NERC CIP-Konformitätslösungen

Die Standards der North American Electric Reliability Corporation (NERC) sind eine Reihe verbindlicher Cybersicherheitsstandards zum Schutz der kritischen Infrastruktur des Stromnetzes. NERC legt Standards für den Schutz kritischer Infrastrukturen (Critical Infrastructure Protection, CIP) fest und spielt eine entscheidende Rolle bei der Überwachung der Einhaltung dieser Standards, damit die Sicherheit und Zuverlässigkeit der nordamerikanischen Stromversorgungssysteme (Bulk Electric System, BES) gewährleistet sind. Die wichtigsten Aspekte der NERC CIP-Standards sind:

  1. Umfang: Die Standards gelten für Versorgungsunternehmen und andere Einrichtungen, die am Betrieb des nordamerikanischen Stromnetzes beteiligt sind.
  2. Anforderungen: Die NERC CIP-Standards decken verschiedene Aspekte der Cybersicherheit ab, darunter physische Sicherheit, elektronische Sicherheit und Personalschulung.
  3. Spektrum der Standards: Die Standards sind mit CIP-001 bis CIP-009 nummeriert und betreffen jeweils verschiedene Bereiche des Infrastrukturschutzes.
  4. Einhaltung: Um die Zuverlässigkeit und Sicherheit des Stromnetzes zu gewährleisten, müssen die Unternehmen diese Standards einhalten. Die Nichteinhaltung kann erhebliche Strafen nach sich ziehen.

Diese Standards und ähnliche Rahmenwerke, wie EPCIP in Europa und NCIP in Australien, sind für die Aufrechterhaltung der Integrität und Sicherheit der Stromnetze von entscheidender Bedeutung, da sie diese sowohl vor physischen als auch vor Cyberbedrohungen schützen. Für das Erreichen der NERC CIP-Konformität werden nicht nur die richtigen Produkte benötigt, es muss auch die gesamte Organisation eingebunden werden sowie eine robuste Infrastruktur eingerichtet sein.

Perle bietet zahlreiche Produkte mit Funktionen und Konfigurationsoptionen, die die Sicherung kritischer Infrastrukturen vereinfachen und dazu beitragen, dass Ihre kritischen Infrastrukturen den NERC CIP-Standards entsprechen. Die Nutzung der PerleVIEW Central Management Platform zusammen mit ausgewählten Perle-Hardwareprodukten vereinfacht den Prozess ebenfalls.

Details zur NERC CIP-Konformität von Perle-Produkten:

