`Case 6:12—cv—00799—JRG Document 92-7 Filed 12/11/13 Page 1 of 3 Page|D #: 2517
`
`EXHIBIT G
`
`EXHIBIT G
`
`
`
`Case 6:12-cv-00799-JRG Document 92-7 Filed 12/11/13 Page 2 of 3 PageID #: 2518
`Securing Ovation Systems per NERC CIP Standards
`emersonprocessxperts.com/2012/02/securing-ovation-systems-per-nerc-cip-standards/
`
`In the Emerson Exchange 365 community, I saw a post announcing a February 16-17, 2012 Regional Technical Forum
`for Ovation system users. I got my hands on a few of the presentations, which I hope to share with you over the next few
`weeks.
`
`Emerson’s Mike DeKlavon, a member of the Power & Water Solutions team, will be presenting, Cyber Alerts: Is Your
`System Secure? He’ll open with a brief summary of the relevant NERC [North American Electric Reliability Corporation]
`CIP [Critical Infrastructure Protection] Standards (v3):
`
`CIP–002–3 —Critical Cyber Asset Identification
`CIP–003–3 — Security Management Controls
`CIP–004–3 — Personnel and Training
`CIP–005–3 — Electronic Security Perimeter(s)
`CIP–006–3 — Physical Security
`CIP–007–3 — Systems Security Management
`CIP–008–3 — Incident Reporting and Response Planning
`CIP–009–3 — Recovery Plans for Critical Cyber Assets
`
`Mike will provide a quick update on version 5 of the standard, expected to be in effect in late 2014 or early 2015. It adds
`two new standards—CIP-010-1: Configuration Management and CIP-011-1: Information Protection. A critical cyber asset
`(CCA) will become a bulk electric system (BES) cyber asset. Also, asset classifications are more clearly defined based
`on high, medium, and low impact.
`
`To help power producers meet the current standards and prepare for the coming ones, Mike highlights products,
`services, and business process support. Current products, as part of Ovation System Security, include user
`management, DMZ router/firewall, anti-virus defense, vulnerability scanning and patch management, malware
`prevention, and security incident & event management. More coverage is coming in log management, network attached
`storage, intrusion detection, Ovation workstation & controller hardening, and backup & restore functions.
`
`From a services perspective, these include security patch validations, virus signature validations, ports & services
`documents, security assessments, annual Ovation System Security support, and technical feasibility exception (TFE)
`support. Security certification services will be added. From a business process perspective, Ovation-CERT [Cyber
`Emergency Response Team] provides fast track review and response to security threats and emergencies. A Security
`Solutions Steering Committee reviews products, services, and business practices to adapt to changing security threats.
`Teams of CIP & Security Subject Matter Experts have been formed to work in Power projects and assist throughout the
`lifecycle of the facility.
`
`If you’ll be at the Regional Technical Forum, make sure to connect with Mike to discuss your cyber security related
`questions and concerns.
`
`MP3 | iTunes
`
`Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here.
`You also need to have JavaScript enabled in your browser.
`
`Related Posts:
`
`Electrical Power Plants and Cyber Security
`Cyber Security Critical Infrastructure Protection Compliance
`Cybersecurity and OPC .NET
`
`
`
`Case 6:12-cv-00799-JRG Document 92-7 Filed 12/11/13 Page 3 of 3 PageID #: 2519
`Posted Tuesday, February 14th, 2012 under , .
`
`Tags: , , , , , , , , ,