6.1 C
New York
Monday, November 15, 2021

Here is How to Comply With NERC CIP Requirements

Power generation companies within North America are experiencing two major cybersecurity challenges: tackling external hackers and the need to meet the requirements of the updated North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards.

Many cyberattacks that target the electrical grid were reported recently, including Dragonfly 2.0, Industroyer, and Triton/Trisis.

To address these and other threats, NERC has introduced CIP Version 5, which categorizes assets according to medium, high and low impact. The majority of generating stations are classified as low impact.

Here are six ways power companies can enhance their cybersecurity and be in compliance with the NERC CIP.

Execute Security Checks

These controls should incorporate full audits of every ICS action, including the engineering of controllers, such as the update of logic, configuration changes, and downloads and uploads of the firmware. 

Audits allow the power generator’s owners and operators to ensure accountability, responsibility and prevent malicious or incorrect actions that may lead to malfunction or even instability in the power plant.

Segregating BES Equipment

Conducting ICS devices discovery and maintaining an updated inventory of them is an ideal foundation for the security of the assets. The most common devices are engineering and operator workstations and controllers (PLCs, RTUs, DCS controllers). 

It is essential to classify devices, including dormant ones, by model and maker and include the firmware version and serial number. If there are security-related incidents, the information provided will in the speed of recovery and remediation efforts.

Record and Recognize Remote Access

To reduce the chance of a security breach during hacking, it is crucial to detect and record machine-to-machine remote access sessions and interactive ones. Alerts must be issued in real-time if the activity is not authorized, new, or both. 

The alerts should include detailed information on each connection and the type of changes made. This feature allows security personnel to spot security breaches in the perimeter and ensure the system’s security.

Audit Process

To comply with NERC CIP’s recovery program specifications, companies must be equipped to ensure the ongoing stability, operability, and security of the BES in an attack. 

The first step in this strategy is creating a thorough audit trail of any changes made to all devices connected to the ICS network, as well as a log of the baselines of devices by periodic “snapshotting”. This saved and backed up offsite information allows a device or controller to be returned to a previous excellent state. Proven compliance solutions can help prepare for NERC CIP audits. 

Look For Possible Vulnerabilities

Configuration change management allows organizations to maintain a constantly updated inventory of assets and the version numbers of each patch, software, and firmware installed on ICS controllers. The information is constantly compared against the latest vulnerabilities as they are released. Furthermore, this information can be used to provide evidence of the need for an audit arises.

To comply with NERC CIP’s rules regarding vulnerability assessments, companies must carry out at least one vulnerability assessment every 15 months and record the results. It is the only method to achieve this at both the device and network level is to integrate monitoring of network activity and active integrity checks on devices.

Supervise Physical Controls

NERC CIP mandates that generators can detect modifications made to controllers through physical access. For example, integrators or employees connecting to a device using a serial cable or USB device. The mitigation methods are identical to the ones used for attackers who use remote access.

Final Word

The above six steps will help power plant operators comply with NERC CIP standards and create procedures and processes that will provide the security, visibility, and control necessary to avoid cyberattacks that could compromise operating environments.

Latest news

Josie Patra
Josie Patra is a veteran writer with 21 years of experience. She comes with multiple degrees in literature, computer applications, multimedia design, and management. She delves into a plethora of niches and offers expert guidance on finances, stock market, budgeting, marketing strategies, and such other domains. Josie has also authored books on management, productivity, and digital marketing strategies.

Read Also

- Advertisement -


Please enter your comment!
Please enter your name here