NERC-CIP: Protecting Critical Energy Infrastructure
The risks to our nation's critical energy infrastructure are growing every day. From the introduction of new technologies such as Smart Meters, to new and emerging technical and physical threats, the need for comprehensive data security in the energy sector is vital. In response to these threats, the North American Electric Reliability Corporation (NERC) established a series of Critical Infrastructure Protection (CIP) standards to ensure that energy producers, distributors, and other organizations vital to the power grid implement appropriate measures to protect critical infrastructure assets. NERC CIP is comprised of eight specifi c standards that address a broad range of information security controls, including asset identifi cation, electronic security perimeters, and incident reporting and response.
Organizations involved in the generation or delivery of energy face significant challenges presented by NERC CIP compliance, including:
 Protecting against increasing threats of cyber-terrorism and insider threats that could impact control systems and the ability to deliver utilities
Ensuring legacy systems are protected and available, such as supervisory control and data acquisition (SCADA) infrastructure
Providing evidence of compliance with the individual NERC CIP standards and their defined processes and controls
This significant set of information security requirements poses new and complex challenges to the energy sector, mandating that industry organizations take on more work regardless of the resources required.
The NERC CIP Compliance Challenge
The NERC CIP standards require organizations to have visibility across a broad range of enterprise security information: system configurations, operating system and application logs, network flow data, vulnerability data, and even system performance metrics. Many organizations think that
security information and event management (SIEM) or simple log management software is enough to meet NERC CIP reporting requirements, but it's not: in fact, SIEM and/or log management only address a small piece of the NERC CIP puzzle, because these solutions are limited primarily to log and event data - only one of many types of security data required for comprehensive NERC CIP compliance. Other organizations may have multiple security point solutions to address a broader set of NERC CIP requirements, but have no method to bring together data from these many different products into a single platform - an approach that leaves security and compliance personnel blind to the big picture of security and compliance across the enterprise.
SecureVue: Comprehensive NERC CIP Compliance Auditing
SecureVue from eIQnetworks is an enterprise solution, available in appliance or software format, that provides comprehensive information security management and
NERC CIP compliance reporting from a single console. Using an integrated data model, SecureVue goes beyond traditional SIEM products, log management tools, and other security point solutions by providing users with the ability to:
Collect, correlate, archive, analyze and report on all information required by NERC CIP standards, including log, vulnerability, configuration, asset, performance and network behavioral anomaly data across the enterprise
Instantly access a library of over 200 custom reports mapped directly to relevant portions of the NERC CIP standards
Measure overall NERC CIP compliance to identify the why, when, where and how of violations and provide the information required for remediation.
SecureVue from eIQnetworks is a unified threat and compliance solution that brings together all of the information security data from across your enterprise into a "single pane of glass", for complete visibility into
NERC CIP compliance and security operations. SecureVue enables users to gain enterprise-wide analysis of all security data related to NERC CIP standards compliance, including asset and configuration data, logs and events, system vulnerabilities, network fl ows, and system performance.
From comprehensive NERC CIP reporting, to hands-on security operations, SecureVue provides organizations with the most comprehensive NERC CIP compliance solution available in a single platform.
|
