Agenda Critical Infrastructure Protection Committee March 4, :00 5:00 p.m. (CST) March 5, :00 a.m. Noon (CST)
|
|
- Helen Joseph
- 6 years ago
- Views:
Transcription
1 Agenda Critical Infrastructure Protection Committee March 4, :00 5:00 p.m. (CST) March 5, :00 a.m. Noon (CST) Hyatt Regency at the Arch 315 Chestnut Street St. Louis, MO (314) CIP Technical Workshop Hyatt Regency at the Arch 315 Chestnut Street St. Louis, MO March 4, :30 a.m. Noon (CST) Room: Park View Critical Infrastructure Protection Committee Meeting Hyatt Regency at the Arch CIPC Working Lunch: Regency AB March 4, 2014 Noon 1:00 p.m. (CST) March 4, :00 5:00 p.m. (CST) March 5, :00 a.m. Noon (CST) Room: Regency EF Welcome and Introductions Chair Chuck Abell NERC Antitrust Compliance Guidelines and Public Meeting Announcement Agenda 1. Remarks by Ms. Maureen Borkowski Chairman, President, and CEO, Ameren Transmission Co. 2. Administrative CIPC Secretary Bob Canada a. Safety Briefing and Emergency Precautions Hyatt at the Arch Staff b. Declaration of Quorum c. CIPC Roster Page 13 d. Parliamentary Procedures In the absence of specific provisions in the CIPC charter, the Committee shall conduct its meetings guided by the most recent edition of Robert s Rules of Order, Newly Revised. e. Introductions
2 3. Consent Agenda Chair Chuck Abell a. December 10-11, 2013 Draft Minutes for CIPC Approval b. March CIPC Agenda c. Committee Membership Appointments and Changes: TRE David Grubbs City of Garland Operations TRE Jim Brenton ERCOT Cyber TRE Darrell Klimitcheck STEC Physical FRCC Paul McClay TECO Cyber FRCC Carter Manucy Fla Municipal Physical FRCC Joe Garmon Seminole Operations MRO Marc Child Great River Cyber MRO Paul Crist LES Physical MRO Vacant TBD Operations NPCC John Galloway ISO-NE Operations NPCC Greg Goodrich NYISO Cyber NPCC Vacant TBD Physical RFC Larry Bugh RFC Cyber RFC Kent Kujala Detroit Operations RFC Jeff Fuller DPL Physical SERC Chuck Abell Ameren Cyber SERC Vacant TBD Operations SERC Tommy Clark SMEPA Physical SPP John Breckenridge KCPL Physical SPP Allen Klassen Westar Operations SPP Robert McClanahan AECC Cyber WECC Allen Wick Tri-State Physical WECC Mike Mertz PNM Cyber WECC Jamey Sample PGE Operations APPA David Godfrey TMPA Physical APPA Nathan Mitchell APPA Policy CEA Chris McColm Manitoba Physical CEA Ross Johnson Capital Power Physical CEA David Dunn IESO Policy NRECA Robert Richhart Hoosier Policy NRECA David Revill Georgia Trans Policy 4. Chair s Remarks Chair Chuck Abell a. NERC Meetings Update and Other Items of CIPC Interest 5. CIPC Nominations Subcommittee Report Chair Robert McClanahan a. Recommendation for Subject Matter Expert (SME) member to replace Carl Eng on the CIPC Executive Committee b. Election of an SME to CIPC Executive Committee 6. CID Director Remarks Matt Blizard, Director of Critical Infrastructure Protection Critical Infrastructure Protection Committee Agenda March 4-5,
3 7. ES-ISAC Update and Cyber Risk Preparedness Assessment (CRPA) Program Update Matt Light, NERC Staff 8. CIP Transition Update Tobias Whitney, NERC Staff 9. Version 5 Revisions Drafting Team Activities Ryan Stewart and Marisa Hecht, NERC Staff Sufficiency Review Program and Directions Scott Mix, NERC Staff 11. Executive Order and Presidential Policy Directive Update Laura Brown, NERC Staff 12. RISC Update and Reliability Risk Control Process Jim Brenton, CIPC Representative to RISC 13. Legislative Update Nathan Mitchell, American Public Power Association 14. Subcommittee Chairs, Subgroups, Progress, and Remarks Chair Chuck Abell 15. Operating Security Subcommittee Subcommittee Chair Jim Brenton a. Electricity Sector Information Sharing Task Force (ESISTF) Chair Stephen Diebold will report on activities, second phase, and outreach efforts. ESISTF Charter ESISTF Report: Approved by CIPC June 11, 2013 Accepted by ESCC July 11, 2013 Accepted by NERC BOT August 15, 2013 b. Grid Exercise Working Group (GEWG) Chair Tim Conway GEWG Charter Briefing on GridEx II Report Bill Lawrence, NERC Staff 16. Policy Subcommittee Subcommittee Chair Nathan Mitchell a. Personnel Security Clearance Task Force (PSCTF) Chair Nathan Mitchell will report on the progress of the work completed and contemplated. Critical Infrastructure Protection Committee Agenda March 4-5,
4 Recommendation #3: Submit clearance nominees through the Electricity Sector Information Sharing and Analysis Center (ES-ISAC) to facilitate the selection process. Next step includes ES-ISAC process development collaboration with the PSCTF. PSCTF Charter PSCTF Report: Approved by CIPC June 11, 2013 Accepted by ESCC July 11, 2013 Accepted by NERC BOT August 15, 2013 b. Bulk Electric System Security Metrics Working Group (BESSMWG) Chair James Sample will report on the progress of work completed and contemplated. BESSMWG Charter BESSMWG Report was endorsed by CIPC June 11, c. Compliance Enforcement and Input Working Group (CEIWG) Chair Paul Crist will report on the progress of the work completed and contemplated. CEIWG Charter 17. Cyber Security Subcommittee Subcommittee Chair Marc Child a. RISC Technical Project and CSSWG Update Marc Child will report on the review for the RISC. b. Cyber Attack Tree Task Force (CATTF) Chair Mark Engels will report on the progress of the work completed and contemplated. CATTF Charter c. Cyber Security Analysis Working Group (CSAWG) Chair Eric Warakomski will report on the progress of the work completed and contemplated. CSAWG Charter 18. Physical Security Subcommittee Subcommittee Chair David Grubbs a. Electricity Sector: Physical Response Guideline Task Force (PSGTF) Chair John Breckenridge PSGTF Charter Electricity Sector: Physical Security Response Guideline CIPC approved by ballot on October 25, Critical Infrastructure Protection Committee Agenda March 4-5,
5 b. Physical Security Working Group (PSWG) Chair Ross Johnson will report on the progress of work completed and contemplated. PSWG Charter c. Security Training Working Group (STWG) Chair William Whitney III will report on progress of work completed and contemplated. STWG Charter 19. Cybersecurity Procurement Language Update for Energy Delivery Systems Ed Goff, Duke 20. North American Transmission Forum (NATF) a. Security Practices Group Activity Update Wayne VanOsdol, Program Manager 21. Agency Updates a. Federal Energy Regulatory Commission (FERC) Cathy Eade, Office of Energy Infrastructure Security b. Department of Homeland Security (DHS) Richard Alt, Sector Outreach and Programs c. Department of Energy (DOE) Ken Friedman, Senior Policy Advisor Critical Infrastructure Protection Committee Agenda March 4-5,
6 Schedule of Important Dates: Dates Time Type Location Hotel April 3, 2014 April 4, :00 a.m. 5:00 p.m. (EST) 8:00 a.m. Noon (EST) Energy Sector Classified Briefing DOE HQ 1000 Independence Ave, SW Washington, DC Per your travel arrangements June 10, :30 a.m. Noon (EDT) CIPC Physical Security Workshop Orlando, FL Hyatt Regency Orlando Int l Airport 9300 Jeff Fuqua Blvd Orlando, FL June 10, :00 5:00 p.m. (EDT) CIPC Meeting Orlando, FL June 11, :00 a.m. Noon (EDT) CIPC Meeting Orlando, FL Hyatt Regency Orlando Int l Airport 9300 Jeff Fuqua Blvd Orlando, FL Hyatt Regency Orlando Int l Airport 9300 Jeff Fuqua Blvd Orlando, FL September 16, :30 a.m. Noon CIPC Cyber Security Workshop September 16, :00 5:00 p.m. CIPC Meeting September 17, :00 a.m. Noon CIPC Meeting Vancouver BC, Canada Vancouver BC, Canada Vancouver BC, Canada TBD TBD TBD September 17, 2014 September 18, 2014 Noon 5:00 p.m. 8:00 a.m. Noon CIPC EC Annual Planning Meeting Vancouver BC, Canada TBD October 14-16, :00 a.m. 5:00 p.m. GridSecCon 2014 San Antonio, Texas Hyatt Regency San Antonio Riverwalk 123 Losoya Street San Antonio, Texas December 9, :00 a.m. Noon (EST) Energy Sector Classified Briefing (No CIPC Workshop) Atlanta, GA TBD December 9, :00 5:00 p.m. (EST) CIPC Meeting Atlanta, GA TBD December 10, :00 a.m. Noon (EST) CIPC Meeting Atlanta, GA TBD 23. Closing Remarks and Action Items 24. Adjournment Critical Infrastructure Protection Committee Agenda March 4-5,
7 CIPC Report to the NERC Reliability Issues Steering Committee (RISC) Analysis of the RISC nomination for digital certificate management (Venafi, Inc 7/29/2013) February 1, 2014 Background In July 2013, technology vendor Venafi, Inc submitted to the Reliability Issues Steering Committee a Reliablity Issues Nomination Form related to the use of digital keys and digital certificates. These technologies are used by machines as a trust mechanism to ensure privacy and non-repudiation of data passed between them. The basis of their concerns (discussed in the Technical Details below) is that poorly managed or implemented digital keys introduce risk to the bulk electric system, and Venafi s recommendations are to make specific language changes in the CIP version 5 standards to include requirements for full life-cycle management of keys, and digital certificate security. In its NOPR for CIP version 5, FERC sought comments as to whether the adoption of communications security protections, such as cryptography and protections for non-routable protocol, would improve the CIP Standards. (Ref: Docket No. RM , page 116). In response, the Commission received comments from vendors (including Venafi) and others that supported the inclusion of such cryptography requirements; while multiple other organizations such as trade groups and individual utilities disagreed, stating the deployment of cryptographic protocols may: (1) prohibitively increase latency in communications; (2) obfuscate data needed for testing and problem diagnosis; and (3) introduce communication errors from complex key management across organizations. (Ref: Docket No. RM , page 116). Version 5 of the NERC CIP standards was approved by FERC in late November 2013, and, while the Final Rule (Order 791) included directives to strengthen the physical protection of communications networks, it did not include any specific instructions for NERC to introduce cryptography requirements into the CIP standards. Recommendations On behalf of the NERC Critical Infrastructure Protection Committee (CIPC), the Control Systems Security Working Group (CSSWG) reviewed the Venafi nomination form for technical accuracy and evaluated the merits of their recommendations.
8 Specifically CSSWG reviewed the FERC NOPR and Final Rule for the CIP version 5 reliability standards, and examined the scope of the newly-formed Order 791 standards drafting team. Finally, the CSSWG contacted the Events Analysis team at NERC to study incidents related to Bulk Electric System outages where digital certificates may have been a contributing factor. The CSSWG found: There have been no Energy Management System (EMS) outages reported to NERC where digital certicates or digital keys were deemed to be a causal or contributing factor. Venafi is correct in stating that entities may have a higher susceptibility to intrusions due to poorly managed keys and certificates. However, poor engineering or poor implementation of technology cannot (and should not be in the opinion of the CSSWG) mitigated through the NERC standards process by use of prescriptive controls. The CIP standards, in particular, focus on what should be protected and not how. The CIPC committee has long recognized the value in providing utilities best practice guidance in the form of technical guidelines published on the ES-ISAC website. Technical subjects such as Connectivity to Business Networks, Identity and Access Management, Intrusion Detection, and Firewalls security topics categorically similar to digital certificate management are areas where the committee has provided guidance and technical resources to help entities design effective solutions and avoid the risk of poorly designed or incomplete security implementations. The CSSWG recommends: Short of any regulatory directives by FERC, no additional modifications to the CIP version 5 standards is planned that would include specific technical requirements for digital certicate management. The CIPC committee should direct the CSSWG to develop a guideline for digital certificate management and encryption to assist entities in choosing and implementing such technologies in a manner consistent with BES reliability. The RISC committee committee shall thank Venafi, Inc as the author of the RISC Nomination Form for volunteering their expert knowledge and bringing this issue to the attention of NERC. Technical Details In response to the four specific recommendations & comments made by Venafi, the CSSWG offers the following technical feedback. Comment #1 CIP Version 5 & FERC NOPR: The use of encryption alone is inadequate to provide secure and trusted data communications. Within the proposed CIP version 5 standards, there are multiple references to authenticated, secure, or encrypted data communications but fall short of clearly prescribing the adoption of communications security protections. FERC's suggestion for the use of cryptography for CIPC Report to the NERC Reliability Issues Steering Committee (RISC) 2
9 encryption should not only be mandatory but should also include provisions for the management of the encryption assets known as keys and certificates. Many organizations - both inside and outside of the bulk electric system - have adopted encryption to secure and trust data communications but are still susceptible to intrusions and attacks due to the theft of poorly managed keys and certificates. The threat posed by the theft of these trust assets is increasing exponentially; if the intruder is trusted, the security defenses in place will be ineffectual to attack or theft. We propose that encryption and the management of authentication/encryption assets to secure data communications be made a part of the CIP version 5 standards. The CSSWG agrees with the statement in general, although we re not as convinced that encryption is adopted in the control systems world as much as was suggested. In our opinion there is still a great deal of misunderstanding about what an IPsec tunnel can and can not do. There is a very great appeal to the use of digital certificates to manage machine to machine (and human to machine) connections. There is general perception that rolling out a large certificate based system is not for the faint of heart. For smaller entities especially, this is a very large technical step to take and requires a great deal of subject matter expertise to get it right. It would be advisable for entities wishing to embark on such a project to visit some companies who are using certificates based encryption and see how well it was rolled out. It would also be equally helpful to visit a company that abandoned the effort as well. Comment #2 CIP-002-5: Certificate Authorities are incorrectly identified as an example of an authentication server under the definition of an Electronic Access Control or Monitoring Systems (EACMS). A Certificate Authority is not in itself an authentication server but is an integral part of a Public Key Infrastructure (PKI). A Certificate Authority (CA) does not provide active authentication, rather it relies on components of the PKI such as Certificate Revocation Lists (CRL), Online Certificate Status Protocol responders (OCSP) to validate/authenticate trust. CA's issue Root Certificates that are part of a trust store to ensure the validity of the trust chain provides authentication. As it serves as the basis to ensure the integrity of the authentication functions of keys and certificates, we propose that PKI be included as a separate category example of an EACMS. Our proposed language is more precise to what we interpret as the intent of the inclusion of Certificate Authorities in the EACMS examples: Electronic Access Points, Intermediate Devices, authentication servers (e.g., RADIUS servers, Active Directory servers, LDAP Servers), Public Key Infrastructure technologies such as but not limited to (Certificate Authorities, OCSP Responders, CRLs, Registration Authorities, certificates, RSA and DSA keys, self signed certificates, CRLs and Trust Stores). Agree with the knowledge that there is OCSP already and to our knowledge it is considered a best practice and should be encouraged, but this suggestion crosses over into the how. Comment #3 CIP-002-5: Without the expansion of the EACMS definition to include PKI, the BES lowers its availability/reliability and adds significant risk to the ability to prevent or respond to a key/ certificate incident. An unavailable, degraded, or misused unmanaged key or certificate in the BES would not be remediated within 15 minutes of the compromise or outage. Venafi's extensive experience in this field indicates that in unmanaged environments with manual processes, the average recovery time to (a) diagnose the issue; (b) request a new certificate; and (c) approve and install is typically two to four hours. We believe that there is intent in the proposed CIP version 5 standards to prevent key and certificate CIPC Report to the NERC Reliability Issues Steering Committee (RISC) 3
10 incidents from having a negative impact on the availability/reliability of the BES. To prevent this from being overlooked, we again propose specific language be added to include PKI as an example of EACMS. There are certainly safety and reliability concerns about keeping a process control or SCADA system up at all costs, and the entity choosing to use a PKI will need to determine what to do if and when a cert is untrusted or becomes untrusted. This must be accounted for in the functional design of the system. Comment #4 CIP-007-5: By limiting the focus to human interaction/authentication with cyber systems, the System Access Controls fail to account for, or place controls on, the majority authentication credentials (machine-tomachine) used in the BES. In this context, authentication falls into user credentials (User ID/Password, One- Time Password (OTP), smartcards and tokens) and machine credentials (the most common form of which are keys and certificates). Within the bulk electric system, machine credentials are used far more often to authenticate than user credentials and the gulf between the two continues to grow wider. By focusing only on User ID/Password credentials for humans, the proposed CIP version 5 standards do not adequately protect the majority of the authentication credentials or the auditability of all access within the bulk electrical system. We propose that CIP Table R5 - System Access Control be expanded to include the active management of keys and certificate credentials in line with User ID/Password credentials. Machine-to-machine credentials are important, but considering current intrusion/infection scenarios, are arguably not the most urgent problem to be addressed by NERC CIP controls. The current standard's concentration on human accounts, authentication, and remote access sets proper and realistic goals. The entity has the ultimate authority to design and implement the level and type of encryption and authorization levels to mitigate the risks identified in their own risk management programs. CIPC Report to the NERC Reliability Issues Steering Committee (RISC) 4
Critical Infrastructure Protection Committee Draft Minutes March 4-5, 2014
Critical Infrastructure Protection Committee Draft Minutes March 4-5, 2014 Hyatt Regency at the Arch 315 Chestnut Street St. Louis, MO 63102 The Critical Infrastructure Protection Committee (CIPC) Chair
More informationCritical Infrastructure Protection Committee Draft Minutes September 16-17, 2014
Critical Infrastructure Protection Committee Draft Minutes September 16-17, 2014 Hyatt Regency Vancouver 655 Burrard Street Vancouver, BC, Canada V6C2R7 The Critical Infrastructure Protection Committee
More informationCritical Infrastructure Protection Committee Minutes June 11-12, 2013
Critical Infrastructure Protection Committee Minutes June 11-12, 2013 Westin Buckhead Atlanta, Georgia The Critical Infrastructure Protection Committee (CIPC) Chair Chuck Abell called the meeting to order
More informationNERC Critical Infrastructure Protection Committee (CIPC) Highlights
NERC Critical Infrastructure Protection Committee (CIPC) Highlights Mike Kraft, Basin Electric Power Cooperative MRO Board of Directors Meeting March 17, 2016 Midwest Reliability Organization Standards
More informationAgenda Critical Infrastructure Protection Committee March 8, :00 5:00 p.m. Eastern March 9, :00 a.m. Noon Eastern
Agenda Critical Infrastructure Protection Committee March 8, 2017 1:00 5:00 p.m. Eastern March 9, 2017 8:00 a.m. Noon Eastern Ritz-Carlton Buckhead 3434 Peachtree Road Atlanta, GA 30326 Room: Salon 2678
More informationCritical Infrastructure Protection Committee Strategic Plan
Critical Infrastructure Protection Committee Strategic Plan 2018-2019 CIPC Executive Committee Updated:xxxxxxxx NERC Report Title Report Date I Table of Contents Preface... iii CIPC Organizational Structure...
