Power utility responsibilities: Alstom Grid's contribution:Provide physical security controls and perimetermonitoring.Ensure that people who have access to critical cyberassets don’t have criminal records.Alstom Grid cannot provide additional help with this aspect.3.1.6 CIP 007CIP 007 covers the following points:● Test procedures● Ports and services● Security patch management● Antivirus● Account management● Monitoring● An annual vulnerability assessment should be performedPower utility responsibilities: Alstom Grid's contribution:To provide an incident response team and haveappropriate processes in placeTest procedures, we can provide advice and help on testing.Ports and services, our devices can disable unused ports and servicesSecurity patch management, we can provide assistanceAntivirus, we can provide advise and assistanceAccount management, we can provide advice and assistanceMonitoring, our equipment monitors and logs access3.1.7 CIP 008CIP 008 requires that an incident response plan be developed, including the definition of an incidentresponse team, their responsibilities and associated procedures.Power utility responsibilities: Alstom Grid's contribution:To provide an incident response team and haveappropriate processes in place. Alstom Grid cannot provide additional help with this aspect.3.1.8 CIP 009CIP 009 states that a disaster recovery plan should be created and tested with annual drills.Power utility responsibilities: Alstom Grid's contribution:To implement a recovery plan To provide guidelines on recovery plans and backup/restore documentation3.2 IEEE 1686-2007IEEE 1686-2007 is an IEEE Standard for substation IEDs' cyber-security capabilities. It proposes practicaland achievable mechanisms to achieve secure operations.The following features described in this standard apply:● Passwords are 8 characters long and can contain upper-case, lower-case, numeric and specialcharacters.● Passwords are never displayed or transmitted to a user.MiCOM P747 Chapter 9 - Cyber-SecurityP747-TM-EN-1 279
