DOCSLIB.ORG

Cyber Security E-Handbook

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cyber Security E-Handbook PROJECT 07-07 | NOVEMBER 2008 Cyber Security E-Handbook PROJECT 07-07 Cyber Security E-Handbook Prepared by Randall R. Nason, PE C.H. Guernsey & Company 5555 North Grand Blvd Oklahoma City, OK 73112 www.chguernsey.com and David Greer, Executive Director Institute for Information Security University of Tulsa Tulsa, OK 74104 www.utulsa.edu and Jerald Dawkins, Ph.D., President True Digital Security 5110 S Yale Ave, Suite 310 Tulsa, Oklahoma 74135 www.truedigitalsecurity.com for National Rural Electric Cooperative Association Cooperative Research Network 4301 Wilson Boulevard Arlington, Virginia 22203 The National Rural Electric Cooperative Association The National Rural Electric Cooperative Association (NRECA), founded in 1942, is the national service organization supporting more than 900 electric cooperatives and public power districts in 47 states. Electric cooperatives own and operate more than 44% of the distribution lines in the nation and provide power to 12% of the population. © Cyber Security E-Handbook Copyright © 2008 by The National Rural Electric Cooperative Association. Reproduction in whole or in part is strictly prohibited without prior written approval of the National Rural Electric Cooperative Association, except that reasonable portions may be reproduced or quoted as part of a review or other story about this publication. Legal Notice This work contains findings that are general in nature. Readers are reminded to perform due diligence in applying these findings to their specific needs, as it is not possible for NRECA to have sufficient understanding of any specific situation to ensure applicability of the findings in all cases. Neither the authors nor NRECA assume liability for how readers may use, interpret, or apply the information, analysis, templates, and guidance herein or with respect to the use of, or damages resulting from the use of, any information, apparatus, method, or process contained herein. In addition, the authors and NRECA make no warranty or representation that the use of these contents does not infringe on privately held rights. This work product constitutes the intellectual property of NRECA and its suppliers, as the case may be, and contains confidential information. As such, this work product must be handled in accordance with the CRN Policy Statement on Confidential Information. Contact: Randall R. Nason, PE David Greer, Executive Director Jerald Dawkins, Ph.D., President C.H. Guernsey & Company Institute for Information Security True Digital Security 5555 North Grand Blvd University of Tulsa 5110 S Yale Ave, Suite 310 Oklahoma City, OK 73112 Tulsa, OK 74104 Tulsa, Oklahoma 74135 Phone: 405.416.8213 Phone: 918.631.6525 Phone: 866.430.2595 e-mail: [email protected] e-mail: [email protected] e-mail: [email protected] Contents – iii contents Executive Summary vii Section 1 Cyber Security and Electric Cooperatives 1 The Why and How of Cyber Security 1 Section 2 Cyber-Security Primer 5 Dimensions of Security 5 Engineering for Security 6 Security Controls 7 Section 3 Protecting Electric Cooperatives’ Business Systems 17 Safeguarding Workstations, Laptops, and Desktops 17 Defending the Network 23 Protecting Information Services 33 Section 4 Protecting Electric Distribution Control Systems 35 SCADA Systems 35 Attacks on SCADA Systems 36 Security for SCADA Systems 38 Security Questions and Recommendations for SCADA Systems 40 Section 5 Roadmap: Cyber-Security Framework and Standards 43 Critical Infrastructure Protection 43 INFOSEC Guidelines for the Utility Industry 45 Cyber-Security Framework 47 Appendix A Description of NERC Cyber-Security Standards (CIP-002–009) 51 Appendix B Glossary of Terms 55 Appendix C References 59 Appendix D Abbreviations 61 iv – Illustrations illustrations FIGURE PAGE A.1 Security and Cyber Security Architecture and Protection vii 3.1 Typical Firewall Hardware Device—Barracuda Firewall 25 4.1 SCADA System Attack Entry Points 36 Tables – v tables TABLE PAGE 2.1 Devices for Physically Securing Computer Equipment 12 (Prices subject to change) 3.1 Firewall Devices 26 3.2 Common Firewall Traffic 27 4.1 SCADA Vulnerabilities as Reported by the DoE 37 Executive Summary – vii executive summary lectric cooperatives face a range of informa- operational, and managerial controls to create Etion security threats, from computer crimi- layered defenses for an information system. nals seeking social security numbers (SSNs) on The diagram below, Figure A.1, illustrates the corporate networks to cyber terrorists aiming to major elements and considerations of a cyber- take down the power grid by attacking a control security program for electric cooperatives. A net- network. Defending against such threats means work must strategically apply security solutions building a cyber-security program that mitigates such as firewalls, virtual private networks (VPNs), risks, addresses compliance and regulatory re- and intrusion-detection systems. Security controls quirements, and results in streamlined operations must also reside on desktops, personal comput- and increased productivity. ers (PCs), and laptops to protect the data that The objective of this handbook is to introduce rest on them. Antivirus software, hard-drive en- basic concepts and technologies of cyber secu- cryption, and access-control systems all support rity, and offer guidance for protecting modern defense in depth. At the application level, data- electric cooperatives. Cyber security is a cyclic bases, messaging programs, and e-mail systems risk-management process protecting information demand their own