That helps a little. It has been hard to find a procedure or process to follow to determine what services are needed. This helps a little, but I still really don't understand the process. How do I really analyze each service to determine if it is needed? We are required to meet NERC CIP compliance which states that "The Responsible Entity shall estabish and document a process to ensure that only those ports and services needed for normal and emergency operations are enabled."
Okay, well our site is a power plant built 40 years ago. The control system has been upgraded over the many many years, but security has never been accounted for. There are all types of control system components at this plant, some obsolete. How do I do this?
Okay, well our site is a power plant built 40 years ago. The control system has been upgraded over the many many years, but security has never been accounted for. There are all types of control system components at this plant, some obsolete. How do I do this?
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1581/1280#1280