2015 Risk Element: Extreme Physical Events

Transcription

1 2015 Risk Element: Extreme Physical Events Industry Webinar October 15, 2015

2 Administrative Items NERC Antitrust Guidelines It is NERC s policy and practice to obey the antitrust laws fully and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that unreasonably restrains competition. It is the responsibility of every NERC participant who may in any way affect NERC s compliance with the antitrust laws to carry out this commitment. Any NERC participant who is uncertain about the legal ramifications of a particular course of conduct or who has doubts or concerns about whether NERC s antitrust compliance policy is implicated in any situation should consult NERC s General Counsel immediately. 2

3 Administrative Items (continued) Notice of Open Meeting Participants are reminded that this webinar is public. The access number was posted on the NERC website and widely distributed. Speakers on the call should keep in mind that the listening audience may include members of the press and representatives of various governmental authorities, in addition to the expected participation by industry stakeholders. 3

4 Administrative Items (continued) This webinar is being recorded This webinar will be posted on the NERC website shortly following today s broadcast Questions will be taken via chat at the end of the presentation Please complete the short 5 question post-webinar survey 4

5 Agenda Webinar Series Overview of Risk Elements Extreme Physical Events What are they, why are they a risk Reliability Standards and Requirements Compliance Aspects and Reliability Standard updates o Several EOP Standards EOP Geomagnetic Disturbances (GMD) o Several TPL Standards o CIP Physical Security Question and Answer 5

6 Purpose This webinar is part of the NERC webinar series on the 2015 ERO Risk Elements. Educate stakeholders on role of risk elements in compliance monitoring Provide resources and good industry practices related to Reliability Standards associated with each risk element 6

7 Webinar Schedule Visit the NERC website to register for future Risk Element webinars ERO CMEP IP Webinar on November 19,

8 Overview of Risk Elements First step in Risk-based Compliance Oversight Framework Included in the NERC Annual CMEP Implementation Plan Identification and prioritization of enterprise-wide risks Potential impact to the reliability of the Bulk Electric System (BES) Risk Elements map to Reliability Standards Replace prior Actively Monitored Lists (AML) Regional Entities also consider Region-specific risks 8

9 Risk Elements in Risk Based Framework 9

10 2016 Risk Elements The 2016 ERO Enterprise Compliance Monitoring and Enforcement Program (CMEP) Implementation Plan is located on the NERC website at %20IP_V_1_ _Posted.pdf 10

11 Extreme Physical Events: Areas of Focus 11

12 Extreme Physical Events: What are they? Events that result in extensive damage to equipment, irrespective of cause. Hurricane Tornado Earthquake Geo-Magnetic Disturbance (GMD) High Wind Flooding Physical Attack Sabotage Recent Physical Events: 2012 Derecho Storm 2012 Hurricane Sandy 2013 Metcalf Station Attack 2013 Hot Weather Event 2014 Cold Weather Event 12

13 Extreme Physical Events: Why are they a Risk Physical in Nature Equipment Damage Long Lead Times Degraded Reliability for Extended Time Current Risk Management Activities Mandatory Reliability Standards Problem Evaluation Simulation and Training Raising Awareness Best Practices Program Development 13

14 Extreme Physical Events: EOP Standards EOP Standards are for Emergency Operations. Extreme physical events could require use of emergency operating procedures EOP Standards EOP Capacity and Energy Emergencies EOP Event Reporting EOP System Restoration from Blackstart Resources EOP System Restoration Coordination EOP Loss of Control Center Functionality EOP Geomagnetic Disturbance Operations 14

15 EOP Capacity and Energy Emergencies 15

16 EOP Capacity and Energy Emergencies (continued) 16

17 EOP Capacity and Energy Emergencies (continued) 17

18 EOP Event Reporting 18

19 EOP Event Reporting (continued) 19

20 EOP System Restoration from Blackstart Resources 20

21 EOP System Restoration from Blackstart Resources (continued) 21

22 EOP System Restoration from Blackstart Resources (continued) 22

23 EOP System Restoration Coordination 23

24 EOP System Restoration Coordination (continued) 24

25 EOP System Restoration Coordination (continued) 25

26 EOP Loss of Control Center Functionality 26

27 EOP Loss of Control Center Functionality (continued) 27

28 EOP Geomagnetic Disturbance Operations 28

29 Geomagnetic Disturbance Operations 101 GIC = Geomagnetic Induced Current 29

30 EOP Geomagnetic Disturbance Operations (continued) 30

31 GMD Operating Plan - RC Possible topics to address in RC GMD Operating Plan: Acquisition and dissemination of space weather forecast information (R2) o NOAA SWPC (US), NRCAN (Canada), Private Service Providers GIC Monitoring and Equipment Monitoring o Data acquisition and establishing action triggers from measured data Development and communication of TOP Operating Procedures (R3) o Process for coordination within the RC area Coordination with adjacent RCs and TOPs o Process for coordination with external entities 31

32 EOP Geomagnetic Disturbance Operations (continued) 32

33 GMD Operating Plan - TOP Possible topics to address in TOP GMD Operating Plan: Acquisition of space weather information from the RC Required analysis for the development of operator actions Operator actions in various timeframes o Long Lead (1-3 days) increasing situational awareness, system posturing o Day of Event monitoring (GIC monitors, major equipment, reactive resources) o Real Time safe system posturing (re-dispatch, reactive additions); system reconfiguration (remove transformers or transmission lines from service) o Return to normal operations 33

34 EOP Compliance Aspects Requirements generally not prescriptive Impacts of GMD vary widely, based on geomagnetic latitude, local geology, system topology, and voltage class Ensure adequate coordination is apparent in GMD plans and procedures GMD events occur over large areas of the system Coordination is of critical importance GMD science and technology is in infancy and evolving Analytical tools coming into widespread use 34

35 Importance of Pre-study Effectiveness of operating actions improve based on study GMD response actions can exacerbate the problem due to the ability of GICs to move to adjacent locations if mitigated at one location Recognition that the study calculations and results can have wide error bars GIC calculation is not an exact science Harmonics considerations are even less exact GMD cannot be effectively mitigated by hip shooting actions by the operators Wide scale impacts have to be solved by coordinated actions Transformer overheating is a time dependent phenomenon and the equipment limits have to be established by analysis 35

36 Extreme Physical Events: TPL Standards TPL Standards cover Transmission Planning Reduce exposure\risk TPL-002-0b System Performance Following Loss of a Single BES Element (Category B) TPL-003-0b System Performance Following Loss of Two or More BES Elements (Category C) TPL-004-0a System Performance Following Extreme Events Resulting in the Loss of Two or More Bulk Electric System Elements (Category D) 36

37 Extreme Physical Events: TPL Standards Comparison 37

38 Extreme Physical Events: TPL Standards Comparison (continued) 38

39 Extreme Physical Events: TPL Standards Comparison (continued) 39

40 CIP Physical Security 40

41 CIP Physical Security - Applicability 41

42 CIP Physical Security Applicability (continued) 42

43 CIP-014-2, R4 - Threat and Vulnerabilities Assessment Each TO that identified a Transmission station(s), Transmission substation(s), or a primary control center(s) in R1 and verified according to R2, and each Transmission Operator notified by a TO according to R3 Shall conduct an evaluation of the potential threats and vulnerabilities of a physical attack to each of their respective Transmission station(s), Transmission substation(s), and primary control center(s) identified in R1 and verified according to R2 Unique characteristics History of security events Intelligence or Threat Warnings 43

44 NATF R4 Guidance Memo June 2015 R4 Practices containing an approach, common practices and understanding evaluations of the potential vulnerabilities and threats of a physical attack of facilities Site Specific vulnerability considerations No protection of facility (fencing, locks, or monitoring) Gaps in or lack of security mitigation(physical and human) Gaps in or lack of physical security policies and procedures, failure to enforce controls for vehicle and security equipment testing Access control how is it granted, what is the process 44

45 NATF - R4 Guidance Memo June 2015 (continued) Physical Security evaluation checklist. (The physical security evaluation checklist is a format that can be used to provide self assessment of security program) Facility Information: address, contact numbers Executive Management, Security Management, Maintenance and First Responders Perimeter: Fence(type, height, anchored and enhancements)crash gate, lighting, surrounding area and landscape Security Systems(CCTV, Intrusion detection, fire alarms and locks & doors) Information Technology Systems and Sensitive Information storage Security and Response Plans 45

46 NATF - R4 Guidance Memo June 2015 (continued) CIP-014 Questionnaire Threat Assessment List all of facility history of sabotage, vandalism, physical attack and Law Enforcement response List all historical criminal incidents to similar sites within the U. S. Threat Assessment, Intelligence Bulletins or Threat Warnings prepared by State Fusion Centers, Local Law Enforcement, DHS or FBI 46

