NERC-CIP & SMART GRID Solutions

TDi Technologies provides solutions for some of the toughest cyber security challenges in the Utilities industry. We are actively involved in helping ensure North America has the uninterrupted power it needs to operate our businesses and live our lives. Our solutions directly address NERC-CIP requirements in key areas where we are pioneering the cyber security practices that meet the challenges of today and tomorrow.

Our solutions include:

Baseline Configuration Management Remote Access Management Configuration Port Security

Baseline Configuration Management

Baseline configuration management (BCM) is an important part of defending the security of the Bulk Electric System (BES). It helps Utility providers establish and retain a set of secure configuration profiles across hundreds, often thousands of cyber assets. Without automation, BCM is a costly operations activity that is difficult to manage and prone to mistakes that can leave the Utility provider vulnerable to cyber attack.

ConsoleWorks solves this challenge with a device and platform agnostic approach to BCM for all routable protocol devices. From the control room, to the substation, to the pole, ConsoleWorks automates baseline configuration management of all cyber assets.

Where alternative automated BCM solutions exist they are typically device or brand specific, often developed as part of a device family for a particular vendor. Functionality varies widely from manufacturer to manufacturer and many common components (servers, routers, appliances) are not covered effectively (if at all) by the solutions available.

ConsoleWorks Baseline Configuration Management (BCM) is an automated BCM solution that addresses a significant portion of CIP-010-5 R1 & R2. The solution provides:

  • Device Agnostic/ Platform Agnostic Support
  • Automated device configuration retrieval
  • Automated comparison of current configuration to baseline configuration
  • Automated comparison of current configuration to baseline configuration
  • Automated Event Detection and Alerting
  • Logging over the entire BCM process for all devices
  • Digitally-signed logs for compliance reporting and forensic history

Whitepaper CIP-010-5 R1 R2

NERC_CIP_010_5_R1_R2_wpNERC-CIP-010-5 R1 R2 DRAFT. The Importance of Baseline Configuration as a Critical Security Management Control.
NERC-CIP-010-5 R1 R2 Whitepaper

Solution Brief: Baseline Configuration Management

The ConsoleWorks Baseline Configuration Management Solution offers Utility providers a unified solution for automating baseline configuration management of all cyber assets from the Control Room to the Substation to the Pole.
Solution Brief: Baseline Configuration Management

Remote Access Management

Remote Access Management (RAM) is the Utility Provider’s defense against unauthorized access to the Electronic Security Perimeter (ESP) of the Bulk Energy System (BES). Remote access is required to support operations. Many authorized users within corporate offices, the control room, at sub stations, on the move (mobile), and 24/7 support from home (or wherever a person may be) depend on remote access. Remote Access Management facilitates these authorized users while providing a staunch defense against access by unauthorized users.


ConsoleWorks solves this challenge with a unique, and highly secure, Remote Access Management solution. ConsoleWorks provides true separation of networks (remote user, ESP), allowing only ASCII text to be passed to and from the ESP (no viruses or malware). The fine-grained privilege model in ConsoleWorks gives the Utility provider control over assets each user may interact with. Least privilege automatically defaults to “deny” and supports command-by-command privileged grants for absolute control over remote users. Detailed activity logs (down to the keystroke) provide comprehensive forensic reporting, compliance data, and situational awareness over all remote user activity.

Whitepaper CIP-005-5 R2

NERC-CIP-005-5 R2 DRAFT. Understanding the Security Requirements for Remote Access Management to the Bulk Energy System
NERC-CIP-005-5 R2 Whitepaper

Solution Brief: Remote Access Management

The ConsoleWorks Remote Access Management Solution offers Utility providers a comprehensive security solution over remote user access with performance benefits that increase remote user productivity.
Solution Brief: Remote Access Management

Configuration Port Security

Configuration ports on critical and non-critical cyber assets are often misunderstood and overlooked in the overall cyber security strategy. This paper discusses the importance of configuration ports in the overall cyber security strategy and how they apply to the NERC-CIP standard. An Industry Advisory from NERC with additional details on this subject is available here: NERC Industry Advisory

What Are Configuration Ports?

Configuration ports exist on almost every hardware device in the IT infrastructure. These physical ports provide a special level of privilege access that can be used to:
1) Change Bios
2) Upgrade Firmware
3) Set Baseline Configuration
4) Build-out devices that have components (like servers)
5) Perform a variety of Administrative functions
6) Perform emergency repair or failure recovery when no other port is accessible

Except for power supply or catastrophic electronic component failure, configuration ports are active at all times – even when conditions have degraded a device to the point that no other port can accept communications. They are the default emergency access point for every IT device.

Per CIP-007-5 all ports should be either secured or disabled. This obviously includes configuration ports. However, most IT devices do not allow the disabling of these ports nor should these ports be disabled as they serve important purposes, including being the primary emergency access port. Instead, these ports must be secured.

Whitepaper CIP-007-5 R1

NERC-CIP-007-5 R1 DRAFT. Understanding the Importance and Relevance of Configuration Ports to Utility Cyber Security
NERC-CIP-007-5 R1 Whitepaper

Solution Brief: Configuration Port Security

Per CIP-007-5, all ports should be either secured or disabled. This obviously includes configuration ports. ConsoleWorks provides a means to secure these ports, helping Utility providers meet NERC-CIP requirements and pass NERC-CIP audits.
Solution Brief: Configuration Port Security

Smart Grid Assessment Brochure
Smart Grid Cyber Security Assessment

The Smart Grid Cyber Security Assessment gives Utility companies clear line of sight into their current ability to meet security and compliance challenges in the IT Foundation of their control centers. The Evaluation brings to light the maturity of the Utility security practice from multiple perspectives and provides recommendations on how gaps can be addressed with IT Foundation Management.

The brochure is also useful for those interested in learning more about our problem/solution focus areas.

Download Assessment Brochure

  • LinkedIn
  • Twitter
  • RSS
  • Google Buzz
  • Yahoo! Buzz
  • email
  • Google Bookmarks
  • Technorati
  • Facebook
Google Analytics Alternative