Managing Transient Cyber Assets: The Power of Partnership
In practice, supporting transient cyber assets (TCAs) can go awry of even the best laid plans.
TCAs introduce several demands – periodic (if not frequent) updating, specific kinds of computers and software to track, particular device configurations to provision, compliance evidence to gather – that can overload already busy operations at moments when obligations are the most time sensitive.
Workers from information technology (IT), regulatory compliance, and field operations can’t afford unusual responsibilities stemming from TCA enactment and usage that result in added steps that only complicate their jobs further.
The Burden of Compliance: NERC Standards and Beyond
TCA network access, software installations, anti-virus scans and updates, device connectivity, and usage are categorically different matters compared to regular workforce computers.
The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards that define TCAs, including CIP-010 Configuration Change Management and Vulnerability Assessments and CIP-005 Electronic Security Perimeter(s), and similar regulations in some Canadian provinces, limit their use cases to very narrow testing and maintenance purposes confined within strict cybersecurity safeguards. Consequently, supporting TCAs is a whole different ballgame from standard desktop support.
The onus falls on IT professionals, regardless of experience or staffing, to anticipate and respond to atypical circumstances that are inevitable in whatever TCA management approach their companies take.
In cases of individual TCAs being assigned per substation, technicians encounter unfamiliar computers that may need new drivers or other updates for certain mission-critical functions to work. During substation outages when the clock is ticking, technicians need support right away even if it’s outside 8-5 business hours. In any event, critical questions arise: Can the technician get the machine onto the company’s IT support site? Would IT be familiar with the software and operating system – even if both are decades old – and be able to remote in and provide the update? Could this be done quickly, even after hours?
Similarly, TCAs that are assigned to individual workers can also require specific software updates, day or night. But what if their TCAs get broken? Would replacements come quickly? Would they have the same images and port configurations as the originals?
Whether per substation, per technician, or some other kind of arrangement, at the end of the day TCAs must be locked down – hopefully without disrupting workers. Additionally, every detail of the device– where they are, how they’re configured, which versions of security and operational software are installed, and when anti-virus scans were performed, and so on – must be tracked. These ongoing requirements, with recurring monthly deadlines, make TCA sustainment a temporal administrative and technical lift that IT teams bear on multiple fronts.
On top of hardening TCA computers, controlling their usage and supporting their users, IT workers encounter another responsibility: standing up information systems for gathering compliance evidence. Every TCA program element is subject to scrutiny during CIP-010 and CIP-005 audits, and some also impact compliance to other NERC standards including PRC-005 Protection System, Automatic Reclosing, and Sudden Pressure Relaying Maintenance. For the sake of audit readiness, IT can find itself being called upon to stitch together reports out of manual and computerized operational technology (OT) records wherever they may be stored. Companies can devote months – literally – to internal mock audits in preparation for the real thing from NERC and still not be 100% confident in their posture when it matters most.
NERC CIP standards do not prescribe TCA management; they set minimum requirements regarding elements that constitute TCAs and the maximum timeframes allowed for implementing those elements. How registered entities operate their TCA programs is up to them, but neither NERC nor cybercrime are going away. If anything, the work to stay up to speed with both regulatory and operational developments will only get harder in the wake of evolving cyberthreats.
Doble’s Approach: A Reliable Partner in TCA Management
The Doble Transient Cyber Asset Program™ removes the stress surrounding TCAs from utility professionals who have a lot on their plate already. Through specialized services and hardware, this proven solution helps busy people do their core jobs as usual without worrying about the TCAs in their operations or their compliance posture regarding them.
Experts from Doble with skillsets and deep knowledge in areas of IT, NERC compliance, and substation testing and maintenance provide customer stakeholders with tailored support for their unique situations. For IT teams, Doble takes on the burden of TCAs entirely, from providing and maintaining the devices themselves to provisioning and updating software, to handling all the administrative duties in between. For compliance officers and OT administrators, the Doble Security Portal™ gives the full picture of TCA fleet status and provides ample tracking and reporting from the convenience of a web-based interface that is comprehensive and secure. For TCA end users, Doble provides ruggedized laptops that are hardened, support any test equipment and software – old and new – and even provide access to quality technical assistance 24/7/365.
Empowering Utility Professionals: The Doble Advantage
The customer base of the Doble Transient Cyber Asset Program is growing because it delivers 100% NERC CIP TCA compliance on Day 1, and it saves them capital on numerous error prone and inefficient resource intensive tasks. Customers can partner with Doble instead of going into it alone and avoid unanticipated administrative expenses concerning what adequate hardware and training allocations ultimately cost, let alone staffing up or upskilling personnel to deal in the complex and endless matter of TCA program sustainment, which is expensive in more ways than one.
The TCA implementations Doble offers are all-inclusive, customizable, and meet or exceed requirements set by NERC CIP standards. Ultimately, IT, compliance, and field operations stakeholders gain time and simplicity in their workday and have qualified professionals from Doble in place to quickly provide support anytime, including after hours and during audits. Doble even holds weekly meetings to ensure customer implementations of the Transient Cyber Asset Program operate like well-oiled machines.
To learn more, visit Transient Cyber Asset (TCA) & NERC Regulation – Doble.
- Product: Doble Transient Cyber Asset Program™
- Webinar: Securing the Grid: A Solution for NERC CIP Transient Cyber Asset Requirements | January 30, 2024