The NERC CIP (North American Reliability Corporation Critical Infrastructure Protection) version 5 standards are designed to secure the assets required for operating North America’s Bulk Electric System (BES). The Version 5 standards as described below introduce a tiered impact rating system which classify the BES cyber systems into high, medium and low impact categories – all cyber assets that could impact BES facilities are in the scope for the CIP standards. In terms of ICS cybersecurity protection of high impact systems, 005-5 Electronic Security Perimeter is most relevant for discussion.
Identifies and categorizes BES Cyber Systems and their associated BES Cyber Assets for the application of cyber security requirements in relation to the impacts that misuse, loss or compromise of those systems could have on the reliable operation of the BES.
Guidance for minimizing risk against compromise that could lead to misoperation or instability in the BES from individuals accessing BES Cyber Systems. Requires an appropriate level of personnel risk assessment, training, and security awareness in support of protecting BES Cyber Systems.
Prevention and detection of unauthorized changes to BES Cyber Systems by specifying configuration change management and vulnerability assessment requirements in support of protecting BES Cyber Systems from compromise.
Prevention of unauthorized access to BES Cyber System Information by specifying information protection requirements in support of protecting BES Cyber Systems against compromise.
What is in the standard
The electric power sector leads both North American industry and the world in strong cyber-security standards. Both the NEI and NRC standards in nuclear generation and the North American Electric Reliability Corporation’s Critical Infrastructure Protection (NERC CIP) standards in the Bulk Electric System1 (BES) are seen as among the most demanding cyber-security regimes enforced anywhere in the world. The NERC CIP standards in particular are seen as a model of cyber security for other industries and critical infrastructures. The NERC CIP V5 standards are designed specifically to enhance the reliability of the Bulk Electric System through strong security.
Relationship to Unidirectional Gateways
The CIP V5 standards recognize that Unidirectional Security Gateways provide security which is stronger than firewalls, and position the gateways as an alternative to firewalls and costly Network Intrusion Detection Systems (NIDS). The V5 CIP standards have 103 requirements overall, and provide exemptions from 37 Medium-Impact requirements, and 5 High-Impact requirements, when Waterfall’s Unidirectional Security Gateways are used to protect an Electronic Security Perimeter (ESP) rather than using firewalls and NIDS. Unidirectional Security Gateways increase the security of critical control systems, simplify and reduce the ongoing cost of CIP V5 compliance programs, and eliminate the need to use high-maintenance firewalls and NIDS.
Waterfall’s Unidirectional Security Gateways are deployed widely in Bulk Electric Systems, especially in power generation applications. The strong security provided by these gateways is recognized by steadily increasing numbers of industry analysts and security experts. In short, the Bulk Electric System is becoming measurably safer, more secure and more reliable as a result of the widespread deployment of Unidirectional Security Gateways.
“Waterfall announces the launch of Waterfall BlackKBox™.
Restoring trust in network information for cyber-attack response teams and forensics”.