Cyber Security Compliance (NERC CIP V5)

Size: px

Start display at page:

Download "Cyber Security Compliance (NERC CIP V5)"

Eustace Black
10 years ago
Views:

1 Cyber Security Compliance (NERC CIP V5) Ray Wright NovaTech, LLC Abstract: In December 2013, the Federal Energy Regulatory Commission (FERC) issued Order No. 791 which approved the Version 5 CIP Reliability Standards. These contain revised versions of the currently effective NERC CIP Reliability Standards, CIP through CIP as well as two new CIP Reliability Standards, CIP and CIP Utilities will transition directly from the Version 3 Standards to the Version 5 Standards. Affected energy providers must be compliant for High and Medium Impact BES Cyber Systems by April 1, 2016, and Low Impact BES Cyber Systems by April 1, This presentation will summarize the new Version 5 requirements, review how utilities are planning to meet requirements and highlight areas of greatest concern

These contain revised versions of the currently effective NERC CIP Reliability Standards, CIP-002-5 through CIP-009-5 as well as two new CIP Reliability Standards, CIP-010-1 and CIP-011-1.

2 Topics Review of Version 5 Changes Review Major Challenges in Transitioning to Version 5 Review the Need for Automation in Meeting Version 5 The Intermediate System Configuration Management Review of Automation Solutions

Need for Automation in Meeting Version 5 The

3 Current NERC CIP Documents CIP Cyber Security Critical Cyber Asset Identification CIP Cyber Security Security Management Controls CIP Cyber Security Personnel and Training CIP Cyber Security Electronic Security Perimeter(s) CIP Cyber Security Physical Security CIP Cyber Security Systems Security Management CIP Cyber Security Incident Reporting and Response Planning CIP Cyber Security Recovery Plans for Critical Cyber Assets

Security Perimeter(s) CIP 006 3 Cyber Security Physical Security CIP 007 3 Cyber Security Systems Security Management

4 NERC CIP Documents Version 5 CIP Cyber Security BES Cyber System Categorization CIP Cyber Security Security Management Controls CIP Cyber Security Personnel and Training CIP Cyber Security Electronic Security Perimeter(s) CIP Cyber Security Physical Security of BES Cyber Systems CIP Cyber Security Systems Security Management CIP Cyber Security Incident Reporting and Response Planning CIP Cyber Security Recovery Plans for BES Cyber Systems (new) CIP Cyber Security Configuration Change Mgmt. and Vulnerability Assessments (new) CIP Cyber Security Information Protection (new) CIP Cyber Security Physical Security

Systems Security Management CIP 008 5 Cyber Security Incident Reporting and Response Planning CIP 009 5 Cyber Security Recovery Plans for BES Cyber Systems (new) CIP 010

5 Version 5 Introduces New Definitions Cyber Asset Programmable electronic devices, including the hardware, software, and data in those devices. BES Cyber Asset A Cyber Asset that if rendered unavailable, degraded, or misused would affect the reliable operation of the Bulk Electric System. BES Cyber System One or more BES Cyber Assets logically grouped to perform one or more reliability tasks. Bulk Electric System generally 100kV or higher.

BES Cyber Asset A Cyber Asset that if rendered unavailable, degraded, or misused would affect the reliable

6 Improved Definition of Criticality V3/V4 V5 High Critical Medium Non-Critical Other Low Any BES Cyber Asset not High or Medium is by default Low Non-Critical

7 Version 5 Expands Definition of Applicable Systems Electronic Access Control or Monitoring Systems (EACMS) Applies to each Electronic Access Control or Monitoring System associated with a referenced high impact BES Cyber System or medium impact BES Cyber System. Examples may include, but are not limited to, firewalls, authentication servers, and log monitoring and alerting systems. Physical Access Control Systems (PACS) Applies to each Physical Access Control System associated with a referenced high impact BES Cyber System or medium impact BES Cyber System with External Routable Connectivity. Protected Cyber Assets (PCA) Applies to each Protected Cyber Asset associated with a referenced high impact BES Cyber System or medium impact BES Cyber System

Examples may include, but are not limited to, firewalls, authentication servers, and log monitoring and alerting systems.

8 Other Significant Changes V3/4 to V5 Must now use an intermediate device between User and Critical Asset The exemption of Cyber Assets from applicability to the NERC CIP standards based on communication characteristics no longer applies. Must remove/disable both unused software ports and unused hardware points Improved definition for patching Defines the source of the patches (also hot fixes and updates ) Provides better definition of release date and availability date If installing the patch introduces more risk than the vulnerability represents, an alternate process is defined Does not mandate anti-virus software Requires security monitoring points and more.

Must remove/disable both unused software ports and unused hardware points Improved definition for patching Defines the source of the patches (also hot fixes and

9 Top 10 Transition Challenges

10 The intermediate system is automation The Need for Automation in Meeting NERC CIP 5

11 System without Intermediate System System User Broadband Connection No longer permitted Critical Cyber Assets Electronic Security Perimeter

12 Intermediate System Networked Servers Intermediate System that restricts access to only authorized users System User Remote Connection and Password Managers Broadband Connection Critical Cyber Assets Electronic Security Perimeter

User Remote Connection and Password Managers Broadband

13 Remote Connection and Password Management System System User Encrypted Networked Servers All users who interact with substation assets login to the system System manages all user passwords and permission System manages the details of all connections to substation assets Broadband Connection System manages passwords in the substation assets Critical Cyber Assets Electronic Security Perimeter August 30, 2014 Presentation title

System manages the details of all connections to substation assets Broadband Connection System manages

14 Online demonstration Remote Connection and Password Management System August 30, 2014 Presentation title

15 The Need for Automation in Meeting NERC CIP 5 Configuration Management August 30, 2014 Presentation title

16 Configuration Management (cont.) The Need for Automation in Meeting NERC CIP 5 Automation can make this much easier Etc. August 30, 2014 Presentation title

17 System Operation Example Configuration Retrieval Configuration data from substation assets collected by substation security appliance and forwarded to servers for comparison Substation Security Appliance Substation Security Appliance 17 Return to Table of Contents

appliance and forwarded to servers for comparison Substation

18 Configuration Retrieval Steps 18 Return to Table of Contents

19 Configuration Retrieval Steps 19 Return to Table of Contents

20 Configuration Retrieval Steps 20 Return to Table of Contents

21 Configuration Retrieval Steps 21 Return to Table of Contents

22 For many utilities, NERC CIP V5 will be difficult to meet without some automation Conclusions Automation solutions are being developed to meet your needs 22 Return to Table of Contents

Summary of CIP Version 5 Standards

Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have