Security vendor NitroSecurity has announced that its SIEM product, Enterprise Security Manager (ESM), can import, normalize and correlate data from industrial control systems used in electric utilities. ESM will support OSIsoft's PI System data historian, which records all control systems activity in a database. Control systems, such as programmable log controllers (PLCs), and remote terminal units (RTUs) and the sensors and actuators they control are typically serially connected and difficult to monitor for security. Nitro says it chose PI System as the first data historian product to support because OSIsoft is dominant in its market.
The advent of the Stuxnet worm, the first to cross over from the IP network side to the control systems, has heightened concern over attackers' ability to disrupt electrical power production and distribution. "In the past, the control systems/network were relatively safe as they sat on another network, but they do connect to SCADA systems that tend to be based on Windows and accessed via IP," says Jon Oltsik, senior principal analyst at Enterprise Strategy Group. "Stuxnet bridged this gap so security management systems must do the same."
The data historian, says Eric Knapp, Nitro's director of critical infrastructure markets, is analogous to log management; it builds an audit trail of all activity from the production and operations side of a utility or manufacturing operation, but was never intended for security. From a compliance perspective, Nitro's OSIsoft support allows utilities to centralize log collection and produce reports from both the control systems and Ethernet side of the operation through Nitro's SIEM and log management capabilities. The suite's database monitoring tool will be able to monitor for suspicious activity as well. The Nitro suite also includes application data monitoring and intrusion prevention.
The support enhances the company's package of industry-specific products and services to help utilities achieve compliance with the North American Energy Reliability Corporation Critical Infrastructure Protection (NERC CIP) cyber-security standards, as required by the Federal Energy Regulatory Commission (FERC).
NERC CIP mandates electrical utilities to meet eight security requirements, including minimum security management controls to protect critical cyber-assets and defined methods, processes and procedures for securing those assets. The requirements could become more demanding. "Utilities have actually done a good job meeting NERC CIP, but it isn't nearly as comprehensive as it needs to be," said Oltsik. "The Lieberman-Collins bill seeks to centralize oversight to the Department of Homeland Security. I think this move as well as more stringent types of controls are now necessary."