Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
-
Upload
energysec -
Category
Technology
-
view
725 -
download
0
Transcript of Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
![Page 1: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/1.jpg)
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Mark Prince, EntergyTim Erlin, Tripwire
Karl Perman, EnergySec
![Page 2: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/2.jpg)
Logistics• Panelist discussion followed by questions and
answers• All lines other than panelists will be muted• Questions via chat function• Audio and slides will be posted within 72 hours
![Page 3: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/3.jpg)
It’s Interactive
3
Please submit your questions through the control panel to get answers LIVE from our panelists.
![Page 4: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/4.jpg)
Introductions
Mark PrinceManager OT Fossil
Tim ErlinDirector, IT Security and
Risk Strategist@terlin
Karl PermanVP, Member Services
@EnergySec
![Page 5: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/5.jpg)
NERC CIP V5 Pain Points• Asset Identification and Categorization• Change Approval Process • Configuration Management• Compliance Management• Baseline Configuration • Patching• Malware Prevention and Detection• Access Management• Information Protection• Evidence of Compliance• Many manual processes
![Page 6: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/6.jpg)
© 2015 Energy Sector Security Consortium, Inc. 6
General Change Management Process
• Develop baseline configurations• Authorize and document changes to baselines• Update baselines within 30 days• Verify security controls• Pre-change Testing
– High Impact BCS• Configuration Monitoring
– High Impact BCS, EACMS, and PCA
![Page 7: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/7.jpg)
© 2015 Energy Sector Security Consortium, Inc. 7
Configuration Change Management Pain Points
• Number and variety of devices• Every time, every change
– No exceptional circumstances exemption• Identify security controls affected by
the change– CIP-005 and CIP-007
• High Impact needs to have “Double Test”– Once before change, once after change
• Automated system vs. manual process
![Page 8: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/8.jpg)
© 2015 Energy Sector Security Consortium, Inc. 8
Evidence
• What needs to be maintained
• Maintain Documentation• Storage• Automated work flows or
manual processes
![Page 9: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/9.jpg)
9
How did you come into this CIPv5 project?
![Page 10: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/10.jpg)
10
What was your vendor selection process for CIPv5 compliance technologies?
![Page 11: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/11.jpg)
11
What’s the architecture of the environment you’re addressing?
![Page 12: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/12.jpg)
12
Entergy Fossil Generation
![Page 13: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/13.jpg)
13
Lessons Learned
![Page 14: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/14.jpg)
14
Lessons Learned
1. Data diodes and centralized reporting are not mutually exclusive.2. Your budget cycle does not match your audit cycle.3. Consistency creates efficiency.
![Page 15: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/15.jpg)
Tripwire’s NERC Solution Suite
![Page 16: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/16.jpg)
Tripwire helps meet 20 of 32 CIP requirements
![Page 17: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/17.jpg)
17
Tripwire’s NERC CIP Solution
Tripwire Confidential
70% of the Top Electrical Utilities in the U.S. use Tripwire
![Page 18: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/18.jpg)
18
NERC Alliance Network
![Page 19: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/19.jpg)
19
Beyond Compliance to CybersecuritySecuring Critical Infrastructure
Critical Infrastructure is Evolving… …to a more connected energy supply
Tripwire Can HelpNew connections bring new challenges and new threats
![Page 20: Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management](https://reader036.fdocuments.in/reader036/viewer/2022081520/58e7b0cc1a28ab65578b47af/html5/thumbnails/20.jpg)
Q & A
Mark PrinceManager OT Fossil
Tim ErlinDirector, IT Security and
Risk Strategist@terlin
Karl PermanVP, Member Services
@EnergySec