Cybersecurity of field devices can be difficult to ensure. Substation devices such as protective relays are distributed across the utility service area and remote access to these critical assets is not allowed in most cases. Also, the tablets and laptops used by the field personnel for working with critical substation assets often do not have network connectivity and are not reachable. Due to these factors, essential ongoing tasks such as security patching and data transfer are challenging. These tasks are essential to ensuring grid cybersecurity and are subject to regulatory compliance standards such as NERC CIP.
Your laptops and tablets used for testing are subject to new CIP requirements designed to eliminate unauthorized access points and prevent malware from getting into a substation.
Your testing devices now need to be cyber secure and you need to be able to show it, too. This means policies, plans and evidence.
Portable storage, classified as removable media, such as thumb drives, USB sticks, and CD-ROMs are subject to new CIP requirements intended to prevent malware from getting into substations.
Securing your test laptop and/or tablet is not enough. The software on it should be secured and kept up-to-date. CIP requires it!
Why reinvent the wheel? It doesn’t need to be something provided by your IT department.
Doble is helping utilities implement NERC CIP compliant testing programs that protect their transient cyber assets and the data on them. Our approach includes strong multi-layered information security measures on top of device security measures.