Securing Ovation Systems per NERC CIP Standards

by | Feb 14, 2012 | Control & Safety Systems, Cybersecurity, Industry, Power Generation

Jim Cahill

Chief Blogger, Editor

In the Emerson Exchange 365 community, I saw a post announcing a February 16-17, 2012 Regional Technical Forum for Ovation system users. I got my hands on a few of the presentations, which I hope to share with you over the next few weeks.

Emerson’s Mike DeKlavon, a member of the Power & Water Solutions team, will be presenting, Cyber Alerts: Is Your System Secure? He’ll open with a brief summary of the relevant NERC [North American Electric Reliability Corporation] CIP [Critical Infrastructure Protection] Standards (v3):

  • CIP–002–3 —Critical Cyber Asset Identification
  • CIP–003–3 — Security Management Controls
  • CIP–004–3 — Personnel and Training
  • CIP–005–3 — Electronic Security Perimeter(s)
  • CIP–006–3 — Physical Security
  • CIP–007–3 — Systems Security Management
  • CIP–008–3 — Incident Reporting and Response Planning
  • CIP–009–3 — Recovery Plans for Critical Cyber Assets

Mike will provide a quick update on version 5 of the standard, expected to be in effect in late 2014 or early 2015. It adds two new standards—CIP-010-1: Configuration Management and CIP-011-1: Information Protection. A critical cyber asset (CCA) will become a bulk electric system (BES) cyber asset. Also, asset classifications are more clearly defined based on high, medium, and low impact.

To help power producers meet the current standards and prepare for the coming ones, Mike highlights products, services, and business process support. Current products, as part of Ovation System Security, include user management, DMZ router/firewall, anti-virus defense, vulnerability scanning and patch management, malware prevention, and security incident & event management. More coverage is coming in log management, network attached storage, intrusion detection, Ovation workstation & controller hardening, and backup & restore functions.

From a services perspective, these include security patch validations, virus signature validations, ports & services documents, security assessments, annual Ovation System Security support, and technical feasibility exception (TFE) support. Security certification services will be added. From a business process perspective, Ovation-CERT [Cyber Emergency Response Team] provides fast track review and response to security threats and emergencies. A Security Solutions Steering Committee reviews products, services, and business practices to adapt to changing security threats. Teams of CIP & Security Subject Matter Experts have been formed to work in Power projects and assist throughout the lifecycle of the facility.

If you’ll be at the Regional Technical Forum, make sure to connect with Mike to discuss your cyber security related questions and concerns.

MP3

[audio:https://www.emersonautomationexperts.com/wp-content/uploads/2012/02/Securing-Ovation-Systems-per-NERC-CIP-Standards.mp3]

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe for Updates

Follow Us

We invite you to follow us on Facebook, LinkedIn, Twitter and YouTube to keep up to date on all the latest news, events and innovations to help you take on and solve your toughest challenges.

Want to re-purpose, reuse or translate content?

Please do, Just link back to the post and send us a quick note so we can share your work. Thanks!

Our Global Community

Emerson Exchange 365

The opinions expressed here are the personal opinions of the authors. Content published here is not read or approved by Emerson before it is posted and does not necessarily represent the views and opinions of Emerson.