Scribd Logo
Upload

Welcome to Scribd!

  • Patch-Management-Solutions

    Uploaded by

    sentoubudo1647
    7 views25 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views25 pages

    Patch-Management-Solutions

    Uploaded by

    sentoubudo1647

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 25

    Cyber Security | Compliance | Industrial Computing

    NERC CIP-007 v. 5 Patch Management:


    Factors for Success

    A Presentation By:
    EnergySec
    FoxGuard Solutions
    NRG
    It’s Interactive

    Please submit your


    questions through
    the control panel to
    get answers LIVE
    from our panelists.

    2  
    It’s Hip to Chat
    EnergySec is hosting an online chat to accompany this
    webinar which is open to all registered EnergySec
    Community participants.
    To join the chat as a guest, visit:
    https://hipchat.energysec.org/gEUq1qmNi
    If you have a HipChat account already, join us in the room.
    Note: Registered users have access to the chat history, file
    attachments, and links

    3  
    Agenda
    § Introductions
    § CIP-007-5 Requirements
    § Need
    § Challenges
    § Understanding Patch and Update
    Management
    § Customer Insight
    § Q&A

    4  
    Meet Your Panelists

    Karl  Perman  
    VP,  Services  
    EnergySec  

    Monta  Elkins  
    Security  Architect  
    FoxGuard  SoluJons  

    Larry  Snow  
    NERC  CIP  Manager/East  and  Midwest  
    NRG  

    5  
    CIP-007-5- SECURITY PATCH
    MANAGEMENT

    6  
    CIP-007-5 Part 2.1

    § High Impact BES Cyber Systems and their associated:


    – EACMS, PACS, PCA
    § Medium Impact BES Cyber Systems and their associated:
    – EACMS, PACS, PCA
    § A patch management process for tracking, evaluating, and
    installing cyber security patches for applicable Cyber
    Assets. The tracking portion shall include the identification
    of a source or sources that the Responsible Entity tracks
    for the release of cyber security patches for applicable
    Cyber Assets that are updateable and for which a
    patching source exists.

    7  
    CIP-007-5 Part 2.2
    § High Impact BES Cyber Systems and their
    associated:
    – EACMS, PACS, PCA
    § Medium Impact BES Cyber Systems and their
    associated:
    – EACMS, PACS, PCA
    § At least once every 35 calendar days, evaluate
    security patches for applicability that have been
    released since the last evaluation from the
    source or sources identified in Part 2.1.

    8  
    CIP-007-5 Part 2.3
    § High Impact BES Cyber Systems and their associated:
    – EACMS, PACS, PCA
    § Medium Impact BES Cyber Systems and their associated:
    – EACMS, PACS, PCA
    § For applicable patches identified in Part 2.2, within 35 calendar
    days of the evaluation completion, take one of the following actions:
    – Apply the applicable patches;
    – or Create a dated mitigation plan;
    – or Revise an existing mitigation plan.
    § Mitigation plans shall include the Responsible Entity’s planned
    actions to mitigate the vulnerabilities addressed by each security
    patch and a timeframe to complete these mitigations.

    9  
    CIP-007-5 Part 2.4
    § High Impact BES Cyber Systems and their associated:

    – EACMS, PACS, PCA


    § Medium Impact BES Cyber Systems and their
    associated:
    – EACMS, PACS, PCA
    § For each mitigation plan created or revised in Part
    2.3, implement the plan within the timeframe
    specified in the plan, unless a revision to the plan or
    an extension to the timeframe specified in Part 2.3 is
    approved by the CIP Senior Manager or delegate.

    10  
    Why the need for a patch
    management program?
    § Know, track, and mitigate the known software
    vulnerabilities associated with BES Cyber
    Assets.
    § Intention is to be aware of in a timely manner
    and manage all known vulnerabilities not
    install every security patch (SDT intent)

    11  
    Challenges
    § What is a cyber security patch?
    § Who can be a source?
    § When does the assessment timeframe clock
    start?
    § When to patch and when to mitigate?

    12  
    Understanding
    Patch & Update Management

    www.foxguardsolutions.com Cyber
    Cyber Security
    Security | Compliance
    | Compliance | Industrial
    | Industrial Computing
    Computing
    13
    Monta Elkins is the Security Architect for FoxGuard
    Solutions, nation’s leading ICS patch provider.

    A security researcher and consultant; he was formerly


    Security Architect for Rackspace, and the first ISO for
    Radford University. He has been a speaker at
    DEFCON , Homeland Security’s ICSJWG (Industrial
    Control Systems Joint Working Group), EnergySec's
    Security Summit, VASCAN, GE Digital Energy's Annual
    Software Summit, Educause Security Professionals
    Conference, Toshiba's Industrial Control System's
    Conference and other security conferences.

    Monta is the author and instructor of the “Defense


    against the Dark Arts” hands-on, hacker tools and
    techniques classes. He also teaches rapid prototyping
    and Arduino classes with Let's Code Blacksburg.
    Monta Elkins, Security Architect
    FoxGuard Solutions

    www.foxguardsolutions.com Cyber
    Cyber Security
    Security | Compliance
    | Compliance | Industrial
    | Industrial Computing
    Computing
    14
    WHAT IS A PATCH?

    P UPDATE
    A
    T
    C UPGRADE
    H
    FIRMWARE ENHANCEMENT

    SERVICE BULLETIN

    ! Feature Enhancements And / Or Security Patches


    ! Focus Is On The Security Patches, As These Address
    Vulnerabilities To Their Company (Not To Mention The
    Compliance Requirements)
    www.foxguardsolutions.com Cyber
    Cyber Security
    Security | Compliance
    | Compliance | Industrial
    | Industrial Computing
    Computing
    15
    SOURCE? WHY WE CARE

    ! The Source Of A Patch May Be:


    !Product/Software Vendor
    !SCADA Vendor
    !Aggregated Resource Of Patches From A Variety Of Vendors

    ! NERC RFI

    www.foxguardsolutions.com Cyber
    Cyber Security
    Security | Compliance
    | Compliance | Industrial
    | Industrial Computing
    Computing
    16
    PATCHING CHALLENGES

    Current Patching Challenges

    ! NERC CIP-007-5

    ! Wide Variety Of Sources

    ! LARGE Documentation Effort

    ! Patching Restrictions (Warranty Issues)

    ! Timing Constraints

    ! Lots Of Specialized Equipment

    ! Patching Even One Substation Is A Large Effort!

    www.foxguardsolutions.com Cyber
    Cyber Security
    Security | Compliance
    | Compliance | Industrial
    | Industrial Computing
    Computing
    17
    DEVICES & APPLICATIONS SUPPORTED

    OPERATING 3RD PARTY


    SYSTEMS APPLICATIONS

    SUPPORTED
    SUPPORTED
    ASSETS
    ASSETS

    NETWORK FIELD
    DEVICES DEVICES

    www.foxguardsolutions.com Cyber
    Cyber Security
    Security | Compliance
    | Compliance | Industrial
    | Industrial Computing
    Computing
    18
    STAGES OF PATCH MANAGEMENT

    1. ASSET IDENTIFICATION & BASELINE

    2. AVAILABILITY

    3. APPLICABILITY

    4. ACQUISITION

    5. VALIDATION

    6. DEPLOYMENT

    www.foxguardsolutions.com Cyber
    Cyber Security
    Security | Compliance
    | Compliance | Industrial
    | Industrial Computing
    Computing
    19
    BENEFITS OF AGGREGATOR

    ! Patch Security Information


    ! Is This A Security Related Patch
    ! Are There Related CERT Notices, CVE’s

    ! Allow Multiple Customer Accounts With Access Control


    To Support Large Organizations (e.g.)
    ! Compliance Manager Role
    ! Implementation Engineer Role

    ! Compliance Support Documentation


    ! e.g. CIP Requires Documenting Patch Sources For Cyber Assets And
    Evaluating Available Patches Every 35 Days

    ! Positive Notification
    ! Notification For Each Device On A Regular Schedule
    ! Notification Of “Negative Change”

    www.foxguardsolutions.com Cyber
    Cyber Security
    Security | Compliance
    | Compliance | Industrial
    | Industrial Computing
    Computing
    20
    PATCH & UPDATE MANAGEMENT PROGRAM

    Co-operative Agreement with the Department of Energy

    ! Patch & Update Data Aggregator, Web Portal Service

    ! Patch & Update Authentication / Hashing

    ! Validation Techniques & Methodologies

    ! Scanning & Patch Deployment Engine

    www.foxguardsolutions.com Cyber
    Cyber Security
    Security | Compliance
    | Compliance | Industrial
    | Industrial Computing
    Computing
    21
    CUSTOMER INSIGHT

    Larry Snow has been in the power


    generation business for 32 years.
    He has spent many years as a
    Controls Engineer.

    Larry has also been involved in


    NERC-CIP since 2008 and is
    currently the NERC-CIP Manager
    for NRG East & Midwest Regions.

    Larry Snow, NERC-CIP Manager


    NRG East & Midwest Regions

    www.foxguardsolutions.com Cyber
    Cyber Security
    Security | Compliance
    | Compliance | Industrial
    | Industrial Computing
    Computing
    22
    THE NRG PERSPECTIVE

    !The Patching “Burden”

    !How Did We Reduce This Burden?

    !How We Saved Time And Effort

    The company, product and service names used in this presentation are for identification purposes only. All trademarks and registered trademarks are the property of their respective owners.

    www.foxguardsolutions.com Cyber
    Cyber Security
    Security | Compliance
    | Compliance | Industrial
    | Industrial Computing
    Computing
    23
    GROUP DISCUSSION

    ! The Question & Answers Session

    ! FoxGuard Can Help Meet Your Compliance Needs. Ask Us How.

    Points To Remember
    ! Comprehensive Patch Management Solutions
    ! Over 10 Years Of Patching Expertise In The Energy Industry
    ! Long History Of Program Management
    ! Our Company Is Designed To Be An Extension Of Yours

    www.foxguardsolutions.com Cyber
    Cyber Security
    Security | Compliance
    | Compliance | Industrial
    | Industrial Computing
    Computing
    24
    CONTACT INFORMATION

    HEADQUARTER 2285 Prospect Drive, Christiansburg VA 24073

    WEBSITE www.foxguardsolutions.com

    TELEPHONE 877.446.4732

    EMAIL requestinfo@foxguardsolutions.com

    LINKEDIN www.linkedin.com/company/717871

    TWITTER twitter.com/FoxGuardInc

    www.foxguardsolutions.com Cyber
    Cyber Security
    Security | Compliance
    | Compliance | Industrial
    | Industrial Computing
    Computing
    25

    You might also like