CUPERTINO, CA, Oct 5, 2006 — Symantec Corp. announced a solution to help electric utility firms comply with the North American Electric Reliability Council’s Critical Infrastructure Protection (NERC CIP) standards. The solution combines consulting services, strategic compliance architecture, and automated policy management technologies to help assure the safe configuration and operation of information systems underpinning the electric utility industry.
“Symantec is providing customers with strategies to reduce the time and cost of compliance by helping them align business and operational assets under a central compliance charter, leverage existing investments, and evaluate new protection technologies toward meeting or exceeding NERC CIP standards,” said Gary Sevounts, senior director of industry solutions, Symantec.
Designed to maintain the integrity of North America’s interconnected electrical systems, NERC CIP standards establish minimum requirements for cyber security programs protecting electric control and transmission functions. NERC recommends utilities undergo comprehensive asset and risk assessments from unbiased, third party experts, as the first step in the NERC CIP compliance process. Symantec Consulting Services is helping organizations understand their current state of readiness through its NERC CIP Readiness Assessment services.
During each assessment, Symantec consultants determine a customer’s initial compliance posture based on NERC CIP standards, information security disciplines, electric utilities’ operations, and leading vendors’ control system products. Symantec then provides a view of current measures toward compliance, identifies compliance gaps and best practices for fully meeting each standard, and provides prioritized recommendations for efficiently achieving full compliance in a timely manner.
Symantec also offers solutions to reduce the complexity of compliance management and accurately maintain auditable records. Comparing existing security policies with NERC CIP standards, gathering required compliance documentation, and reporting on compliance levels across distributed energy networks are necessary compliance management functions, and frequently labor and capital intensive tasks.
To increase the value of these policy management products for electric utility enterprises, Symantec is scheduled to make add-on NERC CIP compliance modules available for its existing toolset. The new modules will permit electric utilities to perform thorough compliance checks against NERC CIP standards, in addition to other regulatory and internal policy frameworks.
For more information on cybersecurity, see the following links:
The Current Status of Control System Cybersecurity
Cybersecurity for Legacy SCADA Systems
Guidance on Right-Sized Cybersecurity Measures for Utilities in Response to the August 2005 Energy Bill