Be the first to like this
Whitepaper by Encari's co-founder and the Mid-West ISO's chairman.
Matthew Luallen, co-founder of Encari, and Paul Feldman, chairman of the Mid-West ISO, have written a whitepaper that explains how utilities attempting to meet the North American Electric Reliability Corporation "Critical Infrastructure Protection" (NERC CIP) requirements can meet both the spirit and the letter of the regulations.
The whitepaper provides insights and recommendations around the following topics:
Utilities should go beyond "checking the box" to meeting the true intention of the NERC CIP requirements: protecting the reliability and availability of the Bulk Electric System (BES).
Traditional security solutions (e.g., blacklist-based antivirus, emergency security patches) not only fail to protect reliability and availability, they may negatively impact the goals themselves.
In addition to superior protection against even zero-day attacks, application whitelisting is gaining a following because it addresses the operational realities associated with control system implementations that blacklist-based solutions cannot.
Application whitelisting simultaneously helps address NERC CIP-007, R3 (security patching); CIP-007, R4 (anti-malware); and even NERC CIP-003, R6 (change control and configuration management).