Consulting Services NERC CIP Sustainment NERC CIP Cyber Vulnerability Assessments

NERC CIP Cyber Vulnerability Assessments

Your organization may have conducted cyber security vulnerability assessments for years.  Or maybe you are considering executing your first cyber security vulnerability assessment in order to comply with the NERC CIP Reliability Standards.  In either case, you are probably wondering, “What kind of cyber security vulnerability assessment do I need to conduct in order to comply with requirements CIP-005, R4 and CIP-007, R8?”

CIP-005, R4 and CIP-007, R8 clearly indicate the scope of required cyber security vulnerability assessments.  But executing the activities required to comply with these requirements is far from simple, as elaborated upon below:

  1. Only ports and services required for operations should be enabled.  This may sound straightforward until you ask two questions:
    1. How do you discover which ports and services are enabled?  On your corporate network, the answer is easy; you use an automated port scanning tool.  However, using such a tool brings with it the risk of causing system outages.  Can you introduce the risk of causing system outages on your DCS and / or SCADA network(s) by using a port scanning tool?  Fortunately, Encari has alternatives to using port scanning tools in order to comply with these requirements.
    2. How do you know specifically which ports and services are required for operations?  In the ideal world you have, for every critical and non-critical cyber asset with your ESP(s) and / or ESP access point(s), a list of the services the cyber asset provides and the exact ports required to be open for each service.  And you have established procedures necessary to ensure this list of ports and services is updated as soon as any change is made.  If you are currently operating in the presence of any insufficiencies in this regard, Encari can provide the expertise required to bridge any existing gaps and help you establish and maintain an ongoing compliant cyber security vulnerability assessment program.
  2. A review of controls for default accounts and passwords.  These may already be well identified and documented, or they may require a significant effort to identify and address accordingly.
  3. Discovery of all ESP access points.  Again, while the use of automated scanning tools would be ideal for accomplishing this task on your corporate network, a similar approach likely will not be viable for your DCS and / or SCADA network(s).
  4. An action plan to remediate or mitigate vulnerabilities.  You must determine for each encountered vulnerability whether the vulnerability may be remediated or mitigated, and you must develop an action plan to implement your decision without detrimentally interfering with system operations.

Encari can help you develop or refine and execute your NERC CIP cyber security vulnerability assessment program.  We are very experienced in navigating all of these issues to provide your organization with thorough and actionable results.  These results will enable you both to remain NERC CIP compliant and to improve the security posture of your DCS and / or SCADA networks.

Please note: Besides conducting the NERC CIP vulnerability assessment, Encari will be pleased to help your organization prepare to conduct future vulnerability assessments on your own.  We can help you install and learn to use a variety of open-source or low-cost assessment tools, as well as have your staff members look “over our shoulder” as we conduct the manual aspects of the assessment

Copyright 2008-2010 Encari, LLC.