Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Presented by PAS and NovaTech
July 2013
Leveraging Technology to Enhance
Security, Reliability
&
NERC-CIP Ver. 5 Compliance
AGENDA
• Group Introductions
• Agenda
• Review CIP V5 Requirements
• Discussion of current practices in generation plants ...
Introductions
• Richard Powell – Manager Cyber Security Solutions - PAS
– CISSP, CISA
– Business development for cyber sec...
Future NERC CIP Standards
NERC CIP Version 4
(approved 4/19/2012)
Effective date 4/1/2014
Critical generating assets:
o ...
CIP 002-011 (Version 5): Overview
NERC CIP CYBER SECURITY STANDARDS Version 5
Ten Standards /43 Requirements
NERC CIP CYBE...
Panel Discussion
Question: What do you see as the major challenges at your Utility in
complying with Version 5 especially ...
Panel Discussion
 Most companies have a number of disparate cyber assets in the form of:
– Hardware (Controllers, PLC’s et...
#ptc2013 | 8
The Southern Company
#ptc2013 | 9
Herding Cats (Even Friendly Ones) is fun
EmersonEmerson (DCS)(DCS)
FoxboroFoxboro (DCS)(DCS)
ABBABB (DCS)(DCS...
Approved List
NERC Device Properties (i.e.,
TFE, CCA Blackstart MWs etc )
Backup and Storage Sched.
Password Management Sc...
Integrity System Architecture Overview
INPUTS
ASSET INVENTORY
CYBER ASSET INVENTORY
CONTROL DEVICE DATA (WMIC)
AUTHORIZED ...
Integrity Inventory
•Ports
•Services
•Patches
•Applications
•Events
•Other Stuff
Security Configuration Management
• Common Operating Environment (COE)
• Configuration Baselines
• COEs specify
– Allowed ...
Change Management - iMOC™
• 3rd
Generation MOC workflow application
– Designed specifically for automation systems
– Built...
Reporting:
#ptc2013 | 15
REPORTS
SECURITY PATCH MGT.
ACCOUNT MANAGEMENT
MALICIOUS SOFTWARE
DEVICE DISCOVERY
CUSTOM USER RE...
Proposed Orion-Integrity Architecture
Active
Directory
Server
RSA PAS
Integrity
Server
Generation
Electronic
Security
Peri...
Substation Inventory
Relay Configuration Capture
NovaTech Connection Manager
NovaTech Connection Manager (Server Style)
IED Software
(e.g. AcSELerator)
NovaTech
Connection Manager
• Virtual Serial Po...
Summary – Tying it Altogether
• Asset Management
• Common Operating Environment
• Data Aggregation
• Secure Access
• Enhan...
Questions??
Kevin Johnson
570-498-4409
Kevin.johnson@novatechweb.com
Rich Powell
904-651-5622
rpowell@pas.com
Upcoming SlideShare
Loading in …5
×

Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compliance by PAS and NovaTech

2,257 views

Published on

Published in: Technology
  • Be the first to comment

Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compliance by PAS and NovaTech

  1. 1. Presented by PAS and NovaTech July 2013 Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver. 5 Compliance
  2. 2. AGENDA • Group Introductions • Agenda • Review CIP V5 Requirements • Discussion of current practices in generation plants and substations – Inventory – Configuration management – Change management • Case Study of Southern Co. • Panel impressions • Questions – General Discussion
  3. 3. Introductions • Richard Powell – Manager Cyber Security Solutions - PAS – CISSP, CISA – Business development for cyber security – Head of cyber security consulting for a leading CIP consulting group – Head of security and compliance for a large municipal utility • Kevin Johnson – V.P. Business Development – NovaTech – Member of Executive Management Team – Strategic Initiatives & Emerging Technologies – Southeast Utilities Regional Manager
  4. 4. Future NERC CIP Standards NERC CIP Version 4 (approved 4/19/2012) Effective date 4/1/2014 Critical generating assets: o 1500MW power in a single interconnection o 1000MVAR reactive power in a single interconnection o “Reliability Must Run” units o “Black start” units NERC CIP Version 5 (Submitted to FERC 1/31/2013) •Impact Categorization, instead of Critical Assets •New process is introduced in proposed CIP-002-05 for identifying and classifying BES Cyber Systems according to “Low- Medium-High” impact •Two new standards – 010 - Configuration Management and Vulnerability Assessments – 011 – Information Protection •Routable and non-Routable Protocols •Remote Access •Malicious Code Prevention.
  5. 5. CIP 002-011 (Version 5): Overview NERC CIP CYBER SECURITY STANDARDS Version 5 Ten Standards /43 Requirements NERC CIP CYBER SECURITY STANDARDS Version 5 Ten Standards /43 Requirements CRITICAL CYBER ASSETS CRITICAL CYBER ASSETS SECURITY MANAGEMENT CONTROLS SECURITY MANAGEMENT CONTROLS PERSONNEL AND TRAINING PERSONNEL AND TRAINING ELECTRONIC SECURITY ELECTRONIC SECURITY PHYSICAL SECURITY PHYSICAL SECURITY SYSTEMS SECURITY MANAGEMENT SYSTEMS SECURITY MANAGEMENT INCIDENT REPORTING AND RESPONSE PLANNING INCIDENT REPORTING AND RESPONSE PLANNING RECOVERY PLANS FOR BES CYBER ASSETS RECOVERY PLANS FOR BES CYBER ASSETS CIP-002 CIP-003 CIP-004 CIP-005 CIP-006 CIP-007 CIP-008 CIP-009 1. PLAN 2. VISTOR CONTROL PLAN 3. MAINTE- NANCE AND TESTING 1. PLAN 2. VISTOR CONTROL PLAN 3. MAINTE- NANCE AND TESTING 1. PORTS AND SERVICES 2. SECURITY PATCH MANAGEMENT 3. MALICIOUS CODE PREVENTION 4. SECURITY EVENT MONITORING 5. SYSTEM ACCESS CONTROLS 1. PORTS AND SERVICES 2. SECURITY PATCH MANAGEMENT 3. MALICIOUS CODE PREVENTION 4. SECURITY EVENT MONITORING 5. SYSTEM ACCESS CONTROLS 1. CYBER SECURITY INCIDENT RESPONSE PLAN 2. IMPLEMEN- TATION AND TESTING OF CYBER SECURITY INCIDENT RESPONSE PLANS 3. CYBER SECURITY INCIDENT RESPONSE PLAN REVIEW 1. CYBER SECURITY INCIDENT RESPONSE PLAN 2. IMPLEMEN- TATION AND TESTING OF CYBER SECURITY INCIDENT RESPONSE PLANS 3. CYBER SECURITY INCIDENT RESPONSE PLAN REVIEW 1. RECOVERY PLANS 2. RECOVERY PLAN IMPLEMEN- TATION AND TESTING 3. RECOVERY PLAN REVIEW, UPDATE, AND COMMUNI- CATION 1. RECOVERY PLANS 2. RECOVERY PLAN IMPLEMEN- TATION AND TESTING 3. RECOVERY PLAN REVIEW, UPDATE, AND COMMUNI- CATION 1. LOW, MEDIUM, HIGH CRITERIA 2. 15-MONTH REVIEW 1. LOW, MEDIUM, HIGH CRITERIA 2. 