The latest versions of the CIP directives now require utilities to take facilities‐based approach and:
- Identify High Impact and Medium Impact facilities, systems, and equipment
- Identify and categorize associated BES Cyber Systems and BES Cyber Assets
- Build a comprehensive plan that details the protections being put in place to protect those assets
- Implement extensive Configuration Change Management
- Have all plans audited by a 3rd party
This is putting significant additional work on to already stretched resources within the utilities telecoms departments, requiring detailed analysis of not only the equipment installed in the substations but also all the connections through the network to be able to classify the Low, Medium and High Risk assets
CIP Consultancy Program
FAE Telecom’s CIP consultancy program offers several levels of consultant support to a utility in developing its CIP compliance
Network Simulation Tool called MIMIC provides the basic building block for any utility developing its CIP compliance plans.
MIMIC allows an entire network to be automatically “discovered” with every IP device located and identified, with many “unknown” devices suddenly being visible.
MIMIC then provides a complete simulation of the network on a single PC allowing a comeplete range of “What if” scenarios to be formulated and tested – without touching the live network and address a number of issues:
- Performance Management – How is the network performing? What does it really look like?
- Configuration Management – How are the devices configured? Do you have the configurations backed up on a central server? Do you have secondary devices online and ready to take over in case of a primary failure?
- Disaster Planning – What scenarios do you have accounted for in simulation and what are there remedies? Do you have a methodology for training people on these scenarios?
- Security Management – Do you know who is accessing your network and what they are doing? What information are they seeing? How are passwords and user access maintained? Who has access to your switching and router closets?
Complete Security Review and Plan
FAE Telecom has consultants with extensive experience in defining, designing and delivering comprehensive security audits and compliance programs covering: Department of Defense programs
- Information Assurance
- DITSCAP and DIACAP processes
- Multilevel Security
- Cross Domain Solutions
- Service Oriented Architectures
- Security Guards: ISSE, DMS, C2G, Radiant Mercury, Datasync Guard
- Information Security programs