMS. Walter Sikora 2010 EMS Users Conference
Automating NERC CIP Compliance for EMS Walter Sikora 2010 EMS Users Conference What do we fear? Thieves / Extortionists Enemies/Terrorists Stuxnet Malware Hacker 2025 Accidents / Mistakes 9/21/2010 # 2
More informationThe first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.
CIPS Overview Introduction The reliability of the energy grid depends not only on physical assets, but cyber assets. The North American Electric Reliability Corporation (NERC) realized that, along with
More information152 FERC 61,054 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. 18 CFR Part 40. [Docket No. RM15-14-000]
152 FERC 61,054 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION 18 CFR Part 40 [Docket No. RM15-14-000] Revised Critical Infrastructure Protection Reliability Standards (July 16, 2015) AGENCY:
More informationAlberta Reliability Standard Cyber Security System Security Management CIP-007-AB-5
A. Introduction 1. Title: 2. Number: 3. Purpose: To manage system security by specifying select technical, operational, and procedural requirements in support of protecting BES cyber systems against compromise
More informationNERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com
NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More informationAlberta Reliability Standard Cyber Security Implementation Plan for Version 5 CIP Security Standards CIP-PLAN-AB-1
External Consultation Draft Version 1.0 December 12, 2013 1. Purpose The purpose of this reliability standard is to set the effective dates for the Version 5 CIP Cyber Security reliability standards and
More informationVerve Security Center
Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution
More informationSecuring Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.
Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources
More informationEntity Name ( Acronym) NCRnnnnn Risk Assessment Questionnaire
Entity Name ( Acronym) NCRnnnnn Risk Assessment Questionnaire Upcoming Audit Date: March 16, 2015 Upcoming Audit Type: O&P Audit Start of Audit Period: March 16, 2012 Date Submitted: Table of Contents
More informationKEY CONSIDERATIONS FOR MIGRATING TO THE VERSION 5 NERC CIP CYBER SECURITY STANDARDS
KEY CONSIDERATIONS FOR MIGRATING TO THE VERSION 5 NERC CIP CYBER SECURITY STANDARDS Lenny Mansell Director, Consulting Services 1 January 29, 2014 AGENDA Introduction Multiple paradigm shifts ahead How
More informationNERC CIP Tools and Techniques
NERC CIP Tools and Techniques Supplemental Project - Introduction Webcast Scott Sternfeld, Project Manager Smart Grid Substation & Cyber Security Research Labs ssternfeld@epri.com (843) 619-0050 October
More informationHANDBOOK 8 NETWORK SECURITY Version 1.0
Australian Communications-Electronic Security Instruction 33 (ACSI 33) Point of Contact: Customer Services Team Phone: 02 6265 0197 Email: assist@dsd.gov.au HANDBOOK 8 NETWORK SECURITY Version 1.0 Objectives
More informationOlav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord
Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord Implementation of Cyber Security for Yara Glomfjord Speaker profile Olav Mo ABB
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 3 Firewalls Specific Instructional Objectives On completion of this lesson, the students will be able to answer: What a firewall is? What are the design goals of Firewalls
More informationSAQ D Compliance. Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP
SAQ D Compliance Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP Ground Rules WARNING: Potential Death by PowerPoint Interaction Get clarification Share your institution s questions, challenges,
More informationVoluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org. 2014 Utilities Telecom Council
Voluntary Cybersecurity Initiatives in Critical Infrastructure Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org 2014 Utilities Telecom Council Utility cybersecurity environment is full of collaborations
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationCIP-005-3 Electronic Security Perimeter (ESP) - Dan Mishra FRCC Compliance Workshop May 09-13, 2011
CIP-005-3 Electronic Security Perimeter (ESP) - Dan Mishra FRCC Compliance Workshop May 09-13, 2011 1 Purpose Specific NERC CIP-005 Requirements Underlying fundamentals of the ESP architecture Building
More informationi-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors
March 25-27, 2014 Steven A. Kunsman i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors ABB Inc. March 26, 2015 Slide 1 Cyber Security for Substation
More informationAlberta Reliability Standard Cyber Security Security Management Controls CIP-003-AB-5
A. Introduction 1. Title: 2. Number: 3. Purpose: To specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES cyber systems against
More informationSmall Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.
Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness
More informationAlberta Reliability Standard Cyber Security Physical Security of BES Cyber Systems CIP-006-AB-5
Alberta Reliability Stard Final Proposed Draft Version 2.0 September 9, 2014 A. Introduction 1. Title: 2. Number: 3. Purpose: To manage physical access to BES cyber systems by specifying a physical security
More informationTechno Security's Guide to Securing SCADA
Techno Security's Guide to Securing SCADA Foreword xxiii Chapter 1 Physical Security: SCADA and the Critical Infrastructure's Biggest Vulnerability 1 Introduction 2 Key Control 3 Check All Locks for Proper
More informationPlans for CIP Compliance
Testing Procedures & Recovery Plans for CIP Compliance DECEMBER 16, 2009 Developed with: Presenters Bart Thielbar, CISA Senior Research hanalyst Sierra Energy Group, a Division of Energy Central Primer
More informationAccess Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL
AU7087_C013.fm Page 173 Friday, April 28, 2006 9:45 AM 13 Access Control The Access Control clause is the second largest clause, containing 25 controls and 7 control objectives. This clause contains critical
More informationFirewall Audit Techniques. K.S.Narayanan HCL Technologies Limited
Firewall Audit Techniques K.S.Narayanan HCL Technologies Limited Firewall Management Technology Network Security Architecture Firewall Placement Firewall Appliance Rule base compliance with security policy
More information1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network
WP 1004HE Part 5 1. Cyber Security White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network Table of Contents 1. Cyber Security... 1 1.1 What
More informationGE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance
GE Oil & Gas Cyber Security for NERC CIP Versions 5 & 6 Compliance Cyber Security for NERC CIP Versions 5 & 6 Compliance 2 Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security
More informationThe North American Electric Reliability Corporation ( NERC ) hereby submits
December 8, 2009 VIA ELECTRONIC FILING Kirsten Walli, Board Secretary Ontario Energy Board P.O Box 2319 2300 Yonge Street Toronto, Ontario, Canada M4P 1E4 Re: North American Electric Reliability Corporation
More informationSecure SCADA Network Technology and Methods
Secure SCADA Network Technology and Methods FARKHOD ALSIHEROV, TAIHOON KIM Dept. Multimedia Engineering Hannam University Daejeon, South Korea sntdvl@yahoo.com, taihoonn@paran.com Abstract: The overall
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationGoing Critical. How to Design Advanced Security Networks for the Nation s Infrastructure. w w w. G a r r e t t C o m. C o m
Going Critical How to Design Advanced Security Networks for the Nation s Infrastructure Going Critical: Networks for Physical Security Increasing concerns and market growth Asset protection Public safety
More informationWHITE PAPER CYBER SECURITY AND ELECTRIC UTILITY COMMUNICATIONS WHAT NERC/CIP MEANS FOR YOUR MICROWAVE
CYBER SECURITY AND ELECTRIC UTILITY COMMUNICATIONS WHAT NERC/CIP MEANS FOR YOUR MICROWAVE MAY 2011 TABLE OF CONTENTS 1.0 INTRODUCTION... 3 2.0 MODERN ELECTRIC UTILITY COMMUNICATIONS... 4 2.1 DOMAINS AND
More informationTOP 10 CHALLENGES. With suggested solutions
NERC CIP VERSION 5 TOP 10 CHALLENGES With suggested solutions 401 Congress Avenue, Suite 1540 Austin, TX 78791 Phone: 512-687- 6224 E- Mail: chumphreys@theanfieldgroup.com Web: www.theanfieldgroup.com
More informationUtility Modernization Cyber Security City of Glendale, California
Utility Modernization Cyber Security City of Glendale, California Cyber Security Achievements Cyber Security Achievements (cont) 1. Deploying IT Security Awareness training program Q4 2012 2. Purchased
More informationCyber Security for NERC CIP Version 5 Compliance
GE Measurement & Control Cyber Security for NERC CIP Version 5 Compliance imagination at work Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security Management Controls...
More informationNB Appendix CIP-004-5.1-NB-1 - Cyber Security Personnel & Training
This appendix establishes modifications to the FERC approved NERC standard CIP-004-5.1 for its specific application in New Brunswick. This appendix must be read with CIP-004-5.1 to determine a full understanding
More informationConsensus Policy Resource Community. Lab Security Policy
Lab Security Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is
More informationSecurity Policy for External Customers
1 Purpose Security Policy for This security policy outlines the requirements for external agencies to gain access to the City of Fort Worth radio system. It also specifies the equipment, configuration
More informationENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS. Version 2.0
ENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS Version 2.0 July 20, 2012 Table of Contents 1 Foreword... 1 2 Introduction... 1 2.1 Classification... 1 3 Scope... 1
More informationMONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014
MONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014 COMPLIANCE SCHEDULE REQUIREMENT PERIOD DESCRIPTION REQUIREMENT PERIOD DESCRIPTION 8.5.6 As Needed 11.1 Monthly 1.3 Quarterly 1.1.6 Semi-Annually
More informationNERC CIP Compliance with Security Professional Services
NERC CIP Compliance with Professional Services The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is
More informationBest Practices for PCI DSS V3.0 Network Security Compliance
Best Practices for PCI DSS V3.0 Network Security Compliance January 2015 www.tufin.com Table of Contents Preparing for PCI DSS V3.0 Audit... 3 Protecting Cardholder Data with PCI DSS... 3 Complying with
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationLogRhythm and NERC CIP Compliance
LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationREDSEAL NETWORKS SOLUTION BRIEF. Proactive Network Intelligence Solutions For PCI DSS Compliance
REDSEAL NETWORKS SOLUTION BRIEF Proactive Network Intelligence Solutions For PCI DSS Compliance Overview PCI DSS has become a global requirement for all entities handling cardholder data. A company processing,
More informationSecure Remote Substation Access Interest Group Part 3: Review of Top Challenges, CIPv5 mapping, and looking forward to 2014!
Secure Remote Substation Access Interest Group Part 3: Review of Top Challenges, CIPv5 mapping, and looking forward to 2014! October 3, 2013 Scott Sternfeld, Project Manager Smart Grid Substation & Cyber
More informationTRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More informationWhat is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?
What is a Firewall? Computer Security Firewalls fire wall 1 : a wall constructed to prevent the spread of fire 2 usually firewall : a computer or computer software that prevents unauthorized access to
More informationSecure Substation Automation for Operations & Maintenance
Secure Substation Automation for Operations & Maintenance Byron Flynn GE Energy 1. Abstract Today s Cyber Security requirements have created a need to redesign the Station Automation Architectures to provide
More informationSupporting our customers with NERC CIP compliance. James McQuiggan, CISSP
Supporting our customers with NERC CIP compliance James, CISSP Siemens Energy Sector Energy products and solutions - in 6 Divisions Oil & Gas Fossil Power Generation Renewable Energy Service Rotating Equipment
More informationManage Utility IEDs Remotely while Complying with NERC CIP
Manage Utility IEDs Remotely while Complying with NERC CIP Disclaimer and Copyright The information regarding the products and solutions in this document are subject to change without notice. All statements,
More informationSCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards
SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which
More informationSecure Remote Substation Access Solutions
Secure Remote Substation Access Solutions Supplemental Project - Introduction Webcast October 16, 2013 Scott Sternfeld, Project Manager Smart Grid Substation & Cyber Security Research Labs ssternfeld@epri.com
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationCritical Infrastructure Security: The Emerging Smart Grid. Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn
Critical Infrastructure Security: The Emerging Smart Grid Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn Overview Assurance & Evaluation Security Testing Approaches
More information87-01-30 Secure External Network Communications Lynda L. McGhie Payoff
87-01-30 Secure External Network Communications Lynda L. McGhie Payoff Large organizations must be able to communicate with external suppliers, partners, and customers. Implementation of bidirectional
More informationForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002
ForeScout CounterACT and Compliance An independent assessment on how network access control maps to leading compliance mandates and helps automate GRC operations June 2012 Overview Information security
More informationA Rackspace White Paper Spring 2010
Achieving PCI DSS Compliance with A White Paper Spring 2010 Summary The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by the Payment Card Industry
More informationReclamation Manual Directives and Standards
Vulnerability Assessment Requirements 1. Introduction. Vulnerability assessment testing is required for all access points into an electronic security perimeter (ESP), all cyber assets within the ESP, and
More informationAURORA Vulnerability Background
AURORA Vulnerability Background Southern California Edison (SCE) September 2011-1- Outline What is AURORA? Your Responsibility as a Customer Sectors Impacted by AURORA Review of Regulatory Agencies History
More informationFranchise Data Compromise Trends and Cardholder. December, 2010
Franchise Data Compromise Trends and Cardholder Security Best Practices December, 2010 Franchise Data Security Agenda Cardholder Data Compromise Overview Breach Commonalities Hacking Techniques Franchisee
More information