[ad_1]
The electrical grid is the spine of our fashionable society right here in North America. Ensuring its reliability and safety is paramount, which is the place the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) requirements are available. These requirements present a framework for securing the Bulk Electric System (BES) in opposition to cyber threats.
However, with the grid present process vital modernization and elevated connectivity, assembly these stringent cybersecurity necessities presents a posh problem for energy utilities. More linked gadgets imply a bigger assault floor, demanding a sturdy and phased method to safety.
Cisco’s Phased Approach to Industrial Threat Defense
Cisco acknowledges that enhancing your safety posture is a journey. We advocate for a phased method, constructing foundational safety parts that assist subsequent steps, permitting utilities to enhance safety at their very own tempo whereas demonstrating worth. The Cisco Industrial Threat Defense resolution presents a modular and complete set of capabilities designed to deal with the distinctive challenges of securing operational know-how (OT) environments and reaching NERC CIP compliance.
How Cisco Solutions Help Address Key NERC CIP Requirements:
Cisco simply revealed a resolution transient describing the important thing NERC CIP necessities and the way our portfolio can assist utilities to conform. Here is a fast abstract:
- Visibility and Categorization (CIP-002, CIP-015):
- Cisco Cyber Vision: Provides deep packet inspection embedded within the industrial community to routinely uncover and stock all grid belongings, their communication patterns, and vulnerabilities. This visibility is key for categorizing BES Cyber Systems (CIP-002) and is a core part of Internal Network Security Monitoring (INSM) (CIP-015). It helps establish dangers and deviations from anticipated habits.
- Splunk OT Security Add-On: Aggregates knowledge from numerous sources, together with Cyber Vision, to supply asset classification visibility (CIP-002) and helps monitoring for INSM (CIP-015).
- Electronic Security Perimeters (ESPs) and Access Control (CIP-005, CIP-007):
- Cisco Industrial Routers and Secure Firewalls: Serve because the spine for outlining and implementing ESPs. They supply complete Next-Generation Firewall (NGFW) options, stateful inspection, utility management, and built-in intrusion prevention (IDS/IPS) to handle digital entry and block threats on the perimeter (CIP-005, CIP-007). They can implement unified safety insurance policies throughout distributed websites.
- Cisco Secure Equipment Access (SEA): Provides a Zero-Trust Network Access (ZTNA) resolution for safe distant entry, essential for managing vendor and distant person entry to BES Cyber Systems. It enforces least privilege, simply in time entry and helps multi-factor authentication (MFA) in addition to session monitoring/recording (CIP-005).
- Cisco Catalyst Center and Identity Services Engine (ISE): Help handle safety insurance policies centrally throughout switching infrastructure, management bodily port utilization, and implement entry controls by way of IP ACLs or Security Group ACLs (CIP-007).
- Splunk OT Security Add-On: Collects logs from firewalls, routers, switches, and entry methods to observe exercise crossing the ESP boundary (CIP-005) and observe ports, providers, and system entry management occasions (CIP-007).
- System Security Management & Vulnerability Assessment (CIP-007, CIP-010):
- Cisco Catalyst SD-WAN Manager and Catalyst Center: Enable centralized administration of community gadget configurations, serving to stop unauthorized modifications and facilitating the deployment of ‘golden’ configurations (CIP-010). They additionally assist safety occasion monitoring on community infrastructure (CIP-007).
- Cisco Cyber Vision: Identifies vulnerabilities in found belongings and highlights these actively exploited by unhealthy actors to assist prioritize patching. Also displays deviations from community communication baselines (CIP-010).
- Splunk OT Security Add-On: Aggregates logs from numerous sources (firewalls, endpoints, and so forth.) to trace ports/providers, safety occasions, malware alerts, and helps baselining efforts (CIP-007, CIP-010). It additionally helps observe compliance with log retention necessities (CIP-007).
- Incident Reporting, Response, and Recovery (CIP-008, CIP-009):
- Splunk: Acts as a central SIEM for gathering, correlating, and analyzing safety occasions from throughout the community and safety instruments. It helps incident detection, investigation, and reporting, serving to utilities meet the necessities for figuring out and responding to cyber incidents (CIP-008).
- Cisco Catalyst Center and Catalyst SD-WAN Manager: Provide monitoring and restoration capabilities for community tools, supporting the restoration of community infrastructure in case of failure or assault (CIP-009).
- Splunk OT Security Add-On: Provides dashboards to observe notable safety alerts (CIP-008) and brings in knowledge from backup logs and Splunk atmosphere standing to assist restoration plan necessities (CIP-009).
- Information Protection & Supply Chain Risk (CIP-011, CIP-013):
- Cisco Network Infrastructure & Security Policies: Enforce community segmentation and entry controls to guard BES Cyber System Information (BCSI) from unauthorized entry (CIP-011).
- Cisco Security and Trust Organization: Cisco’s dedication to safety is embedded in its Secure Development Lifecycle (SDL), licensed for IEC 62443-4-1. Trustworthy applied sciences like picture signing and safe boot guarantee product integrity. The Cisco Product Security Incident Response Team (PSIRT) handles vendor-identified incidents and supplies vulnerability data, patches, and mitigation recommendation (CIP-013). Cisco can also be an lively contributor to related industrial safety requirements.
A Unified Approach for Enhanced Security
Navigating NERC CIP compliance requires a strategic, solutions-based method. Cisco supplies the constructing blocks and built-in options to assist energy utilities safe their vital infrastructure, improve visibility, and meet regulatory necessities successfully. Have a have a look at our NERC CIP Compliance Solution Brief to raised perceive the necessities and see how Cisco can assist.
I can be presenting a webinar on July17th along with specialists from Burns & McDonnell to debate the brand new Internal Network Security Monitoring (INSM) CIP-015 commonplace and options accessible to assist Utilities comply. Save the date and register now.
Subscribe to the Cisco Industrial IoT Newsletter
Share: