Updates on NERC-CIP-012: Enhancing Cyber Security for Communication Between Control Centers.

 

The North American Electric Reliability Corporation (NERC) has updated its Critical Infrastructure Protection (CIP) standards with the release of CIP-012-2, which focuses on enhancing cyber security for communication between control centers within the Bulk Electric System (BES). This updated standard expands on the protections required by CIP-012-1 and introduces new requirements to mitigate the risk posed by the loss of availability of communication links and real-time assessment and monitoring data transmitted between control centers.

 

Key Updates in CIP-012-2:

 

1. Expanded Scope: CIP-012-2 expands the scope of CIP-012-1 by requiring protections for the availability of data in transit and for initiating recovery of lost communication links, in addition to existing security requirements.

2. Risk Mitigation: Utilities are required to conduct risk assessments to identify and evaluate the risk posed by the loss of availability of communication links and real-time data transmission.

3. Availability Protections: Two new parts are added to Requirement R1 of CIP-012-1 to address availability:

   - Part 1.2 requires protections for the availability of data in transit, ensuring that data remains available and accessible during transmission.

   - Part 1.3 requires protections to initiate recovery of lost communication links, ensuring that communication links are restored promptly in the event of a loss of availability.

4. Security Controls: Utilities must implement security controls to protect communication links and real-time data transmission, including encryption, authentication, and access controls.

5. Change Management: Utilities must establish and maintain a change management process to ensure that any changes to communication links are implemented securely and do not introduce vulnerabilities.

6. Incident Response: Utilities are required to develop and implement incident response plans specific to cyber security incidents affecting communication between control centers, ensuring a timely and effective response.

 

Current State and Applicability

The revised standard was adopted by the board on December 12, 2023, and filed with FERC on January 31, 2024. Entities are now preparing for its implementation, which will require adherence to these more stringent security protocols.

 

Technical Architecture for CIP-012-2 Compliance:

To comply with CIP-012-2, utilities need to implement a robust technical architecture that includes:

1. Secure Communication Links: Implementing secure communication links between control centers using encryption technologies to protect data in transit.

2. Access Controls: Implementing access controls to ensure that only authorized personnel have access to communication links and data transmitted between control centers.

3. Intrusion Detection and Prevention Systems (IDPS): Deploying IDPS to monitor communication links for suspicious activity and prevent cyber-attacks.

4. Network Segmentation: Segmenting communication networks to limit the impact of a cyber-attack and prevent lateral movement within the network.

5. Security Information and Event Management (SIEM): Implementing SIEM systems to monitor and analyze security events related to communication between control centers.

6. Incident Response Systems: Developing and implementing incident response systems for cyber security incidents affecting communication between control centers, including alerting mechanisms and response protocols.

 

By implementing these measures, utilities can enhance the security and reliability of communication between control centers, ensuring the integrity and availability of the Bulk Electric System.

 

#InfoSec #CyberSecurity #energysecurity #GridModernization #NERCCIP