NERC CIP Background

NERC CIP Cyber Security Overview

Threats, Methods of Mitigation, and Notification Policies

Nature of Security Threats and Methods of Mitigation

The NERC CIP standards are intended to mitigate the vulnerability of the North American electrical system from attacks that could result in significant disruption to power delivery.  Points of attack are summarized in the diagram below, along with points of authorized access and measures to mitigate vulnerability.

nature method landscape

In December 2013, the Federal Energy Regulatory Commission (FERC) issued Order No. 791 which approved the Version 5 CIP Reliability Standards.  These contain revised versions of the currently effective NERC CIP Reliability Standards, CIP-002-5 through CIP-009-5 as well as two new CIP Reliability Standards, CIP-010-1 and CIP-011-1. Utilities will transition directly from the Version 3 Standards to the Version 5 Standards. Affected energy providers must be compliant for High and Medium Impact BES Cyber Systems by April 1, 2016 and Low Impact BES Cyber Systems by April 1, 2017.  View the complete list of NERC CIP enforceable and soon-to-be-enforceable requirements on the NERC CIP standards website.

NovaTech is aware of the regulatory challenges faced by our customers related to the new realities in the era of NERC CIP. We are also aware that several of our products and services are classified as ‘cyber assets’ which must be audited and maintained by NERC-regulated customers to certify their compliance. Customers requiring software verification of NovaTech products related to vulnerabilities that are identified for cyber assets may request to join our NERC CIP Service Bulletins through the contact form below.

NERC CIP Monitoring

Threats identified by the North American Electric Reliability Corporation (NERC) are monitored and evaluated as to their pertinence to NovaTech products, and we will provide patches and/or recommended actions as appropriate. We use a variety of tools to collect data and drive continuous improvement in the cyber security of our products, from design through manufacturing and product maintenance processes.

We provide regularly updated documentation for any product typically classified as a “critical cyber asset”, including Orion5, Orion5r, OrionLX, OrionLXm, OrionLX-CPX, Orion DCIO and Orion DDIO, and NovaTech Configuration Director.  The documentation identifies a baseline of all required services and ports which routable protocols may access, and which are required for proper operation of the product or system.We monitor industry best practices including ISO, monitor alerts from US-CERT, and appreciate your feedback and suggestions on how we can make improvements.

NERC CIP Service Bulletins

Service Bulletins are issued within two weeks of an alert from NERC which may pertain to NovaTech products.  The Bulletin will notify the customer of the alert and NovaTech’s investigational status: investigating, corrective action required, or no corrective action required. If the mitigation technique has not been finalized at that point, a revised bulletin will follow when the mitigation is ready.  A monthly Bulletin summarizing all NERC monitoring activities and alerts, regardless of applicability, is also provided. When urgent NERC CIP alerts occur, we will notify potentially affected customers via email and provide advisory actions (including operational actions and/or patches) to preserve the integrity and security of their installations.

Summary of Version 5 Changes

Standard Versions 3 & 4 Version 5 Change Compliance Alert & Actions
CIP-002 Identification of Critical Assets Instead of identifying Critical Assets, the Responsible Entity must Identify systems, Facilities, or equipment that meet the criteria specified in CIP-002-5, Attachment 1. Also the addition of Medium Impact and Low Impact criteria adds to the depth of the requirement as well as to its complexity." This is a radical change in the requirements to identifying what systems, facilities, and equipment must be protected according to NERC CIP and what level of protection is required."
CIP-002 Routable Protocol Exemption The exemption of Cyber Assets from applicability to the NERC CIP standards based on communication characteristics no longer applies. The differentiation of serial vs. routable protocol connectivity has been removed." This is a dramatic change from the previous versions of the CIP Standards and will require a complete review of the communications characteristics utilized with all of the field assets.
CIP-005 Inspect & Detect Potential Malicious Communication New requirement to ensure multiple levels of security such that cyber assets do not lose protection if one method fails or is misconfigured; simple redundancy of protection method does not meet this requirement." Additional requirement to inspect communications traffic across the ESPs to provide another level of security in case one measure fails or is misconfigured.
CIP-007 Access Controls, Malware, & Identification of Patch Sources Numerous requirements have been modified, added, or redistributed among the CIP standards. Thorough review of the Cyber Systems Security Management is needed to ensure compliance with the Version 5 standards.
CIP-010 (NEW) (previously parts of CIP-003, CIP-005, & CIP-007) Change Control & Configuration Management and Cyber Vulnerability Assessment Requirements are consolidated and expanded upon to form a new CIP-010 standard that includes requirements for change control and active vulnerability assessments." Process and documentation changes are required to fully comply with this new standard.
CIP-011 (NEW) (previously parts of CIP-003 & CIP-007) Information Protection Requirements for BES Cyber Systems New standard addresses requirements for disposal and redeployment of information and equipment relevant to BES Cyber Systems and the chain of custody outside of the Physical Security Perimeter." Processes, procedures, and documentation regarding the disposal and redeployment of BES Cyber System information and equipment are needed to fully comply with this new standard.

  • NERC CIP Cyber Security Solutions

    Tripwire and NovaTech jointly present on security solution to meet the latest NERC CIP requirements including Access Management, Security Monitoring, Configuration Management, and Event Analysis.

    March 18, 2016

  • NERC CIP Identity and Password Management Software

    This video describes the key features of the NovaTech Identity Manager (NIM) and NovaTech Connection Manager (NCM) products. NovaTech Identity Manager is a Linux LDAP/IPA application for managing users and passwords for OrionLXs and Schweitzer relays to the latest NERC CIP Version 5 requirements. NovaTech Connection Manager establishes a secure connection to OrionLXs and Schweitzer relays in the substation.

    April 29, 2015

  • Review of the New NERC CIP-10 and CIP-11 Webinar

    Within the next two to three years, it is likely that two new NERC CIP requirements will go into effect:
    1. CIP-010-1: Cyber Security – Configuration Change Management and Vulnerability Assessments
    2. CIP-011-1: Cyber Security – Information Protection
    This webinar was held on August 22, 2013. The presentation focuses on learning more about why these were created, where they will be required in the BES, and the latest solutions to address them.The webinar is hosted by Jeremy Anderson, Senior System Engineer. Prior to joining NovaTech, Jeremy designed and implemented a complete NERC CIP compliance system at a southwest US IOU.

    April 6, 2015

  • NERC CIP-007 Webinar

    This webinar, held on July 2nd, 2013, reviews the current requirements of NERC CIP-007 and how to address them using the OrionLX. Topics covered included an online review of OrionLX configurations, the impending changes related to NERC CIP-007-5 (Version5), as well as the following content:

    CIP-007 R2. Ports and Services
    CIP-007 R3. Security Patch Management
    CIP-007 R4. Malicious Software Prevention
    CIP-007 R5. Account Management
    CIP-007 R6. Security Status Monitoring
    CIP-007 R7. Disposal or Redeploymen

    April 6, 2015

  • Complete NERC CIP Solutions

    The NovaTech NERC CIP Password, Configuration and Remote Access Management system is part of an overall NERC CIP solution, which addresses the needs of Protective Relay Engineers, IT Security professionals, and NERC CIP Compliance Managers.

    September 17, 2014

  • NERC CIP Cyber Secure Gateway

    The OrionLX or LXm can serve as a NERC CIP secure substation gateway. Orion connects to substation meters, event recorders, distributed I/O, protective relays and other substation IEDs using any combination of RS232, RS485, Fiber or Ethernet connections and over 30 available IED protocols.

    September 15, 2014

Your browser is out-of-date!

Update your browser to view this website correctly.Update my browser now