Control System Integrity (CSI) Tools and Processes to Automate CIP Compliance for Control Systems James Goosby Manager I&C Systems and Field Support 19 th Annual ARC Industry Forum
Agenda About Us Compliance Challenge Compliance Environment Today Control System Integrity (CSI) Solution Results
About Southern Company 46,000 megawatts of electric generating capacity 4.4 million customers Fossil, hydro, nuclear, solar, and wind Safety, compliance, and operational excellence
The Why Southern Company Facility Map
Southern Company Facility Map The Why Cisco (Control Networks) ABB (DCS) Yokogawa GE Bently Nevada Modicon (PLC) Siemens (TCS) Mitsubishi (TCS) Foxboro (DCS) Woodward (TCS) Metso (DCS) Emerson (DCS) Allen Bradley (PLC) Schweitzer (Relay) Siemens (EMS) RTU AspenTech GE Mark VI Spectrum (CEMS) Toshiba (TCS) GE Fanuc (PLC)
Southern Company NERC CIP Compliance Tools Cisco Security Manager HP ArcSight Enterprise Security Manager RSA SecurID Tufin Secure Track Infoblox NetMRI PAS Cyber Integrity Full compliance requires many tools to manage access, document processes, and report evidence.
Control System Integrity (CSI) The What Enables industrial control system data management Control systems are the brains of our facilities What happens if we don t care for them? Safety Reliability Economics Effective and ongoing control system management practices leads to compliance
Control System Integrity The What Purpose Meet NERC Cyber Security Standards Collect and archive plant automation data Transform data into compliance information to: Document, support, and manage security processes and compliance requirements
NERC CIP Standards V5 CIP-002 CIP-003 CIP-004 CIP-005 CIP-006 BES CYBER SYSTEMS CATEGORIZATION SECURITY MANAGEMENT CONTROLS PERSONNEL AND TRAINING ELECTRONIC SECURITY PHYSICAL SECURITY BES Cyber Systems Senior Manager Approval Security Awareness Program Electronic Security Perimeter Physical Security Plan Associated Protected Assets Annual Review Annual Approval Cyber Security Policies Leadership Designation Delegation of Authority Cyber Security Training Program Personnel Risk Assessment Program Access Management Program Remote Access Management Visitor Control Program Maintenance & Testing Program CSI will be used to manage the requirements in RED
NERC CIP Standards V5 (cont.) CIP-007 CIP-008 CIP-009 CIP-010 CIP-011 SYSTEMS SECURITY MANAGEMENT INCIDENT REPORTING & RESPONSE PLANNING RECOVERY PLANS FOR BES CYBER SYSTEMS CONFIGURATION CHANGE MGMT & VULNERABILITY ASSESSMENT INFORMATION PROTECTION Ports & Services Security Patch Management Malicious Code Prevention Security Event Monitoring System Access Controls Cyber Security Incident Response Plan Implementation & Testing Review, Update & Communication Recovery Plan Specifications Backup & Storage Process Implementation & Resting Review, Update & Communication Configuration Change Management Configuration Monitoring Vulnerability Assessments Information Protection BES Cyber Asset Reuse & Disposal CSI will be used to manage the requirements in RED
Control System Integrity Tools The What System Security Management Query and reporting on detailed device information: Security patch management User account management Malicious software prevention mgmt Password change management Ports and services monitoring Backup and storage management Supports CIP-007 compliance
Control System Integrity Tools The What Recovery Plans For BES Cyber Systems Backup & Storage Level 1 backup generated automatically during data collection Copied to protected corporate network location for each plant Includes Control Logic Database Graphics Files Configuration Files Supports CIP-009 compliance
Control System Integrity Tools The What Configuration Change Management Change Workflow Process Propose, authorize, implement, reconcile, and sign-off Types of changes to be managed Asset Inventory Control System Configuration Control System Software Cyber Security Changes Ports, services, OS security patches, AV updates Supports CIP-010 compliance
CSI System Architecture 1 COLLECT Automation Data Configurations, User Interfaces, Device data, System Logs, Inventory 5 REPORT Secure Web Interface 2 TRANSPORT Raw Automation Data 1.6 TB of data weekly CSI Data Engine Contextualized Control Information Data Input Control Configurations, Device Data, and Graphics Manual Inventory NERC Properties Approved User List, OS Patches, Vendor Patches, Device Ports & Services, Anti-Virus Definitions Backup and Storage Sched. Password Mgmt Schedule 3 IMPORT 4 Data PROCESS Data Information Output Compliance Dashboard Asset Inventory Change Management Report People with Access to CCAs Port & Services, OS Patch, and App. Patch Variances Antivirus Definition Updates User Accounts, Password Change Mgmt, and Media Disposal Mgmt Backup & Storage Records
CSI Implementation of PAS Cyber Integrity On target to meet April, 2016 NERC-CIP deadline Expected, annualized compliance savings of $2M with 90% reduction in reporting costs
Summary CSI is a combination of PAS Cyber Integrity software and Southern business processes that automates compliance for control systems by detecting and managing change.