CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019....
Transcript of CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019....
![Page 1: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/1.jpg)
CIP SDT Outreach SlidesProject 2016-02 Project Update
CIP SDT MembersApril 2019
![Page 2: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/2.jpg)
RELIABILITY | ACCOUNTABILITY2
• Jay Cribb, Southern Company• Matt Hyatt, TVA• Jerry Freese, NIPSCO• Scott Klauminzer, Tacoma Power• Jake Brown, ERCOT• Heather Morgan, EDP Renewables North America LLC
Presenters
![Page 3: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/3.jpg)
RELIABILITY | ACCOUNTABILITY3
It is NERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers, or any other activity that unreasonably restrains competition.
NERC Antitrust Compliance Guidelines
![Page 4: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/4.jpg)
RELIABILITY | ACCOUNTABILITY4
Participants are reminded that this meeting is public. Notice of the meeting was posted on the NERC website and widely distributed. The notice included the number for dial-in participation. Participants should keep in mind that the audience may include members of the press and representatives of various governmental authorities.
Public Announcement
![Page 5: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/5.jpg)
RELIABILITY | ACCOUNTABILITY5
• Why• Many Challenges • What we Heard• How we can move forward
Agenda
![Page 6: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/6.jpg)
RELIABILITY | ACCOUNTABILITY6
• Why are we here and why are these changes needed?
Why
![Page 7: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/7.jpg)
RELIABILITY | ACCOUNTABILITY7
• CIP v5 Technology Specific Cyber Assets (inclusive of hardware 1:1) Prescribed network architecture restricts best practices
• Virtualization Challenges Virtualized Firewall Interfaces Storage Shared Infrastructure Management Plane Considerations Privileged Introspection & Distributed firewalls Remediation VLANs Super ESP
Many Challenges
![Page 8: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/8.jpg)
RELIABILITY | ACCOUNTABILITY8
• Treating virtual machines as software can leave security gaps
Many Challenges – Identifying Cyber Assets
EMS Applications
HyperVisor (CA)
EMS Applications
HyperVisor (CA)
Virtual Machine (CA)
Physical System w/ Software Model VM as a CA Model
CIP-007 Requirements Applied
CIP-007 Requirements AppliedCIP-007 Requirements Applied
CIP-007 Requirements Not Required for VM Operating Systems
![Page 9: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/9.jpg)
RELIABILITY | ACCOUNTABILITY9
• Virtual Cyber Assets (inclusive of hardware 1:1)• Treating VMs as a Cyber Asset creates the “hall of mirrors”
because Cyber Asset is inclusive of its hardware
Many Challenges – Asset Identification
HyperVisor
Virtual Machine (CA)
VM as a Cyber Asset
Is this part of the above Cyber Asseta separate Cyber Asset or both?
Cyber Asset definition inclusive ofHardware.
![Page 10: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/10.jpg)
RELIABILITY | ACCOUNTABILITY10
• Gated community diagram.
Many Challenges – Network Architecture
![Page 11: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/11.jpg)
RELIABILITY | ACCOUNTABILITY11
• Prescribed network architecture restricts best practices
Many Challenges – Network Architecture
![Page 12: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/12.jpg)
RELIABILITY | ACCOUNTABILITY12
• Current standard applied to Zero Trust
Many Challenges – Network Architecture
![Page 13: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/13.jpg)
RELIABILITY | ACCOUNTABILITY13
• Virtualized Firewall Interfaces (‘Firewall on a Stick’)
Many Challenges – Virtualized Firewall Interfaces
![Page 14: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/14.jpg)
RELIABILITY | ACCOUNTABILITY14
• SAN/NAS deduplication & sanitization
Many Challenges - Storage
Non-CIP
Volume
CIP Volume
Non-CIP
Volume
CIP Volume
Raw Data
Deduplication Example
CIP Nodes
Non-CIP Nodes
![Page 15: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/15.jpg)
RELIABILITY | ACCOUNTABILITY15
• Management Plane Considerations
Many Challenges - Management
Production IP Interface
Management IP InterfaceBCA
Combined Production/Management Plane Example
Management IP InterfaceBCA
Management ESPProduction ESP
IP Interface
Management Plane Isolation Example
Is this also an EACMS providing access control between ESPs?
![Page 16: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/16.jpg)
RELIABILITY | ACCOUNTABILITY16
• Privileged Introspection
Many Challenges – Introspection
BCS
HyperVisorBCS or EACMS
Privilged IntrospectionHelper VM
Becomes PCA or EACMS
Add Privileged Introspection
![Page 17: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/17.jpg)
RELIABILITY | ACCOUNTABILITY17
• Remediation VLANs
Many Challenges - Remediation
Compliant BCA
Remediation VLANs
Network Switch performing access controlw/ 15 minute impact rating
ProductionNetwork
Non-Compliant BCA
Is the switch a BCS or EACMS or both?
Remediation Servers(AV, Patching, etc)
RemediationNetwork
Network Policy Enforced
![Page 18: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/18.jpg)
RELIABILITY | ACCOUNTABILITY18
Many Challenges – Super ESP
Multi-Site Data Center Extension(SuperESP)
Layer 2 Network Extension
Supports Live Migration
How do we describe access control atlayer 2 in the standard if it is targetedat routable connections?
![Page 19: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/19.jpg)
RELIABILITY | ACCOUNTABILITY19
Q&A – Current State
![Page 20: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/20.jpg)
RELIABILITY | ACCOUNTABILITY20
• Why change?• Removed the “programmable” floor• Other options to deal with virtualization• LIZ vs. ESP• Objective language level and clarity• Secure Configuration scope expansion and use• ERC as a scoping mechanism
What We Heard
![Page 21: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/21.jpg)
RELIABILITY | ACCOUNTABILITY21
• Stabilize the standards • To provide clarity for virtualization within the standards• Encourage security best practices
What is the Goal?
![Page 22: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/22.jpg)
RELIABILITY | ACCOUNTABILITY22
• Environments like this and many others are allowed and compliant
What is the Goal?
![Page 23: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/23.jpg)
RELIABILITY | ACCOUNTABILITY23
What is the Goal?
![Page 24: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/24.jpg)
RELIABILITY | ACCOUNTABILITY24
What is the Goal?
![Page 25: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/25.jpg)
RELIABILITY | ACCOUNTABILITY25
What is the Goal?
![Page 26: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/26.jpg)
RELIABILITY | ACCOUNTABILITY26
How We Can Move Forward
BCA
EACMS PCA PACS
CA vCA
SCI
RBCS
Function
Form
Cloud of Applicability
![Page 27: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/27.jpg)
RELIABILITY | ACCOUNTABILITY27
• An example of an objective requirement that clearly describes a measurable “what” but avoids prescriptive “how’s” for CIP-005 R1 could conceptually be:
“Deny all access to and from the networks on which high and medium impact BES Cyber Systems and their associated PCAs are connected and only allow network communication that has documented access permissions including the reason for granting access.”
How We Can Move Forward
![Page 28: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/28.jpg)
RELIABILITY | ACCOUNTABILITY28
• Move toward technology agnostic requirements. • New terms to help describe the virtual environment. Clarify new requirements for the virtual environment.
• Preserve Cyber Asset term for backwards compatibility.
How We Can Move Forward
![Page 29: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/29.jpg)
RELIABILITY | ACCOUNTABILITY29
• Continue Virtualization Standard Drafting Efforts: Thursday Conference Calls (noon – 2:00 p.m. Eastern) May 21-23, 2019 in-person CIP SDT meeting – ERCOT June 25-27, 2019 in-person CIP SDT Meeting – Tacoma Power
Next Steps
![Page 30: CIP SDT Outreach Slides - NERC 201602...Project 2016-02 Project Update. CIP SDT Members. April 2019. 2. RELIABILITY | ACCOUNTABILITY •Jay Cribb, Southern Company •Matt Hyatt, TVA](https://reader035.fdocuments.net/reader035/viewer/2022062919/5edf79c5ad6a402d666ad1ed/html5/thumbnails/30.jpg)
RELIABILITY | ACCOUNTABILITY30
Jordan MalloryNERC Senior Standards Developer for Project 2016-02 CIP [email protected]