More informationEfficiency and Effectiveness of Stakeholder Engagement
Efficiency and Effectiveness of Stakeholder Engagement Michael Walker, Senior Vice President and Chief Enterprise Risk and Strategic Development Officer Member Representatives Committee Meeting February
More informationElectricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013
Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013 Purpose and Scope The purpose of the Electricity Sub-Sector Coordinating Council (ESCC) is to facilitate and support
More informationGrid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016
Grid Security & NERC Council of State Governments The Future of American Electricity Policy Academy Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016 1965 Northeast blackout
More informationGrid Security & NERC
Grid Security & NERC Janet Sena, Senior Vice President, Policy and External Affairs Southern States Energy Board 2017 Associate Members Winter Meeting February 27, 2017 Recent NERC History Energy Policy
More informationPhysical Security Reliability Standard Implementation
Physical Security Reliability Standard Implementation Attachment 4b Action Information Background On March 7, 2014, the Commission issued an order directing NERC to submit for approval, within 90 days,
More informationBILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers
This document is scheduled to be published in the Federal Register on 07/28/2016 and available online at http://federalregister.gov/a/2016-17854, and on FDsys.gov BILLING CODE 6717-01-P DEPARTMENT OF ENERGY
More informationNORTH AMERICAN ELECTRIC RELIABILITY CORPORATION
NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION NARUC Energy Regulatory Partnership Program The Public Services Regulatory Commission of Armenia and The Iowa Utilities Board Janet Amick Senior Utility
More informationCyber Security Incident Report
Cyber Security Incident Report Technical Rationale and Justification for Reliability Standard CIP-008-6 January 2019 NERC Report Title Report Date I Table of Contents Preface... iii Introduction... 1 New
More informationNERC CIPC Chair Report
NERC CIPC Chair Report Chuck Abell March 4, 2014 Recent Happenings NERC Board of Trustees Activity Acceptance of the Physical Security Response Guideline Approved CIPC EC Membership Positions o Physical
More informationCritical Infrastructure Protection Committee Strategic Plan
Critical Infrastructure Protection Committee Strategic Plan 2015-2018 CIPC Executive Committee Updated: December 13, 2016 NERC Report Title Report Date I Table of Contents Preface... iv Executive Summary...
More informationMeeting Notes Project Modifications to CIP Standards Drafting Team June 28-30, 2016
Meeting Notes Project 2016-02 Modifications to CIP Standards Drafting Team June 28-30, 2016 Exelon Chicago, IL Administrative 1. Introductions / Chair s Remarks The meeting was brought to order by S. Crutchfield
More informationMeeting Minutes Critical Infrastructure Protection Committee
Meeting Minutes Critical Infrastructure Protection Committee Toronto Airport Marriott Hotel June 8-9, 2011 Toronto, Ontario, Canada Critical Infrastructure Protection Committee Vice-Chairman Bob Canada
More informationCritical Infrastructure Protection Committee Strategic Plan
Critical Infrastructure Protection Committee Strategic Plan 2013-2016 CIPC Executive Committee 5/14/2013 3353 Peachtree Road NE Suite 600, North Tower Atlanta, Georgia 30326 404-446-2560 www.nerc.com Table
More informationUNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION ) )
UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION Cyber Security Incident Reporting Reliability Standards ) ) Docket Nos. RM18-2-000 AD17-9-000 COMMENTS OF THE NORTH AMERICAN ELECTRIC
More informationEEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,
EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1, 2008 www.morganlewis.com Overview Reliability Standards Enforcement Framework Critical Infrastructure Protection (CIP)
More informationHistory of NERC December 2012
History of NERC December 2012 Timeline Date 1962-1963 November 9, 1965 1967 1967-1968 June 1, 1968 July 13-14, 1977 1979 1980 Description Industry creates an informal, voluntary organization of operating
More informationCritical Infrastructure Protection Version 5
Critical Infrastructure Protection Version 5 Tobias Whitney, Senior CIP Manager, Grid Assurance, NERC Compliance Committee Open Meeting August 9, 2017 Agenda Critical Infrastructure Protection (CIP) Standards
More informationAgenda Critical Infrastructure Protection Committee September 12, :00 5:00 p.m. Eastern September 13, :00 a.m.
Agenda Critical Infrastructure Protection Committee September 12, 2017 1:00 5:00 p.m. Eastern September 13, 2017 8:00 a.m. Noon Eastern The Hilton Quebec 1100, boul. René-Lévesque Est Quebec, QC, G1R 4P3
More informationStandards. Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016
Standards Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016 Balancing Authority Reliability-based Controls Reliability Benefits Data requirements for Balancing Authority (BA)
More informationCritical Infrastructure Protection Committee Meeting
Critical Infrastructure Protection Committee Meeting September 15-16, 2015 New Orleans, LA *All presentations are posted with the written consent of the presenters. Agenda Item 2 Critical Infrastructure
More informationStandards Authorization Request Form
Standards Authorization Request Form When completed, email this form to: sarcomm@nerc.com NERC welcomes suggestions to improve the reliability of the bulk power system through improved reliability standards.
More informationMember Representatives Committee. Pre-Meeting and Informational Webinar January 16, 2013
Member Representatives Committee Pre-Meeting and Informational Webinar January 16, 2013 Objectives Review preliminary agenda topics for February 6 Member Representatives Committee (MRC) meeting. Review
More informationAgenda Critical Infrastructure Protection Committee March 6, :00 p.m. 5:00 p.m. Eastern March 7, :00 a.m. Noon Eastern
Agenda Critical Infrastructure Protection Committee March 6, 2018 1:00 p.m. 5:00 p.m. Eastern March 7, 2018 8:00 a.m. Noon Eastern Hyatt Regency Jacksonville Riverfront 225East Coastline Drive Jacksonville,
More informationOPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith
OPUC Workshop March 13, 2015 Cyber Security Electric Utilities Portland General Electric Co. Travis Anderson Scott Smith 1 CIP Version 5 PGE Implementation Understanding the Regulations PGE Attended WECC
More informationAnalysis of CIP-006 and CIP-007 Violations
Electric Reliability Organization (ERO) Compliance Analysis Report Reliability Standard CIP-006 Physical Security of Critical Cyber Assets Reliability Standard CIP-007 Systems Security Management December
More informationCompliance Enforcement Initiative
Compliance Enforcement Initiative Filing and Status Update November 2, 2011 Rebecca Michael Status of the Filings NERC filed several components of the Compliance Enforcement Initiative on September 30,
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationNERC Overview and Compliance Update
NERC Overview and Compliance Update Eric Ruskamp Manager, Regulatory Compliance August 17, 2018 1 Agenda NERC Overview History Regulatory Hierarchy Reliability Standards Compliance Enforcement Compliance
More informationLive Webinar: Best Practices in Substation Security November 17, 2014
Live Webinar: Best Practices in Substation Security November 17, 2014 1 Agenda & Panelists Welcome & Introduction - Allan Wick, CFE, CPP, PSP, PCI, CBCP Enterprise Security Manager-CSO Tri-State Generation
More informationMeeting Minutes Reliability Metrics Working Group
Meeting Minutes Reliability Metrics Working Group August 18, 2010 2 p.m. 3 p.m. Conference Call Convene Chair William Adams convened the Reliability Metrics Working Group (RMWG) conference call on Aug
More informationERO Enterprise IT Projects Update
ERO Enterprise IT Projects Update Stan Hoptroff, Vice President, Chief Technology Officer and Director of Information Technology Technology and Security Committee Meeting November 6, 2018 Agenda ERO IT
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationCyber Security Standards Drafting Team Update
Cyber Security Standards Drafting Team Update Michael Assante, VP & Chief Security Officer North American Electric Reliability Corp. February 3, 2008 Overview About NERC Project Background Proposed Modifications
More informationUNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION. Foundation for Resilient Societies ) Docket No.
UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION Foundation for Resilient Societies ) Docket No. AD17-9-000 COMMENTS OF THE NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION IN OPPOSITION
More informationHistory of NERC January 2018
History of NERC January 2018 Date 1962 1963 The electricity industry created an informal, voluntary organization of operating personnel to facilitate coordination of the bulk power system in the United
More informationMeeting Minutes Reliability Metrics Working Group
Meeting Minutes Reliability Metrics Working Group May 18, 2010 8 a.m. 5 p.m. May 19, 2010 8 a.m. 1 p.m. Xcel Energy 414 Nicollet Mall Minneapolis, Minnesota 55401 Convene Chair Herbert Schrayshuen convened
More informationTechnical Conference on Critical Infrastructure Protection Supply Chain Risk Management
Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management Remarks of Marcus Sachs, Senior Vice President and the Chief Security Officer North American Electric Reliability
More informationAgenda Event Analysis Subcommittee Conference Call
Agenda Event Analysis Subcommittee Conference Call August 14, 2013 11:00 a.m. 1:00 p.m. Eastern Ready Talk Conference Call and Web Meeting Information: Dial-In: 1-866-740-1260 Access Code: 6517175 Security
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationHistory of NERC August 2013
History of NERC August 2013 Timeline Date 1962 1963 November 9, 1965 1967 1967 1968 June 1, 1968 July 13 14, 1977 1979 Description The electricity industry creates an informal, voluntary organization of
More informationMarch 6, Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices
March 6, 2019 Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices On July 21, 2016, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability
More informationJim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas
Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas Facts expressed in this presentation are Facts Opinions express in this presentation are solely my own The voices I
More informationStandards Development Update
Standards Development Update Steven Noess, Director of Standards Development FRCC Reliability Performance Industry Outreach Workshop September 20, 2017 Supply Chain Risk Management 1 Cyber Security Supply
More informationBlackout 2003 Reliability Recommendations
Blackout 2003 Reliability Recommendations 2005 NPCC General Meeting The Cranwell Resort Lenox, MA September 29, 2005 Philip A. Fedora Director, Market Reliability Interface Northeast Power Coordinating
More informationScope Cyber Attack Task Force (CATF)
Scope Cyber Attack Task Force (CATF) PART A: Required for Committee Approval Purpose This document defines the scope, objectives, organization, deliverables, and overall approach for the Cyber Attack Task
More informationSupply Chain Cybersecurity Risk Management Standards. Technical Conference November 10, 2016
Supply Chain Cybersecurity Risk Management Standards Technical Conference November 10, 2016 Agenda Opening remarks Review conference objectives and ground rules Standards project overview Discuss draft
More informationERO Reliability Risk Priorities Report. Peter Brandien, Reliability Issues Steering Committee Chair WECC Reliability Workshop March 21, 2018
ERO Reliability Risk Priorities Report Peter Brandien, Reliability Issues Steering Committee Chair WECC Reliability Workshop March 21, 2018 Reliability Issues Steering Committee (RISC) Background 2 RISC
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationCYBER SECURITY POLICY REVISION: 12
1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred
More informationERO Enterprise Strategic Planning Redesign
ERO Enterprise Strategic Planning Redesign Mark Lauby, Senior Vice President and Chief Reliability Officer Member Representatives Committee Meeting February 10, 2016 Strategic Planning Redesign Current
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationReliability Standards Development Plan
Reliability Standards Development Plan Steven Noess, Director of Standards Development Standards Oversight and Technology Committee Meeting November 1, 2016 2017-2019 Reliability Standards Development
More informationRELIABILITY COMPLIANCE ENFORCEMENT IN ONTARIO
RELIABILITY COMPLIANCE ENFORCEMENT IN ONTARIO June 27, 2016 Training provided for Ontario market participants by the Market Assessment and Compliance Division of the IESO Module 1 A MACD training presentation
More informationImplementing Cyber-Security Standards
Implementing Cyber-Security Standards Greg Goodrich TFIST Chair, CISSP New York Independent System Operator Northeast Power Coordinating Council General Meeting Montreal, QC November 28, 2012 Topics Critical
More informationMember Representatives Committee Meeting
Member Representatives Committee Meeting August 13, 2014 1:15 p.m. 5:15 p.m. Pacific The Westin Bayshore, Vancouver 1601 Bayshore Drive Vancouver, BC V6G 2V4 Canada Opening Remarks by MRC Chair Consent
More informationPrivate Sector Clearance Program (PSCP) Webinar
Private Sector Clearance Program (PSCP) Webinar Critical Infrastructure Protection Committee November 18, 2014 Nathan Mitchell, ESCC Clearance Liaison Agenda History NERC CIPC Private Sector Clearance
More informationStandards Authorization Request Form
Standards Authorization Request Form When completed, email this form to: sarcomm@nerc.com NERC welcomes suggestions to improve the reliability of the bulk power system through improved reliability standards.
More informationUNITED STATES OF AMERICA BEFORE THE U.S. DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
UNITED STATES OF AMERICA BEFORE THE U.S. DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY COMMENTS OF THE NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION ON NIST FRAMEWORK AND ROADMAP
More informationJim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas
Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas Facts expressed in this presentation are Facts Opinions express in this presentation are solely my own The voices I
More informationViews on the Framework for Improving Critical Infrastructure Cybersecurity
This document is scheduled to be published in the Federal Register on 12/11/2015 and available online at http://federalregister.gov/a/2015-31217, and on FDsys.gov Billing Code: 3510-13 DEPARTMENT OF COMMERCE
More information162 FERC 61,044 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. 18 CFR Part 40. [Docket No. RM ]
162 FERC 61,044 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION 18 CFR Part 40 [Docket No. RM17-13-000] Supply Chain Risk Management Reliability Standards (January 18, 2018) AGENCY: Federal
More informationUNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION
UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION Cyber Security Incident Reporting Reliability Standards Docket Nos. RM18-2-000 AD17-9-000 COMMENTS OF THE AMERICAN PUBLIC POWER
More informationUnofficial Comment Form Project Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i)
Unofficial Comment Form Project 2016-02 Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i) Do not use this form for submitting comments. Use the electronic form to submit
More informationStandard CIP-006-3c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3c 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security
More informationProposed Clean and Redline for Version 2 Implementation Plan
Exhibit A Implementation Plans for CIP-002-2 through CIP-009-2 and CIP-002-3 and CIP-009-3 For Generator Owners and Generator Operators of U.S. Nuclear Power Plants Proposed Clean and Redline for Version
More informationBILLING CODE P DEPARTMENT OF ENERGY. Federal Energy Regulatory Commission. 18 CFR Part 40. [Docket No. RM ]
This document is scheduled to be published in the Federal Register on 01/25/2018 and available online at https://federalregister.gov/d/2018-01247, and on FDsys.gov BILLING CODE 6717-01-P DEPARTMENT OF
More information1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010
Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes
More informationUNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION
UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION Supply Chain Risk Management ) Docket No. RM17-13-000 Reliability Standards ) COMMENTS OF THE ISO/RTO COUNCIL The ISO/RTO Council
More informationREVISIONS TO TOP/IRO RELIABILITY STANDARDS
REVISIONS TO TOP/IRO RELIABILITY STANDARDS Meeting Notes 1. Introduction The Chair called the meeting to order at 8:00 a.m. on Tuesday, April 8, 2014 at the NERC offices in Atlanta, GA. Meeting participants
More informationLow Impact Generation CIP Compliance. Ryan Walter
Low Impact Generation CIP Compliance Ryan Walter Agenda Entity Overview NERC CIP Introduction CIP-002-5.1, Asset Classification What Should Already be Done CIP-003-7, Low Impact Requirements Tri-State
More informationThis section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft
More informationPhilip Huff Arkansas Electric Cooperative Corporation Doug Johnson Commonwealth Edison Company. CSO706 SDT Webinar August 24, 2011
CIP Standards Version 5 Requirements & Status Philip Huff Arkansas Electric Cooperative Corporation Doug Johnson Commonwealth Edison Company David Revill Georgia Transmission Corporation CSO706 SDT Webinar
More informationStandard Authorization Request Form
Title of Proposed Standard Cyber Security Request Date May 2, 2003 SAR Requestor Information Name Charles Noble (on behalf of CIPAG) Company Telephone SAR Type (Check box for one of these selections.)
