Achieving North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) compliance isn’t easy, especially in complex OT environments containing industrial control systems (ICS). Critical infrastructure providers like this U.S. power utility know it takes the visibility provided by powerful file integrity monitoring (FIM) and security configuration management (SCM) tools to get the job done right.
INDUSTRY: ENERGY (ELECTRIC UTILITY GENERATION AND TRANSMISSION)
CUSTOMER SINCE: 2011
SOLUTIONS: TRIPWIRE® ENTERPRISE,
TRIPWIRE® STATE ANALYZER
AND TRIPWIRE® LOG CENTER®
Benefits of Tripwire
This power utility, like most, has multiple installs of Physical Access Control Systems (PACS), such as cameras, badges and alarms, as well as primary and backup Supervisory Control And Data Acquisition (SCADA) systems. Their cybersecurity specialist spends most days completing the tasks necessary to maintain SCADA system security and NERC CIP compliance.
That includes system patching, firewall configuration, maintaining system baselines, monitoring system logs, managing access privileges, exercising incident response, and writing cybersecurity policies. In addition, this specialist uses Tripwire Log Center and Tripwire Enterprise to manage SQL databases and provides SCADA system support.
Tripwire also helps cut back on time and resources spent on manual cybersecurity and compliance efforts. As a 500 MW Facility with about 500 employees, Tripwire easily replaces one technician—making it a much more cost-effective solution.
Deploying Tripwire Solutions for Continuous NERC CIP Compliance
This utility uses Tripwire Log Center to generate alarms that alert system dispatchers by internal email if any network device fails to generate a log within a specific, customizable timeframe. Deep integrations like this are just one reason Tripwire Log Center meshes so well with ICS critical infrastructure environments.
When Version 5 of the NERC CIP requirements loomed on the horizon, this utility’s security team decided it was time to expand its Tripwire arsenal to include Tripwire Enterprise.
NERC CIP-007 R4 requires organizations to conduct security event monitoring to stay compliant. Tripwire Log Center helps the team meet the demand by aggregating raw logs for centralized reporting. It identifies patterns of interest in real time and uses multiple query templates that map to various CIP requirements. It also follows the normalization and correlation rules unique to ICS environments using built-in threat intelligence to identify intrusions, breaches, DDoS attacks, privilege escalation and insider threats.
Once Tripwire Enterprise connected to the network, it created a baseline of all their files—a record of the system in a secure state from which any new changes can be analyzed for threats. It tracks services running, ports, users, and antivirus activity.
For a detailed list of NERC CIP requirements mapped to the Tripwire solutions that fulfill them, visit our NERC CIP Compliance Page.
Need Help Finding a Cybersecurity Solution?
Contact one of our product experts to find a solution that meets your security needs and reduces your business risk. Whether you have one or several initiatives to respond to, Tripwire ensures compliance, security and flexible risk management solutions.