Standards; Nerc Compliance - GE MiCOM P40 Agile Technical Manual

Feeder management ied
Hide thumbs Also See for MiCOM P40 Agile:
Table of Contents

Advertisement

P14x
3

STANDARDS

There are several standards, which apply to substation cyber-security. The standards currently applicable to
General Electric IEDs are NERC and IEEE1686.
Standard
NERC CIP (North American Electric Reliability
Corporation)
BDEW (German Association of Energy and Water
Industries)
ANSI ISA 99
IEEE 1686
IEC 62351
ISO/IEC 27002
NIST SP800-53 (National Institute of Standards and
Technology)
CPNI Guidelines (Centre for the Protection of National
Infrastructure)
3.1

NERC COMPLIANCE

The North American Electric Reliability Corporation (NERC) created a set of standards for the protection of critical
infrastructure. These are known as the CIP standards (Critical Infrastructure Protection). These were introduced to
ensure the protection of 'Critical Cyber Assets', which control or have an influence on the reliability of North
America's electricity generation and distribution systems.
These standards have been compulsory in the USA for several years now. Compliance auditing started in June
2007, and utilities face extremely heavy fines for non-compliance.
NERC CIP standards
CIP standard
CIP-002-1 Critical Cyber Assets
CIP-003-1 Security Management Controls
CIP-004-1 Personnel and Training
CIP-005-1 Electronic Security
CIP-006-1 Physical Security
CIP-007-1 Systems Security Management
CIP-008-1 Incident Reporting and Response Planning
CIP-009-1 Recovery Plans
P14xEd1-TM-EN-1
Country
USA
Framework for the protection of the grid critical Cyber Assets
Requirements for Secure Control and Telecommunication
Germany
Systems
ICS oriented then Relevant for EPU completing existing standard
USA
and identifying new topics such as patch management
International Standard for substation IED cyber-security
International
capabilities
International
Power system data and Comm. protocol
International
Framework for the protection of the grid critical Cyber Assets
USA
Complete framework for SCADA SP800-82and ICS cyber-security
Clear and valuable good practices for Process Control and SCADA
UK
security
Define and document the Critical Assets and the Critical Cyber Assets
Define and document the Security Management Controls required to protect the
Critical Cyber Assets
Define and Document Personnel handling and training required protecting Critical
Cyber Assets
Define and document logical security perimeters where Critical Cyber Assets reside.
Define and document measures to control access points and monitor electronic
access
Define and document Physical Security Perimeters within which Critical Cyber Assets
reside
Define and document system test procedures, account and password management,
security patch management, system vulnerability, system logging, change control
and configuration required for all Critical Cyber Assets
Define and document procedures necessary when Cyber-security Incidents relating
to Critical Cyber Assets are identified
Define and document Recovery plans for Critical Cyber Assets
Chapter 19 - Cyber-Security
Description
Description
459

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents