NERC CIP Tools and Techniques

Similar documents
Summary of CIP Version 5 Standards

Cyber Security Compliance (NERC CIP V5)

Secure Remote Substation Access Interest Group Part 3: Review of Top Challenges, CIPv5 mapping, and looking forward to 2014!

North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)

Implementation Plan for Version 5 CIP Cyber Security Standards

Secure Remote Substation Access Solutions

NERC Cyber Security Standards

Technology Solutions for NERC CIP Compliance June 25, 2015

Alberta Reliability Standard Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-AB-1

NERC CIP Compliance. Dave Powell Plant Engineering and Environmental Performance. Presentation to 2009 BRO Forum

The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.

Standard CIP Cyber Security Security Management Controls

Reclamation Manual Directives and Standards

Alberta Reliability Standard Cyber Security Personnel & Training CIP-004-AB-5.1

NERC CIP VERSION 5 COMPLIANCE

How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework

Notable Changes to NERC Reliability Standard CIP-010-3

TRIPWIRE NERC SOLUTION SUITE

Alberta Reliability Standard Cyber Security Implementation Plan for Version 5 CIP Security Standards CIP-PLAN-AB-1

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Information Shield Solution Matrix for CIP Security Standards

Lessons Learned CIP Reliability Standards

EnergySec Partnered Webinar with MetricStream Transitioning to NERC CIP Version 5: What Does it Mean for Electric Utilities JANUARY 28, 2015

Standard CIP 007 3a Cyber Security Systems Security Management

Standard CIP Cyber Security Systems Security Management

Cyber Security and Privacy - Program 183

ReliabilityFirst CIP Evidence List CIP-002 through CIP-009 are applicable to RC, BA, IA, TSP, TO, TOP, GO, GOP, LSE, NERC, & RE

Cyber Security Standards Update: Version 5

LogRhythm and NERC CIP Compliance

Meeting NERC CIP Access Control Standards. Presented on February 12, 2014

Critical Controls for Cyber Security.

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Top 10 Compliance Issues for Implementing Security Programs

NovaTech NERC CIP Compliance Document and Product Description Updated June 2015

Automating NERC CIP Compliance for EMS. Walter Sikora 2010 EMS Users Conference

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

CIP Cyber Security Security Management Controls

Top Ten Compliance Issues for Implementing the NERC CIP Reliability Standard

Continuous Compliance for Energy and Nuclear Facility Cyber Security Regulations

Completed. Document Name. NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method

FERC, NERC and Emerging CIP Standards

Cyber Security Standards Update: Version 5 with Revisions

BSM for IT Governance, Risk and Compliance: NERC CIP

Alberta Reliability Standard Cyber Security Physical Security of BES Cyber Systems CIP-006-AB-5

CIP v5/v6 Implementation Plan CIP v5 Workshop. Tony Purgar October 2-3, 2014

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

SecFlow Security Appliance Review

Plans for CIP Compliance

The Protection Mission a constant endeavor

Control System Integrity (CSI) Tools and Processes to Automate CIP Compliance for Control Systems

BPA Policy Cyber Security Program

Verve Security Center

future data and infrastructure

Patch and Vulnerability Management Program

When this standard has received ballot approval, the text boxes will be moved to the Guidelines and Technical Basis section of the Standard.

Cyber Security Standards: Version 5 Revisions. Security Reliability Program 2015

152 FERC 61,054 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. 18 CFR Part 40. [Docket No. RM ]

Alberta Reliability Standard Cyber Security System Security Management CIP-007-AB-5

Internal Controls And Good Utility Practices. Ruchi Ankleshwaria Manager, Compliance Risk Analysis

INFORMATION TECHNOLOGY SECURITY STANDARDS

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07

Intel Enhanced Data Security Assessment Form

NERC CIP Compliance with Security Professional Services

Alberta Reliability Standard Cyber Security Security Management Controls CIP-003-AB-5

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

GFI White Paper PCI-DSS compliance and GFI Software products

Securing Distribution Automation

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

GE Measurement & Control. Cyber Security for NERC CIP Compliance

Ovation Security Center Data Sheet

Redesigning automation network security

Third Party Security Requirements Policy

Help for the Developers of Control System Cyber Security Standards

White Paper: Consensus Audit Guidelines and Symantec RAS

Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014

Critical Infrastructure Security: The Emerging Smart Grid. Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn

Ovation Security Center Data Sheet

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

2012 CIP Spring Compliance Workshop May Testing, Ports & Services and Patch Management

Client Security Risk Assessment Questionnaire

Qualification Specification. Level 4 Certificate in Cyber Security and Intrusion For Business

Security Controls What Works. Southside Virginia Community College: Security Awareness

Hengtian Information Security White Paper

Transcription:

NERC CIP Tools and Techniques Supplemental Project - Introduction Webcast Scott Sternfeld, Project Manager Smart Grid Substation & Cyber Security Research Labs ssternfeld@epri.com (843) 619-0050 October 17, 2013

NERC CIP Compliance Challenges Difficulties in maintaining documentation and audit evidence Lack of communication with industry peers Legacy devices cannot meet current and future requirements Lack of compliance trained staff Change is inevitable 2

NERC CIP Standards Version 3 / 4 CIP-002: Critical Cyber Asset Identification CIP-003: Security Management Controls CIP-004: Personnel and Training CIP-005: Electronic Security Perimeter(s) CIP-006: Physical Security of CCAs CIP-007: Systems Security Management CIP-008: Incident Reporting and Response Planning CIP-009: Recovery Plans for CCAs Version 5 Changes/Adds: CIP-002: BES Cyber Asset and BES Cyber System Categorization CIP-010: Configuration Change Management and Vulnerability Assessments CIP-011: Information Protection 3

Changes in Version 5 Standard Key Definitions Critical Assets (CAs) Replaced by CIP-002 Attachment 1 and BES Critical Cyber Assets (CCAs) Replaced by BES Cyber Asset and BES Cyber System Physical Security Perimeters (PSPs) Replaced by Defined Physical Boundary Removed the six-wall specification 4

New Cyber System Categorization 5

New Impact Ratings for BES Cyber Systems High Impact Large control centers and backup centers Medium Impact Generation and transmission facilities Other control centers not covered in CIP-002-4 Low Impact All other BES Cyber Systems not covered by CIP Version 4 6

New Challenges With NERC CIP Version 5 Ten standards instead of the eight in the previous four versions Total of fifteen newly defined terms Encryption requirement Multi-factor authentication requirement Configuration management requirement All serial connections are to be considered Systems must be categorized in three impact levels Physical I/O ports requirement All policy and procedure documentation must be updated with new terminology and impact levels 7

NERC CIP Tools and Techniques Supplemental Project This project will provide techniques for transitioning to NERC CIP Version 5: Identification of gaps in current tools Provide guidance and techniques for complying with NERC CIP requirements Areas of focus may include: Configuration change management Patch management Identity access management Determination of BES Cyber Assets and BES Cyber Systems 8

Configuration Change Management NERC CIP-010-1: New requirement consisting of the consolidation of previous sub-requirements Utilize and verify existing baselines to develop configuration lists of the BES Cyber Systems Utilize safe enumeration tools to verify existing assets Collect configuration data from the assets Create effective processes for verifying changes to those assets 9

Patch Management NERC CIP-007-5 R2: Traditionally a difficult requirement to maintain compliance New wording provides more granularity Documenting the sources that are monitored for release of patches create a remediation plan, or revise an existing remediation plan, within 30 days of release from the identified source 10

Identity Access Management NERC CIP-004-5 R6 & R7: Pulled the access management requirements from CIP-003-4, 004-4, and 007-4 into a single requirement Immediate revocation of access privileges when an employee, contractor or vendor no longer performs a function that requires physical or electronic access to a critical cyber asset for any reason For reassignments or transfers, revoke the individual s unneeded electronic and physical access to BES Cyber Systems by the end of the next calendar day 11

Key Definitions of Applicable Core Assets Cyber Assets Programmable electronic devices including the hardware, software, and data in those devices BES Cyber Asset A Cyber Asset that if rendered unavailable, degraded, or misused would, within 15 minutes of its operation, misoperation, or non-operation, when required, adversely impact one or more BES Reliability Operating Services BES Cyber System One or more BES Cyber Assets that are typically grouped together, logically or physically, to operate one or more BES Reliability Operating Services 12

Determination of BES Cyber Assets and BES Cyber Systems NERC CIP-002-5 R1: Shift from identifying Critical Cyber Assets to identifying BES Cyber Systems Scope is restricted to BES Cyber Assets and BES Cyber Systems that would impact the reliable operation of the BES BES Cyber Assets are those cyber assets that, if rendered unavailable, degraded, or misused, would impact the BES Reliability Operating Services within 15 minutes of the activation or exercise of the compromise High, Medium, Low classification (Bright-line Criteria) 13

NERC CIP Tools and Techniques Research Goals Strategies and tools for transitioning existing cyber security programs from the current Version 3/4 to Version 5 Guidance for reaching effective regulatory compliance with Version 5 of the NERC CIP Standards Deliverables Workshop NERC CIP Version 5 workshop at EPRI s Cyber Security Research Lab in Knoxville, TN and resulting Training DVD. Webcast Discussion Forums and Updates (Bi-Monthly) Technical Report NERC CIP Tools and Techniques Guidelines and Training for Meeting Compliance with Version 5 14

NERC CIP Tools and Techniques Objectives and Scope Provide guidance for transitioning to NERC CIP Version 5 Project may focus on: Configuration change management Patch management Identity access management Determination of BES cyber assets and BES Cyber Systems Value Identify gaps in current tools that have been deployed to address the CIP requirements Provide guidance and techniques for complying with CIP requirements Details and Contact Price: $50,000 Qualifies for TC and SDF Scott Sternfeld ssternfeld@epri.com 843-619-0050 SPN Number: 3002001768 Guidance for Efficiently Meeting NERC CIP v5 Requirements 15

Discussion Scott Sternfeld ssternfeld@epri.com 843-619-0050 16

Together Shaping the Future of Electricity 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information