Upload File

leveraging technology to enhance security, reliability & nerc-cip ver.5 compliance by pas and...

  • Home
  • Technology
  • Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compliance by PAS and NovaTech
22
Presented by PAS and NovaTech July 2013 Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver. 5 Compliance

Upload: theanfieldgroup

Post on 22-Jan-2015

382 views

Category:

Technology


2 download

Report

Tags:

DESCRIPTION

 

TRANSCRIPT

  • 1. Presented by PAS and NovaTech July 2013 Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver. 5 Compliance

2. AGENDA Group Introductions Agenda Review CIP V5 Requirements Discussion of current practices in generation plants and substations Inventory Configuration management Change management Case Study of Southern Co. Panel impressions Questions General Discussion 3. Introductions Richard Powell Manager Cyber Security Solutions - PAS CISSP, CISA Business development for cyber security Head of cyber security consulting for a leading CIP consulting group Head of security and compliance for a large municipal utility Kevin Johnson V.P. Business Development NovaTech Member of Executive Management Team Strategic Initiatives & Emerging Technologies Southeast Utilities Regional Manager 4. Future NERC CIP Standards NERC CIP Version 4 (approved 4/19/2012) Effective date 4/1/2014 Critical generating assets: o 1500MW power in a single interconnection o 1000MVAR reactive power in a single interconnection o Reliability Must Run units o Black start units NERC CIP Version 5 (Submitted to FERC 1/31/2013) Impact Categorization, instead of Critical Assets New process is introduced in proposed CIP-002-05 for identifying and classifying BES Cyber Systems according to Low- Medium-High impact Two new standards 010 - Configuration Management and Vulnerability Assessments 011 Information Protection Routable and non-Routable Protocols Remote Access Malicious Code Prevention. 5. CIP 002-011 (Version 5): Overview NERC CIP CYBER SECURITY STANDARDS Version 5 Ten Standards /43 Requirements NERC CIP CYBER SECURITY STANDARDS Version 5 Ten Standards /43 Requirements CRITICAL CYBER ASSETS CRITICAL CYBER ASSETS SECURITY MANAGEMENT CONTROLS SECURITY MANAGEMENT CONTROLS PERSONNEL AND TRAINING PERSONNEL AND TRAINING ELECTRONIC SECURITY ELECTRONIC SECURITY PHYSICAL SECURITY PHYSICAL SECURITY SYSTEMS SECURITY MANAGEMENT SYSTEMS SECURITY MANAGEMENT INCIDENT REPORTING AND RESPONSE PLANNING INCIDENT REPORTING AND RESPONSE PLANNING RECOVERY PLANS FOR BES CYBER ASSETS RECOVERY PLANS FOR BES CYBER ASSETS CIP-002 CIP-003 CIP-004 CIP-005 CIP-006 CIP-007 CIP-008 CIP-009 1. PLAN 2. VISTOR CONTROL PLAN 3. MAINTE- NANCE AND TESTING 1. PLAN 2. VISTOR CONTROL PLAN 3. MAINTE- NANCE AND TESTING 1. PORTS AND SERVICES 2. SECURITY PATCH MANAGEMENT 3. MALICIOUS CODE PREVENTION 4. SECURITY EVENT MONITORING 5. SYSTEM ACCESS CONTROLS 1. PORTS AND SERVICES 2. SECURITY PATCH MANAGEMENT 3. MALICIOUS CODE PREVENTION 4. SECURITY EVENT MONITORING 5. SYSTEM ACCESS CONTROLS 1. CYBER SECURITY INCIDENT RESPONSE PLAN 2. IMPLEMEN- TATION AND TESTING OF CYBER SECURITY INCIDENT RESPONSE PLANS 3. CYBER SECURITY INCIDENT RESPONSE PLAN REVIEW 1. CYBER SECURITY INCIDENT RESPONSE PLAN 2. IMPLEMEN- TATION AND TESTING OF CYBER SECURITY INCIDENT RESPONSE PLANS 3. CYBER SECURITY INCIDENT RESPONSE PLAN REVIEW 1. RECOVERY PLANS 2. RECOVERY PLAN IMPLEMEN- TATION AND TESTING 3. RECOVERY PLAN REVIEW, UPDATE, AND COMMUNI- CATION 1. RECOVERY PLANS 2. RECOVERY PLAN IMPLEMEN- TATION AND TESTING 3. RECOVERY PLAN REVIEW, UPDATE, AND COMMUNI- CATION 1. LOW, MEDIUM, HIGH CRITERIA 2. 15-MONTH REVIEW 1. LOW, MEDIUM, HIGH CRITERIA 2. 15-MONTH REVIEW 1. ELECTRONIC SECURITY PERIMETER 2. REMOTE ACCESS MANAGEMENT 1. ELECTRONIC SECURITY PERIMETER 2. REMOTE ACCESS MANAGEMENT 1. AWARENESS 2. TRAINING 3. PERSONNEL RISK ASSESSMENT 4. ACCESS 5. ACCESS REVOCATION PROGRAM 1. AWARENESS 2. TRAINING 3. PERSONNEL RISK ASSESSMENT 4. ACCESS 5. ACCESS REVOCATION PROGRAM 1. CYBER SECURITY POLICY FOR HIGH /MEDIUM 2. CYBER SECURITY POLICY FOR LOW 3. LEADERSHIP 4. DOCUMENT DELEGATES 1. CYBER SECURITY POLICY FOR HIGH /MEDIUM 2. CYBER SECURITY POLICY FOR LOW 3. LEADERSHIP 4. DOCUMENT DELEGATES Source: NERC (www.nerc.com) CIP = Critical Infrastructure Protection. NERC = North American Electric Reliability Corporation. BES = Bulk Electric System CONFIG. CHANGE & VULN. ASSESS. CONFIG. CHANGE & VULN. ASSESS. INFORMATION PROTECTION INFORMATION PROTECTION CIP-010 CIP-011 1. CONFIGUR- ATION CHANGE MANAGE- MENT PROCESS 2. CONFIGUR- ATION MONITOR- ING 3. VULNER- ABILITY ASSESS- MENTS 1. CONFIGUR- ATION CHANGE MANAGE- MENT PROCESS 2. CONFIGUR- ATION MONITOR- ING 3. VULNER- ABILITY ASSESS- MENTS 1. INFORMATION PROTECTION PROCESS 2. BES CYBER ASSET REUSE AND DISPOSAL 1. INFORMATION PROTECTION PROCESS 2. BES CYBER ASSET REUSE AND DISPOSAL 5 6. Panel Discussion Question: What do you see as the major challenges at your Utility in complying with Version 5 especially related to the above as defined in CIP 7 & 10? Development and Implementation of a NERC CIP Compliance Program can involve many functions of an organization including Operations, Administration, IT, etc. Question: What steps has your company taken to date to prepare for Version 5 compliance related to personnel? Staffing Training Follow-up Question: Has you the organization considered the financial and resource implications associated with the data mining and management associated with the Inventory Development of the installed assets? and if so what measures? 7. Panel Discussion Mostcompanieshaveanumberofdisparatecyberassetsintheformof: Hardware(Controllers,PLCsetc.) ApplicationVersions Ports/Services FirmwareVersions UserAccounts ConfigurationSetpoints Question:Howisyourcompanycurrentlyaddressingthese? Follow-up:CanyouseeanadvantageinLeveragingTechnologytoEnhance Security,Reliability,NERC-CIPVer.5Compliance? 8. #ptc2013 | 8 The Southern Company 9. #ptc2013 | 9 Herding Cats (Even Friendly Ones) is fun EmersonEmerson (DCS)(DCS) FoxboroFoxboro (DCS)(DCS) ABBABB (DCS)(DCS) GE Mark VIGE Mark VI SiemensSiemens (TCS)(TCS) SchweitzerSchweitzer (Relay)(Relay) RTURTU Allen BradleyAllen Bradley (PLC)(PLC) GE FanucGE Fanuc (PLC)(PLC) GE Bently NevadaGE Bently Nevada AspenTechAspenTech SpectrumSpectrum (CEMS)(CEMS) SiemensSiemens (EMS)(EMS) WoodwardWoodward (TCS)(TCS) CiscoCisco (Control Networks)(Control Networks) YokogawaYokogawa ModiconModicon (PLC)(PLC) MetsoMetso (DCS)(DCS) MitsubishiMitsubishi (TCS)(TCS) ToshibaToshiba (TCS)(TCS) 10. Approved List NERC Device Properties (i.e., TFE, CCA Blackstart MWs etc ) Backup and Storage Sched. Password Management Schedule Database Integrity & Orion IIS Plant IT Infrastructure