Security Standards and the NERC CIP Framework

NERC (North American Reliability Council) Critical Infrastructure Protection (CIP) is a set of requirements designed to secure the assets required for operating North America's bulk eelctric system. IEC 62443 is an international standard for industrial communication networks, IT security for networks and systems. It describes both technical and process-related aspects of industrial cybersecurity and how it should be implemented. NERC CIP and IIEC 62443 are complementary. Discussion on the following standards: CIP-003-8 Cyber Security - Security Management Controls: who is responsible for security? CIP-007-6 Cyber Security - System Security Management: identifies what needs to be done to reduce security attack surfaces. CIP-010-3 Cyber Security - Configuration Management and Vulnerability Assesments: device configuration must be saved and periodically monitored for changes from the baseline. CIP-013 Cyber Security - Supply Chain Risk Management. Very relevant for vendors that need to document their firmware, track vulnerabilities, provide verification of integrity and authenticity of firmware. Narrated by iS5 Communications' Field Application Engineer Dominic Iadonis

• #science_technology
• #is5
• #communications
• #ethernet
• #switch
• #network
• #nerc
• #cip
• #critical
• #infrastructure
• #protection
• #secure
• #assets
• #iec
• #62443
• #international
• #standard
• #communication
• #it
• #technical
• #process
• #cyber
• #security
• #control
• #management
• #vulnerability
• #assessment
• #supply
• #chain
• #risk
• #firmware
• #integrity
• #authenticity