Protecting SCADA and DCS systems for over 17 years      

   
 
 
 
 

Resources

 

Chemical:
6 CFR Part 27


   
 

NERC CIP Reliability Standards for Cyber Security

Overview of the NERC CIP Cyber Security Standards CIP-002-1 through CIP-009-1 On August 8, 2005, the Electricity Modernization Act of 2005, which is Title XII, Subtitle A, of the Energy Policy Act of 2005 (EPAct 2005), was enacted. EPAct 2005 includes section 215 which requires a Commission-certified Electric Reliability Organization (ERO), the North American Electric Reliability Corporation (NERC), to develop mandatory and enforceable Reliability Standards. On August 28, 2006 NERC submitted to the Federal Energy Regulatory Commission (FERC) eight Critical Infrastructure Protection (CIP) Reliability Standards to safeguard critical cyber assets. Approval of these standards will help protect the North American Bulk-Power System against potential disruptions from cyber attacks.


The CIP Reliability Standards for critical cyber assets are new and require applicable entities to develop new cyber security systems and procedures, all of which take time to develop and implement. Addressing this task, NERC developed an implementation plan including a proposed four-stage schedule for implementing Cyber Security Standards over a three-year period. Compliance assessment will begin in 2007. Click on the link below to see the current implementation plan for the Cyber Security Standards.


(Revised) Implementation Plan for Cyber Security Standards CIP-002-1 through CIP-009-1
   

Industrial Defender's Commitment to Regulated Industries

Industrial Defender sees NERC CIP Reliability Standards CIP-002-1 through CIP-009-1 for critical cyber assets as one of the most crucial issues facing North American users, owners and operators of the Bulk Power System. The company has approached the standards by understanding the requirements of our solutions through partnerships with major asset owners. We remain committed to supply our solutions to regulated industries and ensuring we provide the highest value solutions to help affected asset owners achieve compliance.


Education

Industrial Defender has hosted many SCADA and DCS cyber security standards conferences dating back to 2001. Leading utilities representatives have met at these symposiums to discuss the challenges they face in implementing solutions that are compliant with various cyber security standards and guidelines. Industrial Defender used such symposiums to discuss the solutions that companies needed to meet the challenge of implementation.


Developing Solutions for Compliant Applications

Industrial Defender formed a team with the specific task of reviewing the application of Industrial Defender's software and hardware in NERC regulated environments. The team's goals are to identify 'best practices' for implementing Industrial Defender's solutions for NERC CIP Cyber Security Standards compliance and to outline requirements for software improvements to meet this goal. The guiding principal remains - providing solutions that are easy to implement and are quick to achieve results.


Since its inception, this effort has realized several tangible returns. White papers for assessing critical and critical cyber assets have been developed. The release of Industrial Defender 3.0 provides key features and enhancements furthering the goal of making compliance achievable "out of the box".


Customer Focus

Industrial Defender's strategy is continually focused on the needs of bulk power asset owners. Our customers desire information and guidance when implementing compliant solutions. Industrial Defender plans to work as a partner with our customers, providing services for assessing and implementing a compliant infrastructure.


Overview of How Industrial Defender Services and Products Support NERC CIP Cyber Security Standards


Glossary:

SEM - Security Event Monitoring
NIDS - Network Intrusion Detection System
HIDS - Host Intrusion Detection Software
Guard - Perimeter security device that includes firewall, VPN, anti-virus technologies
MSS - Managed Security Service
NERC CIP Reliability Standard Requirement Definition Industrial Defender Service/Product Offering

CIP-002-1

Identification of Critical Cyber Assets

R1

Critical Asset Identification Method
Responsible Entity shall identify and document a risk-based assessment methodology to use to identify its Critical Assets ID Professional Services Network Architecture Review, Vulnerability Assessment and NERC Gap Analysis services

R2

Critical Asset Identification
Responsible Entity shall develop a list of its identified Critical Assets determined through an annual application of the risk-based assessment methodology ID Professional Services Network Architecture Review, Vulnerability Assessment and NERC Gap Analysis services

R3

Critical Cyber Asset Identification
Responsible Entity shall develop a list of associated Critical Cyber Assets essential to the operation of the Critical Asset ID Professional Services Network Architecture Review, Vulnerability Assessment and NERC Gap Analysis services

R4

Annual Approval
A senior manager or delegate shall approve annually the list of Critical Assets and the list of Critical Cyber Assets Not Applicable

CIP-003-1

Security Management Controls

R1

Cyber Security Policy
Responsible entity to document and implement a cyber security policy that represents management’s commitment and ability to secure its Critical Cyber Assets ID Professional Services Network Architecture Review, Vulnerability Assessment and NERC Gap Analysis services

R2

Leadership

Require the designation of a single manager who has direct and comprehensive responsibility for the implementation and ongoing compliance with the CIP reliability Standards

Not Applicable

R3

Exceptions
Require a responsible entity to periodically submit to the Regional Entity the documentation of exceptions to the cyber security policy ID Professional Services Network Architecture Review, Vulnerability Assessment and NERC Gap Analysis services

R4

Information Protection
The Responsible Entity shall implement and document a program to identify, classify, and protect information associated with Critical Cyber Assets ID SEM user administration includes individual password access and user permissions

R5

Access Control
Implement a program for managing access to protected Critical Cyber Asset information ID SEM user administration includes individual password access and user permissions

R6

Change Control and Configuration Management

Establish and document a process of change control and configuration management for adding, modifying, replacing, or removing Critical Cyber Asset hardware or software

ID MSS Configuration Management services include move/add/change requests as well as configuration backups

CIP-004-1

Personnel and Training
R1 – R4

Requires that personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets, including contractors and service vendors, have an appropriate level of personnel risk assessment, training, and security awareness

ID Professional Services can assist with personnel and training requirements

CIP-005-1

Electronic Security Perimeter

R1

Electronic Perimeter
Ensure that every Critical Cyber Asset resides within an Electronic Security Perimeter ID Guard UTM offers traditional firewall protection as well as secure VPN and antivirus at the perimeter

R2

Electronic Access Controls
Implement and document the organizational processes and technical and procedural mechanisms for control of electronic access at all electronic access points to the Electronic Security Perimeter ID Guard UTM implements access control via username/password or LDAP/Radius server

ID MSS 24x7 event management service to monitor security of ID Guard and third party firewalls

R3

Monitoring Electronic Access
Implement and document an electronic or manual process for monitoring and logging access at access points to the Electronic Security Perimeter(s) 24 hours a day, 7 days a week ID Guard, NIDS and HIDS detect unauthorized access and send alert to ID SEM

ID SEM logs all alerts and provides standard reports to provide to a NERC auditor

ID MSS 24x7 event management service to monitor security of ID Guard and third party firewalls

R4

Cyber Vulnerability Assessment
Perform a cyber vulnerability assessment of the electronic access points to the Electronic Security Perimeter(s) at least annually ID Professional Services Vulnerability Assessment and NERC Gap Analysis services

R5

Documentation Review and Maintenance
Review, update, and maintain all documentation to support compliance with the requirements of Standard CIP-005 ID Professional Services Network Architecture Review and NERC Gap Analysis services

ID SEM logs all alerts and provides standard reports to provide to a NERC auditor

CIP-006-1

Physical Security of Cyber Assets
R1 – R6 Ensure the implementation of a physical security program for the protection of Critical Cyber Assets ID Professional Services can assist with physical security assessment services

CIP-007-1

Systems Security Management

R1

Test Procedures
Ensure that new Cyber Assets and significant changes to existing Cyber Assets within the Electronic Security Perimeter do not adversely affect existing cyber security controls ID MSS Configuration Management services include move/add/change requests as well as configuration backups

R2

Ports and Services
Establish and document a process to ensure that only those ports and services required for normal and emergency operations are enabled ID HIDS and NIDS monitor control system workstations and networks for potential malicious port and service activity and send alerts to ID SEM

ID NIDS extends traditional signatures to include control system specific protocols and functions

R3

Security Patch Management
Establish and document a security patch management program for tracking, evaluating, testing, and installing applicable cyber security software patches for all Cyber Assets within the Electronic Security Perimeter(s) ID SEM automatically updates all ID Guard and ID NIDS signatures as well as software updates

ID MSS IPS/IDS signature updates insures all managed devices, including third parties products, are up to date

R4

Malicious Software Prevention

Use anti-virus software and other malicious software (“malware”) prevention tools, where technically feasible, to detect, prevent, deter, and mitigate the introduction, exposure, and propagation of malware on all Cyber Assets within the Electronic Security Perimeter(s)

ID Guard includes firewall, virus protection and intrusion prevention at the perimeter, thus offering the benefit of not having to install these technologies on operator stations and other high availability control system workstations

R5

Account Management

Establish, implement, and document Technical and procedural controls that enforce access authentication of, and accountability for, all user activity, and that minimize the risk of unauthorized system access

ID SEM includes auditing feature to create an audit trail of all user activity

ID MSS Log file analysis services performs a review of all authorized and blocked connections

R6

Security Status Monitoring
Ensure that all Cyber Assets within the Electronic Security Perimeter, as technically feasible, implement automated tools or organizational process controls to monitor system events that are related to cyber security ID HIDS, NIDS and Guard send all events to the ID SEM which presents the information on an incident screen which is customizable

R7

Disposal or Redeployment

Establish formal methods, processes, and procedures for disposal or redeployment of Cyber Assets within the Electronic Security Perimeter(s) as identified and documented in Standard CIP-005

ID MSS configuration management service include performing move/add/change requests of all managed devices

R8

Cyber Vulnerability Assessment
Perform a cyber vulnerability assessment of the electronic access points to the Electronic Security Perimeter(s) at least annually ID Professional Services team has performed more Vulnerability Assessments of SCADA and DCS networks than any other company

R9

Documentation Review and Maintenance

Review and update the documentation specified in Standard CIP-007 at least annually

ID Professional Services Network Architecture Review, Vulnerability Assessment and NERC Gap Analysis services

CIP-008-1

Incident Reporting and Response Planning

R1

Cyber Security Incident Response Plan
Develop and maintain a Cyber Security Incident response plan that includes procedures to classify events, response actions including roles of response teams and process for reporting to Cyber Security Incidents to the Electricity Sector Information Sharing and Analysis Center (ES ISAC) ID Professional Services offers emergence response planning consulting

ID MSS provides 24x7 event management and escalation services

R2

Cyber Security Incident Documentation

Keep relevant documentation related to Cyber Security Incidents reportable per Requirement R1.1 for three calendar years

ID SEM logs all alerts and provides standard reports to provide to a NERC auditor

CIP-009-1

Recovery Plans for Critical Cyber Assets

R1

Recovery Plans
Create and annually review recovery plan(s) for Critical Cyber Assets ID Professional Services offers disaster recovery consulting

R2

Exercises
The recovery plan(s) shall be exercised at least annually. An exercise of the recovery plan(s) can range from a paper drill, to a full operational exercise, to recovery from an actual incident Not Applicable

R3

Change Control
Recovery plan(s) shall be updated to reflect any changes or lessons learned as a result of an exercise or the recovery from an actual incident Not Applicable

R4

Backup and Restore

Recovery plan(s) shall include processes and procedures for the backup and storage of information required to successfully restore Critical Cyber Assets

ID SEM includes backup and restore functions for all data and includes a recovery CD with shipment

R5

Testing Backup Media
Information essential to recovery that is stored on backup media shall be tested at least annually to ensure that the information is available ID SEM includes backup and restore functions for all data and includes a recovery CD with shipment


   
  More
 
  Industrial Defender, Inc.
  Corporate Brochure
 
  Risk Assessment
  Professional Security Sevices Brochure
 
  Risk Mitigation
  Technology Suite Brochure
  RTAP - Secure SCADA Brochure
 
  Risk Management
  Threat Services Brochure
 
  Whitepapers
  Register
 
 

© 2008 Industrial Defender