Achieve NERC CIP Compliance with FireMon

On-Demand

Transcription

Elisa Lippincott

Hello, and welcome to our webinar titled Achieve NERC CIP Compliance with FireMon. My name is Elisa Lippincott, and I will be the moderator for today’s panel discussion on NERC CIP and how FireMon can help utilities achieve compliance. Our panel for today includes Rob Rodriguez, senior sales engineer from FireMon, and Brian Dixon sales engineer from FireMon. Both Rob and Brian have experience in the utilities industry and dealing with MERC CIP compliance requirements. We’ll be discussing the ins and outs of NERC CIP and how utility companies can make sure they meet the stringent requirements. Let’s go ahead and get started. This first direct question I’ll direct to Rob. What is NERC CIP?

Rob Rodriguez

Basically, so NERC CIP… NERC is the North American Electric Reliability Corporation, and they’ve been tasked with establishing the security standards for our power grid. And CIP, the second part of it, C-I-P stands for Critical Infrastructure Protection, and those are the standard requirements that NERC has put together to help us keep our power grid safe. So, the NERC CIP standards are those standards that we have that we as electric company need to follow in order to keep things safe, and these are important because there are fines associated with failure of NERC CIP standards. These fines can reach up to a million dollars per day per violation. So, it’s a very important compliance framework that electric companies have to be part of.

Elisa Lippincott
Can you go into a little more detail on how the networks of utility companies are structured differently from a normal enterprise network?

Rob Rodriguez
Sure. So, normal enterprise networks will have an IT shop, and everybody knows IT. They’re responsible for the email, for antivirus, for things like that. A utility will generally have an OT network as well, which is operational technology. It’s usually separate. Sometimes it’s segmented or air gapped from the IT network. It’s generally a separate group of people who are maintaining that network, and whereas in IT, we are more responsible for day-to-day operations, making sure everything runs.

Rob Rodriguez
In the OT network, we’re responsible for a smaller piece, usually the ESP or electronic security sprinter or control center inside of the electric utility. We’re responsible for that and making sure that it runs and only it runs and that it runs in a way that’s compliant with NERC CIP standards. It’s usually a different set of people who are doing that from the IT network.

Elisa Lippincott
So, what are some of their biggest pain points?

Rob Rodriguez
Some of the biggest pain points are the documentation that the OT network teams have to do that they have to provide and keep in compliance with NERC CIP standards. So, when an auditor comes in, when we get audited as an electric utility, they’ll come in, and they’ll need documentation and proof of every single that happened, every single change that happened. And it’s really nice to be able to use the FireMon solution to show some of that and to be able to help with those documentation standards. But then the audit piece of that, the compliance piece, are pain points that utilities have that general, regular companies usually don’t have.

Elisa Lippincott
Okay, this next question is directed at Brian. How can FireMon specifically help utility companies meet NERC CIP compliance?

Brian Dixon
FireMon can help you with your change monitoring requirement for the critical cyber network devices, and we’re also going to provide auditable history of all the changes made on these devices. So, we’re going to keep that history forever until you decide as an organization to purge that information. You can also create custom controls to evaluate security policies, allowing access to the critical cyber assets in your environments, and we can also send alerts when this access violates whether you’re authorized in your environment.

Brian Dixon
So, you can set these assessments up, and if you actually violate something that is part of your compliance standards, we can set up alerts and notify you when those compliance standards are being violated. We can also set up annual security policy reviews for the asset owners to ensure access is still needed and provide auditable history as well for these security policy reviews. Additionally, we can create a map of the ESP, which is your electronic security perimeter, and you can use this to show to the auditors when they’re in for the audits.

Elisa Lippincott
What other benefits can FireMon provide better, especially beneficial to utility companies?

Brian Dixon
So, other things we can do is we write ongoing cleanup and compliance based on a real usage and object usage in your environment. What this does is actually helps to ensure that all the access that is no longer being used and is not required is remitted. We can complete pre-compliance checks before implementing new access when used as part of your firewall request process. What this allows us to do is let you know that you’re going to violate your compliance standards before you even implement the access, so now you don’t have to go and do cleanup. You’ve actually prevented the access from being implemented.

Brian Dixon
Additionally, we can show a security policy that is allowing access to known vulnerabilities for the critical cyber hosts with our risk analyzer module, and this is extremely helpful to help you prioritize patching in the environment. So, if you have a mitigating firewall policy role that’s not allowing access to that device, then you actually know you don’t need to patch that as soon as something that has a viral policy that’s already allowing access to that vulnerability.

Elisa Lippincott
Brian, can you talk to how the meta solution plays a part here?

Brian Dixon
So, at the purchase level of meta we’ve actually purchased next gen technology that will go out and discover assets on your network. You can understand the flow pass of the access from source to destination, and we can bring that in and actually integrate that with our risk analyzer solution as well. So, now you have a better picture of the environment for your network.

Elisa Lippincott
Okay. Rob, can you talk to how our existing utility companies have benefited from using FireMon?

Rob Rodriguez
Sure, I can talk about existing companies, and also I came from a utility before FireMon. So, I can talk about how I used it there as well. But some of the big pieces that FireMon helps with is during the audit, and especially that change piece. We help with a lot of compliance pieces. We have a NERC CIP compliance framework that will alert anytime we’re putting in a rule that’s going to break NERC CIP compliance. We can help you with some of the cleanup, just have those firewalls get rid of a lot of the rules that are unused or redundant. One of the big pieces we can help was with that change piece.

Rob Rodriguez
When auditors come in, what they generally do is pull from the ticketing system, and what they’ll do is they’ll say, “Hey, you said on this date, you’ve made these changes to your firewalls.” And they’ll say, “Prove to us.” They’ll make you prove that you made those changes and nothing else. So, using Security Manager, we have robust change features right inside of it. We can go inside Security Manager, and we can say, “From this date to this date, show me the exact changes that were made on one of my firewalls, all of my firewalls, whatever.” But we can narrow it down all the way to the one that the auditors are asking about, and we can show them the exact changes that happened, when they happen, how they happen, and who made those changes to satisfy those audit requirements, which is a big piece of NERC CIP auditing.

Rob Rodriguez
So, that helps out a lot. The real time visibility helps out a lot as well. Everything we do in FireMon is pretty much real time or grabbing CIS logs, so we know almost to the second when changes are made. If you have an ESP, an electronic security perimeter, where you have very, very few changes and where you have to know the second anything does change to make sure your documentation is up to date, we can notify you right away when that does happen because we are real-time. So, there’s a lot of benefits to using FireMon in the utility.

Elisa Lippincott
Great. Thank you. So, before we wrap up today’s webinar, I’d like to give a quick overview of the FireMon solutions that have been discussed. Our Security Manager is our foundational solution. It provides single pane, real-time centralized management across an enterprise network, whether it’s on premise or in the cloud, provides visibility into existing network devices and security policies, can also map network-wide policy and access, validate and report on policy compliance. You can detect and report on policy changes and ease of migration to new network security solutions like next generation firewalls.

Elisa Lippincott
Our Policy Planner module automates change workflow in a customizable manner that integrates with existing service models. This includes a range of modifications that can be adapted for altering, escalation, notification, and authorization. You can also analyze proposed access for risk and compliance, ensure device specific compliance, and provide technical recommendations for all necessary firewall changes.

Elisa Lippincott
Policy Optimizer automates rule review, linking security teams with policy owners, and validating rule justification for continuous assessment and audit. You can automatically generate requests for role review and approval, identify and help eliminate risky and overly permissive rules, and automatically update all access policy documentation after review.

Elisa Lippincott
And finally Risk Analyzer analyzes and prioritizes vulnerabilities, evaluating impact of attack scenarios on your organization, and also provides predictive remediation and patch recommendations. You can reduce risk by discovering weaknesses in your network, evaluate the impact of a combination of exploits, and proactively recommend changes so you can fix problems before an attacker takes advantage of them.

Elisa Lippincott
Earlier this year, FireMon acquired Lumeta, a leading provider of cyber-situational awareness for delivering complete real-time visibility into the extended network and across all connected endpoints. Lumeta can help you eliminate 100% of your infrastructure blind spots, so it can help you find more IPs and even home networks that you didn’t know about, can help you see 100% of your dynamic network changes. You can identify and lock down 100% of your leaks. This can include unauthorized movement, segmentation violations, and leak paths. And it can also detect suspicious network behaviors, and this can include unauthorized flows, encryption, zombies, and other attacks.

Elisa Lippincott
For more information on FireMon Solutions, you can visit us at www.firemon.com or follow us on Twitter @FireMon. I’d like to thank Rob and Brian for their time today and the great information they provided. This concludes our panel discussion. Thank you, and have a nice day.

Read more

Get 90% Better. See How to Get:

  • 90% EFFICIENCY GAIN by automating firewall support operations
  • 90%+ FASTER time to globally block malicious actors to a new line
  • 90% REDUCTION in FTE hours to implement firewalls

SCHEDULE A DEMO