NERC CIP Compliance
NERC CIP compliance focuses on assisting utilities in creating a security plan and process to protect SCADA and other critical infrastructure assets from disruption or cyber-attacks. The North American Electric Reliability Council (NERC) Critical Infrastructure Protection (CIP) standards specify the minimum requirements for compliance and the reliability of the electrical system.
As NERC CIP standards evolve and new technologies emerge, compliance to NERC CIP will become more difficult and complex. Regardless, all organizations who are involved with the bulk electrical network in North America are subject to these standards.
NERC's implementation timeline calls for all organizations to be fully compliant and pass audits by 2010.
Become NERC CIP Standards Compliant
A basic network firewall or security process is not sufficient to become NERC CIP compliant. NERC CIP compliance requires physical, electronic and personnel security, along with training and awareness programs to become certified.
NERC CIP standards require centralized access, information on field components, and the ability to provide access and security of these components. These standards also require documentation and auditing of all critical infrastructure protection programs.
New Std #
|
Topic
|
---|---|
CIP-002-1
|
Critical Cyber Assets
|
CIP-003-1
|
Security Management Controls
|
CIP-004-1
|
Personnel and Training
|
CIP-005-1
|
Electronic Security
|
CIP-006-1
|
Physical Security
|
CIP-007-1
|
Systems Security Management
|
CIP-008-1
|
Incident Reporting and Response Planning
|
CIP-009-1
|
Recovery Plans
|
Electronic Security (CIP-002, 003, 005, 007, and 009)
Critical infrastructure systems must achieve the following to become NERC CIP compliant:
- Create and maintain an inventory of all electronics that are either part of the critical assets list or are necessary to the operation of critical assets
- Restrict access to these critical cyber-assets on a need-to-know basis
- Create an electronic security perimeter (ESP) that prevents unauthorized users from accessing any critical cyber-asset, whether they are outside or inside the corporate network
- Ensure that all electronic cyber-assets are secure via user account management, equipment password management, and secure networking policies
- Implement and successfully test a critical cyber-asset recovery plan
Audits and Documentation (All CIP standards)
All CIP standards require mandatory documentation and review of all procedures and policies each year. Electronic access logs should be maintained for a defined period of time and must be retained for an extended period.
"CIP-005-1 states that the Responsible Entity shall retain electronic access logs for at least ninety calendar days. Logs related to reportable incidents shall be kept in accordance with the requirements of Standard CIP-008."
Reaching NERC CIP Standards Compliance with Tofino
The Tofino Industrial Security Solution can help your organization reach NERC CIP compliance by creating electronic security perimeters around any critical cyber-asset by preventing any unauthorized access. The Tofino Security Appliance (SA) can be installed anywhere in the SCADA network, inside or outside and requires no downtime for installation. Once in place, Tofino SAs are easily configured to control communication between network zones.
The Tofino Security Appliance allows you to combine multiple security technologies in a single industrially hardened security device, including stateful firewall, deep packet inspection for a number of key SCADA protocol and high resilience event logging. Coordinating all Tofino SAs is the Tofino Configurator, an easy to use configuration and monitoring tool designed specifically for SCADA engineers. Details on each of these can be found by clicking below:
- Tofino Industrial Security Solution Overview
- Tofino Security Appliance
- Tofino Loadable Security Modules
- Tofino Configurator
The Firewall Loadable Security Module helps define perimeter defense by managing exactly what network traffic can pass though the electronic security perimeter (ESP) or between internal zones. In addition, the Firewall LSM augments the perimeter defense by providing simultaneous event logging to a remote syslog server and local nonvolatile memory for later download via network or USB storage device.