Critical infrastructure cybersecurity may be facing a turning point given funding cuts proposed by the government. For instance, Cybersecurity Dive reports that cuts to CISA’s budget would impact “funding for vulnerability assessments, training sessions and shared services like security operations centers.” Furthermore, the Environmental Protection Agency, the Department of Health and Human Services, the Department of Energy, and the Transportation Security Administration stand to be impacted, each of which have invested in support for critical infrastructure cybersecurity.
Despite these concerns, action on cybersecurity has occurred elsewhere. Most notably, the Federal Energy Regulatory Commission (FERC) recently approved the North American Electric Reliability Corporation (NERC) CIP-015-1.
What is NERC CIP-015-1?
As written by Anna Ribeiro at Industrial Cyber, “The new standard signals a significant shift for the North American electric sector.” So, what does NERC CIP-015-1 outline? Essentially, it provides a mandated guide for internal network security monitoring of industrial control systems. It is concerned with collection, detection, and analysis processes and is poised to encompass electronic access control and physical access control systems.
The approval of NERC CIP-015-1 follows FERC’s issuing of Order No. 887, which occurred in January 2023. Authors at Inside Privacy explained that No. 887 directed “NERC to develop new INSM requirements for CIP networked environments.”
Addressing NERC CIP-015-1
In the wake of the approval of NERC CIP-015-1, several cybersecurity vendors have promoted their ability to help meet the mandate. While these tools fulfill the monitoring requirement, one key piece is still missing: control. True control means observing and managing live packet flows directly from the network’s control plane, SNMP, or other management interfaces without relying solely on mirrored traffic. Most solutions require the network to be configured to send a copy of relevant traffic to their sensors, which limits visibility and can compromise an operator’s full control over the network.
Sources:
- “Dwindling federal cyber support for critical infrastructure raises alarms” – Eric Geller, Cybersecurity Dive
- “FERC approves NERC CIP-015-1 internal network security standard to strengthen ICS defenses” – Anna Ribeiro, Industrial Cyber
- “FERC Finalizes New Internal Network Security Monitoring Requirements for Bulk Electric Systems” – Ashden Fein, Caleb Skeath, John Webster Leslie, Shayan Karbassi & Krissy Chapman, Inside Privacy
