Cip 002 - GE MiCOM P40 Agile Technical Manual

Feeder management ied
Hide thumbs Also See for MiCOM P40 Agile:
Table of Contents

Advertisement

Chapter 19 - Cyber-Security
3.1.1

CIP 002

CIP 002 concerns itself with the identification of:
Critical assets, such as overhead lines and transformers
Critical cyber assets, such as IEDs that use routable protocols to communicate outside or inside the
Electronic Security Perimeter; or are accessible by dial-up
Power utility responsibilities:
Create the list of the assets
3.1.2
CIP 003
CIP 003 requires the implementation of a cyber-security policy, with associated documentation, which
demonstrates the management's commitment and ability to secure its Critical Cyber Assets.
The standard also requires change control practices whereby all entity or vendor-related changes to hardware
and software components are documented and maintained.
Power utility responsibilities:
To create a Cyber-security Policy
3.1.3
CIP 004
CIP 004 requires that personnel with authorized cyber access or authorized physical access to Critical Cyber
Assets, (including contractors and service vendors), have an appropriate level of training.
Power utility responsibilities:
To provide appropriate training of its personnel
3.1.4
CIP 005
CIP 005 requires the establishment of an Electronic Security Perimeter (ESP), which provides:
The disabling of ports and services that are not required
Permanent monitoring and access to logs (24x7x365)
Vulnerability Assessments (yearly at a minimum)
Documentation of Network Changes
Power utility responsibilities:
To monitor access to the ESP
To perform the vulnerability assessments
To document network changes
3.1.5
CIP 006
CIP 006 states that Physical Security controls, providing perimeter monitoring and logging along with robust
access controls, must be implemented and documented. All cyber assets used for Physical Security are considered
critical and should be treated as such:
460
General Electric's contribution:
We can help the power utilities to create this asset register automatically.
We can provide audits to list the Cyber assets
General Electric's contribution:
We can help the power utilities to have access control to its critical assets by
providing centralized Access control.
We can help the customer with its change control by providing a section in the
documentation where it describes changes affecting the hardware and software.
General Electric's contribution:
We can provide cyber-security training
General Electric's contribution:
To disable all ports not used in the IED
To monitor and record all access to the IED
P14x
P14xEd1-TM-EN-1

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents