Trend Watch: Cyber Security Dashboards for NERC CIP Compliance

May 8, 2013
Southern Company’s approach to NERC CIP compliance holds lessons for the manufacturing and processing industries as cybersecurity becomes a business imperative.

I recently wrote about a new trend I encountered at the PAS Technology Conference in Houston that involved the training operators at BASF’s Freeport, Texas, plant to create the HMI screens they use. In that article, I referred to another item of potential interest to industry that involved an interesting approach to cybersecurity compliance.

At the PAS conference, Southern Company—a southeastern U.S. regional energy company with 4.4 million customers and nearly 46,000 megawatts of generating capacity—delivered two presentations involving their compliance with the NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) program.

For Southern Company, cybersecurity is not optional. They are required to address NERC cybersecurity standards, which, according to Southern Company’s systems analyst Larry Spoonemore, includes: maintaining an inventory of all assets and cyber devices/systems at the company’s 290 plants; having a well-defined and followed management of change process; and providing reporting/notification of NERC cyber security compliance.

Spoonemore said that Southern Company uses PAS’s Integrity for automation system mapping and data collection, which is used to as the “basic building block to track our inventory required for cyber security assurance because it (Integrity) sits on top of our disparate systems to track change and provide reporting.”

Southern Company has dubbed its cybersecurity data collection system CSI, which stands for Control System Integrity. Though “CSI” is essentially a simple moniker for the system incorporating use of the PAS product name, the fact that it matches the name of a popular police investigation TV drama is intentional. Through its design, CSI watches everything connected to the Southern Company’s system to ensure compliance.

Having such a system in place is becoming critical for manufacturers of all sizes in light of some of the data Southern Company shared at the conference. They note that one-third of all malware in existence today appeared since the beginning of 2013. And in terms of direct impacts on operations, Southern Company experiences some one million attempts to breach its firewall each day.

The CSI data engine collects 2 terabytes of data each week from all of Southern Company’s plants, which is then fed into Integrity for data mining, Spoonemore said.

FERC (Federal Energy Regulatory Commission) wants to know where you're at in terms of security across all your disparate systems,” said Harvey Ivey, manager of instrumentation and control systems and field support for Southern Company. “So we collect everything because we never know what the rules will eventually require.”

Having all this data collected and monitored is enabling Southern Company to provide a cybersecurity dashboard to its plant managers “so they can know at all times where they stand with regard to NERC compliance,” said Ivey.

Ivey adds that the NERC CIP cybersecurity requirements “drove us to closely monitor management of change. In the process of doing this, we've learned that management of change is simply a good business practice.”

Speaking to the importance of management of change, Spoonemore said, “Cyber security is not a computer problem, it’s a people problem, particularly as it applies to management of change.”

Of course, not every manufacturing or processing company faces the cyber threats that Southern Company does as part of the country’s critical infrastructure. However, cybersecurity is clearly an imperative for all companies and the insight learned from the Southern Company’s NERC CIP compliance strategies offers valuable lessons for us all. The idea of a cybersecurity dashboard—which could only be created with a tool like the Southern Company’s CSI system—is a compelling idea to consider.

Other recent coverage of cybersecurity in Automation World:

About the Author

David Greenfield, editor in chief | Editor in Chief

David Greenfield joined Automation World in June 2011. Bringing a wealth of industry knowledge and media experience to his position, David’s contributions can be found in AW’s print and online editions and custom projects. Earlier in his career, David was Editorial Director of Design News at UBM Electronics, and prior to joining UBM, he was Editorial Director of Control Engineering at Reed Business Information, where he also worked on Manufacturing Business Technology as Publisher. 

Companies in this Article

Sponsored Recommendations

Meet our experts - Reduce complexity of a DCS Migration

Sign up for a complementary onsite assessment.

Revolutionizing Germany’s energy landscape: The Wilhelmshaven floating LNG terminal

The German LNG terminal lays the groundwork for future sustainable energy initiatives. Here's how Schneider Electric helped make it happen.

Navigating Distributed Control Systems Migration

Navigating Distributed Control System (DCS) migrations doesn't have to be as complex as it seems. Whether you are planning a migration or seeking to enhance ...

Revolutionize process safety with Tricon CX V12

The most versatile TÜV certified safety instrumented system. One system with a choice of architectures and form factors delivering a lifetime of safe, resili...