NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011

4,216
-1

Published on

This is the slide deck from the NERC CIP Compliance Workshop at Smart Grid Security East 2011 (www.smartgridsecurityeast.com)

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,216
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Reliability Coordinator. Balancing Authority. Interchange Authority. Transmission Service Provider. Transmission Owner. Transmission Operator. Generator Owner. Generator Operator. Load Serving Entity. NERC. Regional Entity.
  • You can drill down into the detail and identify which NERC CIP compliance requirement is being violated. You can remediate or mitigate risk right from the same screen
  • Via the SCADA interface the application detects unauthorized disabling of 2-levels of protection by disabling protective relays at a generation facility. The application delivers a geo-spatial view delivering situational awareness. In this slide we can view that an alert has been received and the user can confirm and initiate the remedial action scripts workflow.
  • The application is pre-integrated with video surveillance and door locks from the building control system which can be tagged in the display and clicked on to access live video to confirm the incident. If needed the remote responder can initiate a lock down of the premises or the particular access point while automatically dispatching first responders.
  • Compliance Is Painful - not necessarily. There is help available. Much of it is common sense. Paradigm shift and this becomes ingrained in the culture of your organization. Congress-Initiated Problem – two issues with this acronym: 1) congress initiated an order, but it was a response to a horrible blackout and subsequent studies done evidencing lack of participation in volunteer compliance. 2) not a problem, but one viable solution or remedy Can I punt? (No, this is everyone’s issue. If you have CCAs it is obvious. If not, think about doomsday scenarios… scary stats about BES outage scenarios. Cash Is Preferred – The preferred reaction to CIP within NERC is compliance, and hence, a more reliable BES. Not fines for noncompliance. NERC’S Brainchild – the process of creating and maintaining standards is currently an ANSI-certified process, where industry
  • Reduced risk of noncompliance isn’t the goal… Reduced risk is the goal.
  • Credible Threats to the Smart Grid. Elaborate on each. Talk about definition of risk and what you can do with it.
  • Get real security and compliance is easy to attain Give scenarios where “ compliant ” is far from sufficient Talk about NERC sufficiency reviews Show CIA-NR model (possibly to organize threats?) Bad guys don’ t care if you ’ re compliant Standards are a moving target
  • This is an area where people tend to get “feature fever.” Jumping into controls can waste money, derail your security projects, create an unstainable environment and even degrade your security posture.
  • Mention the non-compliance parts of NERC (like my team) Warn of consultants who are not properly vetted
  • Permeates organization from the top down Pragmatic: performance reviews, bonuses, quantify, ratings Benefits: Financial Benefits (litigation, retrofit, etc.) Can hit any “moving target” like CIP, NIST… Better to bake in vs. retrofit
  • NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011

    1. 2. NERC CIP Compliance Workshop <ul><li>Introductions </li></ul><ul><li>NERC CIP Compliance </li></ul><ul><li>Automating NERC CIP Compliance </li></ul><ul><li>Grid Operator Perspectives </li></ul><ul><li>Review/ Q&A </li></ul>
    2. 3. Presenters Gib Sorebo – Chief Security Engineer, SAIC Mike Echols – Critical Infrastructure Protection Manager, Salt River Project Jim Brenton – Regional Security Coordinator, ERCOT Joshua Axelrod – Director Of Professional Services, Alert Enterprise Lior Frenkel – CEO, Waterfall Security Solutions Steven Applegate – Cyber Security Threat and Vulnerability Program Manager, NERC
