- CIP Standard Gap Assessment
Burns & McDonnell performed a gap assessment of the state of fossil and hydro facilities with respect to the North American Electric Reliability Corp. Critical Infrastructure Protection (NERC CIP) standards (CIP-002 through CIP-009).
The facilities involved in this review were identified by Ontario Power Generation as critical cyber assets (CCAs). All findings were clearly distinguished between those items that are required in order to achieve compliance with the NERC CIP standards and opportunities for improvement to go above and beyond the requirements. Where possible, Burns & McDonnell provided recommendations for strategies to reduce the number of CCAs within the electronic security perimeter at each facility in order to reduce the overall compliance effort.
Burns & McDonnell uses a multi-layered approach to cyber and physical security. When surveying a facility, risks, protection measures and mitigating factors are considered and assessed for their ability to facilitate core the security principles of prevention, detection and response. This survey was performed on 15 separate CCAs, including fossil fuel and hydro generation and regional control centers throughout Ontario.
Burns & McDonnell’s electronic system security methodology included surveys of physical security systems, fire alarm systems, SCADA systems, HVAC systems, and utility monitoring and control systems.
Using integrated access control and alarm management as per the NERC CIP standard, along with credential readers, locking devices and alarm contacts, protects the CCA area with a rigorous and auditable process for granting, revoking and monitoring access, as well as retaining a computerized log for an extended period. Each location will have an interior video surveillance system to log people entering a physical security perimeter that contains protected CCAs.
The alarm contact inherent on an access-controlled door allows a captured video log of authorized and unauthorized entry. Limiting access points to the physical security perimeter combined with fixed cameras on those access points results in a highly effective video surveillance coverage area. Integrated security systems combine the functions of many security platforms (access control, closed-circuit television, fire and intrusion alarms). When combined, they offer centralized monitoring for rapid assessment and response.
- NERC CIP assessment (CIP-002-1 through CIP-009-1) at eight generation sites and hydro sites
- Physical security assessment (CIP-006-1)
- Critical Asset Assessment & Strategy Development
- NERC CIP Program Development
- NERC CIP Readiness Assessments
- SCADA/DCS Readiness Assessments
- Pentagon Integrated Campus Pilot Project
- Airport Cybersecurity Assessment
- Convention Center Security Design
- International Student Life & Housing Facility
- Airport Security Planning & Design
- Parking Lot Security Study
- Interconnect to Secure and Protect
- Five Industry Fundamentals Shaping What's to Come
- Substation Vulnerability Simulation Demonstrates Key Cybersecurity Principles
- If Ransomware Strikes, Will You Be Protected?
- Order 843 and CIP-003-7: How They Will Impact Low Sites
- Building “Impenetrable” Cybersecurity Systems With Penetration Testing
- Start Sooner to Get More Out of Security System Commissioning
- FERC Approves Reliability Standards EOP-004-4, EOP-006-3 and EOP 008-2
- Guard Against Cybersecurity Risks by Understanding Weaknesses
- Understand and Prepare for Advanced Persistent Threats in Cybersecurity
- Power Engineering: Fear the Threat, Don’t Fear the Change: Tackling Plant Cybersecurity
- Power Engineering: Cyber Security Programs: Design, Implementation & Controls, and Metrics & Measurements
- Power Engineering: Cybersecurity in the Power Industry: Why Should You Care?
- Security Systems News: Specifically Speaking with Shawn M. Whalen
- Power Engineering: Integrated Factory Acceptance Tests
- Forbes: 9/11 brought changes to skyscrapers and high-rises