SlideShare a Scribd company logo

Megaplex nerc-cip-compliance

Nir Cohen
Nir Cohen

NERC-CIP’s most recent release, version 5, focuses primarily on BES substations and their critical Cyber Assets (CA), by establishing an Electronic Security Perimeter (ESP) around the substation’s control system. RAD’s Megaplex, a major building block in RAD’s Service Assured Networking (SAN) solutions for power utilities, is strategically located to manage all electronic access to the substation and the cyber assets within it from external and internal attacks. This paper reviews Megaplex’ 3-tier ESP protection and outlines how it helps power utilities boost their compliance with NERC CIP 005 and 007 requirements

Technology
1 of 10
Download to read offline
Solution Paper Boosting NERC-CIP Compliance Fortifying the Substation ESP May 2015
Abstract NERC-CIP’s most recent release, version 5, focuses primarily on BES substations and their critical Cyber Assets (CA), by establishing an Electronic Security Perimeter (ESP) around the substation’s control system. RAD’s Megaplex, a major building block in RAD’s Service Assured Networking (SAN) solutions for power utilities, is strategically located to manage all electronic access to the substation and the cyber assets within it from external and internal attacks. This paper reviews Megaplex’ 3-tier ESP protection and outlines how it helps power utilities boost their compliance with NERC CIP 005 and 007 requirements.
Boosting NERC-CIP Compliance RAD 1 Contents 1 Introduction.........................................................................................................2 2 Multiservice Aggregation and 10 Gbps Access/Core Platform ...............................3 3 Cyber Attack Prevention (CAP) .............................................................................4 4 Supporting NERC-CIP Compliance .........................................................................5 5 Why Select RAD’s Megaplex .................................................................................7
Boosting NERC-CIP Compliance 2 RAD 1 Introduction The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) is a regulatory authority whose mission is to assure the reliability of the bulk electric system (BES) in North America. NERC-CIP standards deal with both physical and cyber security aspects. With regards to cyber security, NERC-CIP’s most recent release, version 5, focuses primarily on BES substations and their critical Cyber Assets (CA), by establishing an Electronic Security Perimeter (ESP) around the substation’s control system. For over 30 years, RAD has been a supplier to the power utility industry, providing multiservice aggregation and, more recently, 10 Gbps access/core networks, with its Megaplex line of networking platforms. RAD’s Megaplex, a major building block in RAD’s Service Assured Networking (SAN) solutions for power utilities, is strategically located to manage all electronic access to the substation and the cyber assets within it. It has therefore been enhanced with Cyber Attack Prevention (CAP) capabilities to support the efforts of power utilities to achieve NERC-CIP compliance for their BES. Figure 1. RAD’s solutions for power grid control 1. The multiservice aggregation function combines all serial, Ethernet and analog substation traffic (voice, video, data, automation, and Teleprotection) onto the WAN, for delivery to multiple users outside the ESP.
Boosting NERC-CIP Compliance RAD 3 2. The 10 Gbps access/core network builder establishes multiple Ethernet rings, allowing wide area communications with fully redundant channels. 3. Three-layer CAP (Cyber-Attack Prevention), allowing device connection control within the ESP, SCADA- aware security for all substation devices and Man in the Middle (MitM) attack prevention. 2 Multiservice Aggregation and 10 Gbps Access/Core Platform The Megaplex provides a single point of communications entry (or fallback redundancy) to the substation’s ESP. It performs multiservice aggregation for the substation’s intelligent electronic devices (IED), Teleprotection communications, voice and video, remote terminal unit (RTU) communications, etc. In addition, the Megaplex acts as a 10 Gbps access/core network builder. The field proven Megaplex has been widely deployed in substations worldwide, delivering robust communications that meet power utilities exacting requirements, including sub-3 milliseconds signaling latency for Teleprotection between nearby substations. Figure 2: Multiservice Aggregation and 10 Gbps Access/Core Network with Megaplex
Boosting NERC-CIP Compliance 4 RAD 3 Cyber Attack Prevention (CAP) Unprotected or low-security communication networks for ESPs jeopardize the reliable operations of power utilities’ BES facilities. Primarily, security measures for critical infrastructure focus on assuring safety and reliability. Substation IEDs typically utilize serial or TCP-based protocols such as DNP 3, IEC 60870-5-101/4, and IEC 61850. Secure operation can be significantly enhanced by monitoring the two-way data exchange between these IEDs and the substation RTU or the aggregation unit, and intervening as necessary. The CAP shown on Figure 3 below is deployed as an ultimate shield for the substation ESP, protecting its secure operation from internal or external cyber attacks. Each IED, RTU or other device is separately connected to the Megaplex, allowing port-specific protection mechanisms to be defined. Under normal operating conditions, each device is communicating through the Megaplex and only safe commands are allowed to reach the IED, e.g., “send buffer data”, or “get time synchronization”. Under no circumstances can the IED be reconfigured or reset to factory default. Figure 3: CAP security procedures offered by the Megaplex
Boosting NERC-CIP Compliance RAD 5 Device Connection Control (DCC): The role of this function (marked as A) is to provide a single point of access control through the Megaplex to each IED (or other device) operating within the ESP. Each communication session traversing the Megaplex (to access the IED, RTU, or other device) is authenticated using a RADIUS or TACACS server, and Role Based Access (RBAC) is enabled. This permits only authorized functions to access only specific devices and only during predefined time periods. Each device and each port in the substation is monitored and recorded for any connection/disconnection or reconnection. SCADA-aware security layer: This function (marked as B) is performed by an embedded processing unit and operates as an application-specific firewall, controlling all connections within the substation ESP. In addition to typical firewall functionality, it may perform anomaly detection to prevent external cyber attacks. Man in the Middle (MitM) attack prevention: IEEE 802.1AE (MACsec) integrity and confidentiality mechanisms (marked as C) operate at Layer 2 (the Link Layer) of the OSI stack, thus securing all communications to and from the substation, to prevent MitM attacks. MACsec is agnostic to higher-layer protocols (such as DNP 3, IEC 60870- 5-104, IEC 61850, Mirror Bit, etc.), and thus allows them to securely flow across the network. With MACsec, each data packet is forwarded on a hop-by-hop basis, i.e., at each node the packet is authenticated and checked for tampering (and if encryption is employed, decrypted and re-encrypted) using AES with a 128 or 256 bit key. This guarantees a high level of data security by mitigating source spoofing, session hijacking, MitM interventions, Denial of Service (DoS), and Distributed DoS (DDoS) attacks. 4 Supporting NERC-CIP Compliance NERC-CIP compliance is an important challenge for power utilities. The requirements in the latest NERC-CIP release (version 5, sections 002 to 011) provide best practices for ensuring secure operations. These, together with physical and organizational measures, are required to be audited annually. The following table outlines how RAD’s solutions promote compliance with the relevant NERC-CIP requirements. NERC CIP 5 Section 005 R 1.3 Require inbound and outbound access permissions, including the reason for granting access, and deny all other access by default. The Megaplex provides the required security measures by communicating with an authentication server to ensure that inbound/outbound communications are authorized and to prevent unauthorized re- configuration. R 1.5 Have one or more methods for detecting known or suspected malicious communications for both inbound and outbound communications. The Megaplex includes a hosting processor that enables deployment of customer- specific applications, such as SCADA firewall and anomaly detection for malicious traffic and other unusual streams. IEEE 802.1AE
Boosting NERC-CIP Compliance 6 RAD provides authentication, source address verification, data integrity verification, and optionally encryption (if required for the used application). R 2.1 Utilize an intermediate system such as that the Cyber Asset initiating Interactive Remote Access does not directly access an applicable Cyber Asset The Megaplex provides the necessary security using IEEE 802.1AE encryption and 802.1X authorization, and prevents Interactive Remote Access to Cyber Assets within the ESP. A customer-specific SCADA firewall can be deployed to filter incoming data according to IP address and data payload. R 2.2 For all Interactive Remote Access sessions, utilize encryption that terminates at an Intermediate System The Megaplex security procedure terminates all encryption processes at the entry point. This allows inspection of the data and blocking of unwanted data and messages, as well as prevention of unauthorized applications. R 2.3 Require Multifactor Authentication for all Remote Access sessions. Multifactor authentication can be achieved by strengthening physical security to the facility and the use of a separate login password for all Remote Access sessions. NERC CIP 5 Section 007 R5.1 R5.2 Enforce Authentication of interactive user access where technically feasible The Megaplex utilizes IEEE 802.1X based authentication. Access Control, user authentication and privilege-level associations for local and remote access are provided using Secure Shell (SSH) via TACACS or RADIUS-type servers.
Boosting NERC-CIP Compliance RAD 7 5 Why Select RAD’s Megaplex RAD has more than 30 years of proven experience, a significant worldwide presence in more than 150 countries, and an installed base of more than 13 million units. RAD is a member of the US$ 1.2 billion RAD Group of companies, a world leader in communications solutions. RAD’s SAN solutions ensure high reliability, smooth migration and cyber security for power utilities. The Megaplex is an “all-in-one” platform, providing secure multiservice aggregation for substation IEDs, Teleprotection communications, voice and video, RTU communications, etc. It delivers effective protection for BES and cyber assets protected by the ESP. These and additional cyber defense measures support the efforts of power utilities to comply with NERC CIP standards. The Megaplex also acts as a 10 G access/core network builder. Upgrading the core communications network to PSN and carrier-grade Ethernet allows the deployment of stronger defense measures to protect the power grid from vulnerabilities and the risk of cyber attacks.
International Headquarters RAD Data Communications Ltd. 24 Raoul Wallenberg St. Tel Aviv 6971923 Israel Tel: 972-3-6458181 Fax: 972-3-6498250 E-mail: market@rad.com http://www.rad.com North America Headquarters RAD Data Communications Inc. 900 Corporate Drive Mahwah, NJ 07430 USA Tel: (201) 529-1100 Toll free: 1-800-444-7234 Fax: (201) 529-5777 E-mail: market@radusa.com www.radusa.com The RAD name and logo is a registered trademark of RAD Data Communications Ltd. © 2015 RAD Data Communications Ltd. All rights reserved. Subject to change without notice. Version 05/15 www.rad.com

Recommended

A Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart SubstationsA Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart SubstationsIJECEIAES
 
Study Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLStudy Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLAaron ND Sawmadal
 
Unified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight ControllerUnified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight ControllerSaikat Chaudhuri
 
EAACK-A Secure Intrusion Detection System Overview
EAACK-A Secure Intrusion Detection System OverviewEAACK-A Secure Intrusion Detection System Overview
EAACK-A Secure Intrusion Detection System Overviewvpmmguys
 
Design methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverDesign methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverijmnct
 
Seminar Report on Wisenet Technology
Seminar Report on Wisenet TechnologySeminar Report on Wisenet Technology
Seminar Report on Wisenet TechnologyVivek Soni
 
CCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point ConnectionsCCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point ConnectionsVuz Dở Hơi
 
CCNA4 Verson6 Chapter7
CCNA4 Verson6 Chapter7CCNA4 Verson6 Chapter7
CCNA4 Verson6 Chapter7Chaing Ravuth
 

Recommended

A Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart SubstationsA Defense-in-depth Cybersecurity for Smart Substations
A Defense-in-depth Cybersecurity for Smart SubstationsIJECEIAES
 
Study Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLStudy Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLAaron ND Sawmadal
 
Unified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight ControllerUnified Security Plugin for Opendaylight Controller
Unified Security Plugin for Opendaylight ControllerSaikat Chaudhuri
 
EAACK-A Secure Intrusion Detection System Overview
EAACK-A Secure Intrusion Detection System OverviewEAACK-A Secure Intrusion Detection System Overview
EAACK-A Secure Intrusion Detection System Overviewvpmmguys
 
Design methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverDesign methodology for ip secured tunel based embedded platform for aaa server
Design methodology for ip secured tunel based embedded platform for aaa serverijmnct
 
Seminar Report on Wisenet Technology
Seminar Report on Wisenet TechnologySeminar Report on Wisenet Technology
Seminar Report on Wisenet TechnologyVivek Soni
 
CCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point ConnectionsCCNAv5 - S4: Chapter3 Point to-point Connections
CCNAv5 - S4: Chapter3 Point to-point ConnectionsVuz Dở Hơi
 
CCNA4 Verson6 Chapter7
CCNA4 Verson6 Chapter7CCNA4 Verson6 Chapter7
CCNA4 Verson6 Chapter7Chaing Ravuth
 
Remote temperature and humidity monitoring system using wireless sensor networks
Remote temperature and humidity monitoring system using wireless sensor networksRemote temperature and humidity monitoring system using wireless sensor networks
Remote temperature and humidity monitoring system using wireless sensor networkseSAT Journals
 
CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11Irsandi Hasan
 
Pdf3
Pdf3Pdf3
Pdf3Editor IJARCET
 
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOLOVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOLZachariah Pabi
 
CCNAv5 - S1: Chapter 3 - Network protocols and communications
CCNAv5 - S1: Chapter 3 - Network protocols and communicationsCCNAv5 - S1: Chapter 3 - Network protocols and communications
CCNAv5 - S1: Chapter 3 - Network protocols and communicationsVuz Dở Hơi
 
GREAT MINDS
GREAT MINDSGREAT MINDS
GREAT MINDSSione Taukinukufili
 
CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6Nil Menon
 
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET Journal
 
Chapter 1 introduction to scaling networks
Chapter 1 introduction to scaling networksChapter 1 introduction to scaling networks
Chapter 1 introduction to scaling networksJosue Wuezo
 
CCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - EthernetCCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - EthernetVuz Dở Hơi
 
Wisenet network
Wisenet networkWisenet network
Wisenet networkbhavithd
 
CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5Nil Menon
 
CCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site ConnectivityCCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site ConnectivityVuz Dở Hơi
 
Who needs iot security?
Who needs iot security?Who needs iot security?
Who needs iot security?Justin Black
 
CCNAv5 - S4: Chapter2 Connecting To The Wan
CCNAv5 - S4: Chapter2 Connecting To The WanCCNAv5 - S4: Chapter2 Connecting To The Wan
CCNAv5 - S4: Chapter2 Connecting To The WanVuz Dở Hơi
 
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkCCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkVuz Dở Hơi
 
Cisco CCNA module 1
Cisco CCNA module 1Cisco CCNA module 1
Cisco CCNA module 1Anjar Septiawan
 
Wireless LAN Security Attacks and CCM Protocol with Some Best Practices in De...
Wireless LAN Security Attacks and CCM Protocol with Some Best Practices in De...Wireless LAN Security Attacks and CCM Protocol with Some Best Practices in De...
Wireless LAN Security Attacks and CCM Protocol with Some Best Practices in De...IRJET Journal
 
CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7Nil Menon
 
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallFortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallShilaThak
 
Data center & wireless lan
Data center & wireless lanData center & wireless lan
Data center & wireless lanjency j
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber SecurityJAZEEL K T
 

More Related Content

What's hot

Remote temperature and humidity monitoring system using wireless sensor networks
Remote temperature and humidity monitoring system using wireless sensor networksRemote temperature and humidity monitoring system using wireless sensor networks
Remote temperature and humidity monitoring system using wireless sensor networkseSAT Journals
 
CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11Irsandi Hasan
 
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOLOVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOLZachariah Pabi
 
CCNAv5 - S1: Chapter 3 - Network protocols and communications
CCNAv5 - S1: Chapter 3 - Network protocols and communicationsCCNAv5 - S1: Chapter 3 - Network protocols and communications
CCNAv5 - S1: Chapter 3 - Network protocols and communicationsVuz Dở Hơi
 
CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6Nil Menon
 
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET Journal
 
Chapter 1 introduction to scaling networks
Chapter 1 introduction to scaling networksChapter 1 introduction to scaling networks
Chapter 1 introduction to scaling networksJosue Wuezo
 
CCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - EthernetCCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - EthernetVuz Dở Hơi
 
Wisenet network
Wisenet networkWisenet network
Wisenet networkbhavithd
 
CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5Nil Menon
 
CCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site ConnectivityCCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site ConnectivityVuz Dở Hơi
 
Who needs iot security?
Who needs iot security?Who needs iot security?
Who needs iot security?Justin Black
 
CCNAv5 - S4: Chapter2 Connecting To The Wan
CCNAv5 - S4: Chapter2 Connecting To The WanCCNAv5 - S4: Chapter2 Connecting To The Wan
CCNAv5 - S4: Chapter2 Connecting To The WanVuz Dở Hơi
 
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkCCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkVuz Dở Hơi
 
Wireless LAN Security Attacks and CCM Protocol with Some Best Practices in De...
Wireless LAN Security Attacks and CCM Protocol with Some Best Practices in De...Wireless LAN Security Attacks and CCM Protocol with Some Best Practices in De...
Wireless LAN Security Attacks and CCM Protocol with Some Best Practices in De...IRJET Journal
 
CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7Nil Menon
 
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallFortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallShilaThak
 

What's hot (20)

Remote temperature and humidity monitoring system using wireless sensor networks
Remote temperature and humidity monitoring system using wireless sensor networksRemote temperature and humidity monitoring system using wireless sensor networks
Remote temperature and humidity monitoring system using wireless sensor networks
 
CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11CCNA RS_NB - Chapter 11
CCNA RS_NB - Chapter 11
 
Pdf3
Pdf3Pdf3
Pdf3
 
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOLOVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
OVERVIEW OF PKM AUTHENTICATION MECHANISM IN WiMAX SECURITY PROTOCOL
 
CCNAv5 - S1: Chapter 3 - Network protocols and communications
CCNAv5 - S1: Chapter 3 - Network protocols and communicationsCCNAv5 - S1: Chapter 3 - Network protocols and communications
CCNAv5 - S1: Chapter 3 - Network protocols and communications
 
GREAT MINDS
GREAT MINDSGREAT MINDS
GREAT MINDS
 
CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6
 
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
 
Chapter 1 introduction to scaling networks
Chapter 1 introduction to scaling networksChapter 1 introduction to scaling networks
Chapter 1 introduction to scaling networks
 
CCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - EthernetCCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - Ethernet
 
Wisenet network
Wisenet networkWisenet network
Wisenet network
 
CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5CCNA 1 Routing and Switching v5.0 Chapter 5
CCNA 1 Routing and Switching v5.0 Chapter 5
 
CCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site ConnectivityCCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
CCNAv5 - S4: Chapter 7: Securing Site-to-site Connectivity
 
Who needs iot security?
Who needs iot security?Who needs iot security?
Who needs iot security?
 
CCNAv5 - S4: Chapter2 Connecting To The Wan
CCNAv5 - S4: Chapter2 Connecting To The WanCCNAv5 - S4: Chapter2 Connecting To The Wan
CCNAv5 - S4: Chapter2 Connecting To The Wan
 
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkCCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the network
 
Cisco CCNA module 1
Cisco CCNA module 1Cisco CCNA module 1
Cisco CCNA module 1
 
Wireless LAN Security Attacks and CCM Protocol with Some Best Practices in De...
Wireless LAN Security Attacks and CCM Protocol with Some Best Practices in De...Wireless LAN Security Attacks and CCM Protocol with Some Best Practices in De...
Wireless LAN Security Attacks and CCM Protocol with Some Best Practices in De...
 
CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7
 
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallFortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
 

Similar to Megaplex nerc-cip-compliance

Data center & wireless lan
Data center & wireless lanData center & wireless lan
Data center & wireless lanjency j
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber SecurityJAZEEL K T
 
Data Link Layer _latest development_project.pptx
Data Link Layer _latest development_project.pptxData Link Layer _latest development_project.pptx
Data Link Layer _latest development_project.pptxAbhinavAshish21
 
Enhancing Data Transmission and Protection in Wireless Sensor Node- A Review
Enhancing Data Transmission and Protection in Wireless Sensor Node- A ReviewEnhancing Data Transmission and Protection in Wireless Sensor Node- A Review
Enhancing Data Transmission and Protection in Wireless Sensor Node- A ReviewIRJET Journal
 
Performance Enhancement of Intrusion Detection System Using Advance Adaptive ...
Performance Enhancement of Intrusion Detection System Using Advance Adaptive ...Performance Enhancement of Intrusion Detection System Using Advance Adaptive ...
Performance Enhancement of Intrusion Detection System Using Advance Adaptive ...ijceronline
 
First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...
First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...
First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...DETER-Project
 
SECURE ADHOC ROUTING PROTOCOL FOR PRIVACY RESERVATION
SECURE ADHOC ROUTING PROTOCOL FOR PRIVACY RESERVATIONSECURE ADHOC ROUTING PROTOCOL FOR PRIVACY RESERVATION
SECURE ADHOC ROUTING PROTOCOL FOR PRIVACY RESERVATIONEditor IJMTER
 
WSN_Data Link Layer _latest development_by_AbhinavAshish.pptx
WSN_Data Link Layer _latest development_by_AbhinavAshish.pptxWSN_Data Link Layer _latest development_by_AbhinavAshish.pptx
WSN_Data Link Layer _latest development_by_AbhinavAshish.pptxAbhinavAshish21
 
