News Releases
InfoSecurus, Inc.
P.O. Box 205
Portland, ME 04112
email: info@infosecurus.com
Ph: (207) 514 0599
All RightReserved 2006-2009
InfoSecurus, Inc.
Main > Industry
Energy and Utilities
As of June 18, 2007, the U.S. electrical industry operates for the first time under mandatory, enforceable reliability standards set forth by the North American Electric Reliability Corporation. These standards are mandated by the U.S. Energy Policy Act of 2005 with oversight by the Federal Energy Regulatory Commission.
Critical Infrastructure Protection (CIP)
The Cyber Security Standards have been defined in CIP-002-1 through CIP-009-1 standards and address the following areas:
- CIP-002-1 – Critical Cyber Asset Identification
- CIP-003-1 – Security Management Controls
- CIP-004-1 – Personnel and Training
- CIP-005-1 – Electronic Security Perimeter(s)
- CIP-006-1 – Physical Security
- CIP-007-1 – Systems Security Management
- CIP-008-1 – Incident Reporting and Response Planning
- CIP-009-1 – Recovery Plans for Critical Cyber Assets
Information Security is a new field for many charged with protecting SCADA and Distributed Control Systems. These systems were not designed with security in mind beyond the belief that physical security and the obscurity of the systems would be sufficient.
iSecurus specialists have extensive experience working with the power industry. For example, we supported Central Maine Power company by assisting with their security architecture, updates, programming and other ISO-type needs.
We now understand that often it is the case:
- Control systems are accessible from outside
- The actual state of interconnectedness of the networks may not be properly documented, configured or understood
- Physical security may not be strong or even present across a wide-area SCADA system
- Authentication or encryption is often weak or missing
- Best practice security techniques such as firewalling or patching may conflict with the real-time systems’ operations
InfoSecurus consultants have extensive experience with all of the CIP standards. We are also experienced in coming into an organization and working with them to develop a Security Program from the ground up. We can efficiently and knowledgeably work through the entire process, leveraging both our Technical expertise without Compliance expertise to create a program that will meet CIP-compliance.
It is important to note that the NERC Reliability standards are in an early phase of development and are expected to change and evolve over time. iSecurus’ extensive experience in Information Security Technology and Compliance can provide solutions that will not only meet CIP standards today. We provide a comprehensive architecture level approach that will provide the solid foundation for a living, manageable security program.