Here's another announcement from Invensys at their North America Client Conference:
New Solutions from Invensys Operations Management Facilitate Compliance with NERC Cyber Security Standards
SEPTEMBER 23, 2009/PLANO, TEXAS - Invensys Operations Management, a global provider of technology systems, software solutions and consulting services to the process and manufacturing industries, has unveiled a comprehensive array of technology and services designed to help clients protect plant assets from cyber attacks.
Part of the company’s new I/A Series® 8.5 suite of offerings, the cyber security solution includes control system enhancements and consulting services that support compliance requirements of major new cyber security standards, such as those put forth by the North American Electric Reliability Corporation (NERC). The Federal Energy Regulatory Commission (FERC) is adopting NERC standards CIP-001 through CIP-009, compelling companies to become NERC compliant by the year 2010. This means having to learn the requirements, design and implement the policies and procedures and, in some cases, install additional equipment.
“Technology solutions implemented through the control system, intrusion prevention, firewall and other technology are important, but comprehensive cyber protection also involves changes in policies and practices that have little to do with technology,” said Ernie Rakaczky, principal security architect, Invensys Operations Management. “Emerging standards reflect this. We are pleased that we can offer our clients the technology they need, and to do so as a consultative partner, first to help them identify vulnerabilities in their current operations and then provide standards-compliant solutions to fill those gaps.”
Through a combination of system-centric and consulting solutions, Invensys Operations Management delivers many client benefits, the first of which is a significant reduction in risk associated with cyber security threats. This enables a higher level of performance and predictability of client systems and networks, prevents possible business outages and diminishes the threat of lost revenue due to serious safety, environmental and personnel catastrophes.
Among the I/A Series technology features that support cyber security protection and compliance are the ability to create stronger passwords, such as by mixing types of characters, controlling length, managing failed password attempts and password aging; ability to reduce lock-down security vulnerability; and strengthening workstation hardware to remove unused programs, services and ports. Both of the primary control processors used in I/A Series systems, for example, have received Level 1 Achilles Certification from Wurldtech, a leading provider of cyber security testing and certification for critical infrastructure industries.
“A distributed control system retrofit and implementation can increase production performance, while at the same time provide cyber security protection and compliance. We recently installed a DCS for a power industry client that helped them meet NERC standards well before the deadline, as well as increased their engineering functionality by approximately 50 percent, giving them the ability to add new displays, implement logic changes and install new parameter interlocks for better handling and management of alarms,” said Matthew DeAthos, manager of portfolio marketing for Invensys.
Depending on the client’s situation, a typical Invensys cyber security consulting offering includes the following services:
- Gap analysis assessment against standards
- Development of a plan to address shortcomings
- Development of an overall security architecture
- Integration with IT and other systems and procedures
- Validation of cyber security policies and procedures
- Execution and implementation of security upgrades and procedures
Power companies that do not comply with new standards could face significant fines levied by NERC and FERC auditors beginning in 2010. Fines will be based on the percentage of requirements met and the number of days the plant remains non-compliant. In addition to the NERC cyber security standards, which apply only to the power industry, other standards are emerging from the Department of Homeland Security (DHS), International Society of Automation (ISA) and the National Institute of Standards and Technology (NIST). While these do not yet have compliance deadlines, they provide manufacturers with additional guidance in protecting assets.
The new solutions are available immediately, and representatives from Invensys Operations Management will display and demonstrate them during the company’s North America Client Conference taking place in Houston, Texas, September 21 to 24. To learn more, visit booth 107 or contact [email protected] or [email protected].
