Fill in security: How CISCO helps navigate the tool.

The electric grid is the backbone of our modern society here in North America. Ensuring its relevance and safety is paramount, a place where critical infrastructure standards (CIP) come to North American electric tubes (NERC).

However, with a grid that undergoes modernization of meaning and includes connectivity, meeting these strict cyber safety requirements represents a complicated challenge for energy usefulness. Multiple connected devices mean a larger surface of the attack and require robust and phase access to security.

Cisco is a gradual approval to defense of industrial threat

Cisco acknowledges that improving your security position is a day. We advocate a gradual approach, create elements of basic security that support subsequent steps, allowing tools to improve safety at their own pace and at the same time to prove value. The Cisco industrial threat solution offers a modular and comprehensive set of capacitives designed to solve the unique challenges of security technology (OT) and to achieve NERC CIP compliance.

How to help Cisco solve the key requirements of NERC CIP:

Cisco has just published a short solution describing the key requirements of NERC CIP and how our portfolio can help the tools. Here’s a quick summary:

1. Visibility and categorization (CIP-002, CIP-015):
   • Cisco Cyber Vision: Provides a deep inspection of packets built into the industrial network to automatically discover and invest all assets, their communication formulas and vulnerability. This visibility is essential for categorization Cyber System BES (CIP-002) and is a main part of the internal network monitoring (ISM) (CIP-015). It helps to identify risks and deviations from the expected behavior.
   • Splunk OT Security Add-on: Agregates data from different sources, included cyber vision to provide the visibility of the CIP-002 and monitoring support for INSM (CIP-015).
2. Electronic safety circuits (ESPS) and access control (CIP-005, CIP-007):
   • Cisco Industrial Roads and Secure Firewalls: It serves as a spine to define and el -forcing ESPS. They offered a new generation, status control, application control and integrated disturbance prevention (IDS/IPS) for electronic access and threats (CIP-005, CIP-007). They can sweat a unified security police across distributed places.
   • Cisco Secure Equipment Access (SEA): Provides a Network Access Solutions (ZTNA) for safe remote access, essential to the supplier management and remote user access to cyber systems BES. It forces the smallest privilege, only in access to time and multi-factor verification (MFA) as well as a monitoring/recording range (CIP-005).
   • Engine Cisco Catalyst Center and Identity Services Engine (ISE): Helps manage security principles centrally across switching infrastructure, checking the use of physical port and access control via IP ACL or ACLS security group (CIP-007).
   • Add-on Splunk OT Security Add-on: Firewall Fom, Router, Switches and Access Systems for monitoring ESP (CIP-005) and Access Services (CIP-007).
3. System security management and vulnerability evaluation (CIP-007, CIP-010):
   • Cisco Catalyst SD-Wan Manager and Catalyst Center: Enable centralized management of network devices, helps prevent unauthorized changes and facilitate the deployment of “gold” configurations (CIP-010). They also support security events in network infrastructure (CIP-007).
   • Cisco Cyber Vision: identifies vulnerability in discovered assets and emphasizes those who actively use bad actors to help prefer to repair. It also monitors deviations from network communication lines (CIP-010).
   • Splunk OT Security Add-On: Aggregates protocols from various sources (firewalls, endpoints, etc.) for monitoring ports/services, security events, alerts and basic support (CIP-007, CIP-010). It also helps monitor compliance with the log requirements (CIP-007).
4. Report of the incident, reaction and recovery (CIP-008, CIP-009):
   • SPLUNK: It acts as a central SIEM for collecting, correlation and analysis of security events from all over the network and security tools. IT incident supports detection, investigation and reporting, helps tools to meet the requirements for identification and pink cyber incidents (CIP-008).
   • Cisco Catalyst Center and Catalyst SD-Wan Manager: Provide monitoring and renewal capabilities for network devices and promote network infrastructure restoration in case of failure or attack (CIP-009).
   • Splunk OT Security Add-on: Provides dashboards for monitoring remarkable safety alerts (CIP-008) and brings data from backup protocols and state of the environment to support the renewal planning requirements (CIP-009).
5. Protection of information and the risk of the supplier chain (CIP-011, CIP-013):
   • Cisco infrastructure and security principles: Forced network segmentation and control to protect the BES cyber system (BCSI) from unauthorized access (CIP-011).
   • Cisco Security and Trust Organization: Cisco’s obligation for security is built into its safe developmental life cycle (SDL), certified for IEC 62443-4-1. Trusted as signing images and secure product integrity technology. The Cisco Product Security team of Response Response (PSIRT) incidents identifies the incidents identified by the supplier and provides information on vulnerability, patches and advice on mitigation (CIP-013). Cisco also contributes to the relationship to the industry safety standard.

United access for increased safety

Navigation NERC CIP compliance requires a strategic approach based on solutions. Cisco provides building blocks and integrated solutions that help energy tools to ensure their critical infrastructure, increase visibility and meet regulatory efficient requirements. See our Nerc CIP solution to better understand the requirements and find out how Cisco can help.

I will introduce webinars on July 17th together with Burns & McDonnell experts to discuss the new CIP-015 standards and the internal network monitoring (INSM) monitoring solutions to be available. Save the date and register immediately.

NERC CIP WHITEPAPER

Cisco Tools page

Subscribe to Cisco Industrial IoT

Share: