When it comes to something as critical as power generation and delivery, even a minor IT problem can cause major havoc. Since a vast majority of the power grid is controlled with IT assets, ensuring continual system uptime of these assets is extremely critical. As such, the North American Electric Reliability Corporation (NERC), which is a non-profit organization that exists to ensure reliable electric delivery, has established Critical Infrastructure Protection (CIP) Cyber Security Standards to help safeguard vital IT assets.
The NERC-CIP standards provide a framework to identify and protect critical infrastructure assets. A key tenet to this framework is ensuring system integrity. As in any critical environment, security controls are put in place to minimize unauthorized access and changes that can have a negative effect on operations.
Strict configuration management procedures and documentation are emphasized by NERC-CIP 010 to ensure that changes to system baselines are being detected, investigated, and reported upon. With “truly real time” configuration change detection, alerting and comprehensive reporting, CimTrak offers you the ability to not only meet, but exceed the NERC CIP-010-2 configuration change management requirements. What’s more, with the built-in change prevention feature, changes to critical files or configurations can be effectively prevented, thus providing the ultimate in system security.
Further, with CimTrak’s fully integrated ticketing functionality, baseline changes can be planned, allowing other baseline deviations to quickly surface. This allows fast response to configuration changes that are unintended and potentially malicious. Additionally, the CimTrak Ticketing Module also assures compliance with CIP-010-2 Part 1.2, which requires utilities to “authorize and document changes that deviate from the existing baseline configuration,” by giving users the ability to both control exactly which changes are promoted and allowing those changes to be documented directly in the solution.
CimTrak easily allows for all system ports and services be documented and any change to their status to be detected, alerted, and reported on. This not only greatly simplifies proving compliance with NERC-CIP-007 but also allows for fast action should a critical port or services status change in an unexpected manner.
While CimTrak allows you to monitor baseline changes and manage your ports and services, it goes well beyond. With the ability to monitor key pieces of your Electronic Security Perimeter via CimTrak for Network Devices, CimTrak can ensure that your device configurations are in the state that you expect. Due to its host intrusion detection (HIDS) capabilities, it can also help protect against malware that may bypass other IT security defenses, detecting it in real-time and alerting you to its presence.