Technical Controls Applied to Substation’s Critical Cyber Assets

Submitted by: Submitted by

Views: 439

Words: 2787

Pages: 12

Category: Science and Technology

Date Submitted: 09/15/2011 09:54 AM

Report This Essay


On July 21, 2009 North American Electric Reliability Corporation (NERC) Standard Drafting Team posted the concept paper “Categorizing Cyber Systems: An Approach Based on BES Reliability Functions” [1] for comments. The concept paper discusses a new approach to Critical Assets (CA) and Cyber Critical Assets (CCA) identification based on their role in supporting the Adequate Level of Reliability (ALR). In the concept paper, NERC describes that in order to obtain an ALR, the Bulk Electric System (BES) must achieve six characteristics of reliability which are supported by nine BES functions.

The familiar “dial-up or routable protocol accessible” concept as a requisite for a Cyber Asset to become a CCA is gone. The concept paper determines the Target of Protection (new name for CCA) based on their importance on providing and/or allowing the desired level of resiliency of the nine BES functions. On August 25 2009, NERC provided an example of three relays being identified as Target of Protection based on their support of two BES functions (Restoration and Load Management), and how they will be protected different derived from the impact on the function they support.

The “one size fits all” security for CCA introduced in NERC Critical Infrastructure Protection (CIP) Standards version one and two is also gone. The concept paper proposes different degrees of protection; high, medium or low is the possible level of protection depending on Target of Protection impact to BES functions if it is unavailable. The security controls for the three levels of protection are under development, and concept paper promises the control will be flexible while providing adequate protection. On August 25 2009, NERC announces that the library of security controls will be modeled after the National Institute of Standards and Technology (NIST) 800-53 “Information Security - Recommended Security Controls for Federal Information Systems” [2].

NIST 800-53 is a massive 188-page...