Mike Martinez, principal consultant for the critical infrastructure and security practice at Invensys Operations Management (www.iom.invensys.com), reports that SRP's network infrastructure changes also enabled deployment of centralized anti-virus management and back-up capabilities, improved network monitoring and a remote access- jump server with role-based user authentication for remote access. "We've been working with SRP for many years, so when we learned that these cybersecurity requirements were coming, we were able to help design and deploy a solution that would allow them to meet their exisitng best practices, while being consistent with their future need for a NERC-CIP-compliant program," says Martinez.
While many networks use two layers of firewalls, some are also installing a data-based demilitarized zone (DMZ) between their corporate local area network (LAN) and their control system LAN (Figure 2). This provides an added layer of protection because no communications take place directly from the control system LAN to the business LAN, according to the U.S. Computer Emergency Readiness Team (US-CERT) and its Control System Security Program (CSSP, www.us-cert.gov).
Ernie Rakaczky, program director for control system cyber security at Invensys reports that US-CERT is helping many suppliers find vulnerabilities in their software and is testing security risk mitigation strategies to make sure they work properly.
Besides extra firewalls, NGS's security team also added a second maintenance network built on secondary network cards in its PCs, which is another likely NERC-CIP requirement. So while the original card performs its regular control operations on the plant's dedicated Invensys Foxboro I/A DCS, the second card does back-up, maintenance, patch deployments and other tasks.
This second maintenance network touches all the same points as the process control network at NGS's three generating units, SO2 scrubbers, lake pumps and workstations. The teams also added new physical and electronic access controls and password management for logging onto cyber-related assets. For example, mechanical maintenance staff will no longer be allowed into the control room, but will have to go a clearance office to have clearances issued.
Hull adds that upcoming efforts will take SRP's and NGS's security beyond protecting equipment at one point in time to make it part of their lifecycle and obsolescence planning, too.
"I think the feeling at NGS now is that we're headed in the right direction on process security," adds Hull. "There's a lot of overhead in maintaining security and compliance. And the process never really ends, so we still have more work to finalize our security infrastructure, implement more secure solutions across the whole NGS facility, update other components, and more thoroughly define our physical and electronic security perimeters. Later on the roadmap, we'll check for vulnerable assets again and see how well we did now."
Jim Montague is Control's executive editor.