Smart Local Backup Protection for Smart Substation
Smart Local Backup Protection for Smart SubstationSmart Local Backup Protection for Smart Substation
Smart Local Backup Protection for Smart SubstationIJECEIAES
 
Authentication and Key Agreement in 3GPP Networks
Authentication and Key Agreement in 3GPP Networks Authentication and Key Agreement in 3GPP Networks
Authentication and Key Agreement in 3GPP Networks csandit
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesNir Cohen
 
Secure remote protocol for fpga reconfiguration
Secure remote protocol for fpga reconfigurationSecure remote protocol for fpga reconfiguration
Secure remote protocol for fpga reconfigurationeSAT Journals
 
Secure remote protocol for fpga reconfiguration
Secure remote protocol for fpga reconfigurationSecure remote protocol for fpga reconfiguration
Secure remote protocol for fpga reconfigurationeSAT Publishing House
 
Secure sigfox ready devices recommendation guide
Secure sigfox ready devices recommendation guideSecure sigfox ready devices recommendation guide
Secure sigfox ready devices recommendation guideSigfox
 

Similar to Megaplex nerc-cip-compliance (20)

Data center & wireless lan
Data center & wireless lanData center & wireless lan
Data center & wireless lan
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber Security
 
Allied Telesis IE510-28GSX
Allied Telesis IE510-28GSXAllied Telesis IE510-28GSX
Allied Telesis IE510-28GSX
 
1678 1683
1678 16831678 1683
1678 1683
 
1678 1683
1678 16831678 1683
1678 1683
 
Cdma Security
Cdma SecurityCdma Security
Cdma Security
 
Data Link Layer _latest development_project.pptx
Data Link Layer _latest development_project.pptxData Link Layer _latest development_project.pptx
Data Link Layer _latest development_project.pptx
 
Resilience in the ZigBee Residential Mode
Resilience in the ZigBee Residential ModeResilience in the ZigBee Residential Mode
Resilience in the ZigBee Residential Mode
 
Enhancing Data Transmission and Protection in Wireless Sensor Node- A Review
Enhancing Data Transmission and Protection in Wireless Sensor Node- A ReviewEnhancing Data Transmission and Protection in Wireless Sensor Node- A Review
Enhancing Data Transmission and Protection in Wireless Sensor Node- A Review
 
Performance Enhancement of Intrusion Detection System Using Advance Adaptive ...
Performance Enhancement of Intrusion Detection System Using Advance Adaptive ...Performance Enhancement of Intrusion Detection System Using Advance Adaptive ...
Performance Enhancement of Intrusion Detection System Using Advance Adaptive ...
 
First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...
First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...
First Steps Toward Scientific Cyber-Security Experimentation in Wide-Area Cyb...
 
SECURE ADHOC ROUTING PROTOCOL FOR PRIVACY RESERVATION
SECURE ADHOC ROUTING PROTOCOL FOR PRIVACY RESERVATIONSECURE ADHOC ROUTING PROTOCOL FOR PRIVACY RESERVATION
SECURE ADHOC ROUTING PROTOCOL FOR PRIVACY RESERVATION
 
WSN_Data Link Layer _latest development_by_AbhinavAshish.pptx
WSN_Data Link Layer _latest development_by_AbhinavAshish.pptxWSN_Data Link Layer _latest development_by_AbhinavAshish.pptx
WSN_Data Link Layer _latest development_by_AbhinavAshish.pptx
 
Veena kakati
Veena kakatiVeena kakati
Veena kakati
 
Smart Local Backup Protection for Smart Substation
Smart Local Backup Protection for Smart SubstationSmart Local Backup Protection for Smart Substation
Smart Local Backup Protection for Smart Substation
 
Authentication and Key Agreement in 3GPP Networks
Authentication and Key Agreement in 3GPP Networks Authentication and Key Agreement in 3GPP Networks
Authentication and Key Agreement in 3GPP Networks
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power Utilities
 
Secure remote protocol for fpga reconfiguration
Secure remote protocol for fpga reconfigurationSecure remote protocol for fpga reconfiguration
Secure remote protocol for fpga reconfiguration
 
Secure remote protocol for fpga reconfiguration
Secure remote protocol for fpga reconfigurationSecure remote protocol for fpga reconfiguration
Secure remote protocol for fpga reconfiguration
 
Secure sigfox ready devices recommendation guide
Secure sigfox ready devices recommendation guideSecure sigfox ready devices recommendation guide
Secure sigfox ready devices recommendation guide
 

More from Nir Cohen

Power Utilities Migration Solutions
Power Utilities Migration SolutionsPower Utilities Migration Solutions
Power Utilities Migration SolutionsNir Cohen
 
What is-twamp
What is-twampWhat is-twamp
What is-twampNir Cohen
 
Accelerating lte-a-deployments
Accelerating lte-a-deploymentsAccelerating lte-a-deployments
Accelerating lte-a-deploymentsNir Cohen
 
V cpe deployment-best-practices-presentation
V cpe deployment-best-practices-presentationV cpe deployment-best-practices-presentation
V cpe deployment-best-practices-presentationNir Cohen
 
Distributed NFV: Ensuring that the Benefits of Virtualization Exceed the Costs
Distributed NFV: Ensuring that the Benefits of Virtualization Exceed the CostsDistributed NFV: Ensuring that the Benefits of Virtualization Exceed the Costs
Distributed NFV: Ensuring that the Benefits of Virtualization Exceed the CostsNir Cohen
 
Carrier ethernet vs-mpls-power-utility-communications
Carrier ethernet vs-mpls-power-utility-communicationsCarrier ethernet vs-mpls-power-utility-communications
Carrier ethernet vs-mpls-power-utility-communicationsNir Cohen
 
Time distribution strategies in cellular networks
Time distribution strategies in cellular networksTime distribution strategies in cellular networks
Time distribution strategies in cellular networksNir Cohen
 
Mobile backhaul solution guide
Mobile backhaul solution guideMobile backhaul solution guide
Mobile backhaul solution guideNir Cohen
 
Carrier ethernet-for-power-utilities-presentation
Carrier ethernet-for-power-utilities-presentationCarrier ethernet-for-power-utilities-presentation
Carrier ethernet-for-power-utilities-presentationNir Cohen
 
Carrier grade ethernet for power utilities - solution paper
Carrier grade ethernet for power utilities - solution paperCarrier grade ethernet for power utilities - solution paper
Carrier grade ethernet for power utilities - solution paperNir Cohen
 
Ethernet vs-mpls-tp-in-the-access-presentation
Ethernet vs-mpls-tp-in-the-access-presentationEthernet vs-mpls-tp-in-the-access-presentation
Ethernet vs-mpls-tp-in-the-access-presentationNir Cohen
 
Timing over packet demarcation
Timing over packet demarcationTiming over packet demarcation
Timing over packet demarcationNir Cohen
 
23077 carrier ethernet-trends-challenges
23077 carrier ethernet-trends-challenges23077 carrier ethernet-trends-challenges
23077 carrier ethernet-trends-challengesNir Cohen
 
Teleprotection over packet f 30 8-11
Teleprotection over packet f 30 8-11Teleprotection over packet f 30 8-11
Teleprotection over packet f 30 8-11Nir Cohen
 
Ethernet OAM evolution
Ethernet OAM evolutionEthernet OAM evolution
Ethernet OAM evolutionNir Cohen
 
Ce the cio perspective part iii v2 1 9-6-11
Ce the cio perspective part iii v2 1 9-6-11Ce the cio perspective part iii v2 1 9-6-11
Ce the cio perspective part iii v2 1 9-6-11Nir Cohen
 
Ce the cio perspective part ii v2 3 21-6-11
Ce the cio perspective part ii v2 3 21-6-11Ce the cio perspective part ii v2 3 21-6-11
Ce the cio perspective part ii v2 3 21-6-11Nir Cohen
 
Ce the cio perspective part ii v2 3 21-6-11
Ce the cio perspective part ii v2 3 21-6-11Ce the cio perspective part ii v2 3 21-6-11
Ce the cio perspective part ii v2 3 21-6-11Nir Cohen
 

More from Nir Cohen (18)

Power Utilities Migration Solutions
Power Utilities Migration SolutionsPower Utilities Migration Solutions
Power Utilities Migration Solutions
 
What is-twamp
What is-twampWhat is-twamp
What is-twamp
 
Accelerating lte-a-deployments
Accelerating lte-a-deploymentsAccelerating lte-a-deployments
Accelerating lte-a-deployments
 
V cpe deployment-best-practices-presentation
V cpe deployment-best-practices-presentationV cpe deployment-best-practices-presentation
V cpe deployment-best-practices-presentation
 
Distributed NFV: Ensuring that the Benefits of Virtualization Exceed the Costs
Distributed NFV: Ensuring that the Benefits of Virtualization Exceed the CostsDistributed NFV: Ensuring that the Benefits of Virtualization Exceed the Costs
Distributed NFV: Ensuring that the Benefits of Virtualization Exceed the Costs
 
Carrier ethernet vs-mpls-power-utility-communications
Carrier ethernet vs-mpls-power-utility-communicationsCarrier ethernet vs-mpls-power-utility-communications
Carrier ethernet vs-mpls-power-utility-communications
 
Time distribution strategies in cellular networks
Time distribution strategies in cellular networksTime distribution strategies in cellular networks
Time distribution strategies in cellular networks
 
Mobile backhaul solution guide
Mobile backhaul solution guideMobile backhaul solution guide
Mobile backhaul solution guide
 
Carrier ethernet-for-power-utilities-presentation
Carrier ethernet-for-power-utilities-presentationCarrier ethernet-for-power-utilities-presentation
Carrier ethernet-for-power-utilities-presentation
 
Carrier grade ethernet for power utilities - solution paper
Carrier grade ethernet for power utilities - solution paperCarrier grade ethernet for power utilities - solution paper
Carrier grade ethernet for power utilities - solution paper
 
Ethernet vs-mpls-tp-in-the-access-presentation
Ethernet vs-mpls-tp-in-the-access-presentationEthernet vs-mpls-tp-in-the-access-presentation
Ethernet vs-mpls-tp-in-the-access-presentation
 
Timing over packet demarcation
Timing over packet demarcationTiming over packet demarcation
Timing over packet demarcation
 
23077 carrier ethernet-trends-challenges
23077 carrier ethernet-trends-challenges23077 carrier ethernet-trends-challenges
23077 carrier ethernet-trends-challenges
 
