GE Measurement & Control. Cyber Security for NERC CIP Compliance



Similar documents
GE Measurement & Control. Cyber Security for Industrial Controls

Cyber Security for NERC CIP Version 5 Compliance

GE Measurement & Control. Cyber Security for NEI 08-09

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Notable Changes to NERC Reliability Standard CIP-010-3

LogRhythm and NERC CIP Compliance

TRIPWIRE NERC SOLUTION SUITE

IT Security and OT Security. Understanding the Challenges

Critical Security Controls

Payment Card Industry Data Security Standard

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Supporting our customers with NERC CIP compliance. James McQuiggan, CISSP

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Cyber Security Compliance (NERC CIP V5)

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Verve Security Center

Ovation Security Center Data Sheet

NERC CIP VERSION 5 COMPLIANCE

Critical Controls for Cyber Security.

North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Patching & Malicious Software Prevention CIP-007 R3 & R4

RuggedCom Solutions for

Ovation Security Center Data Sheet

Standard CIP 007 3a Cyber Security Systems Security Management

ABB s approach concerning IS Security for Automation Systems

Summary of CIP Version 5 Standards

Standard CIP Cyber Security Systems Security Management

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Technology Solutions for NERC CIP Compliance June 25, 2015

PCI Requirements Coverage Summary Table

Industrial Security for Process Automation

INCIDENT RESPONSE CHECKLIST

SANS Top 20 Critical Controls for Effective Cyber Defense

The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.

Completed. Document Name. NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Industrial Security Solutions

Alberta Reliability Standard Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-AB-1

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Information Shield Solution Matrix for CIP Security Standards

PCI Requirements Coverage Summary Table

Lessons Learned CIP Reliability Standards

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Invensys Security Compliance Platform

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

The Protection Mission a constant endeavor

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

A Rackspace White Paper Spring 2010

Notable Changes to NERC Reliability Standard CIP-005-5

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Continuous Compliance for Energy and Nuclear Facility Cyber Security Regulations

NovaTech NERC CIP Compliance Document and Product Description Updated June 2015

Alberta Reliability Standard Cyber Security System Security Management CIP-007-AB-5

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Achieving PCI-Compliance through Cyberoam

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

PCI DSS Requirements - Security Controls and Processes

Network and Security Controls

Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015

BSM for IT Governance, Risk and Compliance: NERC CIP

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

NERC CIP Version 5 and the PI System

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Securing OS Legacy Systems Alexander Rau

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Industrial Cyber Security. Complete Solutions to Protect Availability, Safety and Reliability of Industrial Facilities

Retention & Destruction

BM482E Introduction to Computer Security

UNITED STATES PATENT AND TRADEMARK OFFICE. AGENCY ADMINISTRATIVE ORDER Agency Administrative Order Series. Secure Baseline Attachment

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

How To Manage Security On A Networked Computer System

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Vendor Risk Assessment Questionnaire

Automating Cloud Security Control and Compliance Enforcement for PCI DSS 3.0

Chapter 1 The Principles of Auditing 1

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

74% 96 Action Items. Compliance

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements

ReliabilityFirst CIP Evidence List CIP-002 through CIP-009 are applicable to RC, BA, IA, TSP, TO, TOP, GO, GOP, LSE, NERC, & RE

Protecting productivity with Plant Security Services

Symphony Plus Cyber security for the power and water industries

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

SecFlow Security Appliance Review

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

How To Secure Your System From Cyber Attacks

Network/Cyber Security

Network Security Guidelines. e-governance

CompTIA Security+ (Exam SY0-410)

Transcription:

GE Measurement & Control Cyber Security for NERC CIP Compliance

GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used for purposes other than that for which it was originally furnished except with written permission of GE Oil & Gas. Copyright 2012 General Electric Company. All rights reserved.

Contents Cyber Security for NERC CIP Compliance...4 Sabotage Reporting...4 Access Control...4 Change Control and Configuration Management...4 Electronic Security Perimeter...4 Monitoring Electronic Access...5 Cyber Vulnerability Assessment...5 Documentation Review and Maintenance...5 Test Procedures...5 Ports and Services...5 Security Patch Management...6 Malicious Software Prevention...6 Account Management...6 Security Status Monitoring...6 Recovery Plans for Critical Cyber Assets...6 Cyber Security for NERC CIP Compliance 3

Cyber Security for NERC CIP Compliance During the Cyber Security and the Grid Senate Hearing on July 17, 2012, Mr. Gerry W. Cauley, North American Electric Reliability Corporation (NERC) President and Chief Executive Officer testified that compliance with NERC CIP standards is not enough; is an important threshold for properly securing the bulk electric system. However, no single security asset, technique, procedure, or standard even if strictly followed will protect an entity from all potential cyber threats. The cyber security threat environment is constantly changing and our defenses must keep pace. Security best-practices call for additional processes, procedures, and technologies beyond those required by the CIP standards. As a vendor of industrial controls, GE embraces its responsibilities to assist critical infrastructure owners to improve their security postures and support compliance efforts as they relate to GE provided equipment. Many of the product security features available for current controls, such Mark* VIe and EX2100e, are also available as enhancements for older controls, such as the EX2000, Mark V, EX2100, Mark VI. GE supports customer compliance efforts by providing baseline configuration documentation for current and certain legacy controls, supporting asset operator cyber vulnerability assessments and associated mitigations. GE s cyber security solution is comprised of the Cyber Asset Protection (CAP) Software Update Subscription, and the SecurityST Appliance that support cyber security best practices such as centralized patch management, anti-virus/host intrusion detection updates, account management, logging and event management, intrusion detection and automated backup. The solution supports confidentiality, integrity and availability of critical controls and related networks, which in turn can be applied to support owner compliance towards NERC CIP. The following matrix provides more details on how CAP SW Update Subscription and SecurityST support NERC CIP compliance. NERC CIP Standards How CAP SW Update Subscription + SecurityST Support Responsible Entity s Compliance NERC CIP Standards Sabotage Reporting CIP-001 Access Control CIP-003: R5 How CAP SW Subscriptions + SecurityST Support Responsible Entity s Compliance The Security Information Event Management (SIEM) system centralizes and correlates event logs. The SIEM provides operators with a single, centralized, correlated and real-time display of activities throughout the plant data highway (PDH) and unit data highway (UDH) network. The SIEM supports correlation analysis through logged data. Centralized account management supports unified administration of role based access control and least privilege that easily integrates into plant wide, account management. The SIEM analyzes access log data and provides alerting and reporting of role-based access logs. Access to the ESP and changes made to the network and systems will be logged. The SIEM centralizes and aggregates log and event management to support correlation analysis. Change Control and Configuration Management CIP-003: R6 GE s CAP SW Update subscription supports CIP-003 R6 Change Control and Configuration Management by providing subscribers with the delivery of monthly DVDs that contain validated and tested critical operating system (OS) updates, security patches, and anti-virus and host intrusion detection system (HIDS) definitions. SIEM capture changes to configuration of controls and related network devices. Electronic Security Perimeter CIP-005: R1 GE assists the Responsible Entity in meeting the logical access control of CIP-003-4 R5 by capturing ingress and egress firewall activity. Firewall rule set and Network Intrusion Detection monitoring/logging capabilities further support Electronic Security Perimeter (ESP) access control. 4 Cyber Security for NERC CIP Compliance

NERC CIP Standards Electronic Access Controls CIP-005: R2 How CAP SW Subscriptions + SecurityST Support Responsible Entity s Compliance By default does not contain dial-up connectivity. Wireless access in not provided as part of GE s standard network configuration. When operating in secure mode, the controller solely permits executables, on a hash protected, encrypted list defined in firmware Components can be configured to display licensee or unit-specific use banners messages before granting access, ensuring the message remains on the screen until the user takes explicit actions to log on. System-use banners are supported by local security policy and can be centrally configured using the Active Directory. System-use banners can also be configured with routers, switches, and NIDS. Monitoring Electronic Access CIP-005: R3 Monitors, logs and alerts for attempts to access ESP NIDS (network intrusion detection system) logs and monitors traffic at the outer perimeter of the Controls network. SIEM correlates logs to allow centralized view of access activities. Controls and associated network devices are not configured to support public remote dial-up devices. Cyber Vulnerability Assessment CIP-005: R4 GE helps customers meet CIP-005-4a R4 by documenting baseline configurations and ports and services for normal and emergency operations. This data can be used to support assessment activities. GE SIEM and NIDS log retention capability are configured to meet or exceed 90 day NERC storage requirement, until user can move to longer term storage. Documentation Review and Maintenance CIP-005: R5 Test Procedures CIP-007: R1 Ports and Services CIP-007: R2 The CAP Software Update Subscription supports critical infrastructure owners efforts to manage current patch levels and Anti-Virus/Host Intrusion Detection signatures, as well as enhanced backup to support continuity of operations. The patches and Anti-Virus/Host Intrusion Detection signatures provided through the CAP Software Update subscription have been evaluated for applicability, tested in a representative operational lab environment, documented securely delivered. Controls Solutions maintains a validation lab in which OS and application patches and Anti-Virus/Host Intrusion Detection signature updates are tested in a controlled, operationally representative environment, OS and major ControlST platform software revision at the customer site. Testing demonstrates that functional operation of the control and related interfaces, as well as the communication to the system is not adversely impacted by the updates. Further, updates are also tested for optional customer scope such as hardened switches, firewalls and SecurityST appliance. Any updates that are identified to potentially impact operations are excluded; these updates are documented and a mitigation strategy is developed to compensate for this security update. Any false positive identified by new signatures, which would quarantine files needed for Normal and Emergency operations are noted and instruction on how to allow whitelist these files are included. Ports and services, as well as software/processes, for HMIs, switches and controllers have been minimized to those required for normal and emergency operations Cyber Security for NERC CIP Compliance 5

NERC CIP Standards Security Patch Management CIP-007: R3 How CAP SW Subscriptions + SecurityST Support Responsible Entity s Compliance GE s patch management application, supports patch change management compliance documentation by generating a report that shows the following: Listing of applicable updates to your system Status of the update (applied or missing). Update reference information, including patch number, bulletin ID and bulletin title US Computer Emergency Readiness Team (US CERT) level of severity associated with update Time required to apply update in the representative operational test environment and whether or not a reboot is required. Malicious Software Prevention CIP-007: R4 Account Management CIP-007: R5 Monthly provision of applicable, documented and tested anti-virus and HIDS signatures. Centralized account management supports unified administration of role based access control and least privilege that easily integrates into plant wide, account management. Access logging can be centrally logged on the domain control server and maintained for 90 days or longer. Security Status Monitoring CIP-007: R6 The SIEM provides real-time capability that centrally alerts, logs and detects cyber security events, allowing operators to monitor unauthorized activity The SIEM provides a single, centralized real-time display aggregating data/logs for correlation analysis Recovery Plans for Critical Cyber Assets CIP-009: R1-R2 The SecurityST Appliance includes a centralized backup and recovery tool that allows for scheduled backup. Related documentation to support recovery procedures. 6 Cyber Security for NERC CIP Compliance

GE Measurement & Control 1800 Nelson Road Longmont, CO 80501 (540) 387-8726 (888) 943-2272 GE4Service@ge.com http://www.ge-mcs.com/controlsolutions Controls Connect customer portal: ge-controlsconnect.com * Denotes a trademark of the General Electric Company. Copyright 2012 General Electric Company. All rights reserved. GEA20307 (10/2012)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information