3.1.1 CIP 002CIP 002 concerns itself with the identification of:● Critical assets, such as overhead lines and transformers● Critical cyber assets, such as IEDs that use routable protocols to communicate outside or inside theElectronic Security Perimeter; or are accessible by dial-upPower utility responsibilities: Alstom Grid's contribution:Create the list of the assets We can help the power utilities to create this asset register automatically.We can provide audits to list the Cyber assets3.1.2 CIP 003CIP 003 requires the implementation of a cyber-security policy, with associated documentation, whichdemonstrates the management’s commitment and ability to secure its Critical Cyber Assets.The standard also requires change control practices whereby all entity or vendor-related changes tohardware and software components are documented and maintained.Power utility responsibilities: Alstom Grid's contribution:To create a Cyber-security PolicyWe can help the power utilities to have access control to its critical assets by providingcentralized Access control.We can help the customer with its change control by providing a section in thedocumentation where it describes changes affecting the hardware and software.3.1.3 CIP 004CIP 004 requires that personnel with authorized cyber access or authorized physical access to Critical CyberAssets, (including contractors and service vendors), have an appropriate level of training.Power utility responsibilities: Alstom Grid's contribution:To provide appropriate training of its personnel We can provide cyber-security training3.1.4 CIP 005CIP 005 requires the establishment of an Electronic Security Perimeter (ESP), which provides:● The disabling of ports and services that are not required● Permanent monitoring and access to logs (24x7x365)● Vulnerability Assessments (yearly at a minimum)● Documentation of Network ChangesPower utility responsibilities: Alstom Grid's contribution:To monitor access to the ESPTo perform the vulnerability assessmentsTo document network changesTo disable all ports not used in the IEDTo monitor and record all access to the IED3.1.5 CIP 006CIP 006 states that Physical Security controls, providing perimeter monitoring and logging along with robustaccess controls, must be implemented and documented. All cyber assets used for Physical Security areconsidered critical and should be treated as such:Chapter 9 - Cyber-Security MiCOM P747278 P747-TM-EN-1