OPC Servers DCS Terminals /Servers Process Historians Routers/ Switches Network Users and Groups Automation Infrastructure Manual Data Integrity Essentials Integrity Recon Integrity Inventory Integrity iMOC NERC CIPs Solution From Generation to Substation to the Enterprise Automation Systems DCSs, PLCs, Historians, Instrument Databases, IEDs, etc. 11. Integrity System Architecture Overview INPUTS ASSET INVENTORY CYBER ASSET INVENTORY CONTROL DEVICE DATA (WMIC) AUTHORIZED USER LIST APPROVED OS PATCHES APPROVED VENDOR PATCHES APPROVED DEVICE PORTS APPROVED ANTI-VIRUS DEF.s BACKUP AND STORAGE SCHED. PASSWORD MGT. SCHEDULE SYSTEM LOGS REPORTING SECURITY PATCH MGT. ACCOUNT MANAGEMENT MALICIOUS SOFTWARE DEVICE DISCOVERY CUSTOM USER REPORTS COMPLIANCE REPORTS MOC REPORTS SYSTEM ALERT STATUS PSP ASSET REPORT ESP ASSET REPORT 12. Integrity Inventory Ports Services Patches Applications Events Other Stuff 13. Security Configuration Management Common Operating Environment (COE) Configuration Baselines COEs specify Allowed installed software and their versions Allowed hardware configurations Patches Ports/Services User access privileges 14. Change Management - iMOC 3rd Generation MOC workflow application Designed specifically for automation systems Built upon Integrity framework Leverages Web 2.0 technologies to facilitate information push & collaboration with other applications Intelligent platform Creates searchable documentation Identifies all links and places-used Improves discovery Embeds checklists Approval routing and documentation Provides links to critical information Automatically reconciles changes Work flow is customizable to fit existing change management processes 15. Reporting: #ptc2013 | 15 REPORTS SECURITY PATCH MGT. ACCOUNT MANAGEMENT MALICIOUS SOFTWARE DEVICE DISCOVERY CUSTOM USER REPORTS COMPLIANCE REPORTS MOC REPORTS SYSTEM ALERT STATUS PSP ASSET REPORT ESP ASSET REPORT DASHBOARD INVENTORY UN-RECONCILED CHANGES PORTS & SERVICES SECURITY PATCH MANAGEMENT ANTIVIRUS MANAGEMENT PASSWORD MANAGEMENT MEDIA DISPOSAL MANAGEMENT BACKUP & STORAGE NERC ALERTS LISTINGS ASSET INVENTORY CYBER ASSET INVENTORY CONTROL DEVICE DATA (WMIC) AUTHORIZED USER LIST APPROVED OS PATCHES APPROVED VENDOR PATCHES APPROVED DEVICE PORTS APPROVED ANTI-VIRUS DEF.s BACKUP AND STORAGE SCHED. PASSWORD MGT. SCHEDULE SYSTEM LOGS 16. Proposed Orion-Integrity Architecture Active Directory Server RSA PAS Integrity Server Generation Electronic Security Perimeter (ESP) Substation Electronic Security Perimeter (ESP) ESP/Jump Server OrionLX - SCP OrionLX - RCP RTU Protective Relay Protective Relay Broadband Connection RTU DCS PLC PLC Servers can be physical or virtual 17. Substation Inventory 18. Relay Configuration Capture 19. NovaTech Connection Manager 20. NovaTech Connection Manager (Server Style) IED Software (e.g. AcSELerator) NovaTech Connection Manager Virtual Serial Port for serial based configuration software Users Windows based Connection Manager PCServer Remote access to server Identity Management Server Secure connection agent runs in the OrionLX 21. Summary Tying it Altogether Asset Management Common Operating Environment Data Aggregation Secure Access Enhanced Reliability Risk / Threat Management Validation Compliance 22. Questions?? Kevin Johnson 570-498-4409 [email protected] Rich Powell 904-651-5622 [email protected]


NERC CIP Compliance

NERC CIP Vulnerability Assessment Report - SAINT · PDF fileNERC CIP Vulnerability Assessment Report Report Generated: December 14, 2015 1 Background NERC introduced its Critical Infrastructure

NERC CIP v6 Continuous Compliance with Tufin Orchestration ... · Tufin Orchestration Suite enables NERC CIP V6 compliance by providing enterprises responsible for BES networks with

NERC CIP Tools and Techniques - EPRIsmartgrid.epri.com/doc/NERC CIP Tools and... · NERC CIP Tools and Techniques Supplemental Project - Introduction Webcast Scott Sternfeld, Project

PSE RINGORANG NERC CIP PROJECT FINAL REPORT · PDF fileFinal Report - PSE Ringorang NERC CIP Tournaments_v0 4_draft-hy 20110830 (2) Page 8 of 72CONTACT: [email protected]

109745672 NERC CIP Compliance Matrix ROS ... - Siemens · PDF fileWarranty and Liability NERC CIP Compliance Matrix of RUGGEDCOM ROS Operating System Entry-ID: 109745672, 1.0, 03/2017

CIP – NERC Critical Infrastructure Protection – NERC Critical Infrastructure Protection NERC CIP V5 and How It Affects You March 16, 2015 John Lim Lim Consulting LLC [email protected]

Software Supply Chain Risks and Mitigations for NERC CIP

QoS and NERC CIP Compliance

Automating for NERC CIP-007-5-R1

NERC CIP -1, -2 and -3: A Comparison - NERC CIP Version 6 ... · PDF fileNERC CIP Standards Comparison: -1 to -2 Standard v1 Req Number v1 Requirement Did the requirement change? v2

VMware Product Applicability Guide for NERC CIP v5

CIP-014 - Home - FRCC Home & CIP-006 Threat Vulnerability ... (reference NERC CIP-014, page 9) NERC Visit •NERC SRP and NERC Physical Security Group representative and FRCC team

CIP-006-5 — Cyber Security — Physical Security of BES - NERC

NERC Critical Infrastructure Department (CID) and CIP … · NERC Critical Infrastructure Department (CID) and CIP Compliance Update February 28, 2011 . 2 NERC is a compliance organization…

NERC CIP RELIABILITY STANDARDS

Virtualization and NERC-CIP - UTC

NERC Physical Security Standard CIP-014-1

NERC CIP Compliance Application - Midwest Reliability Organization

Explore the Implicit Requirements of the NERC CIP RSAWs

NERC CIP Version 5 Compliance | Simpli˜ed · PDF fileNERC Compliance CIP & 693 Solution NERC CIP Version 5 Compliance | Simpli˜ed. Meeting NERC CIP v5 Head On The CIP version 5 standards

Structured NERC CIP Process Improvement Using Six Sigma

NERC CIP V5 Standards Position Unidirectional Security ... · PDF fileinfrastructures. The NERC CIP V5 standards are designed specifically to enhance the reliability of the Bulk Electric

ABB NERC CIP · PDF file · 2015-05-25abb nerc cip v5 special interest group low asset discussion and future cip versions & compliance activity november 5, 2014

Comment Report - NERC 201602 Modifications to CIP... · Comment Report Project Name: 2016-02 Modifications to CIP Standards | Virtualization Updates for CIP-004, CIP-005, CIP-006,

NERC CIP Version 6 - emmos.orgemmos.org/prevconf/2017/9. NERC CIP6 - Ron Koziy.pdf · NERC CIP Version 6 - Robert Koziy Director – Cyber Security Compliance Open Systems International

NERC CIP Information Protection - StarChapter...NERC CIP Information Protection 1 Eric Ruskamp Manager, Regulatory Compliance September 13, 2017 Agenda NERC History NERC Compliance

Update in NERC CIP Activities June 5, 2014

Cisco NERC CIP v5 Compliance · PDF fileCisco NERC CIP v5 Compliance Solutions ... Although NERC CIP does not yet address virtualization, Cisco has developed virtual security

Top 10 NERC CIP Transition Challenges

Basin Electric NERC CIP Program - UMN CCAPS · The NERC Critical Infrastructure Protection (CIP) standards provide requirements to protect the bulk power system from cyber and physical

NERC CIP Services & Solutions - Honeywell Process · PDF fileFEATURES & BENEFITS • Expertise in the interpretation and application of the NERC CIP Reliability Standards • Largest

NERC CIP · 2 days ago · SANS ICS | sans.org/ ics Critical Infrastructure Protection CIP Best Of

NERC CIP: Fundamental Security Requirements of an ... | NERC CIP Requirements Mapping to ConsoleWorks | Page 2 of 12 CIP-002 Cyber Security - Critical Cyber Asset Identification

NERC Critical Infrastructure Protection Advisory Group (CIP AG)