• No results found

Cyber Security Compliance (NERC CIP V5)

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Cyber Security Compliance (NERC CIP V5)"

Copied!
22
0
0

Loading.... (view fulltext now)

Download now ( 22 Page )

Full text

(1)

Cyber Security Compliance (NERC CIP V5)

Ray Wright

NovaTech, LLC Abstract:

(2)

Topics

Review of Version 5 Changes

Review Major Challenges in Transitioning to Version 5

Review the Need for Automation in Meeting Version 5

• The “Intermediate System”

• Configuration Management

(3)

Current NERC CIP Documents

CIP–002–3 — Cyber Security— Critical Cyber Asset Identification CIP–003–3 — Cyber Security — Security Management Controls CIP–004–3 — Cyber Security — Personnel and Training

CIP–005–3 — Cyber Security — Electronic Security Perimeter(s) CIP–006–3 — Cyber Security — Physical Security

CIP–007–3 — Cyber Security — Systems Security Management

CIP–008–3 — Cyber Security — Incident Reporting and Response Planning CIP–009–3 — Cyber Security — Recovery Plans for Critical Cyber Assets

(4)

NERC CIP Documents “Version 5”

CIP–002–5 — Cyber Security — BES Cyber System Categorization

CIP–003–5 — Cyber Security — Security Management Controls CIP–004–5 — Cyber Security — Personnel and Training

CIP–005–5 — Cyber Security — Electronic Security Perimeter(s)

CIP–006–5 — Cyber Security — Physical Security of BES Cyber Systems

CIP–007–5 — Cyber Security — Systems Security Management

CIP–008–5 — Cyber Security — Incident Reporting and Response Planning

CIP–009–5 — Cyber Security — Recovery Plans for BES Cyber Systems

(new) CIP–010–1 — Cyber Security — Configuration Change Mgmt. and Vulnerability Assessments (new) CIP–011–1 — Cyber Security — Information Protection

(5)

Version 5 Introduces New Definitions

Cyber Asset

Programmable electronic devices, including the hardware, software, and data in those devices.

BES Cyber Asset

A Cyber Asset that if rendered unavailable, degraded, or misused would affect the

reliable operation of the Bulk Electric System.

BES Cyber System

One or more BES Cyber Assets logically grouped to perform

one or more reliability tasks.

“Bulk Electric System”

…generally 100kV or higher.

(6)

Improved Definition of Criticality

V3/V4

V5

Critical High Medium Non-Critical Non-Critical Low Other

Any BES Cyber Asset not “High” or “Medium”

(7)

Version 5 Expands Definition of “Applicable Systems”

Electronic Access Control or Monitoring Systems (EACMS) – Applies to each Electronic

Access Control or Monitoring System associated with a referenced high impact BES Cyber System or medium impact BES Cyber System. Examples may include, but are not limited to, firewalls, authentication servers, and log monitoring and alerting systems.

Physical Access Control Systems (PACS) – Applies to each Physical Access Control System

associated with a referenced high impact BES Cyber System or medium impact BES Cyber System with External Routable Connectivity.

Protected Cyber Assets (PCA)– Applies to each Protected Cyber Asset associated with a

referenced high impact BES Cyber System or medium impact BES Cyber System

(8)

Other Significant Changes V3/4 to V5

Must now use an “intermediate device” between User and Critical Asset

The exemption of Cyber Assets from applicability to the NERC CIP standards based on

communication characteristics no longer applies.

Must remove/disable both unused “software ports” and unused “hardware points”

Improved definition for patching

• Defines the source of the “patches” (also “hot fixes” and “updates”)

• Provides better definition of “release date” and “availability date”

• If installing the patch introduces more risk than the vulnerability represents, an alternate process is defined

Does not mandate anti-virus software

Requires security monitoring points

(9)

Top 10 Transition Challenges

(10)

The Need for Automation in Meeting NERC CIP 5

(11)

System without Intermediate System

(12)

Intermediate System

Electronic Security Perimeter System

User

Networked Servers

Remote

Connection and Password Managers Broadband Connection Critical Cyber Assets Intermediate System

(13)

Remote Connection and Password Management System

August 30, 2014 Presentation title

Electronic Security Perimeter System User Networked Servers Critical Cyber Assets

All users who interact with substation assets login to the system System manages all user passwords and permission

System manages the details of all connections to substation assets System manages passwords in the substation assets

Encrypted

Broadband Connection

(14)

Remote Connection and Password Management System

(15)

The Need for Automation in Meeting NERC CIP 5

Configuration

Management

August 30, 2014 Presentation title

(16)

The Need for Automation in Meeting NERC CIP 5

Configuration Management (cont.)

Etc.

(17)

Return to Table of Contents

17

Return to Table of Contents

Substation Security Appliance

System Operation Example – Configuration Retrieval

Configuration data from substation assets collected by substation security appliance

and forwarded to servers for comparison

Substation Security Appliance

(18)
(19)

Return to Table of Contents

19

Return to Table of Contents

Configuration Retrieval Steps

(20)
(21)

Return to Table of Contents

21

Return to Table of Contents

Configuration Retrieval Steps

(22)

Conclusions

For many utilities, NERC CIP V5 will be difficult to meet without some

automation

References

Download now ( PDF - 22 Page - 781.90 KB )

Related documents

Social Engineering. Hacking Human Nature

sophisticated CYBER SECURITY | REGULATORY COMPLIANCE | DIGITAL FORENSICS.. CYBER SECURITY | REGULATORY COMPLIANCE |

Convert Term Insurance To Universal Life

Strategy should know to convert term insurance to universal life insurance policy in my business purposes, the premiums you do a coverage.. Wealth found that you convert a type of

Within seconds of answering the phone, those ominous

In this section the estimator should document all potential items of cost which might be associated with the project but for which no costs have been included in the estimate..

Reclamation Manual Directives and Standards

Vulnerability assessment testing is required for all access points into an electronic security perimeter (ESP), all cyber assets within the ESP, and all cyber assets that

NERC Cyber Security Standards

NERC Cyber Security Standards Overview 9 Definitions Definitions ƒ Critical Assets:.. • Facilities, systems, and equipment which, if destroyed, degraded, or otherwise

CIP Cyber Security Electronic Security Perimeter(s)

Evidence must include each of the applicable documented processes that collectively include each of the applicable requirement parts in CIP-005-5 Table R1 – Electronic

The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.

The first step in protecting them is to create “electronic security perimeters.” Electronic security perimeters monitor and control access to the Critical Cyber Assets..

LogRhythm and NERC CIP Compliance

As part of the NERC CIP Compliance Package, the enterprise assets are categorized according to NERC CIP CIP-002-1 Critical Cyber Asset Identification standards: Electronic Security