Embed Size (px)
Citation preview
External Routable Connectivity
June 2, 2015
Robert Vaughn Compliance Specialist II [email protected] 501.297.1462
THE FACTS Section 1
2
Definition of External Routable Connectivity
• From the NERC Glossary of Terms – The ability to access a BES Cyber System from a Cyber
Asset that is outside of its associated Electronic Security Perimeter via a bi-directional routable protocol connection.
3
External Routable Connectivity
• The Key Question – “Are the requirements applicable to BES Cyber Systems
(BCS) with routable connectivity (i.e., requirements related to having an ESP and External Routable Connectivity (ERC)) applicable to a natively serial-based (non-routable) BES Cyber Asset (BCA) that has been modified to be externally accessible via a routable network?”
4
• NERC Memorandum published 4/22/15:
Categorization and Protection of Network Devices and Externally Accessible Devices
• “The routable connectivity requirements in the CIP version 5 standards apply to natively serial-based BCAs modified to be externally accessible via a routable network.”
• This applies to all requirements that are applicable to BES Cyber Systems with External Routable Connectivity
NERC Memorandum….
5
EXAMPLES Section 2
6
Remote Communications Via Routable Protocol End-to-End
7
Key: TCP/IP Communications Serial Communications External Routable Connectivity
Relays ESP
Relay Engineer DAQ
Server
ESP
Remote Communications Access Through Port/Terminal Server
8
Key: TCP/IP Communications Serial Communications External Routable Connectivity
Port Server Relays
ESP
Relay Engineer DAQ
Server
ESP
v
v
v
SCADA/EMS Remote Communications Access Via RTU
9
Key: TCP/IP Communications Serial Communications External Routable Connectivity
RTU Relays
ESP
DAQ Server
App Server
ESP
SCADA/EMS Remote Communications Access Via Port Server at the Control Center
10
Key: TCP/IP Communications Serial Communications External Routable Connectivity
Relays
DAQ Server
App Server
ESP
SCADA/EMS Remote Communications Access Via Port Server at the Control Center
11
Key: TCP/IP Communications Serial Communications External Routable Connectivity
Relays
DAQ Server
App Server
ESP
SCADA/EMS Remote Communications Access Via Port Server at the Control Center
12
Key: TCP/IP Communications Serial Communications External Routable Connectivity
Relays
DAQ Server
App Server
ESP
For More Information
• Contact SPP RE CIP staff with questions or to schedule a one-on-one or SPP RE small group advisory session
• NERC Small Group Advisory Sessions: – July 8-10: Austin TX, hosted by Texas RE
– August 4-6: Atlanta GA, Hosted by NERC
– September 1-3: Atlanta GA, Hosted by NERC
13
IN SUMMARY…
14
Summary
• More network devices are now included under the V5 standards
• Ensure your BCAs are protected
• Ask SPP RE or NERC for guidance
15
