Azure’s machine learning helps us improve smart grid and do predictive maintenance on plant equipment. We can use information retention and protection on confidential documents with BCSI sensitive information. NERC CIP audit evidence, reports, and records.Internet of Things (IoT) scenarios for transmission line monitoring and maintenance.Artificial intelligence (AI) and Advanced Analytics for forecasting, maintenance, and outage management.Streaming of operational phasor data to the cloud for storage and analytics.Operational equipment data and SCADA Historical Information System.Common Information Model (CIM) modeling and geospatial asset location information.Transmission network planning, demand forecasting, and contingency analysis.Transmission asset status, management, planning, and predictive maintenance.Machine learning, multiple data replicas across fault domains, active failover, quick deployment, and pay for use benefits are now available for BCSI NERC CIP workloads when they’re moved to or born in Azure. Many of the workloads that will benefit most from the operational, security, and cost savings benefits of the cloud are BCSI. BCSI is not subject to the 15-minute rule. BCSI is information that could be used to gain unauthorized access or pose a security threat to the Bulk Electric Cyber System. Importantly, the NERC CIP standards also recognize that the needs of Bulk Electric System Cyber System Information (BCSI) are different from BES Cyber Assets. Under the current rules, BES Cyber Assets-like Supervisory Control and Data Acquisition Systems (SCADA) and Energy Management Systems (EMS)-are not good candidates a for move to the cloud for this reason. BES Cyber Assets, under the 15-minute rule, are those that would affect the reliable operation of the BES within 15 minutes of being impaired. This rule sets out requirements for BES Cyber Assets that perform real-time functions for monitoring or controlling the BES under the current set of CIP standards and the NERC Glossary of Terms. NERC’s BES Cyber Asset 15-minute rule is important to deploying appropriate NERC CIP workloads to Azure. This will help our customers save time and resources in responding to audits. We prepared a NERC CIP compliance guide for Azure, and a Cloud Implementation Guide for NERC Audits, which includes pre-filled Reliability Standard Audit Worksheet ( Reliability Standard Audit Worksheet (RSAW)) responses. NERC, NERC regional auditor organizations, and the NERC CIPC (Critical Infrastructure Protection Committee) were represented. In June 2019, NERC Electric Reliability Organization (ERO) conducted an audit of Azure in Redmond, Washington. We use this to establish our compliance to NERC and the Regional Reliability Councils. Azure regions are now approved for FedRAMP High impact level. Microsoft engaged with NERC to unblock NERC CIP workloads from being deployed in Azure and Azure Government.Īll U.S. Microsoft has made substantial investments in enabling our BES customers to comply with NERC CIP in Azure. NERC has recognized the change in the technology landscape including the security and operational benefits that well architected use of the cloud has to offer. NERC CIP compliance was a reason many participants in the BES would not deploy workloads to the cloud. The NERC CIP standards were written for on-premise systems. Leading the way to the cloud was not top of mind. Critical infrastructure for us is not email and payroll systems, it’s drinking water and hospitals. As it does today, the Bulk Electric System (BES) had the responsibility to keep North America powered, productive, and safe with near 100 percent uptime. It was the first mandatory cybersecurity standard that the utility I was working for had to meet. When I did my first North American Electric Reliability Corporation-Critical Infrastructure Protection (NERC CIP) compliance project it was 2009. Microsoft Purview Data Lifecycle Management.Microsoft Purview Information Protection.Information protection Information protection.Microsoft Priva Subject Rights Requests.Microsoft Purview Communication Compliance.Microsoft Purview Insider Risk Management.Risk management & privacy Risk management & privacy.Microsoft Intune Endpoint Privilege Management.Endpoint security & management Endpoint security & management.Microsoft Defender External Attack Surface Management.Microsoft Defender Cloud Security Posture Mgmt.Microsoft Defender Vulnerability Management.Azure Active Directory (Microsoft Entra ID).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |