Upload File

cip version 5 immersion workshop

41
CIP Version 5 Immersion EnergySec Summit August 19, 2014 Steven Parker Stacy Bresler

Upload: energysec

Post on 22-Jan-2015

297 views

Category:

Technology


0 download

Report

Tags:

DESCRIPTION

 

TRANSCRIPT

  • 1. CIP Version 5 Immersion EnergySec Summit August 19, 2014 Steven Parker Stacy Bresler

2. Welcome Logistics Workshop format Introductions Agenda Overview of major changes in V5 Discussion of key definitions Discussion of key transition issues Q&A 2 3. Major Changes 19 new or revised definitions Bright Line Criteria BES Cyber Assets/Systems High/Medium/Low Requirement Applicability Tables Guidelines and Technical Basis New and relocated requirements 4. Bright Line Criteria Assigns impact levels to BES Cyber Systems associated with Facilities based on specific criteria Provides three levels of impact May depend on 3rd party designations In practice, not so bright. 4 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 5. Impact Levels High Primarily large control centers Medium Primarily large generation, critical generation, major substations, and remaining control centers Low Everything else that meets the definition of BES 5 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 6. Applicability Tables New approach to requirements Each requirement lists in-scope asset types Requirements vary by impact level and type of asset EACMS and PACS are directly listed instead of included by reference. 6 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 7. Guidelines and Technical Basis Provides substantial narrative discussion on the requirements Provides the SDTs intent for certain requirements Discussed the technical basis for certain requirements Contains some conflicting or unsupported statements Legal status is uncertain 7 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 8. Definitions CIP version 5 has 19 new or revised definitions to the NERC Glossary. We will review the most pertinent here today 8 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 9. Cyber Assets Programmable electronic devices, including the hardware, software, and data in those devices. Communication networks have been removed from the definition of Cyber Asset 10. BES Cyber Assets A Cyber Asset that if rendered unavailable, degraded, or misused would, within 15 minutes of its required operation, misoperation, or non-operation, adversely impact one or more Facilities, systems, or equipment, which, if destroyed, degraded, or otherwise rendered unavailable when needed, would affect the reliable operation of the Bulk Electric System. Redundancy of affected Facilities, systems, and equipment shall not be considered when determining adverse impact. Each BES Cyber Asset is included in one or more BES Cyber Systems. (A Cyber Asset is not a BES Cyber Asset if, for 30 consecutive calendar days or less, it is directly connected to a network within an ESP, a Cyber Asset within an ESP, or to a BES Cyber Asset, and it is used for data transfer, vulnerability assessment, maintenance, or troubleshooting purposes.) 11. BES Cyber Assets Steves Translation: A Cyber Asset that, if pwned, would allow a bad guy to disrupt the operation of a facility that meets the Bright Line criteria. 12. BES Cyber Systems One or more BES Cyber Assets logically grouped by a responsible entity to perform one or more reliability tasks for a functional entity 13. BES Cyber System Information Information about the BES Cyber System that could be used to gain unauthorized access or pose a security threat to the BES Cyber System. BES Cyber System Information does not include individual pieces of information that by themselves do not pose a threat or could not be used to allow unauthorized access to BES Cyber Systems, such as, but not limited to, device names, individual IP addresses without context, ESP names, or policy statements. Examples of BES Cyber System Information may include, but are not limited to, security procedures or security information about BES Cyber Systems, Physical Access Control Systems, and Electronic Access Control or Monitoring Systems that is not publicly available and could be used to allow unauthorized access or unauthorized distribution; collections of network addresses; and network topology of the BES Cyber System. 13 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 14. Electronic Access Control or Monitoring Systems Cyber Assets that perform electronic access control or electronic access monitoring of the Electronic Security Perimeter(s) or BES Cyber Systems. This includes Intermediate Devices. 14 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 15. Electronic Access Point A Cyber Asset interface on an Electronic Security Perimeter that allows routable communication between Cyber Assets outside an Electronic Security Perimeter and Cyber Assets inside an Electronic Security Perimeter. Routable communications only Refers to interface, not a device Direction not specified (See External Routable Connectivity) 16. Electronic Security Perimeter [OLD] The logical border surrounding a network to which Critical Cyber Assets are connected and for which access is controlled. [NEW] The logical border surrounding a network to which BES Cyber Systems are connected using a routable protocol. Now limited to routable protocols 17. External Routable Connectivity The ability to access a BES Cyber System from a Cyber Asset that is outside of its associated Electronic Security Perimeter via a bi-directional routable protocol connection. 