NERC CIP Requirement IOLAN SCR Console Server Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IOLAN SCRs can be uniquely identified by Serial Number, MAC address, and IMEI
  • PerleVIEW can uniquely identify IOLAN SCRs
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Cellular with callback support
  • Access is protected as the default configuration
  • 2FA support built-in or through AAA security services
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Cellular with callback support
  • Restricted cellular access through ID/password authentication based on a local database or central AAA authentication server: TACACS+, RADIUS and LDAP
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • Built-in Firewall IP & MAC restricts port access
  • IPSEC, OpenVPN, WireGuard, SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+, RADIUS and LDAP alternate servers support
  • Secure Port Access with IEEE 802.1X
  • VLAN
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by email, SNMP, and PerleVIEW
  • Configurable alert conditions based on access events and environmental status
  • Serial ports can be used to detect and set alarms
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • VRRP protocol support
  • LACP
  • WAN/Port fallback
  • Network Health
  • ZTP
  • Various primary and backup services like Alternate Host and PerleVIEW
  • Dual AC Power Inputs
NERC CIP Requirement IOLAN SCG Console Server Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IOLAN SCGs can be uniquely identified by Serial Number, MAC address, and IMEI (if SCG with cellular option)
  • PerleVIEW can uniquely identify IOLAN SCGs
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Cellular or Modem with callback support
  • Access is protected as the default configuration
  • 2FA support built-in or through AAA security services
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Cellular or Modem with callback support
  • Restricted cellular access through ID/password authentication based on a local database or central AAA authentication server: TACACS+, RADIUS and LDAP
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • Built-in Firewall IP & MAC restricts port access
  • IPSEC, OpenVPN, SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+, RADIUS and LDAP alternate servers support
  • Secure Port Access with IEEE 802.1X
  • VLAN
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by email, SNMP, and PerleVIEW
  • Configurable alert conditions based on access events and environmental status
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • VRRP protocol support
  • LACP
  • WAN/Port fallback
  • Network Health
  • ZTP
  • Various primary and backup services like Alternate Host and PerleVIEW
  • Dual AC or Dual DC Power Inputs
NERC CIP Requirement IOLAN SDSC HV/LDC Terminal Server Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IOLAN SDSC HV / LDC can be uniquely identified by Serial Number and MAC address
  • Perle Device Manager can uniquely identify IOLAN SDSCs
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Modem with callback support
  • Access is protected as the default configuration
  • 2FA support through AAA
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Modem with callback support
  • Restricted modem access through ID/password authentication based on a local database or central AAA authentication server: TACACS+, RADIUS, LDAP, NIS, SecurID and Kerberos
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • IPSEC, SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+, RADIUS, LDAP, NIS, SecureID and Kerberos alternate servers support
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by email and SNMP
  • Configurable alert conditions based on access events
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • Primary and backup redundant network path
  • Various primary and backup services like Alternate Host
  • Dual DC Power Inputs
NERC CIP Requirement IRG Cellular Router Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IRG Routers can be uniquely identified by Serial Number, MAC address, and IMEI
  • PerleVIEW can uniquely identify IRG Routers
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Cellular with callback support
  • Access is protected as the default configuration
  • 2FA support built-in or through AAA security services
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Cellular with callback support
  • Restricted cellular access through ID/password authentication based on a local database or central AAA authentication server: TACACS+, RADIUS and LDAP
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • Built-in Firewall IP & MAC restricts port access
  • IPSEC, OpenVPN, SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+, RADIUS and LDAP alternate servers support
  • Secure Port Access with IEEE 802.1X
  • VLAN
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by email, SNMP, and PerleVIEW
  • Configurable alert conditions based on access events and environmental status
  • GPIO, I/O, and serial ports can be used to detect and set alarms
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
  • GPIO & I/O events reporting
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • VRRP protocol support
  • WAN/Port fallback
  • Network Health
  • Various primary and backup services like Alternate Host and PerleVIEW
  • ZTP
NERC CIP Requirement IDS-710 Switch Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • IDS managed switches can be uniquely identified by MAC address
  • PerleVIEW can uniquely identify IDS managed switches
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Access is protected as the default configuration
  • 2FA support through AAA security services
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA password security: TACACS+ and RADIUS alternate servers support
  • Secure Port Access with IEEE 802.1X
  • VLAN
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by syslog, email, SNMP and PerleVIEW
  • Configurable alert conditions based on access events
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
  • Relay & I/O events reporting
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • Primary/Backup redundant network path like MRP (Media Redundancy Protocol - IEC 62439-2), Perle’s P-Ring protocol and link Standby
  • PerleVIEW
  • Dual DC Power Inputs
NERC CIP Requirement Fiber Media Converter Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • Perle Managed Media Converters can be uniquely identified by MAC address
  • PerleVIEW can uniquely identify Perle Managed Media Converters
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Access is protected as the default configuration
  • 2FA support through Radius
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA Password security: TACACS+, RADIUS, LDAP, NIS, SecureID and Kerberos alternate servers support
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by syslog, email, SNMP and PerleVIEW
  • Configurable alert conditions based on access events
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • PerleVIEW
  • Dual AC or Dual DC Power Inputs
NERC CIP Requirement Ethernet Extender Features
CIP-002: Identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the BES
  • Perle Managed Ethernet Extenders can be uniquely identified by MAC address
  • PerleVIEW can uniquely identify Perle Managed Ethernet Extenders
CIP-003: Responsible entities must have minimum security management controls in place to protect Critical Cyber Assets
  • Access is protected as the default configuration
  • 2FA support through Radius
  • Unauthorized access attempts are detected and will generate an alert
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-005: Identification and protection of the Electronic Security Perimeters inside which all Critical Cyber Assets reside, as well as all access points on the perimeter
  • Access privileges (ports and services) tied to user login
  • Access monitoring and logging
  • SSH and SSL encryption
  • Multiple subscriber accounts and passwords
  • Administrator accounts and passwords separate from individual user accounts and passwords
  • AAA Password security: TACACS+, RADIUS, LDAP, NIS, SecureID and Kerberos alternate servers support
CIP-007: Responsible entities must define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeters
  • Alerts sent by syslog, email, SNMP and PerleVIEW
  • Configurable alert conditions based on access events
CIP-008: Identification, classification, response, and reporting of cybersecurity incidents related to Critical Cyber Assets
  • Detailed logs with user access, port and connection information
  • Internal and external syslog record
CIP-009: Recovery plans are put in place for Critical Cyber Assets, and these plans follow established business continuity and disaster recovery techniques and practices
  • PerleVIEW
  • Dual AC or Dual DC Power Inputs

Hi!

Eine Frage haben? Chatten Sie mit einem Live-Produktspezialisten!

Produkt Frage?

Nehmen Sie hier Kontakt mit uns auf!


email-icon Email Schicken
contactus-icon Email Schicken callus-icon Anrufen
×

Email Schicken