| Your Challenge: | Meet NERC CIP compliance, protect critical infrastructure from cyber attacks, avoid down-time from security incidents, and integrate new smart grid technologies securely. |
Utilities, energy providers and manufacturers have enormous capital expenditures in plant equipment, process control systems (PCS), supervisory control and data acquisition (SCADA) systems and challenging demand requirements with complex regulatory constraints. Outages can have escalating and cascading effects that can result in enormous direct and indirect costs and consequences.
SCADA and Process Control System Security
Industrial control systems including PCS, industrial automation, distributed control systems (DCS) and SCADA systems are used extensively across the nation’s national critical infrastructure. These control systems are built, operated, and maintained by industrial engineers that typically don’t have experience or knowledge of the information security domain.
Newer smart grid generation and distribution systems (both distributed and remote), as well as their monitoring hold the promise of providing more insight and control into critical infrastructure operations and cost savings, but rely on common Internet and computer networking technologies to deliver their functionality. These new technologies need to be integrated with the proper information security configuration, safeguards, and monitoring to protect them from attack and exploitation.
Legacy industrial control systems must be protected and vulnerabilities mitigated using defense-in-depth principles even with the constraints of proprietary technologies, limited processing power, and fragile interfaces.
NERC CIP Compliance
The North American Electric Reliability Corporation (NERC) maintains cyber security standards for protecting critical infrastructure. The Federal Energy Regulatory Commission (FERC) approved the Critical Infrastructure Protection (CIP) Cyber Security Standards which are designed to protect Critical Cyber Assets. NERC Standards CIP-002-3 through CIP-009-3 provide a cyber security framework to identify and protect Critical Cyber Assets in order to protect the bulk electric system. Learn more about NERC CIP compliance here.
Solutionary offers managed security and consulting services to assist organizations with NERC CIP compliance and the protection of Critical Cyber Assets.
| The Solution: | ActiveGuard Log Monitoring with built-in volume and statistical thresholds, health and welfare monitoring of devices, industrial control monitoring and support for NERC CIP compliance, and the broadest device and platform support available. |
| UP-TIME ASSURANCE: | The ActiveGuard Platform was designed from the ground-up to include volume and statistical thresholds to detect configuration failures and anomalous network traffic scenarios. Nothing can prevent a DoS or DDoS attack from occurring but ActiveGuard Log Monitoring gives you the necessary tools to detect and respond to an impending attack as quickly as possible. In addition, health and welfare monitoring of network and security devices provides critical information that can warn of a failing or saturated device before it causes an outage. |
| OPERATING DATA PROTECTION: | ActiveGuard Log Monitoring has built-in “MSSP cloud-based” data loss detection capabilities to monitor access to and the movement of sensitive files, databases, and information in addition to the broadest industry support for security and compliance devices including the latest cutting-edge DLP technologies. |
| BROAD SUPPORT: | ActiveGuard Log Monitoring can be implemented for everything including industrial controls, mainframes, mid-ranges, and specialty Unix platforms. |
Solutionary has:
- Long-term experience providing security and compliance services for utility companies of all sizes
- Knowledge and experience supporting a comprehensive security program that delivers detection and protection
- The ability to support security and compliance services globally
- Experience and solutions in a broad base of security relevant frameworks (NERC CIP, ISO, SOX, COBIT)
- Experience and solutions in a broad base of security relevant standards (NIST, FFIEC, FDIC, and others)
- Tailored reporting to meet your exact needs
Select from any of our security and compliance services for the utilities industry:
- ActiveGuard Log Monitoring & Log Management
- Vulnerability Management
- Security Device Management
- SecurCompass SaaS Self-Assessment Tools
- Security & Compliance Consulting Services
