MiCOM P40 Agile P441, P442, P444
Power utility responsibilities:
To create a Cyber Security Policy
We can help the power utilities to have access control
to its critical assets by providing centralized Access
control.
We can help the customer with its change control by
providing a section in the documentation where it
describes changes affecting the hardware and
software.
3.1.3 CIP 004
CIP 004 requires that personnel having authorized cyber access or authorized physical
access to Critical Cyber Assets, (including contractors and service vendors), have an
appropriate level of training.
Power utility responsibilities: Contribution:
To provide appropriate training of its
personnel
We can provide cyber security training
3.1.4 CIP 005
CIP 005 requires the establishment of an Electronic Security Perimeter (ESP), which
provides:
• The disabling of ports and services that are not required
• Permanent monitoring and access to logs (24x7x365)
• Vulnerability Assessments (yearly at a minimum)
• Documentation of Network Changes
Power utility responsibilities: Contribution:
To monitor access to the ESP
To perform the vulnerability assessments
To document network changes
To disable all ports not used in the IED
To monitor and record all access to the IED the acc
at all access points of the ESP
3.1.5 CIP 006
CIP 006 states that Physical Security controls, providing perimeter monitoring and logging
along with robust access controls, must be implemented and documented. All cyber assets
used for Physical Security are considered critical and should be treated as such:
Power utility responsibilities:
Provide physical security controls and
perimeter monitoring.
Ensure that people who have access to
critical cyber assets don’t have criminal
records.
General Electric
cannot provide additional help with this
aspect.
3.1.6 CIP 007
CIP 007 covers the following points:
• Test procedures
• Ports and services
• Security patch management
• Antivirus
To Next Page
Loading...
Need help?
General
