SCADA & NERC CIP Compliance

how can we help you?

Contact us at info@symosis.com to get started, or request a callback by submitting the form below.

Hackers and malicious adversaries are increasingly and visibly turning their attention to the security of process control and supervisory control and data acquisition (SCADA) systems. This is proving dangerous as attackers use sophisticated malware to target and compromise critical industrial control systems in enterprises ranging from mining plants and utility installations to oil refineries and gas production facilities. Systems that can be accessed directly from the Internet are especially at risk, although this Internet connection is not the only potential security problem for process control environments. The North American Electric Reliability Corporation (NERC) Reliability Standards are a set of standards that preserve and enhance the reliability of the Bulk Electric System (BES). The objective of the CIP standards is to protect the critical infrastructure elements necessary for the reliable operation of this system.

Symosis can help you ensure security and integrity of SCADA/ICS monitoring systems and help you meet North American Electric Reliability Corporation (NERC) Reliability Standards compliance requirements. Our unique risk based approach covers the following broad topic areas

Organizational Measures

  • Ensure the presence and effectiveness of security policy
  • Apply risk management, IR and management reporting to all SCADA systems
  • Conduct Periodic audits that cover the ICS/SCADA environment and networks
  • Periodically perform security awareness programmes

Operational Measures

  • Implement and enforce policy regarding the use of removable media and mobile devices
  • Secure physical access to systems and locations
  • Risk Assessment / Asset Identification
  • Network & Change Management
  • Governance
  • Information Classification & Handling
  • HR and Personal
  • Risk Assessment Recovery
  • Operations Systems Management
  • Incidence Response
  • Security Training

Tehnical Measures

  • Segregate and compartmentalize SCADA systems from other network
  • Systems & Communication Protection
  • Define and Implement password policy
  • Protect SCADA infrastructure using defense in depth
  • Organize patch management.
  • Introduce technical measures including centralized logging to detect attacks
  • Ensure integrity of configurations
  • Access Controls Vulnerability Assessment