15-MONTH REVIEW 1. ELECTRONIC SECURITY PERIMETER 2. REMOTE ACCESS MANAGEMENT 1. ELECTRONIC SECURITY PERIMETER 2. REMOTE ACCESS MANAGEMENT 1. AWARENESS 2. TRAINING 3. PERSONNEL RISK ASSESSMENT 4. ACCESS 5. ACCESS REVOCATION PROGRAM 1. AWARENESS 2. TRAINING 3. PERSONNEL RISK ASSESSMENT 4. ACCESS 5. ACCESS REVOCATION PROGRAM 1. CYBER SECURITY POLICY FOR HIGH /MEDIUM 2. CYBER SECURITY POLICY FOR LOW 3. LEADERSHIP 4. DOCUMENT DELEGATES 1. CYBER SECURITY POLICY FOR HIGH /MEDIUM 2. CYBER SECURITY POLICY FOR LOW 3. LEADERSHIP 4. DOCUMENT DELEGATES Source: NERC (www.nerc.com) CIP = Critical Infrastructure Protection. NERC = North American Electric Reliability Corporation. BES = Bulk Electric System CONFIG. CHANGE & VULN. ASSESS. CONFIG. CHANGE & VULN. ASSESS. INFORMATION PROTECTION INFORMATION PROTECTION CIP-010 CIP-011 1. CONFIGUR- ATION CHANGE MANAGE- MENT PROCESS 2. CONFIGUR- ATION MONITOR- ING 3. VULNER- ABILITY ASSESS- MENTS 1. CONFIGUR- ATION CHANGE MANAGE- MENT PROCESS 2. CONFIGUR- ATION MONITOR- ING 3. VULNER- ABILITY ASSESS- MENTS 1. INFORMATION PROTECTION PROCESS 2. BES CYBER ASSET REUSE AND DISPOSAL 1. INFORMATION PROTECTION PROCESS 2. BES CYBER ASSET REUSE AND DISPOSAL 5
  6. 6. Panel Discussion Question: What do you see as the major challenges at your Utility in complying with Version 5 especially related to the above as defined in CIP 7 & 10? Development and Implementation of a NERC CIP Compliance Program can involve many functions of an organization including Operations, Administration, IT, etc. Question: What steps has your company taken to date to prepare for Version 5 compliance related to personnel? •Staffing •Training Follow-up Question: Has you the organization considered the financial and resource implications associated with the data mining and management associated with the Inventory Development of the installed assets? and if so what measures?
  7. 7. Panel Discussion  Most companies have a number of disparate cyber assets in the form of: – Hardware (Controllers, PLC’s etc.) – Application Versions – Ports/Services – Firmware Versions – User Accounts – Configuration Setpoints Question:  How is your company currently addressing these?   Follow-up:  Can you see an advantage in Leveraging Technology to Enhance  Security, Reliability, NERC-CIP Ver. 5 Compliance?
  8. 8. #ptc2013 | 8 The Southern Company
  9. 9. #ptc2013 | 9 Herding Cats (Even Friendly Ones) is fun EmersonEmerson (DCS)(DCS) FoxboroFoxboro (DCS)(DCS) ABBABB (DCS)(DCS) GE Mark VIGE Mark VI SiemensSiemens (TCS)(TCS) SchweitzerSchweitzer (Relay)(Relay) RTURTU Allen BradleyAllen Bradley (PLC)(PLC) GE FanucGE Fanuc (PLC)(PLC) GE Bently NevadaGE Bently Nevada AspenTechAspenTech SpectrumSpectrum (CEMS)(CEMS) SiemensSiemens (EMS)(EMS) WoodwardWoodward (TCS)(TCS) CiscoCisco (Control Networks)(Control Networks) YokogawaYokogawa ModiconModicon (PLC)(PLC) MetsoMetso (DCS)(DCS) MitsubishiMitsubishi (TCS)(TCS) ToshibaToshiba (TCS)(TCS)
  10. 10. Approved List NERC Device Properties (i.e., TFE, CCA Blackstart MWs etc ) Backup and Storage Sched. Password Management Schedule Database Integrity & Orion IIS Plant IT Infrastructure OPC Servers DCS Terminals /Servers Process Historians Routers/ Switches Network Users and Groups Automation Infrastructure Manual Data Integrity Essentials Integrity Recon Integrity Inventory Integrity iMOC NERC CIPs Solution From Generation to Substation to the Enterprise Automation Systems DCSs, PLCs, Historians, Instrument Databases, IEDs, etc.
  11. 11. Integrity System Architecture Overview INPUTS ASSET INVENTORY CYBER ASSET INVENTORY CONTROL DEVICE DATA (WMIC) AUTHORIZED USER LIST APPROVED OS PATCHES APPROVED VENDOR PATCHES APPROVED DEVICE PORTS APPROVED ANTI-VIRUS DEF.’s BACKUP AND STORAGE SCHED. PASSWORD MGT. SCHEDULE SYSTEM LOGS REPORTING SECURITY PATCH MGT. ACCOUNT MANAGEMENT MALICIOUS SOFTWARE DEVICE DISCOVERY CUSTOM USER REPORTS COMPLIANCE REPORTS MOC REPORTS SYSTEM ALERT STATUS PSP – ASSET REPORT ESP – ASSET REPORT
  12. 12. Integrity Inventory •Ports •Services •Patches •Applications •Events •Other Stuff
  13. 13. Security Configuration Management • Common Operating Environment (COE) • Configuration Baselines • COEs specify – Allowed installed software and their versions – Allowed hardware configurations – Patches – Ports/Services – User access privileges
  14. 14. Change Management - iMOC™ • 3rd Generation MOC workflow application – Designed specifically for automation systems – Built upon Integrity framework – Leverages Web 2.0 technologies to facilitate information push & collaboration with other applications • Intelligent platform – Creates searchable documentation • Identifies all links and places-used • Improves discovery – Embeds checklists – Approval routing and documentation – Provides links to critical information – Automatically reconciles changes • Work flow is customizable to fit existing change management processes
  15. 15. Reporting: #ptc2013 | 15 REPORTS SECURITY PATCH MGT. ACCOUNT MANAGEMENT MALICIOUS SOFTWARE DEVICE DISCOVERY CUSTOM USER REPORTS COMPLIANCE REPORTS MOC REPORTS SYSTEM ALERT STATUS PSP – ASSET REPORT ESP – ASSET REPORT DASHBOARD INVENTORY UN-RECONCILED CHANGES PORTS & SERVICES SECURITY PATCH MANAGEMENT ANTIVIRUS MANAGEMENT PASSWORD MANAGEMENT MEDIA DISPOSAL MANAGEMENT BACKUP & STORAGE NERC ALERTS LISTINGS ASSET INVENTORY CYBER ASSET INVENTORY CONTROL DEVICE DATA (WMIC) AUTHORIZED USER LIST APPROVED OS PATCHES APPROVED VENDOR PATCHES APPROVED DEVICE PORTS APPROVED ANTI-VIRUS DEF.’s BACKUP AND STORAGE SCHED. PASSWORD MGT. SCHEDULE SYSTEM LOGS
  16. 16. Proposed Orion-Integrity Architecture Active Directory Server RSA PAS Integrity Server Generation Electronic Security Perimeter (ESP) Substation Electronic Security Perimeter (ESP) ESP/Jump Server OrionLX - SCP OrionLX - RCP RTU Protective Relay Protective Relay Broadband Connection RTU DCS PLC PLC Servers can be physical or virtual
  17. 17. Substation Inventory
  18. 18. Relay Configuration Capture
  19. 19. NovaTech Connection Manager
  20. 20. NovaTech Connection Manager (Server Style) IED Software (e.g. AcSELerator) NovaTech Connection Manager • Virtual Serial Port for serial based configuration software Users Windows based Connection Manager PC Server Remote access to server Identity Management Server Secure connection agent runs in the OrionLX
  21. 21. Summary – Tying it Altogether • Asset Management • Common Operating Environment • Data Aggregation • Secure Access • Enhanced Reliability • Risk / Threat Management • Validation • Compliance
  22. 22. Questions?? Kevin Johnson 570-498-4409 Kevin.johnson@novatechweb.com Rich Powell 904-651-5622 rpowell@pas.com

×