2015 Risk Element: Extreme Physical Events
|
|
- Willis Cain
- 5 years ago
- Views:
Transcription
1 2015 Risk Element: Extreme Physical Events Industry Webinar October 15, 2015
2 Administrative Items NERC Antitrust Guidelines It is NERC s policy and practice to obey the antitrust laws fully and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that unreasonably restrains competition. It is the responsibility of every NERC participant who may in any way affect NERC s compliance with the antitrust laws to carry out this commitment. Any NERC participant who is uncertain about the legal ramifications of a particular course of conduct or who has doubts or concerns about whether NERC s antitrust compliance policy is implicated in any situation should consult NERC s General Counsel immediately. 2
3 Administrative Items (continued) Notice of Open Meeting Participants are reminded that this webinar is public. The access number was posted on the NERC website and widely distributed. Speakers on the call should keep in mind that the listening audience may include members of the press and representatives of various governmental authorities, in addition to the expected participation by industry stakeholders. 3
4 Administrative Items (continued) This webinar is being recorded This webinar will be posted on the NERC website shortly following today s broadcast Questions will be taken via chat at the end of the presentation Please complete the short 5 question post-webinar survey 4
5 Agenda Webinar Series Overview of Risk Elements Extreme Physical Events What are they, why are they a risk Reliability Standards and Requirements Compliance Aspects and Reliability Standard updates o Several EOP Standards EOP Geomagnetic Disturbances (GMD) o Several TPL Standards o CIP Physical Security Question and Answer 5
6 Purpose This webinar is part of the NERC webinar series on the 2015 ERO Risk Elements. Educate stakeholders on role of risk elements in compliance monitoring Provide resources and good industry practices related to Reliability Standards associated with each risk element 6
7 Webinar Schedule Visit the NERC website to register for future Risk Element webinars ERO CMEP IP Webinar on November 19,
8 Overview of Risk Elements First step in Risk-based Compliance Oversight Framework Included in the NERC Annual CMEP Implementation Plan Identification and prioritization of enterprise-wide risks Potential impact to the reliability of the Bulk Electric System (BES) Risk Elements map to Reliability Standards Replace prior Actively Monitored Lists (AML) Regional Entities also consider Region-specific risks 8
9 Risk Elements in Risk Based Framework 9
10 2016 Risk Elements The 2016 ERO Enterprise Compliance Monitoring and Enforcement Program (CMEP) Implementation Plan is located on the NERC website at %20IP_V_1_ _Posted.pdf 10
11 Extreme Physical Events: Areas of Focus 11
12 Extreme Physical Events: What are they? Events that result in extensive damage to equipment, irrespective of cause. Hurricane Tornado Earthquake Geo-Magnetic Disturbance (GMD) High Wind Flooding Physical Attack Sabotage Recent Physical Events: 2012 Derecho Storm 2012 Hurricane Sandy 2013 Metcalf Station Attack 2013 Hot Weather Event 2014 Cold Weather Event 12
13 Extreme Physical Events: Why are they a Risk Physical in Nature Equipment Damage Long Lead Times Degraded Reliability for Extended Time Current Risk Management Activities Mandatory Reliability Standards Problem Evaluation Simulation and Training Raising Awareness Best Practices Program Development 13
14 Extreme Physical Events: EOP Standards EOP Standards are for Emergency Operations. Extreme physical events could require use of emergency operating procedures EOP Standards EOP Capacity and Energy Emergencies EOP Event Reporting EOP System Restoration from Blackstart Resources EOP System Restoration Coordination EOP Loss of Control Center Functionality EOP Geomagnetic Disturbance Operations 14
15 EOP Capacity and Energy Emergencies 15
16 EOP Capacity and Energy Emergencies (continued) 16
17 EOP Capacity and Energy Emergencies (continued) 17
18 EOP Event Reporting 18
19 EOP Event Reporting (continued) 19
20 EOP System Restoration from Blackstart Resources 20
21 EOP System Restoration from Blackstart Resources (continued) 21
22 EOP System Restoration from Blackstart Resources (continued) 22
23 EOP System Restoration Coordination 23
24 EOP System Restoration Coordination (continued) 24
25 EOP System Restoration Coordination (continued) 25
26 EOP Loss of Control Center Functionality 26
27 EOP Loss of Control Center Functionality (continued) 27
28 EOP Geomagnetic Disturbance Operations 28
29 Geomagnetic Disturbance Operations 101 GIC = Geomagnetic Induced Current 29
30 EOP Geomagnetic Disturbance Operations (continued) 30
