Live Webinar: Best Practices in Substation Security November 17, 2014
|
|
- Evan Hancock
- 5 years ago
- Views:
Transcription
1 Live Webinar: Best Practices in Substation Security November 17,
2 Agenda & Panelists Welcome & Introduction - Allan Wick, CFE, CPP, PSP, PCI, CBCP Enterprise Security Manager-CSO Tri-State Generation & Transmission Assoc. NERC Reliability Standards, Metcalf - Brian M. Harrell, CPP Director, ES-ISAC Operations Electricity Sector Information Sharing and Analysis Center North American Electric Reliability Corporation Protecting Our Key Electrical Assets - David Batz, CISSP Director, Cyber & Infrastructure Security at the Edison Electric Institute (EEI) Substation Physical & Electronic Security - Hamid Sharifnia, P.E. Sr. Substation Technical Advisor Chair, IEEE Physical Security Standards Working Group ShotSpotter 2
3 Physical Security Update Brian M. Harrell, CPP Director, NERC ES-ISAC November 2014
4 Over 55,000 Substations over 100 Kv in size!
5 The Real Challenge Securing a Remote or Urban Asset!
6 Metcalf 10 of /230kV units damaged 3 of 4-230/115 kv units damaged 6 x 115kV Circuit Breakers received gunshot damage
7 Metcalf
8 Physical Security Standard CIP-014 Purpose: To identify and protect transmission stations and transmission substations, their associated primary control centers, that if rendered inoperable or damaged as a result of physical attack could result in widespread instability, uncontrolled separation, or cascading within an interconnection. Applicability: Transmission Owners (TO) Transmission Operators (TOP)
9 Physical Security Standard CIP-014 FERC Directive to NERC on March 7th SDT quickly assembled Physical security plan to secure the most critical sub-stations and primary Control Centers Approved by industry on 5/5 Submitted to FERC on 5/23 FERC NOPR on 7/17
10 Information Sharing
11 The Electric Sector Information Sharing and Analysis Center (ES-ISAC) provides a trusted capability for: ES-ISAC Sharing sector specific information Collecting, analyzing, and disseminating Alerts and incident reports Working with government agencies to ensure sector technical details are accurately understood Coordinating with other ISACs and International groups Providing for mutual information sharing during disruptions
12 ES-ISAC Portal Goals for the ES-ISAC Portal Extend the functionality and use of the portal Utilize Microsoft technology and maintain alignment with existing and future information technology (IT) in-house initiatives Act as the clearinghouse for Registered Entities to securely find, share, and collaborate on critical infrastructure and security related information Portal will undergo aggressive schedule following several iterations of Design Build Test Promote cycles (see next slide for graphic) Objectives: Portal 1.0 go-live This will put the portal out of pilot mode and into full production open to all registered entities HYDRA This will create a collaborative zone strictly for registered entity HYDRA members Task Force Collaboration Zones This will create a collaborative zone strictly for registered entity task forces Portal 1.5 This will have a formal feature addition list for the main site as well as HYDRA and Task Forces Condition Reporting This will serve as a hub to report one event by the registered entity to various groups such as CID, SA, EA Portal 2.0 Feature and polish incremental release (TBD during design phase) The portal will create the vertical communications that were regarded as lacking during the GridEx.
13 ES-ISAC Outreach Activities GridEx III- November 18-19, 2015 DHS Energy Sector Road Show Briefings Critical Infrastructure Protection Committee (CIPC) Meetings One-on-One Outreach Visits NERC Grid Security Conference (GridSecCon) Cyber Risk Preparedness Assessments (CRPA) DOE/DHS/NERC Physical Security Maturity Model Increased Physical Security Presence on the ES-ISAC Portal Classified Briefs Next Classified brief (Secret) is Dec. 9 th in Atlanta
14 Critical Infrastructure Protection: Protecting Our Key Electrical Assets David Batz Director Cyber and Infrastructure Security
15 Edison Electric Institute %
16 Spare Transformer Equipment Program SpareConnect SpareConnect offers an online tool to communicate a utility s bulk power system equipment needs and provides point of contact information for people and equipment across the North American electric utility industry for specific equipment categories and classes.
17 Timeline
18 IEEE PES Substations Committee Substation Physical and Electronic Security Hamid Sharifnia, P.E. November 17 th, 2014
19 1. Despite the Metcalf attack, most U.S. substations remain vulnerable. 2. Best practices for a comprehensive security program for substations. 3. Components of a complete physical security plan for electric power substations. 4. Physical protection to mitigate the risks for unmanned, rural substations. 5. Requirements for different levels of physical security for electric power substations. 6. Best practices for alerting first responders and how do staff security teams interact with them?
20 IEEE PROJECT P1402 Standard for Physical Security of Electric Power Substations (Read entire Standard at Overview. P1402 This standard establishes minimum requirements and practices for the physical security of electric power substations. Threat assessment; Social, political & economic background of the threat, company downsizing. Intrusions; - Type of Intrusions, pedestrian, vehicular, projectile, electronic; - Parameters, events that influence intrusions
21 Substation Security Plan Objective States primary concerns, such as vandalism and theft in existing stations, or theft and injury during substation construction. Responsibility, Who? Basic Requirements Minimum level includes fences with locked gates, control buildings w locked doors, Additional measures Motion detectors, perimeter/area detection systems, security cameras, jersey barriers, posted guards Sample assessment
22 Criteria for Substation Security A. Security Methods Barriers; fence, walls, locks; Electronic; motion sensing, video surveillance, building system, computer security, passwords, dial back verification, selective access, virus scans, encrypting and coding; Other Methods; lighting, landscaping, building, patrols, B. Communications Internal; all employees know their security responsibilities. External; neighbors, community C. Effectiveness of Security Methods
23 Security Measure: Fence, Wall, Barriers, Passive Anti-arm Barriers, Active Entry Point. Mitigation: Electronic Access Control, Barcode, Magnetic Stripe, Biometric Readers, Perimeter intrusion detections systems, Video Monitoring System, Gunshot Detection, Security Lighting, Power & Communication. Optimum Security Option: Computing equipment shall be placed in a physically controlled environment with access limited to personnel who are responsible for administering the equipment. The room shall have proper environmental controls. Risk: An initial survey of substations and overall systems should be conducted to identify persons or groups who threaten substations and to identify the risks such as theft, vandalism, or terrorism.
24 Possible Threat Vectors Unauthorized forced entry Insider threat Small arms ballistic attack (gunfire) Improvised explosive device
25 Effectiveness of security methods rural substations Survey cited in1402 standard
26 Best Practices: Working w First Responders Have a plan. Establish relationships with federal & local law enforcement officials, review your plan with them. Designate a point person - both at your facility and in local law enforcement. Keep abreast of threats and attacks. Consider hosting training events with federal & local law enforcement officials at your facility to help strengthen relationships, improve information sharing and help build more accurate risk assessments.
