NERC CIP compliance – are you ready?

By LogRhythm

It is not a question of if you are ready, but when. This year is critical for utilities as NERC CIP regulations require that utilities be “Compliant” by July 1, 2009 and “Auditably Compliant” by July 1, 2010. The pressure is on for utilities to implement effective cyber-security solutions or potentially face fines and other penalties depending on their “level of non-compliance” under the compliance enforcement program (CEP). The sense of urgency is heightened by ongoing cost pressures, resource constraints and the short CIP timelines.

IMAGE 1 here

What can electrical power providers do to ensure readiness for a NERC CIP audit managed by their respective Regional entities under the Compliance and Monitoring Enforcement Program?   
Implementing a log and event management solution can help utilities to address the nine sections of the NERC CIP standard and automate resource intensive processes required for compliance. LogRhythm, the leader in log and event management, has extensive experience in helping organizations improve their overall security and compliance posture while reducing overall costs. LogRhythm’s NERC CIP Compliance Package provides out-of-the box assistance in addressing numerous NERC CIP requirements. LogRhythm includes compliance packages for other regulations that utilities may be subject to as well such as: Sarbanes-Oxley (SOX), the Federal Information Security Management Act (FISMA) and Payment Card Industry Data Security Standard (PCI-DSS). In addition to auditing and reporting, several sections in the NERC CIP requirements, as well as other regulations, call for monitoring and alerting to be in place to be compliant.

Larry Amerman, Security Administrator at Enbridge Energy, a global energy transportation and distribution company, chose LogRhythm for its ease of use, powerful investigation tools and its integrated log management and security information management in a single solution. “Our organization needed to have log collection and management along with real-time monitoring with correlation. We looked for a solution that was designed to do both really well and LogRhythm was the standout choice”  said Amerman. “We use the product’s out-of-the-box reports and alerts to automate compliance and to bolster our security program."

FERC, NERC and Critical Cyber Assts
The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to “ensure that the bulk electric system in North America is reliable, adequate and secure.”  As the federally designated Electric Reliability Organization (ERO) in North America, NERC maintains comprehensive reliability standards that define requirements for planning and operating the collective bulk power system. Among these are the Critical Infrastructure Protection (CIP) Cyber Security Standards, which are intended to ensure the protection of the Critical Cyber Assets that control or effect the reliability of North America’s bulk electric systems.

In 2006, the Federal Energy Regulatory Commission (FERC) approved the Security and Reliability Standards proposed by NERC, making the CIP Cyber Security Standards mandatory and enforceable across all users, owners and operators of the bulk-power system. After going into effect in June 2006, initial compliance auditing began in June 2007.

The collection, management, and analysis of log data are integral to meeting many NERC CIP requirements. IT environments consist of heterogeneous devices, systems, and applications all reporting log data. Millions of individual log entries can be generated daily if not hourly. The task of assembling this information can be overwhelming in itself. The additional requirements of analyzing and reporting on log data render manual processes or homegrown remedies inadequate and costly.

LogRhythm Solution – NERC CIP Compliance Package
Log collection, archive, and recovery are fully automated across the entire IT infrastructure. LogRhythm automatically performs the first level of log analysis. Log data is categorized, identified, and normalized for easy analysis and reporting. LogRhythm’s powerful alerting capability automatically identifies the most critical issues and notifies relevant personnel.
LogRhythm’s NERC CIP Compliance Package provides out-of-the box assistance in addressing numerous NERC CIP requirements. As part of the NERC CIP Compliance Package, the enterprise assets are categorized according to NERC CIP CIP-002-1 Critical Cyber Asset Identification standards: Electronic Security Perimeter, Incident Reporting and Planning, Critical Cyber Assets, Malware Systems, Vulnerability Detection, Disposal Logs and Patch Compliance.

The table below explains how LogRhythm and the NERC CIP Compliance Package address the nine sections of the standard.

Get the facts about NERC CIP Compliance

LogRhythm has created a White paper that contains a compliance reference chart with the specific CIP requirements matched with recommended steps to ensure compliance. The white paper outlines the out of the box reports and alerts that can automate compliance to the following sections of the standard:
CIP-003-1 – Cyber Security – Security Management controls
CIP-005-1 – Cyber Security – Electronic Security Perimeter(s)
CIP-006-1 – Cyber Security – Physical Security of Critical Cyber Assets
CIP-007-1 – Cyber Security – Systems Security Management
CIP-008-1 – Cyber Security – Incident Reporting and Response Planning

Please go to this link to download a copy of the whitepaper: www.logrhythm.com/getthefacts.