How Tripwire State Analyzer Can Help You to Comply with NERC CIP

Are you an organization that operates a Bulk Power System (BPS) in the United States? If so, you understand the need to comply with the Critical Infrastructure Protection (CIP) standards. Developed by the North American Electric Reliability Corporation… Continue reading How Tripwire State Analyzer Can Help You to Comply with NERC CIP

Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 339’

via the respected security expertise of Robert M. Lee and the superlative illustration talents of Jeff Haas at Little Bobby Comic

Permalink
The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comic &#… Continue reading Robert M. Lee’s & Jeff Haas’ Little Bobby Comic – ‘WEEK 339’

Achieving CIP Compliance, NERC-Style

It’s often said that cybersecurity is hard. Anyone who has ever worked their way through the SANS Critical Controls, PCI-DSS or even something deceptively minimalist as the OWASP Top 10 knows that success in achieving these security initiatives require… Continue reading Achieving CIP Compliance, NERC-Style

4 Steps for Assessing Your NERC CIP Compliance Program

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) Standards are a cybersecurity compliance framework designed to protect utility organizations. Adhering to these guidelines is essential—falling short will… Continue reading 4 Steps for Assessing Your NERC CIP Compliance Program

FERC Releases Staff Report on Lessons Learned from CIP Audits

In October, the Federal Energy Regulatory Commission (FERC) released its “2020 Staff Report Lessons Learned from Commission-Led CIP Reliability Audits.” The report summarizes the Commission’s observations from Critical Infrastructure Protection (CIP) a… Continue reading FERC Releases Staff Report on Lessons Learned from CIP Audits

FERC Approves Deferment of 3 CIP standards

Just a couple of weeks back I posted to The State of Security an article titled “Finally Some Good News: NERC Proposes Deferment of 3 CIP standards,” and, as suspected, the Federal Energy Regulatory Commission (FERC) approved the extension … Continue reading FERC Approves Deferment of 3 CIP standards

CIP-003-7: Transient Cyber Assets and Removable Media in 2020

Standard CIP-003 exists as part of a suite of Critical Infrastructure Protection (CIP) Standards related to cybersecurity that require the initial identification and categorization of BES Cyber Systems and require organizational, operational, and proce… Continue reading CIP-003-7: Transient Cyber Assets and Removable Media in 2020

What is NERC?

NERC CIP Standards Background and Basics The North American Electic Reliability Corporation (NERC) is an international regulatory organization that works to reduce risks to power grid infrastructure. They do this through the continual development of a … Continue reading What is NERC?

Developing an Effective Change Management Program

Detection of change is easy… There, I said it. Anyone can do it. One thousand monkeys with keyboards can pound out scripts to detect change. What is not so easy, what the monkeys can’t do, is reconcile change. Even worse, it’s usually… Continue reading Developing an Effective Change Management Program

Software Monitoring for NERC CIP Compliance: Part 1

As organizations grappled with NERC CIP version 5, Tripwire learned along the way. In this series, I’ll cover the aspect of CIP that has come up the most in the last year: how to meet the software monitoring requirements. Software Inventory as a … Continue reading Software Monitoring for NERC CIP Compliance: Part 1