Gain NERC CIP Compliance with Dragos Platform and Professional Services
Discover how Dragos can support your NERC CIP compliance efforts with our Platform technology, subject matter expertise in electric sector operations, and experience working in ICS/OT environments.
CHALLENGE
Maintaining Regulatory Compliance Under NERC CIP
The North America Electric Reliability Council’s (NERC) Critical Infrastructure Protection (CIP) standards were developed to enhance the cybersecurity of electric utilities. These standards must be closely adhered to even as they continue to evolve to account for new technological advances like virtualization and cloud-enabled services.
Over time, events occur that provide new insights to emerging operational risks, and organizations look to innovative technologies to help manage the risks to their businesses. This dynamic landscape creates challenges for electric utilities, regulators, and solutions providers, all of whom are working hard to adhere to internally developed standards while simultaneously looking ahead to a time when the standards may need to mature.
Electric utility asset owners facing these challenges cannot undertake the journey alone. Instead, they need to pursue partners and solutions that support their operational needs and business objectives.
DRAGOS SOLUTIONS
A Cohesive Approach to Cybersecurity and Compliance in your Operational Technology (OT) Environment
In working with hundreds of electric sector organizations, Dragos has developed a tried and tested approach to helping our customers defend against, or respond to, cyber incidents in their operations environments. We have a focus and subject matter expertise in electric sector operations, ICS environments, and NERC CIP to support your compliance efforts when implementing detection and monitoring solutions across CIP facilities.
Properly identifying ideal network monitoring locations is a daunting task, so to begin we recommend having our Professional Services team conduct a Crown Jewel Analysis as part of an Architecture Review.
The result of this assessment will identify the prime locations to monitor your SCADA networks and their associated assets in your High, Medium, and Low Impact environments. The Architecture Review will also ensure that these environments are adequately segmented from your IT network and the internet if part of an Electronic Security Perimeter (ESP).
A Tabletop Exercise, facilitated by our industrial consultants, will bring your IT and operations teams together to run through a simulated Reportable Cyber Security Incident against your OT environment. In these exercises, our team leverages intelligence on ICS-targeting activity groups to create a realistic scenario based on real adversary tradecraft. NERC CIP requires that these simulations be conducted once every 15 months, and with an Incident Response Retainer, they can be proactively scheduled.
OT Cybersecurity Technology and Professional Services for NERC CIP
The expansive coverage and level of detail in cybersecurity frameworks like NERC CIP can be challenging. Dragos provides the technology in the Dragos Platform to implement many of the most critical OT security controls contained in NERC CIP. Our Professional Services group provides the expertise to help evaluate and mature your OT security practice, while our Threat Intelligence team delivers the situational awareness on new threats and vulnerabilities.
Cyber threats don’t wait
Wherever you are in your cybersecurity journey we’re here to help you take the next step in auditing and adhering to industry compliance requirements.