The electrical power generation and distribution industries, especially here in the U.S., have a long history in working to improve reliability and security. This history goes back to the establishment of the North American Electric Reliability Council (NERC) in the late 1960s as a response to a widespread blackout in the Northeastern U.S.
NERC became the North American Electric Reliability Corporation (also NERC) in 2006 and was designated by the U.S. Department of Energy as electrical sector coordinator for Critical Infrastructure Protection (CIP). They developed the NERC CIP standards. We highlighted how these standards apply to distributed control systems like the Ovation system in an earlier post, Securing Ovation Systems per NERC CIP Standards.No matter which supplier’s or suppliers’ control system(s) you use, having a comprehensive cybersecurity strategy and suite of technologies is critical to better secure and comply with the standards over time. This is true whether you’re in the power industry or other critical infrastructure industries like water and wastewater.
In this 3:12 YouTube video, Power and Water Cybersecurity Suite, Emerson’s Jaime Foose explains a platform-independent, ICS cybersecurity solution that helps DCS and SCADA system users in the power generation and water/wastewater industries secure their critical assets without process disruption, and meet regulatory requirements like NERC CIP.
Jaime opens the video highlighting many strategies for defending control systems including implementing application whitelisting, ensuring proper configuration/patch management, reducing attack surface areas, building a defendable environment, managing user authentication, monitoring for and responding to threats, and implementing secure remote access.
Of these, application whitelisting and proper configuration / patch management could have prevented more than 65% of cybersecurity events in 2014 and 2015 per the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
As part of an effective DCS cybersecurity program, it’s important to secure this critical infrastructure and protect against vulnerabilities from malware. Since ongoing vigilance is required, solutions such as the Power and Water Cybersecurity Suite help to automate repetitive security tasks like monthly software patching, weekly antivirus updates and performing regular system backups to name but a few. Using automated tools not only reduces time spent performing these tasks but also creates an electronic record that these actions were taken and generates reports to help satisfy appropriate regulatory bodies.
This suite of cybersecurity modules includes technologies from leading suppliers such as McAfee, Acronis and Tripwire and works with Ovation systems as well as those from other global control system suppliers including GE, Siemens, Alstom, Schneider Electric, ABB, Yokogawa and Honeywell.
If you’ll be join us next week in Pittsburgh at the July 23-27, 2017 Ovation Users Group conference, make sure to catch Jaime’s panel on Cybersecurity which will include an ICS-CERT official, representation from a nonprofit industry consortium and end users from the power industry and water industry.