3 STANDARDS
There are several standards, which apply to substation cyber-security. The standards currently applicable to
General Electric IEDs are NERC and IEEE1686.
Standard Country Description
NERC CIP (North American Electric Reliability
Corporation)
USA Framework for the protection of the grid critical Cyber Assets
BDEW (German Association of Energy and Water
Industries)
Germany
Requirements for Secure Control and Telecommunication
Systems
ANSI ISA 99 USA
ICS oriented then Relevant for EPU completing existing standard
and identifying new topics such as patch management
IEEE 1686 International
International Standard for substation IED cyber-security
capabilities
IEC 62351 International Power system data and Comm. protocol
ISO/IEC 27002 International Framework for the protection of the grid critical Cyber Assets
NIST SP800-53 (National Institute of Standards and
Technology)
USA Complete framework for SCADA SP800-82and ICS cyber-security
CPNI Guidelines (Centre for the Protection of National
Infrastructure)
UK
Clear and valuable good practices for Process Control and SCADA
security
3.1 NERC COMPLIANCE
The North American Electric Reliability Corporation (NERC) created a set of standards for the protection of critical
infrastructure. These are known as the CIP standards (Critical Infrastructure Protection). These were introduced to
ensure the protection of 'Critical Cyber Assets', which control or have an influence on the reliability of North
America’s electricity generation and distribution systems.
These standards have been compulsory in the USA for several years now. Compliance auditing started in June
2007, and utilities face extremely heavy fines for non-compliance.
NERC CIP standards
CIP standard Description
CIP-002-1 Critical Cyber Assets Define and document the Critical Assets and the Critical Cyber Assets
CIP-003-1 Security Management Controls
Define and document the Security Management Controls required to protect the
Critical Cyber Assets
CIP-004-1 Personnel and Training
Define and Document Personnel handling and training required protecting Critical
Cyber Assets
CIP-005-1 Electronic Security
Define and document logical security perimeters where Critical Cyber Assets reside.
Define and document measures to control access points and monitor electronic
access
CIP-006-1 Physical Security
Define and document Physical Security Perimeters within which Critical Cyber Assets
reside
CIP-007-1 Systems Security Management
Define and document system test procedures, account and password management,
security patch management, system vulnerability, system logging, change control
and configuration required for all Critical Cyber Assets
CIP-008-1 Incident Reporting and Response Planning
Define and document procedures necessary when Cyber-security Incidents relating
to Critical Cyber Assets are identified
CIP-009-1 Recovery Plans Define and document Recovery plans for Critical Cyber Assets
P446SV Chapter 22 - Cyber-Security
P446SV-TM-EN-1 579
To Next Page
Loading...
Need help?
General