Cyber security remains in the forefront of worries for most process manufacturers and electrical power producers. When I saw this news, NitroSecurity and Emerson Deliver Advanced Control System Security and Compliance Automation in my Twitter stream, I checked in with our Power & Water Solutions team to get some more background on what this means.
In the news item, it notes [hyperlinks added]:
The Ovation expert control system‘s existing security features and functionality, coupled with its tightly integrated Power & Water Cybersecurity Suite, are part of Emerson’s ongoing and comprehensive commitment to providing customers with solutions that address evolving cyber security challenges. Through this agreement with NitroSecurity, Emerson has further enhanced the security capabilities of its Ovation system while also helping customers reduce the costs associated with evolving North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards compliance.
For electrical power producers, the NERC website lists the CIP standards related to cyber security to “support reliable operation of the Bulk Electric System” include:
- CIP-002-3 and CIP-002-4: Cyber Security – Critical Cyber Asset Identification
- CIP-003-3 and CIP-003-4: Cyber Security – Security Management Controls
- CIP-004-3 and CIP-004-4: Cyber Security – Personnel & Training
- CIP-005-3a and CIP-005-4a: Cyber Security – Electronic Security Perimeter(s)
- CIP-006-3c and CIP-006-4c: Cyber Security – Physical Security of Critical Cyber Assets
- CIP-007-3 and CIP-007-4: Cyber Security – Systems Security Management
- CIP-008-3 and CIP-008-4: Cyber Security – Incident Reporting and Response Planning
- CIP-009-3 and CIP-009-4: Cyber Security – Recovery Plans for Critical Cyber Assets
I caught up with Emerson’s Roger Pan, whom you may recall from an earlier cyber security-related post. He shared that this relationship adds Security Information & Event Management (SIEM), which provides continuous electronic access monitoring (CIP-005) and security status monitoring (CIP-007). It also adds an intrusion prevention system (IPS) (CIP-005) and log collection, storage, and management (CIP-005).
These capabilities add to the Power & Water Cybersecurity Suite’s user management, DMZ router/firewall, antivirus defense, vulnerability scan and patch management, malware prevention, security patch validation, virus signature validation, security advisories, security assessment, technical feasibility exception (TFE) support, and ports and services documents.
These OSC products and services together help electrical power producers’ compliance efforts in the Electronic Security Perimeter and Systems Security Management cyber security standards.