Securing the facility grid: Are you prepared for NERC CIP’s upcoming mandate?

[ad_1]

A defense-in-depth technique is one which protects organizations from assaults that bypass the primary layer of safety controls. It’s a nicely understood idea, and one which has been adopted by most organizations over time. Nevertheless, till not too long ago, the North American Electrical Reliability Company (NERC) introduced a spot the place regulation required securing the digital safety perimeter (ESP), however there have been no additional safety controls past the community perimeter. If utilities adopted NERC CIP, after which went no additional, they’d be uncovered to assaults that bypassed that first layer of protection.

Upon course from the Federal Vitality Regulatory Fee (FERC), NERC has proposed a set of necessities for Inner Community Safety Monitoring (INSM). INSM is designed to handle these conditions the place the community perimeter has been breached, growing the chance of detecting a compromise. By offering visibility inside the important community, entities could be warned that an assault is in course of and motion could be taken earlier than the assault can propagate.

Identification of belongings and their communication patterns

Cisco Cyber Imaginative and prescient, a deep packet inspection engine inside Cisco industrial IoT community tools, uncovers the smallest particulars of your grid infrastructure. It robotically builds an in depth stock of all grid belongings, together with their communication patterns, vulnerabilities, rack slot configurations, vendor references, serial numbers, and extra. By embedding the sensor inside the community infrastructure, Cisco Cyber Imaginative and prescient provides complete visibility, capturing information passively with out the necessity for costly further home equipment or SPAN cabling.

INSM requires assortment strategies to offer safety worth to handle the perceived dangers the infrastructure faces. Cyber Imaginative and prescient applies a threat rating to all gadgets and gadget teams found within the OT community. Utilizing a mixture of vulnerabilities, actions, and impression, threat scores present a steering of which gadgets needs to be addressed first when implementing risk-management measures.

Evaluating the community in opposition to an anticipated community communication baseline

Utility networks, particularly the communication with an ESP, are normally fairly static. By understanding what’s regular on your community, you may extra simply spot when one thing uncommon occurs. For instance, if a tool all of the sudden begins speaking utilizing a unique protocol, or has began to speak with new gadgets, it’d imply a nasty actor has compromised the gadget.

To satisfy the necessities proposed by NERC, Cyber Imaginative and prescient information could be filtered and saved as a baseline, and any deviations from regular course of behaviors will generate an alert. If the deviation was anticipated, an administrative person can acknowledge and make the brand new norm a part of the baseline. Nevertheless, if the change was surprising, it may be reported and despatched for additional investigation.

Detecting anomalous actions inside the ESP

NERC CIP 005-7, the necessities doc for cybersecurity throughout the ESP, requires a mechanism for detecting recognized or suspected malicious communication for each inbound and outbound communications. Historically, that is achieved through the use of an intrusion detection system (IDS) or intrusion prevention system (IPS) embedded in a boundary firewall.

With the introduction of INSM, this requirement has been prolonged to be used inside the ESP. Firewalls as a know-how are listed, however will solely seize information that crosses the gadget, resulting in tough structure selections on the place to deploy these containers.

Along with its capabilities to detect deviations from a baseline, Cyber Imaginative and prescient leverages Snort to detect malicious site visitors inside the operational community. Snort is the IDS engine used throughout the Cisco portfolio and supported by Talos, one of many world’s largest non-public risk intelligence group and official developer of Snort signature information.

Talos, Cisco’s risk intelligence arm, repeatedly displays the worldwide risk panorama, identifies, and analyses new vulnerabilities, and supplies real-time risk intelligence feeds which are tailor-made to OT programs. Not solely does the Talos experience present risk intelligence for Cyber Imaginative and prescient, however additionally they have a workforce of individuals devoted to assist safe important infrastructure. I like to recommend studying the weblog by Joe Marshall – Serving to to maintain the lights on in Ukraine within the face of digital warfare.

Cisco’s industrial IoT safety answer

Cisco’s industrial IoT safety answer supplies organizations with a phased method to securing their industrial networks. This method concerned constructing the inspiration with good community design and safe elements, utilizing the community to realize visibility throughout the important infrastructure, after which lastly implementing coverage again into the identical community infrastructure for preventative and reactionary measures. INSM is one small piece of a bigger safety technique, and Cisco supplies the constructing blocks for securing the infrastructure throughout LAN, WAN, and Cloud.

 

To be taught extra about NERC-CIP and the way Cisco will help you higher safe your grid operations, examine our white paper or ask for a one-on-one assembly with a Cisco professional.

Share:

[ad_2]


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *