SlideShare una empresa de Scribd logo

NERC Critical Infrastructure Protection (CIP) and Security for Field Devices

Schneider Electric
Schneider Electric

The document discusses NERC CIP guidelines for securing critical infrastructure devices in the electric grid. It provides an overview of the six main CIP guidelines regarding personnel authorization, training, security of the electronic perimeter, physical security, operations security, and incident reporting. The document emphasizes that compliance requires both compliant technologies and security-focused procedures. It also outlines key security principles like least privilege and role-based access controls. Overall, the summary provides a high-level view of the document's coverage of NERC CIP compliance objectives and guidelines.

Tecnología
1 de 14
Descargar para leer sin conexión
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Compliance principles and requirements Make the most of your energy SM
Summary Executive Summary . ................................................................................... p 1 Introduction ................................................................................................. p 2 Understanding CIP objectives ...................................................................... p 4 Core Security Principles . ............................................................................. p 5 NERC CIP technical control guidelines . ....................................................... p 6 Finding your compliance solution.................................................................. p 10 Conclusion................................................................................................... p 11
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Executive summary The North American Electric Reliability Corporation (NERC) maintains a set of Critical Infrastructure Protection (CIP) guidelines that address a broad range of critical cyber asset and cyber security issues. These guidelines describe the security-focused procedures that, in combination with compliant technology, enable secure electric grid operations. The CIP guidelines do not specify the technologies that must be deployed. Instead, they describe the technology design necessary to build an information management architecture that complies with security goals. These goals include the minimizing of administrative authorization needed for operational functions. Rights and privileges are to be assigned to a functional role, not a named individual. Audit trails of field data device and substation activity, similar to control room auditability, must be maintained to assure comprehensive confidence in data and controls. The six CIP guidelines summarized in the paper speak to the procedures and policies that are vital to critical cyber asset security – personnel authorizations; personnel training; security of the information management system’s electronic perimeter; security of the information management system’s physical assets; operational security; and incident reporting and response planning. The utility builds its CIP-compliant program with defined procedures addressing these guidelines, coupled with the hardware and software that enable full implementation of these procedures. Training of all personnel is necessary for effective and efficient compliance. White paper | 01
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Introduction In this paper, we target ‘the myth of compliance.’ While the term ‘compliant’ most often refers to products – the software and devices deployed in daily field operations of the electric grid – we at Telvent see security compliance as a ‘process.’ Through our extensive experience working with critical infrastructure asset owners, vendors and regulatory agencies, we know full compliance is achieved only when compliant hardware and software is complemented by information management procedures reflecting strong security principles. Here, we discuss in general how consistent NERC Critical Infrastructure Protection (CIP) compliance reflects best security practices combining: • Core security principles • Technical controls defined by CIP guidelines • strong level of discipline within the user organization and its vendor A organizations White paper | 02
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Understanding CIP objectives What CIP does. CIP provides general security CIP covers both technical and operational guidance toward achieving the minimal level of compliance. It is the combination of compliant security required for safe and secure operations. technology and security-focused procedures that enable CIP-compliant operations; see Figure 1. What CIP does not do. CIP does not prescribe or specify the technologies to be deployed to meet In this way, CIP challenges asset owners to secure operational goals. It defines objectives, consider security a ‘holistic’ issue that actively targets not how the user must achieve them. With the not only system design and installation but also responsibility of meeting secure operations objectives, daily processes. Compliant technology establishes the user also has the choice of which technology will a minimal level of authentication, authorization and best serve its needs in meeting those objectives. audit ability. The asset owner must actively build on that compliance foundation to realize a strong security culture within the organization. Compliance- Secure CIP Compliant Capable Hardware Configuration Devices CIP Compliant Operations CIP Compliant Training Processes Figure 1. Technology, in and of itself, does not impart CIP compliance. Rather, the user must build a program that assures its compliant technology is deployed and operated to create the level of security required to achieve compliance. White paper | 04
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Core Security Principles Let’s review the security principles that are fundamental in molding a CIP-compliant information Information management key for management architecture: security – and more Principle of Least Privilege (PoLP). This principle Reliable information management serves describes the technology design – the design critical infrastructure security by – of applications and field devices – that allows • aintaining infrastructure availability – M operation with the minimum amount of administrative preventing acts, intentional or accidental, authorization. A granular-access approach to from interrupting operations operational control limits authority to each employee’s functions; any control authorized beyond defined • reserving data integrity – to support the P operational functions invites errors that could have quality of operational decision-making as well inadvertent, far-reaching impact – and even invite as meet regulatory/auditing scrutiny malicious abuse. The robust information management system also can enforce data confidentiality, allowing it While many legacy systems might not accommodate to be used for: highly granular access, newer technology is being designed to meet this criterion. • Accounting purposes Role-based Access Controls (RbAC). Rights and • Business-critical processes privileges associated with any network device are assigned to an administrative role or job duty, rather • Customer consumption than to a named individual. This approach allows individuals to move in and out of roles within the With compliant information management architecture, organization without complicated re-definition of the asset owner will: that person’s authorization, supporting continuous compliance and limiting authorization errors. It also • Know and control who is allowed to access the supports the centralized management essential in an system efficient, integrated network. • Know and control what each individual is allowed to Audit trails. While maintaining audit trail capability do on the system is familiar in the control room, CIP compliance extends this concept to operation of field devices. • Know and control what can be done by an By maintaining an awareness of field data activity individual based on where the individual is accessing and changes at the device and substation level, the the system user can integrate that data into centralized control with confidence. The intent is to not only provide the • Know what each individual has done on the system means for documenting system management in the recent past but to also enable real-time assessment • Prevent access to critical assets from any location of whether the CIP controls in place are appropriate – where any of the above situations is not true doing their job and meeting compliance goals. White paper | 05
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices NERC CIP technical control guidelines The NERC CIP document addresses a broad range of Critical Cyber Asset (CCA) and Cyber Security About NERC issues; here, we very briefly review six of the CIP guidelines that apply to operation of electric network The North American Electric Reliability Corporation (NERC) is an international field devices; also see Table 1. The full text of the regulatory authority established to evaluate NERC CIP standard can be found at http://www. reliability of the bulk power system in North nerc.com. America. NERC develops and enforces Reliability Standards; assesses adequacy CIP-003 Security Management Controls describes annually via ten-year forecasts and winter and the development of a cyber security policy and summer forecasts; monitors the bulk power documentation of that policy in a way that it can system; and educates, trains, and certifies industry personnel. NERC is the electric be updated and that all staff is aware of the policy. reliability organization for North America, It discusses management of personnel who have subject to oversight by the U.S. Federal access to the CCAs and identification of users with Energy Regulatory Commission (FERC) and different privileges, roles and responsibilities. governmental authorities in Canada. For more information, visit http://www.nerc.com • he user will want to look for hardware that can be T configured to allow a specific ID for each user and CIP guideline uses vaguely worded phrases such for addition and deletion of privileged users and for as “where technically feasible”; this wording makes users with different levels of access. Hardware that it difficult for the organization to fully understand documents not only access but also documents requirements. details of functions performed during the access is a big advantage; this downloadable User Log will While encryption is not identified specifically as a provide an audit trail for CIP compliance. guideline for ESP access, CIP-005 does speak to: CIP-004 Personnel and Training identifies the • ecurity of dial-up access – unclear if having a S personnel training and awareness recommended password and User Name to access constitutes for supporting security-related operations and ‘secure.’ Use of a ‘call back’ modem or a SCADA- procedures. It cites CCA user identification lists that controlled relay that is closed for access and are reviewed periodically and can be modified to opened when not needed provides adequate change both users and user privileges. security. • evices that accept addition or deletion of users D - n alternative to dial-up connection is the A and/or privileges remotely allow updates quickly Ethernet strategy, providing the IT tunnel that and keep functionalities accurately maintained. eliminates a dial-up channel. Another plus: with employees equipped with cell phones, replacing CIP-005 Electronic Security Perimeter(s) deals dial-up access also eliminates any need for a with identification and protection of ESP access phone line into the substation. points and communications. In some places, this White paper | 06
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices • ccess denied by default – access requires A TABLE 1 password, and password changeability Summary of CIP Issues • nabling and disabling ports or functions deemed E Requirement NERC CIP Compliant hardware capabilities not needed – at the most basic level, a firewall Standard capability serves this purpose User Access CIP-004 • ndividual user accounts/ I CIP-005 passwords CIP-007 • rivileges defined on a per- P • ppropriate-use banner – in our opinion, most likely A user basis a legal shield • Strong passwords supported • asswords hidden when P • onitoring, logging and warnings for user access or M entered attempted access – simple if the device has alarm Access Control CIP-003 • Passwords can be managed generation and logging ability, most useful if alarm CIP-005 from central location CIP-004 • ultiple admin-type accounts M alert is in real time can be configured • User Log, IP Filter list - onsider hardware that generates an alarm each C Electronic Security CIP-005 • limination of dial-up access E time a user logs in to initiate automatic user Perimeter CIP-003 with use of IP tunnel validation by SCADA or other means. IP Tunnel CIP-007 • Appropriate banner usage • lectronic access logged; can E capability eliminates dial-up access, and IP filter be monitored and alarmed capability adds an additional layer of security. • Port data paths configurable • SSL / SSH LAN CIP-006 Physical Security discusses physical Logging of CIP-003 • Every access attempt logged accessibility to equipment, including: Access and Usage CIP-004 • Resets logged CIP-007 • User changes logged CIP-008 • Time-tagged events logged • Mounting equipment in lockable enclosures Personnel termination/ CIP-004 • ser accounts revocable by U privilege changes CIP-007 administrator • Remote control of locks • ser accounts ‘downgradable’ U to lower level of authority • Access alarms indicating a door or gate is open Security Software CIP-007 • ll software upgrades available A Management for real-time updates • Card keys, video cameras, etc. • Non-Windows-based OS Alerts and CIP-005 • Every access attempt logged • User logged in and failed login attempts Notifications CIP-007 • ccess notification alarms A CIP-008 available to SCADA - evices that can integrate card keys and/or video D initiation with access alarms enhance security of the physical perimeter. White paper | 07
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices CIP-007 Systems Security Management deals with operating issues such as security patches, The Electronic Security Perimeter virus protection, vendor releases and event logging. References to device security reinforce CIP-005 The majority of ‘surface area of the ESP’ involves field device hardware; see Figure 2. concepts: For this reason, the technical security controls defined by CIP focus on control of access and • bility to enable or disable unused or unneeded A communication of field devices. ports and services – or compensating factor that will mitigate risk, such as physical security • Security patches and firmware upgrades ESP • nti-virus and malware protection – driven by the A Field Devices operating system - erely due to the widespread deployment of M Data Gathering/ Security Risk/Surface Area the Windows® operating system, the use of a Substations non-Windows OS might reduce the possibility of targeted attack. Devices that operate on a Comms non-Windows OS might be inherently immune to typical virus and malware threats and less likely to be targeted by hackers or persons intent on causing harm. In any case, user login monitors and alarms and use of discrete passwords Control System minimize risk. • ndividual, not shared, accounts – as mentioned in I Business Support CIP-003 controls, privileges should be defined on a per-role basis Enterprise Infrastructure - Logs and audit trails – - ogin and failed login attempts generate mapable L Figure 2. Proper device configuration is a key step in CIP alarm indications compliance. • Any access requires valid, strong password - evices that support centralized password D management facilitate the requirement for password control. White paper | 08
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices • sers can be assigned different levels of access U based on need - View Only - Other levels/privileges - dministrator who can control access by other A users • All passwords are stored, hidden or encrypted • quipment should be wiped on disposal, either E by memory erase or physically destroying the microchip if necessary - f a device fails, it might be difficult to effectively I erase memory. Look for devices that have removable media. CIP-008 Incident Reporting and Response Planning relates to the managing and handling of reports and logs. While collecting and storing logs for historical reference is necessary, how that retention is done is determined by the hardware and the organization’s capabilities. • emote electronic download of user logs, SOE R log, system log and control log facilitates data documentation for reports and compliance audit trail, compared to collection via a physical tap. White paper | 09
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Finding your compliance solution CIP guidelines are drawn to identify the desired goal; of patches and updates that are anticipated to be it is up to the organization to institute the hardware, needed for substation devices, the organization software and processes that best allow it to meet might consider segregating the router and substation these goals. controller, excluding the Substation Controller, from the electronic security perimeter. This might For example, the utility can determine where its reduce point-to-point testing time and effort due to physical and electronic security perimeters begin application of patches and upgrades. and end. Figure 3 shows a typical substation where the control house, in essence, is the physical Bottom line: the organization is responsible for security perimeter. Electronic security perimeters are writing the procedures that make compliance to CIP effectively constructed around the devices such as guidelines efficient and effective. router and dial-up control that are communication end points. Depending on the number and frequency Pole top/ remote IEDs SCADA Pole top/ Phone Electronic security Master remote IEDs Pole top/ perimeter remote IEDs Pole top/ remote IEDs Wireless Dial up Router comms Substation DMS/HMI controller Discrete I/Os IEDs Cap IEDs Other smart legacy LTCs relays bank meters devices/IEDs RTU Physical security perimeter Figure 3. The utility should keep the ESP as small as possible. White paper | 10
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Conclusion One requirement CIP guidelines don’t spell out is the need for adaptability and intra- organization cooperation. Security is an arms race, and the electric utility requires considerable cooperation and integration within the organization to stay agile enough to adapt to changing challenges and still meet compliance. Careful consideration of hardware and software choices will help the utility institute the continual modifications that are needed to meet the moving target of critical infrastructure protection. Flexible asset access controls are a must to mitigate changing risks. Above all, dedicated intra-organization communications and training that emphasize security make every employee part of the solution – and assure that security is a successful process. White paper | 11
©2012 Schneider Electric. All rights reserved. Schneider Electric USA, Inc. 4701 Royal Vista Circle Fort Collins, CO 80528 Phone: -866-537-1091 1 + (34) 9-17-14-70-02 Fax: 1-970-223-5577 www.schneider-electric.com/us June 2012