27 Webinar: Best Practices in Substation Security 27 Q & A How Can We Help? info@shotspotter.com awick@tristategt.org dbatz@eei.org brian.harrell@nerc.net Hamids@ieee.org Makers of ShotSpotter SiteSecure Gunshot Detection Solutions for Utilities For more info, see
Project Physical Security Directives Mapping Document
Document Background In Order No. 802 (final order on CIP-014-1 Physical Security), issued on November 20, 2014, FERC directed NERC to remove the term widespread from Reliability Standard CIP-014-1 or,
More informationPhysical Security Reliability Standard Implementation
Physical Security Reliability Standard Implementation Attachment 4b Action Information Background On March 7, 2014, the Commission issued an order directing NERC to submit for approval, within 90 days,
More informationCIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra
CIP-014 JEA Compliance Approach FRCC Fall Compliance Workshop Presenter Daniel Mishra Acronyms & Terminologies DHS Department of Homeland Security JEA It s not an acronym JSO Jacksonville Sheriff's Office
More informationGrid Security & NERC
Grid Security & NERC Janet Sena, Senior Vice President, Policy and External Affairs Southern States Energy Board 2017 Associate Members Winter Meeting February 27, 2017 Recent NERC History Energy Policy
More informationGrid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016
Grid Security & NERC Council of State Governments The Future of American Electricity Policy Academy Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016 1965 Northeast blackout
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationOPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith
OPUC Workshop March 13, 2015 Cyber Security Electric Utilities Portland General Electric Co. Travis Anderson Scott Smith 1 CIP Version 5 PGE Implementation Understanding the Regulations PGE Attended WECC
More informationLADWP Critical Infrastructure Protection
d ---- w. ^ - ** : _ mwm FEB 0 2 2016 B... gi r.* *«r 3br»t*> it-i > \ S fr-% LU Threat and Vulnerability Assessments Water and Power Facilities / * LADWP Critical Infrastructure Protection Control
More informationChapter X Security Performance Metrics
DRAFT February 19, 15 BES Security s Working Group Page 1 of 7 Chapter X Security Performance s 1 3 3 3 3 0 Background The State of Reliability 1 report noted that the NERC PAS was collaborating with the
More informationSecurity Guideline for the Electricity Sub-sector: Physical Security Response
Security Guideline for the Electricity Sub-sector: Physical Security Response Preamble: This guideline addresses potential risks that can apply to some electricity sub-sector organizations and provides
More information2015 Risk Element: Extreme Physical Events
2015 Risk Element: Extreme Physical Events Industry Webinar October 15, 2015 Administrative Items NERC Antitrust Guidelines It is NERC s policy and practice to obey the antitrust laws fully and to avoid
More informationCIP Physical Security What to Expect
CIP-014-2 Physical Security What to Expect March 28, 2017 Kevin Perry Director, Critical Infrastructure Protection Jeff Rooker Lead Compliance Engineer 1 Purpose To identify and protect Transmission stations
More informationImplementing Cyber-Security Standards
Implementing Cyber-Security Standards Greg Goodrich TFIST Chair, CISSP New York Independent System Operator Northeast Power Coordinating Council General Meeting Montreal, QC November 28, 2012 Topics Critical
More information1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010
Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes
More informationElectricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013
Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013 Purpose and Scope The purpose of the Electricity Sub-Sector Coordinating Council (ESCC) is to facilitate and support
More informationCritical Infrastructure Protection Version 5
Critical Infrastructure Protection Version 5 Tobias Whitney, Senior CIP Manager, Grid Assurance, NERC Compliance Committee Open Meeting August 9, 2017 Agenda Critical Infrastructure Protection (CIP) Standards
More informationJune 4, 2014 VIA ELECTRONIC FILING. Veronique Dubois Régie de l'énergie Tour de la Bourse 800, Place Victoria Bureau 255 Montréal, Québec H4Z 1A2
June 4, 2014 VIA ELECTRONIC FILING Veronique Dubois Régie de l'énergie Tour de la Bourse 800, Place Victoria Bureau 255 Montréal, Québec H4Z 1A2 Re: North American Electric Reliability Corporation Dear
More informationRecent Issues in Electric Grid Physical Security
Recent Issues in Electric Grid Physical Security Paul W. Parfomak, Ph.D. Congressional Research Service pparfomak@crs.loc.gov Carnegie Mellon University Electricity Industry Center October 8, 2014 What
More informationIndustry Webinar. Project Modifications to CIP-008 Cyber Security Incident Reporting. November 16, 2018
Industry Webinar Project 2018-02 Modifications to CIP-008 Cyber Security Incident Reporting November 16, 2018 Agenda Presenters Standard Drafting Team NERC Staff - Alison Oswald Administrative Items Project
More informationDHS Cybersecurity: Services for State and Local Officials. February 2017
DHS Cybersecurity: Services for State and Local Officials February 2017 Department of Established in March of 2003 and combined 22 different Federal departments and agencies into a unified, integrated
More informationProject Modifications to CIP Standards. Technical Conference April 19, 2016 Atlanta, GA
Project 2016-02 Modifications to CIP Standards Technical Conference April 19, 2016 Atlanta, GA Agenda Welcome Steven Noess NERC Antitrust Compliance Guidelines and Public Announcement* - Al McMeekin Logistics
More informationDHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017
DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.
More informationCIP Cyber Security Configuration Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationNERC Staff Organization Chart 2015 Budget
NERC Staff Organization Chart President and CEO (Dept. 2100) Executive Assistant (Dept. 2100) Associate Director, Member Relations and MRC Secretary (Dept. 2100) Senior Vice President and Chief Reliability
More informationCyber Threats? How to Stop?
Cyber Threats? How to Stop? North American Grid Security Standards Jessica Bian, Director of Performance Analysis North American Electric Reliability Corporation AORC CIGRE Technical Meeting, September
More informationSecuring the Grid and Your Critical Utility Functions. April 24, 2017
Securing the Grid and Your Critical Utility Functions April 24, 2017 1 Securing the Grid Effectively and Efficiently Recent threats to the Electric Grid and the importance of security Standards and Requirements
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014
Federal Energy Regulatory Commission Order No. 791 June 2, 2014 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently proposed
More informationStandard CIP-006-3c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3c 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security
More informationUtility Brand Studio THE STATE OF PHYSICAL GRID
Utility Brand Studio THE STATE OF PHYSICAL GRID 2015 DEMOGRAPHICS Every utility is different, so we asked those surveyed to provide information about the type of utility they work for, the grid operations
More informationERO Enterprise IT Projects Update
ERO Enterprise IT Projects Update Stan Hoptroff, Vice President, Chief Technology Officer and Director of Information Technology Technology and Security Committee Meeting November 6, 2018 Agenda ERO IT
More informationCIP Version 5 Transition. Steven Noess, Director of Compliance Assurance Member Representatives Committee Meeting November 12, 2014
CIP Version 5 Transition Steven Noess, Director of Compliance Assurance Member Representatives Committee Meeting November 12, 2014 Purpose of the Transition Program Transitioning entities confident in
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 10 Chapter X Security Performance Metrics Background For many years now, NERC and the electricity industry have taken actions to address cyber and physical
More informationDRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1
DRAFT Cyber Security Communications between Control Centers Technical Rationale and Justification for Reliability Standard CIP-012-1 March May 2018 NERC Report Title Report Date I Table of Contents Preface...
More informationCyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.
Cyber Security For Utilities Risks, Trends & Standards IEEE Toronto March 22, 2017 Doug Westlund Senior VP, AESI Inc. Agenda Cyber Security Risks for Utilities Trends & Recent Incidents in the Utility
More informationWater Information Sharing and Analysis Center
SUPERCHARGE YOUR SECURITY Water Information Sharing and Analysis Center DHS Hunt and Incident Response Team September 12, 2018 SUPERCHARGE YOUR SECURITY Presenter Brian Draper, DHS NCCIC HIRT Slides and
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More information151 FERC 61,066 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION ORDER DENYING REHEARING. (Issued April 23, 2015)
151 FERC 61,066 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Before Commissioners: Norman C. Bay, Chairman; Philip D. Moeller, Cheryl A. LaFleur, Tony Clark, and Colette D. Honorable.
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015
Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently
More informationGridEx IV Initial Lessons Learned and Resilience Initiatives
GridEx IV Initial Lessons Learned and Resilience Initiatives LeRoy T. Bunyon, MBA, CBCP Sr. Lead Analyst, Business Continuity 2017 GridEx IV GridEx is a NERC-sponsored, North American grid resilience exercise
More informationDRAFT. Standard 1300 Cyber Security
These definitions will be posted and balloted along with the standard, but will not be restated in the standard. Instead, they will be included in a separate glossary of terms relevant to all standards
More informationipcgrid 2015 March 26, 2015 David Roop Director Electric Transmission Operations Dominion Virginia Power
Substation Security and Resiliency Update on Accomplishments thus far ipcgrid 2015 March 26, 2015 David Roop Director Electric Transmission Operations Dominion Virginia Power Dominion Profile Leading provider
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationELECTRIC UTILITY SECTOR PHYSICAL THREATS (DBT) & RESPONSE PLANNING
ELECTRIC UTILITY SECTOR PHYSICAL THREATS (DBT) & RESPONSE PLANNING Helping to keep the lights on, businesses running and communities strong 1 Objectives The Utility Business has Changed Methodology Program
More informationCarl Herron, Senior Manager Physical Security Analyst NPCC Fall Workshop November 8, 2017 Hartford Connecticut
Physical Security Analysis of Substations Carl Herron, Senior Manager Physical Security Analyst NPCC Fall Workshop November 8, 2017 Hartford Connecticut NPCC Fall Workshop Substation Review Vulnerabilities
More informationStandards. Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016
Standards Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016 Balancing Authority Reliability-based Controls Reliability Benefits Data requirements for Balancing Authority (BA)
More information2011 North American SCADA & Process Control Summit March 1, 2011 Orlando, Fl
Beyond Compliance Greg Goodrich Supervisor, Enterprise Security New York Independent System Operator 2011 North American SCADA & Process Control Summit March 1, 2011 Orlando, Fl Roles of the NYISO Reliable
More informationBILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers
This document is scheduled to be published in the Federal Register on 07/28/2016 and available online at http://federalregister.gov/a/2016-17854, and on FDsys.gov BILLING CODE 6717-01-P DEPARTMENT OF ENERGY
More informationSecurity Guideline for the Electricity Sector: Physical Security
Security Guideline for the Electricity Sector: Physical Security Preamble: It is in the public interest for NERC to develop guidelines that are useful for improving the reliability of the bulk electric
More informationEEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,
EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1, 2008 www.morganlewis.com Overview Reliability Standards Enforcement Framework Critical Infrastructure Protection (CIP)
More informationCritical Infrastructure Protection Committee Strategic Plan
Critical Infrastructure Protection Committee Strategic Plan 2013-2016 CIPC Executive Committee 5/14/2013 3353 Peachtree Road NE Suite 600, North Tower Atlanta, Georgia 30326 404-446-2560 www.nerc.com Table
More informationCIP V5 Updates Midwest Energy Association Electrical Operations Conference
CIP V5 Updates Midwest Energy Association Electrical Operations Conference May 2015 Bob Yates, CISSP, MBA Principal Technical Auditor ReliabilityFirst Corporation Agenda Cyber Security Standards Version
More informationSummary of FERC Order No. 791
Summary of FERC Order No. 791 On November 22, 2013, the Federal Energy Regulatory Commission ( FERC or Commission ) issued Order No. 791 adopting a rule that approved Version 5 of the Critical Infrastructure
More informationPresented by Joe Burns Kentucky Rural Water Association July 19, 2005
Infrastructure Security for Public Water and Wastewater Utilities Presented by Joe Burns Kentucky Rural Water Association July 19, 2005 Public Health Security and Bioterrorism Preparedness and Response
More informationCritical Infrastructure Protection Committee Strategic Plan
Critical Infrastructure Protection Committee Strategic Plan 2015-2018 CIPC Executive Committee Updated: December 13, 2016 NERC Report Title Report Date I Table of Contents Preface... iv Executive Summary...
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Advisors and Special Event Domestic Incident Tracker Overview Federal
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationStandard CIP-006-4c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-4c 3. Purpose: Standard CIP-006-4c is intended to ensure the implementation of a physical security
More informationStandards Authorization Request Form
Standards Authorization Request Form When completed, email this form to: sarcomm@nerc.com NERC welcomes suggestions to improve the reliability of the bulk power system through improved reliability standards.
More informationTHE TRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED BUSINESS INTELLIGENCE SOLUTION BRIEF THE TRIPWIRE NERC SOLUTION SUITE A TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on
More informationNERC Staff Organization Chart Budget
NERC Staff Organization Chart 2013 2014 President and CEO (Dept. 2100) Executive Assistant (Dept. 2100) Senior Vice President and Chief Operating Officer (Dept. 2100) Senior Vice President General Counsel
More informationUNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION. Foundation for Resilient Societies ) Docket No.
UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION Foundation for Resilient Societies ) Docket No. AD17-9-000 COMMENTS OF THE NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION IN OPPOSITION
More informationPrivate Sector Clearance Program (PSCP) Webinar
Private Sector Clearance Program (PSCP) Webinar Critical Infrastructure Protection Committee November 18, 2014 Nathan Mitchell, ESCC Clearance Liaison Agenda History NERC CIPC Private Sector Clearance
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Worksheet 1 CIP-006-6 Cyber Security Physical Security of BES Cyber Systems This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered Entity:
More informationUNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION COMMENTS OF THE PENNSYLVANIA PUBLIC UTILITY COMMISSION
UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Physical Security Reliability : Standard : Docket No. RD14-15-000 COMMENTS OF THE PENNSYLVANIA PUBLIC UTILITY COMMISSION I. INTRODUCTION On
More informationNORTH AMERICAN ELECTRIC RELIABILITY CORPORATION
NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION NARUC Energy Regulatory Partnership Program The Public Services Regulatory Commission of Armenia and The Iowa Utilities Board Janet Amick Senior Utility
More informationCyber Security Incident Report
Cyber Security Incident Report Technical Rationale and Justification for Reliability Standard CIP-008-6 January 2019 NERC Report Title Report Date I Table of Contents Preface... iii Introduction... 1 New
More informationFERC Reliability Technical Conference Panel III: ERO Performance and Initiatives ESCC and the ES-ISAC
: ERO Performance and Initiatives June 4, 2015 Chairman Bay, Commissioners, and fellow panelists, I appreciate the opportunity to address the topics identified for the third panel of today s important
More informationChemical Facility Anti-Terrorism Standards. T. Ted Cromwell Sr. Director, Security and
Chemical Facility Anti-Terrorism Standards T. Ted Cromwell Sr. Director, Security and NJ ELG Operations Meeting Today s Presentation ACC Action Major Rule Components Select Risk-Based Performance Standards
More informationNERC Critical Infrastructure Protection Committee (CIPC) Highlights
NERC Critical Infrastructure Protection Committee (CIPC) Highlights Mike Kraft, Basin Electric Power Cooperative MRO Board of Directors Meeting March 17, 2016 Midwest Reliability Organization Standards
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationThe Terrorism Threat to Physical Assets
The Terrorism Threat to Physical Assets S U B S T A T I O N A T T A C K A N D C O U N T E R M E A S U R E S Howard J. Somers, P.E. Vice President Loss Control / Division Head AEGIS Insurance Services,
More informationIndustry role moving forward
Industry role moving forward Discussion with National Research Council, Workshop on the Resiliency of the Electric Power Delivery System in Response to Terrorism and Natural Disasters February 27-28, 2013
More informationJune 5, 2018 Independence, Ohio
June 5, 2018 Independence, Ohio The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Securing the Nation at the Community Level 2018 Cuyahoga
More informationCYBER SECURITY POLICY REVISION: 12
1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred
More informationCybersecurity for the Electric Grid
Cybersecurity for the Electric Grid Electric System Regulation, CIP and the Evolution of Transition to a Secure State A presentation for the National Association of Regulatory Utility Commissioners March
More informationSecurity Guideline for the Electricity Sector: Physical Security
1 Security Guideline for the Electricity Sector: Physical Security Preamble: It is in the public interest for NERC to develop guidelines that are useful for improving the reliability of the bulk electric
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationNERC Staff Organization Chart
