Interactive Remote Access FERC Remote Access Study Compliance Workshop October 27, Eric Weston Compliance Auditor Cyber Security.

Similar documents
Out-of-Band Management

Designing Secure Remote Access Solutions for Substations

Summary of FERC Order No. 791

Lesson Learned CIP Version 5 Transition Program CIP : Communications and Networking Cyber Assets Version: October 6, 2015

Critical Infrastructure Protection Version 5

Cyber Threats? How to Stop?

July 12, Order No. 822, Revised Critical Infrastructure Protection Reliability Standards, 154 FERC 61,037, at P 64 (2016).

Technical Reference [Draft] DRAFT CIP Cyber Security - Supply Chain Management November 2, 2016

About NitroSecurity. Application Data Monitor. Log Mgmt Database Monitor SIEM IDS / IPS. NitroEDB

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

CIP V5 Updates Midwest Energy Association Electrical Operations Conference

EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,

Standard CIP 005 4a Cyber Security Electronic Security Perimeter(s)

Physical Security Reliability Standard Implementation

Standard Development Timeline

Cyber Security Supply Chain Risk Management

Standard CIP Cyber Security Systems Security Management

CIP Cyber Security Electronic Security Perimeter(s)

Project Modifications to CIP Standards. Technical Conference April 19, 2016 Atlanta, GA

i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS

Standard CIP 005 2a Cyber Security Electronic Security Perimeter(s)

Comprehensive Mitigation

Reliability Standard Audit Worksheet 1

Standard CIP 007 3a Cyber Security Systems Security Management

CyberArk Solutions for Secured Remote Interactive Access. Addressing NERC Remote Access Guidance Industry Advisory

Standard CIP 007 4a Cyber Security Systems Security Management

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.

Cyber Security Reliability Standards CIP V5 Transition Guidance:

Implementation Plan for Version 5 CIP Cyber Security Standards

Critical Cyber Asset Identification Security Management Controls

Better Practices to Provide Reasonable Assurance of Compliance with the CIP Standards, Part 2

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

LESSONS LEARNED IN SMART GRID CYBER SECURITY

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION. Foundation for Resilient Societies ) Docket No.

Analysis of CIP-006 and CIP-007 Violations

NERC CIP Compliance Matrix of RUGGEDCOM ROX II Operating System

Standard CIP Cyber Security Systems Security Management

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability AssessmentsManagement

Standard CIP Cyber Security Electronic Security Perimeter(s)

CyberArk Solutions for Secured Remote Interactive Access. Addressing NERC Remote Access Guidance Industry Advisory

CIP 005 R2: Electronic Access Controls

NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks

Standard CIP Cyber Security Electronic Security Perimeter(s)

Unofficial Comment Form Project Modifications to CIP Standards Virtualization in the CIP Environment

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

CIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra

Securing IEDs against Cyber Threats in Critical Substation Automation and Industrial Control Systems

Critical Infrastructure Protection (CIP) Version 5 Revisions. Standard Drafting Team Update Industry Webinar September 19, 2014

Technical Guidance and Examples

Cyber and Physical Security: An Integrated Approach Tim Rigg Managing Director, Enterprise Protective Services

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015

Technical Questions and Answers CIP Version 5 Standards Version: June 13, 2014

Cyber Security Incident Reporting and Response Planning

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

NPCC Compliance Monitoring Team Classroom Session

Standard CIP-006-3c Cyber Security Physical Security

DRAFT Cyber Security Incident Reporting and Response Planning

NERC CIP Compliance Matrix of RUGGEDCOM CROSSBOW Operating System

Implementing Cyber-Security Standards

CIP Cyber Security Systems Security Management

CYBER SECURITY POLICY REVISION: 12

IC32E - Pre-Instructional Survey

CIP Cyber Security Security Management Controls. A. Introduction

Unofficial Comment Form Project Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i)

Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment

Digital Wind Cyber Security from GE Renewable Energy

NB Appendix CIP NB-0 - Cyber Security Recovery Plans for BES Cyber Systems

Cyber Security and Substation Equipment Overview

Lesson Learned CIP Version 5 Transition Program CIP : Communications and Networking Cyber Assets Draft Version: August 18, 2015

Cyber security for digital substations. IEC Europe Conference 2017

A. Introduction. Page 1 of 22

CIP Configuration Change Management & Vulnerability Assessments

Project Retirement of Reliability Standard Requirements

Purpose. ERO Enterprise-Endorsed Implementation Guidance

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

CIP V5 Implementation Study SMUD s Experience

Lesson Learned CIP Version 5 Transition Program

Project Modifications to CIP Standards

DRAFT Voice Communications in a CIP Environment Critical Infrastructure Protection Committee Implementation Recommendation May 22, 2017

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Compliance Exception and Self-Logging Report Q4 2014

Implementation Plan. Project CIP Version 5 Revisions. January 23, 2015

Reliability Standard Audit Worksheet 1

Hang on it s going to be a wild ride

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION ) )

Standard CIP-006-4c Cyber Security Physical Security

Frequently Asked Questions November 25, 2014 CIP Version 5 Standards

Draft CIP Standards Version 5

Implementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015

Security analysis and assessment of threats in European signalling systems?

Table of Contents Table of Contents Disclaimer...4 Executive Summary...5 Background...6 Scope... 6 Audience... 6 Intent... 6 Other Materials... 6 Crit

Port Facility Cyber Security

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION ) )

Access Control and CIP 10/20/2011

March 6, Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices

Frequently Asked Questions CIP Version 5 Standards Consolidated FAQs and Answers Version: October 2015

Transcription:

Interactive Remote Access Compliance Workshop October 27, 2016 Eric Weston Compliance Auditor Cyber Security 2 Agenda Interactive Remote Access Overview Review of Use Cases and Strategy 1

Interactive Remote Access Overview What is Interactive Remote Access? User Initiated Access No direct access from outside the ESP except through an Intermediate System Does Not: Originate from an Intermediate System Reside within any ESP or at an EAP Include System to System Process Communications 3 Interactive Remote Access Overview What is an Intermediate System? Cyber Asset or Collection of Cyber Assets Used to Restrict IRA only to Authorized Users Must not be Located inside the Electronic Security Perimeter 4 2

IRA Use Cases Basic Intermediate System 5 Communications Remote User initiates connection User can is then validated be remote must be connection encrypted using established multi factor with to to the Intermediate systems authentication inside the System ESP IRA Use Cases Multiple Device Intermediate System 6 3

IRA Use Cases Protecting Intermediate System with DMZ 7 IRA Use Cases Jump Host / Bastion Host 8 4

IRA Use Cases Proxy Device 9 10 IRA Mitigating Risk Use IRA Only for Support and Maintenance Limit Access Only to Necessary Users Limit Allowable Protocols Limit Connection Times Keep Number of Devices in the Intermediate System as Few as Possible 5

11 IRA Mitigating Risk Keep Security Patches and Malware Signatures up to date Scrutinize & Review Traffic and User Activities Additional Guidance can be found in the NERC document Guidance for Secure Interactive Remote Access 1 1 http://www.nerc.com/pa/rrm/bpsa/alerts%20dl/2011%20alerts/final Guidance_for_Secure_Interactive_Remote_Access.pdf 12 6

In 1 Order No. 822, FERC directed NERC to perform a study to obtain information to the effectiveness of remote access implementations. NERC must assess: The effectiveness of the CIP version 5 remote access controls; The risks posed by remote access related threats and vulnerabilities; and The appropriate mitigating controls for any identified risks. 13 1 FERC, 2016, Revised Critical Infrastructure Protection Reliability Standards, 154 FERC 61,037, P. 13 Entities audited between July 1, 2016 and May 15, 2017 will be included in the study Information sent to NERC/FERC will be generalized No identifying entity information will be included No network addresses, diagrams, host names, etc. will be included 14 7

Evaluate Entity s Electronic Security Perimeters: Applicable Access Controls Intrusion Detection Capabilities Malware Prevention Capabilities 15 Evaluate Interactive Remote Access: Document Any Notable Strengths or Weaknesses Session Protection and Monitoring Identification and Protection of Intermediate Systems Use of Authentication Risks Posed by Corporate Networks to Intermediate Systems 16 8

Evaluate System to System Communications across ESP and: Protections Provided Communications Protocols Used Any Notable Strengths or Weaknesses 17 Evaluate Vulnerabilities relating to Ukraine Specific Remote Access: Any Implemented Controls to Address the Vulnerabilities 18 9

19 Wrap Up All Interactive Remote Access Must be Provided the Protections of CIP 005 5 R2 and its Parts Intermediate Systems and IRA can be Implemented Many Ways Develop Methods that Work for your Organization IRA is a Potential Vulnerability, Take Steps to Mitigate the Risk is to Evaluate Current Risk Remote Access Creates and How the CIP Standards Help Mitigate that Risk 20 Contact Info Eric Weston 801. 819.7630 eweston@wecc.biz 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback