Critical Infrastructure Protection Committee Meeting Presentations
|
|
- Phillip Gregory
- 6 years ago
- Views:
Transcription
1 Critical Infrastructure Protection Committee Meeting Presentations Atlanta, GA December 9-10, 2014 *All presentations are posted with the consent of the presenters.
2 Chief Security Officer Remarks Tim Roxey Senior Director, ES-ISAC, CSO Atlanta, GA December 9-10, 2014
3 NERC and Department Updates Department Updates: Critical Infrastructure Department/ES-ISAC restructuring Open Positions at the ES-ISAC NERC Updates: ES-ISAC updates (CRISP, portal, etc.) Security Reliability Program CIP v5 Transition and Revisions Physical Security CIP Implementation GridEx III Planning for November 18-19, 2015 CIPC Working Groups and Task Forces 2 RELIABILITY ACCOUNTABILITY
4 ES-ISAC Organization 3 RELIABILITY ACCOUNTABILITY
5 Open Positions Cybersecurity Threat Analyst CRISP (two positions) Threat and Vulnerability Manager Threat and Vulnerability Specialist Senior Cybersecurity Specialist Cybersecurity Specialist Physical Security Specialist CIP Awareness Specialist Policy and Coordination Specialist 4 RELIABILITY ACCOUNTABILITY
6 5 RELIABILITY ACCOUNTABILITY
7 NERC CIPC Chair Report Chuck Abell December 09, 2014
8 December 2014 Update Grid Security Conference San Antonio, TX DHS Classified Briefing CIPC Strategic Plan Bi-annual Update Re-alignment w/ updated ERO Strategic Plan Updated to reflect current CIPC efforts Removed references to the ESCC Added accountability to RISC Updated organizational charts CIPC structure unchanged Ballot by vote Submission to NERC Board of Trustees Feb, RELIABILITY ACCOUNTABILITY
9 CIP Committee Structure Executive Committee David Revill, NRECA Chuck Abell, Chair, Ameren Melanie Seader, EEI David Grubbs, ERCOT Nathan Mitchell, Vice Chair, APPA Jack Cashin, EPSA Ross Johnson, CEA Jim Brenton, Vice Chair, ERCOT Marc Child, Great River Laura Brown, Secretary Physical Security Subcommittee (David Grubbs) Cyber Security Subcommittee (Marc Child) Operating Security Subcommittee (Jim Brenton) Policy Subcommittee (Nathan Mitchell) Physical Security WG (Ross Johnson) Control System Security WG (Mikhail Falkovich) ES Information Sharing TF (Stephen Diebold) BES Security Metrics WG (James Sample) Physical Security Guidelines WG (John Breckenridge) Cyber Attack Tree TF (Mark Engels) Grid Exercise WG (Tim Conway) Physical Security Standard WG (Alan Wick) Security Training WG (William Whitney) Cybersecurity Analysis WG (TBD) Business Continuity Guideline TF (Darren Meyers) Compliance and Enforcement Input WG (Paul Crist) 3 RELIABILITY ACCOUNTABILITY
10
11 UPDATE 2 RELIABILITY ACCOUNTABILITY
12 ES-ISAC shares SEPTEMBER Shellshock scanning activity was seen by several members and partners ( ) Ransomware Reports spiked in September 3 RELIABILITY ACCOUNTABILITY
13 ES-ISAC shares October Shodan Google for routers, servers, ICS HART Improved results on DNP3 Project SHINE using Shodan BlackEnergy - Sophisticated Malware Campaign on ICS ICS-CERT Alert released on 17 October (1671) The ES-ISAC first reported on Blackenergy in late September Proof of Concept vulnerability of Smart Meters in Spain Vulnerable credentials can lead to underreporting of energy use 4 RELIABILITY ACCOUNTABILITY
14 ES-ISAC shares NOVEMBER WinCC unauthenticated remote code execution ICS MS Kerberos escalation of privileges from unprivileged domain-user to full domain administrator Regin highly sophisticate cyberespionage tool APT28 highly sophisticated Russian cyberespionage OP Cleaver sophisticated Iranian cyberespionage 5 RELIABILITY ACCOUNTABILITY
15 ES-ISAC shares PHISHING Targeted Phishing Attack (1658) Changes in Profit shares" theme. MS Word document with malicious macros. Domain and cloud infrastructure appeared to originate from target company! Wire Transfer Phishing Targeting Senior finance department staff requesting fraudulent wire transfer. Has been seen since and reported on since November Phishing Untargeted phishing attacks with malicious links and payloads. 6 RELIABILITY ACCOUNTABILITY
16 ES-ISAC Update CRISP Infrastructure purchased Site visits Deploying additional Information Sharing Devices Information from CRISP will be shared in the portal Program Lead: Matthew Light 7 RELIABILITY ACCOUNTABILITY
17 CRISP Share CRISP Information Shared SQL injection (SQLi): drop/delete table commands. Remote file disclosure: known vulnerability in HttpCombiner Same IP. Active since September (1707) 8 RELIABILITY ACCOUNTABILITY
18 Continue the discussion by engaging the team: 9 RELIABILITY ACCOUNTABILITY
19 ES-ISAC contact info. Register at ESISAC.com 24 hour hotline: CONTACT US 10 RELIABILITY ACCOUNTABILITY
20 Relevant industry dataset may provide us answers Assess our risks Understand our threats Improve our posture to those threats 11 RELIABILITY ACCOUNTABILITY
21 Legislative Update Critical Infrastructure Protection Committee December 9, 2014 Nathan Mitchell, American Public Power Association
22 HR 3410 The House on Monday passed a bill to require the Department of Homeland Security to include the threat of electromagnetic pulse events in national planning scenarios. Passed by voice vote, H.R would direct the agency to conduct a public education campaign about the threat of electromagnetic pulse (EMP) events and authorize research into its prevention and mitigation. Rep. Trent Franks (R-Ariz.) 2 RELIABILITY ACCOUNTABILITY
23 Cybersecurity Information Sharing Act of 2014 To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats. Introduced to Senate Select Committee on Intelligence 7/10/2014 Diane Feinstein (D-CA) S RELIABILITY ACCOUNTABILITY
24 Industry Urges the Senate to Pass CISA S. 2588, the Cybersecurity Information Sharing Act of 2014 (CISA) CISA passed the Senate Intelligence committee in July with broad support from both Democrats and Republicans. The bill would help businesses achieve timely and actionable situational awareness to improve theirs and the nation s detection, mitigation, and response capabilities against cyber threats. The bipartisan bill safeguards privacy and civil liberties, preserves the roles of civilian and intelligence agencies, and incentivizes sharing with narrow liability protections. CISA represents a workable compromise among many stakeholders. 4 RELIABILITY ACCOUNTABILITY
25 HR 3696 National Cybersecurity and Critical Infrastructure Protection Act of 2014 To amend the Homeland Security Act of 2002 to make certain improvements regarding cybersecurity and critical infrastructure protection. Passed House on 7/28/2014; Referred to Senate Committee on Homeland Security and Governmental Affairs Michael McCaul (R-TX), Bennie Thompson (D-MS) 5 RELIABILITY ACCOUNTABILITY
26 S 1353 Cybersecurity Act of 2014 To provide for an ongoing, voluntary publicprivate partnership to improve cybersecurity, and to strengthen cybersecurity research and development, workforce development and education, and public awareness and preparedness. Introduced to Senate Committee on Commerce, Science, and Transportation 7/24/2014 John Rockefeller (D-WV), John Thune (R-SD) 6 RELIABILITY ACCOUNTABILITY
27 HR 624 Cyber Intelligence and Protection Act (CISPA) To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities. Passed House on 4/18/2013; Referred to Senate Select Committee on Intelligence Mike Rogers (R-MI), Dutch Ruppersberger (D-MD) 7 RELIABILITY ACCOUNTABILITY
28 S 2521 The Federal Information Modernization Act To amend chapter 35 of title 44, United States Code, to provide for reform to Federal information security. Referred to Senate Committee on Homeland Security and governmental Affairs 6/24/2014 Thomas Carper (D-DE), Tom Coburn (R-OK) 8 RELIABILITY ACCOUNTABILITY
29 S 2519 National Cybersecurity and Communications Integration Act of 2014 To codify an existing operations center for cybersecurity. Referred to Senate Committee on Homeland Security and Governmental Affairs 6/25/2014 Thomas Carper (D-DE), Tom Coburn (R-OK) 9 RELIABILITY ACCOUNTABILITY
30 HR 2952 Critical Infrastructure Research and Development Advancement Act of 2014 (CIRDA Act of 2014) To authorize the Secretary of Education to make grants for the establishment of State Networks on Science, Technology, Engineering, and Mathematics Education. Passed House 7/28/2014; Referred to Senate Committee on Homeland Security and Governmental Affairs Patrick Meehan (R-PA) 10 RELIABILITY ACCOUNTABILITY
31 Questions? 11 RELIABILITY ACCOUNTABILITY
32 New York State Cybersecurity Exercise 2014 Greg Goodrich Principal, Security and Compliance Coordination New York Independent System Operator NERC CIPC December 10, 2014 The Westin Buckhead Atlanta, GA 2014 New York Independent System Operator, Inc. All Rights Reserved.
