Protecting national critical infrastructure like the national electrical grid is a priority for utilities, energy providers and government agencies. The North American Electric Reliability Corporation (NERC) maintains cybersecurity standards for Critical Infrastructure Protection (CIP). NERC Standards CIP-002-3 through CIP-009-3 provide a cybersecurity framework to identify and protect critical cyberassets of the bulk electric system. Perceived and real threats from hackers and cyberterrorists, legislative mandates with the promise of fines for non-compliance, and the opportunity to upgrade network infrastructure are all driving compliance with NERC CIP.
Meeting compliance with NERC CIP is a governance, administration and technical challenge. NERC CIP compliance efforts can be optimized when combined with automation and control updates to infrastructure, to meet compliance as well as smart grid and intelligent utility objectives.
Solutionary Managed Security Services and Security Consulting Services can assist organizations with NERC CIP compliance and the protection of critical cyberassets.
Solutionary services help energy and utility organizations with:
|Assess and Measure Gaps||NERC CIP risk assessments performed by experienced, certified security professionals experienced in dealing with new and legacy industrial control environments; prioritized and actionable recommendations; peer benchmarking.|
|Remediate and Enhance||Experienced, certified security professionals, security program, policy,and procedures design, services, tools and process implementation.|
|Execute and Monitor||NERC CIP compliant Log Monitoring, Log Management, Vulnerability Management and Security Device Management.|
|Demonstrate Compliance||Standard and customizable reporting, secure evidence repository for all NERC CIP compliance related assessments, results and reports; integrated ticketing with assignment, tracking, and journaling.|
|Compliance Activity||Solutionary Services / Capabilities||Regulatory Mapping|
|Assess and Measure Gaps||Security Consulting services; certified security professionals||CIP-002-3, CIP-003-3, CIP-004-3|
|Remediation and Enhancement||Security Consulting Services; certified security professionals; authorized partner consulting services||CIP-003-3, CIP-007-3, CIP-008-3, CIP-009-3|
|Execute and Monitor Security Program||Log Monitoring; Log Management; Vulnerability Management; Security Device Management; authorized partner consulting services||CIP-002-3, CIP-003-3, CIP-005-3, CIP-007-3, CIP-008-3, CIP-009-3|
|Demonstrate Compliance||Evidence Repository; security and compliance reporting; Security Consulting Services||CIP-002-3, CIP-003-3, CIP-004-3, CIP-005-3, CIP-007-3, CIP-008-3, CIP-009-3|
Solutionary services to support NERC CIP compliance include: