NERC-CIP V5 Encourages Unidirectional Gateways

Author
SySAdmin
Posted
November 5, 2012
Views
1167

Page All:

Page 1
NERC-CIP V5 Encourages Unidirectional Gateways

TEL-AVIV, Israel, November 5, 2012 /PRNewswire/ --

    The provisionally-approved CIP V5 standards address a wider spectrum of cyber-security
technologies than were addressed in previous versions, and in particular the draft V5
standards address and encourage the use of hardware-enforced Unidirectional Security
Gateways.

    Unidirectional Gateways are a secure alternative to firewalls, and are used in
defense-in-depth security architectures for the control systems which operate the power
grid. Like firewalls, the gateways integrate control system data sources with business
information systems through Electronic Security Perimeters. Unlike firewalls, the gateways
cannot introduce security vulnerabilities as a result of this integration. The gateway
hardware is "deterministic" - no misconfiguration of any software can cause the gateway
hardware to put the safety or the reliability of industrial servers at risk.

    CIP auditors increasingly encounter hardware-enforced unidirectional communications
technologies in their practice, and as a result, NERC publications increasingly address
the topic. Members of the CIP version 5 drafting team point out that this version of the
CIP standard was carefully written to encourage the use of strong security technologies in
the form of Unidirectional Security Gateways. The standards reduce requirements and
compliance costs for unidirectionally-protected equipment precisely because the strong
security provided by unidirectional communications warrant reductions in secondary
protective measures. This is the strongest encouragement the CIP V5 drafting team can
provide for a specific security technology.

    When addressing Bulk Electric System entities at a recent NERC conference, Tim Roxey,
NERC's Chief Cyber Security Officer, offered the opinion "When you are considering
security for your control networks, you need to keep in mind innovative security
technologies such as unidirectional gateways." He later encouraged entities to "embrace
the technology."

    Andrew Ginter, the Director of Industrial Security at Waterfall Security Solutions,
commented, "The integration of control system data with business information systems is
driving cost savings throughout the Bulk Electric System. Entities planning to deploy such
integration under the CIP V5 standards have two choices - they can integrate their systems
using firewalls and deploy costly documentation, processes and procedures to protect those
firewalls, or they take the straightforward approach and integrate their systems securely
using Unidirectional Security Gateways." He adds "Deploying strong security is entirely
within the spirit of the CIP standards. The point of the CIP standards is enhancing
reliability through improved cyber-security."

    All ten of the draft NERC-CIP version 5 standards passed ballot on October 10, 2012,
with each standard achieving at least a 2/3 approval rating. Final versions of the
standards are expected to be available within 3-4 months.

    Waterfall Security Solutions Ltd. is the leading provider of Unidirectional Security
Gateways(TM) and data diodes for industrial control networks and critical infrastructures.
Waterfall's Unidirectional Gateways reduce the cost and complexity of compliance with
NERC-CIP, NRC, NIST, CFATS and other regulations, as well as with cyber-security best
practices. Waterfall's products are deployed in utilities and critical national
infrastructures throughout North America, Europe, Asia and Israel. Frost & Sullivan
describe Waterfall's solutions as ensuring "optimum security for networks across user
verticals" and awarded Waterfall the 2012 Network Security Award for Industrial Control
Systems Entrepreneurial Company of the Year. Waterfall's offerings include support for
leading industrial applications, including the OSIsoft PI(TM) Historian, the GE
Proficy(TM) iHistorian, Siemens SIMATIC(TM)/Spectrum(TM) solutions and GE OSM(TM) remote
monitoring platforms, as well as OPC, Modbus, DNP3, ICCP and other industrial protocols.
More information about Waterfall can be found on the company's website at:
http://www.waterfall-security.com.

Waterfall Security Solutions Ltd

CONTACT: Contact: +1-(212)714-6058, Info@waterfall-security.com

Title

Medium Image View Large