• BOUNCER by CoreTrace
  • Product Overview
• Benefits of BOUNCER
  • Overview of Benefits
  • Malware Threats
  • User-Privilege Threats
  • Configuration Lockdown
• Features of BOUNCER
  • Overview of Features
  • Trusted Change
• Regulatory Compliance
  • Overview of Compliance
  • NERC CIP
  • PCI DSS
  • NIST sp800-53
  • The Sarbanes-Oxley Act
  • HIPAA
• Industry Solutions
  • Overview of Solutions
  • Engineering and Utilities (SCADA)
  • Hosted VoIP Providers
  • Government
• Roles & Responsibilities
  • Overview of Use by Role
  • IT Administrators
  • IT Managers
  • Executives

• Join LinkedIn Group: "SCADA / Control System Security Professionals"
• Join LinkedIn Group: "Application Whitelisting Professionals"
• Watch CoreTrace CEO Toney Jennings' interview with Richard Stiennon at RSA 2009

Meeting NERC with BOUNCER: One Product; Multiple CIPs

SCADA and DCS systems are critical to the safety of national power grids, petrochemical facilities, and commuter and freight transit. These critical points of control must be forcefully protected at all times (See whitepaper "Hardening Critical Systems at Electrical Utilities", by NetSpi).

That's why the North American Electric Reliability Corporation (NERC) was formed in 1968 — to promote the reliability and adequacy of bulk power in the United States. A big part of that mandate is the security of the many systems large and small that make up the bulk of utility delivery. Penalties for non-compliance can be severe, with fines of up to $1 million per violation per day, complete with public posting of the violation. NERC Requirement Mapping is quite specific as it relates to cyber security.

BOUNCER by CoreTrace is the only solution on the market that simultaneously enforces, rather than simply reports on, compliance with several CIP requirements in one solution (See whitepaper "Application Whitelisting and Energy Systems — A Good Match?"). These requirements are:

• CIP-003:

  
  

  Mandates change control and configuration management

• CIP-007:

  
  

  Lays out complex regulations surrounding disabling of ports and services, exception / violation reporting, security patch management, malicious software prevention, and system monitoring

• CIP-008:

  
  

  Details security incident reporting and handling requirements

The Problem

Many of today's SCADA systems run on general-purpose operating systems that are far more vulnerable than the proprietary operating systems of old. Government audits have turned up a shocking array of security problems at bulk utility providers across the nation, from bypassed and inadequately configured firewalls to servers and workstations lacking crucial security patches to sub-par intrusion detection systems.

The problem remains — how does the utility secure these invaluable systems? Solutions must be feasible, cost-effective, and truly beneficial to the security infrastructure. There is no room for overpriced, difficult to deploy, piecemeal solutions to this complex problem.

At a high level, these are just a few of the measures SCADA systems must meet:

• Limit ports and services to those required to function
• Document implementation of security patches or have analogous compensating controls
• Prevent infestation by malicious software
• Monitor events and stop unauthorized changes by outside threats and internal errors

With a list of demands like that, organizations must plan their response judiciously.

The Solution

BOUNCER by CoreTrace is an endpoint control and security solution designed to protect the configuration and integrity of critical systems. BOUNCER is the most tamper-proof and easiest to manage solution available.

BOUNCER does not need to be updated and reactively patched like traditional blacklist-based endpoint security offerings. When the whitelist of approved applications is created from the SCADA system, it locks it into that configuration without the need for patching every time a new threat is revealed. Whenever a new version of your SCADA software is deployed, updates to BOUNCER's whitelist are automatically added and the system remains completely protected the entire time.

Application Whitelisting

BOUNCER allows a SCADA system to be quickly scanned, and an automatically generated policy can be applied to lock the applications, data configuration files, or both. Importantly, for SCADA systems, the entire process never requires the endpoint to reboot. There's no need to sacrifice availability for security.

Once in place, the BOUNCER application whitelisting technology helps meet NERC compliance as the approved configuration cannot be changed, not even by a user with Local Administrator privileges on the system. Changes can only be effected through the BOUNCER console.

Trusted Change

You want security and compliance, but does it have to come with such a high cost in person-hours and flexibility? With BOUNCER's patent-pending "Trusted Change", the answer is simple — your organization can have it all.

When you put your SCADA infrastructure into total lockdown, you end up with a lot of frustrated users and administrators who need to install new applications and upgrade old ones but cannot because of the whitelist. With Trusted Change, you have several options to allow users and administrators to upgrade or install their own approved applications, allowing safe flexibility across the organization. You have all the security, control and auditing abilities of the best application whitelisting solution, but one that handles new applications and upgrades seamlessly and without manual IT involvement.

• Company
• Contact
• Support
• Site Map
• Legal
• Privacy Policy