Utilities are seeking ways to improve compliance with regulatory requirements pertaining to the Mitigation of Malicious Code for Transient Cyber Assets and Removable Media. In addition to High and Medium Impact Bulk Electric System Cyber Systems that are currently in scope, new security management controls will go into effect for Low Impact Bulk Electric System Cyber Systems on January 1, 2020. Utility personnel and vendors extensively use transient cyber assets (laptops) and removable media to accomplish daily work including preventive maintenance and system repairs.
In this presentation, we provide an explanation of the NERC CIP requirements as well as the implications of manual and automated mitigation strategies. An introduction to a purpose-built tool to facilitate the mitigation of malware and identification of software vulnerabilities will be covered.
- NERC CIP requirements for Transient Cyber Asset and Removable Media Malicious Code Mitigation
- Examples of manual and automated malicious code mitigation strategies
- Overview of tool to facilitate compliance with requirements and improve security posture through malware mitigation