Recomendados

BSidesAugusta 2022 - The Power of the OT Security Playbook
BSidesAugusta 2022 - The Power of the OT Security PlaybookBSidesAugusta 2022 - The Power of the OT Security Playbook
BSidesAugusta 2022 - The Power of the OT Security Playbook
Chris Sistrunk
 
Cyber Situational Awareness: TechNet Augusta 2015
Cyber Situational Awareness: TechNet Augusta 2015Cyber Situational Awareness: TechNet Augusta 2015
Cyber Situational Awareness: TechNet Augusta 2015
AFCEA International
 
Cyber Security in Energy & Utilities Industry
Cyber Security in Energy & Utilities IndustryCyber Security in Energy & Utilities Industry
Cyber Security in Energy & Utilities Industry
Prolifics
 
Traditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeTraditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer Crime
Dhrumil Panchal
 
Virtualization - Sanallaştırma
Virtualization - SanallaştırmaVirtualization - Sanallaştırma
Virtualization - Sanallaştırma
Mustafa Tanyer
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations Center
Dragos, Inc.
 
Lect4 software economics
Lect4 software economicsLect4 software economics
Lect4 software economics
meena466141
 
Software Project Management
Software Project ManagementSoftware Project Management
Software Project Management
asim78
 

Recomendados

BSidesAugusta 2022 - The Power of the OT Security Playbook
BSidesAugusta 2022 - The Power of the OT Security PlaybookBSidesAugusta 2022 - The Power of the OT Security Playbook
BSidesAugusta 2022 - The Power of the OT Security Playbook
Chris Sistrunk
 
Cyber Situational Awareness: TechNet Augusta 2015
Cyber Situational Awareness: TechNet Augusta 2015Cyber Situational Awareness: TechNet Augusta 2015
Cyber Situational Awareness: TechNet Augusta 2015
AFCEA International
 
Cyber Security in Energy & Utilities Industry
Cyber Security in Energy & Utilities IndustryCyber Security in Energy & Utilities Industry
Cyber Security in Energy & Utilities Industry
Prolifics
 
Traditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeTraditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer Crime
Dhrumil Panchal
 
Virtualization - Sanallaştırma
Virtualization - SanallaştırmaVirtualization - Sanallaştırma
Virtualization - Sanallaştırma
Mustafa Tanyer
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations Center
Dragos, Inc.
 
Lect4 software economics
Lect4 software economicsLect4 software economics
Lect4 software economics
meena466141
 
Software Project Management
Software Project ManagementSoftware Project Management
Software Project Management
asim78
 
Project control and process instrumentation
Project control and process instrumentationProject control and process instrumentation
Project control and process instrumentation
Kuppusamy P
 
Project managemen concept
Project managemen conceptProject managemen concept
Project managemen concept
Karthikeyan Subramanian
 
Data Center Audit Standards
Data Center Audit StandardsData Center Audit Standards
Data Center Audit Standards
Keyur Thakore
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Lect5 improving software economics
Lect5 improving software economicsLect5 improving software economics
Lect5 improving software economics
meena466141
 
System engineering
System engineeringSystem engineering
System engineering
Slideshare
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
Network Intelligence India
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
Vladimir Jirasek
 
Asset, Vulnerability, Threat, Risk & Control
Asset, Vulnerability, Threat, Risk & ControlAsset, Vulnerability, Threat, Risk & Control
Asset, Vulnerability, Threat, Risk & Control
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Distributed Computing
Distributed Computing Distributed Computing
Distributed Computing
Megha yadav
 
Command center processing and display system replacement (ccpds-r) - Case Study
Command center processing and display system replacement (ccpds-r) - Case StudyCommand center processing and display system replacement (ccpds-r) - Case Study
Command center processing and display system replacement (ccpds-r) - Case Study
Kuppusamy P
 
Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
Jim Gilsinn
 
Introduction to Virtualization
Introduction to VirtualizationIntroduction to Virtualization
Introduction to Virtualization
Rahul Hada
 
Cyber Defense Automation
Cyber Defense AutomationCyber Defense Automation
Cyber Defense Automation
♟Sergej Epp
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
Doreen Loeber
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
Christophe Foulon, CISSP
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response
Darren Pauli
 
Physical Security Domain
Physical Security DomainPhysical Security Domain
Physical Security Domain
amiable_indian
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
DelforChacnCornejo
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
EnergySec
 
Structured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaStructured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six Sigma
EnergySec
 

Más contenido relacionado

La actualidad más candente

System engineering
System engineeringSystem engineering
System engineering
Slideshare
 
Cyber Defense Automation
Cyber Defense AutomationCyber Defense Automation
Cyber Defense Automation
♟Sergej Epp
 

La actualidad más candente (20)

Project control and process instrumentation
Project control and process instrumentationProject control and process instrumentation
Project control and process instrumentation
 
Project managemen concept
Project managemen conceptProject managemen concept
Project managemen concept
 
Data Center Audit Standards
Data Center Audit StandardsData Center Audit Standards
Data Center Audit Standards
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Lect5 improving software economics
Lect5 improving software economicsLect5 improving software economics
Lect5 improving software economics
 
System engineering
System engineeringSystem engineering
System engineering
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
 
Asset, Vulnerability, Threat, Risk & Control
Asset, Vulnerability, Threat, Risk & ControlAsset, Vulnerability, Threat, Risk & Control
Asset, Vulnerability, Threat, Risk & Control
 
Distributed Computing
Distributed Computing Distributed Computing
Distributed Computing
 
Command center processing and display system replacement (ccpds-r) - Case Study
Command center processing and display system replacement (ccpds-r) - Case StudyCommand center processing and display system replacement (ccpds-r) - Case Study
Command center processing and display system replacement (ccpds-r) - Case Study
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Cyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICSCyber & Process Attack Scenarios for ICS
Cyber & Process Attack Scenarios for ICS
 
Introduction to Virtualization
Introduction to VirtualizationIntroduction to Virtualization
Introduction to Virtualization
 
Cyber Defense Automation
Cyber Defense AutomationCyber Defense Automation
Cyber Defense Automation
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response
 
Physical Security Domain
Physical Security DomainPhysical Security Domain
Physical Security Domain
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
 

Destacado

NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
EnergySec
 
Structured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaStructured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six Sigma
EnergySec
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
EnergySec
 

Destacado (7)

NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
 
Structured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaStructured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six Sigma
 
Security of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIPSecurity of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIP
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
 
Annotated Version: EU Safer Internet Forum - Rethinking Responses to Young Pe...
Annotated Version: EU Safer Internet Forum - Rethinking Responses to Young Pe...Annotated Version: EU Safer Internet Forum - Rethinking Responses to Young Pe...
Annotated Version: EU Safer Internet Forum - Rethinking Responses to Young Pe...
 
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an IntroductionCOBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introduction
 

Similar a NERC Critical Infrastructure Protection (CIP) and Security for Field Devices

Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Alan Yau Ti Dun
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
Yury Chemerkin
 
Centralizing security on the mainframe
Centralizing security on the mainframeCentralizing security on the mainframe
Centralizing security on the mainframe
Arun Gopinath
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
VictoriaChavesta
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
Withum
 

Similar a NERC Critical Infrastructure Protection (CIP) and Security for Field Devices (20)

White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
 
Centralizing security on the mainframe
Centralizing security on the mainframeCentralizing security on the mainframe
Centralizing security on the mainframe
 
Managing Compliance
Managing ComplianceManaging Compliance
Managing Compliance
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Managed firewall service.
Managed firewall service.Managed firewall service.
Managed firewall service.
 
Zero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxZero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptx
 
White Paper: Six-Step Competitive Device Evaluation
White Paper: Six-Step Competitive Device EvaluationWhite Paper: Six-Step Competitive Device Evaluation
White Paper: Six-Step Competitive Device Evaluation
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptx
 
Cyber_Management_Issues.pdf
Cyber_Management_Issues.pdfCyber_Management_Issues.pdf
Cyber_Management_Issues.pdf
 
Enhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptx
Enhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptxEnhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptx
Enhancing-Server-Security-in-hardware-side-Dec-23-2023-2.pptx
 
Virtual security is no less real
Virtual security is no less realVirtual security is no less real
Virtual security is no less real
 
CCSK.pptx
CCSK.pptxCCSK.pptx
CCSK.pptx
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust Principles
 

Más de Schneider Electric

Secure Power Design Considerations
Secure Power Design ConsiderationsSecure Power Design Considerations
Secure Power Design Considerations
Schneider Electric
 
Digital International Colo Club: Attracting Investors
Digital International Colo Club: Attracting InvestorsDigital International Colo Club: Attracting Investors
Digital International Colo Club: Attracting Investors
Schneider Electric
 
Key Industry Trends, M&A Valuation Trends
Key Industry Trends, M&A Valuation TrendsKey Industry Trends, M&A Valuation Trends
Key Industry Trends, M&A Valuation Trends
Schneider Electric
 
EcoStruxure™ for Cloud & Service Providers
EcoStruxure™ for Cloud & Service Providers EcoStruxure™ for Cloud & Service Providers
EcoStruxure™ for Cloud & Service Providers
Schneider Electric
 
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
Schneider Electric
 

Más de Schneider Electric (20)

Secure Power Design Considerations
Secure Power Design ConsiderationsSecure Power Design Considerations
Secure Power Design Considerations
 
Digital International Colo Club: Attracting Investors
Digital International Colo Club: Attracting InvestorsDigital International Colo Club: Attracting Investors
Digital International Colo Club: Attracting Investors
 
32 phaseo power supplies and transformers briefing
32 phaseo power supplies and transformers briefing 32 phaseo power supplies and transformers briefing
32 phaseo power supplies and transformers briefing
 
Key Industry Trends, M&A Valuation Trends
Key Industry Trends, M&A Valuation TrendsKey Industry Trends, M&A Valuation Trends
Key Industry Trends, M&A Valuation Trends
 
EcoStruxure™ for Cloud & Service Providers
EcoStruxure™ for Cloud & Service Providers EcoStruxure™ for Cloud & Service Providers
EcoStruxure™ for Cloud & Service Providers
 
Magelis Basic HMI Briefing
Magelis Basic HMI Briefing Magelis Basic HMI Briefing
Magelis Basic HMI Briefing
 
Zelio Time Electronic Relay Briefing
Zelio Time Electronic Relay BriefingZelio Time Electronic Relay Briefing
Zelio Time Electronic Relay Briefing
 
Spacial, Thalassa, ClimaSys Universal enclosures Briefing
Spacial, Thalassa, ClimaSys Universal enclosures BriefingSpacial, Thalassa, ClimaSys Universal enclosures Briefing
Spacial, Thalassa, ClimaSys Universal enclosures Briefing
 
Relay Control Zelio SSR Briefing
Relay Control Zelio SSR BriefingRelay Control Zelio SSR Briefing
Relay Control Zelio SSR Briefing
 
Magelis HMI, iPC and software Briefing
Magelis HMI, iPC and software BriefingMagelis HMI, iPC and software Briefing
Magelis HMI, iPC and software Briefing
 
Where will the next 80% improvement in data center performance come from?
Where will the next 80% improvement in data center performance come from?Where will the next 80% improvement in data center performance come from?
Where will the next 80% improvement in data center performance come from?
 
EcoStruxure for Intuitive Industries
EcoStruxure for Intuitive IndustriesEcoStruxure for Intuitive Industries
EcoStruxure for Intuitive Industries
 
Systems Integrator Alliance Program 2017
Systems Integrator Alliance Program 2017Systems Integrator Alliance Program 2017
Systems Integrator Alliance Program 2017
 
EcoStruxure, IIoT-enabled architecture, delivering value in key segments.
EcoStruxure, IIoT-enabled architecture, delivering value in key segments.EcoStruxure, IIoT-enabled architecture, delivering value in key segments.
EcoStruxure, IIoT-enabled architecture, delivering value in key segments.
 
It's time to modernize your industrial controls with Modicon M580
It's time to modernize your industrial controls with Modicon M580It's time to modernize your industrial controls with Modicon M580
It's time to modernize your industrial controls with Modicon M580
 
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
 
Connected Services Study – Facility Managers Respond to IoT
Connected Services Study – Facility Managers Respond to IoTConnected Services Study – Facility Managers Respond to IoT
Connected Services Study – Facility Managers Respond to IoT
 
Telemecanqiue Cabling and Accessories Briefing
Telemecanqiue Cabling and Accessories BriefingTelemecanqiue Cabling and Accessories Briefing
Telemecanqiue Cabling and Accessories Briefing
 
Telemecanique Photoelectric Sensors Briefing
Telemecanique Photoelectric Sensors BriefingTelemecanique Photoelectric Sensors Briefing
Telemecanique Photoelectric Sensors Briefing
 
Telemecanique Limit Switches Briefing
Telemecanique Limit Switches BriefingTelemecanique Limit Switches Briefing
Telemecanique Limit Switches Briefing
 

Último

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Último (20)

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 

NERC Critical Infrastructure Protection (CIP) and Security for Field Devices

  • 1. NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Compliance principles and requirements Make the most of your energy SM
  • 2. Summary Executive Summary . ................................................................................... p 1 Introduction ................................................................................................. p 2 Understanding CIP objectives ...................................................................... p 4 Core Security Principles . ............................................................................. p 5 NERC CIP technical control guidelines . ....................................................... p 6 Finding your compliance solution.................................................................. p 10 Conclusion................................................................................................... p 11
  • 3. NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Executive summary The North American Electric Reliability Corporation (NERC) maintains a set of Critical Infrastructure Protection (CIP) guidelines that address a broad range of critical cyber asset and cyber security issues. These guidelines describe the security-focused procedures that, in combination with compliant technology, enable secure electric grid operations. The CIP guidelines do not specify the technologies that must be deployed. Instead, they describe the technology design necessary to build an information management architecture that complies with security goals. These goals include the minimizing of administrative authorization needed for operational functions. Rights and privileges are to be assigned to a functional role, not a named individual. Audit trails of field data device and substation activity, similar to control room auditability, must be maintained to assure comprehensive confidence in data and controls. The six CIP guidelines summarized in the paper speak to the procedures and policies that are vital to critical cyber asset security – personnel authorizations; personnel training; security of the information management system’s electronic perimeter; security of the information management system’s physical assets; operational security; and incident reporting and response planning. The utility builds its CIP-compliant program with defined procedures addressing these guidelines, coupled with the hardware and software that enable full implementation of these procedures. Training of all personnel is necessary for effective and efficient compliance. White paper | 01
  • 4. NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Introduction In this paper, we target ‘the myth of compliance.’ While the term ‘compliant’ most often refers to products – the software and devices deployed in daily field operations of the electric grid – we at Telvent see security compliance as a ‘process.’ Through our extensive experience working with critical infrastructure asset owners, vendors and regulatory agencies, we know full compliance is achieved only when compliant hardware and software is complemented by information management procedures reflecting strong security principles. Here, we discuss in general how consistent NERC Critical Infrastructure Protection (CIP) compliance reflects best security practices combining: • Core security principles • Technical controls defined by CIP guidelines • strong level of discipline within the user organization and its vendor A organizations White paper | 02
  • 5. NERC Critical Infrastructure Protection (CIP) and Security for Field Devices
  • 6. NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Understanding CIP objectives What CIP does. CIP provides general security CIP covers both technical and operational guidance toward achieving the minimal level of compliance. It is the combination of compliant security required for safe and secure operations. technology and security-focused procedures that enable CIP-compliant operations; see Figure 1. What CIP does not do. CIP does not prescribe or specify the technologies to be deployed to meet In this way, CIP challenges asset owners to secure operational goals. It defines objectives, consider security a ‘holistic’ issue that actively targets not how the user must achieve them. With the not only system design and installation but also responsibility of meeting secure operations objectives, daily processes. Compliant technology establishes the user also has the choice of which technology will a minimal level of authentication, authorization and best serve its needs in meeting those objectives. audit ability. The asset owner must actively build on that compliance foundation to realize a strong security culture within the organization. Compliance- Secure CIP Compliant Capable Hardware Configuration Devices CIP Compliant Operations CIP Compliant Training Processes Figure 1. Technology, in and of itself, does not impart CIP compliance. Rather, the user must build a program that assures its compliant technology is deployed and operated to create the level of security required to achieve compliance. White paper | 04
  • 7. NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Core Security Principles Let’s review the security principles that are fundamental in molding a CIP-compliant information Information management key for management architecture: security – and more Principle of Least Privilege (PoLP). This principle Reliable information management serves describes the technology design – the design critical infrastructure security by – of applications and field devices – that allows • aintaining infrastructure availability – M operation with the minimum amount of administrative preventing acts, intentional or accidental, authorization. A granular-access approach to from interrupting operations operational control limits authority to each employee’s functions; any control authorized beyond defined • reserving data integrity – to support the P operational functions invites errors that could have quality of operational decision-making as well inadvertent, far-reaching impact – and even invite as meet regulatory/auditing scrutiny malicious abuse. The robust information management system also can enforce data confidentiality, allowing it While many legacy systems might not accommodate to be used for: highly granular access, newer technology is being designed to meet this criterion. • Accounting purposes Role-based Access Controls (RbAC). Rights and • Business-critical processes privileges associated with any network device are assigned to an administrative role or job duty, rather • Customer consumption than to a named individual. This approach allows individuals to move in and out of roles within the With compliant information management architecture, organization without complicated re-definition of the asset owner will: that person’s authorization, supporting continuous compliance and limiting authorization errors. It also • Know and control who is allowed to access the supports the centralized management essential in an system efficient, integrated network. • Know and control what each individual is allowed to Audit trails. While maintaining audit trail capability do on the system is familiar in the control room, CIP compliance extends this concept to operation of field devices. • Know and control what can be done by an By maintaining an awareness of field data activity individual based on where the individual is accessing and changes at the device and substation level, the the system user can integrate that data into centralized control with confidence. The intent is to not only provide the • Know what each individual has done on the system means for documenting system management in the recent past but to also enable real-time assessment • Prevent access to critical assets from any location of whether the CIP controls in place are appropriate – where any of the above situations is not true doing their job and meeting compliance goals. White paper | 05
  • 8. NERC Critical Infrastructure Protection (CIP) and Security for Field Devices NERC CIP technical control guidelines The NERC CIP document addresses a broad range of Critical Cyber Asset (CCA) and Cyber Security About NERC issues; here, we very briefly review six of the CIP guidelines that apply to operation of electric network The North American Electric Reliability Corporation (NERC) is an international field devices; also see Table 1. The full text of the regulatory authority established to evaluate NERC CIP standard can be found at http://www. reliability of the bulk power system in North nerc.com. America. NERC develops and enforces Reliability Standards; assesses adequacy CIP-003 Security Management Controls describes annually via ten-year forecasts and winter and the development of a cyber security policy and summer forecasts; monitors the bulk power documentation of that policy in a way that it can system; and educates, trains, and certifies industry personnel. NERC is the electric be updated and that all staff is aware of the policy. reliability organization for North America, It discusses management of personnel who have subject to oversight by the U.S. Federal access to the CCAs and identification of users with Energy Regulatory Commission (FERC) and different privileges, roles and responsibilities. governmental authorities in Canada. For more information, visit http://www.nerc.com • he user will want to look for hardware that can be T configured to allow a specific ID for each user and CIP guideline uses vaguely worded phrases such for addition and deletion of privileged users and for as “where technically feasible”; this wording makes users with different levels of access. Hardware that it difficult for the organization to fully understand documents not only access but also documents requirements. details of functions performed during the access is a big advantage; this downloadable User Log will While encryption is not identified specifically as a provide an audit trail for CIP compliance. guideline for ESP access, CIP-005 does speak to: CIP-004 Personnel and Training identifies the • ecurity of dial-up access – unclear if having a S personnel training and awareness recommended password and User Name to access constitutes for supporting security-related operations and ‘secure.’ Use of a ‘call back’ modem or a SCADA- procedures. It cites CCA user identification lists that controlled relay that is closed for access and are reviewed periodically and can be modified to opened when not needed provides adequate change both users and user privileges. security. • evices that accept addition or deletion of users D - n alternative to dial-up connection is the A and/or privileges remotely allow updates quickly Ethernet strategy, providing the IT tunnel that and keep functionalities accurately maintained. eliminates a dial-up channel. Another plus: with employees equipped with cell phones, replacing CIP-005 Electronic Security Perimeter(s) deals dial-up access also eliminates any need for a with identification and protection of ESP access phone line into the substation. points and communications. In some places, this White paper | 06
  • 9. NERC Critical Infrastructure Protection (CIP) and Security for Field Devices • ccess denied by default – access requires A TABLE 1 password, and password changeability Summary of CIP Issues • nabling and disabling ports or functions deemed E Requirement NERC CIP Compliant hardware capabilities not needed – at the most basic level, a firewall Standard capability serves this purpose User Access CIP-004 • ndividual user accounts/ I CIP-005 passwords CIP-007 • rivileges defined on a per- P • ppropriate-use banner – in our opinion, most likely A user basis a legal shield • Strong passwords supported • asswords hidden when P • onitoring, logging and warnings for user access or M entered attempted access – simple if the device has alarm Access Control CIP-003 • Passwords can be managed generation and logging ability, most useful if alarm CIP-005 from central location CIP-004 • ultiple admin-type accounts M alert is in real time can be configured • User Log, IP Filter list - onsider hardware that generates an alarm each C Electronic Security CIP-005 • limination of dial-up access E time a user logs in to initiate automatic user Perimeter CIP-003 with use of IP tunnel validation by SCADA or other means. IP Tunnel CIP-007 • Appropriate banner usage • lectronic access logged; can E capability eliminates dial-up access, and IP filter be monitored and alarmed capability adds an additional layer of security. • Port data paths configurable • SSL / SSH LAN CIP-006 Physical Security discusses physical Logging of CIP-003 • Every access attempt logged accessibility to equipment, including: Access and Usage CIP-004 • Resets logged CIP-007 • User changes logged CIP-008 • Time-tagged events logged • Mounting equipment in lockable enclosures Personnel termination/ CIP-004 • ser accounts revocable by U privilege changes CIP-007 administrator • Remote control of locks • ser accounts ‘downgradable’ U to lower level of authority • Access alarms indicating a door or gate is open Security Software CIP-007 • ll software upgrades available A Management for real-time updates • Card keys, video cameras, etc. • Non-Windows-based OS Alerts and CIP-005 • Every access attempt logged • User logged in and failed login attempts Notifications CIP-007 • ccess notification alarms A CIP-008 available to SCADA - evices that can integrate card keys and/or video D initiation with access alarms enhance security of the physical perimeter. White paper | 07
  • 10. NERC Critical Infrastructure Protection (CIP) and Security for Field Devices CIP-007 Systems Security Management deals with operating issues such as security patches, The Electronic Security Perimeter virus protection, vendor releases and event logging. References to device security reinforce CIP-005 The majority of ‘surface area of the ESP’ involves field device hardware; see Figure 2. concepts: For this reason, the technical security controls defined by CIP focus on control of access and • bility to enable or disable unused or unneeded A communication of field devices. ports and services – or compensating factor that will mitigate risk, such as physical security • Security patches and firmware upgrades ESP • nti-virus and malware protection – driven by the A Field Devices operating system - erely due to the widespread deployment of M Data Gathering/ Security Risk/Surface Area the Windows® operating system, the use of a Substations non-Windows OS might reduce the possibility of targeted attack. Devices that operate on a Comms non-Windows OS might be inherently immune to typical virus and malware threats and less likely to be targeted by hackers or persons intent on causing harm. In any case, user login monitors and alarms and use of discrete passwords Control System minimize risk. • ndividual, not shared, accounts – as mentioned in I Business Support CIP-003 controls, privileges should be defined on a per-role basis Enterprise Infrastructure - Logs and audit trails – - ogin and failed login attempts generate mapable L Figure 2. Proper device configuration is a key step in CIP alarm indications compliance. • Any access requires valid, strong password - evices that support centralized password D management facilitate the requirement for password control. White paper | 08
  • 11. NERC Critical Infrastructure Protection (CIP) and Security for Field Devices • sers can be assigned different levels of access U based on need - View Only - Other levels/privileges - dministrator who can control access by other A users • All passwords are stored, hidden or encrypted • quipment should be wiped on disposal, either E by memory erase or physically destroying the microchip if necessary - f a device fails, it might be difficult to effectively I erase memory. Look for devices that have removable media. CIP-008 Incident Reporting and Response Planning relates to the managing and handling of reports and logs. While collecting and storing logs for historical reference is necessary, how that retention is done is determined by the hardware and the organization’s capabilities. • emote electronic download of user logs, SOE R log, system log and control log facilitates data documentation for reports and compliance audit trail, compared to collection via a physical tap. White paper | 09
  • 12. NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Finding your compliance solution CIP guidelines are drawn to identify the desired goal; of patches and updates that are anticipated to be it is up to the organization to institute the hardware, needed for substation devices, the organization software and processes that best allow it to meet might consider segregating the router and substation these goals. controller, excluding the Substation Controller, from the electronic security perimeter. This might For example, the utility can determine where its reduce point-to-point testing time and effort due to physical and electronic security perimeters begin application of patches and upgrades. and end. Figure 3 shows a typical substation where the control house, in essence, is the physical Bottom line: the organization is responsible for security perimeter. Electronic security perimeters are writing the procedures that make compliance to CIP effectively constructed around the devices such as guidelines efficient and effective. router and dial-up control that are communication end points. Depending on the number and frequency Pole top/ remote IEDs SCADA Pole top/ Phone Electronic security Master remote IEDs Pole top/ perimeter remote IEDs Pole top/ remote IEDs Wireless Dial up Router comms Substation DMS/HMI controller Discrete I/Os IEDs Cap IEDs Other smart legacy LTCs relays bank meters devices/IEDs RTU Physical security perimeter Figure 3. The utility should keep the ESP as small as possible. White paper | 10
  • 13. NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Conclusion One requirement CIP guidelines don’t spell out is the need for adaptability and intra- organization cooperation. Security is an arms race, and the electric utility requires considerable cooperation and integration within the organization to stay agile enough to adapt to changing challenges and still meet compliance. Careful consideration of hardware and software choices will help the utility institute the continual modifications that are needed to meet the moving target of critical infrastructure protection. Flexible asset access controls are a must to mitigate changing risks. Above all, dedicated intra-organization communications and training that emphasize security make every employee part of the solution – and assure that security is a successful process. White paper | 11
  • 14. ©2012 Schneider Electric. All rights reserved. Schneider Electric USA, Inc. 4701 Royal Vista Circle Fort Collins, CO 80528 Phone: -866-537-1091 1 + (34) 9-17-14-70-02 Fax: 1-970-223-5577 www.schneider-electric.com/us June 2012