Nerc Compliance; Cip 002; Cip 003 - GE MiCOM P40 Agile Technical Manual
Hide thumbs
Also See for MiCOM P40 Agile:
- Technical manual (962 pages) ,
- Technical manual (108 pages) ,
- Technical manual (554 pages)
Table of Contents
Advertisement
P44X/EN CS/Hb6
(CS) 15-8
3.1
NERC Compliance
The North American Electric Reliability Corporation (NERC) created a set of standards for
the protection of critical infrastructure. These are known as the CIP standards (Critical
Infrastructure Protection). These were introduced to ensure the protection of Critical Cyber
Assets, which control or have an influence on the reliability of North America's bulk electric
systems.
These standards have been compulsory in the USA for several years now. Compliance
auditing started in June 2007, and utilities face extremely heavy fines for non-compliance.
The group of CIP standards is listed in Table 2.
CIP standard
CIP-002-1 Critical Cyber Assets
CIP-003-1 Security Management Controls
CIP-004-1 Personnel and Training
CIP-005-1 Electronic Security
CIP-006-1 Physical Security
CIP-007-1 Systems Security Management
CIP-008-1 Incident Reporting and
Response Planning
CIP-009-1 Recovery Plans
Table 2: NERC CIP standards
The following sections provide further details about each of these standards, describing the
associated responsibilities of the utility company and where the IED manufacturer can help
the utilities with the necessary compliance to these standards.
3.1.1
CIP 002
CIP 002 concerns itself with the identification of:
• Critical assets, such as overhead lines and transformers
• Critical cyber assets, such as IEDs that use routable protocols to communicate
outside or inside the Electronic Security Perimeter; or are accessible by dial-up.
Power utility responsibilities:
Create the list of the assets
3.1.2
CIP 003
CIP 003 requires the implementation of a cyber security policy, with associated
documentation, which demonstrates the management's commitment and ability to secure its
Critical Cyber Assets.
The standard also requires change control practices whereby all entity or vendor-related
changes to hardware and software components are documented and maintained
MiCOM P40 Agile P441, P442, P444
Description
Define and document the Critical Assets and the Critical
Cyber Assets
Define and document the Security Management
Controls required to protect the Critical Cyber Assets
Define and Document Personnel handling and training
required protecting Critical Cyber Assets
Define and document logical security perimeter where
Critical Cyber Assets reside and measures to control
access points and monitor electronic access
Define and document Physical Security Perimeters
within which Critical Cyber Assets reside
Define and document system test procedures, account
and password management, security patch
management, system vulnerability, system logging,
change control and configuration required for all Critical
Cyber Assets
Define and document procedures necessary when
Cyber Security Incidents relating to Critical Cyber
Assets are identified
Define and document Recovery plans for Critical Cyber
Assets
Contribution:
We can help the power utilities to create this asset
register automatically.
We can provide audits to list the Cyber assets
Cyber Security
Advertisement
Table of Contents
Troubleshooting
