NERC Compliance with Solidcore

The North American Electric Reliability Council (NERC) has been committed to ensuring the reliability of the bulk power system in North America. To achieve that, NERC develops and enforces reliability standards that are mandatory and enforceable throughout the 50 United States and several provinces in Canada. Entities in the U.S. found to be in violation of a standard can be subject to fines of up to $1 million per day per violation.

Among the NERC compliance requirements is the Critical Infrastructure Protection (CIP) program, which consists of nine sub-standards that include the CIP-007-1 requirements for Systems Security Management. Solidcore’s dynamic whitelisting and continuous file integrity monitoring capabilities provide the strongest and most cost-effective means for meeting these critical requirements. The following outlines how Solidcore allows customers to quickly and easily meet the NERC CIP-007-1 compliance requirements:

CIP-007-1-R1: Ensure that new Cyber Assets and significant changes to existing Cyber Assets do not adversely affect existing cyber security controls. A significant change shall, at minimum, include implementation of security patches, cumulative service packs, vendor releases, and version upgrades of operating systems, applications, databases platforms, or other third-party software or firmware.

Solidcore Solution: NERC is concerned about the possible contamination of a system and degradation of a security control as disguised as one of the items identified as a significant change outlined in the requirement. Unlike the Payment Card Industry (PCI) standard, NERC does not take the position that these security fixes inherently increase the security of a system. Solidcore’s dynamic whitelisting protects the state of the system and provides memory protection that mitigates risk, keeping all security controls pristine until any significant changes can be thoroughly validated. In addition, solidcore helps track all the changes specified in the requirement and throughout the audit process.

CIP-007-1-R2: Establish and document a process to ensure that only those ports and services required for normal and emergency operations are enabled.

Solidcore Solution: Solidcore S3 Control is able to maintain and whitelist the state of the system. This includes the ability to prevent configuration changes to standards set by the “responsible entity.” Port scanning may currently be used to provide the audit trail measures for this requirement, but Solidcore provides added security by preventing changes from occurring in the first place, and can provide a benchmark report that replaces port scanning. With whitelisting in place, the administrator can control what applications run on the system, therefore controlling the open ports.

CIP-007-1-R3: Establish and document a security patch management program for tracking, evaluating, testing, and installing applicable cyber security software patches for all Cyber Assets within the Electronic Security Perimeter.

Solidcore Solution: Solidcore S3 Control can provide the compensating measure applied to mitigate risk exposure when the security patch or patch management program cannot be accomplished in the timeframe as outlined in CIP-003-R6, or needs to be validated as described in CIP-007-R1.

CIP-007-1-R4: Use anti-virus software and other malicious software prevention tools, where technically feasible, to detect, prevent, deter, and mitigate the introduction, exposure, and propagation of malware on all Cyber Assets within the Electronic Security Perimeter.

Solidcore Solution: Solidcore S3 Control with dynamic whitelisting prevents all unauthorized changes to a system, including those that may come from tampering, malware or unapproved access. Zero-day vulnerabilities, or possible exploits identified in authorized applications, will be mitigated through Solidcore’s ability to provide memory protection, a feature which will stop the possibility of code injection either onto disk or memory - a common tactic utilized by sophisticated malware. Solidcore’s patented low overhead and low footprint provides complete protection in a standalone mode, not requiring any signature or centralized console. This makes Solidcore an ideal solution for regulated distributed control systems. Solidcore provides lock-down capabilities for a wide range of operating systems, from Windows to Linux and Unix, and offers protection for Windows NT systems.

CIP-007-1-R6: Ensure that all Cyber Assets within the Electronic Security Perimeter, as technically feasible, implement automated tools or organizational process controls to monitor system events that are related to cyber security.

Solidcore Solution: The Solidcore S3 Control centralized reporting console can provide real-time file integrity monitoring and system alerts, automating the security monitoring of critical infrastructure. An added benefit comes from using Solidcore’s dynamic whitelisting to lock the state of a system from unauthorized change, where login attempts and other unapproved activities generate automatic alerts with forensic information of possible infiltration or tampering.