31 GMD Operating Plan - RC Possible topics to address in RC GMD Operating Plan: Acquisition and dissemination of space weather forecast information (R2) o NOAA SWPC (US), NRCAN (Canada), Private Service Providers GIC Monitoring and Equipment Monitoring o Data acquisition and establishing action triggers from measured data Development and communication of TOP Operating Procedures (R3) o Process for coordination within the RC area Coordination with adjacent RCs and TOPs o Process for coordination with external entities 31
32 EOP Geomagnetic Disturbance Operations (continued) 32
33 GMD Operating Plan - TOP Possible topics to address in TOP GMD Operating Plan: Acquisition of space weather information from the RC Required analysis for the development of operator actions Operator actions in various timeframes o Long Lead (1-3 days) increasing situational awareness, system posturing o Day of Event monitoring (GIC monitors, major equipment, reactive resources) o Real Time safe system posturing (re-dispatch, reactive additions); system reconfiguration (remove transformers or transmission lines from service) o Return to normal operations 33
34 EOP Compliance Aspects Requirements generally not prescriptive Impacts of GMD vary widely, based on geomagnetic latitude, local geology, system topology, and voltage class Ensure adequate coordination is apparent in GMD plans and procedures GMD events occur over large areas of the system Coordination is of critical importance GMD science and technology is in infancy and evolving Analytical tools coming into widespread use 34
35 Importance of Pre-study Effectiveness of operating actions improve based on study GMD response actions can exacerbate the problem due to the ability of GICs to move to adjacent locations if mitigated at one location Recognition that the study calculations and results can have wide error bars GIC calculation is not an exact science Harmonics considerations are even less exact GMD cannot be effectively mitigated by hip shooting actions by the operators Wide scale impacts have to be solved by coordinated actions Transformer overheating is a time dependent phenomenon and the equipment limits have to be established by analysis 35
36 Extreme Physical Events: TPL Standards TPL Standards cover Transmission Planning Reduce exposure\risk TPL-002-0b System Performance Following Loss of a Single BES Element (Category B) TPL-003-0b System Performance Following Loss of Two or More BES Elements (Category C) TPL-004-0a System Performance Following Extreme Events Resulting in the Loss of Two or More Bulk Electric System Elements (Category D) 36
37 Extreme Physical Events: TPL Standards Comparison 37
38 Extreme Physical Events: TPL Standards Comparison (continued) 38
39 Extreme Physical Events: TPL Standards Comparison (continued) 39
40 CIP Physical Security 40
41 CIP Physical Security - Applicability 41
42 CIP Physical Security Applicability (continued) 42
43 CIP-014-2, R4 - Threat and Vulnerabilities Assessment Each TO that identified a Transmission station(s), Transmission substation(s), or a primary control center(s) in R1 and verified according to R2, and each Transmission Operator notified by a TO according to R3 Shall conduct an evaluation of the potential threats and vulnerabilities of a physical attack to each of their respective Transmission station(s), Transmission substation(s), and primary control center(s) identified in R1 and verified according to R2 Unique characteristics History of security events Intelligence or Threat Warnings 43
44 NATF R4 Guidance Memo June 2015 R4 Practices containing an approach, common practices and understanding evaluations of the potential vulnerabilities and threats of a physical attack of facilities Site Specific vulnerability considerations No protection of facility (fencing, locks, or monitoring) Gaps in or lack of security mitigation(physical and human) Gaps in or lack of physical security policies and procedures, failure to enforce controls for vehicle and security equipment testing Access control how is it granted, what is the process 44
45 NATF - R4 Guidance Memo June 2015 (continued) Physical Security evaluation checklist. (The physical security evaluation checklist is a format that can be used to provide self assessment of security program) Facility Information: address, contact numbers Executive Management, Security Management, Maintenance and First Responders Perimeter: Fence(type, height, anchored and enhancements)crash gate, lighting, surrounding area and landscape Security Systems(CCTV, Intrusion detection, fire alarms and locks & doors) Information Technology Systems and Sensitive Information storage Security and Response Plans 45
46 NATF - R4 Guidance Memo June 2015 (continued) CIP-014 Questionnaire Threat Assessment List all of facility history of sabotage, vandalism, physical attack and Law Enforcement response List all historical criminal incidents to similar sites within the U. S. Threat Assessment, Intelligence Bulletins or Threat Warnings prepared by State Fusion Centers, Local Law Enforcement, DHS or FBI 46
47 NATF - R4 Guidance Memo June 2015 (continued) Resiliency Measures measures already existing to prevent a physical attack Existing physical security measures to deter such as: Perimeter signage, fencing, gates, lighting, locks and security officers/roving patrols Existing physical security measures to detect such as: CCTV, Intrusion Detection and alarms Existing physical security measures to delay such as: Vehicle barriers, crash gates, fencing and security officers Existing physical security measures to assess such as: Video surveillance, video analytics and security command centers 47
48 NATF - R4 Guidance Memo June 2015 (continued) Resiliency Measures continued Existing physical security measures to communicate such as: Security Operations Center(SOC) initiates response, protection of communication transmission to the SOC, alarm systems and Intercom system. Existing physical security measures to respond such as: Documented procedures, responses to alarms, State or local Law Enforcement and armed security officers deployment. 48
49 CIP-014-2, R5 - Security Plan Each TO that identified a Transmission station(s), Transmission substation(s), or a primary control center(s) in R1 and verified according to R2, and each Transmission Operator notified by a TO according to R3 Shall develop and implement a documented physical security plan(s) that cover their Transmission station(s), Transmission substation(s), and primary control center(s). The physical security plan(s) shall be developed within 120 calendar days following the completion of R2 and executed according to the timeline specified in the physical security plans The security plan should address the mitigation and response to the threats and vulnerabilities identified A measureable timeline of executing the physical security enhancements and modifications should be included in the security plan The timeline should include a project plan on how security enhancements and modifications will be implemented 49
50 NATF - R5 Guidance Memo June 2015 R5 provides an approach for development and implementation of Physical Security Plans. Areas for consideration: Deterrence Measures Visible physical security measures installed to persuade individuals to seek other, less secure targets Detection Measures Physical security measures installed to detect unauthorized intrusion and provide local and/ or remote intruder notification Delay Measures Physical security measures installed to delay an intruder s access to a physical asset and provide time for incident assessment and response 50
51 NATF - R5 Guidance Memo June 2015 (continued) Assessment Measures The process of evaluating the legitimacy of an alarm and determining the procedural steps required to respond Communicate Systems used to send and receive alarm/video signals, audio, and data Respond The immediate measures taken to assess, deploy, interrupt, to an incident Physical Security Plan Template 51
52 CIP-014-2, R6 Third Party Review R6 - Each Transmission Owner and Transmission Operator shall select an unaffiliated third party reviewer from the following: An entity or organization with electric industry physical security experience and whose review staff has at least one member who holds either a Certified Protection Professional(CPP) or Physical Security Professional(PSP) certification An entity or organization approved by the ERO A government agency with physical security expertise An entity or organization with demonstrated law enforcement, government, or military physical security expertise 52
53 Critical Infrastructure Protection Committee (CIPC) - R6 Guidance CIPC has developed guidance to support industry s implementation of Requirement R6. Provides examples of experience/documentation for third party reviewer with electric industry o Proof of past or current employment as an employee(s) or contractor(s) in the electric industry; o Proof of past or current employment as an employee(s) or contractor(s) as an ERO regional entity auditor; or o Documented experience in threat vulnerability assessments or development of security plans in the electric industry 53
54 Critical Infrastructure Protection Committee (CIPC) - R6 Guidance (continued) Provides examples of government agencies that might be selected Provides skill sets/activities for demonstrated law enforcement, government, or military physical security expertise 54
55 Types of Physical Threats Human threat. Fire Arms. Improvised Explosive Devices(IED). Vehicle Born Improvised Explosive Device(VBIED). 55
56 Bomb Threat Stand-off Chart 56
57 Physical Security Example 57
58 Resources Related to Extreme Physical Events ERO Priorities: RISC Updates and Recommendations report ndations-jul_26_2013.pdf 2014 Long-Term Reliability Assessment ATTA.pdf ERO Top Priority Reliability Risks (January 16, 2014) 20Top%20Priority%20Reliability%20Risks% pdf State of Reliability Report %20of%20Reliability.pdf 58
59 Resources Related to Extreme Physical Events (continued) GMD Functional Applicability Whitepaper tionalentityapplicability_whitepaper_clean.pdf GMD Network Applicability Whitepaper: licablenetwork_clean.pdf 2012 Special Reliability Assessment Interim Report: Effects of Geomagnetic Disturbance on the Bulk Power System, dated February
60 60
Physical Security Reliability Standard Implementation
Physical Security Reliability Standard Implementation Attachment 4b Action Information Background On March 7, 2014, the Commission issued an order directing NERC to submit for approval, within 90 days,
More informationProject Physical Security Directives Mapping Document
Document Background In Order No. 802 (final order on CIP-014-1 Physical Security), issued on November 20, 2014, FERC directed NERC to remove the term widespread from Reliability Standard CIP-014-1 or,
More informationCritical Infrastructure Protection (CIP) Version 5 Revisions. Standard Drafting Team Update Industry Webinar September 19, 2014
Critical Infrastructure Protection (CIP) Version 5 Revisions Standard Drafting Team Update Industry Webinar September 19, 2014 Administrative Items NERC Antitrust Guidelines It is NERC s policy and practice
More informationIndustry Webinar. Project Modifications to CIP-008 Cyber Security Incident Reporting. November 16, 2018
Industry Webinar Project 2018-02 Modifications to CIP-008 Cyber Security Incident Reporting November 16, 2018 Agenda Presenters Standard Drafting Team NERC Staff - Alison Oswald Administrative Items Project
More informationNERC-Led Technical Conferences
NERC-Led Technical Conferences NERC s Headquarters Atlanta, GA Tuesday, January 21, 2014 Sheraton Phoenix Downtown Phoenix, AZ Thursday, January 23, 2014 Administrative Items NERC Antitrust Guidelines
More informationCIP Physical Security What to Expect
CIP-014-2 Physical Security What to Expect March 28, 2017 Kevin Perry Director, Critical Infrastructure Protection Jeff Rooker Lead Compliance Engineer 1 Purpose To identify and protect Transmission stations
More informationLive Webinar: Best Practices in Substation Security November 17, 2014
Live Webinar: Best Practices in Substation Security November 17, 2014 1 Agenda & Panelists Welcome & Introduction - Allan Wick, CFE, CPP, PSP, PCI, CBCP Enterprise Security Manager-CSO Tri-State Generation
More informationModifications to TOP and IRO Standards
Modifications to TOP and IRO Standards Jason Smith, Southwest Power Pool Industry Webinar July 22, 2016 NERC Antitrust Guidelines It is NERC's policy and practice to obey the antitrust laws to avoid all
More informationCritical Infrastructure Protection Version 5
Critical Infrastructure Protection Version 5 Tobias Whitney, Senior CIP Manager, Grid Assurance, NERC Compliance Committee Open Meeting August 9, 2017 Agenda Critical Infrastructure Protection (CIP) Standards
More informationProject CIP Modifications
Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization in the CIP Environment March 21, 2017 Agenda Administrative Items Antitrust and Disclaimers
More informationRegulatory Impacts on Research Topics. Jennifer T. Sterling Director, Exelon NERC Compliance Program
Regulatory Impacts on Research Topics Jennifer T. Sterling Director, Exelon NERC Compliance Program The 2003 Blackout On August 14, 2003, an electric power blackout affected large portions of the Northeast
More informationReliability Standards Development Plan
Reliability Standards Development Plan Steven Noess, Director of Standards Development Standards Oversight and Technology Committee Meeting November 1, 2016 2017-2019 Reliability Standards Development
More informationGeomagnetic Disturbances
Geomagnetic Disturbances Managing Risk to the North American Power Grid Mark Olson, Reliability Standards Developer Worcester Polytechnic Institute Energy Symposium September 25, 2013 About NERC The North
More informationFERC Reliability Technical Conference Panel III: ERO Performance and Initiatives ESCC and the ES-ISAC
: ERO Performance and Initiatives June 4, 2015 Chairman Bay, Commissioners, and fellow panelists, I appreciate the opportunity to address the topics identified for the third panel of today s important
More informationCIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra
CIP-014 JEA Compliance Approach FRCC Fall Compliance Workshop Presenter Daniel Mishra Acronyms & Terminologies DHS Department of Homeland Security JEA It s not an acronym JSO Jacksonville Sheriff's Office
More informationChapter X Security Performance Metrics
DRAFT February 19, 15 BES Security s Working Group Page 1 of 7 Chapter X Security Performance s 1 3 3 3 3 0 Background The State of Reliability 1 report noted that the NERC PAS was collaborating with the
More informationNew Brunswick 2018 Annual Implementation Plan Version 1
New Brunswick Energy and Utilities Board Reliability Standards, Compliance and Enforcement Program New Brunswick 2018 Annual Implementation Plan Version 1 December 28, 2017 Table of Contents Version History...
