NERC CIP Integrated Solution

Inventory, Configuration Management, Vulnerability Assessment, Change Control and CIP Reporting for the Bulk Electric System (BES)

The products provided by NovaTech, Tripwire and PAS are interconnected as shown above. The enterprise products reside on corporate servers, each product on a separate server, or consolidated on a single server per user preference. Secure user access to these servers, plus secure remote access to critical assets in control centers, generation plants and substations is ensured through fully monitored and encrypted broadband connections.

OrionLX “Cyber Security Gateways” in substations and generation plants are equipped with software modules to communicate securely with upstream servers. Syslog data are streamed to Tripwire Log Center and critical asset configurations are automatically transferred to the PAS Cyber Integrity server, all over a secure 128-bit encrypted connection. Secure remote, manual engineering access can also be made through this link. Substation Automation software can be added to the OrionLX enabling it to perform additional roles as substation RTU, Math and Logic Processor, Alarm Annunciator, Sequence of Events Recorder or Substation HMI.

Functional Summary

Meeting NERC CIP Requirements  -002 through 011 requires action by both the utility and by solutions providers. The solution provided by NovaTech and our partners perform the following functions.

Access Management

  • Secure Remote Access includes encrypted connection between substation IEDs and enterprise users.
  • User Password Management includes centralized password administration, two-factor authentication, individual users privileges, and role-based access controls
  • IED Password Management includes password change management, support for multiple password levels, and password checkout.

Vulnerability Assessment (once per year)

  • Device Discovery includes active scan of Ethernet devices and discovery of serial devices attached to the OrionLX Security Gateway
  • Open Port Scan includes active scan of open TCP and UDP ports
  • Workflow includes specific steps as required by vulnerability procedure
  • Evidence Capture includes the “proof” to show assessments meet latest NERC CIP-010 V5 requirements.

Configuration Management (continuous)

  • Inventory includes tools for discovery, characterization and classification of cyber assets.
  • Configuration Baseline includes database of critical asset “configurations”; settings files, logic files, custom pages, installed packages, etc.
  • Configuration Change Monitoring includes retrieval of asset configurations from substations, highlighting of changes against Baseline, identification of who made the change, etc.
  • Configuration Policies includes definition of what should be in all assets of a given type; patches, firmware versions, relay settings, etc.

Monitoring and Analysis

  • Security Logging (syslog, etc.) includes collection of logged data from devices in substations, generation plants and control rooms.
  • “SIEM” Security Incident and Event Management includes correlation, visualization, and trend analysis of logged data.
  • Alerts for Unauthorized Changes includes notification to responsible personnel and automatic incident response workflow.


  • Change Testing includes capture of test results and update of configuration policies.
  • Change Implementation includes scheduling, approving and deploying changes, plus reconciling actual changes to approved changes.
  • Patch Assessment includes process for assessing patches for applicability and coordinating patch updates.
  • Incident Response includes workflow triggered automatically based on unreconciled detected changes.
  • Periodic Review includes automatic initiation of a date-based review and approval workflow.

  • Orion Products Overview Brochure  

    The Orion Family of Substation Automation Platforms and I/O perform an expanding array of automation and security applications in electric utility substations, with minimal setup and maintenance. A single Orion can replace multiple legacy boxes in a substation, reducing hardware, design, wiring, and panel costs.

    February 21, 2019

  • TechTalk Summer 2018  

    D650 Master Display
    Bitronics M661P3 Pole Top Power Monitor
    Firmware 9.1 for Orion Family

    August 17, 2018

  • Orion Hot Active: Standby Redundancy  

    A Hot Active – Standby Redundancy capability is now available for the OrionLX and OrionLXm. This new design simplifies operation and diagnostics in multiple redundant substation automation and SCADA applications.

    April 10, 2018

  • NovaTech Orion I/O Application Note  

    NovaTech Orion I/O™ is an extension of the family of OrionLX™ Automation Platforms for substation automation and incorporates the same security features, software tools and “NCD” configuration as the OrionLX. It is a rack-mountable I/O assembly with four slots—A, B, C, and D—that can be filled with any combination of I/O cards: currently 16-Point Discrete Input Card,

    December 12, 2018

  • Pole Top Power Monitoring Solutions  

    NovaTech now offers complete packaged solutions for pole top mounting to support distribution automation applications. Solutions are engineered and packaged per customer specification and can include a user-specified enclosure, locking door with door switch, radio and associated distribution sensors.

    January 29, 2018

  • Additional Datasheets, Application Notes, Customer Success Stories and other documents in our documentation library

  • NovaTech Orion WEBserver SCADA & HMI

    The NovaTech Orion WEBserver uses open-source graphics development, a pre-defined library of faceplates, a tiled alarm annunciator and simple setup to provide small and medium-sized utilities with a robust, low-cost SCADA solution for substation monitoring.

    April 3, 2018

  • Hot Standby Redundancy in OrionLX and OrionLXm

    Hot standby redundancy allows continuous synchronization of substation data in two OrionLX or OrionLXms, providing additional reliability for critical substation automation and SCADA applications.

    April 3, 2018

  • NERC CIP Cyber Security Solutions

    Tripwire and NovaTech jointly present on security solution to meet the latest NERC CIP requirements including Access Management, Security Monitoring, Configuration Management, and Event Analysis.

    March 18, 2016

Your browser is out-of-date!

Update your browser to view this website correctly.Update my browser now