November 5, 2012
The provisionally-approved CIP V5 standards address a wider spectrum of cyber-security technologies than were addressed in previous versions, and in particular the draft V5 standards address and encourage the use of hardware-enforced Unidirectional Security Gateways.
Unidirectional Gateways are a secure alternative to firewalls, and are used in defense-in-depth security architectures for the control systems which operate the power grid. Like firewalls, the gateways integrate control system data sources with business information systems through Electronic Security Perimeters. Unlike firewalls, the gateways cannot introduce security vulnerabilities as a result of this integration. The gateway hardware is "deterministic" - no misconfiguration of any software can cause the gateway hardware to put the safety or the reliability of industrial servers at risk.
CIP auditors increasingly encounter hardware-enforced unidirectional communications technologies in their practice, and as a result, NERC publications increasingly address the topic. Members of the CIP version 5 drafting team point out that this version of the CIP standard was carefully written to encourage the use of strong security technologies in the form of Unidirectional Security Gateways. The standards reduce requirements and compliance costs for unidirectionally-protected equipment precisely because the strong security provided by unidirectional communications warrant reductions in secondary protective measures. This is the strongest encouragement the CIP V5 drafting team can provide for a specific security technology.
When addressing Bulk Electric System entities at a recent NERC conference,
, NERC's Chief Cyber Security Officer, offered the opinion "When you are considering security for your control networks, you need to keep in mind innovative security technologies such as unidirectional gateways." He later encouraged entities to "embrace the technology."
, the Director of Industrial Security at Waterfall Security Solutions, commented, "The integration of control system data with business information systems is driving cost savings throughout the Bulk Electric System. Entities planning to deploy such integration under the CIP V5 standards have two choices - they can integrate their systems using firewalls and deploy costly documentation, processes and procedures to protect those firewalls, or they take the straightforward approach and integrate their systems securely using Unidirectional Security Gateways." He adds "Deploying strong security is entirely within the spirit of the CIP standards. The point of the CIP standards is enhancing reliability through improved cyber-security."
All ten of the draft NERC-CIP version 5 standards passed ballot on
October 10, 2012
, with each standard achieving at least a 2/3 approval rating. Final versions of the standards are expected to be available within 3-4 months.
Waterfall Security Solutions Ltd. is the leading provider of Unidirectional Security Gateways™ and data diodes for industrial control networks and critical infrastructures. Waterfall's Unidirectional Gateways reduce the cost and complexity of compliance with NERC-CIP, NRC, NIST, CFATS and other regulations, as well as with cyber-security best practices. Waterfall's products are deployed in utilities and critical national infrastructures throughout
. Frost & Sullivan describe Waterfall's solutions as ensuring "optimum security for networks across user verticals" and awarded Waterfall the 2012 Network Security Award for Industrial Control Systems Entrepreneurial Company of the Year. Waterfall's offerings include support for leading industrial applications, including the OSIsoft PI™ Historian, the GE Proficy™ iHistorian, Siemens SIMATIC™/Spectrum™ solutions and GE OSM™ remote monitoring platforms, as well as OPC, Modbus, DNP3, ICCP and other industrial protocols. More information about Waterfall can be found on the company's website at:
SOURCE Waterfall Security Solutions Ltd