More informationProject CIP Modifications
Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization in the CIP Environment April 18, 2017 Administrative Items NERC Antitrust Guidelines It
More informationTexas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13
Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13 I. Vision A highly reliable and secure bulk power system in the Electric Reliability Council of Texas
More informationQuébec Reliability Standards Compliance Monitoring and Enforcement Program Implementation Plan Annual Implementation Plan
Québec Reliability Standards Compliance Monitoring and Enforcement Program Implementation Plan 2017 Annual Implementation Plan Effective Date: January 1, 2017 Approved by the Régie: December 1, 2016 Table
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationELECTRIC UTILITY SECTOR PHYSICAL THREATS (DBT) & RESPONSE PLANNING
ELECTRIC UTILITY SECTOR PHYSICAL THREATS (DBT) & RESPONSE PLANNING Helping to keep the lights on, businesses running and communities strong 1 Objectives The Utility Business has Changed Methodology Program
More informationIndustry Webinar. Project Single Points of Failure. August 23, 2018
Industry Webinar Project 2015-10 Single Points of Failure August 23, 2018 Agenda Presenters Standard Drafting Team o Chair, Jonathan Hayes, SPP o Vice Chair, Delyn Kilpack, LGE-KU NERC Staff o Latrice
More informationNORTH AMERICAN ELECTRIC RELIABILITY CORPORATION
NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION NARUC Energy Regulatory Partnership Program The Public Services Regulatory Commission of Armenia and The Iowa Utilities Board Janet Amick Senior Utility
More informationEEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,
EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1, 2008 www.morganlewis.com Overview Reliability Standards Enforcement Framework Critical Infrastructure Protection (CIP)
More informationThis section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft
More informationProject CIP Modifications
Project 2016-02 CIP Modifications Webinar on Standard Drafting Team Considerations for the Use of Virtualization in the CIP Environment July 19, 2017 Agenda Opening Remarks and Introduction of Presenters
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationCyber Security Standards Drafting Team Update
Cyber Security Standards Drafting Team Update Michael Assante, VP & Chief Security Officer North American Electric Reliability Corp. February 3, 2008 Overview About NERC Project Background Proposed Modifications
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Advisors and Special Event Domestic Incident Tracker Overview Federal
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014
Federal Energy Regulatory Commission Order No. 791 June 2, 2014 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently proposed
More informationCyber Threats? How to Stop?
Cyber Threats? How to Stop? North American Grid Security Standards Jessica Bian, Director of Performance Analysis North American Electric Reliability Corporation AORC CIGRE Technical Meeting, September
More informationImpacts and Implementation: NERC Reliability Standards, Compliance Initiatives, and Regulatory Activities
Impacts and Implementation: NERC Reliability Standards, Compliance Initiatives, and Regulatory Activities NRECA TechAdvantage March 2014 Patti Metro Manager, Transmission & Reliability Standards NRECA
More information2018 MRO Regional Risk Assessment
MIDWEST RELIABILITY ORGANIZATION 2018 MRO Regional Risk Assessment Ben Lewiski, Risk Assessment and Mitigation Engineer November 28, 2017 Improving RELIABILITY and mitigating RISKS to the Bulk Power System
More informationBreakfast. 7:00 a.m. 8:00 a.m.
Breakfast 7:00 a.m. 8:00 a.m. Opening Announcements NERC 2015 Standards and Compliance Spring Workshop April 3, 2015 NERC Antitrust Compliance Guidelines It is NERC s policy and practice to obey the antitrust
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationGrid Security & NERC
Grid Security & NERC Janet Sena, Senior Vice President, Policy and External Affairs Southern States Energy Board 2017 Associate Members Winter Meeting February 27, 2017 Recent NERC History Energy Policy
More informationERO Enterprise IT Projects Update
ERO Enterprise IT Projects Update Stan Hoptroff, Vice President, Chief Technology Officer and Director of Information Technology Technology and Security Committee Meeting November 6, 2018 Agenda ERO IT
More informationProject CIP Modifications. Webinar on Revisions in Response to LERC Directive August 16, 2016
Project 2016-02 CIP Modifications Webinar on Revisions in Response to LERC Directive August 16, 2016 Administrative Items NERC Antitrust Guidelines It is NERC s policy and practice to obey the antitrust
More informationRailroad Infrastructure Security
TRB Annual Meeting January 14, 2002 Session 107 - Railroad Security William C. Thompson william.thompson@jacobs.com 402-697-5011 Thanks to: Bob Ulrich Dr. William Harris Byron Ratcliff Frank Thigpen John
More informationUtility Brand Studio THE STATE OF PHYSICAL GRID
Utility Brand Studio THE STATE OF PHYSICAL GRID 2015 DEMOGRAPHICS Every utility is different, so we asked those surveyed to provide information about the type of utility they work for, the grid operations
More informationProject Modifications to CIP Standards. Technical Conference April 19, 2016 Atlanta, GA
Project 2016-02 Modifications to CIP Standards Technical Conference April 19, 2016 Atlanta, GA Agenda Welcome Steven Noess NERC Antitrust Compliance Guidelines and Public Announcement* - Al McMeekin Logistics
More informationSupply Chain Cybersecurity Risk Management Standards. Technical Conference November 10, 2016
Supply Chain Cybersecurity Risk Management Standards Technical Conference November 10, 2016 Agenda Opening remarks Review conference objectives and ground rules Standards project overview Discuss draft
More informationPresented by Joe Burns Kentucky Rural Water Association July 19, 2005
Infrastructure Security for Public Water and Wastewater Utilities Presented by Joe Burns Kentucky Rural Water Association July 19, 2005 Public Health Security and Bioterrorism Preparedness and Response
More informationProject Modifications to CIP Standards
Project 2016-02 Modifications to CIP Standards Virtualization and other Technology Innovations Presenters Jay Cribb, Southern Company Steve Brain, Dominion Energy Forrest Krigbaum, Bonneville Power Administration
More informationGuidelines for Submitting NERC Reliability Standards Required Documents to the SPP Reliability Coordinator and the SPP Balancing Authority Version 1
Guidelines for Submitting NERC Reliability Standards Required Documents to the SPP Reliability Coordinator and the SPP Balancing Authority Version 1 Revision History Version Effective Date Summary of Revisions
More informationCYBER SECURITY POLICY REVISION: 12
1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred
More informationPrivate Sector Clearance Program (PSCP) Webinar
Private Sector Clearance Program (PSCP) Webinar Critical Infrastructure Protection Committee November 18, 2014 Nathan Mitchell, ESCC Clearance Liaison Agenda History NERC CIPC Private Sector Clearance
More informationRisk-Based Approach to Compliance Monitoring and Enforcement
Risk-Based Compliance Oversight Plan Process for Risk Elements and Associated The ERO Enterprise continues to identify risks to the reliability of the BPS, as well as mitigating factors that may reduce
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 10 Chapter X Security Performance Metrics Background For many years now, NERC and the electricity industry have taken actions to address cyber and physical
More informationTSA/FTA Security and Emergency Management Action Items for Transit Agencies
TSA/FTA Security and Emergency Management Action Items for Transit Agencies AACTION ITEM LIST Management and Accountability 1. Establish Written System Security Programs and Emergency Management Plans:
More informationProject Modifications to BAL Frequency Response and Frequency Bias Setting. Industry Webinar December 18, 2018
Project 2017-01 Modifications to BAL-003-1.1 Frequency Response and Frequency Bias Setting Industry Webinar December 18, 2018 Administrative Items North American Electric Reliability Corporation (NERC)
More informationCritical Infrastructure Protection Committee Strategic Plan
Critical Infrastructure Protection Committee Strategic Plan 2013-2016 CIPC Executive Committee 5/14/2013 3353 Peachtree Road NE Suite 600, North Tower Atlanta, Georgia 30326 404-446-2560 www.nerc.com Table
More informationCritical Infrastructure Protection Committee Strategic Plan
Critical Infrastructure Protection Committee Strategic Plan 2015-2018 CIPC Executive Committee Updated: December 13, 2016 NERC Report Title Report Date I Table of Contents Preface... iv Executive Summary...
More informationNB Appendix CIP NB-0 - Cyber Security Personnel & Training
This appendix establishes modifications to the FERC approved NERC standard CIP-004-5.1 for its specific application in New Brunswick. This appendix must be read with CIP-004-5.1 to determine a full understanding
More informationCOUNTERING IMPROVISED EXPLOSIVE DEVICES
COUNTERING IMPROVISED EXPLOSIVE DEVICES FEBRUARY 26, 2013 COUNTERING IMPROVISED EXPLOSIVE DEVICES Strengthening U.S. Policy Improvised explosive devices (IEDs) remain one of the most accessible weapons
More informationCritical Cyber Asset Identification Security Management Controls
Implementation Plan Purpose On January 18, 2008, FERC (or Commission ) issued Order. 706 that approved Version 1 of the Critical Infrastructure Protection Reliability Standards, CIP-002-1 through CIP-009-1.
More informationCarl Herron, Senior Manager Physical Security Analyst NPCC Fall Workshop November 8, 2017 Hartford Connecticut
Physical Security Analysis of Substations Carl Herron, Senior Manager Physical Security Analyst NPCC Fall Workshop November 8, 2017 Hartford Connecticut NPCC Fall Workshop Substation Review Vulnerabilities
More informationTitle. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.
Critical Infrastructure Protection Getting Low with a Touch of Medium Title CanWEA Operations and Maintenance Summit 2018 January 30, 2018 George E. Brown Compliance Manager Acciona Wind Energy Canada
More informationCompliance Exception and Self-Logging Report Q4 2014
Agenda Item 5 Board of Trustees Compliance Committee Open Session February 11, 2015 Compliance Exception and Self-Logging Report Q4 2014 Action Information Introduction Beginning in November 2013, NERC
More informationToward All-Hazards Security and Resilience for the Power Grid
Toward All-Hazards Security and Resilience for the Power Grid Juan Torres Associate Laboratory Director, Energy Systems Integration National Renewable Energy Laboratory December 6, 2017 1 Grid Modernization
More informationSecurity Guideline for the Electricity Sub-sector: Physical Security Response
Security Guideline for the Electricity Sub-sector: Physical Security Response Preamble: This guideline addresses potential risks that can apply to some electricity sub-sector organizations and provides
More informationDRAFT. Standard 1300 Cyber Security
These definitions will be posted and balloted along with the standard, but will not be restated in the standard. Instead, they will be included in a separate glossary of terms relevant to all standards
More informationThe University of British Columbia Board of Governors
The University of British Columbia Board of Governors Policy No.: 118 Approval Date: February 15, 2016 Responsible Executive: University Counsel Title: Safety and Security Cameras Background and Purposes:
More informationStandard CIP-006-4c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-4c 3. Purpose: Standard CIP-006-4c is intended to ensure the implementation of a physical security
More informationStandard CIP Cyber Security Critical Cyber As s et Identification
A. Introduction 1. Title: Cyber Security Critical Cyber Asset Identification 2. Number: CIP-002-4 3. Purpose: NERC Standards CIP-002-4 through CIP-009-4 provide a cyber security framework for the identification
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationTransmission Resiliency & Security
Transmission Resiliency & Security Response to High Impact Low Frequency Threats Richard Lordan, PE Senior Technical Executive NCSL-NARUC Energy Risk & Critical Infrastructure Protection Workshop May 25,
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationAppendix A3 - Northeast Power Coordinating Council (NPCC) 2015 CMEP Implementation Plan for Entities within the U.S.