Teleprotection over packet f 30 8-11
Teleprotection over packet f 30 8-11Teleprotection over packet f 30 8-11
Teleprotection over packet f 30 8-11
 
Ethernet OAM evolution
Ethernet OAM evolutionEthernet OAM evolution
Ethernet OAM evolution
 
Ce the cio perspective part iii v2 1 9-6-11
Ce the cio perspective part iii v2 1 9-6-11Ce the cio perspective part iii v2 1 9-6-11
Ce the cio perspective part iii v2 1 9-6-11
 
Ce the cio perspective part ii v2 3 21-6-11
Ce the cio perspective part ii v2 3 21-6-11Ce the cio perspective part ii v2 3 21-6-11
Ce the cio perspective part ii v2 3 21-6-11
 
Ce the cio perspective part ii v2 3 21-6-11
Ce the cio perspective part ii v2 3 21-6-11Ce the cio perspective part ii v2 3 21-6-11
Ce the cio perspective part ii v2 3 21-6-11
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

Megaplex nerc-cip-compliance

  • 2. Abstract NERC-CIP’s most recent release, version 5, focuses primarily on BES substations and their critical Cyber Assets (CA), by establishing an Electronic Security Perimeter (ESP) around the substation’s control system. RAD’s Megaplex, a major building block in RAD’s Service Assured Networking (SAN) solutions for power utilities, is strategically located to manage all electronic access to the substation and the cyber assets within it from external and internal attacks. This paper reviews Megaplex’ 3-tier ESP protection and outlines how it helps power utilities boost their compliance with NERC CIP 005 and 007 requirements.
  • 3. Boosting NERC-CIP Compliance RAD 1 Contents 1 Introduction.........................................................................................................2 2 Multiservice Aggregation and 10 Gbps Access/Core Platform ...............................3 3 Cyber Attack Prevention (CAP) .............................................................................4 4 Supporting NERC-CIP Compliance .........................................................................5 5 Why Select RAD’s Megaplex .................................................................................7
  • 4. Boosting NERC-CIP Compliance 2 RAD 1 Introduction The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) is a regulatory authority whose mission is to assure the reliability of the bulk electric system (BES) in North America. NERC-CIP standards deal with both physical and cyber security aspects. With regards to cyber security, NERC-CIP’s most recent release, version 5, focuses primarily on BES substations and their critical Cyber Assets (CA), by establishing an Electronic Security Perimeter (ESP) around the substation’s control system. For over 30 years, RAD has been a supplier to the power utility industry, providing multiservice aggregation and, more recently, 10 Gbps access/core networks, with its Megaplex line of networking platforms. RAD’s Megaplex, a major building block in RAD’s Service Assured Networking (SAN) solutions for power utilities, is strategically located to manage all electronic access to the substation and the cyber assets within it. It has therefore been enhanced with Cyber Attack Prevention (CAP) capabilities to support the efforts of power utilities to achieve NERC-CIP compliance for their BES. Figure 1. RAD’s solutions for power grid control 1. The multiservice aggregation function combines all serial, Ethernet and analog substation traffic (voice, video, data, automation, and Teleprotection) onto the WAN, for delivery to multiple users outside the ESP.
  • 5. Boosting NERC-CIP Compliance RAD 3 2. The 10 Gbps access/core network builder establishes multiple Ethernet rings, allowing wide area communications with fully redundant channels. 3. Three-layer CAP (Cyber-Attack Prevention), allowing device connection control within the ESP, SCADA- aware security for all substation devices and Man in the Middle (MitM) attack prevention. 2 Multiservice Aggregation and 10 Gbps Access/Core Platform The Megaplex provides a single point of communications entry (or fallback redundancy) to the substation’s ESP. It performs multiservice aggregation for the substation’s intelligent electronic devices (IED), Teleprotection communications, voice and video, remote terminal unit (RTU) communications, etc. In addition, the Megaplex acts as a 10 Gbps access/core network builder. The field proven Megaplex has been widely deployed in substations worldwide, delivering robust communications that meet power utilities exacting requirements, including sub-3 milliseconds signaling latency for Teleprotection between nearby substations. Figure 2: Multiservice Aggregation and 10 Gbps Access/Core Network with Megaplex
  • 6. Boosting NERC-CIP Compliance 4 RAD 3 Cyber Attack Prevention (CAP) Unprotected or low-security communication networks for ESPs jeopardize the reliable operations of power utilities’ BES facilities. Primarily, security measures for critical infrastructure focus on assuring safety and reliability. Substation IEDs typically utilize serial or TCP-based protocols such as DNP 3, IEC 60870-5-101/4, and IEC 61850. Secure operation can be significantly enhanced by monitoring the two-way data exchange between these IEDs and the substation RTU or the aggregation unit, and intervening as necessary. The CAP shown on Figure 3 below is deployed as an ultimate shield for the substation ESP, protecting its secure operation from internal or external cyber attacks. Each IED, RTU or other device is separately connected to the Megaplex, allowing port-specific protection mechanisms to be defined. Under normal operating conditions, each device is communicating through the Megaplex and only safe commands are allowed to reach the IED, e.g., “send buffer data”, or “get time synchronization”. Under no circumstances can the IED be reconfigured or reset to factory default. Figure 3: CAP security procedures offered by the Megaplex
  • 7. Boosting NERC-CIP Compliance RAD 5 Device Connection Control (DCC): The role of this function (marked as A) is to provide a single point of access control through the Megaplex to each IED (or other device) operating within the ESP. Each communication session traversing the Megaplex (to access the IED, RTU, or other device) is authenticated using a RADIUS or TACACS server, and Role Based Access (RBAC) is enabled. This permits only authorized functions to access only specific devices and only during predefined time periods. Each device and each port in the substation is monitored and recorded for any connection/disconnection or reconnection. SCADA-aware security layer: This function (marked as B) is performed by an embedded processing unit and operates as an application-specific firewall, controlling all connections within the substation ESP. In addition to typical firewall functionality, it may perform anomaly detection to prevent external cyber attacks. Man in the Middle (MitM) attack prevention: IEEE 802.1AE (MACsec) integrity and confidentiality mechanisms (marked as C) operate at Layer 2 (the Link Layer) of the OSI stack, thus securing all communications to and from the substation, to prevent MitM attacks. MACsec is agnostic to higher-layer protocols (such as DNP 3, IEC 60870- 5-104, IEC 61850, Mirror Bit, etc.), and thus allows them to securely flow across the network. With MACsec, each data packet is forwarded on a hop-by-hop basis, i.e., at each node the packet is authenticated and checked for tampering (and if encryption is employed, decrypted and re-encrypted) using AES with a 128 or 256 bit key. This guarantees a high level of data security by mitigating source spoofing, session hijacking, MitM interventions, Denial of Service (DoS), and Distributed DoS (DDoS) attacks. 4 Supporting NERC-CIP Compliance NERC-CIP compliance is an important challenge for power utilities. The requirements in the latest NERC-CIP release (version 5, sections 002 to 011) provide best practices for ensuring secure operations. These, together with physical and organizational measures, are required to be audited annually. The following table outlines how RAD’s solutions promote compliance with the relevant NERC-CIP requirements. NERC CIP 5 Section 005 R 1.3 Require inbound and outbound access permissions, including the reason for granting access, and deny all other access by default. The Megaplex provides the required security measures by communicating with an authentication server to ensure that inbound/outbound communications are authorized and to prevent unauthorized re- configuration. R 1.5 Have one or more methods for detecting known or suspected malicious communications for both inbound and outbound communications. The Megaplex includes a hosting processor that enables deployment of customer- specific applications, such as SCADA firewall and anomaly detection for malicious traffic and other unusual streams. IEEE 802.1AE
  • 8. Boosting NERC-CIP Compliance 6 RAD provides authentication, source address verification, data integrity verification, and optionally encryption (if required for the used application). R 2.1 Utilize an intermediate system such as that the Cyber Asset initiating Interactive Remote Access does not directly access an applicable Cyber Asset The Megaplex provides the necessary security using IEEE 802.1AE encryption and 802.1X authorization, and prevents Interactive Remote Access to Cyber Assets within the ESP. A customer-specific SCADA firewall can be deployed to filter incoming data according to IP address and data payload. R 2.2 For all Interactive Remote Access sessions, utilize encryption that terminates at an Intermediate System The Megaplex security procedure terminates all encryption processes at the entry point. This allows inspection of the data and blocking of unwanted data and messages, as well as prevention of unauthorized applications. R 2.3 Require Multifactor Authentication for all Remote Access sessions. Multifactor authentication can be achieved by strengthening physical security to the facility and the use of a separate login password for all Remote Access sessions. NERC CIP 5 Section 007 R5.1 R5.2 Enforce Authentication of interactive user access where technically feasible The Megaplex utilizes IEEE 802.1X based authentication. Access Control, user authentication and privilege-level associations for local and remote access are provided using Secure Shell (SSH) via TACACS or RADIUS-type servers.
  • 9. Boosting NERC-CIP Compliance RAD 7 5 Why Select RAD’s Megaplex RAD has more than 30 years of proven experience, a significant worldwide presence in more than 150 countries, and an installed base of more than 13 million units. RAD is a member of the US$ 1.2 billion RAD Group of companies, a world leader in communications solutions. RAD’s SAN solutions ensure high reliability, smooth migration and cyber security for power utilities. The Megaplex is an “all-in-one” platform, providing secure multiservice aggregation for substation IEDs, Teleprotection communications, voice and video, RTU communications, etc. It delivers effective protection for BES and cyber assets protected by the ESP. These and additional cyber defense measures support the efforts of power utilities to comply with NERC CIP standards. The Megaplex also acts as a 10 G access/core network builder. Upgrading the core communications network to PSN and carrier-grade Ethernet allows the deployment of stronger defense measures to protect the power grid from vulnerabilities and the risk of cyber attacks.
  • 10. International Headquarters RAD Data Communications Ltd. 24 Raoul Wallenberg St. Tel Aviv 6971923 Israel Tel: 972-3-6458181 Fax: 972-3-6498250 E-mail: market@rad.com http://www.rad.com North America Headquarters RAD Data Communications Inc. 900 Corporate Drive Mahwah, NJ 07430 USA Tel: (201) 529-1100 Toll free: 1-800-444-7234 Fax: (201) 529-5777 E-mail: market@radusa.com www.radusa.com The RAD name and logo is a registered trademark of RAD Data Communications Ltd. © 2015 RAD Data Communications Ltd. All rights reserved. Subject to change without notice. Version 05/15 www.rad.com