Grid securityNERC CIP-compliant grid security reporting tool

San Jose, California-based Skybox Security the other day announced that its Firewall Assurance delivers out-of-the-box cyber security compliance reporting for the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards.

NERC CIP Standard is a comprehensive framework of physical and cyber security best practices to safeguard the bulk power system for North America. The company says that with the new NERC report in Skybox Firewall Assurance, energy and utility organizations can automate the network security assessments of firewalls, routers, and other network devices. This gives utility operators an on-demand way to demonstrate to auditors evidence of compliance with firewall security policies, documentation of exceptions to firewall policies, change control, access control, and network device configuration checks. In addition, the report confirms the existence of automated and extensive test procedures for network devices, and shows that results are documented. The NERC report provides a view of an organization’s compliance with several sections of the standard, including: CIP-002-3 Critical Cyber Asset Identification, CIP 003-3 Security Management Controls, CIP 005-3 Electronic Security Perimeters, and CIP-007-3 Systems Security Management.

“It is important to maintain an effective network security perimeter and the new NERC CIP reporting functionality is a means of simplifying the reporting process,” said Robert Melis, manager, data center operations at California Independent System Operator Corporation (ISO). “The new capabilities will reduce the time we spend on documenting compliance with mandatory regulations.”

“Utilities companies place high emphasis on achieving 100 percent reliability of the bulk power distribution network,” said Gidi Cohen, CEO at Skybox Security. “Today it’s as critical to protect the networks of energy producers from malicious cyber attacks as it is to ensure physical security. Firewall Assurance helps organizations be more resilient against potential disruptions due to cyber risks, while reducing their compliance reporting costs.”

The company highlights these features of Skybox Firewall Assurance:

• Automatically import firewall configuration data and look for rule conflicts and misconfigurations
• Continuously monitor firewall security and compliance status
• Create firewall audit reports addressing NERC, NIST, PCI DSS and other standards
• Track changes made to firewall access rules and objects