NERC Cyber Security

The purpose of NERC's new cyber security standards is to ensure that all entities responsible
for the reliability of the bulk electric systems of North America identify and protect critical
cyber assets that control or could impact the reliability of the bulk electric systems. An urgent action cyber security standard was initially adopted in August 2003 and renewed for a second
year in August 2004. NERC adopted permanent cyber security standards on May 2, 2006.
On June 4, 2007 compliance with approved NERC Reliability Standards becomes mandatory
and enforceable in the United States.

NERC CIP-002 to CIP-009

NERC Definitions

When reviewing the CIP standards an understanding of the following terms is required:

Critical Asset: Those facilities, systems, and equipment which, if destroyed, damaged, degraded, or otherwise rendered unavailable, would have a significant impact on the ability to serve large quantities of customers for an extended period of time, would have a detrimental impact on the reliability or operability of the electric grid, or would cause significant risk to public health
and safety. 

Critical Cyber Assets: Those Cyber Assets essential to the reliable operation of Critical Assets.

Cyber Assets: Those programmable electronic devices and communication networks including hardware, software, and data associated with bulk electric system assets.

Cyber Security Incident: Any malicious act or suspicious event that:

• Compromises, or was an attempt to compromise, the electronic or Physical
  Security Perimeter of a Critical Cyber Asset, or
• Disrupts or was an attempt to disrupt the operation of a Critical Cyber Asset.

Electronic Security Perimeter: The logical border surrounding the network or group of
sub-networks (the “secure network”) to which the Critical Cyber Assets are connected, and
for which access is controlled.

Physical Security Perimeter: The physical border surrounding computer rooms, telecommunications rooms, operations centers, and other locations in which Critical Cyber Assets are housed and for which access is controlled.

Cyber Security in the Substation

The RuggedRouter™, a substation hardened, cyber security appliance has been specifically developed to provide an Electronic Security Perimeter for the protection of critical cyber assets. The RuggedRouter™ is the main point of entry between the Substation LAN and the outside world. The RuggedRouter™ combines a layer 3 router, a firewall, and a VPN in one device.

Key RuggedRouter™ Cyber Security features include:

• Firewall – Statefull firewall to control traffic between different zones of trust within a network. Includes Network Address Translation (NAT) to prevent unauthorized or malicious activity, initiated by outside hosts, from reaching the internal LAN.
• Virtual Private Networking (VPN) – Provides secure communication links over
  networks. Ensures confidentiality, sender authentication, message integrity, and
  uses IPSec (IP Security) for encryption and authentication of all IP packets at the
  network layer.
• Strong Encryption – Utilizes various encryption algorithms (DES, 3DES, AES) to obscure information and make it unreadable without special knowledge
• Intrusion Detection System (coming soon) – To detect various types of malicious or abnormal network traffic and computer usage that can not be detected by a conventional firewall. Used specifically to detect various type of network “attacks” (eg. worms, viruses) and unauthorized activities (eg. unauthorized logins, files access).
  

• Passwords – Multi-level user passwords secures switch against
  unauthorized configuration
• SSH/SSL – Extends capability of password protection to add encryption of passwords
  and data as they cross the network
• Enable/Disable ports – Capability to disable ports so that traffic can not pass
• 802.1Q VLAN – Provides the ability to logically segregate traffic between predefined
  ports on switches
• MAC based Port security – Secure ports on a switch so only specific Devices/MAC addresses can communicate via that port
• 802.1x Port Based Network Access Control – Lock down ports on a switch so that
  only authorized clients can communicate via this port
• Radius – Provides centralized password management
• SNMPv3 – Encrypted authentication and access security

RuggedCom Gauntlet

For utilities that access their substation devices via IP, RuggedCom is introducing RuggedCom Gauntlet. RuggedCom Gauntlet is a 100% NERC-CIP compliant solution that provides an electronic security perimeter for effective cyber attack protection. All communication to substation devices are authenticated, controlled, and logged to prevent and detect unauthorized entry attempts. Also included are extensive reporting tools and the unique “Auto-Audit” feature that provides an easy “one-click” function that compiles all NERC-CIP required documents
into a single report.

Click here for more information about the RuggedCom Gauntlet

For More Information

RuggedCom is ready to assist our customers in complying with NERC requirements. If you would like to learn more about NERC cyber security compliance and how RuggedCom products and features map directly onto the specific sections in CIP-002 to CIP-009, email us at RuggedInfo.