| NERC CIP |
|
America’s energy infrastructure propels our nation, and the people who are tasked with ensuring the reliability of that infrastructure shoulder an important responsibility. The North American Energy Reliability Corporation (NERC) has identified a set of standards that utilities must meet to protect the reliability of the energy infrastructure. These NERC Critical Infrastructure Protection (CIP) requirements guide the protection of both physical and electronic (“cyber”) assets, and have mandatory compliance deadlines no later than December 2010. Applied Trust has experience auditing and securing SCADA and other infrastructure control systems and has recently helped several clients meet the NERC CIP requirements. Our breadth of IT knowledge across diverse operating systems, applications, and networking architectures helps us identify the most efficient way for utilities to meet the CIP IT security requirements that apply to them. Applied Trust’s Certified SCADA Security Architect (CSSA) provides the highest levels of technical and strategic guidance. We can help with CIP requirements 002 through 009, including: CIP-002: Critical Cyber Asset IdentificationApplied Trust can help you create an inventory of your existing IT hardware and software—without interrupting operations or installing any software. Our network engineers will create clear, concise documentation of critical cyber assets to facilitate compliance audits as well as day-to-day operations. CIP-003: Security Management ControlsIT security policy and governance documents are important, but they need not be dense tomes of legalese. Applied Trust’s workshop-based approach to policy development ensures consensus and the support of the business for IT security policies. Our technical writing team can then create a customized policy set based on the workshop results, and can even update it on an annual basis. CIP-005: Electronic Security Perimeter(s)Almost every utility will implement multiple Electronic Security Perimeters (ESPs), and Applied Trust can help identify appropriate locations for network partitioning and firewalls. By considering ease of network management in addition to high levels of security, we will help you design a network that is reliable, instrumented, and low-maintenance. We recognize that ESPs require protection at multiple layers of the infrastructure stack—from physical connectivity, addressing and routing, to firewalls, auditing, and intrusion prevention. CIP-007: Systems Security ManagementThis section contains the bulk of the technical requirements of CIP, from provisioning IT equipment to disposing of it. Every engineer at Applied Trust carries a pager—we make recommendations based on our real-life experiences with technology, not vendor relationships. We can help you establish secure, CIP-compliant operations practices, backed by reliable tools and infrastructure. CIP-008: Incident Reporting and Response PlanningIncident management and response planning are at the core of our business—read more about our experience with incident management here. CIP-009: Recovery Plans for Critical Cyber AssetsApplied Trust has deep experience with disaster recovery planning—click here to read more about how we can help. Let us bring a practical approach to your standards compliance effort. Call us at (303) 245-4545 or contact us on the Internet.
|