When it comes to cyber security, RuggedCom has the most complete line of substation hardened communication devices with built in cyber security features necessary to comply with the North American Electric Reliability Council (NERC) Critical Infrastructure Protection (CIP) requirements.

Read more below to learn about NERC compliance and how RuggedCom products can be used as part of an integrated cyber security solution.

NERC Cyber Security

The purpose of NERC's new cyber security standards is to ensure that all entities responsible for the reliability of the bulk electric systems of North America identify and protect critical cyber assets that control or could impact the reliability of the bulk electric systems. An urgent action cyber security standard was initially adopted in August 2003 and renewed for a second year in August 2004. NERC adopted permanent cyber security standards on May 2, 2006. On June 4, 2007 compliance with approved NERC Reliability Standards becomes mandatory and enforceable in the United States.

NERC CIP-002 to CIP-009

NERC's new cyber security standard was originally called NERC 1300, but this has changed
to 8 separate standards, CIP-002 to CIP-009. As summarized in the table below, these standards contain definitions, policies, reporting requirements, and issues related to personnel security, electronics (or network) security, and physical security (such as access).

NERC Definitions

When reviewing the CIP standards an understanding of the following terms is required:

Critical Asset: Those facilities, systems, and equipment which, if destroyed, damaged, degraded, or otherwise rendered unavailable, would have a significant impact on the ability to serve large quantities of customers for an extended period of time, would have a detrimental impact on the reliability or operability of the electric grid, or would cause significant risk to public health and safety.

Critical Cyber Assets: Those Cyber Assets essential to the reliable operation of Critical Assets.

Cyber Assets: Those programmable electronic devices and communication networks including hardware, software, and data associated with bulk electric system assets.

Cyber Security Incident: Any malicious act or suspicious event that:

• Compromises, or was an attempt to compromise, the electronic or Physical Security Perimeter of a Critical Cyber Asset, or
• Disrupts or was an attempt to disrupt the operation of a Critical Cyber Asset.

Electronic Security Perimeter: The logical border surrounding the network or group of sub-networks (the “secure network”) to which the Critical Cyber Assets are connected, and for which access is controlled.

Physical Security Perimeter: The physical border surrounding computer rooms, telecommunications rooms, operations centers, and other locations in which Critical Cyber Assets are housed and for which access is controlled.

Cyber Security in the Substation

The following diagram provides an overview of a typical substation network architecture.

The RuggedRouter^®, a substation hardened, cyber security appliance has been specifically developed to provide an Electronic Security Perimeter for the protection of critical cyber assets. The RuggedRouter^® is the main point of entry between the Substation LAN and the outside world. The RuggedRouter^® combines a layer 3 router, a firewall, and a VPN in one device.

Key RuggedRouter^® Cyber Security features include:

• Firewall – Statefull firewall to control traffic between different zones of trust within a network. Includes Network Address Translation (NAT) to prevent unauthorized or malicious activity, initiated by outside hosts, from reaching the internal LAN.
• Virtual Private Networking (VPN) – Provides secure communication links over networks. Ensures confidentiality, sender authentication, message integrity, and uses IPSec (IP Security) for encryption and authentication of all IP packets at the network layer.
• Strong Encryption – Utilizes various encryption algorithms (DES, 3DES, AES) to obscure information and make it unreadable without special knowledge
• Intrusion Detection System (available on the RX1100) – To detect various types of malicious or abnormal network traffic and computer usage that can not be detected by a conventional firewall. Used specifically to detect various type of network “attacks” (eg. worms, viruses) and unauthorized activities (eg. unauthorized logins, files access).

The RuggedSwitch^® family of substation hardened Ethernet switches provide security at the substation LAN level. The key cyber security features of these switches include:

• Passwords – Multi-level user passwords secures switch against unauthorized configuration
• SSH/SSL – Extends capability of password protection to add encryption of passwords and data as they cross the network
• Enable/Disable ports – Capability to disable ports so that traffic can not pass
• 802.1Q VLAN – Provides the ability to logically segregate traffic between predefined ports on switches
• MAC based Port security – Secure ports on a switch so only specific Devices/MAC addresses can communicate via that port
• 802.1x Port Based Network Access Control – Lock down ports on a switch so that only authorized clients can communicate via this port
• Radius – Provides centralized password management
• SNMPv3 – Encrypted authentication and access security

For More Information

RuggedCom is ready to assist our customers in complying with NERC requirements. If you would like to learn more about NERC cyber security compliance and how RuggedCom products and features map directly onto the specific sections in CIP-002 to CIP-009, email us at RuggedInfo.

Contact RuggedCom for more information about NERC CIP Compliance