Control System Integrity (CSI) Tools and Processes to Automate CIP Compliance for Control Systems



Similar documents
Cyber Security Compliance (NERC CIP V5)

Supporting our customers with NERC CIP compliance. James McQuiggan, CISSP

Implementation Plan for Version 5 CIP Cyber Security Standards

A Tactical Approach to Continuous Compliance. Walt Sikora, Vice President Security Solutions EMMOS 2013

TRIPWIRE NERC SOLUTION SUITE

Verve Security Center

Turbine Controls Update

The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.

Technology Solutions for NERC CIP Compliance June 25, 2015

Automating NERC CIP Compliance for EMS. Walter Sikora 2010 EMS Users Conference

Summary of CIP Version 5 Standards

Standard CIP Cyber Security Systems Security Management

NovaTech NERC CIP Compliance Document and Product Description Updated June 2015

Standard CIP 007 3a Cyber Security Systems Security Management

Cyber security tackling the risks with new solutions and co-operation Miikka Pönniö

Alberta Reliability Standard Cyber Security Implementation Plan for Version 5 CIP Security Standards CIP-PLAN-AB-1

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)

John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

Information Shield Solution Matrix for CIP Security Standards

NERC CIP Compliance. Dave Powell Plant Engineering and Environmental Performance. Presentation to 2009 BRO Forum

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?

IT Security and OT Security. Understanding the Challenges

NERC CIP Tools and Techniques

NERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

GE Measurement & Control. Cyber Security for NERC CIP Compliance

Alberta Reliability Standard Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-AB-1

Alberta Reliability Standard Cyber Security System Security Management CIP-007-AB-5

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

Resilient and Secure Solutions for the Water/Wastewater Industry

Alberta Reliability Standard Cyber Security Personnel & Training CIP-004-AB-5.1

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Resilient and Secure Solutions for the Water/Wastewater Industry

GE Intelligent Platforms. Meeting NERC Change Control Requirements for HMI/SCADA and Control Systems

Cyber Security nei prodotti di automazione

How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework

Plans for CIP Compliance

Invensys Security Compliance Platform

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Dairyland Power Cooperative Job Description

Reclamation Manual Directives and Standards

Cyber Security for NERC CIP Version 5 Compliance

Completed. Document Name. NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method

8/27/2015. Brad Schuette IT Manager City of Punta Gorda (941) Don t Wait Another Day

NERC Cyber Security Standards

Alberta Reliability Standard Cyber Security Security Management Controls CIP-003-AB-5

Notable Changes to NERC Reliability Standard CIP-010-3

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

LogRhythm and NERC CIP Compliance

CIP R1 & R2: Configuration Change Management

NERC CIP VERSION 5 COMPLIANCE

Cyber Security & Instrumentation and Controls. Bill May Executive, Global Strategic Projects PAS, Inc. Houston, TX

How To Write A Cyber Security Checkout On A Nerc Webinar

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Ovation Security Center Data Sheet

Safety Share Who is Cleco? CIP-005-3, R5 How What

Ovation Security Center Data Sheet

Secure Remote Substation Access Interest Group Part 3: Review of Top Challenges, CIPv5 mapping, and looking forward to 2014!

CIP Cyber Security Security Management Controls

Effective Defense in Depth Strategies

Industrial Security for Process Automation

Critical Infrastructure Cybersecurity

BSM for IT Governance, Risk and Compliance: NERC CIP

Critical Controls for Cyber Security.

ARC INDUSTRY FORUM 2015

FERC, NERC and Emerging CIP Standards

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi

GE Measurement & Control. Cyber Security for Industrial Controls

Scanning a Clone in the Cloud; Safe DCS Vulnerability Scanning

Innovative Defense Strategies for Securing SCADA & Control Systems

BPA Policy Cyber Security Program

Global Industrial Cyber Security Professional GICSP

Using Monitoring, Logging, and Alerting to Improve ICS Security ICSJWG 2015 Fall Meeting October 27, 2015

TOP 10 CHALLENGES. With suggested solutions

NERC Alert System Overview

Change and Configuration Management

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Secure Remote Substation Access Solutions

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

Joe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security

ReliabilityFirst CIP Evidence List CIP-002 through CIP-009 are applicable to RC, BA, IA, TSP, TO, TOP, GO, GOP, LSE, NERC, & RE

SIMPLIFYING THE PATCH MANAGEMENT PROCESS

Continuous Compliance for Energy and Nuclear Facility Cyber Security Regulations

Building more resilient and secure solutions for Water/Wastewater Industry

Utility Telecom Forum. Robert Sill, CEO & President Aegis Technologies February 4, 2008

Protect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies

Stronger than Firewalls And Cheaper Too

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

GE Measurement & Control. Cyber Security for NEI 08-09

Overview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015

Document ID. Cyber security for substation automation products and systems

CG Automation Solutions USA

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Symphony Plus Cyber security for the power and water industries

Best Practices for Cyber Security Testing. Tyson Jarrett Compliance Risk Analyst, Cyber Security

RuggedCom Solutions for

Transcription:

Control System Integrity (CSI) Tools and Processes to Automate CIP Compliance for Control Systems James Goosby Manager I&C Systems and Field Support 19 th Annual ARC Industry Forum

Agenda About Us Compliance Challenge Compliance Environment Today Control System Integrity (CSI) Solution Results

About Southern Company 46,000 megawatts of electric generating capacity 4.4 million customers Fossil, hydro, nuclear, solar, and wind Safety, compliance, and operational excellence

The Why Southern Company Facility Map

Southern Company Facility Map The Why Cisco (Control Networks) ABB (DCS) Yokogawa GE Bently Nevada Modicon (PLC) Siemens (TCS) Mitsubishi (TCS) Foxboro (DCS) Woodward (TCS) Metso (DCS) Emerson (DCS) Allen Bradley (PLC) Schweitzer (Relay) Siemens (EMS) RTU AspenTech GE Mark VI Spectrum (CEMS) Toshiba (TCS) GE Fanuc (PLC)

Southern Company NERC CIP Compliance Tools Cisco Security Manager HP ArcSight Enterprise Security Manager RSA SecurID Tufin Secure Track Infoblox NetMRI PAS Cyber Integrity Full compliance requires many tools to manage access, document processes, and report evidence.

Control System Integrity (CSI) The What Enables industrial control system data management Control systems are the brains of our facilities What happens if we don t care for them? Safety Reliability Economics Effective and ongoing control system management practices leads to compliance

Control System Integrity The What Purpose Meet NERC Cyber Security Standards Collect and archive plant automation data Transform data into compliance information to: Document, support, and manage security processes and compliance requirements

NERC CIP Standards V5 CIP-002 CIP-003 CIP-004 CIP-005 CIP-006 BES CYBER SYSTEMS CATEGORIZATION SECURITY MANAGEMENT CONTROLS PERSONNEL AND TRAINING ELECTRONIC SECURITY PHYSICAL SECURITY BES Cyber Systems Senior Manager Approval Security Awareness Program Electronic Security Perimeter Physical Security Plan Associated Protected Assets Annual Review Annual Approval Cyber Security Policies Leadership Designation Delegation of Authority Cyber Security Training Program Personnel Risk Assessment Program Access Management Program Remote Access Management Visitor Control Program Maintenance & Testing Program CSI will be used to manage the requirements in RED

NERC CIP Standards V5 (cont.) CIP-007 CIP-008 CIP-009 CIP-010 CIP-011 SYSTEMS SECURITY MANAGEMENT INCIDENT REPORTING & RESPONSE PLANNING RECOVERY PLANS FOR BES CYBER SYSTEMS CONFIGURATION CHANGE MGMT & VULNERABILITY ASSESSMENT INFORMATION PROTECTION Ports & Services Security Patch Management Malicious Code Prevention Security Event Monitoring System Access Controls Cyber Security Incident Response Plan Implementation & Testing Review, Update & Communication Recovery Plan Specifications Backup & Storage Process Implementation & Resting Review, Update & Communication Configuration Change Management Configuration Monitoring Vulnerability Assessments Information Protection BES Cyber Asset Reuse & Disposal CSI will be used to manage the requirements in RED

Control System Integrity Tools The What System Security Management Query and reporting on detailed device information: Security patch management User account management Malicious software prevention mgmt Password change management Ports and services monitoring Backup and storage management Supports CIP-007 compliance

Control System Integrity Tools The What Recovery Plans For BES Cyber Systems Backup & Storage Level 1 backup generated automatically during data collection Copied to protected corporate network location for each plant Includes Control Logic Database Graphics Files Configuration Files Supports CIP-009 compliance

Control System Integrity Tools The What Configuration Change Management Change Workflow Process Propose, authorize, implement, reconcile, and sign-off Types of changes to be managed Asset Inventory Control System Configuration Control System Software Cyber Security Changes Ports, services, OS security patches, AV updates Supports CIP-010 compliance

CSI System Architecture 1 COLLECT Automation Data Configurations, User Interfaces, Device data, System Logs, Inventory 5 REPORT Secure Web Interface 2 TRANSPORT Raw Automation Data 1.6 TB of data weekly CSI Data Engine Contextualized Control Information Data Input Control Configurations, Device Data, and Graphics Manual Inventory NERC Properties Approved User List, OS Patches, Vendor Patches, Device Ports & Services, Anti-Virus Definitions Backup and Storage Sched. Password Mgmt Schedule 3 IMPORT 4 Data PROCESS Data Information Output Compliance Dashboard Asset Inventory Change Management Report People with Access to CCAs Port & Services, OS Patch, and App. Patch Variances Antivirus Definition Updates User Accounts, Password Change Mgmt, and Media Disposal Mgmt Backup & Storage Records

CSI Implementation of PAS Cyber Integrity On target to meet April, 2016 NERC-CIP deadline Expected, annualized compliance savings of $2M with 90% reduction in reporting costs

Summary CSI is a combination of PAS Cyber Integrity software and Southern business processes that automates compliance for control systems by detecting and managing change.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information