i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS

Similar documents
CYBER SECURITY POLICY REVISION: 12

Cyber security for digital substations. IEC Europe Conference 2017

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

CIP Cyber Security Electronic Security Perimeter(s)

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Designing Secure Remote Access Solutions for Substations

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

Standard CIP Cyber Security Critical Cyber Asset Identification

Title. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.

Alberta Reliability Standard Cyber Security Electronic Security Perimeter(s) CIP-005-AB-5

Standard CIP Cyber Security Critical Cyber Asset Identification

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

Project Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives

CIP Cyber Security Personnel & Training

Standard CIP 005 2a Cyber Security Electronic Security Perimeter(s)

Standard CIP 005 4a Cyber Security Electronic Security Perimeter(s)

CIP Cyber Security Security Management Controls. A. Introduction

This draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791.

Lesson Learned CIP Version 5 Transition Program CIP : Communications and Networking Cyber Assets Version: October 6, 2015

Interactive Remote Access FERC Remote Access Study Compliance Workshop October 27, Eric Weston Compliance Auditor Cyber Security.

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Personnel & Training

Standard CIP Cyber Security Electronic Security Perimeter(s)

Standard CIP Cyber Security Electronic Security Perimeter(s)

Cybersecurity for the Electric Grid

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Standard Development Timeline

A. Introduction 1. Title: 2. Number: 3. Purpose: 4. Applicability: 4.1. Functional Entities: Balancing Authority Distribution Provider

Purpose. ERO Enterprise-Endorsed Implementation Guidance

Compliance: Evidence Requests for Low Impact Requirements

CIP V5 Updates Midwest Energy Association Electrical Operations Conference

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015

Summary of FERC Order No. 791

NB Appendix CIP NB-0 - Cyber Security Personnel & Training

Additional 45-Day Comment Period September Final Ballot is Conducted October/November Board of Trustees (Board) Adoption November 2014

Critical Infrastructure Protection (CIP) Version 5 Revisions. Standard Drafting Team Update Industry Webinar September 19, 2014

NERC CIP Compliance Matrix of RUGGEDCOM CROSSBOW Operating System

Implementation Plan. Project CIP Version 5 Revisions. January 23, 2015

Better Practices to Provide Reasonable Assurance of Compliance with the CIP Standards, Part 2

Cyber Threats? How to Stop?

Implementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015

CIP Cyber Security Physical Security of BES Cyber Systems

Critical Cyber Asset Identification Security Management Controls

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

Standard CIP 004 3a Cyber Security Personnel and Training

CIP Cyber Security Systems Security Management

Reliability Standard Audit Worksheet 1

Low Impact BES Cyber Systems. Cyber Security Security Management Controls CIP Dave Kenney

Violation Risk Factor and Violation Severity Level Justifications Project Modifications to CIP Standards

Standard CIP 007 4a Cyber Security Systems Security Management

NERC CIP Compliance Matrix of RUGGEDCOM ROX II Operating System

CIP Cyber Security Physical Security of BES Cyber Systems

Standard Development Timeline

Standard CIP 007 3a Cyber Security Systems Security Management

Securing the Grid and Your Critical Utility Functions. April 24, 2017

CIP Cyber Security Security Management Controls

Implementation Plan for Version 5 CIP Cyber Security Standards

Unofficial Comment Form Project Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i)

Security in grid control centers: Spectrum Power TM Cyber Security

Cyber Security and Substation Equipment Overview

Standard Development Timeline

Standard CIP-006-1a Cyber Security Physical Security

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices

Standard CIP Cyber Security Systems Security Management

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Standard CIP Cyber Security Systems Security Management

Lesson Learned CIP Version 5 Transition Program

BILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers

Analysis of CIP-006 and CIP-007 Violations

CIP Information Protection

Standard CIP Cyber Security Physical Security

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

CIP Cyber Security Systems Security Management

Standard CIP-006-4c Cyber Security Physical Security

Project Modifications to CIP Standards

Cyber Security in the Digital Substation and Beyond. Energy Management > Energy Automation

Technical Reference [Draft] DRAFT CIP Cyber Security - Supply Chain Management November 2, 2016

Additional 45-Day Comment Period and Ballot November Final Ballot is Conducted January Board of Trustees (Board) Adoption February 2015

Project Modifications to CIP Standards. Technical Conference April 19, 2016 Atlanta, GA

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

Reliability Standard Audit Worksheet 1

_isms_27001_fnd_en_sample_set01_v2, Group A

May SCADA Testbed Cyber-Security Evaluation. Iowa State University. Advisor: Members: Manimaran Govindarasu

Standard CIP Cyber Security Physical Security

CIP V5 Implementation Study SMUD s Experience

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks

Standard CIP-006-3c Cyber Security Physical Security

1. SAR posted for comment on January 15, Standard Drafting Team appointed on January 29, 2014

NERC CIP in the Real World on a Real Budget

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Smart Grid vs. The NERC CIP

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Standard Development Timeline

CIP Cyber Security Physical Security of BES Cyber Systems

QuickBooks Online Security White Paper July 2017

Standard Development Timeline

Transcription:

i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS siemens.com/ruggedcom

INTERACTIVE REMOTE ACCESS INTELLIGENT ELECTRONIC DEVICES Intelligent Electronic Devices (IEDs) Devices that can provide real-time monitoring, measurements, control, and protection of the high voltage power grid assets. These may include meters, relays, Remote Terminal Units (RTUs), Digital Fault Recorders (DFRs), breakers, and transformer monitors.

INTERACTIVE REMOTE ACCESS MOTIVATION ICS-CERT Responses to sector specific cyber security threats across the critical infrastructure sectors in the U.S. in 2014 The most published vulnerabilities in critical infrastructure are in the Energy area. Number of incidents Percentage of incidents Source: The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) https://ics-cert.us-cert.gov/sites/default/files/monitors/ics-cert_monitor_sep2014-feb2015.pdf Percentages related to the total response for 2014

INTERACTIVE REMOTE ACCESS - GUIDANCE Following Key-Guidelines Describing What should be done NERC CIP NIST Cyber Sec. Framework BDEW white paper Compliant with Key-Standards Describing How should it be done ISO/IEC 62443 (System Security) ISO/IEC 62351 (Communication Security) ISO/IEC 27001/27019 (Security Mgmt) Conform to regulatory requirements Describing what must be done IT Security Law Security Catalogue Protection Profile Follow industry standards, i.e. bdew Report on incidents Implementation and Certification of an Information Security Management System (ISMS) Cryptographic requirements for Smart Metering Assessment and certification of ICS systems Auditable compliance is required for bulk power systems (since 2010)

INTERACTIVE REMOTE ACCESS DEFENSE IN DEPTH Defense in depth is the concept of protecting a computer network with a series of defensive mechanisms such that if one mechanism fails, another will already be in place to thwart an attack.

INTERACTIVE REMOTE ACCESS DEFENSE IN DEPTH DEFENSE IN DEPTH House Lights Dog barking House alarm Police called In general, one line of defense may not be enough, but with several systems in place, it can to help to deter.

INTERACTIVE REMOTE ACCESS - NERC CIP REQUIREMENTS CIP STANDARD CIP REQUIREMENT DESCRIPTION CIP-002-5.1 CIP-002-5.1 - Attachment 1 Situational Awareness - includes activities, actions and conditions established by policy, directive or standard operating procedure necessary to assess the current condition of the BES and anticipate effects of planned and unplanned changes to conditions. CIP-005-5 Electronic Security Perimeter To manage electronic access to BES Cyber Systems by specifying a controlled Electronic Security Perimeter in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES. CIP-007-5 CIP-007-6 System Security Management To manage system security by specifying select technical, operational, and procedural requirements in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES. CIP-010-1 CIP-010-2 Configuration Change Management and Vulnerability Assessments To prevent and detect unauthorized changes to BES Cyber Systems by specifying configuration change management and vulnerability assessment requirements in support of protecting BES Cyber Systems from compromise that could lead to misoperation or instability in the Bulk Electric System (BES). NERC addresses security and remote access in requirements like those listed above.

INTERACTIVE REMOTE ACCESS NERC CIP DEFENSE IN DEPTH CIP Table Part Applicability Requirements CIP-004-5.1 R1 1.1 High Impact BES Cyber Systems and Medium Impact BES Cyber Systems CIP-005-5 R1 1.1 High/Medium CIP-005-5 R1 1.2 CIP-005-5 R1 1.3 CIP-005-5 R1 1.5 High w/erc & Medium w/erc EAP for High BES & EAP for Medium BES Cyber Systems EAP for High BES & EAP for Medium BES Cyber Systems Security awareness that, at least once each calendar quarter, reinforces cyber security practices (which may include associated physical security practices) for the Responsible Entity s personnel who have authorized electronic or authorized unescorted physical access to BES Cyber Systems. All applicable Cyber Assets connected to a network via a routable protocol shall reside within a defined ESP All External Routable Connectivity must be through an identified Electronic Access Point (EAP). Require inbound and outbound access permissions, including the reason for granting access, and deny all other access by default. Have one or more methods for detecting known or suspected malicious communications for both inbound and outbound communications. Just some of the process requirements NERC has that help to address Defense in Depth

INTERACTIVE REMOTE ACCESS INTERACTIVE REMOTE ACCESS MGMT NERC requirement for an Intermediate System for High and Medium Impact BES Cyber Systems

INTERACTIVE REMOTE ACCESS - DEFINITIONS Relevant Definitions in the NERC Glossary of Terms: Interactive Remote Access User-initiated access by a person employing a remote access client or other remote access technology using a routable protocol. Remote access originates from a Cyber Asset that is not an Intermediate System and not located within any of the Responsible Entity s Electronic Security Perimeter(s) (ESP) or at a defined Electronic Access Point (EAP). Remote access may be initiated from: 1) Cyber Assets used or owned by the Responsible Entity 2) Cyber Assets used or owned by employees, and 3) Cyber Assets used or owned by vendors, contractors, or consultants. Interactive remote access does not include system-to-system process communications. SOURCE: Lesson Learned : CIP Version 5 Transition Program CIP-005-5 R2: Interactive Remote Access1 Version: April 29, 2015

INTERACTIVE REMOTE ACCESS - DEFINITIONS Relevant Definitions in the NERC Glossary of Terms: Intermediate System A Cyber Asset or collection of Cyber Assets performing access control to restrict Interactive Remote Access to only authorized users. The Intermediate System must not be located inside the Electronic Security Perimeter. SOURCE: Lesson Learned : CIP Version 5 Transition Program CIP-005-5 R2: Interactive Remote Access1 Version: April 29, 2015

INTERACTIVE REMOTE ACCESS REMOTE ACCESS METHODS TUNNELING: Tunnels are typically established through virtual private network (VPN) technologies. Once a VPN tunnel has been established between a remote client device and the organization s VPN gateway, the remote user can access the remote devices. APPLICATION PORTALS: An application portal is a server that offers access to one or more applications through a single centralized interface. REMOTE DESKTOP APPLICATIONS: A remote desktop access solution gives a user the ability to remotely control a particular IED from their remote location. The user has control over the remote device and can access, log in, and configure the remote device. DIRECT APPLICATION ACCESS: Remote access can be accomplished without using remote access software. A teleworker can access an individual application directly, with the application providing its own security (communications encryption, user authentication, etc.)

INTERACTIVE REMOTE ACCESS INTERMEDIATE SYSTEM REQUIREMENTS / INTENT TWO FACTOR AUTHENTICATION ENCRYPTION TERMINATES AT INTERMEDIATE SYSTEM PROVIDES PROTOCOL BREAK

INTERACTIVE REMOTE ACCESS - SUMMARY Cyber Security attacks are up Embrace Cyber Security Best Practices Implement a SECURE Interactive Remote Access solution. There are two types of companies in the world: those that know they've been hacked, and those that don't. *Misha Glenny

INTERACTIVE REMOTE ACCESS Thank you. Questions?

INTERACTIVE REMOTE ACCESS Jeff Foley Business Development Manager SIEMENS RUGGEDSOLUTION Process Industries and Drives Division Phone: +1 (954) 922-7938 E-mail: jeff.foley@siemens.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback