How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework



Similar documents
The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.

Cyber Security Compliance (NERC CIP V5)

Making the most out of substation IEDs in a secure, NERC compliant manner

RuggedCom Solutions for

NERC CIP Tools and Techniques

Open Enterprise Architectures for a Substation Password Management System

NERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

Summary of CIP Version 5 Standards

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

The Advantages of an Integrated Factory Acceptance Test in an ICS Environment

John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

Utility Telecom Forum. Robert Sill, CEO & President Aegis Technologies February 4, 2008

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Securing Distribution Automation

E-Commerce Security Perimeter (ESP) Identification and Access Control Process

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

Information Shield Solution Matrix for CIP Security Standards

Innovative Defense Strategies for Securing SCADA & Control Systems

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

NERC CIP VERSION 5 COMPLIANCE

TRIPWIRE NERC SOLUTION SUITE

Implementation Plan for Version 5 CIP Cyber Security Standards

Redesigning automation network security

Standard CIP 007 3a Cyber Security Systems Security Management

North American Electric Reliability Corporation (NERC) Cyber Security Standard

NovaTech NERC CIP Compliance Document and Product Description Updated June 2015

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

Manage Utility IEDs Remotely while Complying with NERC CIP

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

Automating NERC CIP Compliance for EMS. Walter Sikora 2010 EMS Users Conference

Standard CIP Cyber Security Systems Security Management

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

Completed. Document Name. NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method

CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT

GE Measurement & Control. Cyber Security for NERC CIP Compliance

Cyber Security for NERC CIP Version 5 Compliance

IT Security and OT Security. Understanding the Challenges

Document ID. Cyber security for substation automation products and systems

North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)

Secure Substation Automation for Operations & Maintenance

BSM for IT Governance, Risk and Compliance: NERC CIP

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

Verve Security Center

Effective Use of Assessments for Cyber Security Risk Mitigation

Designing a security policy to protect your automation solution

Symphony Plus Cyber security for the power and water industries

Technology Solutions for NERC CIP Compliance June 25, 2015

PCI v2.0 Compliance for Wireless LAN

LogRhythm and NERC CIP Compliance

Supporting our customers with NERC CIP compliance. James McQuiggan, CISSP

SIMPLIFYING THE PATCH MANAGEMENT PROCESS

The Importance of Cybersecurity Monitoring for Utilities

ISACA rudens konference

The Protection Mission a constant endeavor

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

RUGGEDCOM CROSSBOW. Secure Access Management Solution. siemens.com/ruggedcom. Edition 10/2014. Brochure

Introduction. Industry Changes

Secure Remote Substation Access Interest Group Part 3: Review of Top Challenges, CIPv5 mapping, and looking forward to 2014!

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

SANS Top 20 Critical Controls for Effective Cyber Defense

Practical Considerations for Security

Secure SCADA Network Technology and Methods

Utility Modernization Cyber Security City of Glendale, California

Lessons Learned CIP Reliability Standards

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

THE TOP 4 CONTROLS.

Experiment # 6 Remote Access Services

Ovation Security Center Data Sheet

Cybersecurity for Energy Delivery Systems 2010 Peer Review. William H. Sanders University of Illinois TCIPG: Network Access Policy Tool (NetAPT)

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Cyber security measures in protection and control IEDs

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

CIP Electronic Security Perimeter (ESP) - Dan Mishra FRCC Compliance Workshop May 09-13, 2011

Secure Remote Substation Access Solutions

8/27/2015. Brad Schuette IT Manager City of Punta Gorda (941) Don t Wait Another Day

Deploying VSaaS and Hosted Solutions Using CompleteView

Network Client. Troubleshooting Guide FREQUENTLY ASKED QUESTIONS

Recommended IP Telephony Architecture

INCIDENT RESPONSE CHECKLIST

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi

Network/Cyber Security

future data and infrastructure

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

NERC Cyber Security Standards

Joe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security

Using the DNP3.0 Protocol via Digi Device Servers and Terminal Servers

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE

How To Create A Network Access Control (Nac) Solution

Cyber Security and Privacy - Program 183

Networking Basics for Automation Engineers

Supplier IT Security Guide

Critical Controls for Cyber Security.

