Network and System Management

Network and System Management (NSM) is a standardized technical framework for monitoring, managing, and securing information and operational technology (OT) systems within critical infrastructure. Its core regulatory source is the IEC 62351-7:2017 standard, which provides cybersecurity guidelines specifically for power system communication networks. The primary goal of NSM is to define standardized data objects (in a Management Information Base, MIB) and protocols (primarily SNMPv3) to enable operators to consistently collect status and security event logs from multi-vendor equipment. Within a risk management framework, NSM serves as the crucial data collection layer, feeding high-quality, standardized data to a Security Information and Event Management (SIEM) system for threat detection and correlation analysis. Its key differentiator from general IT network management is its specific consideration for the stringent high-availability and real-time requirements of power systems and its optimization for OT-specific protocols.

Practical application of NSM in an enterprise, especially in the EV charging sector, follows these steps: 1. **Asset Inventory & Risk Assessment**: Following a framework like ISO/IEC 27005, conduct a comprehensive inventory of critical assets (charging stations, CSMS, network devices). Map these assets to the logical devices and data objects defined in the IEC 62351-7 MIB and assess their threats and vulnerabilities. 2. **Monitoring Implementation & Data Integration**: Deploy or enable SNMPv3-compliant agents on inventoried devices, configuring them to report security events and performance metrics defined in the MIB. Securely forward this data to a central Network Management Station (NMS) or SIEM platform. 3. **Correlation Analysis & Automated Response**: In the SIEM, create specific correlation rules for EV charging scenarios, such as detecting multiple failed logins from different locations within a short time. When a rule is triggered, automate alerts and initiate an incident response process compliant with ISO/IEC 27035. A major European utility implementing this framework reduced its Mean Time To Detect (MTTD) for threats by 40% and achieved 100% compliance in a national cybersecurity audit.

Taiwan enterprises face three primary challenges when implementing IEC 62351-7 based NSM: 1. **IT/OT Integration Gap**: IT teams often lack familiarity with OT protocols and high-availability constraints, while OT engineers may lack cybersecurity awareness. This creates communication and responsibility gaps. The solution is to establish a cross-functional team and provide joint training on standards like ISA/IEC 62443. The priority is to create a unified IT/OT network architecture map. 2. **Legacy System Incompatibility**: Many existing operational assets do not natively support modern protocols like SNMPv3 required by the standard. A full replacement is cost-prohibitive. The strategy is a phased rollout, mandating compliance for new deployments while using compensating controls like protocol gateways or passive network sensors for legacy systems based on risk assessment. 3. **Lack of Localized Threat Intelligence**: Generic security rules are often ineffective against attacks targeting Taiwan's specific infrastructure. The solution is to collaborate with local bodies like TWCERT/CC and industry ISACs to integrate local threat intelligence and Indicators of Compromise (IoCs) into the SIEM, enhancing detection accuracy.

Winners Consulting specializes in Network and System Management for Taiwan enterprises, delivering compliant management systems within 90 days. Free consultation: https://winners.com.tw/contact