Whitepaper: NERC CIP V5 Standards

NERC CIP V5 Standards Position Unidirectional Security Gateways as Secure Alternatives to Firewalls and Network Intrusion Detection Systems 

The electric power sector leads both North American industry and the world in strong cyber-security standards. Both the NEI and NRC standards in nuclear generation and the North American Electric Reliability Corporation’s Critical Infrastructure Protection (NERC CIP) standards in the Bulk Electric System1 (BES) are seen as among the most demanding cyber-security regimes enforced anywhere in the world. The NERC CIP standards in particular are seen as a model of cyber security for other industries and critical infrastructures. The NERC CIP V5 standards are designed specifically to enhance the reliability of the Bulk Electric System through strong security.

The CIP V5 standards recognize that Unidirectional Security Gateways provide security which is stronger than firewalls, and position the gateways as an alternative to firewalls and costly Network Intrusion Detection Systems (NIDS). The V5 CIP standards have 103 requirements overall, and provide exemptions from 37 Medium-Impact requirements, and 5 High-Impact requirements, when Waterfall’s Unidirectional Security Gateways are used to protect an Electronic Security Perimeter (ESP) rather than using firewalls and NIDS. Unidirectional Security Gateways increase the security of critical control systems, simplify and reduce the ongoing cost of CIP V5 compliance programs, and eliminate the need to use high-maintenance firewalls and NIDS.

Waterfall’s Unidirectional Security Gateways are deployed widely in the BES, especially in power generation applications. The strong security provided by these gateways is recognized by steadily increasing numbers of industry analysts and security experts. For example, while addressing representatives of NERC entities at a recent cyber-security conference, Tim Roxey, the Chief Security Officer of NERC, observed that: “When you are considering security for your control networks, you need to keep in mind innovative security technologies such as unidirectional gateways.”