    3. 4. Agenda <ul><li>System Overview </li></ul><ul><li>Definition of a Critical Asset (CIP 002) </li></ul><ul><li>Systems as a Critical Asset </li></ul><ul><li>Applying NERC CIP to a System </li></ul><ul><li>Identifying Risks to the System </li></ul><ul><li>Managing Risks to the System beyond NERC CIP </li></ul>
    4. 5. DOE Modern Grid Strategy AMI = Advanced Metering Infrastructure DR = Demand Response ADO = Advanced Distribution Operations ATO = Advanced Transmission Operations AAM = Advanced Asset Management Source: Department of Energy
    5. 6. NERC CIP Overview
    6. 7. NERC CIP Compliance
    7. 8. Critical Assets
    8. 9. Control & Backup Control Centers <ul><li>Supervisory Control and Data Acquisition (SCADA) </li></ul><ul><ul><li>Monitor and control </li></ul></ul><ul><ul><li>Automatic generation control </li></ul></ul><ul><ul><li>Real-time power system modeling </li></ul></ul><ul><ul><li>Real-time inter-utility data exchange </li></ul></ul>
    9. 10. Transmission Substations <ul><li>Substations that provide bulk power </li></ul><ul><ul><li>Connects the bulk electric system </li></ul></ul><ul><ul><li>Usually 230Kv and up </li></ul></ul><ul><ul><li>Management of bulk power. </li></ul></ul>Kv = kilovolt
    10. 11. Automatic Load Shedding <ul><li>Automatic load shedding schemes </li></ul><ul><ul><li>Common control area </li></ul></ul><ul><ul><li>Demand response </li></ul></ul><ul><ul><ul><li>Increase in demand may require a utility to blackout a certain area in order to keep the system from coming down. </li></ul></ul></ul>
    11. 12. Special Protection System (SPS) <ul><li>Remedial Action Scheme (RAS) </li></ul>
    12. 13. System Restoration <ul><li>Regional and local blackstart </li></ul><ul><li>Low generation capacity </li></ul><ul><li>Emergencies </li></ul>
    13. 14. Generation Resources <ul><li>Distributed Control Systems (DCS) </li></ul>
    14. 15. Other Assets <ul><li>Advanced Metering Infrastructure (AMI) </li></ul><ul><li>Distribution substations </li></ul><ul><li>Distribution SCADA </li></ul><ul><li>Renewable energy resources </li></ul>
    15. 16. Critical Cyber Assets CCA = Critical Cyber Asset Cyber Asset Name Essential R3.1 R3.2 R3.3 Connectivity CCA Cyber.Asset.Name Yes Yes Yes No IP Yes Cyber.Asset.Name Yes Yes Yes No Disconnected No Cyber.Asset.Name Yes No No Yes Dial-up Yes Cyber.Asset.Name Yes No No No Serial No
    16. 17. <ul><li>CIP Standards Updated in response to FERC Order 706 </li></ul><ul><li>Federal Government concerns about sufficiency of CA Identification process of current CIP-002-3 </li></ul><ul><li>CIP-002-4 Applicability </li></ul><ul><ul><li>There have been no changes in CIP-002-4, “Responsible Entity” criteria </li></ul></ul><ul><ul><li>Following remain exempt from CIP Standards </li></ul></ul><ul><ul><ul><li>Facilities regulated by Canadian Nuclear Safety Commission </li></ul></ul></ul><ul><ul><ul><li>Cyber Assets associated with communication networks and data communication links </li></ul></ul></ul><ul><ul><li>Nuclear Plant Cyber Security remains under NRC </li></ul></ul><ul><ul><ul><ul><li>In nuclear plants, the systems, structures, and components that are regulated by the Nuclear Regulatory Commission will be exempt under 10 C.F. R. Section 73.54. </li></ul></ul></ul></ul><ul><li>Conformance changes for other CIP stds—change Version 3 to Version 4—administrivia </li></ul>CIP Standards Version 4 Update
