The products provided by NovaTech, Tripwire and PAS are interconnected as shown above. The enterprise products reside on corporate servers, each product on a separate server, or consolidated on a single server per user preference. Secure user access to these servers, plus secure remote access to critical assets in control centers, generation plants and substations is ensured through fully monitored and encrypted broadband connections.
OrionLX “Cyber Security Gateways” in substations and generation plants are equipped with software modules to communicate securely with upstream servers. Syslog data are streamed to Tripwire Log Center and critical asset configurations are automatically transferred to the PAS Cyber Integrity server, all over a secure 128-bit encrypted connection. Secure remote, manual engineering access can also be made through this link. Substation Automation software can be added to the OrionLX enabling it to perform additional roles as substation RTU, Math and Logic Processor, Alarm Annunciator, Sequence of Events Recorder or Substation HMI.
Meeting NERC CIP Requirements -002 through 011 requires action by both the utility and by solutions providers. The solution provided by NovaTech and our partners perform the following functions.
Secure Remote Access includes encrypted connection between substation IEDs and enterprise users.
User Password Management includes centralized password administration, two-factor authentication, individual users privileges, and role-based access controls
IED Password Management includes password change management, support for multiple password levels, and password checkout.
Vulnerability Assessment (once per year)
Device Discovery includes active scan of Ethernet devices and discovery of serial devices attached to the OrionLX Security Gateway
Open Port Scan includes active scan of open TCP and UDP ports
Workflow includes specific steps as required by vulnerability procedure
Evidence Capture includes the “proof” to show assessments meet latest NERC CIP-010 V5 requirements.
Configuration Management (continuous)
Inventory includes tools for discovery, characterization and classification of cyber assets.
Configuration Baseline includes database of critical asset “configurations”; settings files, logic files, custom pages, installed packages, etc.
Configuration Change Monitoring includes retrieval of asset configurations from substations, highlighting of changes against Baseline, identification of who made the change, etc.
Configuration Policies includes definition of what should be in all assets of a given type; patches, firmware versions, relay settings, etc.
Monitoring and Analysis
Security Logging (syslog, etc.) includes collection of logged data from devices in substations, generation plants and control rooms.
“SIEM” Security Incident and Event Management includes correlation, visualization, and trend analysis of logged data.
Alerts for Unauthorized Changes includes notification to responsible personnel and automatic incident response workflow.
Change Testing includes capture of test results and update of configuration policies.
Change Implementation includes scheduling, approving and deploying changes, plus reconciling actual changes to approved changes.
Patch Assessment includes process for assessing patches for applicability and coordinating patch updates.
Incident Response includes workflow triggered automatically based on unreconciled detected changes.
Periodic Review includes automatic initiation of a date-based review and approval workflow.
NovaTech Orion I/O™ is an extension of the family of OrionLX™ Automation Platforms for substation automation and incorporates the same security features, software tools and “NCD” configuration as the OrionLX. It is a rack-mountable I/O assembly with four slots—A, B, C, and D—that can be filled with any combination of I/O cards: currently 16-Point Discrete Input Card,
A presentation by Jeremy Anderson covering the Cyber Security topics including a) The “Intermediate System” – Why Needed, and Design Suggestions b) Reliable Broadband-based Networking System – Not an Option c) The Importance of a Standards-based approach and d) Manual, Semi-Automatic or Fully Automatic Design?
At DistribuTECH 2017, NovaTech is exhibiting the new Orion I/O™ for substations. It delivers NERC CIP-compliant security, the highest I/O density (up to 64 in 2 RU) and the lowest cost per point (under $20). Orion I/O is a member of the OrionLX™ family, which means the right combination of flexibility and ease-of-use.
Rep. Kevin Yoder (3rd Congressional District of Kansas) presented NovaTech a letter of recognition from and an American flag that flew over the Capitol. This award was in recognition of shipping over 20,000 American manufactured products worldwide.
With the rapid adoption of the IEC 61850 standard by many US-based utilities, Distributed Event Recorders are becoming easier to create. Bruce’s presentation explains why the application of fault recorders could…
NovaTech will be represented at the Saudi Arabia Smart Grid Conference on Smart Grid and Renewable Energy (SASG 2017). The purpose of the event is to bring together researchers, designers, developers and practitioners interested in the advances and applications...
January 23, 2018 – January 25, 2018 San Antonio, Texas
Almost half of NovaTech’s business is in Systems and Services including web page design, panel design, math and logic development, Orion configuration, and onsite installation and commissioning. Mark Matassa explains how our engineers can work with you to reduce project execution time at the 2016 DistribuTECH Conference and Exhibition in Orlando, Florida.
This video describes the key features of the NovaTech Identity Manager (NIM) and NovaTech Connection Manager (NCM) products. NovaTech Identity Manager is a Linux LDAP/IPA application for managing users and passwords for OrionLXs and Schweitzer relays to the latest NERC CIP Version 5 requirements. NovaTech Connection Manager establishes a secure connection to OrionLXs and Schweitzer relays in the substation.
Within the next two to three years, it is likely that two new NERC CIP requirements will go into effect:
1. CIP-010-1: Cyber Security – Configuration Change Management and Vulnerability Assessments
2. CIP-011-1: Cyber Security – Information Protection
This webinar was held on August 22, 2013. The presentation focuses on learning more about why these were created, where they will be required in the BES, and the latest solutions to address them.The webinar is hosted by Jeremy Anderson, Senior System Engineer. Prior to joining NovaTech, Jeremy designed and implemented a complete NERC CIP compliance system at a southwest US IOU.