SANS Industrial Control Systems Security Blog: Category - NERC CIP

One CIP, Two CIP, Red CIP, Blue CIP

This blog was written by - Tim Conway with contributions, edits, and research from Ted Gutierrez and Kevin Perry Looking at the Ukraine cyber-attacks through the various lenses of NERC CIP Following the cyber-attacks which impacted the Ukrainian electric system on December 23, 2015 there were a number of public statements and discussions asking … Continue reading One CIP, Two CIP, Red CIP, Blue CIP


Microsoft's New Patching Models will Cause Havoc for NERC Registered Entities

In May 2016, Microsoft announced a change to how updates for Windows 7 and 8.1 systems would be offered. That change made available "Monthly Rollups" that allow all previously released non-security updates to be installed in a single installation update. This week, Microsoft announced a revision to the previously reported plan in that the … Continue reading Microsoft's New Patching Models will Cause Havoc for NERC Registered Entities


NERC CIP Continues to Grow and Adapt

Today, FERC announced the approval of Order 829 directing NERC to develop a Reliability Standard addressing "supply chain risk management for industrial control system (ICS) hardware, software, and computing and networking services associated with bulk electric system operations." Imposing requirements on entities to secure the supply chain will present a significant challenge and I'm anxious … Continue reading NERC CIP Continues to Grow and Adapt


Ukrainian Grid Attack: How NERC CIP-like Measures Might Have Helped

With the recent release of the E-ISAC and SANS ICS Defense Use Case (DUC) #5 which analyzed the cyber-attack that impacted Ukraine on December 23, 2015, I wondered how NERC CIP might have helped. I want to preface this analysis with acknowledgement that the Ukrainian event was wholly contained at the distribution level of their … Continue reading Ukrainian Grid Attack: How NERC CIP-like Measures Might Have Helped


E-ISAC and SANS Report On The Ukrainian Grid Attack

Yesterday the SANS ICS team released its Defense Use Case (DUC) #5 analyzing the cyber-attack that impacted Ukraine on December 23, 2015. The paper is written from the perspective of what lessons that can be learned from the event. The unprecedented cyber induced power disruption provides an opportunity for US electric grid asset owners and … Continue reading E-ISAC and SANS Report On The Ukrainian Grid Attack