P64x
Power utility responsibilities:
Provide physical security controls and perimeter
monitoring.
Ensure that people who have access to critical cyber
assets don't have criminal records.
3.1.6
CIP 007
CIP 007 covers the following points:
Test procedures
●
Ports and services
●
Security patch management
●
Antivirus
●
●
Account management
Monitoring
●
An annual vulnerability assessment should be performed
●
Power utility responsibilities:
To provide an incident response team and have
appropriate processes in place
3.1.7
CIP 008
CIP 008 requires that an incident response plan be developed, including the definition of an incident response
team, their responsibilities and associated procedures.
Power utility responsibilities:
To provide an incident response team and have
appropriate processes in place.
3.1.8
CIP 009
CIP 009 states that a disaster recovery plan should be created and tested with annual drills.
Power utility responsibilities:
To implement a recovery plan
3.2
IEEE 1686-2007
IEEE 1686-2007 is an IEEE Standard for substation IEDs' cyber-security capabilities. It proposes practical and
achievable mechanisms to achieve secure operations.
The following features described in this standard apply:
Passwords are 8 characters long and can contain upper-case, lower-case, numeric and special characters.
●
Passwords are never displayed or transmitted to a user.
●
P64x-TM-EN-1.3
GE's contribution:
GE cannot provide additional help with this aspect.
GE's contribution:
Test procedures, we can provide advice and help on testing.
Ports and services, our devices can disable unused ports and services
Security patch management, we can provide assistance
Antivirus, we can provide advise and assistance
Account management, we can provide advice and assistance
Monitoring, our equipment monitors and logs access
GE's contribution:
GE cannot provide additional help with this aspect.
GE's contribution:
To provide guidelines on recovery plans and backup/restore
documentation
Chapter 17 - Cyber-Security
379