Automating NERC CIP Compliance for EMS. Walter Sikora 2010 EMS Users Conference



Similar documents
Cyber Security Compliance (NERC CIP V5)

TRIPWIRE NERC SOLUTION SUITE

Supporting our customers with NERC CIP compliance. James McQuiggan, CISSP

NERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

Standard CIP Cyber Security Systems Security Management

John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)

Internal Controls And Good Utility Practices. Ruchi Ankleshwaria Manager, Compliance Risk Analysis

Standard CIP 007 3a Cyber Security Systems Security Management

Implementation Plan for Version 5 CIP Cyber Security Standards

Control System Integrity (CSI) Tools and Processes to Automate CIP Compliance for Control Systems

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

NERC CIP Tools and Techniques

Technology Solutions for NERC CIP Compliance June 25, 2015

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

NovaTech NERC CIP Compliance Document and Product Description Updated June 2015

NERC CIP VERSION 5 COMPLIANCE

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

Summary of CIP Version 5 Standards

How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework

LogRhythm and NERC CIP Compliance

IT Security and OT Security. Understanding the Challenges

Verve Security Center

GE Measurement & Control. Cyber Security for NERC CIP Compliance

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Information Shield Solution Matrix for CIP Security Standards

Cyber Security for NERC CIP Version 5 Compliance

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

How ByStorm Software enables NERC-CIP Compliance

Plans for CIP Compliance

Critical Controls for Cyber Security.

Standard CIP Cyber Security Security Management Controls

The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

GE Measurement & Control. Cyber Security for Industrial Controls

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

Cyber Security Standards Update: Version 5

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

NERC Cyber Security Standards

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Continuous Compliance for Energy and Nuclear Facility Cyber Security Regulations

Alberta Reliability Standard Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-AB-1

Controlling and Managing Security with Performance Tools

Best Practices for Cyber Security Testing. Tyson Jarrett Compliance Risk Analyst, Cyber Security

Notable Changes to NERC Reliability Standard CIP-005-5

Alberta Reliability Standard Cyber Security Implementation Plan for Version 5 CIP Security Standards CIP-PLAN-AB-1

ReliabilityFirst CIP Evidence List CIP-002 through CIP-009 are applicable to RC, BA, IA, TSP, TO, TOP, GO, GOP, LSE, NERC, & RE

The Protection Mission a constant endeavor

Safety Share Who is Cleco? CIP-005-3, R5 How What

Invensys Security Compliance Platform

NERC CIP Compliance with Security Professional Services

GE Intelligent Platforms. Meeting NERC Change Control Requirements for HMI/SCADA and Control Systems

RuggedCom Solutions for

Effective Defense in Depth Strategies

BSM for IT Governance, Risk and Compliance: NERC CIP

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Patching & Malicious Software Prevention CIP-007 R3 & R4

SecFlow Security Appliance Review

CIP Cyber Security Security Management Controls

NERC CIP Compliance Gaining Oversight with ConsoleWorks

Critical Infrastructure Security: The Emerging Smart Grid. Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn

GE Measurement & Control. Cyber Security for NEI 08-09

Ovation Security Center Data Sheet

Ovation Security Center Data Sheet

MONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

Challenges and Opportunities for Aligning the Power System Cybersecurity and Reliability Objectives

Waterfall for NERC-CIP Compliance

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

FERC, NERC and Emerging CIP Standards

RESILIENCE AGAINST CYBER ATTACKS Protecting Critical Infrastructure Information

PCI Compliance for Cloud Applications

Cyber Security. Smart Grid

EnergySec Partnered Webinar with MetricStream Transitioning to NERC CIP Version 5: What Does it Mean for Electric Utilities JANUARY 28, 2015

Vendor Audit Questionnaire

Completed. Document Name. NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method

Top Ten Compliance Issues for Implementing the NERC CIP Reliability Standard

Alberta Reliability Standard Cyber Security System Security Management CIP-007-AB-5

WHITE PAPER CYBER SECURITY AND ELECTRIC UTILITY COMMUNICATIONS WHAT NERC/CIP MEANS FOR YOUR MICROWAVE

Meeting NERC CIP Access Control Standards. Presented on February 12, 2014

The Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

2012 Honeywell Users Group Americas. Sustain.Ability. Rick Kaun - Honeywell. Cyber Security

Innovative Defense Strategies for Securing SCADA & Control Systems

Transcription:

Automating NERC CIP Compliance for EMS Walter Sikora 2010 EMS Users Conference

What do we fear? Thieves / Extortionists Enemies/Terrorists Stuxnet Malware Hacker 2025 Accidents / Mistakes 9/21/2010 # 2

What do we fear? Wally, the Auditor Wally Magna -- WECC Senior Compliance CIP Engineer 9/21/2010 # 3

NERC CIP Penalties No CIP-002---009 fines assessed to date, but: Other NERC enforcement actions: ~70 fines totaling ~$1.8M in 2010 And remember FPL $25M settlement in October 2009 The will and the way are in place! Source: GE Presentation 9/21/2010 # 4

NERC CIP Standards CIP-001 CIP-002 CIP-003 CIP-004 CIP-005 CIP-006 CIP-007 CIP-008 CIP-009 Sabotage Reporting Critical Cyber Asset Identification Security Management Controls Personnel and Training Electronic Security Perimeters Physical Security of Critical Cyber Assets Systems Security Management Incident Reporting and Response Planning Recovery Plans for Critical Cyber Assets 9/21/2010 # 5

NERC CIP Standards Phase 4 CIP- 002 CIP- 003 CIP- 004 CIP- 005 CIP- 006 CIP- 007 CIP- 008 CIP- 009 Critical Cyber Asset Identification Security Management Controls Personnel and Training Electronic Security Perimeters Physical Security of Critical Cyber Assets Systems Security Management Incident Reporting and Response Planning Recovery Plans for Critical Cyber Assets CIP- 010 CIP- 011 BES Cyber System Categorization BES Cyber System Protection CIP-010 and -011 on track to be complete and submitted to NERC Dec. 24, 2010 Critical Cyber Assets displaced by BES Cyber System Components Broader applicability Differentiated H/M/L Impact Ratings 9/21/2010 # 6

Transmission and Distribution Central EMS Site Substations tied to EMS Multiple regions Site 1 Site 2 Site 3 9/21/2010 # 7

Challenges for NERC CIP Assessment Challenges How do you produce data, reports and audit documentation for assessors? How do you incorporate and deal with findings from assessors? How do you verify that the findings have been corrected? Site 1 Site 2 Site 3 9/21/2010 # 8

Challenges for NERC CIP Assessment Challenges Internal Operational Challenges How do you manage forensics and support? How do you monitor and respond to alerts? How do you plan and track your configuration strategy? How do you manage your OS patches? How do you manage your software inventory (SCADA/DCS Servers, HMI, Historians, PLC/RTU/IED, switches, routers, perimeter devices) and their versions? How do you manage the licenses for your software? Site 1 Site 2 Site 3 9/21/2010 # 9

Challenges for NERC CIP Assessment Challenges Internal Operational Challenges NERC CIP Operational Challenges How do you collect and archive all your logs? How do you collect and archive all your compliance data? How do you ensure you haven t fallen out of compliance? How can you plan and track your patch strategy? Site 1 Site 2 Site 3 9/21/2010 # 10

Challenges for NERC CIP Assessment Challenges Internal Operational Challenges NERC CIP Operational Challenges NERC CIP Audit and Audit Preparation Challenges How do you produce data, reports and audit documentation for auditors? How do you incorporate and deal with findings from auditors? How do you verify that the findings have been corrected? Site 1 Site 2 Site 3 9/21/2010 # 11

Challenges for NERC CIP Assessment Challenges How do you produce data, reports and audit documentation for assessors? How do you incorporate and deal with findings from assessors? How do you verify that the findings have been corrected? Internal Operational Challenges NERC CIP Operational Challenges NERC CIP Audit and Audit Preparation Challenges How do you produce data, reports and audit documentation for auditors? How do you incorporate and deal with findings from auditors? How do you verify that the findings have been corrected? Site 1 Site 2 Site 3 9/21/2010 # 12

Compliance Manager Assessment Challenges How do you produce data, reports and audit documentation for assessors? How do you incorporate and deal with findings from assessors? How do you verify that the findings have been corrected? Compliance Standard (NERC) Assessment Reports Compliance Reports Assessment Results Compliance Manager Site 1 Site 2 Site 3 9/21/2010 # 13

Compliance Manager Assessment Challenges Internal Operational Challenges How do you manage forensics and support? Forensic Difference Report Day N Report Support call Configuration (Day N) Factory Configuration (Day 1) Compliance Manager SEM Day 1 Report Site 2 9/21/2010 # 14

Compliance Manager Assessment Challenges Internal Operational Challenges How do you manage forensics and support? How do you monitor and respond to alerts? How do you plan and track your configuration strategy? How do you manage your OS patches? How do you manage your software inventory (SCADA/DCS Servers, HMI, Historians, PLC/RTU/IED, switches, routers, perimeter devices) and their versions? How do you manage licenses for your software? Compliance Manager Patch/Config/ Software Reports Forensic Reports Logs, Compliance Data SEM SEM SEM Site 1 Site 2 Site 3 9/21/2010 # 15

Compliance Manager Assessment Challenges Internal Operational Challenges NERC CIP Operational Challenges How do you collect and archive all your logs? How do you collect and archive all your compliance data? How do you ensure you haven t fallen out of compliance? How can you plan and track your patch strategy? Data archiving Compliance Manager NERC CIP Compliance Reports Patch Reports Logs, Compliance SEM Data SEM SEM Site 1 Site 2 Site 3 9/21/2010 # 16

Compliance Manager Assessment Challenges Internal Operational Challenges NERC CIP Operational Challenges NERC CIP Audit and Audit Preparation Challenges How do you produce data, reports and audit documentation for auditors? How do you incorporate and deal with findings from auditors? How do you verify that the findings have been corrected? Compliance Manager NERC CIP Compliance/Audit Reports Logs, Compliance SEM Data SEM SEM Site 1 Site 2 Site 3 9/21/2010 # 17

Security Log and Configuration data retention and analysis Audit Reports Compliance Management System Security Operations Console Security Event SEM Manager 9/21/2010 # 18

Report Samples 9/21/2010 # 19

Report Samples 9/21/2010 # 20

Report Samples 9/21/2010 # 21

Report Samples 9/21/2010 # 22

Summary EMS Security Compliance Technology integration Implement and integrate multiple layers of security technology. while assuring no adverse impact to critical control systems Operations efficiency Integrate security administration into daily operational processes. with little or no increase in operations expense and personnel Defense in Depth Security sustainability Compliance audit support Respond rapidly to intense auditor demands regarding current and historical systems security information. or face regulatory fines and corporate compliance exceptions Compliance automation 9/21/2010 # 23

Automate Compliance It will be repeatable It will be simple It will be more efficient No more fear: Learn to Love compliance 9/21/2010 # 24

Email wsikora@industrialdefender.com Web www.industrialdefender.com Blog www.findingsfromthefield.com Twitter @i_defender @nerccip Corporate Overview 9/21/2010 # 25

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information