Monitoring and Analysis Software

System Logging and Security Monitoring Points

Two NovaTech software products are used for monitoring and analysis of NERC CIP activities in the substation.

OrionLX Syslog

The OrionLX creates a “syslog” of all system alarms and events. These time-stamped logs, which can be sorted and filtered, contain the raw data required for NERC reporting, including who attempted access, what they attempted to do, all connect and disconnect information, records of packages running on Orion, Passthrough attempts to IEDs, and all other connection details. The System Logger function can be configured to make user-selected points available in syslog, including circuit breaker position and other events and alarms in the Orion database not automatically logged to syslog. An automatic transfer of logged events can be set up between the OrionLX (the syslog client) and a remote syslog server, through webpage entries on the “Settings” page. Transfer of logged events to two or more remote servers is also possible.

OrionLX Security Monitoring Points

Security Monitoring Points indicating who how users are connected to an OrionLX can be retrieved and mapped to SCADA or an alarm log.  These points include any of the following:

  • SSH session status
  • Telnet session status
  • HTTP and HTTPS session status
  • Login TTY (serial port) session status
  • FTP session status
  • GDM (keyboard and mouse) session status
  • PPP session status
  • IEC 61131-3 session status
  • “Passthrough” session status
  • Root session status
  • Local or remote session status
  • Name of user logged in
  • How many users logged in
  • Known user login failure indication and name
  • Unknown user login failure indication and name
  • User lockout indication and name
  • NERC CIP Cyber Security Solutions

    Tripwire and NovaTech jointly present on security solution to meet the latest NERC CIP requirements including Access Management, Security Monitoring, Configuration Management, and Event Analysis.

    March 18, 2016

  • NERC CIP Identity and Password Management Software

    This video describes the key features of the NovaTech Identity Manager (NIM) and NovaTech Connection Manager (NCM) products. NovaTech Identity Manager is a Linux LDAP/IPA application for managing users and passwords for OrionLXs and Schweitzer relays to the latest NERC CIP Version 5 requirements. NovaTech Connection Manager establishes a secure connection to OrionLXs and Schweitzer relays in the substation.

    April 29, 2015

  • Review of the New NERC CIP-10 and CIP-11 Webinar

    Within the next two to three years, it is likely that two new NERC CIP requirements will go into effect:
    1. CIP-010-1: Cyber Security – Configuration Change Management and Vulnerability Assessments
    2. CIP-011-1: Cyber Security – Information Protection
    This webinar was held on August 22, 2013. The presentation focuses on learning more about why these were created, where they will be required in the BES, and the latest solutions to address them.The webinar is hosted by Jeremy Anderson, Senior System Engineer. Prior to joining NovaTech, Jeremy designed and implemented a complete NERC CIP compliance system at a southwest US IOU.

    April 6, 2015

  • NERC CIP-007 Webinar

    This webinar, held on July 2nd, 2013, reviews the current requirements of NERC CIP-007 and how to address them using the OrionLX. Topics covered included an online review of OrionLX configurations, the impending changes related to NERC CIP-007-5 (Version5), as well as the following content:

    CIP-007 R2. Ports and Services
    CIP-007 R3. Security Patch Management
    CIP-007 R4. Malicious Software Prevention
    CIP-007 R5. Account Management
    CIP-007 R6. Security Status Monitoring
    CIP-007 R7. Disposal or Redeploymen

    April 6, 2015

  • Complete NERC CIP Solutions

    The NovaTech NERC CIP Password, Configuration and Remote Access Management system is part of an overall NERC CIP solution, which addresses the needs of Protective Relay Engineers, IT Security professionals, and NERC CIP Compliance Managers.

    September 17, 2014

  • NERC CIP Cyber Secure Gateway

    The OrionLX or LXm can serve as a NERC CIP secure substation gateway. Orion connects to substation meters, event recorders, distributed I/O, protective relays and other substation IEDs using any combination of RS232, RS485, Fiber or Ethernet connections and over 30 available IED protocols.

    September 15, 2014

Your browser is out-of-date!

Update your browser to view this website correctly.Update my browser now

×