Agenda Event Analysis Subcommittee Conference Call
|
|
- Alexandrina Boone
- 5 years ago
- Views:
Transcription
1 Agenda Event Analysis Subcommittee Conference Call September 11, :00 a.m. 1:00 p.m. Eastern Ready Talk Conference Call and Web Meeting Information: Dial-In: Access Code: Security Code: Webinar: (On the left side of the screen click Join a Meeting enter the above access code and security code to join the webinar) NERC Antitrust Compliance Guidelines Call to Meeting and Roll Call Agenda 1. EIDS Project Status (10 minutes) LaCreacia Smith Objective: Provide an update on the EIDS project to date. a. Schedule a demonstration of the EIDS tool before go-live. 2. Duke Energy OC Presentation (10 minutes)* Laura Lee/Sam Holeman Objective: Review revisions to the Duke Energy presentation of Events Analysis and Lessons Learned Program (OC agenda Item 6p) 3. Lessons Learned (30 minutes)* Mark Vastano Objective- Review next Lesson Learned for publishing. a. LL93 IT Communications Disabled b. LL101 Loss of SCADA c. LL109 Failure of Energy Management System (EMS) 4. COM-003 discussion (15 minutes)* Sam Holeman Objective: EAS has been asked by the OC to offer our opinion on communications impacts on the events we have seen.
2 5. EAS Access To Event Reports (15 minutes) Sam Holeman Objective: Discussion of EAS access to event reports submitted through the ERO EAP. 6. EAS Quarterly Report (10 minutes)* Sam Holeman Objective: Review EAS Quarterly Report to OC (agenda Item 5c) 7. EMS Task Force Update (10 minutes) Paul Johnson Objective: Update on EMS TF activities. 8. Trends Working Group Update (10 minutes) Jacquie Smith Objective Update on TWG activities. 9. Roundtable Discussion (10 minutes) All 10. Adjourn Sam Holeman *As needed, background materials attached. Event Analysis Subcommittee Conference Call Agenda September 11,
3 Appendix D Lesson Learned Template Lesson Learned IT Communications Disabled Category: Bulk Power System Operations Primary Interest Groups Generator Operator (GOP) Transmission Operator (TOP) Reliability Coordinator (RC) Transmission Owner (TO) Problem Statement Transmission System Operators lost abilities to authenticate to the EMS system resulting in a loss of monitoring and control functionality for more than 30 minutes. Details Scheduled control center server maintenance was being performed which required the local authentication server to be taken out of service. By design, control center EMS application authentication should have rerouted automatically to a remote authentication server when the local server was taken out of service. Contrary to expectations and design, the automatic re routing of authentication traffic did not occur and the EMS application was impacted. As a result, maintenance on the local authentication server was curtailed and was brought back online. Once local authentication was re established full EMS functionality was available. The root cause analysis determined that a specific firewall policy allowing authentication failover from the local authentication server to the remote authentication server was inadvertently deleted. Corrective Actions The following corrective actions were implemented: IT and business teams worked together to develop a test plan template to ensure that application functionality would be retained and supporting infrastructure components would function as designed. The IT Change Management process was immediately modified to ensure that comprehensive test plans are executed regardless of change classification. The past practice was to allow test plans for work believed to be low risk to use a streamlined process when implementing a change. The prior streamlined process for low risk firewall policy changes required only that an engineering analytical review be performed.
4 IT personnel were retrained on revised change management procedures that included, but were not limited to, use of comprehensive test plans for all change classifications. A redundant local authentication server was installed at the primary control center. Lesson Learned A. EMS network design should, where possible, include redundant local authentication server on the same internal network as the primary local authentication server. Having the primary and redundant local authentication servers on the same internal network (i.e., behind the same firewall) eliminates the dependency on a firewall rule for internal communications to both the primary and redundant local authentication servers. B. The IT Change Control Management process should consider applying the following principles: Apply a thorough test process that is reviewed with the client for all changes that could affect EMS function; Test the design redundancy and/or back out plan prior to implementing a change; and Test plans need to be comprehensive and include regression level testing For more information please contact: Michael Moon Senior Director, NERC Reliability Risk Management Michael.moon@nerc.net John Mosier Assistant Vice president-system Operations jmosier@npcc.org Source of Lesson Learned: NPCC This document is designed to convey lessons learned from NERC s various activities. It is not intended to establish new requirements under NERC s Reliability Standards or to modify the requirements in any existing reliability standards. Compliance will continue to be determined based on language in the NERC Reliability Standards as they may be amended from time to time. Implementation of this lesson learned is not a substitute for compliance with requirements in NERC s Reliability Standards. Lesson Learned Title February 17,
5 Lesson Learned SCADA Failure Resulting in Reduced Monitoring Functionality Primary Interest Groups Reliability Coordinators (RC) Balancing Authority (BA) Transmission Operators (TOP) Problem Statement An entity s primary control center SCADA Management Platform (SMP) servers became unresponsive, which resulted in a partial loss of monitoring and control functions for more than thirty minutes. While this loss of functionality was a result of a conflict between security software configuration changes and core operating system functions, a cyber security event was quickly ruled out and no loss of load occurred during this event. Details The primary control center SMP servers ceased network functionality and were unresponsive to login attempts from the local console. Physical reboots of the servers were only able to resolve the problem momentarily. Recovery Plans were immediately activated, with pre-defined decisions and procedures followed as designed. The entity s primary control center Energy Management Platform (EMP) servers automatically began using the available SCADA signals provided by back-up control center SMP servers and multi-site IP routable SCADA. Manual actions quickly restored additional SCADA functionality for critical non-ip routable circuits by moving those circuits to the back-up SMP servers. Key generation facilities and substations were staffed to ensure any needed control operations could be performed. Once the primary SMP servers were stabilized they were used to operate only non-critical SCADA circuits until root cause was established and full remediation was completed. This was possible due to the multi-site redundancy design of the overall Energy Management System, which allowed the entity s primary control center EMP servers to operate in a mixed mode, combining available SMP capabilities at both primary and back-up control centers. This multi-site redundancy avoided the need for the operators to physically travel to the backup control center during this incident, and also lowered risk during root cause analysis. The entity identified root cause as stemming from a planned change to the security policy configuration of the host-based intrusion detection (HIDS) and intrusion prevention (HIPS) software. As an unintended result, the HIDS/HIPS security software on the SMP server hosts began to block certain core operating system processes when those processes executed in a specific order that coincided with the HIDS/HIPS policy change. The block did not occur until several days after the change was implemented, when the SMP servers performed the specific functions that triggered the conflict and caused the HIDS/HIPS security software to lock down the core operating system.
6 Once the root cause was identified, the entity created a new HIDS/HIPS security policy configuration that allowed the HIDS/HIPS security software to handle the core operating system functions on the SMP server hosts properly. The entity then conducted the necessary testing and implementation to restore functionality to the SMP systems. Corrective Actions The entity engaged the HIDS/HIPS security software vendor to review and implement policy changes to better manage balance between custom configurations and secure threat detection and protection. Processes for implementing HIDS/HIPS security policy changes, while maintaining system integrity, are being reviewed for enhanced functionality and reliability. Solutions from these reviews are being implemented. Lesson Learned This event brought forward several positive lessons learned which minimized the extent of the outage: Security software configurations need careful analysis, design, testing and implementation, as they may impact reliability in unpredictable ways. A multi-site hosting configuration provides flexibility and convenience for rapid recovery capability of EMS and SCADA functions. Frequent exercise of and training on Recovery Plans ensures that actual event responses go according to plan and promptly mitigate operational impacts. For more information please contact: Source of Lesson Learned: Regional Contact Steve Ashbaker Title Director Operations ashbaker@wecc.biz Phone # This document is designed to convey lessons learned from NERC s various activities. It is not intended to establish new requirements under NERC s Reliability Standards or to modify the requirements in any existing reliability standards. Compliance will continue to be determined based on language in the NERC Reliability Standards as they may be amended from time to time. Implementation of this lesson learned is not a substitute for compliance with requirements in NERC s Reliability Standards. Lesson Learned SCADA Failure Resulting in Reduced Monitoring Functionality 2
7 Appendix D Lesson Learned Title: Failure of Energy Management System (EMS) Primary Interest Groups Reliability Coordinators Transmission Operators Transmission Owners Problem Statement Failure of Energy Management System (EMS) while performing a database update. Details While performing edits to the Energy Management System (EMS) database, alarms were received indicating errors for the Communications servers. A decision was made to restore the database to its original state. While performing the restore procedure, the Stand-by Communications server in the PCC was manually restarted. This caused the reversal of the database edits to fail and create faulty data files that synchronized across the integrated system servers. Although alarms were received for all communication servers, only the Stand-by communications server in the PCC failed and the EMS remained fully operational. The faulty data files were manually removed from all servers and a SCADA server failover was completed. An attempt to enable the Stand-by Communications server at the PCC failed. The EMS group executed a system warm restart but since the EMS is an integrated system, the system warm restart resulted in the faulty data in the database to be loaded into the remaining two Communications servers whereby all three Communications servers failed. At this point the EMS lost functionality and was operational on a sporadic basis. At no point was the EMS off-line for a period exceeding 30 minutes. With the failure of the three Communications Servers, incremental system scans were performed. Subsequently, the substantive issues with the EMS were resolved and the EMS was restored with a minimum server requirement configuration with full functionality. Once the limited server system was verified as stable, all remaining servers were successfully brought back manually into synchronization with the EMS. Corrective Actions Training documents will be developed to document revised steps for database updates and communication server restarts to eliminate the failure mode experienced during this incident as a result of the integrated system.
8 Database update testing procedures and documentation will be reviewed to ensure that testing requirements are clear and concise. Although the database updates were implemented first on both the Product Development System (PDS) and the Dispatcher Training System (DTS), error logs were only partially reviewed. Therefore, the testing procedures will be updated to include step-by-step instructions to ensure that the procedures are completely carried out simulating the production environment that includes separate windows used for log viewing and update time log tracing. EMS analysts will receive training on the existing and new procedures. A proposal was requested and has been received from the EMS vendor to upgrade the EMS to a new EMS server environment whereby the PCC and the ACC databases will be separate. In the new system, database updates will be required to be performed on both the PCC and ACC independently to reduce the risk of any anomalies at the PCC from being propagated to the ACC, providing increased reliability to the EMS system. Lesson Learned When the EMS was purchased, this vulnerability of an integrated system architecture was unknown. With this vulnerability having been exposed, it is recommended that functional separation of the Primary Control Center from the Alternate Control Center be implemented to eliminate this vulnerability. For more information please contact: Earl Shockley John Mosier Director of Event Analysis and Investigations Assistant Vice president-system Operations earl.shockley@nerc.net jmosier@npcc.org Source of Lesson Learned: Northeast Power Coordinating Council, Inc. (NPCC) This document is designed to convey lessons learned from NERC s various activities. It is not intended to establish new requirements under NERC s Reliability Standards or to modify the requirements in any existing reliability standards. Compliance will continue to be determined based on language in the NERC Reliability Standards as they may be amended from time to time. Implementation of this lesson learned is not a substitute for compliance with requirements in NERC s Reliability Standards. Lesson Learned Title February 17,
9 Sam, Not sure if you have been following the COM-003 discussions from the NERC Board meeting. Please see the OC meeting material section I have attached below. Would you have some time to chat next week? It is my understanding that there has never been a BES event caused by miscommunications during non-emergency conditions. I just wanted to have a short discussion from an EAS perspective. Could you call my cell at your convenience? Cell (518) c. NERC Board Resolution: Operating Personnel Communication Protocols COM 003 1* Chair Castle Action: Approve Objective: Review, discuss and formulate an action plan to address the NERC Board s resolution regarding COM Background: The Board s resolution concluded with: FURTHER RESOLVED, that the RISC, the Independent Experts Panel, and NERC management are hereby directed to prepare responses to the questions set forth in the foregoing resolution and transmit a copy of their responses to the Chair of the NERC Board of Trustees and Chief Executive Officer of NERC no later than September 6, 2013, at which point the responses shall be transmitted by the Chair to (i) the Standards Drafting Team for the draft COM Reliability Standard, and publicly posted on the NERC website on the COM Reliability Standard development page, with a request for industry comment and (ii) the Operating Committee, with a request that the Committee review the questions and responses and provide their input to the Board. Presentation: No Duration: 30 minutes Background Items: The three reports will be provided to the OC as they become available. In addition, see OC Agenda Item 6.k. Jim Castle New York ISO (518)
10 Attachment 5.c OC Meeting September 17-18, 2013 NERC Operating Committee Sub-group Status Report Group: Event Analysis Subcommittee (EAS) Purpose: The Event Analysis Subcommittee is a cross-functional group of industry experts that will support and maintain a cohesive and coordinated event analysis (EA) process across North America with industry stakeholders. EAS will support development of lessons learned, promote industry-wide sharing of event causal factors and assist NERC in implementation of related initiatives to lessen reliability risks to the Bulk Electric System. Last Face-to-Face Meeting: June 10, 2103 Location: Atlanta, Ga. Duration: 1 Day Next Meeting: September 16, 2013 Location: Denver, CO Duration: 1 Day Bi-Weekly Conference Calls on Wednesdays from 1100 to 1300 (EDT) Chair: Sam Holeman Duke Energy Vice-Chair: Hassan Hamdar FRCC Pending OC Approval Items: None at this time Key issues for OC Resolution: None at this time Key Issues for OC Information: Event Analysis and Lessons Learned Program at Duke Energy Laura Lee, Manager, System Operations Implementation of Event Analysis Process Version 2 on October 1, 2013 o Summary of Webinar (August 28, 2013) Monitoring and Situational Awareness Conference September 18-19, 2013 in Denver, CO Cold Weather Event Report finalized and on the NERC site under Previous Cold Weather Event Analysis Current Initiatives/ Deliverables: Energy Management System (EMS) event review/summary
11 Future Initiatives/ Deliverables: Attachment 5.c OC Meeting September 17-18, 2013 EMS Event Task Force final report Event Trending Task Force ongoing Lesson Learned accountability model Presentation at the December, 2013 OC meeting from Florida Power and Light EAS will continue to review and address reliability issues that pose a threat and risk to the reliability of the BPS. Information obtained from the review will be shared with the OC and industry. External requests to group: Collaboration meetings being set up with North American Transmission Forum and North American Generator Forum Internal requests to group: PER Ad Hoc Team COM-003 standard development Coordination with Operating Committee on PER Ad Hoc request Coordination with Personnel Subcommittee on PER Ad Hoc request Group s recurring deliverables: EAS continues to manage the ERO Event Analysis Process Document update process Action oriented Lessons Learned posted on NERC website Any NERC Programs Oversight Responsibility for the Group: No Any NERC Document (non-reliability Standard) Responsibility for the Group: ERO Event Analysis Process Document
Agenda Event Analysis Subcommittee Conference Call
Agenda Event Analysis Subcommittee Conference Call October 23, 2013 11:00 a.m. 1:00 p.m. Eastern Ready Talk Conference Call and Web Meeting Information: Dial-In: 1-866-740-1260 Access Code: 6517175 Security
More informationAgenda Event Analysis Subcommittee Conference Call
Agenda Event Analysis Subcommittee Conference Call August 14, 2013 11:00 a.m. 1:00 p.m. Eastern Ready Talk Conference Call and Web Meeting Information: Dial-In: 1-866-740-1260 Access Code: 6517175 Security
More informationPhysical Security Reliability Standard Implementation
Physical Security Reliability Standard Implementation Attachment 4b Action Information Background On March 7, 2014, the Commission issued an order directing NERC to submit for approval, within 90 days,
More informationReliability Standards Development Plan
Reliability Standards Development Plan Steven Noess, Director of Standards Development Standards Oversight and Technology Committee Meeting November 1, 2016 2017-2019 Reliability Standards Development
More informationMember Representatives Committee. Pre-Meeting and Informational Webinar January 16, 2013
Member Representatives Committee Pre-Meeting and Informational Webinar January 16, 2013 Objectives Review preliminary agenda topics for February 6 Member Representatives Committee (MRC) meeting. Review
More informationNERC Event Analysis Update Webinar. Hassan Hamdar Chair, Event Analysis Subcommittee October 20, 2016
NERC Event Analysis Update Webinar Hassan Hamdar Chair, Event Analysis Subcommittee October 20, 2016 Webinar Agenda ERO Event Analysis Process Update Lesson Learned Presentation from Entity ERO Lessons
More informationNew Brunswick 2018 Annual Implementation Plan Version 1
New Brunswick Energy and Utilities Board Reliability Standards, Compliance and Enforcement Program New Brunswick 2018 Annual Implementation Plan Version 1 December 28, 2017 Table of Contents Version History...
More informationNORTH AMERICAN ELECTRIC RELIABILITY CORPORATION
NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION NARUC Energy Regulatory Partnership Program The Public Services Regulatory Commission of Armenia and The Iowa Utilities Board Janet Amick Senior Utility
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 9 Chapter X Security Performance Metrics Background For the past two years, the State of Reliability report has included a chapter for security performance
More informationCompliance Enforcement Initiative
Compliance Enforcement Initiative Filing and Status Update November 2, 2011 Rebecca Michael Status of the Filings NERC filed several components of the Compliance Enforcement Initiative on September 30,
More informationCyber Threats? How to Stop?
Cyber Threats? How to Stop? North American Grid Security Standards Jessica Bian, Director of Performance Analysis North American Electric Reliability Corporation AORC CIGRE Technical Meeting, September
More informationCritical Infrastructure Protection Version 5
Critical Infrastructure Protection Version 5 Tobias Whitney, Senior CIP Manager, Grid Assurance, NERC Compliance Committee Open Meeting August 9, 2017 Agenda Critical Infrastructure Protection (CIP) Standards
More informationprimary Control Center, for the exchange of Real-time data with its Balancing
A. Introduction 1. Title: Reliability Coordination Monitoring and Analysis 2. Number: IRO-002-5 3. Purpose: To provide System Operators with the capabilities necessary to monitor and analyze data needed
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationFRCC Disturbance Reporting Processes and Procedures
Page 1 of 13 FRCC Disturbance Reporting Processes and FRCC RE OP 001-3.2 Effective Date: September 29, 2016 Version: 3.2 3000 Bayport Drive, Suite 600 Tampa, Florida 33607-8410 (813) 289-5644 - Phone (813)
More informationTitle. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.
Critical Infrastructure Protection Getting Low with a Touch of Medium Title CanWEA Operations and Maintenance Summit 2018 January 30, 2018 George E. Brown Compliance Manager Acciona Wind Energy Canada
More informationStandard CIP-006-3c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3c 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 10 Chapter X Security Performance Metrics Background For many years now, NERC and the electricity industry have taken actions to address cyber and physical
More informationGrid Security & NERC
Grid Security & NERC Janet Sena, Senior Vice President, Policy and External Affairs Southern States Energy Board 2017 Associate Members Winter Meeting February 27, 2017 Recent NERC History Energy Policy
More informationAnalysis of CIP-006 and CIP-007 Violations
Electric Reliability Organization (ERO) Compliance Analysis Report Reliability Standard CIP-006 Physical Security of Critical Cyber Assets Reliability Standard CIP-007 Systems Security Management December
More informationHistory of NERC January 2018
History of NERC January 2018 Date 1962 1963 The electricity industry created an informal, voluntary organization of operating personnel to facilitate coordination of the bulk power system in the United
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationCompliance Exception and Self-Logging Report Q4 2014
Agenda Item 5 Board of Trustees Compliance Committee Open Session February 11, 2015 Compliance Exception and Self-Logging Report Q4 2014 Action Information Introduction Beginning in November 2013, NERC
More informationWide-Area Reliability Monitoring and Visualization Tools
OE Visualization and Controls Peer Review Wide-Area Reliability Monitoring and Visualization Tools Carlos Martinez CERTS - Electric Power Group 21 October 2008 Washington, D.C. Presentation Outline Research
More informationNERC Overview and Compliance Update
NERC Overview and Compliance Update Eric Ruskamp Manager, Regulatory Compliance August 17, 2018 1 Agenda NERC Overview History Regulatory Hierarchy Reliability Standards Compliance Enforcement Compliance
More informationUNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION. Foundation for Resilient Societies ) Docket No.
UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION Foundation for Resilient Societies ) Docket No. AD17-9-000 COMMENTS OF THE NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION IN OPPOSITION
More informationERO Enterprise IT Projects Update
ERO Enterprise IT Projects Update Stan Hoptroff, Vice President, Chief Technology Officer and Director of Information Technology Technology and Security Committee Meeting November 6, 2018 Agenda ERO IT
More information1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010
Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes
More informationReliability Compliance Update. Reliability Standards and Compliance Subcommittee Preston Walker August 16, 2018
Reliability Compliance Update Reliability Standards and Compliance Subcommittee Preston Walker August 16, 2018 NERC Standards Under Development Standards Project Action End Date Comment 08/27/2018 Draft
More informationFERC Reliability Technical Conference -- Panel I State of Reliability and Emerging Issues
-- State of Reliability and Emerging Issues Remarks of Thomas Burgess, Vice President and Director, Reliability Assessment and Performance Analysis Chairman Wellinghoff, Commissioners, Staff, and fellow
More informationCyber Security Incident Report
Cyber Security Incident Report Technical Rationale and Justification for Reliability Standard CIP-008-6 January 2019 NERC Report Title Report Date I Table of Contents Preface... iii Introduction... 1 New
More informationCyber Security Standards Drafting Team Update
Cyber Security Standards Drafting Team Update Michael Assante, VP & Chief Security Officer North American Electric Reliability Corp. February 3, 2008 Overview About NERC Project Background Proposed Modifications
More informationTexas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13
Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13 I. Vision A highly reliable and secure bulk power system in the Electric Reliability Council of Texas
More informationUNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION ) )
UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION Cyber Security Incident Reporting Reliability Standards ) ) Docket Nos. RM18-2-000 AD17-9-000 COMMENTS OF THE NORTH AMERICAN ELECTRIC
More informationStandard CIP-006-4c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-4c 3. Purpose: Standard CIP-006-4c is intended to ensure the implementation of a physical security
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationStandards. Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016
Standards Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016 Balancing Authority Reliability-based Controls Reliability Benefits Data requirements for Balancing Authority (BA)
More informationGrid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016
Grid Security & NERC Council of State Governments The Future of American Electricity Policy Academy Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016 1965 Northeast blackout
More informationStandard CIP 007 3a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for
More informationStandard CIP 005 2a Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2a 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)
More informationCritical Cyber Asset Identification Security Management Controls
Implementation Plan Purpose On January 18, 2008, FERC (or Commission ) issued Order. 706 that approved Version 1 of the Critical Infrastructure Protection Reliability Standards, CIP-002-1 through CIP-009-1.
More informationLoss of Control Center Functionality: EOP-008-1, CIP-008-3, CIP September 30, 2014
Loss of Control Center Functionality: EOP-008-1, CIP-008-3, CIP-009-3 September 30, 2014 James Williams Lead Compliance Specialist jwilliams.re@spp.org 501.614.3261 Jeremy Withers Senior Compliance Specialist
More informationProcedure For NPCC Bulk Electric System Asset Database
Procedure For NPCC Bulk Electric System Asset Database Compliance Procedure 09 (CP-09) Revision 2 Table of Contents 1. Introduction and Purpose... 3 2. