Industrial Cyber Security & NERC CIP

Introduction

Operations technology (OT) is the term used in industrial operations and is comprised of control systems, networks and other industrial automation components that control physical processes and assets.

Control systems are at the heart of the nation’s critical infrastructures, include electric power, oil and gas, water and wastewater, manufacturing, transportation, agriculture, and chemical factories.

Industrial control systems (ICS), which are part of the OT environment in industrial enterprises, encompass several types of control systems including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other smaller control system configurations such as programmable logic controllers (PLC), remote terminal units (RTU), intelligent electronic devices (IED) and other field devices.

ICS systems were originally designed to increase performance, reliability, and safety by reducing manual efforts. Security was achieved by physical isolation, airgap (security by obscurity).

In the recent past attacks such as Stuxnet, Shamoon and Ukraine Energy, organizations have realized the importance of safeguarding the ICS and IT-OT converged environments. Today the world is talking about connecting everything to the internet. As the fourth industrial revolution (Industry 4.0) a term used to draw together cyber-physical systems, Internet of things (IoT) and Internet of Services starts to find more resonance with OEMs, system integrators and asset owners, it is a matter of time that we will see a lot of ICS information being routed to sophisticated applications across the enterprises through a wide area network where security by obscurity is no longer a valid protection. Organizations and States have plans for connecting ICS to the Internet for applications such as smart grids, smart cities, etc. Which significantly increases the risk of intrusion by malicious actors.

Threats to ICS

With ICS increasingly getting integrated with corporate network and Internet for business requirements, it is obvious that ICS is opening itself to the world of attackers. With cyber-attacks continue to escalate in frequency, severity, and impact year after year it is with this concern that it is of paramount importance to ensure cybersecurity around such systems.

Fines/Penalties for NERC CIP

For the second time in less than a year (2016), the North American Electric Reliability Corporation (NERC) has imposed a six-figure penalty on a participant in the electric market for fundamentally failing to comply with the NERC Critical Infrastructure Protection (CIP) standards.

How to Comply with NERC-CIP?

We provide Industrial Cybersecurity services for NERC CIP Compliance and to improve the security posture of your ICS or OT systems from threats. Some of them include the following:

  • ICS risk assessments
  • ICS VAPT
  • Governance Framework
  • Security operations center (SOC)
  • ISA IEC 62443 implementation
  • Smart Grid Audit

Why Accedere for NERC-CIP?

We provide end to end process for NERC CIP Compliance. With Industry 4.0 and use of IoT/ IIoT and Smart Grids as the way forward, the industrial data is moving into the Cloud and increased use of BIG DATA, Security and Privacy concerns are on the rise. We conduct integrated Cybersecurity engagements with privacy engagements. With more stringent fines being imposed by NERC, the cost of compliance is not too high. Our team has more than 10 years of industrial cybersecurity and IT-OT Convergence experience having worked with major organizations across the world.