SlideShare a Scribd company logo

Cyber Security Standards Update: Version 5 by Scott Mix

T
TheAnfieldGroup

Version 5 of the CIP cybersecurity standards was approved in 2012 and filed with FERC in 2013. It features a risk-based, results-focused approach and addresses directives from FERC Order 706. Version 5 improves upon previous versions by focusing on identifying, assessing, and correcting deficiencies. It also takes a systems approach to applicability and tailors security based on impact and connectivity. The effective date for Version 5 is July 1, 2015 or later, allowing entities a minimum of 24 months for implementation.

TechnologyBusiness
1 of 47
Download to read offline
Cyber Security Standards Update: Version 5Version 5  August 1 2013August 1, 2013  Scott Mix, CISSP  CIP Technical Manager
Agenda • Version 5 – Impact Levels F t– Format – Features – NOPR 2 RELIABILITY | ACCOUNTABILITY
CIP Standards – Version 5 • CIP Version 5 ‐ Draft 4 – Final Version  Approved by industry on Nov 5, 2012  Approved by NERC Board of Trustees on Nov 26.   2012  Filed with FERC on February 1 2013 Filed with FERC on February 1, 2013 oFERC Docket RM13‐5 o10,483 page filing, p g g 3 RELIABILITY | ACCOUNTABILITY
CIP Standards – Version 5 • CIP‐002‐5: BES Cyber Asset and BES Cyber System  Categorization i l• CIP‐003‐5: Security Management Controls • CIP‐004‐5: Personnel and Training • CIP‐005‐5: Electronic Security Perimeter(s)• CIP 005 5: Electronic Security Perimeter(s) • CIP‐006‐5: Physical Security of BES Cyber Systems • CIP‐007‐5: Systems Security Management • CIP‐008‐5: Incident Reporting and Response Planning • CIP‐009‐5: Recovery Plans for BES Cyber Assets and  S tSystems • CIP‐010‐1: Configuration Management and Vulnerability  Assessments 4 RELIABILITY | ACCOUNTABILITY Assessments • CIP‐011‐1: Information Protection
CIP Standards – Version 5 • New / Modified Terms:  BES Cyber Asset   BES Cyber System  Electronic Access Point (EAP)  Electronic Security Perimeter   BES Cyber System   BES Cyber System  Information   CIP Exceptional y (ESP)  External Routable Connectivity  Interactive Remote Access CIP Exceptional  Circumstance   CIP Senior Manager C t l C t Interactive Remote Access   Intermediate Device   Physical Access Control Systems  (PACS) Control Center  Cyber Assets   Cyber Security Incident (PACS)   Physical Security Perimeter  (PSP)  Protected Cyber Asset (PCA)  Dial‐up Connectivity  Electronic Access Control  and Monitoring Systems   Protected Cyber Asset  (PCA)  Reportable Cyber Security   Incident 5 RELIABILITY | ACCOUNTABILITY g y (EACMS)
CIP Standards – Version 5 • Retired Terms  Critical Assets C iti l C b A t Critical Cyber Assets 6 RELIABILITY | ACCOUNTABILITY
CIP Standards – Version 5 • CIP‐002  Builds on “bright lines” in CIP‐002‐4g  “Version 4” Critical Asset control centers – High   Other “Version 4” Critical Assets – Medium   Some “Version 4” non‐critical asset control centers – Medium   Transmission now looking at “capacity” rather than  number of lines at a voltage level C t h ll t f ifi ll t i d L Catch‐all category for non‐specifically categorized – Low  o“Something everywhere” – within the BES oProgrammatic requirement: CIP 003 5 Requirement R2 7 RELIABILITY | ACCOUNTABILITY oProgrammatic requirement: CIP‐003‐5 Requirement R2
CIP Standards – Version 5 • High Impact – Large Control Centers – CIP‐003 through 009 “plus”CIP 003 through 009  plus • Medium Impact  – Generation and Transmission C l C– Control Centers – Similar to CIP‐003 to 009 V4 • All other BES Cyber Systems  (Low Impact) must implement a  policy to address: – Cybersecurity Awareness – Physical Security Controls – Electronic Access Controls – Incident Response 8 RELIABILITY | ACCOUNTABILITY Incident Response • High Watermarking
CIP Standards – Version 5 Rationale, Guidance & Changes, Main Requirement and Measure Applicable Systems for requirement part Requirement part text Requirement part Measure text 9 RELIABILITY | ACCOUNTABILITY Requirement part Reference Requirement part change rationale
CIP Standards – Version 5 • Format  Following Results‐based Standards format  Background section before requirements  Requirement and Measurement next to each other  Rationale and guidance developed in parallel with  requirements – still being developed and augmented T i f i h id / i l Two posting formats – one with guidance/rationale text  boxes inline; other with guidance and rational text  grouped at endg p  Still must audit only to the requirement  Guidelines and Technical Basis section at end 10 RELIABILITY | ACCOUNTABILITY
CIP Standards – Version 5 • Applicable Systems column in tables  What systems or entities the row in the  table apply to  Listed in each standard  Specific phrases – consistent across all standards  A requirement part (row) may have multiple applicability A requirement part (row) may have multiple applicability  statements  Examples: o High Impact BES Cyber Systems o Medium Impact BES Cyber Systems o Medium Impact BES Cyber Systems at Control Centers o Medium Impact BES Cyber Systems with External Routable  Connectivity o Protected Cyber Assets 11 RELIABILITY | ACCOUNTABILITY y o Electronic Access Control Systems
CIP Standards – Version 5 • Connectivity  No longer a blanket exemption  Now listed in applicability section – Routable Connectivity or  Dial‐up Connectivity  “Routable protocol” applicability now applies where large Routable protocol  applicability now applies where large  volume, real‐time communications requirements are listed – e.g., logging • Low Impact  CIP‐003‐5 Requirement R2  “Programmatic” controls (i.e., have a program for …)  Requires physical and cyber security protections for  “locations” containing low 12 RELIABILITY | ACCOUNTABILITY locations  containing low  Does not require lists of every low impact BES Cyber System
CIP Standards – Version 5 • TFEs  Attempting to minimize required TFEs (e.g., anti‐malware on  switches)  Reduced from 14 requirements to 10  But still have TFEs (including new ones where existing V1 V4 But … still have TFEs (including new ones where existing V1 – V4  problems exist)  Have added “per Cyber Asset capability” language to allow strict  compliance with the language of the requirement, without  requiring a TFE (~5 requirements) • Measures• Measures  Guidance to auditors as well as entities  “An example of evidence may include, but is not limited to, …” 13 RELIABILITY | ACCOUNTABILITY An example of evidence may include, but is not limited to, …  No longer a “meaningless restatement of the requirement”
CIP-002-4 • Notes when reading NERC Standards:  Capitalization is very important.   Capitalized words refer to terms in the NERC Glossary of  Terms Used in Reliability Standards  (http://www.nerc.com/pa/Stand/Glossary%20of%20Terms(http://www.nerc.com/pa/Stand/Glossary%20of%20Terms /Glossary_of_Terms.pdf)   Non‐capitalized terms do not refer to NERC glossary terms i “R l i ” i h “ l i ”o i.e., “Real‐time” is not the same as “real‐time” o “Facilities” is not the same as “facilities”  Terms with well known and authoritative definitions defer  to those authoritative sources (e.g., “FACTS”)  Not all terms used have either NERC Glossary definitions or  authoritative definitions (e g “control center”) 14 RELIABILITY | ACCOUNTABILITY authoritative definitions (e.g.,  control center )
CIP Standards – Version 5 • Bulleted lists vs. numbered lists  Bulleted lists are separated by “or”p y  Bulleted lists imply that not all of the items in the list  are required  Numbered lists are separated by “and”  Numbered lists imply that all of the items in the lists  dare required • Both bulleted and numbered lists are used in  both requirements and measures 15 RELIABILITY | ACCOUNTABILITY
Features of Version 5 • Closes out directives in FERC Order No. 706 (also, FERC  Order No. 761 imposes March 31, 2013, filing deadline) • Results‐based standards  Focus on reliability and security‐related result  Non‐technology specificNon technology specific  Smarter use of Technical Feasibility Exception (TFE) process  “Plain language of the requirement”, i.e., “per device  bili ”capability” • Risk‐informed systems approach  Adopt solutions and tailor security based on function andAdopt solutions and tailor security based on function and  risk  No longer a harsh “in or out” demarcation for applicability  Impact and connecti it informs applicabilit 16 RELIABILITY | ACCOUNTABILITY  Impact and connectivity informs applicability
Features of Version 5 • Systems approach illustration  Cyber Assets function together as a complex system  Identify the system and apply requirements to the whole  rather than the part 17 RELIABILITY | ACCOUNTABILITY  “High Watermarking” inside boundary
CIP V5 Approach to Correcting Deficiencies • Empowers industry  Shifts focus from whether deficiencies occur to correcting  d fi i ideficiencies  Continuous Improvement  o From: backward‐looking, individual violationso From: backward looking, individual violations o To: forward‐looking, holistic focus • Reliability and security emphasis that promotes the  identification and correction of deficiencies  • Consistent with NERC “Internal Controls” approach to  licompliance • Version 5 triggering language: “… implement, in a manner  that identifies assesses and corrects deficiencies ” 18 RELIABILITY | ACCOUNTABILITY that identifies, assesses, and corrects deficiencies, …
CIP V5 Approach to Correcting Deficiencies (Continued) • Corrected deficiency is a component of satisfying the  requirement • Does not require “internal controls” or additional  process d d h f d f• Standards approach of correcting deficiencies  complements the compliance concept of internal controls • Reliability Standard Authorization Worksheets (RSAWs)• Reliability Standard Authorization Worksheets (RSAWs)  and Violation Severity Levels (VSLs) must support  approachapproach  Does not expand obligations  Clarifies that method of identifying, assessing, and correcting  19 RELIABILITY | ACCOUNTABILITY deficiencies is not evaluated
Draft RSAW • Deficiencies refer to possible non‐compliances with  the standard; not all deficiencies would become  issues of non‐compliance • Entities are not required to self‐report deficiencies if  h id if i i d i hthey are identifying, assessing and correcting them • CEA samples identified, assessed and corrected  d fi i ideficiencies  CEA considers impact of correction in determining the  sample sizesample size 20 RELIABILITY | ACCOUNTABILITY
When to Self-Report • Plan does not exist • Plan has not been implemented • Did not assess or correct identified deficiencies • Deficiencies that create high risk to the Bulk Electric g System 21 RELIABILITY | ACCOUNTABILITY
Implementation Plan • Proposed Effective Date (from CIP‐002‐5;  all standards use the same language): 1. 24 Months Minimum – CIP‐002‐5 shall become effective  on the later of July 1, 2015, or the first calendar day of  the ninth calendar quarter after the effective date of thethe ninth calendar quarter after the effective date of the  order providing applicable regulatory approval.     2. In those jurisdictions where no regulatory approval is j g y pp required CIP‐002‐5 shall become effective on the first  day of the ninth calendar quarter following Board of  Trustees’ approval or as otherwise made effectiveTrustees  approval, or as otherwise made effective  pursuant to the laws applicable to such ERO  governmental authorities.  22 RELIABILITY | ACCOUNTABILITY
Implementation Plan • Implementation issues:  Specified initial performance of all periodic requirements in  implementation plan  24 months following regulatory approval for all  requirementsrequirements  Identity Verification does not need to be repeated  Discussion of unplanned re‐categorization to a higher p g g impact level  Discussion of disaster recovery actions  Discussion of requirements applied to access control  systems (physical and electronic), and Protected Cyber  Assets 23 RELIABILITY | ACCOUNTABILITY
Applicability • Applicability Section:  Section 4.1 Functional Entities oDescribes which asset owners, based on their functional  model designation, and specific ownership of assets,  must comply with the standardsmust comply with the standards oMay have no qualifications – applies to all entities  registered for that function  Section 4.2 Facilities oDescribes which assets must comply with the standards oMay have no qualifications – applies to all BES assets  owned by that function 24 RELIABILITY | ACCOUNTABILITY
Applicability • Applicability Example:  For Distribution Providers – only those registered DPs that  own specifically called out pieces of equipment, such as  UFLS systems, must comply with the standards  For those DPs only the specifically called out pieces ofFor those DPs, only the specifically called out pieces of  equipment must comply with the standards • If a DP does not own any called out equipment, it y q p does not need to comply with the standards • If a DP owns a piece of called out equipment, only  that called out equipment must comply with the  standards 25 RELIABILITY | ACCOUNTABILITY
Applicability 26 RELIABILITY | ACCOUNTABILITY
Applicability 27 RELIABILITY | ACCOUNTABILITY
Applicability 28 RELIABILITY | ACCOUNTABILITY
CIP Standards – Version 5 • CIP‐002‐5 through CIP‐009‐5, CIP‐010‐1, CIP‐011‐1 • “Results‐based Standard” format  Requirements and measures together  Guidance and rational in text boxes • “Looks” bigger  ~1” printout for Version 5 (includes VSLs) compared to  ¼” i t t f V i 4~¼” printout for Version 4  Includes much more guidance and rationale for each  requirementequ e e t 29 RELIABILITY | ACCOUNTABILITY
Version 5 Requirement Counts • CIP‐002  2 Requirements; 5 Parts; Attachment with bright lines for High and Medium • CIP‐003  4 Requirements; 13 Partsq ; • CIP‐004  5 Requirements; 18 Parts • CIP‐005  2 Requirements; 8 Parts • CIP‐006  3 Requirements; 13 Parts • CIP‐007  5 Requirements; 20 Partsq ; • CIP‐008  3 Requirements; 9 Parts • CIP‐009  3 Requirements; 10 Parts 3 Requirements; 10 Parts • CIP‐010  3 Requirements; 10 Parts • CIP‐011 2 R i 4 P 30 RELIABILITY | ACCOUNTABILITY  2 Requirements; 4 Parts • Total:  32 Requirements; 110 Parts
Version 4 Requirement Counts • CIP‐002  3 Requirements; 0 parts, Attachment with Bright Lines • CIP‐003 6 R i 18 / b 6 Requirements;  18 parts/sub‐parts • CIP‐004  4 Requirements;  12 parts/sub‐parts • CIP‐005• CIP‐005  5 Requirements;  26 parts/sub‐parts • CIP‐006  8 Requirements; 15 parts/sub‐partsq ; p / p • CIP‐007  9 Requirements;  34 parts/sub‐parts • CIP‐008  2 Requirements; 6 parts • CIP‐009  5 Requirements; 2 parts • Total: 31 RELIABILITY | ACCOUNTABILITY • Total:  42 Requirements; 113 parts/sub‐parts
CIP Standards – Version 5 • Sub‐Requirements  Each Requirement / Sub‐Requirement is a compliance  touch‐point  Non‐compliance with a sub‐requirement stands on its own  Sub requirements have independent VSLs (unless rolled up) Sub‐requirements have independent VSLs (unless rolled‐up) • Requirement Parts  Only the Requirement is a compliance touch point Only the Requirement is a compliance touch‐point  Cannot be independently in non‐compliance with a Part  VSLs written only at the Requirement level (making very S s tte o y at t e equ e e t e e ( a g e y long and complicated VSL language)  Parts allow flexibility in development and implementation  f h i 32 RELIABILITY | ACCOUNTABILITY of the requirement
CIP Standards – Version 5 • “Annual” – interaction with CAN – now “15 months” • Monthly requirements – changed to 35 days l h b ll d l f• Measures are examples with bulleted lists; format,  wording • Compliance artifacts in requirements (e gCompliance artifacts in requirements (e.g.,  “documentation of …”) • LSE (removed), replaced with DP  LSE functions changed since original standards development  timeframe • 300 MW threshold on UFLS/UVLS• 300 MW threshold on UFLS/UVLS  No justification for a different value • Notifications:  IROL, “must run” (resolving as part of V4) 33 RELIABILITY | ACCOUNTABILITY • IROL’s in WECC
CIP Standards – Version 5 • Definition / threshold of Control Center  Includes “data centers” C ti it ( t bl di l )• Connectivity (routable, dial‐up) • Low Impact (policy only)  List not requiredq • Date tracking (PRA, training, access, etc) • Access revocation (reassignments, timing, immediate) d l b l h• Removed 99.9% availability phrasing   Difficult to track and audit  Replaced with “IAC” languagep g g • Interactive Remote Access  Clarify encryption and multi‐factor authentication points R l f i t / f ti 34 RELIABILITY | ACCOUNTABILITY  Remove examples from requirements / purpose of encryption
CIP Standards – Version 5 • Ports & Services –  Physical ports ‐ FERC Directive N di ti l if i t ll t h ithi 35 d• No remediation plan if install patches within 35 days  Allow updates to existing plans rather than new plans all the  time • Periodic review of patch sources – not individual patches • Anti‐malware – clarify system level • “Per device capability” clauses added • Password changing / pseudorandom passwords  (RuggedCom vulnerability impacts)(RuggedCom vulnerability impacts) • Evidence Retention (compliance vs. security monitoring) 35 RELIABILITY | ACCOUNTABILITY
CIP Standards – Version 5 • Take back reporting requirement from  EOP‐004 into CIP‐008 • Guidance on “active” vs. “passive” vulnerability  assessment • V4 bypass language still in implementation plan• V4 bypass language still in implementation plan 36 RELIABILITY | ACCOUNTABILITY
Version 5 NOPR • Issued April 18, 2013  Posted at http://www.ferc.gov/whats‐new/comm‐ meet/2013/041813/E‐7.pdf  75 pages  Comments due June 24 2013 (60 days after publication in Comments due June 24, 2013 (60 days after publication in  Federal Register)  Contains 48 specific requests for comment (may be overlap)p q ( y p)  Proposes 11 directives for change  Proposes 16 areas where FERC “may” direct changes 37 RELIABILITY | ACCOUNTABILITY
Version 5 NOPR • Major Themes:  “Identify, Assess and Correct” language  Impact Categorization o No reference to studies supporting bright‐line thresholds o No consideration of coordinated attack on multiple low impacto No consideration of coordinated attack on multiple low impact  systems o Only based on BES impact (i.e., no assessment of “confidentiality,  integrity or availability”)integrity or availability )  Low Impact BES cyber Systems o Specificity of requirements o Lack of inventory 38 RELIABILITY | ACCOUNTABILITY
Version 5 NOPR  Definitions: o 15 minute impact in BES Cyber Asset Generation Control Centers (vs control rooms)o Generation Control Centers (vs. control rooms) o Removal of “communication networks” from Cyber Asset o Use of “reliability tasks” phrase o “Intermediate System” vs. “intermediate device” 39 RELIABILITY | ACCOUNTABILITY
Version 5 NOPR  Implementation Plan o Proposes to accept the “Version 4 bypass” language Are 24 /36 months necessary?o Are 24 /36 months necessary?  Violation Risk Factors o Inconsistent with prior versions  Violation Severity Levels o Inconsistent with Commission guidelines M d t b difi d b d t f “IAC” di io May need to be modified based on outcome of “IAC” discussion 40 RELIABILITY | ACCOUNTABILITY
Version 5 NOPR • New Topics (post Order No. 706)  Communications Security o Including encryption, protections for serial communications  Remote Access (more than proposed Version 5 language?)  o May already be covered by Version 5 languageo May already be covered by Version 5 language  NIST topics o Maintenance devices o Separation of duties o Threat / risk based categorization o May include other areaso May include other areas  May be others 41 RELIABILITY | ACCOUNTABILITY
Version 5 NOPR • NERC Response:  60 page response (largest response)  Supports standards as filed: o IAC: - Discusses meaning of IAC languageDiscusses meaning of IAC language - Reliability Benefit of IAC Language - Compliance obligations of IAC language - Consistency with NIST FrameworkConsistency with NIST Framework oBES Cyber Asset Categorization and Protection - Supports Facility rating approach P i f l i BES C b A- Protections of low impact BES Cyber Assets - Supports not requiring inventory of low impact BES Cyber Assets 42 RELIABILITY | ACCOUNTABILITY
Version 5 NOPR • NERC Response (continued): o Definitions: BES Cyber Asset 15 i- 15‐minute parameter - 30‐day exclusion o Definitions: Control Center - Geographically disperse generating plants o Definitions: Cyber Assets - Removal of “communications networks” o Definitions: Reliability Tasks - Well‐understood term o Definitions: Intermediate Deviceso Definitions: Intermediate Devices - Filing oversight 43 RELIABILITY | ACCOUNTABILITY
Version 5 NOPR • NERC Response (continued): o Implementation Plan: 24 d 36 h i f i d- 24‐ and 36‐month timeframes appropriate and necessary - Transition guidance and pilot program o VRF & VSL - Severity of violation as expressed in duration of violation - Not two separate violations o Other Technical Concerns - Technical conferences to discuss issues - Use Reliability Standards Development Process o Remote Accesso Remote Access - Concerns addressed in CIP‐004 44 RELIABILITY | ACCOUNTABILITY
Version 5 NOPR • NOPR Comments:  65 files submitted from 62 parties  782 pages  Generally supportive of NERC positions I i h IAC lo Issues with IAC language o Issues with RFA analysis and estimates (cost & time) • Next Steps:Next Steps:  FERC must read, summarize and react to all comments while  writing final rule 45 RELIABILITY | ACCOUNTABILITY
References • Standard project  2008‐06 page:  http://www.nerc.com/filez/standards/Project_2008‐ 06_Cyber_Security.html • Version 4 page: // / / / http://www.nerc.com/filez/standards/Project_2008‐ 06_Cyber_Security_PhaseII_Standards.html • Version 4 Guidance Document• Version 4 Guidance Document  http://www.nerc.com/docs/standards/sar/Project_2008‐ 06_CIP‐002‐4_Guidance_clean_20101220.pdf • Version 5 page:  http://www.nerc.com/filez/standards/Project_2008‐ 46 RELIABILITY | ACCOUNTABILITY 06_Cyber_Security_Version_5_CIP_Standards_.html
Questions Scott Mix, CISSP scott mix@nerc netscott.mix@nerc.net 215-853-8204

Recommended

Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
Achieving Cyber Essentials
Achieving Cyber Essentials Achieving Cyber Essentials
Achieving Cyber Essentials Qonex
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 

Recommended

Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
Achieving Cyber Essentials
Achieving Cyber Essentials Achieving Cyber Essentials
Achieving Cyber Essentials Qonex
 
SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 SANS ICS Security Survey Report 2016
SANS ICS Security Survey Report 2016 Derek Harp
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
S4xJapan Closing Keynote
S4xJapan Closing KeynoteS4xJapan Closing Keynote
S4xJapan Closing KeynoteDigital Bond
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)Byres Security Inc.
 
Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA Jeffrey Wang , P.Eng
 
Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01RoutecoMarketing
 
IEC and cyber security (June 2018)
IEC and cyber security (June 2018)IEC and cyber security (June 2018)
IEC and cyber security (June 2018)International Electrotechnical Commission (IEC)
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Honeywell
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityDeepakraj Sahu
 
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...EnergySec
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE ExperienceDigital Bond
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCommunity Protection Forum
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...TI Safe
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyAccenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyHoneywell
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
Cybersecurity Health Checks: Safeguarding Your Organisation
Cybersecurity Health Checks: Safeguarding Your OrganisationCybersecurity Health Checks: Safeguarding Your Organisation
Cybersecurity Health Checks: Safeguarding Your OrganisationLinkedIn Learning Solutions
 
Application Security
Application SecurityApplication Security
Application SecurityMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Explain Kerberos like I'm 5
Explain Kerberos like I'm 5Explain Kerberos like I'm 5
Explain Kerberos like I'm 5Lynn Root
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashAnkit Mehta
 

More Related Content

What's hot

Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?Digital Bond
 
Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01RoutecoMarketing
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Honeywell
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityDeepakraj Sahu
 
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...EnergySec
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE ExperienceDigital Bond
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCommunity Protection Forum
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...TI Safe
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsItex Solutions
 
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyAccenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyHoneywell
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 James Nesbitt
 
Cybersecurity Health Checks: Safeguarding Your Organisation
Cybersecurity Health Checks: Safeguarding Your OrganisationCybersecurity Health Checks: Safeguarding Your Organisation
Cybersecurity Health Checks: Safeguarding Your OrganisationLinkedIn Learning Solutions
 

What's hot (20)

Should I Patch My ICS?
Should I Patch My ICS?Should I Patch My ICS?
Should I Patch My ICS?
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA
 
Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01Routeco cyber security and secure remote access 1 01
Routeco cyber security and secure remote access 1 01
 
IEC and cyber security (June 2018)
IEC and cyber security (June 2018)IEC and cyber security (June 2018)
IEC and cyber security (June 2018)
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82
 
Guide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_securityGuide scada and_industrial_control_systems_security
Guide scada and_industrial_control_systems_security
 
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
 
The RIPE Experience
The RIPE ExperienceThe RIPE Experience
The RIPE Experience
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
CLASS 2018 - Palestra de Jens Puhlmann (Security Manager, NA - ICS Security M...
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance Guide
 
Cybersecurity for modern industrial systems
Cybersecurity for modern industrial systemsCybersecurity for modern industrial systems
Cybersecurity for modern industrial systems
 
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case StudyAccenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study
 
Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015 Industrial Control Cyber Security Europe 2015
Industrial Control Cyber Security Europe 2015
 
Cybersecurity Health Checks: Safeguarding Your Organisation
Cybersecurity Health Checks: Safeguarding Your OrganisationCybersecurity Health Checks: Safeguarding Your Organisation
Cybersecurity Health Checks: Safeguarding Your Organisation
 
Application Security
Application SecurityApplication Security
Application Security
 

Viewers also liked

Explain Kerberos like I'm 5
Explain Kerberos like I'm 5Explain Kerberos like I'm 5
Explain Kerberos like I'm 5Lynn Root
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashAnkit Mehta
 
FHIR tutorial - Afternoon
FHIR tutorial - AfternoonFHIR tutorial - Afternoon
FHIR tutorial - AfternoonEwout Kramer
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication ProtocolBibek Subedi
 

Viewers also liked (7)

Explain Kerberos like I'm 5
Explain Kerberos like I'm 5Explain Kerberos like I'm 5
Explain Kerberos like I'm 5
 
Kerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-HashKerberos, NTLM and LM-Hash
Kerberos, NTLM and LM-Hash
 
FHIR tutorial - Afternoon
FHIR tutorial - AfternoonFHIR tutorial - Afternoon
FHIR tutorial - Afternoon
 
Kerberos protocol
Kerberos protocolKerberos protocol
Kerberos protocol
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication Protocol
 
kerberos
kerberoskerberos
kerberos
 
Kerberos
KerberosKerberos
Kerberos
 

Similar to Cyber Security Standards Update: Version 5 by Scott Mix

siemens relays catalog - geetech group.pdf
siemens relays catalog - geetech group.pdfsiemens relays catalog - geetech group.pdf
siemens relays catalog - geetech group.pdfGeeTech Group
 
Algo sec suite overview 2013 05
Algo sec suite overview 2013 05Algo sec suite overview 2013 05
Algo sec suite overview 2013 05hoanv
 
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Cisco Canada
 
V&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsV&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsOak Systems
 
f5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdff5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdfGrigoryShkolnik1
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?Alvin Integrated Services [AIS]
 
Software - Role in Systems and Architectures
Software - Role in Systems and ArchitecturesSoftware - Role in Systems and Architectures
Software - Role in Systems and ArchitecturesAbhilash Gopalakrishnan
 
CompTIA CASP Objectives
CompTIA CASP ObjectivesCompTIA CASP Objectives
CompTIA CASP Objectivessombat nirund
 
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 
F5 9.x to 10.x Upgrade Customer Presentation
F5 9.x to 10.x Upgrade Customer PresentationF5 9.x to 10.x Upgrade Customer Presentation
F5 9.x to 10.x Upgrade Customer PresentationF5 Networks
 
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaProteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaCisco do Brasil
 
Cisco at v mworld 2015 ravi_vmworldtheater2015
Cisco at v mworld 2015 ravi_vmworldtheater2015Cisco at v mworld 2015 ravi_vmworldtheater2015
Cisco at v mworld 2015 ravi_vmworldtheater2015ldangelo0772
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA Cyber Security
 

Similar to Cyber Security Standards Update: Version 5 by Scott Mix (20)

siemens relays catalog - geetech group.pdf
siemens relays catalog - geetech group.pdfsiemens relays catalog - geetech group.pdf
siemens relays catalog - geetech group.pdf
 
Algo sec suite overview 2013 05
Algo sec suite overview 2013 05Algo sec suite overview 2013 05
Algo sec suite overview 2013 05
 
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
 
V&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple StandardsV&V Lessons Learnt under multiple Standards
V&V Lessons Learnt under multiple Standards
 
f5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdff5_synthesis_cisco_connect.pdf
f5_synthesis_cisco_connect.pdf
 
ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?ISO 27017 – What are the Business Advantages of Cloud Security?
ISO 27017 – What are the Business Advantages of Cloud Security?
 
Software - Role in Systems and Architectures
Software - Role in Systems and ArchitecturesSoftware - Role in Systems and Architectures
Software - Role in Systems and Architectures
 
CompTIA CASP Objectives
CompTIA CASP ObjectivesCompTIA CASP Objectives
CompTIA CASP Objectives
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
 
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
Primend Praktiline Konverents - Rakenduse keskne IT infrastruktuur / Cisco Ap...
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Ensuring your plant is secure
Ensuring your plant is secureEnsuring your plant is secure
Ensuring your plant is secure
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
F5 9.x to 10.x Upgrade Customer Presentation
F5 9.x to 10.x Upgrade Customer PresentationF5 9.x to 10.x Upgrade Customer Presentation
F5 9.x to 10.x Upgrade Customer Presentation
 
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaProteja seus clientes - Gerenciamento dos Serviços de Segurança
Proteja seus clientes - Gerenciamento dos Serviços de Segurança
 
Cisco at v mworld 2015 ravi_vmworldtheater2015
Cisco at v mworld 2015 ravi_vmworldtheater2015Cisco at v mworld 2015 ravi_vmworldtheater2015
Cisco at v mworld 2015 ravi_vmworldtheater2015
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & Build
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
 
lenner.pptx
lenner.pptxlenner.pptx
lenner.pptx
 

More from TheAnfieldGroup

Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillEliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillTheAnfieldGroup
 
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...TheAnfieldGroup
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...TheAnfieldGroup
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...TheAnfieldGroup
 
Technologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTechnologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTheAnfieldGroup
 
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...TheAnfieldGroup
 
Synchrophasor Timing Security
Synchrophasor Timing SecuritySynchrophasor Timing Security
Synchrophasor Timing SecurityTheAnfieldGroup
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...TheAnfieldGroup
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyTheAnfieldGroup
 

More from TheAnfieldGroup (9)

Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir GillEliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill
 
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
 
Technologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTechnologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, Ercot
 
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
 
Synchrophasor Timing Security
Synchrophasor Timing SecuritySynchrophasor Timing Security
Synchrophasor Timing Security
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
 

Recently uploaded

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Cyber Security Standards Update: Version 5 by Scott Mix

  • 1. Cyber Security Standards Update: Version 5Version 5  August 1 2013August 1, 2013  Scott Mix, CISSP  CIP Technical Manager
  • 2. Agenda • Version 5 – Impact Levels F t– Format – Features – NOPR 2 RELIABILITY | ACCOUNTABILITY
  • 3. CIP Standards – Version 5 • CIP Version 5 ‐ Draft 4 – Final Version  Approved by industry on Nov 5, 2012  Approved by NERC Board of Trustees on Nov 26.   2012  Filed with FERC on February 1 2013 Filed with FERC on February 1, 2013 oFERC Docket RM13‐5 o10,483 page filing, p g g 3 RELIABILITY | ACCOUNTABILITY
  • 4. CIP Standards – Version 5 • CIP‐002‐5: BES Cyber Asset and BES Cyber System  Categorization i l• CIP‐003‐5: Security Management Controls • CIP‐004‐5: Personnel and Training • CIP‐005‐5: Electronic Security Perimeter(s)• CIP 005 5: Electronic Security Perimeter(s) • CIP‐006‐5: Physical Security of BES Cyber Systems • CIP‐007‐5: Systems Security Management • CIP‐008‐5: Incident Reporting and Response Planning • CIP‐009‐5: Recovery Plans for BES Cyber Assets and  S tSystems • CIP‐010‐1: Configuration Management and Vulnerability  Assessments 4 RELIABILITY | ACCOUNTABILITY Assessments • CIP‐011‐1: Information Protection
  • 5. CIP Standards – Version 5 • New / Modified Terms:  BES Cyber Asset   BES Cyber System  Electronic Access Point (EAP)  Electronic Security Perimeter   BES Cyber System   BES Cyber System  Information   CIP Exceptional y (ESP)  External Routable Connectivity  Interactive Remote Access CIP Exceptional  Circumstance   CIP Senior Manager C t l C t Interactive Remote Access   Intermediate Device   Physical Access Control Systems  (PACS) Control Center  Cyber Assets   Cyber Security Incident (PACS)   Physical Security Perimeter  (PSP)  Protected Cyber Asset (PCA)  Dial‐up Connectivity  Electronic Access Control  and Monitoring Systems   Protected Cyber Asset  (PCA)  Reportable Cyber Security   Incident 5 RELIABILITY | ACCOUNTABILITY g y (EACMS)
  • 6. CIP Standards – Version 5 • Retired Terms  Critical Assets C iti l C b A t Critical Cyber Assets 6 RELIABILITY | ACCOUNTABILITY
  • 7. CIP Standards – Version 5 • CIP‐002  Builds on “bright lines” in CIP‐002‐4g  “Version 4” Critical Asset control centers – High   Other “Version 4” Critical Assets – Medium   Some “Version 4” non‐critical asset control centers – Medium   Transmission now looking at “capacity” rather than  number of lines at a voltage level C t h ll t f ifi ll t i d L Catch‐all category for non‐specifically categorized – Low  o“Something everywhere” – within the BES oProgrammatic requirement: CIP 003 5 Requirement R2 7 RELIABILITY | ACCOUNTABILITY oProgrammatic requirement: CIP‐003‐5 Requirement R2
  • 8. CIP Standards – Version 5 • High Impact – Large Control Centers – CIP‐003 through 009 “plus”CIP 003 through 009  plus • Medium Impact  – Generation and Transmission C l C– Control Centers – Similar to CIP‐003 to 009 V4 • All other BES Cyber Systems  (Low Impact) must implement a  policy to address: – Cybersecurity Awareness – Physical Security Controls – Electronic Access Controls – Incident Response 8 RELIABILITY | ACCOUNTABILITY Incident Response • High Watermarking
  • 9. CIP Standards – Version 5 Rationale, Guidance & Changes, Main Requirement and Measure Applicable Systems for requirement part Requirement part text Requirement part Measure text 9 RELIABILITY | ACCOUNTABILITY Requirement part Reference Requirement part change rationale
  • 10. CIP Standards – Version 5 • Format  Following Results‐based Standards format  Background section before requirements  Requirement and Measurement next to each other  Rationale and guidance developed in parallel with  requirements – still being developed and augmented T i f i h id / i l Two posting formats – one with guidance/rationale text  boxes inline; other with guidance and rational text  grouped at endg p  Still must audit only to the requirement  Guidelines and Technical Basis section at end 10 RELIABILITY | ACCOUNTABILITY
  • 11. CIP Standards – Version 5 • Applicable Systems column in tables  What systems or entities the row in the  table apply to  Listed in each standard  Specific phrases – consistent across all standards  A requirement part (row) may have multiple applicability A requirement part (row) may have multiple applicability  statements  Examples: o High Impact BES Cyber Systems o Medium Impact BES Cyber Systems o Medium Impact BES Cyber Systems at Control Centers o Medium Impact BES Cyber Systems with External Routable  Connectivity o Protected Cyber Assets 11 RELIABILITY | ACCOUNTABILITY y o Electronic Access Control Systems
  • 12. CIP Standards – Version 5 • Connectivity  No longer a blanket exemption  Now listed in applicability section – Routable Connectivity or  Dial‐up Connectivity  “Routable protocol” applicability now applies where large Routable protocol  applicability now applies where large  volume, real‐time communications requirements are listed – e.g., logging • Low Impact  CIP‐003‐5 Requirement R2  “Programmatic” controls (i.e., have a program for …)  Requires physical and cyber security protections for  “locations” containing low 12 RELIABILITY | ACCOUNTABILITY locations  containing low  Does not require lists of every low impact BES Cyber System
  • 13. CIP Standards – Version 5 • TFEs  Attempting to minimize required TFEs (e.g., anti‐malware on  switches)  Reduced from 14 requirements to 10  But still have TFEs (including new ones where existing V1 V4 But … still have TFEs (including new ones where existing V1 – V4  problems exist)  Have added “per Cyber Asset capability” language to allow strict  compliance with the language of the requirement, without  requiring a TFE (~5 requirements) • Measures• Measures  Guidance to auditors as well as entities  “An example of evidence may include, but is not limited to, …” 13 RELIABILITY | ACCOUNTABILITY An example of evidence may include, but is not limited to, …  No longer a “meaningless restatement of the requirement”
  • 14. CIP-002-4 • Notes when reading NERC Standards:  Capitalization is very important.   Capitalized words refer to terms in the NERC Glossary of  Terms Used in Reliability Standards  (http://www.nerc.com/pa/Stand/Glossary%20of%20Terms(http://www.nerc.com/pa/Stand/Glossary%20of%20Terms /Glossary_of_Terms.pdf)   Non‐capitalized terms do not refer to NERC glossary terms i “R l i ” i h “ l i ”o i.e., “Real‐time” is not the same as “real‐time” o “Facilities” is not the same as “facilities”  Terms with well known and authoritative definitions defer  to those authoritative sources (e.g., “FACTS”)  Not all terms used have either NERC Glossary definitions or  authoritative definitions (e g “control center”) 14 RELIABILITY | ACCOUNTABILITY authoritative definitions (e.g.,  control center )
  • 15. CIP Standards – Version 5 • Bulleted lists vs. numbered lists  Bulleted lists are separated by “or”p y  Bulleted lists imply that not all of the items in the list  are required  Numbered lists are separated by “and”  Numbered lists imply that all of the items in the lists  dare required • Both bulleted and numbered lists are used in  both requirements and measures 15 RELIABILITY | ACCOUNTABILITY
  • 16. Features of Version 5 • Closes out directives in FERC Order No. 706 (also, FERC  Order No. 761 imposes March 31, 2013, filing deadline) • Results‐based standards  Focus on reliability and security‐related result  Non‐technology specificNon technology specific  Smarter use of Technical Feasibility Exception (TFE) process  “Plain language of the requirement”, i.e., “per device  bili ”capability” • Risk‐informed systems approach  Adopt solutions and tailor security based on function andAdopt solutions and tailor security based on function and  risk  No longer a harsh “in or out” demarcation for applicability  Impact and connecti it informs applicabilit 16 RELIABILITY | ACCOUNTABILITY  Impact and connectivity informs applicability
  • 17. Features of Version 5 • Systems approach illustration  Cyber Assets function together as a complex system  Identify the system and apply requirements to the whole  rather than the part 17 RELIABILITY | ACCOUNTABILITY  “High Watermarking” inside boundary
  • 18. CIP V5 Approach to Correcting Deficiencies • Empowers industry  Shifts focus from whether deficiencies occur to correcting  d fi i ideficiencies  Continuous Improvement  o From: backward‐looking, individual violationso From: backward looking, individual violations o To: forward‐looking, holistic focus • Reliability and security emphasis that promotes the  identification and correction of deficiencies  • Consistent with NERC “Internal Controls” approach to  licompliance • Version 5 triggering language: “… implement, in a manner  that identifies assesses and corrects deficiencies ” 18 RELIABILITY | ACCOUNTABILITY that identifies, assesses, and corrects deficiencies, …
  • 19. CIP V5 Approach to Correcting Deficiencies (Continued) • Corrected deficiency is a component of satisfying the  requirement • Does not require “internal controls” or additional  process d d h f d f• Standards approach of correcting deficiencies  complements the compliance concept of internal controls • Reliability Standard Authorization Worksheets (RSAWs)• Reliability Standard Authorization Worksheets (RSAWs)  and Violation Severity Levels (VSLs) must support  approachapproach  Does not expand obligations  Clarifies that method of identifying, assessing, and correcting  19 RELIABILITY | ACCOUNTABILITY deficiencies is not evaluated
  • 20. Draft RSAW • Deficiencies refer to possible non‐compliances with  the standard; not all deficiencies would become  issues of non‐compliance • Entities are not required to self‐report deficiencies if  h id if i i d i hthey are identifying, assessing and correcting them • CEA samples identified, assessed and corrected  d fi i ideficiencies  CEA considers impact of correction in determining the  sample sizesample size 20 RELIABILITY | ACCOUNTABILITY
  • 21. When to Self-Report • Plan does not exist • Plan has not been implemented • Did not assess or correct identified deficiencies • Deficiencies that create high risk to the Bulk Electric g System 21 RELIABILITY | ACCOUNTABILITY
  • 22. Implementation Plan • Proposed Effective Date (from CIP‐002‐5;  all standards use the same language): 1. 24 Months Minimum – CIP‐002‐5 shall become effective  on the later of July 1, 2015, or the first calendar day of  the ninth calendar quarter after the effective date of thethe ninth calendar quarter after the effective date of the  order providing applicable regulatory approval.     2. In those jurisdictions where no regulatory approval is j g y pp required CIP‐002‐5 shall become effective on the first  day of the ninth calendar quarter following Board of  Trustees’ approval or as otherwise made effectiveTrustees  approval, or as otherwise made effective  pursuant to the laws applicable to such ERO  governmental authorities.  22 RELIABILITY | ACCOUNTABILITY
  • 23. Implementation Plan • Implementation issues:  Specified initial performance of all periodic requirements in  implementation plan  24 months following regulatory approval for all  requirementsrequirements  Identity Verification does not need to be repeated  Discussion of unplanned re‐categorization to a higher p g g impact level  Discussion of disaster recovery actions  Discussion of requirements applied to access control  systems (physical and electronic), and Protected Cyber  Assets 23 RELIABILITY | ACCOUNTABILITY
  • 24. Applicability • Applicability Section:  Section 4.1 Functional Entities oDescribes which asset owners, based on their functional  model designation, and specific ownership of assets,  must comply with the standardsmust comply with the standards oMay have no qualifications – applies to all entities  registered for that function  Section 4.2 Facilities oDescribes which assets must comply with the standards oMay have no qualifications – applies to all BES assets  owned by that function 24 RELIABILITY | ACCOUNTABILITY
  • 25. Applicability • Applicability Example:  For Distribution Providers – only those registered DPs that  own specifically called out pieces of equipment, such as  UFLS systems, must comply with the standards  For those DPs only the specifically called out pieces ofFor those DPs, only the specifically called out pieces of  equipment must comply with the standards • If a DP does not own any called out equipment, it y q p does not need to comply with the standards • If a DP owns a piece of called out equipment, only  that called out equipment must comply with the  standards 25 RELIABILITY | ACCOUNTABILITY
  • 29. CIP Standards – Version 5 • CIP‐002‐5 through CIP‐009‐5, CIP‐010‐1, CIP‐011‐1 • “Results‐based Standard” format  Requirements and measures together  Guidance and rational in text boxes • “Looks” bigger  ~1” printout for Version 5 (includes VSLs) compared to  ¼” i t t f V i 4~¼” printout for Version 4  Includes much more guidance and rationale for each  requirementequ e e t 29 RELIABILITY | ACCOUNTABILITY
  • 30. Version 5 Requirement Counts • CIP‐002  2 Requirements; 5 Parts; Attachment with bright lines for High and Medium • CIP‐003  4 Requirements; 13 Partsq ; • CIP‐004  5 Requirements; 18 Parts • CIP‐005  2 Requirements; 8 Parts • CIP‐006  3 Requirements; 13 Parts • CIP‐007  5 Requirements; 20 Partsq ; • CIP‐008  3 Requirements; 9 Parts • CIP‐009  3 Requirements; 10 Parts 3 Requirements; 10 Parts • CIP‐010  3 Requirements; 10 Parts • CIP‐011 2 R i 4 P 30 RELIABILITY | ACCOUNTABILITY  2 Requirements; 4 Parts • Total:  32 Requirements; 110 Parts
  • 31. Version 4 Requirement Counts • CIP‐002  3 Requirements; 0 parts, Attachment with Bright Lines • CIP‐003 6 R i 18 / b 6 Requirements;  18 parts/sub‐parts • CIP‐004  4 Requirements;  12 parts/sub‐parts • CIP‐005• CIP‐005  5 Requirements;  26 parts/sub‐parts • CIP‐006  8 Requirements; 15 parts/sub‐partsq ; p / p • CIP‐007  9 Requirements;  34 parts/sub‐parts • CIP‐008  2 Requirements; 6 parts • CIP‐009  5 Requirements; 2 parts • Total: 31 RELIABILITY | ACCOUNTABILITY • Total:  42 Requirements; 113 parts/sub‐parts
  • 32. CIP Standards – Version 5 • Sub‐Requirements  Each Requirement / Sub‐Requirement is a compliance  touch‐point  Non‐compliance with a sub‐requirement stands on its own  Sub requirements have independent VSLs (unless rolled up) Sub‐requirements have independent VSLs (unless rolled‐up) • Requirement Parts  Only the Requirement is a compliance touch point Only the Requirement is a compliance touch‐point  Cannot be independently in non‐compliance with a Part  VSLs written only at the Requirement level (making very S s tte o y at t e equ e e t e e ( a g e y long and complicated VSL language)  Parts allow flexibility in development and implementation  f h i 32 RELIABILITY | ACCOUNTABILITY of the requirement
  • 33. CIP Standards – Version 5 • “Annual” – interaction with CAN – now “15 months” • Monthly requirements – changed to 35 days l h b ll d l f• Measures are examples with bulleted lists; format,  wording • Compliance artifacts in requirements (e gCompliance artifacts in requirements (e.g.,  “documentation of …”) • LSE (removed), replaced with DP  LSE functions changed since original standards development  timeframe • 300 MW threshold on UFLS/UVLS• 300 MW threshold on UFLS/UVLS  No justification for a different value • Notifications:  IROL, “must run” (resolving as part of V4) 33 RELIABILITY | ACCOUNTABILITY • IROL’s in WECC
  • 34. CIP Standards – Version 5 • Definition / threshold of Control Center  Includes “data centers” C ti it ( t bl di l )• Connectivity (routable, dial‐up) • Low Impact (policy only)  List not requiredq • Date tracking (PRA, training, access, etc) • Access revocation (reassignments, timing, immediate) d l b l h• Removed 99.9% availability phrasing   Difficult to track and audit  Replaced with “IAC” languagep g g • Interactive Remote Access  Clarify encryption and multi‐factor authentication points R l f i t / f ti 34 RELIABILITY | ACCOUNTABILITY  Remove examples from requirements / purpose of encryption
  • 35. CIP Standards – Version 5 • Ports & Services –  Physical ports ‐ FERC Directive N di ti l if i t ll t h ithi 35 d• No remediation plan if install patches within 35 days  Allow updates to existing plans rather than new plans all the  time • Periodic review of patch sources – not individual patches • Anti‐malware – clarify system level • “Per device capability” clauses added • Password changing / pseudorandom passwords  (RuggedCom vulnerability impacts)(RuggedCom vulnerability impacts) • Evidence Retention (compliance vs. security monitoring) 35 RELIABILITY | ACCOUNTABILITY
  • 36. CIP Standards – Version 5 • Take back reporting requirement from  EOP‐004 into CIP‐008 • Guidance on “active” vs. “passive” vulnerability  assessment • V4 bypass language still in implementation plan• V4 bypass language still in implementation plan 36 RELIABILITY | ACCOUNTABILITY
  • 37. Version 5 NOPR • Issued April 18, 2013  Posted at http://www.ferc.gov/whats‐new/comm‐ meet/2013/041813/E‐7.pdf  75 pages  Comments due June 24 2013 (60 days after publication in Comments due June 24, 2013 (60 days after publication in  Federal Register)  Contains 48 specific requests for comment (may be overlap)p q ( y p)  Proposes 11 directives for change  Proposes 16 areas where FERC “may” direct changes 37 RELIABILITY | ACCOUNTABILITY
  • 38. Version 5 NOPR • Major Themes:  “Identify, Assess and Correct” language  Impact Categorization o No reference to studies supporting bright‐line thresholds o No consideration of coordinated attack on multiple low impacto No consideration of coordinated attack on multiple low impact  systems o Only based on BES impact (i.e., no assessment of “confidentiality,  integrity or availability”)integrity or availability )  Low Impact BES cyber Systems o Specificity of requirements o Lack of inventory 38 RELIABILITY | ACCOUNTABILITY
  • 39. Version 5 NOPR  Definitions: o 15 minute impact in BES Cyber Asset Generation Control Centers (vs control rooms)o Generation Control Centers (vs. control rooms) o Removal of “communication networks” from Cyber Asset o Use of “reliability tasks” phrase o “Intermediate System” vs. “intermediate device” 39 RELIABILITY | ACCOUNTABILITY
  • 40. Version 5 NOPR  Implementation Plan o Proposes to accept the “Version 4 bypass” language Are 24 /36 months necessary?o Are 24 /36 months necessary?  Violation Risk Factors o Inconsistent with prior versions  Violation Severity Levels o Inconsistent with Commission guidelines M d t b difi d b d t f “IAC” di io May need to be modified based on outcome of “IAC” discussion 40 RELIABILITY | ACCOUNTABILITY
  • 41. Version 5 NOPR • New Topics (post Order No. 706)  Communications Security o Including encryption, protections for serial communications  Remote Access (more than proposed Version 5 language?)  o May already be covered by Version 5 languageo May already be covered by Version 5 language  NIST topics o Maintenance devices o Separation of duties o Threat / risk based categorization o May include other areaso May include other areas  May be others 41 RELIABILITY | ACCOUNTABILITY
  • 42. Version 5 NOPR • NERC Response:  60 page response (largest response)  Supports standards as filed: o IAC: - Discusses meaning of IAC languageDiscusses meaning of IAC language - Reliability Benefit of IAC Language - Compliance obligations of IAC language - Consistency with NIST FrameworkConsistency with NIST Framework oBES Cyber Asset Categorization and Protection - Supports Facility rating approach P i f l i BES C b A- Protections of low impact BES Cyber Assets - Supports not requiring inventory of low impact BES Cyber Assets 42 RELIABILITY | ACCOUNTABILITY
  • 43. Version 5 NOPR • NERC Response (continued): o Definitions: BES Cyber Asset 15 i- 15‐minute parameter - 30‐day exclusion o Definitions: Control Center - Geographically disperse generating plants o Definitions: Cyber Assets - Removal of “communications networks” o Definitions: Reliability Tasks - Well‐understood term o Definitions: Intermediate Deviceso Definitions: Intermediate Devices - Filing oversight 43 RELIABILITY | ACCOUNTABILITY
  • 44. Version 5 NOPR • NERC Response (continued): o Implementation Plan: 24 d 36 h i f i d- 24‐ and 36‐month timeframes appropriate and necessary - Transition guidance and pilot program o VRF & VSL - Severity of violation as expressed in duration of violation - Not two separate violations o Other Technical Concerns - Technical conferences to discuss issues - Use Reliability Standards Development Process o Remote Accesso Remote Access - Concerns addressed in CIP‐004 44 RELIABILITY | ACCOUNTABILITY
  • 45. Version 5 NOPR • NOPR Comments:  65 files submitted from 62 parties  782 pages  Generally supportive of NERC positions I i h IAC lo Issues with IAC language o Issues with RFA analysis and estimates (cost & time) • Next Steps:Next Steps:  FERC must read, summarize and react to all comments while  writing final rule 45 RELIABILITY | ACCOUNTABILITY
  • 46. References • Standard project  2008‐06 page:  http://www.nerc.com/filez/standards/Project_2008‐ 06_Cyber_Security.html • Version 4 page: // / / / http://www.nerc.com/filez/standards/Project_2008‐ 06_Cyber_Security_PhaseII_Standards.html • Version 4 Guidance Document• Version 4 Guidance Document  http://www.nerc.com/docs/standards/sar/Project_2008‐ 06_CIP‐002‐4_Guidance_clean_20101220.pdf • Version 5 page:  http://www.nerc.com/filez/standards/Project_2008‐ 46 RELIABILITY | ACCOUNTABILITY 06_Cyber_Security_Version_5_CIP_Standards_.html
  • 47. Questions Scott Mix, CISSP scott mix@nerc netscott.mix@nerc.net 215-853-8204