Securing Configuration Ports for Utilities

July 29, 2014Comments Off

By Pam Johnson Pam Johnson Headshot

The diversity of devices and their geographical locations are significant parts of the challenge in securing these configuration ports. Many of these devices do not allow or support the installation of a local software agent to help logically secure them, and virtually no software agents can effectively manage the actual configuration ports themselves. Because of this, most control devices are only secured through physical security (locks, gates, walls, doors).

In order to effectively secure configuration ports while meeting NERC-CIP requirements, access to all configuration ports must be controlled and all activity over these ports must be automatically logged to provide a forensic record of this activity. These are both requirements.

These physical ports provide a special level of privileged access that can be used to:

  1. Change Configuration
  2. Upgrade Firmware or BIOS
  3. Build-out devices that have components (like servers)
  4. Perform a variety of Administrative functions
  5. Perform emergency repair or failure recovery when no other port is accessible

See how ConsoleWorks addresses this challenge at this link.

Per CIP-007-5, all ports should be secured or disabled

July 22, 2014Comments Off

By Pam Johnson Pam Johnson Headshot

Per CIP-007-5, all ports should be either secured or disabled. This obviously includes configuration ports. However, most substation devices do not allow the disabling of these ports nor should these ports be disabled as they serve important purposes, including being the primary configuration or emergency access port.

Instead, these ports must be secured.

Virtually all electronic devices with communication capability have configuration ports. For modern servers, baseboard management controllers that are networkable are the common configuration port technology. Older servers, routers, switches, firewalls, IED’s, RTU’s, etc. have serial privileged configuration ports, often network-enabled with terminal servers.

Configuration ports exist on almost every device used in Utility operations.  Control systems and control devices have configuration ports. Virtually every PLC, RTU, and IED has a configuration port (usually a privileged serial port with command and control access to the device‘s core program and operating system functions). In remote locations, such as substations and endpoints (poles), there are found many devices that have configuration ports.

From the control room to the sub-station to the pole, these physical ports provide a special level of privileged access that can be used to:

  1. Change Configuration
  2. Upgrade Firmware or BIOS
  3. Build-out devices that have components (like servers)
  4. Perform a variety of Administrative functions
  5. Perform emergency repair or failure recovery when no other port is accessible

Configuration Management’s Impact on Security & Operations

July 15, 2014Comments Off

By Pam Johnson Pam Johnson Headshot

TDi Technologies’ advancements in configuration management technology provides the much needed managerial visibility and control over unintended or unapproved changes to IT devices, eliminating the major sources of human error or nefarious activity that can impact overall security and operations.

There are a number of areas where Configuration Management adds significant value to both Security and Operations:

  • Better visibility and accountability of the configuration of devices on a network
  • Minimized trouble shooting time for downtimes caused by configuration issues
  • Reduced downtime with time alerts, alarms on identification of unauthorized configuration changes
  • Adherence to device configuration standards, software versions, and hardware
  • Proof of compliance to cyber security regulatory standards

Additional information is available on the ConsoleWorks Baseline Configuration Management solution at this link.

Page 1 of 4612345»102030...Last »
Google Analytics Alternative