Appendix A3 - Northeast Power Coordinating Council (NPCC) 2015 CMEP Implementation Plan for Entities within the U.S. This Appendix contains the CMEP Implementation Plan (IP) for the registered entities
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015
Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently
More informationuanacia 1+1 MARINE SECURITY OPERATIONS BULLETIN No:
1+1 MARINE SECURITY OPERATIONS BULLETIN No: 2014-001 CLARIFICATION OF TRANSPORT CANADA (TC) MARINE SECURITY MANDATORY THREAT, BREACH AND INCIDENT REPORTING REOUIREMENTS THIS MARINE SECURITY OPERATIONS
More informationOhio Supercomputer Center
Ohio Supercomputer Center Security Notifications No: Effective: OSC-10 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original Publication
More informationAnalysis of CIP-006 and CIP-007 Violations
Electric Reliability Organization (ERO) Compliance Analysis Report Reliability Standard CIP-006 Physical Security of Critical Cyber Assets Reliability Standard CIP-007 Systems Security Management December
More informationReliability Compliance Update. Reliability Standards and Compliance Subcommittee Preston Walker August 16, 2018
Reliability Compliance Update Reliability Standards and Compliance Subcommittee Preston Walker August 16, 2018 NERC Standards Under Development Standards Project Action End Date Comment 08/27/2018 Draft
More informationipcgrid 2015 March 26, 2015 David Roop Director Electric Transmission Operations Dominion Virginia Power
Substation Security and Resiliency Update on Accomplishments thus far ipcgrid 2015 March 26, 2015 David Roop Director Electric Transmission Operations Dominion Virginia Power Dominion Profile Leading provider
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationCyber Security Reliability Standards CIP V5 Transition Guidance:
Cyber Security Reliability Standards CIP V5 Transition Guidance: ERO Compliance and Enforcement Activities during the Transition to the CIP Version 5 Reliability Standards To: Regional Entities and Responsible
More informationERO Reliability Risk Priorities Report. Peter Brandien, RISC Chair Member Representatives Committee Meeting November 1, 2016
ERO Reliability Risk Priorities Report Peter Brandien, RISC Chair Member Representatives Committee Meeting November 1, 2016 RISC s Proposed 2016 Risk Profiles Changing Resource Mix Bulk Power System Planning
More informationMulti-Region Registered Entity Coordinated Oversight Program
Multi-Region Registered Entity Coordinated Oversight Program Ken McIntyre, Vice President and Director of Standards and Compliance Compliance Committee Open Meeting February 7, 2018 Coordinated Oversight
More informationSecurity Guideline for the Electricity Sector: Business Processes and Operations Continuity
Security Guideline for the Electricity Sector: Business Processes and Operations Continuity Preamble: It is in the public interest for NERC to develop guidelines that are useful for improving the reliability
More informationThis draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationPIPELINE SECURITY An Overview of TSA Programs
PIPELINE SECURITY An Overview of TSA Programs Jack Fox Pipeline Industry Engagement Manager Surface Division Office of Security Policy & Industry Engagement May 5, 2014 TSA and Pipeline Security As the
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Worksheet 1 FAC-003-4 Transmission Vegetation Management. Registered Entity Name: Applicable Function(s): Applicable only for TO and GO Compliance Monitoring Method: RSAW Version:
More informationExecutive Order on Coordinating National Resilience to Electromagnetic Pulses
Executive Order on Coordinating National Resilience to Electromagnetic Pulses The Wh... Page 1 of 11 EXECUTIVE ORDERS Executive Order on Coordinating National Resilience to Electromagnetic Pulses INFRASTRUCTURE
More information1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010
Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes
More informationHOTEL RESILIENT Plan ahead stay ahead. With support from the German Government through
HOTEL RESILIENT Plan ahead stay ahead With support from the German Government through WHAT CAN GO WRONG WILL GO WRONG Murphy s Law More than 40% of hotels do not reopen after large disasters FEMA 2010
More informationCIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security System Security Management 2. Number: CIP-007-5 3. Purpose: To manage system security by specifying select technical, operational, and procedural requirements in
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 9 Chapter X Security Performance Metrics Background For the past two years, the State of Reliability report has included a chapter for security performance
More informationNERC Staff Organization Chart Budget
NERC Staff Organization Chart 2013 2014 President and CEO (Dept. 2100) Executive Assistant (Dept. 2100) Senior Vice President and Chief Operating Officer (Dept. 2100) Senior Vice President General Counsel
More informationStandard CIP-006-3c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3c 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security
More informationStandard EOP Disturbance Reporting
A. Introduction 1. Title: Disturbance Reporting 2. Number: EOP-004-1 3. Purpose: Disturbances or unusual occurrences that jeopardize the operation of the Bulk Electric System, or result in system equipment
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationStandard CIP 004 3a Cyber Security Personnel and Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-3a 3. Purpose: Standard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access
More informationOffice of Infrastructure Protection Overview
Office of Infrastructure Protection Overview Harvey Perriott Protective Security Advisor North Texas District U.S. Department of Homeland Security Vision and Mission Vision A safe, secure, and resilient
More informationCIP Cyber Security Personnel & Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-5.1 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the BES from individuals
More informationTOP-010-1(i) Real-time Reliability Monitoring and Analysis Capabilities
A. Introduction 1. Title: Real-time Reliability Monitoring and Analysis Capabilities 2. Number: TOP-010-1(i) 3. Purpose: Establish requirements for Real-time monitoring and analysis capabilities to support
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More information