specific security solutions. systems in four dimensions: confidentiality, in- Supervisory control and data acquisition (SCADA) tegrity, availability, and nonrepudiation. A ro- systems, which provide real-time control and bust security program integrates technical, monitoring of electric distribution systems, create Network & Bus Applications: •Passwords + Wireless •PCI Compliance + DMZ •Int. Vulnerability Scan Cyber Security: SCADA: •Internet/Extranet •Live Data Access •Firewalls + Appliances •Remote Access •Ext. Vulnerability Scan •Historical Data Access •Patch Mgmt. •Control vs Monitoring •Intrusion Detection + •Compliance Agencies Intrusion Prevention •Network Firewall (IDS/IPS) •PC Firewall •Honey Pots •Anti-Virus Other: Physical Security: Security & Cyber •Back-up + Restoration •Access Control + Logs Security Architecture •Internet Insurance •Video Cameras & Protection: •Separation of Duties •Climate Control •Layered Protection •Security Administration •Back-up Power •Tech Architecture •Security Administration (UPS + Generator) (Diagrams & Docs) Staff Certification •Fire Suppress Desktop & Files: Messaging: •Identity Theft •E-mail + Attachments •Phishing •Instant Messaging (IM) •Data Theft (Internal & External) •Flash/Thumb Drives Controls: •Spyware + Ad-ware •Technical •Spam •Operational •Managerial •Incident Management •Logs FIGURE A.1: Security and Cyber-Security Architecture and Protection. viii – Executive Summary executive summary special security challenges. Their time and mis - components of a security plan that keeps assets sion criticality, coupled with the trend for greater out of the wrong hands. remote access and historically weak security, A robust cyber-security program is more than make SCADA systems attractive targets for cyber a collection of techniques and technologies thrown terrorists. SCADA security calls for protecting ex - together in defense of a network. A sustainable ternal connections through strong authentica - program must bind these into a cohesive frame - tion, engaging application-level access controls, work driven by risk and compliance, and sup - and implementing routine patch management. ported by assessment and training. A security Technical controls must be supported by op - program is shaped by its organizational risk and erational controls such as patch management regulatory requirements. Security assessments and vulnerability scans to be effective. Manager - and audits guide the intelligent development of ial controls such as separation of duty policies a strategic security plan. Ultimately, however, a and training programs support both—and thus security program is built on a culture supported ensure that systems and procedures are imple - by training and education. This handbook intro - mented systematically. Physical security is criti - duces these necessary ingredients and provides cal as well. Video cameras, security guards, door the recipe for a successful cyber-security pro - locks, and fire-suppression systems are vital gram for electric cooperatives. Cooperative Checklist Electric cooperatives vary greatly in size. As a 8. File server protection result, information technology (IT) resources 9. Spam protection and needs vary greatly across cooperatives. 10. Corporate security policy The following are some tips to concentrate ef - forts on the most important aspects of cyber Top 10 items for SCADA networks security to get the greatest return for the time 1. Gateway firewall and effort spent. 2. Backup and disaster recovery plans 3. Remote access control Top 10 items for corporate networks 4. SCADA application hardening 1. Gateway firewall 5. Virus scan/spyware blocker 2. Server virus scan/spyware blocker 6. Patching 3. Desktop virus scan/spyware blocker 7. SCADA database security 4. Gateway virus scan/ spyware blocker 8. SCADA network auditing 5. Patching 9. Accurate time source 6. Backup and disaster recovery plans 10. SCADA network security
Load more

Recommended publications
  • System Node Reference
    IceWarp Unified Communications System Node Reference Version 10.4 Print ed on 10 December, 2012 Contents System Node 1 Services .......................................................................................................................................................................... 2 Service Ports ...................................................................................................................................................... 2 General .............................................................................................................................................................. 4 Service – Properties ............................................................................................................................... 7 Service – Logging ................................................................................................................................... 9 Service – Access ................................................................................................................................... 10 Service – Other .................................................................................................................................... 11 SOCKS and Minger Server .................................................................................................................... 12 SOCKS .................................................................................................................................................. 12 Minger Server .....................................................................................................................................
    [Show full text]
  • Systems Security Engineering – Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, Was Chosen to Appropriately Convey
    NIST Special Publication 800-160 Systems Security Engineering Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems RON ROSS MICHAEL McEVILLEY JANET CARRIER OREN This publication contains systems security engineering considerations for ISO/IEC/IEEE 15288:2015, Systems and software engineering — System life cycle processes. It provides security-related implementation guidance for the standard and should be used in conjunction with and as a complement to the standard. This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-160 NIST Special Publication 800-160 Systems Security Engineering Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems RON ROSS Computer Security Division National Institute of Standards and Technology MICHAEL McEVILLEY The MITRE Corporation JANET CARRIER OREN Legg Mason This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-160 November 2016 U.S. Department of Commerce Penny Pritzker, Secretary National Institute of Standards and Technology Willie May, Under Secretary of Commerce for Standards and Technology and Director Special Publication 800-160 Systems Security Engineering A Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems ________________________________________________________________________________________________ Authority This publication has been developed by NIST to further its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems.
    [Show full text]
  • AXIGEN Mail Server™ Has Been Designed to Enable Businesses to Cut Costs Without Cutting Corners
    Combating the increasing cost of email Why you should read this white paper Businesses usually adopt a commonsense approach when it comes to spending the IT budget with cost being a major influencer in purchasing decisions. However, when it comes to choosing a mail server, many businesses seem to pay less attention to the costs and, as a result, end up spending far more money than is necessary. This white paper will explain how businesses can significantly reduce the costs of their email communication while continuing to provide users with a best-in-class messaging and collaboration solution. White paper Introduction Today, email is absolutely mission-critical. Communication and collaboration keep your business running. Email and electronically enabled collaboration have become so embedded in normal day-to-day operations that many businesses simply could not function without them. These services enable everything from productivity enhancing collaboration between employees to external communications with customers and business partners and demand 24x7 availability. Many businesses, however, have found that the cost of providing employees with the latest in messaging and collaboration technology is rapidly escalating. To meet modern business needs, mail servers have had to become more complex – and with that additional complexity come additional management burdens and costs. Furthermore, some mail servers have an upgrade process that is both extremely complex and extremely costly and which may necessitate the purchase of replacement server hardware. Combined, these factors place a considerable drain on corporate resources. The problem is especially severe for small and medium sized businesses (SMBs) which usually do not have access to the same financial or technical resources as large enterprises.
    [Show full text]
  • An Article About Security Management
    Cite as www.jha.ac/articles/a060.pdf BEYOND SECURITY PLANNING: TOWARDS A MODEL OF SECURITY MANAGEMENT COPING WITH THE SECURITY CHALLENGES OF THE HUMANITARIAN WORK Luis Enrique Eguren © July 2000 SUMMARY The challenges faced by humanitarian agencies working in violent scenarios pose the need for comprehensive and dynamic systems to cope with the security requirements. Security planning cannot answer all the questions: we must take a step further and discuss a model for security management. In this paper we propose an overall framework for a security management process and an incremental approach to security management. Both topics should allow agencies and practitioners to better undertake strategies for coping with the security challenges of humanitarian work. SECURITY MANAGEMENT VERSUS SECURITY PLANNING Some of the most effective humanitarian agencies have a Security Plan carefully stored in the fifth drawer of the senior manager desk (of course in many agencies that fifth drawer is full with other documents, and there is no a drawer for security plans). Even that Security Plan may consist of a series of protective measures, contingency plans and safety rules, which may be useful as security guidelines but do not grasp the fact that that security requires an adequate overall management, and it means much more than a security plan. Security cuts through all aspects of an agency´s work in a conflict scenario: it has to do with operations (as any targeting the agency may suffer can be consequence of its operations), with assessing a changing context (and conflict scenarios can change quickly), with flows of information (recording and assessing security incidents), with personnel (from recruiting to training and team building), with budgeting and funding and so on (for an in depth analysis of security management see Koenraad van Brabant´s manual1 and other relevant initiatives2).
    [Show full text]
  • Information Security Management Accounting
    7 Information Security Management Accounting Diego Abbo Candidate School of Systems Enginireering SSE- University of Reading (UK), Italy 1. Introduction Increased computer interconnectivity and the popularity of Internet are offering organizations of all types unprecedented opportunities to improve operations by reducing paper processing, cutting costs, and sharing information. However, the success of many of these efforts depends, in part, of an organization’ ability to protect the integrity, confidentiality of the data and systems it relies on. Many people seem to be looking for a silver bullet when it comes to information security. They often hope that buying the latest tool or piece of technology will solve their problems. Few organisations stop to evaluate what they are actually trying to protect (and why) from an organizational perspective before selecting solutions. In the field of information security the security issues tend to be complex and are rarely solved simply by applying a piece of technology. Furthermore the growing of interdependency of the complex integrated information systems will continue and accelerate and more technologies are integrated to deliver rich services. Today there is no way to model, understand, monitor and manage the risks presented by the growth of these systems. That also means that the investments in information security can’t have the appropriate accuracy and follow the common principle of redundancy increasing the non-productive costs of the businesses and/or services that are supporting by the above mentioned systems. On the other hand the failure of information security during the past decade are nothing short of spectacular. The inability of organisations to prevent increasingly dramatic compromises has led to huge financial losses, produced a great deal of embarrassment, and put every sector of the global economy at risk.
    [Show full text]
  • Mailarchiva Enterprise Edition V1.9
    MailArchiva Enterprise Edition Administration Guide Willkommen Bienvenidos Welkom Bienvenue Welcome MailArchiva Enterprise Edition v1.9 INSTALLATION AND AMINISTRATION GUIDE For Windows / Linux MailArchiva Enterprise Edition Administration Guide 1 INDEX 1 INDEX ............................................................................................................. 2 2 IMPORTANT NOTICE ....................................................................................... 4 3 CONTACT INFORMATION ................................................................................. 4 TECHNICAL REQUIREMENTS .................................................................................. 5 4 OVERVIEW ...................................................................................................... 6 5 HIGH-LEVEL FEATURES ................................................................................... 7 6 ARCHITECTURE ............................................................................................... 9 7 INSTALLATION .............................................................................................. 10 7.1 EXCHANGE SERVER CONFIGURATION .................................................................... 11 7.2 SERVER INSTALLATION (ON WINDOWS ) ................................................................ 14 7.3 SERVER INSTALLATION (ON LINUX ) ..................................................................... 15 7.4 MICROSOFT EXCHANGE ...................................................................................
    [Show full text]
  • Architecture of Network Management Tools for Heterogeneous System
    (IJCSIS) International Journal of Computer Science and Information Security, Vol. 6, No. 3, 2009 Architecture of Network Management Tools for Heterogeneous System Rosilah Hassan, Rozilawati Razali, Shima Mohseni, Ola Mohamad and Zahian Ismail Department of Computer Science, Faculty of Information Science and Technology Universiti Kebangsaan Malaysia, Bangi, Selangor, Malaysia . Human: where human manager defines the policy and organization approaches. Abstract— Managing heterogeneous network systems is Methodology: defines the architectural a difficult task because each of these networks has its own curious management system. These networks framework and the functions to be usually are constructed on independent management performed. protocols which are not compatible with each other. Instrumentation: the actual operational This results in the coexistence of many management aspects that establish the procedures, systems with different managing functions and services methods and algorithms for data collection, across enterprises. Incompatibility of different processing and reporting, and analysis of management systems makes management of whole problems, their repair, prediction or system a very complex and often complicated job. forecasting of service levels and probable Ideally, it is necessary to implement centralized meta- level management across distributed heterogeneous improvements to enhance performance. systems and their underlying supporting network systems where the information flow and guidance is S&NM aims to provide network
    [Show full text]
  • Efficient Spam Filtering System Based on Smart Cooperative Subjective and Objective Methods*
    Int. J. Communications, Network and System Sciences, 2013, 6, 88-99 http://dx.doi.org/10.4236/ijcns.2013.62011 Published Online February 2013 (http://www.scirp.org/journal/ijcns) Efficient Spam Filtering System Based on Smart * Cooperative Subjective and Objective Methods Samir A. Elsagheer Mohamed1,2 1College of Computer, Qassim University, Qassim, KSA 2Electrical Engineering Department, Faculty of Engineering, Aswan University, Aswan, Egypt Email: [email protected], [email protected] Received September 17, 2012; revised January 16, 2013; accepted January 25, 2013 ABSTRACT Most of the spam filtering techniques are based on objective methods such as the content filtering and DNS/reverse DNS checks. Recently, some cooperative subjective spam filtering techniques are proposed. Objective methods suffer from the false positive and false negative classification. Objective methods based on the content filtering are time con- suming and resource demanding. They are inaccurate and require continuous update to cope with newly invented spammer’s tricks. On the other side, the existing subjective proposals have some drawbacks like the attacks from mali- cious users that make them unreliable and the privacy. In this paper, we propose an efficient spam filtering system that is based on a smart cooperative subjective technique for content filtering in addition to the fastest and the most reliable non-content-based objective methods. The system combines several applications. The first is a web-based system that we have developed based on the proposed technique. A server application having extra features suitable for the enter- prises and closed work groups is a second part of the system. Another part is a set of standard web services that allow any existing email server or email client to interact with the system.
    [Show full text]
  • Chailease Holding Company Limited. Guidelines for Information Security Management I. Purpose 1. the Company Sets Forth These
    Chailease Holding Company Limited. Guidelines for Information Security Management Date: 2019/11/13 Approved by Chairman of the board I. Purpose 1. The Company sets forth these Guidelines in order to strengthen the information security management and establish a reliable information operating environment to ensure the Company's rights and interests. II. General Rule 2. The “Company” in the Guidelines, is referring to Chailease Holding and its affiliates. 3. The Company may conduct information security risk assessment in accordance with relevant laws and regulations to determine the level of information security requirements, and adopt appropriate measures to ensure the security of the Company's data operation. 4. Regarding the “appropriate measures” in the Guidelines, the risk level of each information asset and the degree of impact or harm to the Company's operation shall be comprehensively considered, and adopt commensurate and cost-effective information security measures. 5. The Company shall set relevant regulations and regularly evaluate the implementation results for the following information security measures: (1) The formulation of information security policy. (2) The responsibility division of information security. (3) The security management of computer system. (4) The security management of network. (5) The management of system access control. (6) The security management of system development and maintenance. (7) The security management of information assets. (8) Physical and environmental security management. (9) Sustainable business operation program. (10) Laws and operations compliance. III. The Formulation of the Information Security Policy 6. The Company shall set relevant information security policy in accordance with actual business needs, and notify relevant personnel to comply with the policy in writing, electronically or otherwise.
    [Show full text]
  • I. Instaling and Configuring the AXIGEN MAIL SERVER
    15 Minutes to Setup AXIGEN with AV and AS FAST.RELIABLE.SECURE.MESSAGING This article illustrates a situation where you need to set up your own mail server (be it your home mail server, or a small office one). It actually shows that, if using an integrated service mail server, anyone can do the job, all in a matter of minutes. AXIGEN Mail Server, the solution chosen for this example, can send and receive e- mails securely via "mydomain.com" and is able to retrieve them in a WebMail interface - this means that it includes all mail services needed for a fully functional mail server (SMTP, IMAP, POP3, WebMail, WebAdmin). To get an idea of the amount of time you can spare by installing such a solution, just think of all the different open source applications you would need to install instead (i.e. an MTA, Squirrelmail for Webmail, QmailAdmin for web configuration, Courier for IMAP and POP3 and many others.) AXIGEN Mail Server can virtually integrate with any Antivirus/Antispam application and it comes with built-in connectors ClamAV Antivirus and SpamAssassin. The second part of this article shows you how to install these applications and configure these connectors for use with AXIGEN. Thus, at the end of this process which can take up half an hour at most, you will not only have your mail server up and running, but also virus and spam protection for your incoming and outgoing mail traffic. AXIGEN runs on several Linux distributions (Gentoo, Redhat/Fedora Core, Slackware, Debian, Ubuntu, Mandrake/Mandriva, SUSE), on BSD versions (FreeBSD, OpenBSD and NetBSD) and on Solaris but for the purpose of this article, let's suppose you are setting up your mail system on a Fedora Core 6 platform.
    [Show full text]
  • Security Management
    BACHELOR OF SCIENCE IN MAJOR SECURITY MANAGEMENT DEPARTMENT OF SECURITY, FIRE, AND EMERGENCY MANAGEMENT 524 West 59th Street, New York, NY 10019 n Haaren Hall, Room 433.08 n 212-237-8599 www.jjay.cuny.edu/department-security-fire-and-emergency-management See further major requirements at: www.jjay.cuny.edu/security-management-major-resources WHAT WILL YOU LEARN IN THIS MAJOR? Every significant public institution and private corporation has a security function associated with its mission to mitigate losses and risks. They need managers. The Bachelor of Science in Security Management focuses on the analysis of security risks and vulnerabilities, along with the administration of programs designed to reduce loss in both the public and private sectors. The major provides a comprehensive understanding of the principles, practices, technology and law within the security field. This enables managers to better safeguard persons, property, and privacy both inside and outside of the work environment. The major also prepares students for advanced study in John Jay’s unique graduate program in Protection Management and the new graduate online degrees in Security Management and Emergency Management. IN THIS MAJOR YOU WILL nnn FIRST COURSES IN THE MAJOR nnn Discover what is most important in reducing risks and SEC 101: Introduction to Security losses to organizations SEC 210: Methods of Security Identify emerging career opportunities in the private SEC 211: Security Management security industry and within proprietary workplaces Interpret and analyze laws, codes, standards, Students in the major will have a choice of the and practices pertinent to private security following categories of study: Learn the roles of cybersecurity and technology in the A.
    [Show full text]
  • Guide to Developing a Cyber Security and Risk Mitigation Plan
    NRECA / Cooperative Research Network Smart Grid Demonstration Project Guide to Developing a Cyber Security and Risk Mitigation Plan DOE Award No: DE-OE0000222 National Rural Electric Cooperative Association, Copyright 2011 1 NRECA / Cooperative Research Network Smart Grid Demonstration Project Guide to Developing a Cyber Security and Risk Mitigation Plan Prepared by Evgeny Lebanidze Cigital 21351 Ridgetop Circle Suite 400 Dulles, VA 20166-6503 [email protected] 703-585-5047 for The National Rural Electric Cooperative Association’s Cooperative Research Network 4301 Wilson Boulevard Arlington, VA 22203 National Rural Electric Cooperative Association, Copyright 2011 2 The National Rural Electric Cooperative Association The National Rural Electric Cooperative Association (NRECA), founded in 1942, is the national service organization supporting more than 900 electric cooperatives and public power districts in 47 states. Electric cooperatives own and operate more than 42 percent of the distribution lines in the nation and provide power to 40 million people (12 percent of the population). The Cooperative Research Network (CRN) is the technology research arm of NRECA. ©Guide to Developing a Cyber Security and Risk Mitigation Plan Copyright © 2011 by National Rural Electric Cooperative Association. Legal Notice This work contains findings that are general in nature. Readers are reminded to perform due diligence in applying these findings to their specific needs as it is not possible for NRECA to have sufficient understanding of any specific situation to ensure applicability of the findings in all cases. Neither the authors nor NRECA assumes liability for how readers may use, interpret, or apply the information, analysis, templates, and guidance herein or with respect to the use of, or damages resulting from the use of, any information, apparatus, method, or process contained herein.
    [Show full text]