On February 12, 2013, the Obama administration recognized the growing cyber threat to various critical U.S. infrastructure. In response, Obama issued Executive Order 13636 to encourage industries to re-evaluate how they protect their systems supporting critical infrastructure.
This recognition led to the development of the NIST-CSF—a baseline cyber security framework (CSF) to be applied across all critical U.S. infrastructure.
Industry sectors have not only begun to implement components of the CSF, but they also have begun adapting their own industry-specific frameworks to reflect elements of the NIST-CSF.
In 2014, North American Electric Reliability Corporation (NERC), the nonprofit organization responsible for developing standards for the energy production sector, set out to update their critical infrastructure protection cyber security standards (CIP) framework.
Specifically, version 5 of the CIP framework focuses on preventing misoperation or instability in the energy grid. LogRhythm released the NERC-CIP version 5 compliance module on August 18, 2015 to accompany the existing NERC-CIP version 3 compliance module.
Here, we will take a quick look at key components of version 5 and how LogRhythm is helping customers manage the transition from version 3.
In NERC-CIP v5, energy production organizations are charged with performing a risk-based assessment against all bulk electric systems (BES) by dividing system components into High-, Medium- and Low-Impact categories.
The scope of v5 has also expanded to specifically include substations that interact with energy management systems (EMS).
Transitioning organizations must be aware of some key deadlines in relationship to cutover requirements:
Any NERC-CIP compliance effort requires the ability to identify and organize BES assets, apply security monitoring rules by risk level, capture cyber threats and malicious actions and notify security operations staff when necessary.
LogRhythm supports your compliance effort by providing a full-featured SIEM that helps you to organize assets so you can identify and respond to risks.
LogRhythm provides an entire Knowledge Base (KB) of monitoring rules and reports specific to NERC-CIP. Our industry-specific KB module reduces the time to meet compliance requirements and provides advanced features for long-term monitoring and security.
Real-Time Analytics
Using LogRhythm, you can gain powerful analytics for identifying risks at high-, medium- and low-priority assets. These analytics feed in line response capabilities (SmartResponse™) that help reduce the mean-time-to-detection (MTTD) and mean-time-to-respond (MTTR). This improves security in addition to meeting compliance needs.
LogRhythm’s Risk-Based Prioritization (RBP) can be associated with the entity structure to help identify at-risk components of the BES. It also reduces noise by focusing on log messages that actually matter.
The RBP values can be directly derived from the risk-based assessment the organizations are performing against their environment. This allows you to quickly prioritize events, gather forensic data and begin implementing remediation efforts to prevent misoperation or instability.
With the v5 release, LogRhythm now offers compliance modules that empower customers to adhere to both v3 and v5 of the NERC-CIP. We will continue to support compliance efforts in both versions all of the way up to April 1, 2017, the final deadline for organizations to fully cutover to v5.
LogRhythm works to directly support or augment NERC CIP compliance objectives by directly mapping objects and functionality of our product to specific controls. The NERC CIP compliance module includes:
For more information about how LogRhythm supports NERC-CIP compliance, read our white paper on the topic.
Until next time,
Bob Swanson – LogRhythm Labs
A healthcare identity access provider was looking for a security information and event management (SIEM)…
Security strategies are evolving; driven by regulatory requirements, customer expectations around data privacy and AI-driven…
In our April 2024 quarterly release, LogRhythm Axon showcases new enhancements from its two week…