SERC CIP007 Webinar Overview - PowerPoint PPT Presentation
1 / 13
Title:
SERC CIP007 Webinar Overview
Description:
... applicable cyber security software patches for all Cyber ... Malicious Software Prevention The Responsible Entity shall use anti-virus software and ... – PowerPoint PPT presentation
Number of Views:64
Avg rating:3.0/5.0
Title: SERC CIP007 Webinar Overview
1
SERC CIP-007 WebinarOverview Lessons
LearnedSeptember 29, 2009
- Chuck Abell
- SERC CIPC Chair
2
CIP-007-1 Systems Security ManagementOverview
- Standard CIP-007 requires Responsible Entities
to define methods, processes, and procedures for
securing those systems determined to be Critical
Cyber Assets, as well as the non-critical Cyber
Assets within the Electronic Security Perimeter
(ESP).
3
CIP-007-1 Systems Security ManagementOverview
- R1 Test Procedures The Responsible Entity shall
ensure that new Cyber Assets and significant
changes to existing Cyber Assets within the ESP
do not adversely affect existing cyber security
controls. - R2 Ports Services The Responsible Entity
shall establish and document a process to ensure
that only those ports and services required for
normal and emergency operations are enabled. - R3 Security Patch Management The Responsible
Entity, either separately or as a component of
the documented configuration management process
specified in CIP-003 R6, shall establish and
document a security patch management program for
tracking, evaluating, testing, and installing
applicable cyber security software patches for
all Cyber Assets within the ESP. - R4 Malicious Software Prevention The
Responsible Entity shall use anti-virus software
and other malicious software (malware)
prevention tools, where technically feasible, to
detect, prevent, deter, and mitigate the
introduction, exposure, and propagation of
malware on all Cyber Assets within the ESP.
4
CIP-007-1 Systems Security ManagementOverview
- R5 Account Management The Responsible Entity
shall establish, implement, and document
technical and procedural controls that enforce
access authentication of, and accountability for,
all user activity, and that minimize the risk of
unauthorized system access. - R6 Security Status Monitoring The Responsible
Entity shall ensure that all Cyber Assets within
the ESP, as technically feasible, implement
automated tools or organizational process
controls to monitor system events that are
related to cyber security. - R7 Disposal or Redeployment The Responsible
Entity shall establish formal methods, processes,
and procedures for disposal or redeployment of
Cyber Assets within the ESP as identified and
documented in Standard CIP-005. - R8 Cyber Vulnerability Assessment The
Responsible Entity shall perform a cyber
vulnerability assessment of all Cyber Assets
within the ESP at least annually. - R9 Documentation Review Maintenance The
Responsible Entity shall review and update the
documentation specified in Standard CIP-007 at
least annually.
5
CIP-007-2 Updates(Approved by NERC, Waiting on
FERC)
- Throughout the version 2 standards, NERC has
removed the usage of reasonable business
judgment and acceptance of risk.
6
CIP-007-2 R2 Updates(Approved by NERC, Waiting
on FERC)
- R2 (Ports and Services) has been reworded to
clarify the Responsible Entity must establish,
document and implement a process to ensure that
only those ports and services required for normal
and emergency operations are enabled.
7
CIP-007-2 R3 Updates(Approved by NERC, Waiting
on FERC)
- R3 (Security Patch Management) has been
reworded to clarify the Responsible Entity must
establish, document and implement a security
patch management program.
8
CIP-007-2 R7 Updates(Approved by NERC, Waiting
on FERC)
- R7 (Disposal or Redeployment) has been reworded
to clarify the Responsible Entity must establish
and implement Disposal or Redeployment methods,
processes, and procedures.
9
CIP-007-2 R9 Updates(Approved by NERC, Waiting
on FERC)
- R9 (Documentation Review and Maintenance) has
been modified to require updates to documentation
within thirty calendar days of the completion of
changes resulting from modifications to systems
or controls.
10
Lessons Learned
- Achieving the compliance level required as of
7/1/09 was hard work. - Following our procedures to maintain compliance
going forward will be even harder. - Be careful what you put in your processes
procedures (you will be found non-compliant if
you dont do what you say you are going to do)
11
Lessons Learned (continued)
- Automate processes wherever possible the
workload can easily become unmanageable. - Education of EMS support staff on new procedures
required for compliance. - R1 Specifically calls for test procedures that
verify changes to a CCA do not change cyber
security controls, not checking for
functionality.
12
Lessons Learned (continued)
- Opted to utilize SEP vs. products such as
TripWire or CoreTraces Bouncer (will
re-evaluate position next year) - Task listing necessary to ensure that stated
responsibilities dont get overlooked. - Mock audits, whether conducted by internal staff
or external resources are critical prior to an
audit provides an objective look
13
Questions?
Charles (Chuck) Abell, PESERC CIPC
Chair Supervising Engineer Transmission
Operations Technical Support Ameren Services,
Corp.Saint Louis, MO 314-554-3817cfabell_at_ameren
.com
Recommended
CrystalGraphics Presentations
