Title. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.

Transcription

1 Critical Infrastructure Protection Getting Low with a Touch of Medium Title CanWEA Operations and Maintenance Summit 2018 January 30, 2018 George E. Brown Compliance Manager Acciona Wind Energy Canada Inc. V2 1

2 Acciona s Worldwide Operations Title 2

3 Title North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards: Only two (2) applicable NERC CIP Standards: 1. NERC Reliability Standard CIP a Cyber Security BES Cyber System Categorization (NERC CIP-002) Effective Date: July 01, 2016 Purpose: To identify and categorize BES Cyber Systems and their associated BES Cyber Assets for the application of cyber security requirements commensurate with the adverse impact that loss, compromise, or misuse of those BES Cyber Systems could have on the reliable operation of the BES. Identification and categorization of BES Cyber Systems support appropriate protection against compromises that could lead to misoperation or instability in the BES. 2. NERC Reliability Standard CIP Cyber Security Security Management Controls (NERC CIP-002) Effective Date: July 01, 2016 Purpose: To specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES Cyber Systems against compromise that could lead to misoperation or instability in the Bulk Electric System (BES). 3

4 high, medium & NERC CIP-002 Requirements NERC CIP a - Cyber Security BES Cyber System Categorization: Two Requirements; Effective Date = July 01, 2016 (NERC CIP ) Requirement R1: Identify the impact rating of BES Cyber Systems: high impact: Four bright line criteria medium impact: 13 bright line criteria low impact: 6 bright line criteria Requirement R2: There are two parts to Requirement R2: Review the assessment completed for Requirement R1 every 15 calendar months. CIP Senior Manager shall approve the assessment completed for R1 every 15 calendar months. 4

5 Systematic Approach NERC Defined Terms: Cyber Assets: Programmable electronic devices, including the hardware, software, and data in those devices. BES Cyber Asset (BAC): A Cyber Asset that if rendered unavailable, degraded, or misused would, within 15 minutes of its required operation, misoperation, or non-operation, adversely impact one or more Facilities, systems, or equipment, which, if destroyed, degraded, or otherwise rendered unavailable when needed, would affect the reliable operation of the Bulk Electric System. Redundancy of affected Facilities, systems, and equipment shall not be considered when determining adverse impact. Each BES Cyber Asset is included in one or more BES Cyber Systems. BES Cyber System: One or more BES Cyber Assets logically grouped by a responsible entity to perform one or more reliability tasks for a functional entity. The Systematic Approach to Limit Scope 1: Identify the BES reliability operating service (BROS) provided. 2: Identify BES Cyber Systems associated with the BROS. 3: Identify associated BES Cyber Assets. 4: Apply NERC CIP Requirements. 5

6 Systematic Approach 1: Identify the BES reliability operating services provided (BROS) Determine if your entity provides any of the following BROS applicable to a Generator Owner (GO) or Generator Operator (GOP). Entity Registration BROS Dynamic Response to BES conditions X X X X X X Balancing Load and Generation X X X X X X X Controlling Frequency (Real Power) X X X Controlling Voltage (Reactive Power) X X X X Managing Constraints X X X Monitoring & Control X X Restoration of BES X X Situational Awareness X X X X Inter-Entity Real-Time Coordination and Communication RC BA TOP TO DP GOP GO X X X X X X Considering the followings systems, not all inclusive: Protection Systems Active Power Controllers Ramp Rate Controllers Voltage Regulators/Controllers Devices Receiving Dispatch signals from Reliability Entities SCADA systems / HMIs Devices transmitting data to Reliability Entities 6

7 Systematic Approach 2: Identify BES Cyber Systems associated with the BROS Determine if any the identified BROS being provided contain cyber systems, if yes, then these are your BES Cyber Systems. Questions to ask: How do I connect to these BROS: intranet, virtual private network, remotely, SCADA? How does the identified BROS perform their service, does it use cyber connections? 3: Identify associated BES Cyber Assets Using the identified BES Cyber Systems determine the BES Cyber Assets associated with these BES Cyber Systems. Consider the following Cyber Assets: Routers Switches PLCs Servers RTACs Firewalls 4: Apply NERC CIP Requirements Apply the applicable NERC CIP-003 requirements to the identified BES Cyber Assets. Tip: Limit CIP scope to the extent possible by: Separating networks, only including BES Cyber Assets, allowing access based on business need, only devices that have routable protocols, etc. 7

8 NERC CIP-003 Requirements NERC CIP Cyber Security Security Management Controls; Requirements: Four Requirements; Effective Date = various Requirement R3: Effective Date = July 01, 2016 Identify a CIP Senior Manager by name. Document any change to the CIP Senior Manager within 30 days of the change. Requirement R4: Effective Date = July 01, 2016 Documented process to delegate CIP Senior Manager authority, if delegation occurs. Document delegations with: name & title of delegate, date of delegation, specific actions delegated, and CIP Senior Manager approval Any changes to the delegation need to be documented within 30 days of the change. Continued on the next slide 8

9 NERC CIP-003 Requirements NERC CIP Cyber Security Security Management Controls; Requirements: Requirement R1 & R1.2: Effective Date = April 01, 2017 Please note Requirement R1.1 is not applicable to. CIP Senior Manager shall approve the cyber security policies every 15 calendar months that address: Cyber Security Awareness Physical Security Controls Electronic Access Controls Cyber Security Incident Response Requirement R2: Effective Date = various Documented cyber security plans for that address: Section1: Cyber Security Awareness: Effective Date = April 01, 2017 Section 2: Physical Security Controls: Effective Date = September 01, 2018 Section 3: Electronic Access Controls: Effective Date = September 01, 2018 Section 4: Cyber Security Incident Response: Effective Date = April 01,

10 NERC CIP-003 Requirements Section 4: Effective Date = April 01, 2017 Cyber Security Incident Response: Each Responsible Entity shall have one or more Cyber Security Incident response plan(s), either by asset or group of assets, which shall include: 4.1 Identification, classification, and response to Cyber Security Incidents; 4.2 Determination of whether an identified Cyber Security Incident is a Reportable Cyber Security Incident and subsequent notification to the Electricity Sector Information Sharing and Analysis Center (ES-ISAC), unless prohibited by law; 4.3 Identification of the roles and responsibilities for Cyber Security Incident response by groups or individuals; 4.4 Incident handling for Cyber Security Incidents; 4.5 Testing the Cyber Security Incident response plan(s) at least once every 36 calendar months by: (1)responding to an actual Reportable Cyber Security Incident; (2) using a drill or tabletop exercise of a Reportable Cyber Security 4.6 Updating the Cyber Security Incident response plan (s), if needed, within 180 calendar days after completion of a Cyber Security Incident response plan(s) test or actual Reportable Cyber Security Incident. Continued on the next slide 10

11 NERC CIP-003 Requirements Section 4: Effective Date = April 01, 2017 Cyber Security Incident Response: Considerations, Tips and Possible Synergies: Can you reference your event reporting procedure developed for NERC Standard EOP-004 Event Reporting to complete require external reporting? high & medium impact NERC CIP Standards to Reference: NERC CIP-008 Cyber Security Incident Reporting and Response Planning NERC CIP-009 Cyber Security Recovery Plans for BES Cyber Systems 11

12 NERC CIP-003 Requirements Section 3: Effective Date = September 01, 2018 Electronic Access Controls; AKA Cyber Security: Each Responsible Entity shall: 3.1 For Low Impact External Routable Connectivity (LERC), if any, implement a Low Impact BES Cyber System Electronic Access Point (LEAP) to permit only necessary inbound and outbound bi-directional routable protocol access; and 3.2 Implement authentication for all Dial-up Connectivity, if any, that provides access to low impact BES Cyber Systems, per Cyber Asset capability. Considerations, Tips and Possible Synergies: Do third parties (OEMs, contactors, etc.) access your BES Cyber Systems? Do you allow individual VPN access/remote desktop connections to your BES Cyber Systems? Consider creating multiple networks that separate generation operations from general business activities. Understand traffic in the firewalls and use whitelisting techniques. Control Centers, data centers, data historians. Password polices. high & medium impact NERC CIP Standards to Reference: NERC CIP-005 Cyber Security Electronic Security Perimeter(s) NERC CIP-007 Cyber Security System Security Management NERC CIP-010 Cyber Security Configuration Change Management and Vulnerability Assessments 12

