In an effort to preserve the safe delivery of electricity, the North American Electric Reliability Corporation (NERC) has established standards, guidelines and best practices to address cyber security and the protection of critical infrastructure.
The goal of these Critical Infrastructure Protection (CIP) standards is to help owners and operators prevent cyber attacks on their critical infrastructure, including supervisory control and data acquisition (SCADA) systems.
Threats are becoming increasingly real as SCADA systems and networks run commercially available software and have IP connectivity. This has increased vulnerability in industrial enterprises ranging from mining facilities and utility installations to oil refineries and gas production plants.
SCADA system operators must ensure the integrity of the systems that monitor critical infrastructure. Should these monitoring systems become compromised from malicious or inadvertent software changes, then the service being provided is at risk.
By eliminating vulnerable and malicious applications and delivering configuration, change and process controls, Bit9 helps utilities achieve compliance:
North American Electric Reliability Council (NERC) was formed in 1968 by the electric utility industry to promote the reliability and adequacy of bulk power supply in the electric utility systems of North America. The NERC CIP consists of eight regional reliability councils and encompasses essentially all the power systems of the contiguous United States, Canada and part of Mexico.
The NERC CIP eight reliability standards consist of 160 requirements and it is the most taxing regulation that electric and power companies must address. As of July 1, 2010, utility companies must be able to provide auditable compliance. Failure to provide auditable evidence of compliance will mean the risk of up to $1 million per day, per CIP violation.
Bit9′s trust-based security platform simultaneously helps address NERC CIP-007, R3 (security patching); CIP-007, R4 (anti-malware); and NERC CIP-003, R6 (change control and configuration management) as well as other requirements. In addition, by being able to characterize and classify cyber security incidents and maintain the logs files even after an attacked device has been removed from the environment, the Bit9 Security Platform can also address CIP-008 R1.1 and R2.
The Bit9 Security Platform helps ensure the integrity of SCADA monitoring systems by: