Today’s networks, and the protocols that support them, are becoming more complex. In addition, they involve interconnections with increasingly diverse systems, as cloud connections become the norm. They also grow in scale, reaching into several facilities, including mobile ones such as those used by utilities to support the electric grid during times of natural disasters.
A NERC CIP audit focuses on security, resilience, reliability, availability, continuity, and maintainability of the critical infrastructure associated with the energy plants in the US. This article will focus on the Best Practices for NERC CIP Compliance, focusing on advanced network monitoring topics like vulnerability management and log file analysis. These are tasks an effective security team should be familiar with.
Have a look.
Ensure Backup of Network Files
The configuration files can provide a rich history of all of the policy and configuration changes that have been made to the network system devices. This is important because understanding what has changed on each network device is one step in understanding how to reduce the attack surface associated with each network device.
The best way for power plant managers to track the network device configuration files is to set up a backup system for configuration files at least once a day. It can be a mid-day check and a midnight backup. This approach can help ensure that all configuration files are captured and retained, even in the event of a catastrophic failure.
In addition, a completely automated backup process using specialized software is ideal. Such software typically catalogs the version number of the backup file, source media used, date created, and backup time to ensure that each version can be matched against requests from auditors.
This is advisable due to the large number of configuration options that might need to be reviewed if an audit were performed.
Provide Inputs for Cyber Resiliency
Cyber Resiliency refers to the ability of an organization’s information systems and networks to operate and be restored in the face of cyber risks. Compliance officers must provide valuable input into the planning for becoming cyber resilient by providing requirements that support the organization’s cyber resiliency plan.
Resilience requires a combination of preparedness & response capability and the establishment of a cyber risk management program. Preparedness is achieved through working with stakeholders, including government & non-government partners, business partners, infrastructure owners & caretakers, and regulators.
Update Organization’s Networks & Topology Diagrams
Asset inventories are valuable tools for ensuring the protection of an organization’s critical equipment. Network topology diagrams, which are essentially maps of the network elements, can help simplify asset inventories by illustrating what assets should be protected. Network segmentation schematics, in conjunction with asset inventories and topology diagrams, can also be useful guideposts for developing effective cybersecurity plans.
Every organization has assets that can be classified into different categories like production (assets vital to the organization’s operation), legacy (assets that are no longer in use but still need to be kept for now), etc.
It is also a standard procedure to periodically update network topology diagrams with the current state of the network and make sure that the diagram contains accurately categorized equipment.
Inconsistencies between the network’s actual topology and the depiction may lead to critical equipment being misidentified or simply left out in the diagram altogether. A network’s current topology could be anywhere from one to thousands of nodes, depending on how large an organization is.
Final Word
NERC CIP compliance is among the most important requirements for any energy company in the United States. One of the keys to success is being proactive in monitoring and auditing configurations. But, to do that, you need a way to graphically monitor your network infrastructure.
We’re sure that the tips mentioned in this article will help you be better compliant with the NERC CIP Standards.
Also read: How to Protect Your Privacy from Hackers?