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Transcription:

How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework Jacques Benoit, Cooper Power Systems Inc., Energy Automations Solutions - Cybectec Robert O Reilly, Cooper Power Systems Inc. Energy Automations Solutions - Cybectec Abstract This paper addresses the challenges faced by utilities and/or integration companies during deployment and engineering phases of automation and integration projects, with regards to complying with the new cyber-security requirements set out by NERC. This paper will focus on approaches to these new challenges to ensure the project stays within schedule and budget, from the point of view of substation requirements, management and of the different SCADA systems. Introduction This technical paper will discuss the challenges of minimizing the impact of adding NERC CIP compliance to an ongoing project consisting of updating a substation s automation systems. Originally aimed at providing faster access to a higher amount of operational and non-operation data within a substation framework, the changeover is an opportunity to upgrade some of the protection and metering devices. But now, the project must also include compliance with cyber-security requirements. While at first glance NERC requirements may seem to be an insurmountable task, when one takes a closer look at the standards, it becomes obvious that proper planning and best practices are the key to accomplishing compliance. Moreover, proper planning will minimize the impact of NERC CIP compliance on the project s budget and timeline. From a project implementation point of view, NERC CIP mainly describes what is required from utilities, but does not provide any technical information on how to implement a project to meet those requirements. This leaves a lot of room for interpretation and implementation.

From a project viewpoint, one must decide quickly which requirements would normally be addressed outside of a project scope and hence would not impact adversely its timeline or budget. Since they should be the responsibility of other groups within the organization, we will not discuss the following CIP standards in this paper: CIP-001 CIP-008 CIP-009 Sabotage Reporting Incident reporting and Response Planning Recovery Plans for Critical Cyber Assets Instead, we will discuss how the following key CIP requirements have a direct impact on your ongoing project and should be addressed in any ongoing project: CIP Reference # CIP-002-R3 CIP-003-R4.1 CIP-003-R5.1 CIP-003-R6 CIP-004-R2 CIP-004-R3 CIP-004-R4 CIP-005-R2 CIP-006-R2 CIP-007-R1 CIP-007-R2 CIP-007-R3 CIP-007-R4 CIP-007-R5 General Description Critical cyber asset identification Critical cyber asset information to be protected (items defined by management team) Access control (personnel cleared to access protected information) Change control and configuration management Training of all personnel (operation, technical, contractors, etc.) Personnel risk assessment Personnel access to critical cyber assets Electronic access controls (ensure electronic access is only permitted to approved personnel) Physical access controls Test procedures (supplied by others) Ports and Services (ensure only the required ports and services are active, all others are turned off) Security patch management Malicious software prevention Account management For the readers convenience, we have summarized the different CIP requirements in the appendix. The Original Project The example chosen is that of modernizing an existing substation automation system. This type of project was selected because it is probably the worst case: not only is new equipment added, but legacy equipment is also kept in the substation. The implementation must be done while keeping legacy systems in operation. Moreover, the project must allow for compliance with all applicable

CIP requirements, and be able to pass a compliance audit near the end of the project. We will use the example of a typical legacy substation which has been in operation for more than fifteen years and undergone normal additions required by increased client demand. In most cases, such substations would resemble the following diagram.

Fig. 1 - Existing substation automation before project

The first order of business when moving an ongoing project towards NERC compliance is to plan for the substation s auditability As the project engineer, one must keep in mind that the plan must be approved by the company s NERC committee, and that deadlines and budgets are not expected to be impacted. A Review of the Project Usually, projects are planned and budgeted with preliminary engineering performed more than 18 months before actual implementation. This delay can create an issue relating to equipment and software costs, as well as delivery lead times. The first project review for CIP compliance will require the retrieval of all information on the previously selected components for the project. Then all potential critical cyber-assets will need to be documented. The list will finally be reviewed to ensure that the security requirements can be met with the equipment that had been originally selected. The initial substation planned architecture is presented below:

Fig. 2 - Automation overview diagram of planned project

It is important to review any potential new features of the equipment that had originally been selected in the planning stages of the project. Quite often, the product contains new features/capabilities that will in the end save time in the detailed engineering and commissioning phases. Hence, although one may feel the operation is time-consuming at first, it will probably save time by the end of the project. What remains to be examined is the increased paperwork and preliminary audit added to the factory acceptance test (FAT). The risk assessment portion could be performed during the audit and FAT. The project should be executed with a best practice approach which should bring the risk within a manageable context. Establishing the Security Perimeter The connection between the substation and the corporate WAN had been planned using a router and firewall. This setup had been approved by the IT group. In view of the NERC CIP requirements for an electronic perimeter, this configuration can no longer be considered adequate. For instance, this device does not meet the access control and logging requirements. Most substations also contain older devices such as power meters and DFRs with limited communications capabilities. These devices require some form of protocol converter. Also, in addition to the main access points, the EMS group requires the use of a dial-up connection for remote access to the metering equipment. Dial-up access is flagged as a major potential security risk by NERC CIP standards. Now it is clear to the engineering team that using only a router will not comply with NERC CIP s required electronic security perimeter. One might recommend a gateway device in addition to the router. Gateway devices usually provide secure communications capabilities using modem connections, serial, and TCP/IP. They create a single point of access to the substation making it easier to secure the electronic perimeter. Although they will vary form vendor to vendor, these gateway devices usually also provide an additional firewall and security features. Isolating the substation s critical assets and physically installing them in strategic and secure locations within the substation also helps to meet the CIP physical perimeter security requirements.

Equipment Inventory Once the electronic security perimeter has been defined, the inventory of equipment must be established and documented. Although this seems a difficult task on the onset, it is more easily prepared than one might think. All the information required is already available so that equipment data is brought back to the central systems (be it SCADA, EMS, Asset Management, or others) via the intelligent gateway. Designing how information is to move from substation to control center will also help define what information is more important. During this phase it is recommended to have short and to the point brainstorming sessions with the different groups wishing to have access and to have them document their requirements. One might be surprised how demands are reduced when written versions are required. Once this information has been identified, the intelligent gateway can be used to limit access to this information. Access levels and user groups should be used to only allow specified systems and users read or write access. Any other system should not be allowed to retrieve/operate on the information. For information which is made available via the intelligent gateway; the unit s security environment should be configured to let only the specified computer system(s) access the specified and approved information. This information should be documented for future auditing requirements. Access Control, Personnel Risk Assessment, Access to Cyber Assets and Account Management Before NERC CIP standards, these points were not normally part of a project. However, CIP standards make their assessment and documentation mandatory. Fortunately, help usually can be found in other groups within one s organization. Human resources and senior management can define access levels and the personnel who will have them, as well as perform the personnel risk assessment. This should not impact the project s budget. Only documentation of those accesses would remain to be produced. One can use a central security server or the intelligent gateway s security features to manage accounts. Obviously, central account management is much more efficient in providing comprehensive authentication and simplifies meeting the NERC requirement of being able to remove access rights rapidly. Central

user management may however require new servers and software, which would normally be expensed from the IT budget. Change Control Although change control and configuration management may seem new, most project managers who have been through a number of projects understand this as the mandatory documentation process to control risk during an automation upgrade project. Hence it is usually planned in the original weekly review list. At this point already seven items of your CIP requirements list have been addressed or planned for: CIP-002-R3 CIP-003-R4.1 CIP-003-R5.1 CIP-003-R6 CIP-004-R3 CIP-004-R4 CIP-005-R2 CIP-007-R5 Critical cyber asset identification Critical cyber asset information to be protected Access control Change control and configuration management Personnel risk assessment Personnel access to critical cyber assets Electronic access controls Account management So far, there was very little impact on budget or timelines, except for delays regarding reviews of personnel risk and their security clearance. However, this requirement is usually the responsibility of human resources for personnel and of the purchasing group for the contractors. Security Patch Management and Malicious Software Prevention The manufacturer of the gateway device will usually provide the tools to properly handle any patch management and prevent malicious software. Many techniques exist and it is not in the scope of this paper to decide which approach is better for this facet of the CIP requirements. Suffice it to mention that today, tools and equipment are available for this purpose. However, it is still up to the project team to validate that these tools will perform as required by the project and corporation. Test Procedures and Port Blocking During the final engineering phase, one should prepare a framework of the testing methodologies that could be required to validate the new automation system and its integration into the current substations operations. This is usually

done with the help of the vendor or the integrator. When dealing with a change/addition to an existing substation, careful planning must performed to ensure that the system will interface and react properly and promptly to the substation operation requirements. This detailed testing phase is the most appropriate time to check that all of the ports and services not required by applications are turned off. This can be done remotely, since it is easy to forget this type of work during commissioning of the systems at the substation. The IT group can provide the tools required for these tests. However, vulnerability testing should not be performed on a live system as it may render it inoperable. If possible, one should change the default ports. For example, DNP3 via TCP/IP uses port 20000 by default. With newer systems and applications, this can be changed, hence preventing anybody from accessing your system by trying to ping the standard ports.

Fig. 3 Overview drawing of the final concept for the new automation systems

Personnel Training Training is usually the last item on a project s list. In today s complex operational environment it should not be neglected. Personnel training has always been a priority for most organizations and is planned and budgeted accordingly. NERC CIP standards simply require more detailed documentation regarding training sessions, attendees and the personnel s ability to react appropriately in different situations. Training should be a requirement from all vendors providing the software/hardware for the project. The training should include detailed hands-on lessons with the applications, hardware and general software. Security Software Security software should be chosen together with the IT group and should provide a centralized approach, where it is easier to manage access rights and users, data logging, intrusion monitoring and system health monitoring. Local security should also be implemented in the substation, for onsite personnel. Local security must provide the capability of being integrated into the centralized approach to simplify overall user and application management but also to provide the capability for the security to be available at the local level when connection(s) to the centralized systems is not available. Conclusion Proper planning is the key to minimizing the impact of NERC CIP standards on a project s timeline and budget. Individual steps towards NERC CIP compliance are not complex: they simply require a little more effort on the documentation and planning sides. When one has experience with retrofit projects, proper documentation and training become a life-saver at project s end.

Appendix: CIP Standard Solutions Breakdown Requirement Description Solution CIP-002-R3 Critical cyber asset Reuse project inventory identification CIP-003-R4.1 Critical cyber asset information to be protected Review with different groups requiring access to information CIP-003-R5.1 Access control Seek access models from upper management, use centralized authentication model CIP-003-R6 Change control and configuration management Reuse project change management infrastructure CIP-004-R2 Training of all personnel Improve documentation CIP-004-R3 Personnel risk assessment Human Resources and Purchasing to conduct assessments CIP-004-R4 Personnel access to critical cyber assets Seek access models from upper management, use centralized authentication model CIP-005-R2 Electronic access controls Use centralized authentication model CIP-006-R2 Physical access controls Install card reader or video camera CIP-007-R1 Test procedures Use exhaustive FAT procedures CIP-007-R2 Ports and Services Reassign ports when possible, use intelligent gateway to restrict access CIP-007-R3 Security Patch Management Use intelligent gateway with security patch management feature built-in CIP-007-R4 Malicious software prevention Use intelligent gateway with malicious software prevention feature built-in CIP-007-R5 Account management Use centralized authentication model

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information