Schneider Electric, profile picture
Uploaded bySchneider Electric
2,264 views

NERC Critical Infrastructure Protection (CIP) and Security for Field Devices

The document discusses NERC CIP guidelines for securing critical infrastructure devices in the electric grid. It provides an overview of the six main CIP guidelines regarding personnel authorization, training, security of the electronic perimeter, physical security, operations security, and incident reporting. The document emphasizes that compliance requires both compliant technologies and security-focused procedures. It also outlines key security principles like least privilege and role-based access controls. Overall, the summary provides a high-level view of the document's coverage of NERC CIP compliance objectives and guidelines.

Embed presentation

Downloaded 59 times
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Compliance principles and requirements Make the most of your energy SM
Summary Executive Summary . ................................................................................... p 1 Introduction ................................................................................................. p 2 Understanding CIP objectives ...................................................................... p 4 Core Security Principles . ............................................................................. p 5 NERC CIP technical control guidelines . ....................................................... p 6 Finding your compliance solution.................................................................. p 10 Conclusion................................................................................................... p 11
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Executive summary The North American Electric Reliability Corporation (NERC) maintains a set of Critical Infrastructure Protection (CIP) guidelines that address a broad range of critical cyber asset and cyber security issues. These guidelines describe the security-focused procedures that, in combination with compliant technology, enable secure electric grid operations. The CIP guidelines do not specify the technologies that must be deployed. Instead, they describe the technology design necessary to build an information management architecture that complies with security goals. These goals include the minimizing of administrative authorization needed for operational functions. Rights and privileges are to be assigned to a functional role, not a named individual. Audit trails of field data device and substation activity, similar to control room auditability, must be maintained to assure comprehensive confidence in data and controls. The six CIP guidelines summarized in the paper speak to the procedures and policies that are vital to critical cyber asset security – personnel authorizations; personnel training; security of the information management system’s electronic perimeter; security of the information management system’s physical assets; operational security; and incident reporting and response planning. The utility builds its CIP-compliant program with defined procedures addressing these guidelines, coupled with the hardware and software that enable full implementation of these procedures. Training of all personnel is necessary for effective and efficient compliance. White paper | 01
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Introduction In this paper, we target ‘the myth of compliance.’ While the term ‘compliant’ most often refers to products – the software and devices deployed in daily field operations of the electric grid – we at Telvent see security compliance as a ‘process.’ Through our extensive experience working with critical infrastructure asset owners, vendors and regulatory agencies, we know full compliance is achieved only when compliant hardware and software is complemented by information management procedures reflecting strong security principles. Here, we discuss in general how consistent NERC Critical Infrastructure Protection (CIP) compliance reflects best security practices combining: • Core security principles • Technical controls defined by CIP guidelines • strong level of discipline within the user organization and its vendor A organizations White paper | 02
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Understanding CIP objectives What CIP does. CIP provides general security CIP covers both technical and operational guidance toward achieving the minimal level of compliance. It is the combination of compliant security required for safe and secure operations. technology and security-focused procedures that enable CIP-compliant operations; see Figure 1. What CIP does not do. CIP does not prescribe or specify the technologies to be deployed to meet In this way, CIP challenges asset owners to secure operational goals. It defines objectives, consider security a ‘holistic’ issue that actively targets not how the user must achieve them. With the not only system design and installation but also responsibility of meeting secure operations objectives, daily processes. Compliant technology establishes the user also has the choice of which technology will a minimal level of authentication, authorization and best serve its needs in meeting those objectives. audit ability. The asset owner must actively build on that compliance foundation to realize a strong security culture within the organization. Compliance- Secure CIP Compliant Capable Hardware Configuration Devices CIP Compliant Operations CIP Compliant Training Processes Figure 1. Technology, in and of itself, does not impart CIP compliance. Rather, the user must build a program that assures its compliant technology is deployed and operated to create the level of security required to achieve compliance. White paper | 04
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Core Security Principles Let’s review the security principles that are fundamental in molding a CIP-compliant information Information management key for management architecture: security – and more Principle of Least Privilege (PoLP). This principle Reliable information management serves describes the technology design – the design critical infrastructure security by – of applications and field devices – that allows • aintaining infrastructure availability – M operation with the minimum amount of administrative preventing acts, intentional or accidental, authorization. A granular-access approach to from interrupting operations operational control limits authority to each employee’s functions; any control authorized beyond defined • reserving data integrity – to support the P operational functions invites errors that could have quality of operational decision-making as well inadvertent, far-reaching impact – and even invite as meet regulatory/auditing scrutiny malicious abuse. The robust information management system also can enforce data confidentiality, allowing it While many legacy systems might not accommodate to be used for: highly granular access, newer technology is being designed to meet this criterion. • Accounting purposes Role-based Access Controls (RbAC). Rights and • Business-critical processes privileges associated with any network device are assigned to an administrative role or job duty, rather • Customer consumption than to a named individual. This approach allows individuals to move in and out of roles within the With compliant information management architecture, organization without complicated re-definition of the asset owner will: that person’s authorization, supporting continuous compliance and limiting authorization errors. It also • Know and control who is allowed to access the supports the centralized management essential in an system efficient, integrated network. • Know and control what each individual is allowed to Audit trails. While maintaining audit trail capability do on the system is familiar in the control room, CIP compliance extends this concept to operation of field devices. • Know and control what can be done by an By maintaining an awareness of field data activity individual based on where the individual is accessing and changes at the device and substation level, the the system user can integrate that data into centralized control with confidence. The intent is to not only provide the • Know what each individual has done on the system means for documenting system management in the recent past but to also enable real-time assessment • Prevent access to critical assets from any location of whether the CIP controls in place are appropriate – where any of the above situations is not true doing their job and meeting compliance goals. White paper | 05
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices NERC CIP technical control guidelines The NERC CIP document addresses a broad range of Critical Cyber Asset (CCA) and Cyber Security About NERC issues; here, we very briefly review six of the CIP guidelines that apply to operation of electric network The North American Electric Reliability Corporation (NERC) is an international field devices; also see Table 1. The full text of the regulatory authority established to evaluate NERC CIP standard can be found at http://www. reliability of the bulk power system in North nerc.com. America. NERC develops and enforces Reliability Standards; assesses adequacy CIP-003 Security Management Controls describes annually via ten-year forecasts and winter and the development of a cyber security policy and summer forecasts; monitors the bulk power documentation of that policy in a way that it can system; and educates, trains, and certifies industry personnel. NERC is the electric be updated and that all staff is aware of the policy. reliability organization for North America, It discusses management of personnel who have subject to oversight by the U.S. Federal access to the CCAs and identification of users with Energy Regulatory Commission (FERC) and different privileges, roles and responsibilities. governmental authorities in Canada. For more information, visit http://www.nerc.com • he user will want to look for hardware that can be T configured to allow a specific ID for each user and CIP guideline uses vaguely worded phrases such for addition and deletion of privileged users and for as “where technically feasible”; this wording makes users with different levels of access. Hardware that it difficult for the organization to fully understand documents not only access but also documents requirements. details of functions performed during the access is a big advantage; this downloadable User Log will While encryption is not identified specifically as a provide an audit trail for CIP compliance. guideline for ESP access, CIP-005 does speak to: CIP-004 Personnel and Training identifies the • ecurity of dial-up access – unclear if having a S personnel training and awareness recommended password and User Name to access constitutes for supporting security-related operations and ‘secure.’ Use of a ‘call back’ modem or a SCADA- procedures. It cites CCA user identification lists that controlled relay that is closed for access and are reviewed periodically and can be modified to opened when not needed provides adequate change both users and user privileges. security. • evices that accept addition or deletion of users D - n alternative to dial-up connection is the A and/or privileges remotely allow updates quickly Ethernet strategy, providing the IT tunnel that and keep functionalities accurately maintained. eliminates a dial-up channel. Another plus: with employees equipped with cell phones, replacing CIP-005 Electronic Security Perimeter(s) deals dial-up access also eliminates any need for a with identification and protection of ESP access phone line into the substation. points and communications. In some places, this White paper | 06
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices • ccess denied by default – access requires A TABLE 1 password, and password changeability Summary of CIP Issues • nabling and disabling ports or functions deemed E Requirement NERC CIP Compliant hardware capabilities not needed – at the most basic level, a firewall Standard capability serves this purpose User Access CIP-004 • ndividual user accounts/ I CIP-005 passwords CIP-007 • rivileges defined on a per- P • ppropriate-use banner – in our opinion, most likely A user basis a legal shield • Strong passwords supported • asswords hidden when P • onitoring, logging and warnings for user access or M entered attempted access – simple if the device has alarm Access Control CIP-003 • Passwords can be managed generation and logging ability, most useful if alarm CIP-005 from central location CIP-004 • ultiple admin-type accounts M alert is in real time can be configured • User Log, IP Filter list - onsider hardware that generates an alarm each C Electronic Security CIP-005 • limination of dial-up access E time a user logs in to initiate automatic user Perimeter CIP-003 with use of IP tunnel validation by SCADA or other means. IP Tunnel CIP-007 • Appropriate banner usage • lectronic access logged; can E capability eliminates dial-up access, and IP filter be monitored and alarmed capability adds an additional layer of security. • Port data paths configurable • SSL / SSH LAN CIP-006 Physical Security discusses physical Logging of CIP-003 • Every access attempt logged accessibility to equipment, including: Access and Usage CIP-004 • Resets logged CIP-007 • User changes logged CIP-008 • Time-tagged events logged • Mounting equipment in lockable enclosures Personnel termination/ CIP-004 • ser accounts revocable by U privilege changes CIP-007 administrator • Remote control of locks • ser accounts ‘downgradable’ U to lower level of authority • Access alarms indicating a door or gate is open Security Software CIP-007 • ll software upgrades available A Management for real-time updates • Card keys, video cameras, etc. • Non-Windows-based OS Alerts and CIP-005 • Every access attempt logged • User logged in and failed login attempts Notifications CIP-007 • ccess notification alarms A CIP-008 available to SCADA - evices that can integrate card keys and/or video D initiation with access alarms enhance security of the physical perimeter. White paper | 07
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices CIP-007 Systems Security Management deals with operating issues such as security patches, The Electronic Security Perimeter virus protection, vendor releases and event logging. References to device security reinforce CIP-005 The majority of ‘surface area of the ESP’ involves field device hardware; see Figure 2. concepts: For this reason, the technical security controls defined by CIP focus on control of access and • bility to enable or disable unused or unneeded A communication of field devices. ports and services – or compensating factor that will mitigate risk, such as physical security • Security patches and firmware upgrades ESP • nti-virus and malware protection – driven by the A Field Devices operating system - erely due to the widespread deployment of M Data Gathering/ Security Risk/Surface Area the Windows® operating system, the use of a Substations non-Windows OS might reduce the possibility of targeted attack. Devices that operate on a Comms non-Windows OS might be inherently immune to typical virus and malware threats and less likely to be targeted by hackers or persons intent on causing harm. In any case, user login monitors and alarms and use of discrete passwords Control System minimize risk. • ndividual, not shared, accounts – as mentioned in I Business Support CIP-003 controls, privileges should be defined on a per-role basis Enterprise Infrastructure - Logs and audit trails – - ogin and failed login attempts generate mapable L Figure 2. Proper device configuration is a key step in CIP alarm indications compliance. • Any access requires valid, strong password - evices that support centralized password D management facilitate the requirement for password control. White paper | 08
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices • sers can be assigned different levels of access U based on need - View Only - Other levels/privileges - dministrator who can control access by other A users • All passwords are stored, hidden or encrypted • quipment should be wiped on disposal, either E by memory erase or physically destroying the microchip if necessary - f a device fails, it might be difficult to effectively I erase memory. Look for devices that have removable media. CIP-008 Incident Reporting and Response Planning relates to the managing and handling of reports and logs. While collecting and storing logs for historical reference is necessary, how that retention is done is determined by the hardware and the organization’s capabilities. • emote electronic download of user logs, SOE R log, system log and control log facilitates data documentation for reports and compliance audit trail, compared to collection via a physical tap. White paper | 09
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Finding your compliance solution CIP guidelines are drawn to identify the desired goal; of patches and updates that are anticipated to be it is up to the organization to institute the hardware, needed for substation devices, the organization software and processes that best allow it to meet might consider segregating the router and substation these goals. controller, excluding the Substation Controller, from the electronic security perimeter. This might For example, the utility can determine where its reduce point-to-point testing time and effort due to physical and electronic security perimeters begin application of patches and upgrades. and end. Figure 3 shows a typical substation where the control house, in essence, is the physical Bottom line: the organization is responsible for security perimeter. Electronic security perimeters are writing the procedures that make compliance to CIP effectively constructed around the devices such as guidelines efficient and effective. router and dial-up control that are communication end points. Depending on the number and frequency Pole top/ remote IEDs SCADA Pole top/ Phone Electronic security Master remote IEDs Pole top/ perimeter remote IEDs Pole top/ remote IEDs Wireless Dial up Router comms Substation DMS/HMI controller Discrete I/Os IEDs Cap IEDs Other smart legacy LTCs relays bank meters devices/IEDs RTU Physical security perimeter Figure 3. The utility should keep the ESP as small as possible. White paper | 10
NERC Critical Infrastructure Protection (CIP) and Security for Field Devices Conclusion One requirement CIP guidelines don’t spell out is the need for adaptability and intra- organization cooperation. Security is an arms race, and the electric utility requires considerable cooperation and integration within the organization to stay agile enough to adapt to changing challenges and still meet compliance. Careful consideration of hardware and software choices will help the utility institute the continual modifications that are needed to meet the moving target of critical infrastructure protection. Flexible asset access controls are a must to mitigate changing risks. Above all, dedicated intra-organization communications and training that emphasize security make every employee part of the solution – and assure that security is a successful process. White paper | 11
©2012 Schneider Electric. All rights reserved. Schneider Electric USA, Inc. 4701 Royal Vista Circle Fort Collins, CO 80528 Phone: -866-537-1091 1 + (34) 9-17-14-70-02 Fax: 1-970-223-5577 www.schneider-electric.com/us June 2012

More Related Content

PPTX
IT전략계획-04.보안 아키텍처
byInGuen Hwang
 
PPTX
Privilege Access Management (PAM -Secret Server).pptx
byS.M.Mustofa Kauser
 
DOCX
Kernel security of Systems
byJamal Jamali
 
PPTX
Understanding Privileged Access Management (PAM)
byBert Blevins
 
PPT
Information security
byLJ PROJECTS
 
PDF
Basics in IT Audit and Application Control Testing
byDinesh O Bareja
 
PPTX
Vulnerability Management: What You Need to Know to Prioritize Risk
byAlienVault
 
PPTX
Cyber Security Standards Compliance
byDr. Prashant Vats
 
IT전략계획-04.보안 아키텍처
byInGuen Hwang
 
Privilege Access Management (PAM -Secret Server).pptx
byS.M.Mustofa Kauser
 
Kernel security of Systems
byJamal Jamali
 
Understanding Privileged Access Management (PAM)
byBert Blevins
 
Information security
byLJ PROJECTS
 
Basics in IT Audit and Application Control Testing
byDinesh O Bareja
 
Vulnerability Management: What You Need to Know to Prioritize Risk
byAlienVault
 
Cyber Security Standards Compliance
byDr. Prashant Vats
 

What's hot

PPTX
Information Security Management System ISO/IEC 27001:2005
byControlCase
 
PPTX
Identity Access Management 101
byOneLogin
 
PPT
Module 2 Foot Printing
byleminhvuong
 
PPTX
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
byContinuity and Resilience
 
