Industrial Deffender with Access Manager with RuggedRouter RX1100

Software

Industrial Defender’s Access Manager with RuggedRouter® RX1100

For utilities that access their substation devices via IP, use the RuggedRouter® with Access Manager 4.0 , a 100% NERC-CIP compliant solution that provides an electronic security perimeter for effective cyber attack protection.

All communication to substation devices are authenticated, controlled, and logged to prevent and detect unauthorized entry attempts. Also included are extensive reporting tools and the unique “Auto-Audit” feature that provides an easy “one-click” function that compiles all NERC-CIP required documents into a single report.



RuggedCom / Access Manager Component Overview Information Table

Command and Control Center (CCC)
Virtual Polling Controller (VPC)
Industrial Defender
Dial-up Gateway *
The RuggedRouter® RX1100
  • Web application and database
  • Administration of user settings and Gateway configurations
  • Provides security packages to users for access to secure Gateway ports & functions
  • Quick reassignment of security clearances for personnel changes/firing
  • Central repository of all system logs
  • Comprehensive Reports to ease compliance with NERC CIP standards
  • Provides updates to Gateways and Routers
  • Low maintenance – only used when making configuration changes
  • Windows program on calling user PC
  • Required for access to secured Gateway ports & functions
  • Required for access to secured Router devices
  • Requests security package from CCC
  • Connects to Gateway via voice modem
  • Connects to Router via IP connection
  • May be used for accessing
    unsecured ports
  • Compatible with non-secure devices (SLSS, IEDs, etc.)
  • Keeps calling user logs
    Field-upgradeable – Auto Update capability
  • Automated polling capability
  • “Dialup firewall”
  • Enhanced security + line sharing
  • Up to 8 ports; can be daisy-chained for more capacity
  • Ports individually programmable (secured or unsecured)
  • Sold security-enabled or security-ready
  • Field-upgradeable firmware updates
  • Routes authorized users to designated ports
  • Blocks unauthorized access attempts
  • 5,000 call records
  • IP firewall and router
  • Multiple layer security
  • Secure challenge-response user authentication
  • Encrypted communication via VPN
  • Routes authorized users to designated devices
  • Features to limit DoS attacks
  • Blocks unauthorized access attempts
  • Maintains open communication paths, closing immediately upon completion
  • Detailed communication logs
  • Field-upgradeable
  • Linux-based


RuggedCom RX1000 NERC-CIP Compliance Table – When used with Access Manager

NERC CIP Category
Standard #
Feature
User Access and Passwords CIP-004-1: R4, 4.1, 4.2
CIP-005-1: R2.1, R2.4
CIP-007-1: R5, 5.1, 5.2, 5.3
  • Secure Access Points (Gauntlet Gateway and RX1100)
  • Access denied by default
  • Technical Control Methods (2-factor authentication, etc.)
  • Electronic access monitoring and logging
Access Control Management CIP-003-1: R5, 5.1, 5.1.1
CIP-005-1: R2.1, R2.4
  • Centralized administration
  • Individual administration accounts and passwords
  • Comprehensive reports: lists of users, assets,
    access points, etc.
Electronic Security Perimeter CIP-005-1: R1, 1.1 – 1.6
R2, 2.1 – 2.6
R3, 3.1 – 3.2
CIP-007-1: R2, 2.1 – 2.2
  • Secure Access Points (Gauntlet Gateway and RX1100)
  • Access denied by default
  • Technical Control Methods (2-factor authentication, etc.)
  • Electronic access monitoring and logging
  • Appropriate use banners
Network / Routing Security CIP-005-1: R2, 2.1, 2.2, 2.4
CIP-007-1: R2, 2.1 – 2.3
  • Enable/Disable Ethernet Ports / Services
  • Firewall / VPN
  • IP Access Control
  • 802.1x Port Security / 802.1Q VLAN
  • Intrusion Detection System
Dial-up Security* CIP-005-1: R1.2, R2.3, R3.1
  • Secure dial-up modem access control, monitoring and logging
Logs, Reports and Audit Resources CIP-003-1: R5, 5.1, 5.1.1, R6
CIP-004-1: R4, 4.1
CIP-005-1: R1,1.6, R2,2.5, R3, R5
CIP-007-1: R3.1, R5.1.2, R6, R9
CIP-008-1: R2
  • Comprehensive reports
  • Searchable database
  • Detailed access logs with user, port and connection information
  • User, Administrator and Asset and Access Point lists
  • NERC CIP Auto Audit report
  • Cyber incident reports
Employee termination /
User rights revocation		 CIP-004: R4, 4.1, 4.2
  • Account / security credential expiration
  • Administrator initiated user rights revocation
  • Suspended user accounts
Alerts and Notifications CIP-005: R3.2
CIP-007: R6.2
  • Configurable system alert email messages
  • Unauthorized access attempt notification
  • System lockout / system error notification
Security Patch Management CIP-007: R3, 3.1
  • Published Security Patch scrubs
  • Remote upgrades and auto-update
Malicious Software Prevention CIP-007-1: R4, 4.1 – 4.2
  • IDS system (future)


*Note: The Dial-up Gateway is available through Industrial Defender (www.IndustrialDefender.com) and is compatible with the RuggedCom Gauntlet solution. Use the Dail-up gateway to provide back-up dial in access to the substation. Industrial Defender is a strategic partner of RuggedCom in providing complete NERC CIP Cyber Security solutions.

For more information on Industrial Defender’s Access Manager with RuggedRouter® RX1100, please email us at RuggedInfo