33 Exercise Overview The New York State Cyber Security Exercise: Sponsored by Department of Energy; organized by DOE, NYISO, NYPA, ConEd Operations Exercise and Workshop (10/22) Executive Level Exercise and Workshop (10/23) Scenario Cyber attack on critical infrastructure that has physical consequences for energy delivery systems Participants >120 participants from 13 electric and gas utilities that own and operate facilities within New York Statet Partners from energy industry organizations; ISACs; and Federal, State, local, tribal, and territorial government agencies 2014 New York Independent System Operator, Inc. All Rights Reserved. 2
34 Participating Organizations Electricity Gas Energy Partners Federal, State & Local Partners Con Edison National Fuel Gas ES-ISAC DOE New York Power Spectra Energy NERC DHS Authority St. Lawrence Gas NPCC FERC New York Independent d Con Edison APPA NYS PSC System Operator National Grid ESCC/EEI NYS Governor s Office National Grid Iberdrola USA - ISO/RTO NYS Fusion Center Iberdrola USA - Rochester Gas and Council NYS DHSES Rochester Gas and Electric NYS ITS Electric Iberdrola USA - MS-ISAC Iberdrola USA - New York State Electric and New York State Electric and Gas US Congress Representative Paul Gas Central Hudson Tonko s Office Central Hudson Orange and Orange and Rockland Rockland Long Island Power Authority Massena Electric 2014 New York Independent System Operator, Inc. All Rights Reserved. 3
35 Scenario Summary Spearfishing attack targets energy companies and installs zero day malware exploiting multiple vulnerabilities in Windows, UNIX, and Linux based systems and a common chip set used in control devices from multiple vendors. Malware triggers a logic time bomb in chip technology that: Infects PMUs, PLCs, RTUs, relays, and meters and compromises integrity of information between control centers and remote equipment Deploys a coordinated Distributed Denial of Service (DDoS) attack on energy sector, financial sector, and state government websites Malware compromises the integrity of information between control centers and remote equipment. Malware triggers equipment malfunction that creates an explosion, which injures people in the immediate area New York Independent System Operator, Inc. All Rights Reserved. 4
36 Scenario Impacts Multiple New York State organizations lose and account access services % of energy company business IT systems are incapacitated % of energy delivery equipment is incapacitated. Impacted systems must be taken offline to replace damaged equipment, requiring manual processes for up to a month. Limited information is initially disseminated because it is classified or sensitive. Energy companies are inundated with requests for information by both the public and the media. Social media escalates initial public concern into a frenzy, and protests begin. Damaged meters disrupt customer billing and end of month processes New York Independent System Operator, Inc. All Rights Reserved. 5
37 Workshop Insights Peer to peer communication among operational and IT personnel during cyber incidents is essential. OT and IT personnel receive an overwhelming number of cyber alerts / information overload. Cyber incidents can last for weeks. Cyber incident response is very different than traditional restoration activities. Cyber attacks stress different types of personnel and resources. Incident command roles during a major cyber event are unclear. Public communication and messaging for cyber incidents is challenging New York Independent System Operator, Inc. All Rights Reserved. 6
38 Opportunities for Improvement Develop and formalize cyber mutual aid agreements. Train and exercise on manual system operations. Develop a New York/regional decision tree for incident response and information sharing. Formalize current cyber security collaboration among participants and consider establishing a security and resilience working group. Emphasize cyber resilience in future system designs and architectures. Examine alternate communication options New York Independent System Operator, Inc. All Rights Reserved. 7
39 Regional Exercise Planning Overview: Plan for a plan Scope Scenarios Engagement Stake holders Partners Execution Local/Remote After Action What we learned about: Project Planning Resource planning Processes and tools Outreach Socialization Partnerships Forged new Strengthened existing 2014 New York Independent System Operator, Inc. All Rights Reserved. 8
40 Future Regional Exercises New York State: Going forward NYS plans to coordinate alternate year (opposite GridEx) exercises Cross Sector additions Others: 2014 New York Independent System Operator, Inc. All Rights Reserved. 9
41 2014 New York Independent System Operator, Inc. All Rights Reserved. 10
42 NATF Security Practices Group Activity Update Wayne VanOsdol, NATF Program Manager - Practices NERC CIPC Meeting December 9-10, 2014
43 Discussion Topics Brief NATF Overview Cyber Security Project Update: CIP-002 V5 Guide Physical Security Project Update: CIP R4 & R5 Modeling / Planning Project Update: CIP R1 2
44 NATF Membership Membership open to companies that own/operate 50 circuit miles 100 kv transmission or, operate 24/7 control center Organization types (75 Members) Investor-owned State/Municipal Cooperative Federal/Provincial ISO/RTO Expertise 3600 subject-matter experts Coverage (North America Wide) 85% Peak Demand 75% 100kV and higher circuits 3
45 NATF Mission, Vision, Approach Mission Vision Approach Promote excellence in the reliable operation of the electric transmission system Continuously improve the reliability of the electric transmission system Pursue reliability and security excellence via: Constructive peer challenge Effective, relevant information sharing o lessons learned, superior practices, etc. 4
46 Guiding Principles Community The complex, interconnected grid requires active collaboration to promote higher levels of reliability, security, and resiliency Confidentiality Confidentiality promotes open, candid intramembership dialogue Candor Commitment Direct, objective performance feedback is delivered as a membership norm Members senior leaders commit to the NATF s mission of promoting excellence 5
47 Cyber Security Project Update CIP-002 V5 Practices Guide 6
48 CIP-002 V5 Project Update Purpose: The purpose was to develop a NERC CIP-002 Version 5 Guide for identifying Cyber Assets and defining corresponding BES Cyber Systems for transmission facilities and assets. Deliverable: Security CIP-002 V5 Guide and various assessment tools and spreadsheets were approved for use on July 1, New product includes recommendations, examples, and templates for documenting a program, and includes diagrams / flow charts that will assist in standardizing CIP-002 documentation across the NATF membership. Product Maintenance: The CIP-002 V5 Guide Maintenance Oversight Team was created in July Team meeting twice per monthly from August December Team is responsible for obtaining Use Cases from NATF members, logging information pertaining to any Industry or Regulatory decisions associated with CIP-002 V5, and developing an attachment or addendum to the guide at the end of 2014 Some type of team will most likely be needed in 2015 as well 7
49 Physical Security Project Update CIP R4 & R5 Practices Guide
50 Physical Security Work Group Project: CIP R4 and R5 Guide Deliverable: The purpose is to develop a NERC CIP R4 and R5 Reliability Standard guide that is defensible (but not prescriptive) for conducting evaluations as required in requirement 4, and for developing and implementing a physical security plan as required in requirement 5. NERC CIP R4 & R5: R4 - Conduct evaluation of potential threats and vulnerabilities of a physical attack to stations and primary control centers identified under R1 and verified under R2, and R5- Develop and implement a documented physical security plan.
51 Physical Security Work Group Project: CIP R4 and R5 Guide Project Scope / Process: The project teams will; 1. Work with Members to develop a Best Practices document on how to go about performing the threat analysis. 2. Work with Members to develop a Best Practices document on how to go about developing a physical security plan. Project Timeline: August-October (steps completed): Created project scope and timeline, discussed project with the Security Practices Group Core Team and Physical Security Work Group, identified project team participants and leaders, held initial meeting to create an R4 and R5 team and determine how work will be performed (in progress): The two teams (R4 and R5) holding twice-per-month WebEx meetings from November through February, 2015 (final products): Completion of products expected by end of 1 st quarter in 2015
52 Modeling / Planning Project Update CIP R1 Assessment Guide
53 Modeling / Planning Project: CIP R1 Guide Deliverable: The purpose is to develop a general guideline to be used for the risk assessment identified in CIP R1. NERC CIP R1: Each Transmission Owner shall perform an initial risk assessment and subsequent risk assessments of its Transmission stations and Transmission substations (existing and planned to be in service within 24 months) that meet the criteria specified in Applicability Section The initial and subsequent risk assessments shall consist of a transmission analysis or transmission analyses designed to identify the Transmission station(s) and Transmission substation(s) that if rendered inoperable or damaged could result in widespread instability, uncontrolled separation, or Cascading within an Interconnection.
54 Modeling / Planning Project: CIP R1 Guide Project Scope / Process: The project consists of three basic activities; 1. Develop an R1 assessment guide to aid Members in performing the transmission risk assessment 2. Develop a process, structure and timeline for Members to review their R1 processes, methodologies and results against similarly-situated Members 3. Poll Members to assess their plans for the R2 3rd party assessment Project Timeline: Implemented R1 project in late June with initial draft guide developed in September Currently, the team is developing a process for surveying the results of Members R1 risk assessment and initiating opportunities for Members to compare their results against similarly-situated Members Expected completion date of the survey is December 2014 Sent latest version of draft R1 Guide to NERC on November 25 for review Expected completion for R1 Guide is January / February 2015
55 Thank you! Questions?
56 GridEx III Grid Security Exercise NERC CIPC December 9-10, 2014
57 December Update GridEx III Dates Outreach Working Group Formed Meeting schedule Considerations 2 RELIABILITY ACCOUNTABILITY
58 Calendar and Entity Prep November 18 19, 2015 Leadership Buy In Identify Level of Play Capability Obtain Internal Player / Planer Commitments Identify Training Needs CEH Participate in GridEx Planner / Player Calls Lead Planner Registration will open early next year - 3 RELIABILITY ACCOUNTABILITY
59 GridEx III Working Group Operations Cybersecurity Physical Security 4 RELIABILITY ACCOUNTABILITY
60 Outreach Activities FRCC Spring Workshop May BPA Cybersecurity Resilience May NERC CIPC Vancouver Sept NERC OC Vancouver Sept SERC CIP Workshop October 7 NERC GridSec Conference Oct NERC Operating Reliability Subcommittee (ORS) Sept ISO / RTO Council (IRC) Operations Committee Oct 29 Various entity specific outreach calls random 5 RELIABILITY ACCOUNTABILITY
61 GridEx Working Group Reliability Coordinators Entities NERC, Regions, Org 8 5 Gov, Mil, Labs Vendors, Partners 6 RELIABILITY ACCOUNTABILITY
62 Scenario Development Establish the Scope Develop a Narrative MSEL Development NERC leadership and GEWG Determine the level and type of impact desired Determine what will be targeted Determine the attack vectors Backstory or ground truth: Attacker profile The Who, How, and Why of the attack Timing of the attack Expected Player actions Detailed sequence of exercise events with inject timing Expected Player Actions Dynamic inject development Custom injects within entities and RC areas 10 RELIABILITY ACCOUNTABILITY
63 2105 Conference Dates Timeline December 10 Jan / Feb 2014 March June Sept Nov Q GridEx Working Group Kick Off Initial Planning Phase Mid term Planning Phase Final Planning Phase GridEx III After Action Establish Working Group Members Establish Mail list GridEx Awareness Confirm objectives Establish boundaries Confirm tools Confirm exercise infrastructure Finalize attack vectors and impacts Work on scenario narrative Finalize baseline MSEL Develop Controller and Player materials Draft After Action Survey Finalize custom injects with RCs Distribute materials Conduct training Set up venue and logistics Send injects and oversee player actions Capture player actions and findings Facilitate Executive Tabletop Distribute survey Analyze findings and lessons learned Draft Final Report Reliability Coordinator Planning Activities RCs identify Active Organizations in their control area RCs establish and participate in RC to RC and RC to Entity coordination calls RCs and entities understand and develop customized injects 11 RELIABILITY ACCOUNTABILITY
64 Prep Work Tools and Technology Use Collaboration site for GEWG and Lead Planners Registration site for Planners and Players Improved Player Directory capability Various Exercise Tools being evaluated Scoring and Simulation Tool trial Improved generic inject quality Improved Social Media Delivery of Training and Exercise Videos Many other possibilities. 12 RELIABILITY ACCOUNTABILITY
65 Summary GridEx Working Group members NERC investment Time De confliction with other Exercises In the News 13 RELIABILITY ACCOUNTABILITY
66 - 17 RELIABILITY ACCOUNTABILITY
67 Electricity Sector Information Sharing Task ForceF Progress Report Stephen Diebold, Chairman Joe Doetzl, Vice Chairman December 2014
68 Contents Task Force Members Mission Statement Timeline Outreach 5 RELIABILITY ACCOUNTABILITY
69 Task Force Members Stephen Diebold Joe Doetzl Donald Roberts Fred Hintermister Orlando Stevenson Laura Brown John Breckenridge Brian Harrell Jim Brenton Chair Vice Chair Core Team Core Team Core Team Core Team Secondary Reviewer Secondary Reviewer Final Reviewer 7 RELIABILITY ACCOUNTABILITY
70 Mission Statement Develop a presentation to be used for communicating across industry, especially to cybersecurity and operations personnel, Hydra Team roles and functions. Develop a presentation to be used for outreach promoting the ES-ISAC portal use as a central coordination point and reporting tool in crisis. 8 RELIABILITY ACCOUNTABILITY
71 Timeline September CIPC June CIPC March CIPC December CIPC September CIPC -- Sep Jun Mar Dec Sep Begin Outreach Program Approval of ES-ISAC and Hydra Presentation Finalize Hydra Presentation Finalize ES-ISAC Presentation CIPC Status Report Draft of Hydra Presentation CIPC Status Report Draft of ES-ISAC Presentation CIPC Status Report Begin Work on Hydra Presentation CIPC Status Report Begin Work on ES-ISAC Presentation Select Task Force Members Aug Charter Approved 11 RELIABILITY ACCOUNTABILITY
72 Outreach The ESISTF will schedule a webinar for disseminating the information Would like to present at NERC Region meetings Looking for other opportunities at relevant electricity sector conferences 12 RELIABILITY ACCOUNTABILITY
73 ESISTF
74 Cyber Security Sub-cmte Progress Report Jim Brenton
75 2 RELIABILITY ACCOUNTABILITY
76 NERC Attack Tree Task Force December 9-10, 2014
77 Generic Model Each BA/company has different configurations - Operational, IT and Physical 4 RELIABILITY ACCOUNTABILITY
78 Goals and Modeling Software Attack Tree Task Force (ATTF) Goals a. Fully populated set of attack trees, with meaningful data (classified and unclassified) informing key stakeholders in offsetting vulnerabilities in the North American bulk electric system. b. Establish ownership and location of the attack trees, and document the roles and responsibilities of the data custodians 5 RELIABILITY ACCOUNTABILITY
79 Attacker Goal Situational Awareness Balancing Authority - Collection of generation, transmission, and loads within metered boundaries maintaining load-resource balance Generation Load *PJM NERC Primer (June 10, 2013) Transmission Does not have to be a complete blackout to have an impact! 6 RELIABILITY ACCOUNTABILITY
80 Attack Scenarios 3 Attack Scenarios Attack Scenario Each minimal combination of leaf level events is known as an attack scenario. 7 RELIABILITY ACCOUNTABILITY
81 Behavioral Indicators Definition: Behavioral Indicators describe the resources that are need to be expended by the attacker in order to reach a particular state or node in the tree. Behavioral Indicators Breach of Trust Cost of Attack (What not Who) o Technical Training o Special Equipment, Hardware or Software o Insider Knowledge o Other Defender Error Noticeability Physical Presence Technical Ability (Who not What) 8 RELIABILITY ACCOUNTABILITY
82 Overall Process Attacker Goal Define Nodes in Tree Define Behavioral Indicators (BI) Analysis Define Attacker Profiles Define Victim Profile Reduction Subset of Attack Scenarios Level 1 Attacker Profile Level 2 Attacker Profile Pruning Level 1 Successful Attack Scenarios Level 2 Successful Attack Scenarios Total Population of Attack Scenarios Level 3 Attacker Profile Level 3 Successful Attack Scenarios 9 RELIABILITY ACCOUNTABILITY
83 Questions Questions 10 RELIABILITY ACCOUNTABILITY
84 Cyber Security Subcommittee Cyber Security Events Analysis WG Chair: <open>
85 Cyber Security Events Analysis WG 1. CIPC EC reviewing charter 2. Will recruit a new Chair if/when needed 3. Update at March CIPC meeting Chair: <open> 12 RELIABILITY ACCOUNTABILITY
86 Cyber Security Subcommittee Control Systems Security WG Chair: Mikhail Falkovich
87 CSSWG Status Charter has been approved Core contributors have been identified and work is proceeding GridEx II Lesson Learned #4 Recommendations Summary Assess the business and operational implications of isolating IT assets during a cyber-event to ensure critical functions can be maintained during a crisis. Outline completed 14 RELIABILITY ACCOUNTABILITY
88 CSSWG Control System Electronic Connectivity: Draft Outline Executive Summary/Introduction/Scope General Principles Network Design Considerations Security Mechanisms Disconnecting and Reconnecting Appendices/Use Cases and Examples 15 RELIABILITY ACCOUNTABILITY
89 CSSWG Control System Electronic Connectivity: Executive Summary/Introduction/Scope The guideline is being written to provide a general overview of connectivity and security topics while giving the option for deep dives within the Examples appendix This guideline is focused on the electric sector and will avoid duplicating existing industry documents References to existing frameworks and guidelines will be used when appropriate. 16 RELIABILITY ACCOUNTABILITY
90 CSSWG Control System Electronic Connectivity: General Principles Compartmentalization/Scoping/Segmentation Monitoring Functionality vs. Security vs. Compliance Data Connection Flows Defense in Depth Programmatic vs. User Access 17 RELIABILITY ACCOUNTABILITY
91 CSSWG Control System Electronic Connectivity: Network Design Considerations Virtualization Remote Access/Intermediate Systems Data Diodes Complete Segregation 4 Legged Firewall Connecting OT-OT and OT-IT systems 18 RELIABILITY ACCOUNTABILITY
92 CSSWG Control System Electronic Connectivity: Security Mechanisms Access Controls User Access & Configuration Management 19 RELIABILITY ACCOUNTABILITY
93 CSSWG Control System Electronic Connectivity: Disconnecting and Reconnecting When to disconnect Where to disconnect How to disconnect and how to reconnect 20 RELIABILITY ACCOUNTABILITY
94 CSSWG Control System Electronic Connectivity: Appendices: Pointers and References Bibliography Glossary Use Cases and Examples 21 RELIABILITY ACCOUNTABILITY
95 Examples & Use Cases 22 RELIABILITY ACCOUNTABILITY
96 CSSWG Core Contributors Nadya Bartol Larry Bugh Frances Cleveland Tim Conway Dustin Cornelius Mikhail Falkovich Cynthia Hill-Watson Michael Johnson Carter Manucy Paul Skare Cyber Subcommittee Chair: Marc Child NERC Staff: Laura Brown 23 RELIABILITY ACCOUNTABILITY
97 CSSWG Remaining Tasks Continue to work on the guideline language Hold two in-person meetings to finalize the drafts (December and February) Distribute the draft guideline to stakeholders (TBD) 24 RELIABILITY ACCOUNTABILITY
98 Cyber Security Subcommittee Questions?
99 CIP Version 5 Revisions Standards Development Update Marisa Hecht, Standards Developer CIPC December 10, 2014
100 Topics Development History CIP Version 5 Revisions Directives FERC Order No. 791 How the Standard Drafting Team (SDT) responded Postings Versioning Current Comment Period & Ballot Next Steps 2 RELIABILITY ACCOUNTABILITY
101 Development History FERC Order No. 791 issued November 2013 Two technical conferences SDT meetings SDT conference calls Extensive outreach throughout development 3 RELIABILITY ACCOUNTABILITY
102 CIP Version 5 Revisions - Directives Identify, Assess, Correct (IAC) Directive: remove or modify the IAC language, retain the requirement provisions, and clarify the obligations for compliance SDT removed IAC language, revised the VSLs Communication Networks (CN) Directive: define communication networks and write standard to protect the nonprogrammable components of communication networks SDT revised CIP-006 and CIP-007, no glossary definition 4 RELIABILITY ACCOUNTABILITY
103 CIP Version 5 Revisions - Directives Low Impact Directive: add objective criteria from which to judge the sufficiency of controls Revised CIP Requirement R2 and developed attachment to add detail to the four subject matter areas; created two new definitions Transient Devices Directive: develop new or modified standards for transient devices SDT drafted new requirement and attachment for CIP-010-3; reference in CIP-007-7; added language to CIP and CIP Guidance; revised two definitions and created two new definitions 5 RELIABILITY ACCOUNTABILITY
104 Postings Initial Comment Period and Ballot June 2-July 16 Additional Comment Period and Ballot September 3-October 17 Version X IAC and Communication Networks -6 and -3 Lows and Transient Devices Additional Comment Period and Ballot November 25-January 9 6 RELIABILITY ACCOUNTABILITY
105 Versioning CIP-003-6/CIP July Additional Ballot Version X IAC/CN Only CIP-003-X/CIP-010-X October Additional Ballot CIP-003-6/CIP Lows/Transients CIP-003-6/CIP October Final Ballot CIP-003-6/CIP November Board Adoption January Additional Ballot CIP-003-7/CIP directives January Final Ballot 7 RELIABILITY ACCOUNTABILITY
106 Current Additional Comment Period & Ballot SDT determined additional work was needed in response to comments and posted the following documents: CIP-003-7, CIP-004-7, CIP-007-7, CIP-010-3, and CIP Definitions Implementation Plan Includes language adopted by NERC Board in November IAC removal Communication networks revisions Revisions addressed transient devices and lows directives Focused on clarifying language and intent 8 RELIABILITY ACCOUNTABILITY
107 Next Steps Additional Ballot concludes January 9 SDT will meet January at NERC in Atlanta Final ballot will be conducted soon after SDT meeting Request NERC Board adoption Filed at FERC upon NERC Board adoption 9 RELIABILITY ACCOUNTABILITY
108 RELIABILITY ACCOUNTABILITY
109 CIP Version 5 Transition NERC CIPC December Meeting Tobias Whitney, Manager of CIP Assurance Tobias.Whitney@nerc.net
110 Transition Elements Continuous Outreach Training Compliance and Enforcement Periodic Guidance 2 RELIABILITY ACCOUNTABILITY
111 V5 Transition Advisory Group NERC, Regions, and stakeholder group Topics to support confidence in implementing Version 5 Partner with regions and stakeholders Meets approximately monthly Team composition: Implementation study participants Standard Drafting Team representation NERC and Regional Entity staff Role Prioritizes and supports unity of approach on references to enhance stakeholder understanding and implementation of the standards Additional topics for enhanced training/guidance 3 RELIABILITY ACCOUNTABILITY
112 Lesson Learned Status Far-end Relay * Programmable Devices Generation Segmentation * Virtualization (Networks and Servers) Serial Devices that are accessed remotely Control Centers operated by TOs and non-registered BAs Interactive Remote Access (Scripts and Mgt consoles) Non-routable infrastructure components Shared Substations Mixed Trust EACMs * General FAQs* 4 RELIABILITY ACCOUNTABILITY
113 Key Next Steps Implementation Study Report (October 2014) CIP Program Management Level Feedback Identification of Lesson Learned Monthly Lesson Learned Comment Posting Period Far-end Relay (October) Generation Segmentation (October) CIP Version 5 FAQs 3-5 posted per month Final Version 5 RSAWs (Q4) RAI CIP V5 Program Document (Q4) 5 RELIABILITY ACCOUNTABILITY
114 6 RELIABILITY ACCOUNTABILITY
115 Physical Security CIP NERC Standing Committees December 9-10, 2014
116 Agenda FERC Order Summary Standard Drafting Team activities Guidance Development Activities Implementation Timeline 2 RELIABILITY ACCOUNTABILITY
117 FERC Order November 20, 2014, FERC Order: The Commission approved the standard and directed directs NERC to remove the term widespread from Reliability Standard CIP or to propose modifications to the Reliability Standard that address the Commission s concerns within 6 months of the effective date of the order. Directed NERC to make an informational filing addressing whether CIP provides physical security for all High Impact control centers necessary for the reliable operation of the Bulk-Power System. The Commission directed NERC to submit this filing within two years after the effective date of the standard. 3 RELIABILITY ACCOUNTABILITY
118 Standard Drafting Team Activities Revised SAR to address use of widespread was approved for posting by the NERC SC on December 9, SAR will be posted for 30 days. Standard Drafting Team will address any comments received on the SAR and begin standard development process in January RELIABILITY ACCOUNTABILITY
119 Guidance Development Activities NERC will work with NATF and other industry groups to develop guidance. The guidance will address: Best practices and effective approaches to meet each requirement Compliance-oriented communication for common regional compliance and enforcement Stakeholder groups will be formed to field industry FAQs. The group will include: Industry groups Regional Compliance and Enforcement staff NERC Subcommittee o PC o CIPC 5 RELIABILITY ACCOUNTABILITY
120 CIP Implementation Transmission Owner to identify critical facilities on or before the effective date of CIP (6 months following FERC approval) Tiered implementation timeline for balance of requirements (within15 months) Security Plan implementation may specify timelines for completion of security measures ERO to monitor implementation 6 RELIABILITY ACCOUNTABILITY
121 Implementation Critical facility identification (R1) complete before effective date (six months following publication in the Federal Registry) Standard approved November 20, 2014 Mandatory and Enforceable October 1, 2015 Third party verification (R2) complete within 90 days of completion of R1: Mandatory and Enforceable no later than December 30, 2015 Part revisions to list could add 60 days Notification of other parties (R3) complete within 7 days of completion of R2. 7 RELIABILITY ACCOUNTABILITY
122 Implementation Evaluate threats and vulnerabilities (R4) and develop security plans (R5). Mandatory and Enforceable 120 days after completion of R2. Third party review of threats and vulnerabilities and security plans (R6). Mandatory and Enforceable 90 days after completion of R4/R5 Part 6.3 revisions to threats, vulnerabilities and plans could add 60 days 8 RELIABILITY ACCOUNTABILITY
123 CIP Implementation Timeline R1, R2 & R3 Risk Assessment & Verification Guidance Review NATF Guidance (R1) and provide any substantive edits Develop Compliance and Enforcement Letter to the ERO (R1, R2, R3) Publish Guidance January 2015 Mandatory Enforcement Oct 1, 2015 R4 & R5 Threat Evaluation / Physical Security Plans Develop Compliance and Enforcement Letter to the ERO (R4, R5) April 2015 May 1, 2016 R6 Physical Security Plan Verifications Develop Compliance and Enforcement Letter to the ERO (R6) July 2015 Aug 1, RELIABILITY ACCOUNTABILITY
124 ERO to Monitor Implementation Number of assets critical under the standard Defining characteristics of the assets identified as critical Scope of security plans (types of security and resiliency contemplated) Timelines included for implementing security and resiliency measures Industry s progress in implementing the standard 10 RELIABILITY ACCOUNTABILITY
125 Information NERC Standards Developer, Stephen Crutchfield NERC CIP Compliance Mgr, Tobias Whitney at or Project Web Page is: Security.aspx CIP Standard may be found here: r=cip-014-1&title=physical%20security&jurisdiction=united%20states 11 RELIABILITY ACCOUNTABILITY
126 12 RELIABILITY ACCOUNTABILITY
127 Security Training WG Progress Report William Whitney III, Chair David Godfrey, Vice Chair
128 Security Training WG 1. Charter a. CIPC will provide meeting attendees with an opportunity to participate in physical, cyber, and operational security training, as well as, educational outreach opportunities. 2. Current Members Bob Canada, David Grubbs, John Breckenridge, David Godfrey, Ross Johnson, Chantel Haswell, Rick Carter, James McQuiggan, Jason Phillips, Nick Santora, David Scott, Ronald Keen, Tim Conway, Steen Fjalstad, Daniel Moore, Jason Phillips, Nick Rasey, and William Whitney III 2 RELIABILITY ACCOUNTABILITY
129 Security Training WG 3. Latest Activities a. Monthly conference calls to discuss goals and actions b. Finalizing HILF recommendation to raise operator awareness about cyber attacks on the grid with SOS and SANS. SANS is currently developing the Operator training. c. Provided a successful security training opportunities to the industry d. Finalizing tasks assigned to us from the GridEx II Lessons Learned e. Now recording webinars and CIPC training events. Working on online content availability. f. Continuing to compile a list of free training resources available to entities 3 RELIABILITY ACCOUNTABILITY
130 Security Training WG 2014 Progress Date Name Registered Attended 4/16/2014 Physical Security Management and Programs Web 5/14/2014 Physical Security Assessments, Design, and Protection Stategies Web 6/10/2014 Security Technology Awareness Workshop In Person 7/17/2014 Active Shooter with Danny Coulson Web Active Shooter playbacks post webinar Web 9/16/2014 Cyber Incident Response Planning Workshop In Person 11/18/2014 Private Sector Clearance Program Web Totals RELIABILITY ACCOUNTABILITY
131 Security Training WG 2015 Training Schedule We plan to provide 12 webinars, 1 each month NEW!!! We plan to expand the workshops prior to CIPC meetings with 2 tracks, one for cyber and one for physical, for a total of 6 in person training opportunities. Please let us know what training you and/or your fellow colleagues would like to see in 2015 so we can secure the speakers for that topic. If you or someone you know would like to present on a topic let us know because we would enjoy the information sharing. Remember, what you may think is common knowledge others might not know! 5 RELIABILITY ACCOUNTABILITY
132 Security Training WG 1. Training Links a. TEEX - b. DHS - c. DOD - d. FEMA - e. DOE - f. MS-ISAC - Have a link for free, quality, training? Please share with us to add to the list. 6 RELIABILITY ACCOUNTABILITY
133 4. Next Steps Security Training WG a. Continue to expand the list of free on demand training from reputable agencies and vendors b. Schedule and prepare future Pre-CIPC training sessions and webinars c. Work with vendors and/or individuals in the industry to provide specific training to industry a. This means you and/or your co-workers that have information to share with the industry d. Continue work with SOS and SANS to compile operator training with cyber attack scenarios per the HILF recommendations and plan a training date. e. Complete GridEx II Lessons Learned assignments from EC 5. CIPC Actions a. Concerns and/or suggestions for today s discussion 7 RELIABILITY ACCOUNTABILITY
134 Questions? Or
135 Personnel Security Clearance Task Force (PSCTF) Critical Infrastructure Protection Committee December 9, 2014 Nathan Mitchell, Chair Policy Subcommittee
136 Recommendations Inform government of the value that industry SMEs bring to classified discussions. Use the clearance model outlined in this report to identify and validate industry nominees on a functional basis. Submit clearance nominees through the Electricity Sector Information Sharing and Analysis Center (ES-ISAC) to facilitate the selection process. (ESCC Liaison facilitates clearance nominations) Encourage clearance nominees to use the guidance in this report during the PSCP application process. Advocate for TS-SCI clearances for ES-ISAC staff. 2 RELIABILITY ACCOUNTABILITY
137 Work is complete With the completion of all the recommendations the CIPC-EC proposes to dissolve the PSCTF 3 RELIABILITY ACCOUNTABILITY
138 Thank you PSCTF members!
139 BES Security Metrics WG Progress Report James W. Sample, Chair Roland Miller, Vice-Chair December 10, 2014
140 How we fit in! 2 RELIABILITY ACCOUNTABILITY
141 Activities Previous Update: Drafted Macro metrics focused primarily on what a Strong Security Posture looks like for the sector Discussed concept of Micro metrics focused primarily on evidence supporting the macro metrics Discussed we were looking into how to leverage ALR by adding security attributes Activity Since Previous Update: Applied the SMART criteria to a number of the more quantifiable Macro metrics Prioritized these Macro metrics for detailed development Proposed including new section for 2014 State of Reliability Report to introduce the what and how for these security metrics 3 RELIABILITY ACCOUNTABILITY
142 Strong Security Posture: Macro Metrics ,9 4 RELIABILITY ACCOUNTABILITY
143 SMART Criteria 5 RELIABILITY ACCOUNTABILITY
144 SMART Scores Metric 1. Number of entities using C2M2 methodology to assess the maturity of their cyber security program 2. Number of entities using the NERC Cyber Risk Preparedness Assessment (CRPA) program 3. Number and frequency of government-sponsored classified briefings attended by entities 4. ES-ISAC portal being used by entities voluntarily to share information with industry (e.g., average number of portal accesses per quarter per registrant, or participation rate in ES- ISAC conference calls) SMART Rating (maximum of 15) TOTAL Number of entities registered to access ES-ISAC portal to 12 share information (e.g., number of registrants, measured quarterly) 6. Number of ES-ISAC Advisories and Alerts issued per quarter Number of industry entities participating as Active Organizations in GridEx security exercise 8. Frequency of Reportable Cyber Security Incidents reported by entities 9. Frequency of failure or compromise of cyber security controls (voluntary reporting) RELIABILITY ACCOUNTABILITY
145 Define Metric in Detail Name and definition Relevance to reliable BES operations Mathematical formula Data source and collection process Need for pilot Metric Number Submittal Date Sponsor Group (OC, PC or subgroup name) Short Title Metric Description Purpose How will it be suited to indicate performance? Formula Metric Start Time or Baseline Time Horizon Data Collection Interval and Roll Up Ease of Collection Aggregation Linkage to NERC Standard Linkage to Data Source Need for Validation or Pilot Data Submitting Entity ALR4-2 (M17) ALR4-2 (M17) CIPC BES Security Metrics Working Group SMART Rating Total Score Specific/ Simple Measurable Attainable Relevant Tangible/ Timely Reporting 7 RELIABILITY ACCOUNTABILITY
146 Next Steps Prioritize metrics and proceed with detailed development Coordinate with the PC s Performance Analysis Subcommittee and draft new Security Metrics section for 2015 State of Reliability Report Less than 1 page Developing Security Metrics Goals for developing security metrics (i.e., why would this be helpful to the industry) Challenges associated with collecting security metrics (to recognize why this won t be quick or easy) Status of BESSMWG efforts, plan for 2015 (high level) 8 RELIABILITY ACCOUNTABILITY
147 NERC CIPC Compliance and Enforcement Input Working Group NERC CIPC Update December 9-10th, 2014 Paul Crist
148 NERC CIPC Compliance and Enforcement Input Working Group Update CEIWG Conference Calls - October 9th, November 13 th, 2014
149 NERC CIPC Compliance and Enforcement Input Working Group Update Agenda Items 1. Update on Lessons Learned 1. Far End Relays Impact Rating 2. Generation Segmentation 2. CIP V3 to V5 Transition Updates/Schedule 3. ES-ISAC CEIWG Working Page 4. RAI Process 5. Virtualization
150 NERC CIPC Compliance and Enforcement Input Working Group Update Far End Relays Impact Rating Comments Submitted 1. Provides clarification for Criterion Additional guidance still needed 1. Criterion 2.4 and collector bus 2. Criterion 2.6 with derivation of IROL and associated contingencies 3. Criterion 2.7 with Transmission Facilities for NUC Interface Requirements 4. Criterion 2.8 with interconnection Facilities 5. Criterion 2.9 with SPS, RAS, or automated switching Systems for IROL s. 3. Suggested an additional Lesson Learned for guidance on scoping.
151 Future Work Participation in Lessons Learned Document Reviews Participation in the RAI Advisory Group Participation in the V3-V5 Transition Advisory Group
152 Virtualization Update
153
154 NERC CIPC Compliance and Enforcement Input Working Group Update Meetings 2 nd Thursday of the Month at 1:00 CST (Let me know if you need the call-in information) Questions?
NERC Critical Infrastructure Protection Committee (CIPC) Highlights
NERC Critical Infrastructure Protection Committee (CIPC) Highlights Mike Kraft, Basin Electric Power Cooperative MRO Board of Directors Meeting March 17, 2016 Midwest Reliability Organization Standards
More informationCritical Infrastructure Protection Committee Strategic Plan
Critical Infrastructure Protection Committee Strategic Plan 2018-2019 CIPC Executive Committee Updated:xxxxxxxx NERC Report Title Report Date I Table of Contents Preface... iii CIPC Organizational Structure...
More informationCritical Infrastructure Protection Committee Draft Minutes September 16-17, 2014
Critical Infrastructure Protection Committee Draft Minutes September 16-17, 2014 Hyatt Regency Vancouver 655 Burrard Street Vancouver, BC, Canada V6C2R7 The Critical Infrastructure Protection Committee
More informationPhysical Security Reliability Standard Implementation
Physical Security Reliability Standard Implementation Attachment 4b Action Information Background On March 7, 2014, the Commission issued an order directing NERC to submit for approval, within 90 days,
More informationCritical Infrastructure Protection Committee Strategic Plan
Critical Infrastructure Protection Committee Strategic Plan 2013-2016 CIPC Executive Committee 5/14/2013 3353 Peachtree Road NE Suite 600, North Tower Atlanta, Georgia 30326 404-446-2560 www.nerc.com Table
More informationGrid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016
Grid Security & NERC Council of State Governments The Future of American Electricity Policy Academy Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016 1965 Northeast blackout
More informationEfficiency and Effectiveness of Stakeholder Engagement
Efficiency and Effectiveness of Stakeholder Engagement Michael Walker, Senior Vice President and Chief Enterprise Risk and Strategic Development Officer Member Representatives Committee Meeting February
More informationCritical Infrastructure Protection Committee Strategic Plan
Critical Infrastructure Protection Committee Strategic Plan 2015-2018 CIPC Executive Committee Updated: December 13, 2016 NERC Report Title Report Date I Table of Contents Preface... iv Executive Summary...
More informationElectricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013
Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013 Purpose and Scope The purpose of the Electricity Sub-Sector Coordinating Council (ESCC) is to facilitate and support
More informationGrid Security & NERC
Grid Security & NERC Janet Sena, Senior Vice President, Policy and External Affairs Southern States Energy Board 2017 Associate Members Winter Meeting February 27, 2017 Recent NERC History Energy Policy
More informationCyber Security Incident Report
Cyber Security Incident Report Technical Rationale and Justification for Reliability Standard CIP-008-6 January 2019 NERC Report Title Report Date I Table of Contents Preface... iii Introduction... 1 New
More informationPrivate Sector Clearance Program (PSCP) Webinar
Private Sector Clearance Program (PSCP) Webinar Critical Infrastructure Protection Committee November 18, 2014 Nathan Mitchell, ESCC Clearance Liaison Agenda History NERC CIPC Private Sector Clearance
More informationTestimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON
Testimony Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON Defending Our Democracy: Building Partnerships to Protect America
More informationLive Webinar: Best Practices in Substation Security November 17, 2014
Live Webinar: Best Practices in Substation Security November 17, 2014 1 Agenda & Panelists Welcome & Introduction - Allan Wick, CFE, CPP, PSP, PCI, CBCP Enterprise Security Manager-CSO Tri-State Generation
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationFERC Reliability Technical Conference Panel III: ERO Performance and Initiatives ESCC and the ES-ISAC
: ERO Performance and Initiatives June 4, 2015 Chairman Bay, Commissioners, and fellow panelists, I appreciate the opportunity to address the topics identified for the third panel of today s important
More informationStandards. Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016
Standards Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016 Balancing Authority Reliability-based Controls Reliability Benefits Data requirements for Balancing Authority (BA)
More informationERO Enterprise IT Projects Update
ERO Enterprise IT Projects Update Stan Hoptroff, Vice President, Chief Technology Officer and Director of Information Technology Technology and Security Committee Meeting November 6, 2018 Agenda ERO IT
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 10 Chapter X Security Performance Metrics Background For many years now, NERC and the electricity industry have taken actions to address cyber and physical
More informationCyber Security Reliability Standards CIP V5 Transition Guidance:
Cyber Security Reliability Standards CIP V5 Transition Guidance: ERO Compliance and Enforcement Activities during the Transition to the CIP Version 5 Reliability Standards To: Regional Entities and Responsible
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 9 Chapter X Security Performance Metrics Background For the past two years, the State of Reliability report has included a chapter for security performance
More informationAgenda Event Analysis Subcommittee Conference Call
Agenda Event Analysis Subcommittee Conference Call August 14, 2013 11:00 a.m. 1:00 p.m. Eastern Ready Talk Conference Call and Web Meeting Information: Dial-In: 1-866-740-1260 Access Code: 6517175 Security
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationCyber Security Standards Drafting Team Update
Cyber Security Standards Drafting Team Update Michael Assante, VP & Chief Security Officer North American Electric Reliability Corp. February 3, 2008 Overview About NERC Project Background Proposed Modifications
More informationCritical Infrastructure Protection (CIP) Version 5 Revisions. Standard Drafting Team Update Industry Webinar September 19, 2014
Critical Infrastructure Protection (CIP) Version 5 Revisions Standard Drafting Team Update Industry Webinar September 19, 2014 Administrative Items NERC Antitrust Guidelines It is NERC s policy and practice
More informationGridEx IV Initial Lessons Learned and Resilience Initiatives
GridEx IV Initial Lessons Learned and Resilience Initiatives LeRoy T. Bunyon, MBA, CBCP Sr. Lead Analyst, Business Continuity 2017 GridEx IV GridEx is a NERC-sponsored, North American grid resilience exercise
More informationIndustry role moving forward
Industry role moving forward Discussion with National Research Council, Workshop on the Resiliency of the Electric Power Delivery System in Response to Terrorism and Natural Disasters February 27-28, 2013
More informationReliability Standards Development Plan
Reliability Standards Development Plan Steven Noess, Director of Standards Development Standards Oversight and Technology Committee Meeting November 1, 2016 2017-2019 Reliability Standards Development
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda Rise in Data Breaches Effects of Increase in Cybersecurity Threats Cybersecurity Framework
More informationProject Physical Security Directives Mapping Document
Document Background In Order No. 802 (final order on CIP-014-1 Physical Security), issued on November 20, 2014, FERC directed NERC to remove the term widespread from Reliability Standard CIP-014-1 or,
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationCIP Version 5 Transition. Steven Noess, Director of Compliance Assurance Member Representatives Committee Meeting November 12, 2014
CIP Version 5 Transition Steven Noess, Director of Compliance Assurance Member Representatives Committee Meeting November 12, 2014 Purpose of the Transition Program Transitioning entities confident in
More informationNERC-Led Technical Conferences
NERC-Led Technical Conferences NERC s Headquarters Atlanta, GA Tuesday, January 21, 2014 Sheraton Phoenix Downtown Phoenix, AZ Thursday, January 23, 2014 Administrative Items NERC Antitrust Guidelines
More informationUNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION ) )
UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION Cyber Security Incident Reporting Reliability Standards ) ) Docket Nos. RM18-2-000 AD17-9-000 COMMENTS OF THE NORTH AMERICAN ELECTRIC
More informationTechnical Conference on Critical Infrastructure Protection Supply Chain Risk Management
Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management Remarks of Marcus Sachs, Senior Vice President and the Chief Security Officer North American Electric Reliability
More informationScope Cyber Attack Task Force (CATF)
Scope Cyber Attack Task Force (CATF) PART A: Required for Committee Approval Purpose This document defines the scope, objectives, organization, deliverables, and overall approach for the Cyber Attack Task
More informationDHS Cybersecurity: Services for State and Local Officials. February 2017
DHS Cybersecurity: Services for State and Local Officials February 2017 Department of Established in March of 2003 and combined 22 different Federal departments and agencies into a unified, integrated
More informationMarch 6, Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices
March 6, 2019 Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices On July 21, 2016, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability
More informationTexas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13
Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13 I. Vision A highly reliable and secure bulk power system in the Electric Reliability Council of Texas
More informationOPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith
OPUC Workshop March 13, 2015 Cyber Security Electric Utilities Portland General Electric Co. Travis Anderson Scott Smith 1 CIP Version 5 PGE Implementation Understanding the Regulations PGE Attended WECC
More informationDRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1
DRAFT Cyber Security Communications between Control Centers Technical Rationale and Justification for Reliability Standard CIP-012-1 March May 2018 NERC Report Title Report Date I Table of Contents Preface...
More informationCompliance Enforcement Initiative
Compliance Enforcement Initiative Filing and Status Update November 2, 2011 Rebecca Michael Status of the Filings NERC filed several components of the Compliance Enforcement Initiative on September 30,
More informationHistory of NERC December 2012
History of NERC December 2012 Timeline Date 1962-1963 November 9, 1965 1967 1967-1968 June 1, 1968 July 13-14, 1977 1979 1980 Description Industry creates an informal, voluntary organization of operating
More informationCyber Partnership Blueprint: An Outline
Approved for Public Release; Distribution Unlimited. 13-3851 The MITRE Corporation Cyber Partnership Blueprint: An Outline October 26, 2013 Copyright 1997-2013, The MITRE Corporation. All rights reserved.
More informationUnofficial Comment Form Project Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i)
Unofficial Comment Form Project 2016-02 Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i) Do not use this form for submitting comments. Use the electronic form to submit
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015
Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently
More informationCIP V5 Updates Midwest Energy Association Electrical Operations Conference
CIP V5 Updates Midwest Energy Association Electrical Operations Conference May 2015 Bob Yates, CISSP, MBA Principal Technical Auditor ReliabilityFirst Corporation Agenda Cyber Security Standards Version
More informationCIP Cyber Security Standards. Development Update
CIP Cyber Security Standards Development Update John Lim Consolidated Edison Co. of New York Rob Antonishen Ontario Power Generation September 21-22, 2010 1 Disclaimer This NPCC TFIST workshop provides
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014
Federal Energy Regulatory Commission Order No. 791 June 2, 2014 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently proposed
More informationCritical Infrastructure Protection Version 5
Critical Infrastructure Protection Version 5 Tobias Whitney, Senior CIP Manager, Grid Assurance, NERC Compliance Committee Open Meeting August 9, 2017 Agenda Critical Infrastructure Protection (CIP) Standards
More informationChapter X Security Performance Metrics
DRAFT February 19, 15 BES Security s Working Group Page 1 of 7 Chapter X Security Performance s 1 3 3 3 3 0 Background The State of Reliability 1 report noted that the NERC PAS was collaborating with the
More informationIndustry Webinar. Project Modifications to CIP-008 Cyber Security Incident Reporting. November 16, 2018
Industry Webinar Project 2018-02 Modifications to CIP-008 Cyber Security Incident Reporting November 16, 2018 Agenda Presenters Standard Drafting Team NERC Staff - Alison Oswald Administrative Items Project
More informationBoard of Trustees Compliance Committee
Board of Trustees Compliance Committee August 13, 2014 10:00 a.m. 11:00 a.m. Pacific The Westin Bayshore 1601 Bayshore Drive Vancouver, BC V6G 2V4 Reliability Assurance Initiative (RAI) Progress Report
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationExecutive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI
Executive Order 13636 & Presidential Policy Directive 21 Ed Goff, Duke Energy Melanie Seader, EEI Agenda Executive Order 13636 Presidential Policy Directive 21 Nation Infrastructure Protection Plan Cybersecurity
More information1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010
Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes
More informationERO Enterprise Strategic Planning Redesign
ERO Enterprise Strategic Planning Redesign Mark Lauby, Senior Vice President and Chief Reliability Officer Member Representatives Committee Meeting February 10, 2016 Strategic Planning Redesign Current
More informationCompliance Monitoring and Enforcement Program Technology Project Update
Compliance Monitoring and Enforcement Program Technology Project Update Stan Hoptroff, Vice President, Chief Technology Officer and Director of Information Technology Technology and Security Committee
More informationCIP Cyber Security Configuration Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationDecember 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development
December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination
More informationStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening
More informationImplementing Executive Order and Presidential Policy Directive 21
March 26, 2013 Implementing Executive Order 13636 and Presidential Policy Directive 21 Mike Smith, Senior Cyber Policy Advisor, Office of Electricity Delivery and Energy Reliability, Department of Energy
More informationJim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas
Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas Facts expressed in this presentation are Facts Opinions express in this presentation are solely my own The voices I
More informationPhilip Huff Arkansas Electric Cooperative Corporation Doug Johnson Commonwealth Edison Company. CSO706 SDT Webinar August 24, 2011
CIP Standards Version 5 Requirements & Status Philip Huff Arkansas Electric Cooperative Corporation Doug Johnson Commonwealth Edison Company David Revill Georgia Transmission Corporation CSO706 SDT Webinar
More informationMedical Device Cybersecurity: FDA Perspective
Medical Device Cybersecurity: FDA Perspective Suzanne B. Schwartz MD, MBA Associate Director for Science and Strategic Partnerships Office of the Center Director (OCD) Center for Devices and Radiological
More informationEEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,
EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1, 2008 www.morganlewis.com Overview Reliability Standards Enforcement Framework Critical Infrastructure Protection (CIP)
More informationStandards. Howard Gugel, Director of Standards Board of Trustees Meeting May 5, 2016
Standards Howard Gugel, Director of Standards Board of Trustees Meeting May 5, 2016 Real-time Monitoring and Analysis Reliability Benefits Ensure entities have capabilities for maintaining high quality
More informationUNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION. Foundation for Resilient Societies ) Docket No.
UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION Foundation for Resilient Societies ) Docket No. AD17-9-000 COMMENTS OF THE NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION IN OPPOSITION
More informationImpacts and Implementation: NERC Reliability Standards, Compliance Initiatives, and Regulatory Activities
Impacts and Implementation: NERC Reliability Standards, Compliance Initiatives, and Regulatory Activities NRECA TechAdvantage March 2014 Patti Metro Manager, Transmission & Reliability Standards NRECA
More information79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90
th OREGON LEGISLATIVE ASSEMBLY-- Regular Session Senate Bill 0 Printed pursuant to Senate Interim Rule. by order of the President of the Senate in conformance with presession filing rules, indicating neither
More informationStandards Authorization Request Form
Standards Authorization Request Form When completed, email this form to: sarcomm@nerc.com NERC welcomes suggestions to improve the reliability of the bulk power system through improved reliability standards.
More informationHistory of NERC August 2013
History of NERC August 2013 Timeline Date 1962 1963 November 9, 1965 1967 1967 1968 June 1, 1968 July 13 14, 1977 1979 Description The electricity industry creates an informal, voluntary organization of
More informationGridEx IV Panel Discussion
GridEx IV Panel Discussion NERC GridSecCon October, 2016 1 Generation 254 GW Transmission Geography 120,000 Miles 22 States GridEx IV Panel Discussion Focus on Operations NERC GridSecCon October 20, 2016
More informationStandards Authorization Request Form
Standards Authorization Request Form When completed, email this form to: sarcomm@nerc.com NERC welcomes suggestions to improve the reliability of the bulk power system through improved reliability standards.
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationThis draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationPIPELINE SECURITY An Overview of TSA Programs
PIPELINE SECURITY An Overview of TSA Programs Jack Fox Pipeline Industry Engagement Manager Surface Division Office of Security Policy & Industry Engagement May 5, 2014 TSA and Pipeline Security As the
More informationDHS Election Task Force Updates. Geoff Hale, Elections Task Force
1 DHS Election Task Force Updates Geoff Hale, Elections Task Force Geoffrey.Hale@hq.dhs.gov ETF Updates Where we ve made progress Services EI-ISAC/ National Cyber Situational Awareness Room What we ve
More informationViews on the Framework for Improving Critical Infrastructure Cybersecurity
This document is scheduled to be published in the Federal Register on 12/11/2015 and available online at http://federalregister.gov/a/2015-31217, and on FDsys.gov Billing Code: 3510-13 DEPARTMENT OF COMMERCE
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationStandards Development Update
Standards Development Update Steven Noess, Director of Standards Development FRCC Reliability Performance Industry Outreach Workshop September 20, 2017 Supply Chain Risk Management 1 Cyber Security Supply
More informationBEFORE THE U.S. HOUSE OF REPRESENTATIVES COMMITTEE ON ENERGY AND COMMERCE SUBCOMMITTEE ON ENERGY
STATEMENT OF SCOTT I. AARONSON EXECUTIVE DIRECTOR, SECURITY AND BUSINESS CONTINUITY EDISON ELECTRIC INSTITUTE AND SECRETARIAT MEMBER ELECTRICITY SUBSECTOR COORDINATING COUNCIL BEFORE THE U.S. HOUSE OF
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationRELIABILITY COMPLIANCE ENFORCEMENT IN ONTARIO
RELIABILITY COMPLIANCE ENFORCEMENT IN ONTARIO June 27, 2016 Training provided for Ontario market participants by the Market Assessment and Compliance Division of the IESO Module 1 A MACD training presentation
More informationHPH SCC CYBERSECURITY WORKING GROUP
HPH SCC A PRIMER 1 What Is It? The cross sector coordinating body representing one of 16 critical infrastructure sectors identified in Presidential Executive Order (PPD 21) A trust community partnership
More informationAgenda Critical Infrastructure Protection Committee March 8, :00 5:00 p.m. Eastern March 9, :00 a.m. Noon Eastern
Agenda Critical Infrastructure Protection Committee March 8, 2017 1:00 5:00 p.m. Eastern March 9, 2017 8:00 a.m. Noon Eastern Ritz-Carlton Buckhead 3434 Peachtree Road Atlanta, GA 30326 Room: Salon 2678
More informationBILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers
This document is scheduled to be published in the Federal Register on 07/28/2016 and available online at http://federalregister.gov/a/2016-17854, and on FDsys.gov BILLING CODE 6717-01-P DEPARTMENT OF ENERGY
More informationMeeting Notes Project Modifications to CIP Standards Drafting Team June 28-30, 2016
Meeting Notes Project 2016-02 Modifications to CIP Standards Drafting Team June 28-30, 2016 Exelon Chicago, IL Administrative 1. Introductions / Chair s Remarks The meeting was brought to order by S. Crutchfield
More informationICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team
ICS-CERT Year in Review Industrial Control Systems Cyber Emergency Response Team 2012 What s Inside Welcome 1 Organization 3 Outreach 4 Industrial Control Systems Joint Working Group 5 Advanced Analytical
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationCIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra
CIP-014 JEA Compliance Approach FRCC Fall Compliance Workshop Presenter Daniel Mishra Acronyms & Terminologies DHS Department of Homeland Security JEA It s not an acronym JSO Jacksonville Sheriff's Office
More informationCIP Cyber Security Personnel & Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-6 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the Bulk Electric
More informationThis section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft
More informationNATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium
NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities September 10, 2009, Crystal Gateway Marriott, Arlington,
More informationJune 4, 2014 VIA ELECTRONIC FILING. Veronique Dubois Régie de l'énergie Tour de la Bourse 800, Place Victoria Bureau 255 Montréal, Québec H4Z 1A2
June 4, 2014 VIA ELECTRONIC FILING Veronique Dubois Régie de l'énergie Tour de la Bourse 800, Place Victoria Bureau 255 Montréal, Québec H4Z 1A2 Re: North American Electric Reliability Corporation Dear
More informationMember Representatives Committee Meeting
Member Representatives Committee Meeting August 13, 2014 1:15 p.m. 5:15 p.m. Pacific The Westin Bayshore, Vancouver 1601 Bayshore Drive Vancouver, BC V6G 2V4 Canada Opening Remarks by MRC Chair Consent
More informationMitigation Framework Leadership Group (MitFLG) Charter DRAFT
Mitigation Framework Leadership Group (MitFLG) Charter DRAFT October 28, 2013 1.0 Authorities and Oversight The Mitigation Framework Leadership Group (MitFLG) is hereby established in support of and consistent
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationNORTH AMERICAN ELECTRIC RELIABILITY CORPORATION
NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION NARUC Energy Regulatory Partnership Program The Public Services Regulatory Commission of Armenia and The Iowa Utilities Board Janet Amick Senior Utility
More information