NERC Staff Organization Chart President and CEO Administrative Associate Director to the Office of the CEO Associate Director, Member Relations and MRC Secretary Senior Vice President and Chief Reliability
More informationGridEx IV Panel Discussion
GridEx IV Panel Discussion NERC GridSecCon October, 2016 1 Generation 254 GW Transmission Geography 120,000 Miles 22 States GridEx IV Panel Discussion Focus on Operations NERC GridSecCon October 20, 2016
More informationTSA/FTA Security and Emergency Management Action Items for Transit Agencies
TSA/FTA Security and Emergency Management Action Items for Transit Agencies AACTION ITEM LIST Management and Accountability 1. Establish Written System Security Programs and Emergency Management Plans:
More informationExercise of FERC Authority for Cybersecurity of the North American Electric Grid
Exercise of FERC Authority for Cybersecurity of the North American Electric Grid Thomas S. Popik Joseph M. Weiss George R. Cotter FERC Docket RM15-14-000 www.resilientsocieties.org Agenda Overall Concerns
More informationStandard Authorization Request Form
Title of Proposed Standard Cyber Security Request Date May 2, 2003 SAR Requestor Information Name Charles Noble (on behalf of CIPAG) Company Telephone SAR Type (Check box for one of these selections.)
More informationUNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION ) )
UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION Cyber Security Incident Reporting Reliability Standards ) ) Docket Nos. RM18-2-000 AD17-9-000 COMMENTS OF THE NORTH AMERICAN ELECTRIC
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Organisation for the Prohibition of Chemical Weapons September 13, 2011 Overall Landscape
More informationOctober 2, CIP-014 Report Physical Security Protection for High Impact Control Centers Docket No. RM15-14-
October 2, 2017 Ms. Kimberly D. Bose Secretary Federal Energy Regulatory Commission 888 First Street, NE Washington, D.C. 20426 Re: CIP-014 Report Physical Security Protection for High Impact Control Centers
More informationCIP Compliance Workshop Boise, ID March 29, 2018
CIP-006-6 Compliance Workshop Boise, ID March 29, 2018 Mark Lemery, MSc, CPP, PSP Auditor, Cyber and Physical Security 2 Impact on Reliability Identify WECC s audit approach and inform entities of physical
More informationPhilip Huff Arkansas Electric Cooperative Corporation Doug Johnson Commonwealth Edison Company. CSO706 SDT Webinar August 24, 2011
CIP Standards Version 5 Requirements & Status Philip Huff Arkansas Electric Cooperative Corporation Doug Johnson Commonwealth Edison Company David Revill Georgia Transmission Corporation CSO706 SDT Webinar
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 9 Chapter X Security Performance Metrics Background For the past two years, the State of Reliability report has included a chapter for security performance
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationNATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium
NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities September 10, 2009, Crystal Gateway Marriott, Arlington,
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationThis section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft
More informationPIPELINE SECURITY An Overview of TSA Programs
PIPELINE SECURITY An Overview of TSA Programs Jack Fox Pipeline Industry Engagement Manager Surface Division Office of Security Policy & Industry Engagement May 5, 2014 TSA and Pipeline Security As the
More informationERO Enterprise Strategic Planning Redesign
ERO Enterprise Strategic Planning Redesign Mark Lauby, Senior Vice President and Chief Reliability Officer Member Representatives Committee Meeting February 10, 2016 Strategic Planning Redesign Current
More informationCyber Security Reliability Standards CIP V5 Transition Guidance:
Cyber Security Reliability Standards CIP V5 Transition Guidance: ERO Compliance and Enforcement Activities during the Transition to the CIP Version 5 Reliability Standards To: Regional Entities and Responsible
More informationMarch 6, Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices
March 6, 2019 Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices On July 21, 2016, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability
More informationTitle. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.
Critical Infrastructure Protection Getting Low with a Touch of Medium Title CanWEA Operations and Maintenance Summit 2018 January 30, 2018 George E. Brown Compliance Manager Acciona Wind Energy Canada
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More information