NERC CIP Compliance
NERC CIP compliance focuses on assisting utilities in creating a security plan and process to protect SCADA and other critical infrastructure assets from disruption or cyber-attacks. The North American Electric Reliability Council (NERC) Critical Infrastructure Protection (CIP) standards specify the minimum requirements for compliance and the reliability of the electrical system.
As NERC CIP standards evolve and new technologies emerge, compliance to NERC CIP will become more difficult and complex. Regardless, all organizations who are involved with the bulk electrical network in North America are subject to these standards.
NERC's implementation timeline calls for all organizations to be fully compliant and pass audits by 2010.
Become NERC CIP Standards Compliant
A basic network firewall or security process is not sufficient to become NERC CIP compliant. NERC CIP compliance requires physical, electronic and personnel security, along with training and awareness programs to become certified.
NERC CIP standards require centralized access, information on field components, and the ability to provide access and security of these components. These standards also require documentation and auditing of all critical infrastructure protection programs.
|
New Std #
|
Topic
|
|---|---|
|
CIP-002-1
|
Critical Cyber Assets
|
|
CIP-003-1
|
Security Management Controls
|
|
CIP-004-1
|
Personnel and Training
|
|
CIP-005-1
|
Electronic Security
|
|
CIP-006-1
|
Physical Security
|
|
CIP-007-1
|
Systems Security Management
|
|
CIP-008-1
|
Incident Reporting and Response Planning
|
|
CIP-009-1
|
Recovery Plans
|
Electronic Security (CIP-002, 003, 005, 007, and 009)
Critical infrastructure systems must achieve the following to become NERC CIP compliant:
- Create and maintain an inventory of all electronics that are either part of the critical assets list or are necessary to the operation of critical assets
- Restrict access to these critical cyber-assets on a need-to-know basis
- Create an electronic security perimeter (ESP) that prevents unauthorized users from accessing any critical cyber-asset, whether they are outside or inside the corporate network
- Ensure that all electronic cyber-assets are secure via user account management, equipment password management, and secure networking policies
- Implement and successfully test a critical cyber-asset recovery plan
Audits and Documentation (All CIP standards)
All CIP standards require mandatory documentation and review of all procedures and policies each year. Electronic access logs should be maintained for a defined period of time and must be retained for an extended period.
" CIP-005-1 states that the Responsible Entity shall retain electronic access logs for at least ninety calendar days. Logs related to reportable incidents shall be kept in accordance with the requirements of Standard CIP-008."
CIP-005-1Reaching NERC CIP Standards Compliance with Tofino
The Tofino Industrial Security Solution can help your organization reach NERC CIP compliance by creating electronic security perimeters around any critical cyber-asset by preventing any unauthorized access. The Tofino Security Appliance (SA) can be installed anywhere in the SCADA network, inside or outside and requires no downtime for installation. Once in place, Tofino SAs are easily configured to control communication between network zones.
The Tofino Security Appliance allows you to combine multiple security technologies in a single industrially hardened security device, including stateful firewall, Virtual Private Network (VPN), deep packet inspection for a number of key SCADA protocol and high resilience event logging. Coordinating all Tofino SA’s is the Centralized Management Platform (CMP), an easy to use configuration and monitoring tool designed specifically for SCADA engineers. Details on each of these can be found by clicking below:
- Tofino Industrial Security Solution Overview
- Tofino Security Appliance
- Tofino Loadable Security Modules
- Tofino Central Management Platform
The Firewall Loadable Security Module helps define perimeter defense by managing exactly what network traffic can pass though the electronic security perimeter (ESP) or between internal zones.
The Event Logger Loadable Security Module augments the perimeter defense by collecting events and logs from Tofino Security Appliances and forwarding logs and network events independently to Syslog Servers over UDP, TCP or securely using SSL. As an additional feature, the Tofino Security Appliance can maintain a store of logs in case of a power-outage or network failure.
The Secure Asset Management Loadable Security Module acts as a silent sentry on your network by collecting information about network entities or nodes. New network nodes that are discovered are forwarded back to the Tofino CMP as informational events. The SAM LSM also allows easy firewall rule creation using a technique called Assisted Rule Generation using collected firewall event information.
When combined with the Event Logger LSM, events about network discoveries can be forwarded to a remote Syslog server or stored on the Tofino Security Appliance.
To Learn More About NERC CIP
