Power generation companies within North America are experiencing two major cybersecurity challenges: tackling external hackers and the need to meet the requirements of the updated North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards.
Many cyberattacks that target the electrical grid were reported recently, including Dragonfly 2.0, Industroyer, and Triton/Trisis.
To address these and other threats, NERC has introduced CIP Version 5, which categorizes assets according to medium, high and low impact. The majority of generating stations are classified as low impact.
Here are six ways power companies can enhance their cybersecurity and be in compliance with the NERC CIP.
Execute Security Checks
These controls should incorporate full audits of every ICS action, including the engineering of controllers, such as the update of logic, configuration changes, and downloads and uploads of the firmware.
Audits allow the power generator’s owners and operators to ensure accountability, responsibility and prevent malicious or incorrect actions that may lead to malfunction or even instability in the power plant.
Segregating BES Equipment
Conducting ICS devices discovery and maintaining an updated inventory of them is an ideal foundation for the security of the assets. The most common devices are engineering and operator workstations and controllers (PLCs, RTUs, DCS controllers).
It is essential to classify devices, including dormant ones, by model and maker and include the firmware version and serial number. If there are security-related incidents, the information provided will in the speed of recovery and remediation efforts.
Record and Recognize Remote Access
To reduce the chance of a security breach during hacking, it is crucial to detect and record machine-to-machine remote access sessions and interactive ones. Alerts must be issued in real-time if the activity is not authorized, new, or both.
The alerts should include detailed information on each connection and the type of changes made. This feature allows security personnel to spot security breaches in the perimeter and ensure the system’s security.
Audit Process
To comply with NERC CIP’s recovery program specifications, companies must be equipped to ensure the ongoing stability, operability, and security of the BES in an attack.
The first step in this strategy is creating a thorough audit trail of any changes made to all devices connected to the ICS network, as well as a log of the baselines of devices by periodic “snapshotting”. This saved and backed up offsite information allows a device or controller to be returned to a previous excellent state. Proven compliance solutions can help prepare for NERC CIP audits.
Look For Possible Vulnerabilities
Configuration change management allows organizations to maintain a constantly updated inventory of assets and the version numbers of each patch, software, and firmware installed on ICS controllers. The information is constantly compared against the latest vulnerabilities as they are released. Furthermore, this information can be used to provide evidence of the need for an audit arises.
To comply with NERC CIP’s rules regarding vulnerability assessments, companies must carry out at least one vulnerability assessment every 15 months and record the results. It is the only method to achieve this at both the device and network level is to integrate monitoring of network activity and active integrity checks on devices.
Supervise Physical Controls
NERC CIP mandates that generators can detect modifications made to controllers through physical access. For example, integrators or employees connecting to a device using a serial cable or USB device. The mitigation methods are identical to the ones used for attackers who use remote access.
Final Word
The above six steps will help power plant operators comply with NERC CIP standards and create procedures and processes that will provide the security, visibility, and control necessary to avoid cyberattacks that could compromise operating environments.