    17. 18. <ul><li>Responsible Entity required to identify and document a Risk-Based Assessment Methodology (RBAM) to identify its CAs </li></ul><ul><li>Responsible Entity free to select any RBAM but had to consider following: </li></ul><ul><ul><li>Control centers and backup control centers </li></ul></ul><ul><ul><li>Transmission substations </li></ul></ul><ul><ul><li>Generation resources </li></ul></ul><ul><ul><li>Systems and facilities critical to system restoration </li></ul></ul><ul><ul><ul><li>Blackstart generators </li></ul></ul></ul><ul><ul><ul><li>Transmission Substations in the cranking path for initial restoration. </li></ul></ul></ul><ul><ul><li>Automatic Load Shedding capable of shedding 300 MW or more . </li></ul></ul><ul><ul><li>Special Protection Systems </li></ul></ul><ul><ul><li>Any additional assets that support reliable operation of BES that the Responsible Entity deems appropriate </li></ul></ul>Review: CIP-002-3 CA Identification
    18. 19. <ul><li>Risk-Based Assessment Methodology in Version 3 has been replaced by “Bright-Line Criteria” in CIP-002-4, Attachment 1 </li></ul><ul><li>Old R1 and R2 now combined into new R1 for “Bright-Line Criteria” </li></ul><ul><li>Responsible Entity shall develop a list of CAs through application of criteria in CIP-002-4 Attachment 1 – Critical Asset Criteria </li></ul><ul><li>Attachment 1 is the key to CA Identification </li></ul>New CIP-002-4 CA Identification Criteria
    19. 20. <ul><li>Develop a list of associated Critical Cyber Assets essential to the operation of designated Critical Assets </li></ul><ul><li>New 15 minute adverse Impact criteria for Generator units </li></ul><ul><ul><li>The only Cyber Assets that must be considered are those Cyber Assets that could, within 15 minutes, adversely impact the reliable operation of the unit </li></ul></ul>CIP-002-4/R2: Critical Cyber Asset Identification
    20. 21. <ul><li>Generating units (including Nucs) with an aggregate highest rated net Real Power capability equal to or exceeding 1500 MW in a single Interconnection </li></ul><ul><li>Reactive resources (excluding generation Facilities) that have aggregate net Reactive Power nameplate rating of 1000 MVAR or greater </li></ul><ul><li>Generation Facilities that Planning Coordinator or Transmission Planner designates as necessary to avoid BES Adverse Reliability Impacts in the long-term plan </li></ul>CIP-002-4 - Attachment 1: New Critical Asset Identification Criteria
    21. 22. <ul><li>Blackstart Resources identified in the Transmission Operator's restoration plan </li></ul><ul><li>Cranking Paths from the Blackstart Resource to the first interconnection point or up to the point on the Cranking Path where two or more path options exist </li></ul><ul><li>Transmission Facilities operated at 500 kV or higher </li></ul><ul><li>Transmission Facilities operated at 300 kV or higher or substations with interconnection to three or more other transmission stations </li></ul>CIP-002-4 - Attachment 1: New Critical Asset Identification Criteria
    22. 23. <ul><li>Transmission Facilities that are identified by the Reliability Coordinator, Planning Authority or Transmission Planner as critica l to the derivation of Interconnection Reliability Operating Limits (IROLs) </li></ul><ul><li>Flexible AC Transmission Systems (FACTS), that are identified by the Reliability Coordinator, Planning Authority or Transmission Planner as critical to the derivation of Interconnection Reliability Operating Limits (IROLs) </li></ul><ul><li>Transmission Facilities that, if destroyed, degraded, misused, or otherwise rendered unavailable, would result in the loss of the assets identified by any Generator Owner as CA through the application of Attachment 1, (Criterion 1 or 3 above) </li></ul>CIP-002-4 - Attachment 1: New Critical Asset Identification Criteria
    23. 24. <ul><li>Transmission Facilities identified as essential to meeting Nuclear Plant Interface Requirements </li></ul><ul><li>Special Protection System (SPS), Remedial Action Scheme (RAS) or automated switching systems that operate BES Elements that, if destroyed, degraded, misused or otherwise rendered unavailable, would cause one or more Interconnection Reliability Operating Limits (IROLs) violations </li></ul><ul><li>Automatic Load Shedding Facilities that perform load shedding, without human operator initiation, of 300 MW or more ( Under Voltage Load Shedding (UVLS) or Under Frequency Load Shedding (UFLS) </li></ul>CIP-002-4 - Attachment 1: New Critical Asset Identification Criteria
    24. 25. <ul><li>Reliability Coordinator control centers or backup control centers </li></ul><ul><li>Generation control centers or backup control centers used to control generation at multiple plant locations, for any generation Facility or group of generation Facilities identified in Criteria #1, 3 or 4 above. Generation control centers or backup control centers used to control generation equal to or exceeding 1500 MW in a single Interconnection. </li></ul><ul><li>Transmission Operator control centers or backup control centers used to control at least one asset identified in Criteria #2, 5, 6, 7, 8, 9, 10, 11 or 12 above </li></ul><ul><li>Balancing Authority control centers or backup control centers used to control at least one asset identified in Criteria 1, 3, 4, or 13 above . Balancing Authority control centers or backup control centers used to control generation equal to or greater than an aggregate of 1500 MW in a single Interconnection. </li></ul>CIP-002-4 - Attachment 1: New Critical Asset Identification Criteria
    25. 26. <ul><li>Approved by 80% Industry vote—Dec 2010 </li></ul><ul><li>Approved by NERC Board of Trustees—Jan 24 </li></ul><ul><li>Submitted to FERC—Feb 2011 (tentative) </li></ul><ul><li>Approval by FERC (3-6 months)—July 2011? </li></ul><ul><li>Implementation Date +24 months after FERC approval (July 2013? at the earliest) </li></ul><ul><li>Dates above affect Critical Assets newly identified under Version 4 </li></ul><ul><ul><li>CAs previously identified under CIP-002-3 must remain compliant per CIP-003-3 thru CIP-009-3 until CIP-004-4 becomes effective—Bookend documentation for audits of all CAs </li></ul></ul>Projected CIP-002-4 Time Lines
    26. 27. What’s next for CIP Standards
    27. 28. CIP 003 Security Policy <ul><li>CIP 003.R1 Security Policy </li></ul><ul><ul><li>You must develop a security policy which makes NERC CIP 002-009 required for your organization. </li></ul></ul><ul><ul><li>If your system does not meet the standards in CIP 002, then you do not have to apply the remainder of CIP. </li></ul></ul><ul><ul><li>Your organization policy should address each requirement in the NERC CIP standards. </li></ul></ul>NERC = North American Electric Reliability Corporation CIP = Critical Infrastructure Protection
    28. 29. CIP 003 Leadership CIP = Critical Infrastructure Protection
    29. 30. CIP 003 Exceptions <ul><li>Non-compliance issues </li></ul><ul><ul><li>The exceptions process serves to address non-compliance issues. </li></ul></ul><ul><li>Risk register </li></ul><ul><ul><li>The exceptions process serves as a risk register. </li></ul></ul><ul><li>Risk management </li></ul><ul><ul><li>The senior manager accepts risk for not complying with standards . </li></ul></ul>NERC = North American Electric Reliability Corporation CIP = Critical Infrastructure Protection
    30. 31. CIP 003 Information Protection CIP = Critical Infrastructure Protection <ul><li>Information Identification </li></ul><ul><li>Operational procedures </li></ul><ul><li>Lists as required in standard CIP-002-3 </li></ul><ul><li>Network topology or similar diagrams for critical cyber assets </li></ul><ul><li>Floor plans of computing centers that contain critical cyber assets </li></ul><ul><li>Equipment layouts of critical cyber assets </li></ul><ul><li>Disaster recovery plans for critical assets </li></ul><ul><li>Incident response plans for critical assets and </li></ul><ul><li>Security configuration information for critical cyber assets </li></ul>What Where Who What information is critical? Where is the critical information located? Who owns the critical information?
    31. 32. CIP 003 Change Control and Configuration Management CIP = Critical Infrastructure Protection I&A = Identification and Authentication DES = Data Encryption Standard PKI = Public Key Infrastructure
    32. 33. <ul><li>What are the control mechanisms present within the meter? </li></ul><ul><ul><li>How does the meter restrict access to data and functionality? </li></ul></ul><ul><ul><li>Does the meter log successful and unsuccessful access attempts to produce an audit trail? </li></ul></ul><ul><ul><li>Does the meter require user and system identification and authentication? </li></ul></ul><ul><ul><li>Does the meter implement strong authentication? </li></ul></ul>Make a checklist Do the same for databases, operating systems and network infrastructure devices. Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIG) and Center for Internet Security (CIS) benchmarks provide a starting point. CIP = Critical Infrastructure Protection I&A = Identification and Authentication DES = Data Encryption Standard PKI = Public Key Infrastructure CIP 003 Change Control and Configuration Management Access Audit Communication Protection I &A The meter restricts access based on token I&A The meter records when access is authorized The meter encrypts data commands issued on it The meter requires token-based authentication The meter only accepts inputs from collectors The meter records what functions that are initiated on it The meter uses DES encryption. The meter accepts tokens authorized by the PKI system
    33. 34. CIP 004 Awareness and Training <ul><li>Posters, Emails, Brochures </li></ul><ul><ul><li>Socialize your cyber security policy </li></ul></ul><ul><li>Provide general training on the major elements of NERC CIP. </li></ul><ul><li>Provide specialized training for your critical NERC CIP processes. </li></ul>
    34. 35. CIP 004 Access Control
    35. 36. CIP 005 Network Security Network Applications Databases Operating System Network Operating System Databases Applications Access Points Electronic Security Perimeters CIP = Critical Infrastructure Protection
    36. 37. CIP 005 Network Security CIP = Critical Infrastructure Protection
    37. 38. CIP 005 Network Security CIP = Critical Infrastructure Protection
    38. 39. CIP = Critical Infrastructure Protection CIP 005 Network Security Ports and Services System Security Password Security Community String Security Open firewall ports and protocols No default accounts At least six-character passwords No public strings Point-to-point rules (no any any) Strong passwords Complex passwords Rename community strings Deny by default No default community strings Password changes every 360 days
    39. 40. CIP 006 Physical Security
    40. 41. <ul><ul><li>CIP 007 Systems Security Management </li></ul></ul>Create Baseline Configuration
    41. 42. CIP 007 Systems Security CIP = Critical Infrastructure Protection
    42. 43. CIP 007 Systems Security CIP = Critical Infrastructure Protection Vendor releases security patch or update SME determines patch or update applicability (within 30 days of availability) SME creates plan (within same 30 days) for future deployment SME downloads patch or update and deploys in test environment SME tests security controls and functionality according to test plan SME securely deploys and tests in production environment (or TFE)
    43. 44. CIP = Critical Infrastructure Protection IDS = Intrusion Detection System ICS = Industrial Control System CIP 007 Systems Security
    44. 45. CIP 007 Systems Security CIP = Critical Infrastructure Protection
    45. 46. CIP 007 Systems Security CIP = Critical Infrastructure Protection
    46. 47. CIP 007 Systems Security CIP = Critical Infrastructure Protection
    47. 48. CIP 007 Systems Security CIP = Critical Infrastructure Protection Ports and Services System Security Password Security Community String Security Open firewall ports and protocols No default accounts At least 6 character passwords No public strings Point-to-point rules (no any any) Strong passwords Complex passwords Rename community strings Deny by default No default community strings Password changes every 360 days
    48. 49. CIP 008 Incident Response <ul><li>You must formally identify and declare an incident: </li></ul><ul><ul><li>Develop an incident response form that demonstrates an incident identification (this will help you document your problem to the Electricity Sector – Information Sharing and Analysis Center). </li></ul></ul><ul><ul><li>Categorize the incident according to your incident response plan (red, yellow or green). </li></ul></ul><ul><ul><li>Ensure the plant manager is notified of the incident and its categorization. </li></ul></ul>CIP = Critical Infrastructure Protection
    49. 50. CIP 008 Incident Response <ul><li>An incident response (CIP 008) practice needs to be developed and should include the four primary capabilities: </li></ul><ul><ul><li>Identification </li></ul></ul><ul><ul><li>Containment </li></ul></ul><ul><ul><li>Eradication </li></ul></ul><ul><ul><li>Recovery </li></ul></ul><ul><li>Incident response should use a decision tree in order to determine the scope of the incident. </li></ul>CIP = Critical Infrastructure Protection
    50. 51. CIP 009 Recovery CIP = Critical Infrastructure Protection
    51. 52. CIP = Critical Infrastructure Protection CIP 009 Recovery
    52. 53. Challenges Created by New CIP Requirements <ul><li>Certifications and Background Checks </li></ul><ul><li>ESP / Physical Security Perimeters </li></ul><ul><li>Terminated Employee Tracking </li></ul><ul><li>Enterprise level access control </li></ul><ul><li>User Access Reviews </li></ul>
    53. 54. NERC is Complex. NERC CIP is more Complex.. To meet all requirements you need to interface with: Applications – SAP, Oracle, HR, and Business Applications GRC, IAM, Change Management, Asset Management Directories, Network Security and IT Systems Physical Access Control Systems (PACS) Control Systems: EMS, DMS, HMI/SCADA Facilities / Building Management Video surveillance and other imaging sensors Situational Awareness and Geo-Spatial Mapping Incident Management Applications
    54. 55. Streamline On-Boarding/Off-Boarding & Close Security Gaps Enterprise Compliance Eliminate Overlaps Workplace Efficiency Simplify & automate onboarding & offboarding Human resources SCADA/ Network Physical security Governance risk & compliance Identity management IT/ERP security Assets Contractors Background Checks Certification Internal Control Policies Industry Specific Risk Library
    55. 56. A New Generation of Solutions Bridges the Gap, Removes the Silos
    56. 57. Active Policy Enforcement
    57. 58. Situational Awareness
    58. 59. Incident Response
    59. 60. NERC CIP Security and Compliance Posture
    60. 61. Compliance Solutions Tools: Features To Look For <ul><li>KRI Dashboard, Risk Scoring, Qualitative Risk (H, M, L) </li></ul><ul><li>Asset Discovery, Visualization and Criticality Rating </li></ul><ul><li>Situational Awareness and Geo-Spatial Mapping </li></ul><ul><li>Incident Management Module </li></ul><ul><li>User Access Reviews, role Lifecycle Management </li></ul><ul><li>Multiple simultaneous assessment projects </li></ul><ul><li>Common Controls and Risk Repository </li></ul><ul><li>Rules Engine to Automate Controls </li></ul><ul><li>Repository for Documentation and Evidence </li></ul><ul><li>Robust Integration with HR, ERP, GRC, IAM etc. </li></ul><ul><li>Physical Security Integration and Control Systems Integration </li></ul><ul><li>Integrated with Security Automation Tools (GCC) </li></ul><ul><li>Roles-based dashboards – display tiles </li></ul>
    61. 62. CIP 003 – 009 Takeaways CIP = Critical Infrastructure Protection
    62. 63. Beyond NERC-CIP: Perimeter Protection Issues Internet Critical Network Business Network Critical Cyber Asset Command And Control
    63. 64. Network Threats <ul><ul><li>Malware propagates via VPN or open firewall ports </li></ul></ul><ul><ul><li>Shared passwords, “temporary” contractor access, access management issues </li></ul></ul><ul><ul><li>Firewall zero-day attacks, take over firewall </li></ul></ul><ul><ul><li>Targeted emails – open attachments or visit compromised website </li></ul></ul>Routine Threats Advanced Threats
    64. 65. Remote Control <ul><ul><li>Modern malware contacts command and control servers on open internet </li></ul></ul><ul><ul><li>Usual remediation: forbid internet connections </li></ul></ul><ul><ul><li>Peer-to-peer network between compromised machines </li></ul></ul><ul><ul><li>C&C server controls CCA’s even when internet connections are forbidden </li></ul></ul>Routine Threats Advanced Threats
    65. 66. Advanced Perimeter Protection Unidirectional Communications Critical Network Business Network Critical Cyber Asset Enterprise Planning System One-Way Communications Hardware
    66. 67. Unidirectional Data Transfer <ul><ul><li>No attack possible from less-trusted network </li></ul></ul><ul><ul><li>But: modern businesses rely on access to real-time data </li></ul></ul><ul><ul><li>Transmits valuable real-time data to business systems </li></ul></ul><ul><ul><li>One-way hardware means data transfer back into critical network is impossible </li></ul></ul>Air Gap Unidirectional Data Transfer
    67. 68. Emulating Two Way Protocols One-Way Communications Hardware Emulation Agent Two-Way Protocol Two-Way Protocol Emulation Agent
    68. 69. Emulating Two-Way Protocols <ul><ul><li>One-way fiber-optic hardware </li></ul></ul><ul><ul><li>Proprietary high-speed, low-latency protocol </li></ul></ul><ul><ul><li>Sophisticated data integrity protections </li></ul></ul><ul><ul><li>Emulate wide variety of two-way protocols </li></ul></ul><ul><ul><li>Run on conventional Windows hosts </li></ul></ul><ul><ul><li>Ease of use, ease of management </li></ul></ul>Unidirectional Gateways Software Agents
    69. 70. Under the Hood WF-Packet preparation and sending (Sequencing, Redundancy, Error correction) High capacity and optimized receiving mechanism. Scheduler 3 rd Party API SDK Connectors Management Control and Conf. MMI Connectors SDK 3 rd Party API Scheduler Management Control and Conf. MMI Unidirectional Fiber optics ETH ETH
    70. 71. Mature Product Lines <ul><ul><li>High performance </li></ul></ul><ul><ul><li>High availability </li></ul></ul><ul><ul><li>High data integrity </li></ul></ul><ul><ul><li>Standard protocols, including: sftp, Modbus, ICCP, OPC, DNP3, SNMP, Syslog </li></ul></ul><ul><ul><li>Server replication applications, inclnuding: OSI PI, Siemens SINAULT, GE iFix </li></ul></ul><ul><ul><li>Remote screen viewing </li></ul></ul><ul><ul><li>Secure manual uplink </li></ul></ul>Broad Range of Features
    71. 72. Application: Generation Photo courtesy of wikimedia.org Critical Network Critical Cyber Assets Business Network Enterprise Historian (Replica) Plant Historian ICCP (to SO)
    72. 73. Application: Generation <ul><ul><li>Replica Historian on Business Network with real-time data only milliseconds old </li></ul></ul><ul><ul><li>End users interact with replica as if it were original </li></ul></ul><ul><ul><li>High load on replica has no effect critical historian </li></ul></ul><ul><ul><li>ICCP consumers on-site and off-site </li></ul></ul><ul><ul><li>Interact with one-way agent as if with original – no reconfiguration required </li></ul></ul>Historian Replication ICCP Communications
    73. 74. Application: Transmission Photo courtesy of: hydro station L'Ange-Gardien, QC Substation Network EMS Network Critical Cyber Assets DNP3 DNP3 EMS
    74. 75. Application: Transmission <ul><ul><li>Replica data is only milliseconds old </li></ul></ul><ul><ul><li>End users interact with replica as if it were original </li></ul></ul><ul><ul><li>High load on replica has no effect critical historian </li></ul></ul><ul><ul><li>ICCP consumers on-site and off-site interact with one-way agent as if with original </li></ul></ul><ul><ul><li>No reconfiguration required </li></ul></ul>Historian Replication ICCP Communications
    75. 76. NERC-CIP: Specific Benefits <ul><ul><li>Store protected information on unidirectionally protected networks </li></ul></ul><ul><ul><li>Unidirectional Gateways are only access points </li></ul></ul><ul><ul><li>No remote access attempts or logs to monitor </li></ul></ul><ul><ul><li>No open ports or services </li></ul></ul>Copyright © 2011 Waterfall Security Solutions Ltd <ul><ul><li>Simplified security test procedures </li></ul></ul>CIP-003: Security Management Controls CIP-005: Electronic Security Perimeters CIP-007: Security Systems Management
    76. 77. NERC-CIP: Systemic Benefits <ul><ul><li>No attacks possible from less-critical networks </li></ul></ul><ul><ul><li>Device configuration errors cannot compromise critical networks </li></ul></ul><ul><ul><li>No exposed ports or services </li></ul></ul><ul><ul><li>No VPN’s or remote access </li></ul></ul>Copyright © 2011 Waterfall Security Solutions Ltd <ul><ul><li>Simpler system security </li></ul></ul><ul><ul><li>Less Documentation </li></ul></ul><ul><ul><li>Fewer Logs to examine </li></ul></ul>Increased Security Reduced Program Documentation Reduced Audit and Assessment Costs
    77. 78. What CIP is Not <ul><li>CIP C ompliance I s P ainful </li></ul><ul><li>CIP C ongress- I nitiated P roblem </li></ul><ul><li>CIP C an I P unt? </li></ul><ul><li>CIP C ash I s P referred </li></ul><ul><li>NERC’s Brainchild </li></ul>
    78. 79. What if I’m Not Required To Comply?
    79. 80. Am I at Risk? <ul><li>Electromagnetic Weaponry </li></ul><ul><ul><li>http://www.sciencenews.org </li></ul></ul><ul><li>Summary of challenges recognized by DOE </li></ul><ul><ul><li>http://www.oe.energy.gov/DocumentsandMedia/roadmap.pdf </li></ul></ul><ul><li>Worm scenario (IOActive-discovered vulnerability with auto-disconnect) </li></ul><ul><li>Scenario for DDOS with meter BOTnet – </li></ul><ul><ul><li>http://www.muniwireless.com/2010/09/24/smart-grid-security-alert-malicious-worm-attacking-industrial-sites/ </li></ul></ul><ul><ul><li>http://www.theregister.co.uk/2009/06/12/smart_grid_security_risks/ </li></ul></ul><ul><li>Easter eggs already in existence </li></ul><ul><ul><li>http://online.wsj.com/article/SB123914805204099085.html </li></ul></ul><ul><li>Invasion of privacy through load signature analysis </li></ul><ul><ul><li>http://voices.washingtonpost.com/securityfix/2009/11/experts_smart_grid_poses_priva.html </li></ul></ul>Have a look for yourself
    80. 81. How far should I go?
    81. 82. How do I choose security controls? <ul><li>Think like you would for any other business asset </li></ul><ul><ul><li>Define constraints </li></ul></ul><ul><ul><li>Define the requirements </li></ul></ul><ul><ul><li>Create a weighted scale </li></ul></ul><ul><ul><li>Seek viable candidates </li></ul></ul><ul><ul><li>Compare empirically </li></ul></ul><ul><ul><li>Demo any and all contenders </li></ul></ul><ul><ul><li>Call references (and find your own) </li></ul></ul><ul><ul><li>Develop maintenance plan </li></ul></ul><ul><ul><li>Identify risks with controls/vendors </li></ul></ul><ul><ul><li>Seek a limited pilot </li></ul></ul>
    82. 83. Where can I go for help?
    83. 84. Culture of Compliance What Does It Look Like? How Do I Get There?

    ×