Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Cyber Security Services: Ovation™ Security

Nuclear Automation
Cyber Security Services:
Ovation™ Security
Background
Description
U.S. Nuclear Regulatory Commission (NRC)
requirements for cyber security create a challenge
for existing plant control systems. NRC Regulatory
Guide 5.71 and Nuclear Energy Institute (NEI)
document NEI 08-09 detail the requirements to
comply with 10 CFR 73.54, “Protection of digital
computer and communication systems and
networks.”
As a long-time supplier of Ovation products and
custom content for nuclear plant instrumentation
and control systems, Westinghouse is well
equipped to maintain the security of Ovation
systems and to meet the regulatory requirements
for controls.
Plants that use Ovation™ control systems have
tools available to secure their control systems and
comply with current cyber security regulations.
Westinghouse uses a standard configuration to
harden new Ovation systems. This framework can
be adapted to existing systems, based on custom
settings and legacy versions of Ovation.
Westinghouse also can build new Ovation
systems in a secure development and operating
environment (SDOE) to maintain the integrity of
the system and protect it from tampering. New
Ovation systems can be built on the Westinghouse
Isolated Development Infrastructure (IDI) to meet
the need for an SDOE. In addition, Westinghouse
has partnered with McAfee® to provide antivirus
solutions, making Westinghouse an excellent
choice for securing Ovation systems.
Solutions are based on customer needs. The
Ovation Security Center (OSC) contains thirdparty products configured and validated to run with
Ovation. Westinghouse offers additional security
functions through McAfee. These solutions allow
plants to choose the options that meet their needs.
Westinghouse cyber security experts customize
and install the selected solution.
Benefits
With Westinghouse, there are multiple resources for
solving Ovation security issues – OSC and McAfee – and
the expertise to implement them. These solutions can
include:
• Security Incident and Event Management (SIEM)* –
Collects, stores and correlates system and security
asset event logs. The Westinghouse SIEM product
includes incident handling and replicates logs across a
data diode.
• Application control* – A software agent on each client
permits only white-listed applications to execute.
• Antivirus software*– Quarantines system files if they
match signatures of known malware.
• Patch management* – Manages and installs operating
system and some application patches from a central
server.
• Backup and restore* – Backs up each client host to a
file server so the machine can be restored in the event
of a system failure.
• Network and attached storage* – Provides highperformance storage to share and protect critical data.
• Vulnerability management* – Scans system assets
to detect vulnerabilities and configuration changes.
Authenticated scans can be used to avoid conflicts
caused by probing network ports.
• Device control – Monitors the use of devices such
as removable media. Restricts permission to devices
based on user, computer or device type.
• Network Intrusion Detection System (NIDS) – Monitors
and analyzes system network traffic for indications of
malicious activity.
• File integrity monitoring or Host Intrusion Detection
System (HIDS) – Monitors certain system files, folders
and configuration settings for changes.
• Host Intrusion Prevention System (HIPS) – Provides
behavioral analysis, and a dynamic, stateful firewall at
the host level.
While regulatory compliance depends on the Ovation
security products that are implemented, the controls that
may be addressed include, but are not limited to, the
following:
RG 5.71
NEI 08-09
Control Title
B.2
B3.21
B5.1
D.2
D3.20
D5.1
B5.2
B5.3
D5.2
D5.3
B5.4
B5.5
D5.4
D5.5
C.3
C3.2
C3.3
C3.4
C3.7
C.9.6
C.9.7
C11.3
C11.4
C11.6
C11.7
C11.8
C11.9
E.3
E3.2
E3.3
E3.4
E3.7
E.8.5
E.8.6
E10.3
E10.4
E10.6
E10.7
E10.8
E10.9
Audit and Accountability
Heterogeneity
Removal of Unnecessary Services and
Programs
Host Intrusion Detection System
Changes to File System and Operating
System Permissions
Hardware Configuration
Installing Operating Systems, Applications,
and Third Party Software Updates
System and Information Integrity
Flaw Remediation
Malicious Code Protection
Monitoring Tools and Techniques
Software and Information Integrity
CDA Backups
Recovery and Reconstitution
Baseline Configuration
Configuration Change Control
Access Restrictions for Change
Configuration Settings
Least Functionality
Component Inventory
*OSC Features
Ovation is a trademark or registered trademark of Emerson Process Management.
Westinghouse Electric Company
1000 Westinghouse Drive
Cranberry Township, PA 16066
www.westinghousenuclear.com
McAfee is a trademark or registered trademark of McAfee, Inc. Other names may be
trademarks of their respective owners.
July 2013
NA-0144
©2015 Westinghouse Electric Company LLC. All Rights Reserved
Related documents
George Westinghouse
George Westinghouse
SPECIFICATION SHEET - Westinghouse Lighting
SPECIFICATION SHEET - Westinghouse Lighting
Spec Sheet - Westinghouse Lighting
Spec Sheet - Westinghouse Lighting
Spec Sheet - Westinghouse Lighting
Spec Sheet - Westinghouse Lighting
Specification
Specification
specification sheet - Westinghouse Lighting
specification sheet - Westinghouse Lighting
pws 002817
pws 002817
Download