PDF
Data Leakage Prevention (DLP)
byNetwork Intelligence India
 
PDF
Vulnerability Management
byasherad
 
PPTX
الأمن السيبراني المحاضره السابعه الطب الشرعي السيبراني
byايمن البيلي
 
PPTX
IBM Security QRadar
byVirginia Fernandez
 
PPTX
Structure of iso 27001
byCUNIX INDIA
 
PPT
Building an Effective Identity Management Strategy
byNetIQ
 
PDF
Information Security It's All About Compliance
byDinesh O Bareja
 
PPTX
QRadar, ArcSight and Splunk
byM sharifi
 
PPTX
Cyber Security Awareness Session for Executives and Non-IT professionals
byKrishna Srikanth Manda
 
PPTX
Chapter- I introduction
byDr.Florence Dayana
 
PDF
CrowdCasts Monthly: Mitigating Pass the Hash
byCrowdStrike
 
PPTX
Security in electronic health records
bysamuelerie
 
PPTX
Honeypot based intrusion detection system PPT
byparthan t
 
PDF
Iso 27001 2013
byMagda CHELLY, Ph.D, S-CISO, CISSP®
 
PDF
DATA LOSS PREVENTION OVERVIEW
bySylvain Martinez
 
PDF
Achieving Defendable Architectures Via Threat Driven Methodologies
byPriyanka Aash
 
Information Security Management System ISO/IEC 27001:2005
byControlCase
 
Identity Access Management 101
byOneLogin
 
Module 2 Foot Printing
byleminhvuong
 
BUSINESS CONTINUITY PLANNING AND RISK MANAGEMENT
byContinuity and Resilience
 
Data Leakage Prevention (DLP)
byNetwork Intelligence India
 
Vulnerability Management
byasherad
 
الأمن السيبراني المحاضره السابعه الطب الشرعي السيبراني
byايمن البيلي
 
IBM Security QRadar
byVirginia Fernandez
 
Structure of iso 27001
byCUNIX INDIA
 
Building an Effective Identity Management Strategy
byNetIQ
 
Information Security It's All About Compliance
byDinesh O Bareja
 
QRadar, ArcSight and Splunk
byM sharifi
 
Cyber Security Awareness Session for Executives and Non-IT professionals
byKrishna Srikanth Manda
 
Chapter- I introduction
byDr.Florence Dayana
 
CrowdCasts Monthly: Mitigating Pass the Hash
byCrowdStrike
 
Security in electronic health records
bysamuelerie
 
Honeypot based intrusion detection system PPT
byparthan t
 
Iso 27001 2013
byMagda CHELLY, Ph.D, S-CISO, CISSP®
 
DATA LOSS PREVENTION OVERVIEW
bySylvain Martinez
 
Achieving Defendable Architectures Via Threat Driven Methodologies
byPriyanka Aash
 

Viewers also liked

PPTX
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
byEnergySec
 
PDF
Structured NERC CIP Process Improvement Using Six Sigma
byEnergySec
 
PDF
Security of the Electric Grid: It's more than just NERC CIP
byEnergySec
 
PPTX
Explore the Implicit Requirements of the NERC CIP RSAWs
byEnergySec
 
PPT
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
byEnergySec
 
PDF
Annotated Version: EU Safer Internet Forum - Rethinking Responses to Young Pe...
byTim Davies
 
PPTX
COBIT 5 IT Governance Model: an Introduction
byaqel aqel
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
byEnergySec
 
Structured NERC CIP Process Improvement Using Six Sigma
byEnergySec
 
Security of the Electric Grid: It's more than just NERC CIP
byEnergySec
 
Explore the Implicit Requirements of the NERC CIP RSAWs
byEnergySec
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
byEnergySec
 
Annotated Version: EU Safer Internet Forum - Rethinking Responses to Young Pe...
byTim Davies
 
COBIT 5 IT Governance Model: an Introduction
byaqel aqel
 

Similar to NERC Critical Infrastructure Protection (CIP) and Security for Field Devices

PDF
White paper scada (2)
byIvan Carmona
 
PPTX
Core security utcpresentation962012
bySeema Sheth-Voss
 
PDF
Advanced Solutions for Critical Infrastructure Protection
byEntrust Datacard
 
PPT
Cybersecurity R&D briefing
byNaba Barkakati
 
PPTX
Shedding Light on Smart Grid & Cyber Security
byTripwire
 
PDF
WP82 Physical Security in Mission Critical Facilities
bySE_NAM_Training
 
PPTX
CSO Magazine Confab 2013 Atlanta - Cyber Security
byPhil Agcaoili
 
PPTX
Extending the 20 critical security controls to gap assessments and security m...
byJohn M. Willis
 
PPT
Six Keys to Securing Critical Infrastructure and NERC Compliance
byLumension
 
PPT
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
byTheAnfieldGroup
 
PDF
White Paper Aaci Data Center Physical Security Mc Donald
byJames McDonald
 
PPT
ch16computer sceurity chapter four and Managing Communication and Network Sec...
byhaymanottaddess2015m
 
PDF
Security and smart grid what you need to know john chowdhury 2012 final
byJohn Chowdhury
 
PPSX
3 Telecom+Network Part1
byAlfred Ouyang
 
PPTX
ppt_cyber.pptx
byNIRAJSINGH339856
 
PDF
Cyber security of critical infrastructure
byNIRAJSINGH339856
 
PDF
Security Authorization: An Approach for Community Cloud Computing Environments
byBooz Allen Hamilton
 
PDF
Standards based security for energy utilities
byNirmal Thaliyil
 
PDF
Afac device-security-july-7-2014v7-2
byKBIZEAU
 
PPTX
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
byJohn Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 
White paper scada (2)
byIvan Carmona
 
Core security utcpresentation962012
bySeema Sheth-Voss
 
Advanced Solutions for Critical Infrastructure Protection
byEntrust Datacard
 
Cybersecurity R&D briefing
byNaba Barkakati
 
Shedding Light on Smart Grid & Cyber Security
byTripwire
 
WP82 Physical Security in Mission Critical Facilities
bySE_NAM_Training
 
CSO Magazine Confab 2013 Atlanta - Cyber Security
byPhil Agcaoili
 
Extending the 20 critical security controls to gap assessments and security m...
byJohn M. Willis
 
Six Keys to Securing Critical Infrastructure and NERC Compliance
byLumension
 
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
byTheAnfieldGroup
 
White Paper Aaci Data Center Physical Security Mc Donald
byJames McDonald
 
ch16computer sceurity chapter four and Managing Communication and Network Sec...
byhaymanottaddess2015m
 
Security and smart grid what you need to know john chowdhury 2012 final
byJohn Chowdhury
 
3 Telecom+Network Part1
byAlfred Ouyang
 
ppt_cyber.pptx
byNIRAJSINGH339856
 
Cyber security of critical infrastructure
byNIRAJSINGH339856
 
Security Authorization: An Approach for Community Cloud Computing Environments
byBooz Allen Hamilton
 
Standards based security for energy utilities
byNirmal Thaliyil
 
Afac device-security-july-7-2014v7-2
byKBIZEAU
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
byJohn Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 

More from Schneider Electric

PPTX
Secure Power Design Considerations
bySchneider Electric
 
PPTX
Digital International Colo Club: Attracting Investors
bySchneider Electric
 
PPTX
32 phaseo power supplies and transformers briefing
bySchneider Electric
 
PDF
Key Industry Trends, M&A Valuation Trends
bySchneider Electric
 
PPTX
EcoStruxure™ for Cloud & Service Providers
bySchneider Electric
 
PPTX
Magelis Basic HMI Briefing
bySchneider Electric
 
PPTX
Zelio Time Electronic Relay Briefing
bySchneider Electric
 
PPTX
Spacial, Thalassa, ClimaSys Universal enclosures Briefing
bySchneider Electric
 
PPTX
Relay Control Zelio SSR Briefing
bySchneider Electric
 
PPTX
Magelis HMI, iPC and software Briefing
bySchneider Electric
 
PPTX
Where will the next 80% improvement in data center performance come from?
bySchneider Electric
 
PDF
EcoStruxure for Intuitive Industries
bySchneider Electric
 
PDF
Systems Integrator Alliance Program 2017
bySchneider Electric
 
PDF
EcoStruxure, IIoT-enabled architecture, delivering value in key segments.
bySchneider Electric
 
PDF
It's time to modernize your industrial controls with Modicon M580
bySchneider Electric
 
PPTX
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
bySchneider Electric
 
PPT
Connected Services Study – Facility Managers Respond to IoT
bySchneider Electric
 
PDF
Telemecanqiue Cabling and Accessories Briefing
bySchneider Electric
 
PDF
Telemecanique Photoelectric Sensors Briefing
bySchneider Electric
 
PDF
Telemecanique Limit Switches Briefing
bySchneider Electric
 
Secure Power Design Considerations
bySchneider Electric
 
Digital International Colo Club: Attracting Investors
bySchneider Electric
 
32 phaseo power supplies and transformers briefing
bySchneider Electric
 
Key Industry Trends, M&A Valuation Trends
bySchneider Electric
 
EcoStruxure™ for Cloud & Service Providers
bySchneider Electric
 
Magelis Basic HMI Briefing
bySchneider Electric
 
Zelio Time Electronic Relay Briefing
bySchneider Electric
 
Spacial, Thalassa, ClimaSys Universal enclosures Briefing
bySchneider Electric
 
Relay Control Zelio SSR Briefing
bySchneider Electric
 
Magelis HMI, iPC and software Briefing
bySchneider Electric
 
Where will the next 80% improvement in data center performance come from?
bySchneider Electric
 
EcoStruxure for Intuitive Industries
bySchneider Electric
 
Systems Integrator Alliance Program 2017
bySchneider Electric
 
EcoStruxure, IIoT-enabled architecture, delivering value in key segments.
bySchneider Electric
 
It's time to modernize your industrial controls with Modicon M580
bySchneider Electric
 
A Practical Guide to Ensuring Business Continuity and High Performance in Hea...
bySchneider Electric
 
Connected Services Study – Facility Managers Respond to IoT
bySchneider Electric
 
Telemecanqiue Cabling and Accessories Briefing
bySchneider Electric
 
Telemecanique Photoelectric Sensors Briefing
bySchneider Electric
 
Telemecanique Limit Switches Briefing
bySchneider Electric
 

Recently uploaded

PDF
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
PDF
What Is a Private LLM and Why Enterprises Need It
byAivada
 
PDF
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PPTX
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PDF
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PDF
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
PDF
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
What Is a Private LLM and Why Enterprises Need It
byAivada
 
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
How to make Ai agents using Google Gemini AI.pptx
bypkluffy111
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 

NERC Critical Infrastructure Protection (CIP) and Security for Field Devices

  • 1.
    NERC Critical Infrastructure Protection(CIP) and Security for Field Devices Compliance principles and requirements Make the most of your energy SM
  • 2.
    Summary Executive Summary .................................................................................... p 1 Introduction ................................................................................................. p 2 Understanding CIP objectives ...................................................................... p 4 Core Security Principles . ............................................................................. p 5 NERC CIP technical control guidelines . ....................................................... p 6 Finding your compliance solution.................................................................. p 10 Conclusion................................................................................................... p 11
  • 3.
    NERC Critical InfrastructureProtection (CIP) and Security for Field Devices Executive summary The North American Electric Reliability Corporation (NERC) maintains a set of Critical Infrastructure Protection (CIP) guidelines that address a broad range of critical cyber asset and cyber security issues. These guidelines describe the security-focused procedures that, in combination with compliant technology, enable secure electric grid operations. The CIP guidelines do not specify the technologies that must be deployed. Instead, they describe the technology design necessary to build an information management architecture that complies with security goals. These goals include the minimizing of administrative authorization needed for operational functions. Rights and privileges are to be assigned to a functional role, not a named individual. Audit trails of field data device and substation activity, similar to control room auditability, must be maintained to assure comprehensive confidence in data and controls. The six CIP guidelines summarized in the paper speak to the procedures and policies that are vital to critical cyber asset security – personnel authorizations; personnel training; security of the information management system’s electronic perimeter; security of the information management system’s physical assets; operational security; and incident reporting and response planning. The utility builds its CIP-compliant program with defined procedures addressing these guidelines, coupled with the hardware and software that enable full implementation of these procedures. Training of all personnel is necessary for effective and efficient compliance. White paper | 01
  • 4.
    NERC Critical InfrastructureProtection (CIP) and Security for Field Devices Introduction In this paper, we target ‘the myth of compliance.’ While the term ‘compliant’ most often refers to products – the software and devices deployed in daily field operations of the electric grid – we at Telvent see security compliance as a ‘process.’ Through our extensive experience working with critical infrastructure asset owners, vendors and regulatory agencies, we know full compliance is achieved only when compliant hardware and software is complemented by information management procedures reflecting strong security principles. Here, we discuss in general how consistent NERC Critical Infrastructure Protection (CIP) compliance reflects best security practices combining: • Core security principles • Technical controls defined by CIP guidelines • strong level of discipline within the user organization and its vendor A organizations White paper | 02
  • 5.
    NERC Critical Infrastructure Protection(CIP) and Security for Field Devices
  • 6.
    NERC Critical InfrastructureProtection (CIP) and Security for Field Devices Understanding CIP objectives What CIP does. CIP provides general security CIP covers both technical and operational guidance toward achieving the minimal level of compliance. It is the combination of compliant security required for safe and secure operations. technology and security-focused procedures that enable CIP-compliant operations; see Figure 1. What CIP does not do. CIP does not prescribe or specify the technologies to be deployed to meet In this way, CIP challenges asset owners to secure operational goals. It defines objectives, consider security a ‘holistic’ issue that actively targets not how the user must achieve them. With the not only system design and installation but also responsibility of meeting secure operations objectives, daily processes. Compliant technology establishes the user also has the choice of which technology will a minimal level of authentication, authorization and best serve its needs in meeting those objectives. audit ability. The asset owner must actively build on that compliance foundation to realize a strong security culture within the organization. Compliance- Secure CIP Compliant Capable Hardware Configuration Devices CIP Compliant Operations CIP Compliant Training Processes Figure 1. Technology, in and of itself, does not impart CIP compliance. Rather, the user must build a program that assures its compliant technology is deployed and operated to create the level of security required to achieve compliance. White paper | 04
  • 7.
    NERC Critical InfrastructureProtection (CIP) and Security for Field Devices Core Security Principles Let’s review the security principles that are fundamental in molding a CIP-compliant information Information management key for management architecture: security – and more Principle of Least Privilege (PoLP). This principle Reliable information management serves describes the technology design – the design critical infrastructure security by – of applications and field devices – that allows • aintaining infrastructure availability – M operation with the minimum amount of administrative preventing acts, intentional or accidental, authorization. A granular-access approach to from interrupting operations operational control limits authority to each employee’s functions; any control authorized beyond defined • reserving data integrity – to support the P operational functions invites errors that could have quality of operational decision-making as well inadvertent, far-reaching impact – and even invite as meet regulatory/auditing scrutiny malicious abuse. The robust information management system also can enforce data confidentiality, allowing it While many legacy systems might not accommodate to be used for: highly granular access, newer technology is being designed to meet this criterion. • Accounting purposes Role-based Access Controls (RbAC). Rights and • Business-critical processes privileges associated with any network device are assigned to an administrative role or job duty, rather • Customer consumption than to a named individual. This approach allows individuals to move in and out of roles within the With compliant information management architecture, organization without complicated re-definition of the asset owner will: that person’s authorization, supporting continuous compliance and limiting authorization errors. It also • Know and control who is allowed to access the supports the centralized management essential in an system efficient, integrated network. • Know and control what each individual is allowed to Audit trails. While maintaining audit trail capability do on the system is familiar in the control room, CIP compliance extends this concept to operation of field devices. • Know and control what can be done by an By maintaining an awareness of field data activity individual based on where the individual is accessing and changes at the device and substation level, the the system user can integrate that data into centralized control with confidence. The intent is to not only provide the • Know what each individual has done on the system means for documenting system management in the recent past but to also enable real-time assessment • Prevent access to critical assets from any location of whether the CIP controls in place are appropriate – where any of the above situations is not true doing their job and meeting compliance goals. White paper | 05
  • 8.
    NERC Critical InfrastructureProtection (CIP) and Security for Field Devices NERC CIP technical control guidelines The NERC CIP document addresses a broad range of Critical Cyber Asset (CCA) and Cyber Security About NERC issues; here, we very briefly review six of the CIP guidelines that apply to operation of electric network The North American Electric Reliability Corporation (NERC) is an international field devices; also see Table 1. The full text of the regulatory authority established to evaluate NERC CIP standard can be found at http://www. reliability of the bulk power system in North nerc.com. America. NERC develops and enforces Reliability Standards; assesses adequacy CIP-003 Security Management Controls describes annually via ten-year forecasts and winter and the development of a cyber security policy and summer forecasts; monitors the bulk power documentation of that policy in a way that it can system; and educates, trains, and certifies industry personnel. NERC is the electric be updated and that all staff is aware of the policy. reliability organization for North America, It discusses management of personnel who have subject to oversight by the U.S. Federal access to the CCAs and identification of users with Energy Regulatory Commission (FERC) and different privileges, roles and responsibilities. governmental authorities in Canada. For more information, visit http://www.nerc.com • he user will want to look for hardware that can be T configured to allow a specific ID for each user and CIP guideline uses vaguely worded phrases such for addition and deletion of privileged users and for as “where technically feasible”; this wording makes users with different levels of access. Hardware that it difficult for the organization to fully understand documents not only access but also documents requirements. details of functions performed during the access is a big advantage; this downloadable User Log will While encryption is not identified specifically as a provide an audit trail for CIP compliance. guideline for ESP access, CIP-005 does speak to: CIP-004 Personnel and Training identifies the • ecurity of dial-up access – unclear if having a S personnel training and awareness recommended password and User Name to access constitutes for supporting security-related operations and ‘secure.’ Use of a ‘call back’ modem or a SCADA- procedures. It cites CCA user identification lists that controlled relay that is closed for access and are reviewed periodically and can be modified to opened when not needed provides adequate change both users and user privileges. security. • evices that accept addition or deletion of users D - n alternative to dial-up connection is the A and/or privileges remotely allow updates quickly Ethernet strategy, providing the IT tunnel that and keep functionalities accurately maintained. eliminates a dial-up channel. Another plus: with employees equipped with cell phones, replacing CIP-005 Electronic Security Perimeter(s) deals dial-up access also eliminates any need for a with identification and protection of ESP access phone line into the substation. points and communications. In some places, this White paper | 06
  • 9.
    NERC Critical InfrastructureProtection (CIP) and Security for Field Devices • ccess denied by default – access requires A TABLE 1 password, and password changeability Summary of CIP Issues • nabling and disabling ports or functions deemed E Requirement NERC CIP Compliant hardware capabilities not needed – at the most basic level, a firewall Standard capability serves this purpose User Access CIP-004 • ndividual user accounts/ I CIP-005 passwords CIP-007 • rivileges defined on a per- P • ppropriate-use banner – in our opinion, most likely A user basis a legal shield • Strong passwords supported • asswords hidden when P • onitoring, logging and warnings for user access or M entered attempted access – simple if the device has alarm Access Control CIP-003 • Passwords can be managed generation and logging ability, most useful if alarm CIP-005 from central location CIP-004 • ultiple admin-type accounts M alert is in real time can be configured • User Log, IP Filter list - onsider hardware that generates an alarm each C Electronic Security CIP-005 • limination of dial-up access E time a user logs in to initiate automatic user Perimeter CIP-003 with use of IP tunnel validation by SCADA or other means. IP Tunnel CIP-007 • Appropriate banner usage • lectronic access logged; can E capability eliminates dial-up access, and IP filter be monitored and alarmed capability adds an additional layer of security. • Port data paths configurable • SSL / SSH LAN CIP-006 Physical Security discusses physical Logging of CIP-003 • Every access attempt logged accessibility to equipment, including: Access and Usage CIP-004 • Resets logged CIP-007 • User changes logged CIP-008 • Time-tagged events logged • Mounting equipment in lockable enclosures Personnel termination/ CIP-004 • ser accounts revocable by U privilege changes CIP-007 administrator • Remote control of locks • ser accounts ‘downgradable’ U to lower level of authority • Access alarms indicating a door or gate is open Security Software CIP-007 • ll software upgrades available A Management for real-time updates • Card keys, video cameras, etc. • Non-Windows-based OS Alerts and CIP-005 • Every access attempt logged • User logged in and failed login attempts Notifications CIP-007 • ccess notification alarms A CIP-008 available to SCADA - evices that can integrate card keys and/or video D initiation with access alarms enhance security of the physical perimeter. White paper | 07
  • 10.
    NERC Critical InfrastructureProtection (CIP) and Security for Field Devices CIP-007 Systems Security Management deals with operating issues such as security patches, The Electronic Security Perimeter virus protection, vendor releases and event logging. References to device security reinforce CIP-005 The majority of ‘surface area of the ESP’ involves field device hardware; see Figure 2. concepts: For this reason, the technical security controls defined by CIP focus on control of access and • bility to enable or disable unused or unneeded A communication of field devices. ports and services – or compensating factor that will mitigate risk, such as physical security • Security patches and firmware upgrades ESP • nti-virus and malware protection – driven by the A Field Devices operating system - erely due to the widespread deployment of M Data Gathering/ Security Risk/Surface Area the Windows® operating system, the use of a Substations non-Windows OS might reduce the possibility of targeted attack. Devices that operate on a Comms non-Windows OS might be inherently immune to typical virus and malware threats and less likely to be targeted by hackers or persons intent on causing harm. In any case, user login monitors and alarms and use of discrete passwords Control System minimize risk. • ndividual, not shared, accounts – as mentioned in I Business Support CIP-003 controls, privileges should be defined on a per-role basis Enterprise Infrastructure - Logs and audit trails – - ogin and failed login attempts generate mapable L Figure 2. Proper device configuration is a key step in CIP alarm indications compliance. • Any access requires valid, strong password - evices that support centralized password D management facilitate the requirement for password control. White paper | 08
  • 11.
    NERC Critical InfrastructureProtection (CIP) and Security for Field Devices • sers can be assigned different levels of access U based on need - View Only - Other levels/privileges - dministrator who can control access by other A users • All passwords are stored, hidden or encrypted • quipment should be wiped on disposal, either E by memory erase or physically destroying the microchip if necessary - f a device fails, it might be difficult to effectively I erase memory. Look for devices that have removable media. CIP-008 Incident Reporting and Response Planning relates to the managing and handling of reports and logs. While collecting and storing logs for historical reference is necessary, how that retention is done is determined by the hardware and the organization’s capabilities. • emote electronic download of user logs, SOE R log, system log and control log facilitates data documentation for reports and compliance audit trail, compared to collection via a physical tap. White paper | 09
  • 12.
    NERC Critical InfrastructureProtection (CIP) and Security for Field Devices Finding your compliance solution CIP guidelines are drawn to identify the desired goal; of patches and updates that are anticipated to be it is up to the organization to institute the hardware, needed for substation devices, the organization software and processes that best allow it to meet might consider segregating the router and substation these goals. controller, excluding the Substation Controller, from the electronic security perimeter. This might For example, the utility can determine where its reduce point-to-point testing time and effort due to physical and electronic security perimeters begin application of patches and upgrades. and end. Figure 3 shows a typical substation where the control house, in essence, is the physical Bottom line: the organization is responsible for security perimeter. Electronic security perimeters are writing the procedures that make compliance to CIP effectively constructed around the devices such as guidelines efficient and effective. router and dial-up control that are communication end points. Depending on the number and frequency Pole top/ remote IEDs SCADA Pole top/ Phone Electronic security Master remote IEDs Pole top/ perimeter remote IEDs Pole top/ remote IEDs Wireless Dial up Router comms Substation DMS/HMI controller Discrete I/Os IEDs Cap IEDs Other smart legacy LTCs relays bank meters devices/IEDs RTU Physical security perimeter Figure 3. The utility should keep the ESP as small as possible. White paper | 10
  • 13.
    NERC Critical InfrastructureProtection (CIP) and Security for Field Devices Conclusion One requirement CIP guidelines don’t spell out is the need for adaptability and intra- organization cooperation. Security is an arms race, and the electric utility requires considerable cooperation and integration within the organization to stay agile enough to adapt to changing challenges and still meet compliance. Careful consideration of hardware and software choices will help the utility institute the continual modifications that are needed to meet the moving target of critical infrastructure protection. Flexible asset access controls are a must to mitigate changing risks. Above all, dedicated intra-organization communications and training that emphasize security make every employee part of the solution – and assure that security is a successful process. White paper | 11
  • 14.
    ©2012 Schneider Electric.All rights reserved. Schneider Electric USA, Inc. 4701 Royal Vista Circle Fort Collins, CO 80528 Phone: -866-537-1091 1 + (34) 9-17-14-70-02 Fax: 1-970-223-5577 www.schneider-electric.com/us June 2012