Webinar: Do Virtualization and NERC CIP Play Nicely Together?
One of the most important developments in IT in the past ten
years has been the rapid growth of virtualization – compute, network and
storage. Use of virtualization has led to huge cost savings, as well as
large efficiency gains, in IT environments – especially data centers. Even
more importantly, virtualization greatly expands IT's repertoire of
services they can call upon to enable new business initiatives.
utilities subject to NERC CIP requirements are still struggling to take
advantage of virtualization in their OT environment, even though they
realize they would receive huge benefits – especially in control centers.
This is because the CIP standards are totally silent on this topic – and
this silence continues in CIP versions 5 and 6. Many utilities are too
worried about inadvertently falling afoul of some CIP requirement to try
virtualization in OT.
At the same time
as utilities implement compliance with CIP versions 5 and 6, NERC and the
Regions have made it clear they want utilities to feel comfortable
introducing virtualization. However, they have not provided any definitive
guidance on how to do this in a CIP-compliant manner. NERC has ordered the
new "CIP v7" Standards Drafting Team to develop revised
requirements or guidance, so that CIP will finally address this topic. But
it will be close to three years before the new version comes into effect.
Where does this
leave the utilities? This webinar will try to answer that question.
Tom Alrich and Joe Andrews of Deloitte
will discuss how virtualization can work under CIP versions 5 and 6,
and how v7 may finally settle this issue.
John Reno of Cisco will discuss the
many advantages that electric utilities and IPPs can realize through
implementing virtualization on their OT networks. This includes
server, switch, and storage virtualization
Steve Sumichrast of Northern Indiana
Public Service Company will discuss some of the lessons learned from
NIPSCO's successful implementation of virtualization in their control
centers in 2011.
Presenters: Tom Alrich,
Deloitte & Touche LLP
Tom Alrich is a Manager in Cyber Risk Services with Deloitte Advisory, part
of Deloitte & Touche LLP. He has worked in cyber security for 16 years,
and with NERC CIP since CIP version 1 was approved in 2008. He has worked
with over 30 NERC entities to understand and implement CIP versions 1
through 6. He writes a popular blog on developments in CIP.
Andrews, Deloitte & Touche LLP
Joe Andrews is a Manager in Cyber Risk Services with Deloitte Advisory,
part of Deloitte & Touche LLP. He spent five years as a CIP auditor
with the Western Electricity Coordinating Council (WECC). Previously, he
worked in cyber security for the US Department of Defense, based in the US,
Europe and Japan. He holds many certifications, including CISSP, CISA and
PSP. John Reno, Cisco John Reno manages product and solutions marketing for Cisco IoT. Previously, John directed the product marketing group at Silver Spring Networks, drawing on over fifteen years of experience in software applications, infrastructure management and system design. For the past ten years John has launched and led go to market initiatives for network and data security companies such as Securify (acquired by Intel/McAfee) and EMC/RSA
Steve Sumichrast is the Lead System Engineer for NIPSCO's Operations
Technology department, and has worked in the department since 2010.
He is responsible for implementation and adherence to NERC CIP standards
for all server, workstation, storage and virtualization infrastructure used
by real-time systems. He holds numerous industry certifications,
including certification from Cisco, NetApp and VMware.