Cyber System-Centric Approach To Cyber Security and CIP

Slides:



Advertisements
Similar presentations
Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
Advertisements

Brent Castagnetto, CBRM, CBRA, MABR Manager, Cyber Security Audits
CIP Cyber Security – Security Management Controls
Update in NERC CIP Activities September 4, Update on CIP Update on Revisions to CIP Version 5  -x Posting  v6 Posting Questions Agenda.
Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 Ports and Services An Audit Approach ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Lew Folkerth, Senior Engineer - Compliance.
Bryan J. Carr, PMP, CISA Compliance Auditor, Cyber Security
Overview of OASIS SOA Reference Architecture Foundation (SOA-RAF)
Security Controls – What Works
Chapter 12 Network Security.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Stephen S. Yau CSE , Fall Security Strategies.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.
SEC835 Database and Web application security Information Security Architecture.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security
Lessons Learned in Smart Grid Cyber Security
HIPAA COMPLIANCE WITH DELL
Federal Energy Regulatory Commission June Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
1 Remote Access Update ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Lew Folkerth, Senior Engineer - Compliance.
Implementing the New Reliability Standards Status of Draft Cyber Security Standards CIP through CIP Larry Bugh ECAR Standard Drafting Team.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Status Report for Critical Infrastructure Protection Advisory Group
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
Project (COM-001-3) Interpersonal Communications Capabilities Michael Cruz-Montes, CenterPoint Energy Senior Consultant, Policy & Compliance, SDT.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
IS3220 Information Technology Infrastructure Security
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Darren T. Nielsen M.Ad, CPP, CISA, PCI, PSP, CHPP, CBRA, CBRM Senior Compliance Auditor, Cyber & Physical Security V5/FERC Order 822 updates February 25,
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption.
11/03/2016.
Dr. Ir. Yeffry Handoko Putra
CompTIA Security+ Study Guide (SY0-401)
Cybersecurity - What’s Next? June 2017
Agenda Control systems defined
ERCOT Technical Advisory Committee June 2, 2005
NERC CIP Implementation – Lessons Learned and Path Forward
CompTIA Security+ Study Guide (SY0-401)
IS4550 Security Policies and Implementation
I have many checklists: how do I get started with cyber security?
NERC Cyber Security Standards Pre-Ballot Review
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
IS4680 Security Auditing for Compliance
NERC Critical Infrastructure Protection Advisory Group (CIP AG)
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Frameworks, Standards, Guidelines, and Best Practices
Compliance Open Webinar
NERC Cyber Security Standard
Reliability Standards Development Plan
Cyber Security Best Practices
How to Mitigate the Consequences What are the Countermeasures?
Control Systems Security Working Group Report
Pillars of Internal Controls Part 1
Group Meeting Ming Hong Tsai Date :
NERC Reliability Standards Development Plan
Larry Bugh ECAR Standard Drafting Team Chair June 1, 2005
2019 Draft Budget Overview Jillian Lessner – Chief Financial Officer
Cyber Security Best Practices
Reliability Assurance Initiative (RAI) 101
Compliance Open Webinar
2019 Draft Budget Overview Jillian Lessner – Chief Financial Officer
NERC Reliability Standards Development Plan
Cyber Security in a Risk Management Framework
IT Management Services Infrastructure Services
Presentation transcript:

Cyber System-Centric Approach To Cyber Security and CIP Morgan King Senior Compliance Auditor – Cyber Security WECC Reliability and Security Workshop San Diego CA – October 23 – 24, 2018 Western Electricity Coordinating Council

Western Electricity Coordinating Council Did We Get CIP v5 Right? We got CIP v5 so right System-centric approach never fully realized Need all perspectives in identifying and resolving the issues Making CIP more manageable, auditable, secure, and resilient Western Electricity Coordinating Council

Western Electricity Coordinating Council By the Numbers https://www.nerc.com/gov/bot/BOTCC/Compliance%20Committee%202013/Presentations_CC_Open_Meeting_August_15_2018.pdf#search=2018%20violations Western Electricity Coordinating Council

Western Electricity Coordinating Council By The Risk https://www.nerc.com/gov/bot/BOTCC/Compliance%20Committee%202013/Presentations_CC_Open_Meeting_August_15_2018.pdf#search=2018%20violations Western Electricity Coordinating Council

Western Electricity Coordinating Council By The Events https://www.nerc.com/AboutNERC/StrategicDocuments/2018_ERO_Enterprise_Metrics_Approved_by_the_NERC_Board_on_November_9_2017.pdf#search=2018%20violations Western Electricity Coordinating Council

Western Electricity Coordinating Council Two Aspects in CIP CIP is a PROGRAM and its elements. CIP-002, CIP-003, CIP-004, CIP-006, CIP-008, CIP-009, CIP-011, CIP-014 CIP has TECHNICAL architecture requirements. CIP-005, CIP-007, CIP-010 Western Electricity Coordinating Council

Western Electricity Coordinating Council Paradigm Shift https://www.biggreendoor.com/wp-content/uploads/znvn774tlxdrpv3lzqhu.png Western Electricity Coordinating Council

Western Electricity Coordinating Council Device-Centric CIP v3 Critical Cyber Assets CIP v5 original concept was to be a paradigm shift from device-centric to a system-centric approach. Cyber Asset Programmable electronic device BES Cyber Asset BES Cyber System Per BES Cyber System / Cyber Asset Capability Western Electricity Coordinating Council

Device-Centric Approach BES Cyber System BES Cyber System BES Cyber System Baseline Baseline Baseline Cyber Asset Cyber Asset Cyber Asset Western Electricity Coordinating Council

Western Electricity Coordinating Council System-Centric Consider that cyber technology in support of reliability is not just a piece of hardware or software, or a communication circuit, but a system intimately associated with the reliability functions it supports. One of the fundamental differences between Versions 4 and 5 of the CIP Cyber Security Standards is the shift from identifying Critical Cyber Assets to identifying BES Cyber Systems.  Western Electricity Coordinating Council

System-Centric Approach Baselines For Like Device Types BES Cyber System BES Cyber System BES Cyber System Western Electricity Coordinating Council

Western Electricity Coordinating Council What If…? We retire some definitions We modify existing or create new definitions concerning devices and networking to include virtualization concepts We create additional technical requirements for securing today’s version of virtualization technology? We change requirements to security-objective-based Technology agnositic Nonprescriptive Backward compatible Future Proof technology agnostic Western Electricity Coordinating Council

CIP Modifications Drafting Team SDT has worked for over a year on designing virtualization-specific language and requirements Electronic Security Zone – to logically isolate systems on shared infrastructure Centralized Management System – to address the risk of virtualization management systems; “fewer, bigger buttons” Issues Very complex Today’s technology and products Continues to evolve Western Electricity Coordinating Council

Western Electricity Coordinating Council CIP SDT White Paper https://www.nerc.com/pa/Stand/Project%20201602%20Modifications%20to%20CIP%20Standards%20RF/2016-02_Virtualization_Outreach_Webinar_Slides_06292018.pdf Western Electricity Coordinating Council

CIP Modifications Drafting Team Definitions Proposed for Retirement BES Cyber Asset Protected Cyber Asset Electronic Security Perimeter Electronic Access Point Electronic Access Control or Monitoring Systems Western Electricity Coordinating Council

Western Electricity Coordinating Council More Change Upon Us Cyber Asset only applicable to (TCA, Removable Media) BES Cyber System Protected Cyber System Electronic Access Control System Electronic Access Monitoring Systems External Routable Connectivity with new objective-based isolation model Interactive Remote Access to address IP-serial conversion scenarios Western Electricity Coordinating Council

Western Electricity Coordinating Council Nonprescriptive CIP-007-6 R3 Part 3.1 “Deploy method(s) to deter, detect, or prevent malicious code.” CIP-007-6 R3 Guidance “Due to the wide range of equipment comprising the BES Cyber Systems and the wide variety of vulnerability and capability of that equipment to malware as well as the constantly evolving threat and resultant tools and controls, it is not practical within the standard to prescribe how malware is to be addressed on each Cyber Asset. Rather, the Responsible Entity determines on a BES Cyber System basis which Cyber Assets have susceptibility to malware intrusions and documents their plans and processes for addressing those risks and provides evidence that they follow those plans and processes.” Western Electricity Coordinating Council

Virtualized Architecture https://www.nerc.com/pa/Stand/Project%20201602%20Modifications%20to%20CIP%20Standards%20RF/2016-02_Virtualization_Outreach_Webinar_Slides_06292018.pdf Western Electricity Coordinating Council

Electronic Security Zone https://www.nerc.com/pa/Stand/Project%20201602%20Modifications%20to%20CIP%20Standards%20RF/2016-02_Virtualization_Outreach_Webinar_Slides_06292018.pdf Western Electricity Coordinating Council

CIP Modifications Drafting Team Is a containerized application a BCA? Or is it just an application? An entities Electronic Access Point is now a policy-based “firewall,” dynamically placed in front of workloads. Access control is now beyond a layer 3 routable protocol level. How does an entity demonstrate compliance with CIP-005? Is SAN part of the same BES Cyber Asset as the virtual machine, is a SAN its own BES Cyber Asset, or is it just a BES Cyber System Information repository since it alone does not perform any BES functions? Western Electricity Coordinating Council

System-Centric Approach Make “BES Cyber System” the foundational object. Requirements apply at the system level. Implement on system as a whole Implement on components that make sense Allows for dynamic components Western Electricity Coordinating Council

Western Electricity Coordinating Council Current CIP-005-5 R1, R2 Western Electricity Coordinating Council

Western Electricity Coordinating Council

Logical Isolation Zone / External Routable Connectivity One or more cyber systems isolated by logical controls that only allow known and controlled communications to or from those systems. External Routable Connectivity Inbound and outbound communication to a logically isolated BES Cyber system initiated from a system that is outside of the Logical Isolation Zone. Western Electricity Coordinating Council

Western Electricity Coordinating Council Proposed CIP-005-6 R1 ` Western Electricity Coordinating Council

Western Electricity Coordinating Council Logical Isolation https://www.nerc.com/pa/Stand/Project%20201602%20Modifications%20to%20CIP%20Standards%20RF/2016-02_CIP_Virtualization_Webinar_Slides_04182017.pdf Western Electricity Coordinating Council

Western Electricity Coordinating Council Logical Isolation https://www.nerc.com/pa/Stand/Project%20201602%20Modifications%20to%20CIP%20Standards%20RF/2016-02_CIP_Virtualization_Webinar_Slides_04182017.pdf Western Electricity Coordinating Council

Sufficient Logical Isolation https://www.nerc.com/pa/Stand/Project%20201602%20Modifications%20to%20CIP%20Standards%20RF/2016-02_CIP_Virtualization_Webinar_Slides_04182017.pdf Western Electricity Coordinating Council

Sufficient Logical Isolation https://www.nerc.com/pa/Stand/Project%20201602%20Modifications%20to%20CIP%20Standards%20RF/2016-02_CIP_Virtualization_Webinar_Slides_04182017.pdf Western Electricity Coordinating Council

Logical Isolation Compared https://www.nerc.com/pa/Stand/Project%20201602%20Modifications%20to%20CIP%20Standards%20RF/2016-02_CIP_Virtualization_Webinar_Slides_04182017.pdf Western Electricity Coordinating Council

NERC CIPC/CIWG Cloud Project Implications of Cloud Services for CIP Assets Underlay / Overlay Certifications Meeting security objectives for applicable systems Western Electricity Coordinating Council

CIWG Cloud Project Tabletop Participants Tri-State SMUD APS MISO AES Ameren? KCP&L? Western Electricity Coordinating Council

Service Provider Participants CoalFire AWS IBM ServiceNow Microsoft FedRAMP PMO? Western Electricity Coordinating Council

Western Electricity Coordinating Council Overlay / Underlay  http://bradhedlund.com/2012/10/06/mind-blowing-l2-l4-network-virtualization-by-midokura-midonet/ Western Electricity Coordinating Council

CIP Obligations / Certifications http://bradhedlund.com/2012/10/06/mind-blowing-l2-l4-network-virtualization-by-midokura-midonet/ Western Electricity Coordinating Council

Western Electricity Coordinating Council CIP Obligations http://techgenix.com/iam-security-best-practices/ Western Electricity Coordinating Council

Western Electricity Coordinating Council CIP Obligations http://techgenix.com/iam-security-best-practices/ Western Electricity Coordinating Council

Western Electricity Coordinating Council Potential Gaps Should there be a notification to utilities when CIP standard are violated? Service provider audit report not shared with others Ensuring the security plan and actual implementation are adequate Western Electricity Coordinating Council

Western Electricity Coordinating Council Concerns Compliance risks for utilities when vendors don’t perform How to address changes to CIP standards with service providers? Mapping to the CMEP How will this be audited and PNCs addressed? Mitigating violations that impact CIP Compliance Western Electricity Coordinating Council

Western Electricity Coordinating Council Review CIP v5 continues to evolve System-centric approach closer to being fully developed Need all perspectives in identifying and resolving the issues Ensuring CIP is more manageable, auditable, secure, and resilient Western Electricity Coordinating Council

Western Electricity Coordinating Council Next Steps Post for informal comment period October 29, 2018. Seeking Standards Committee (SC) authorization to post March 2019. Initial posting March 2019 (if authorized to post by SC). November 1, 2018 Virtualization Webinar. Western Electricity Coordinating Council

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.