47 NATF - R4 Guidance Memo June 2015 (continued) Resiliency Measures measures already existing to prevent a physical attack Existing physical security measures to deter such as: Perimeter signage, fencing, gates, lighting, locks and security officers/roving patrols Existing physical security measures to detect such as: CCTV, Intrusion Detection and alarms Existing physical security measures to delay such as: Vehicle barriers, crash gates, fencing and security officers Existing physical security measures to assess such as: Video surveillance, video analytics and security command centers 47

48 NATF - R4 Guidance Memo June 2015 (continued) Resiliency Measures continued Existing physical security measures to communicate such as: Security Operations Center(SOC) initiates response, protection of communication transmission to the SOC, alarm systems and Intercom system. Existing physical security measures to respond such as: Documented procedures, responses to alarms, State or local Law Enforcement and armed security officers deployment. 48

49 CIP-014-2, R5 - Security Plan Each TO that identified a Transmission station(s), Transmission substation(s), or a primary control center(s) in R1 and verified according to R2, and each Transmission Operator notified by a TO according to R3 Shall develop and implement a documented physical security plan(s) that cover their Transmission station(s), Transmission substation(s), and primary control center(s). The physical security plan(s) shall be developed within 120 calendar days following the completion of R2 and executed according to the timeline specified in the physical security plans The security plan should address the mitigation and response to the threats and vulnerabilities identified A measureable timeline of executing the physical security enhancements and modifications should be included in the security plan The timeline should include a project plan on how security enhancements and modifications will be implemented 49

50 NATF - R5 Guidance Memo June 2015 R5 provides an approach for development and implementation of Physical Security Plans. Areas for consideration: Deterrence Measures Visible physical security measures installed to persuade individuals to seek other, less secure targets Detection Measures Physical security measures installed to detect unauthorized intrusion and provide local and/ or remote intruder notification Delay Measures Physical security measures installed to delay an intruder s access to a physical asset and provide time for incident assessment and response 50

51 NATF - R5 Guidance Memo June 2015 (continued) Assessment Measures The process of evaluating the legitimacy of an alarm and determining the procedural steps required to respond Communicate Systems used to send and receive alarm/video signals, audio, and data Respond The immediate measures taken to assess, deploy, interrupt, to an incident Physical Security Plan Template 51

52 CIP-014-2, R6 Third Party Review R6 - Each Transmission Owner and Transmission Operator shall select an unaffiliated third party reviewer from the following: An entity or organization with electric industry physical security experience and whose review staff has at least one member who holds either a Certified Protection Professional(CPP) or Physical Security Professional(PSP) certification An entity or organization approved by the ERO A government agency with physical security expertise An entity or organization with demonstrated law enforcement, government, or military physical security expertise 52

53 Critical Infrastructure Protection Committee (CIPC) - R6 Guidance CIPC has developed guidance to support industry s implementation of Requirement R6. Provides examples of experience/documentation for third party reviewer with electric industry o Proof of past or current employment as an employee(s) or contractor(s) in the electric industry; o Proof of past or current employment as an employee(s) or contractor(s) as an ERO regional entity auditor; or o Documented experience in threat vulnerability assessments or development of security plans in the electric industry 53

54 Critical Infrastructure Protection Committee (CIPC) - R6 Guidance (continued) Provides examples of government agencies that might be selected Provides skill sets/activities for demonstrated law enforcement, government, or military physical security expertise 54

55 Types of Physical Threats Human threat. Fire Arms. Improvised Explosive Devices(IED). Vehicle Born Improvised Explosive Device(VBIED). 55

56 Bomb Threat Stand-off Chart 56

57 Physical Security Example 57

58 Resources Related to Extreme Physical Events ERO Priorities: RISC Updates and Recommendations report ndations-jul_26_2013.pdf 2014 Long-Term Reliability Assessment ATTA.pdf ERO Top Priority Reliability Risks (January 16, 2014) 20Top%20Priority%20Reliability%20Risks% pdf State of Reliability Report %20of%20Reliability.pdf 58

59 Resources Related to Extreme Physical Events (continued) GMD Functional Applicability Whitepaper tionalentityapplicability_whitepaper_clean.pdf GMD Network Applicability Whitepaper: licablenetwork_clean.pdf 2012 Special Reliability Assessment Interim Report: Effects of Geomagnetic Disturbance on the Bulk Power System, dated February

60 60