OT/ICS Configuration Management

Summary

Ensuring proper configurations of all assets – OS based devices, networking equipment, and embedded OT devices – is a critical element for OT/ICS cyber security and reliability.

Gathering and integrating data across all these systems, especially in remote and segmented networks is very challenging.

Verve has deployed OT/ICS configuration management solution in dozens of clients across a range of industries in a wide-variety of network architectures.

In this case study, Verve deployed configuration management in a power transmission network to gather and monitor configurations of devices in remote substations.

This successful deployment enabled NERC CIP compliance and improved cyber security at low cost and reduced labor.

The Challenge

Our client needed an integrated solution for configuration management that would manage OS-based devices such as HMIs, networking devices, as well as embedded OT devices such as relays, communication processors, RTUs, etc.

They needed visibility to these devices through data diode infrastructure. Within their substation environment, they did not want ERC going into many of their substations to minimize the NERC CIP reporting requirements. These sites only had low-speed, serial-based communications available (9600-38400) to a SONET ring.

The client wanted visibility to configurations and changes for compliance, reliability and security. They needed a comprehensive, flexible solution.

The Solution

Verve deployed our agent-agentless solution to gather, aggregate, and monitor configurations across devices. Our agent gathers critical configuration data from OS-based devices, analyzing for compliance with internal standards. Our agentless interface (ADI) connects to each embedded device using the protocols designed for those devices and collects configuration data for analysis.

In the case of remote substations with only serial connectivity, we loaded our ADI solution onto a small Linux-based appliance, collected all the configurations, firmware versions of the substation IEO’s, and forwarded them also using serial to the central reporting console.

These configurations were put under change management so history could be kept of any changes to the substation IEO’s, and alerts sent to engineers to notify them of the changes to equipment. In this particular place, we also were able to obtain the SEL Comtrade files (event files) for PRC compliance, and push these files through the serial lines so engineers would not have to travel to the substations to obtain them.

We also supplied ports & services scans at the substations, installed software, local users/groups for the IEO’s and Linux devices.

The Impact

Verve enabled our client to achieve their compliance requirements, reduce labor in travel to and form substations, and improve cyber security by monitoring unintended change in configurations of OT devices.

• Lower cost by integrating visibility across device types and avoiding need for expensive hardware taps or span ports
• Deep visibility into all device types
• The resulting information was forwarded to existing corporate tools to significantly reduce the costs of the total solution and leverage existing customer investments in technology
• Reduced the complexity of the solution by leveraging existing customer investments and our ADI to reach the 80% of substation devices not typically obtained by traditional IT investments.

Who is Verve Industrial

With over 25 years of OT expertise, Verve Industrial is an industrial control systems cyber security company. Verve partners with clients to bridge IT OT security challenges in industrial environments.

The Verve Security Center provides robust asset inventory, vulnerability assessment, threat detection and the ability to safely remediate risks in a unifed software-based platform.

Verve Industrial serves industries across utilities (such as power, oil & gas, water), manufacturing, healthcare, and building controls.