18. Interactive Remote Access User-initiated access by a person employing a remote access client or other remote access technology using a routable protocol. Remote access originates from a Cyber Asset that is not an Intermediate Device and not located within any of the Responsible Entitys Electronic Security Perimeter(s) or at a defined Electronic Access Point (EAP). Remote access may be initiated from: 1) Cyber Assets used or owned by the Responsible Entity, 2) Cyber Assets used or owned by employees, and 3) Cyber Assets used or owned by vendors, contractors, or consultants. Interactive remote access does not include system-to- system process communications. 19. Interactive Remote Access User-initiated access by a person employing a remote access client or other remote access technology using a routable protocol. Remote access originates from a Cyber Asset that is not an Intermediate Device and not located within any of the Responsible Entitys Electronic Security Perimeter(s) or at a defined Electronic Access Point (EAP). IRA must be controlled pursuant to CIP-005 R2 ESP to ESP access is not covered by this definition By definition, does not include non-routable protocols access Encryption and intermediate devices are required 20. Intermediate System A Cyber Asset or collection of Cyber Assets performing access control to restrict Interactive Remote Access to only authorized users. The Intermediate System must not be located inside the Electronic Security Perimeter. 20 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 21. Questions 22. Top 10 Issues 1. Asset Identification 2. BES Cyber System grouping 3. Impact level assessment 4. New ESP Definitions 5. Detection of Malicious Communications 6. Interactive Remote Access 7. Patch Management 8. Handling of BES Cyber System Information 22 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 23. Top 10 Issues 9. Protection of Physical I/O Ports A. Low Impact Assets B. New Definitions C. Data Preservation During Recovery D. Baseline Configurations E. Vulnerability Assessments F. Security Event Monitoring 10.Documentation Updates 23 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 24. Asset Identification 15 minute criteria BROS Inventory Not your fathers RBAM 24 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 25. BES Cyber System Grouping Definition Logical or not? Considerations Location Connectivity Impact Ratings 25 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 26. Impact Level Assessment Bright Lines Impact ratings are applied to BES Cyber Systems, NOT assets or Facilities Not based on connectivity High includes location consideration Medium does NOT include location Associated with Low Impact 26 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 27. New ESP Definitions Routable protocols only External Routable Connectivity ESP? Cyber System? Cyber Asset? Non-programmable network elements Non-routable connections 27 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 28. Detection of Malicious Communications New requirement Many ways to skin the cat Functional requirement Plausibly effective 28 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 29. Interactive Remote Access New Requirements Intermediate Systems Technical Architecture Placement of IS Multi-factor auth Encryption 29 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 30. Patch Management Source identification Must implement or mitigate New timelines Windows XP TFEs 30 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 31. Handling of BES Cyber System Information New Definition Storage Use Transit BCSI Repositories Disposal and redeployment 31 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 32. Low Impact Assets Implementation of policies Uncertainty on V6 External routable protocol paths Lists vs. inventory 32 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 33. Baseline Configurations New requirements Specific attributes to be collected Broad applicability Change management of configurations 33 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 34. Vulnerability Assessments Not well defined Paper vs. active Not a pen test Documentation and follow up requirements 34 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 35. Security Event Monitoring Functional requirements Plausibly effective Guidance and technical basis comments 35 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 36. Data Preservation During Recovery Recovery plans need to address preservation of forensics evidence Timelines 36 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 37. Protection of Physical I/O Ports Control centers only Does not need to be preventative Device configuration can suffice 37 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 38. Documentation Updates New terminology Renumbered and relocated requirements Cybersecurity policy requirements expanded Nearly all requirements require documented processes 38 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 39. New Definitions and Terminology Time to relearn the language READ THE GLOSSARY! 39 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 40. Questions 41. Thank You Steven H Parker President, EnergySec [email protected] 503.905.2923 (desk) @es_shp (twitter) www.energysec.org


NACE CIP Level II - QTPC CIP Level II.pdf · NACE: CIP Level II Description The CIP ... Successful completion of CIP Level I classroom training or CIP Exam Course I is required to

Welcome to the CIP Workshop! - Southwest Power Pool cip workshop... · 2016. 5. 24. · Welcome to the CIP Workshop! SPP.org ->Regional Entity ->2016 CIP Workshop to: • Download

º--- CIP Workshop 2008 for WARDA CIP, Peru December 9 th, 2008 Bar-coding of CIP’s Genebank and adoption by other CGIAR centers Edwin Rojas System Analyst

PAL/CCE LTER and CIP Participation LTER Social Science ...interoperability.ucsd.edu/docs/05LTERSS_ov.pdf · PAL/CCE LTER and CIP Participation LTER Social Science Workshop August

CIP v5 Advanced Workshop From CIP-‐002-‐3 to CIP-‐002-‐5.1: A

Digital Immersion Workshop for PRSA

Jose Falck Zepeda CIP Communicatons Workshop Nairobi 2010

Capital Investment Plan (CIP) Preparationbrief report to PMU on CIP workshop containing session activities, photographs and list of identified problems/ potential solution 3.2 Major

CIP Professional Services Workshop · 2020. 9. 29. · 3 Event Logistics 1. Welcome to the Virtual CIP Professional Services Workshop. 2. Please ensure to sign in with your name and

Welcome to the Manage to Lead Immersion Program · Welcome to the Manage to Lead Immersion Program: Seven Truths to Help You Change the World Online Overview Workshop Our workshop

WELCOME CIP WORKSHOP HEAVY HIGHWAY CONSTRUCTION …

1 CIP-007-1 Systems Security Management A Compliance Perspective Lew Folkerth CIP Compliance Workshop Baltimore, MD August 19-20, 2009 © ReliabilityFirst

CIP Workshop - Home - Southwest Power Pool spp re cip workshop... · SPP CIP Workshop . 2 . RELIABILITY ... •Reliability Standards Audit Worksheets (RSAWs) will be posted by June

Bulletin CIP. n°5 - rotary-cip-france.org

130130 luxinnovation -europeana cip ict psp workshop

Twitter Immersion Workshop: From Novice to Expert (PRSA-NY)

CIP Virtualization Overview 201602...CIP Virtualization Overview Project 2016-02 – CIP Modifications RF Workshop CIP SDT Members June 2020 Speaker Jay:\爀屲Hello and welcome. I’m

Digital Immersion Workshop For Prsany Dec 09

A Weekend Introductory Workshop. A Five-day Immersion

Mayor and Councilmember Advanced Leadership Workshop ...californiacityfinance.com/MayorCouncilAdvLdrWkshp2019p.pdf · Capital Improvement Program (CIP) •For infrastructure or capital

CIP Professional Services Workshop

CIP Workshop - Southwest Power Pool cip workshop... · 2019-02-08 · CIP Workshop Facility Information (see map) Restrooms: From auditorium, go left out the door, then left again

How To Prepare For A CIP Audit Scott Barker CISSP, CISA CIP Compliance Workshop Baltimore, MD August 19-20, 2009

Business Plan Immersion Tour 2013-14 - Julian · PDF fileThat is the essence of the Immersion Tour 2013-14. ... Band, or Orchestral workshop), The Future of Music Business: The Entreperformer

Lessons Learned from Commission-Led CIP Reliability Audits · 2020. 5. 12. · CIP-004-3, CIP-005-3, CIP-006-3, CIP-007-3, CIP-008-3, and CIP-009-3. 13. The NERC Glossary defines

IVT Veterinary Western Herbal Medicine Immersion Workshop · IVT Veterinary Western Herbal Medicine ... IVT Veterinary Western Herbal Medicine Immersion Workshop ... to be made immediately

CIP Technical Workshop Training/CIP Technical... · 2 RELIABILITY | ACCOUNTABILITY •Welcome •Overview of FERC Order No. 791 •CIP V5 High-level Overview •CIP V5 Core Requirements

SCREW PLUG IMMERSION HEATERS - Industrial Electric Immersion

CIP Experience Days Educational Workshop

CIP-003-6 vs CIP-003-7 - WECC vs CIP-003-7_GStory.pdf · CIP-003-6 vs CIP-003-7 Garret Story Compliance Auditor, Cyber Security WECC Compliance Workshop –Boise ID–March 29, 2018

1 CIP-002-1 Critical Cyber Asset Identification A Compliance Perspective Lew Folkerth CIP Compliance Workshop Baltimore, MD August 19-20, 2009 © ReliabilityFirst

1 CIP-006-1 Physical Security of Critical Cyber Assets A Compliance Perspective Lew Folkerth CIP Compliance Workshop Baltimore, MD August 19-20, 2009 ©

Comment Report - NERC 201602 Modifications to CIP... · Comment Report Project Name: 2016-02 Modifications to CIP Standards | Virtualization Updates for CIP-004, CIP-005, CIP-006,

Tony Purgar CIP Compliance Workshop Baltimore, MD August 19-20, 2009 1

CIP Overview 1. Purposes of the CIP What Does CIP Success Look Like? Identifying the Team Roles of LEA, Principal, and CIP Team CIP Timeline 2