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 10 Chapter X Security Performance Metrics Background For many years now, NERC and the electricity industry have taken actions to address cyber and physical
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationNERC-Led Technical Conferences
NERC-Led Technical Conferences NERC s Headquarters Atlanta, GA Tuesday, January 21, 2014 Sheraton Phoenix Downtown Phoenix, AZ Thursday, January 23, 2014 Administrative Items NERC Antitrust Guidelines
More informationExecutive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI
Executive Order 13636 & Presidential Policy Directive 21 Ed Goff, Duke Energy Melanie Seader, EEI Agenda Executive Order 13636 Presidential Policy Directive 21 Nation Infrastructure Protection Plan Cybersecurity
More informationThe North American Electric Reliability Corporation ( NERC ) hereby submits
March 3, 2011 VIA ELECTRONIC FILING Ms. Erica Hamilton, Commission Secretary British Columbia Utilities Commission Box 250, 900 Howe Street Sixth Floor Vancouver, B.C. V6Z 2N3 Re: North American Electric
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 9 Chapter X Security Performance Metrics Background For the past two years, the State of Reliability report has included a chapter for security performance
More informationStandard CIP-006-4c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-4c 3. Purpose: Standard CIP-006-4c is intended to ensure the implementation of a physical security
More informationAgenda Event Analysis Subcommittee Conference Call
Agenda Event Analysis Subcommittee Conference Call September 11, 2013 11:00 a.m. 1:00 p.m. Eastern Ready Talk Conference Call and Web Meeting Information: Dial-In: 1-866-740-1260 Access Code: 6517175 Security
More informationStandard Authorization Request Form
Standard Authorization Request Form Title of Proposed Standard: Project 2009-02: Real-time Reliability Monitoring and Analysis Capabilities Original Request Date: June 4, 2009 Revised Date: January 15,
More informationCompliance: Evidence Requests for Low Impact Requirements
MIDWEST RELIABILITY ORGANIZATION Compliance: Evidence Requests for Low Impact Requirements Jess Syring, CIP Compliance Engineer MRO CIP Low Impact Workshop March 1, 2017 Improving RELIABILITY and mitigating
More informationJune 4, 2014 VIA ELECTRONIC FILING. Veronique Dubois Régie de l'énergie Tour de la Bourse 800, Place Victoria Bureau 255 Montréal, Québec H4Z 1A2
June 4, 2014 VIA ELECTRONIC FILING Veronique Dubois Régie de l'énergie Tour de la Bourse 800, Place Victoria Bureau 255 Montréal, Québec H4Z 1A2 Re: North American Electric Reliability Corporation Dear
More informationCyber Security Reliability Standards CIP V5 Transition Guidance:
Cyber Security Reliability Standards CIP V5 Transition Guidance: ERO Compliance and Enforcement Activities during the Transition to the CIP Version 5 Reliability Standards To: Regional Entities and Responsible
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014
Federal Energy Regulatory Commission Order No. 791 June 2, 2014 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently proposed
More informationJuly 5, Mr. John Twitty, Chair NERC Member Representatives Committee. Dear John:
July 5, 2017 Mr. John Twitty, Chair NERC Member Representatives Committee Dear John: I invite the Member Representatives Committee (MRC) to provide policy input on one issue of particular interest to the
More informationCritical Infrastructure Protection Committee (CIPC)
Critical Infrastructure Protection Committee (CIPC) Westin Buckhead Atlanta Atlanta, GA December 15-16, 2015 Safety and Security Westin Buckhead Atlanta Staff will inform the CIPC concerning Fire and Evacuation
More informationNERC Staff Organization Chart 2015 Budget
NERC Staff Organization Chart President and CEO (Dept. 2100) Executive Assistant (Dept. 2100) Associate Director, Member Relations and MRC Secretary (Dept. 2100) Senior Vice President and Chief Reliability
More informationThis draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationUNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION ) ) ) COMMENTS OF THE LARGE PUBLIC POWER COUNCIL
UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION Cyber Security Incident Reporting Reliability Standards ) ) ) Docket Nos. RM18-2-000 AD17-9-000 COMMENTS OF THE LARGE PUBLIC POWER
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationDraft Minutes Personnel Certification Governance Committee
Draft Minutes Personnel Certification Governance Committee June 5-6, 2012 Crown Plaza Minneapolis, MN Administrative A meeting of the Personnel Certification Governance Committee was held on Tuesday, June
More information