13 NERC CIP-003 Requirements Section 2: Effective Date = September 01, 2018 Physical Security Controls: Each Responsible Entity shall control physical access, based on need as determined by the Responsible Entity, to (1) the asset or the locations of the within the asset and (2) the Low Impact BES Cyber System Electronic Access Points (LEAPs), if any. Considerations, Tips and Possible Synergies: Consider all auxiliary equipment used in the operation of BES Cyber Assets including but not limited to: batteries, electrical panels, WTG switches, meteorological tower switches, fiber junction boxes, etc. Categorize areas of the generation assets/control Center including, but not limited to: WTG, metrological towers, substations, relay and switchgear rooms, server rooms, SCADA consoles, Ethernet ports, key lock boxes. Consider limiting access to need, based on the categorization. Protect all areas that contain BES Cyber Assets and/or limit access to BES Cyber Systems. Understand who, why and how people access your areas that contain BES Cyber Systems. Implement key control policies. high & medium impact NERC CIP Standards to Reference: NERC CIP-006 Cyber Security Physical Security of BES Cyber Systems 13

14 NERC CIP-003 Requirements Section 1: Effective Date = April 01, 2017 Cyber Security Awareness: Each Responsible Entity shall reinforce, at least once every 15 calendar months, cyber security practices (which may include associated physical security practices). Considerations, Tips and Possible Synergies: Discuss policies and plans developed for NERC CIP-003 compliance such as, Cyber Security Incident Response, Physical Security Controls, Electronic Access Controls. Limit scope to personnel who have access either physical or cyber to BES Cyber Systems. high & medium impact NERC CIP Standards to Reference: NERC CIP-004 Cyber Security Personnel and Training 14

15 medium impact BES Cyber Systems General Information Where is medium impact most likely to occur: Control Centers NERC CIP-002, Attachment 1, Criteria 2.11: Each Control Center or backup Control Center, not already included in High Impact Rating (H) above, used to perform the functional obligations of the Generator Operator for an aggregate highest rated net Real Power capability of the preceding 12 calendar months equal to or exceeding 1500 MW in a single Interconnection. Requirements: Personnel and training (CIP-004) Electronic Security Perimeters (CIP-005) including Interactive Remote Access Physical security of BES Cyber Systems (CIP-006) System security management (CIP-007) Incident reporting and response planning (CIP-008) Recovery plans for BES Cyber Systems (CIP-009) Configuration change management and vulnerability assessments (CIP-010) Information protection (CIP-011) General Information Must be compliant with a medium impact NERC CIP Reliability Standards prior to becoming medium impact. 15

16 low impact CIP NERC vs. Alberta Reliability Standards (ARS) General Information Please note the applicability has been reduced for the purposes of this presentation; each responsible entity should completed their own applicability assessment.) Applicable Functional Entities: & the operator and legal owner of an aggregated generating facility Applicable facilities, systems, and equipment owned by each Responsible Entity in subsection 4.1: Responsible Entities listed in subsection 4.1 other than a legal owner of an electric distribution system are responsible for: each transmission facility that is part of the bulk electric system except each transmission facility that: radially connects only to one or more aggregated generating facilities with a combined maximum authorized real power of less than or equal to 67.5 MW and does not connect a contracted blackstart resource; or radially connects to load and one or more aggregated generating facilities that have a combined maximum authorized real power of less than or equal to 67.5 MW an aggregated generating facility that is: directly connected to the bulk electric system and has a maximum authorized real power rating greater than 67.5 MW control centres and backup control centres Requirements: The low impact requirements for the Alberta Reliability Standards are extremely similar to NERC s low impact requirements 16

17 CIP Reference Material Project CIP Version 5 Revisions Implementation Plan NERC Compliance Guide and Standard Application Guides Midwest Reliability Organization Standard Application Guide CIP Midwest Reliability Organization Standard Application Guide CIP-003 Low Impact Bulk Electric System Definition Reference Document Version 2.0 April Glossary of Terms Used in NERC Reliability Standards NERC CIP V5 Transition Program NERC CIP Reliability Standards Enforceable Alberta CIP Reliability Standards Enforceable Alberta Consolidated Authoritative Document Glossary 17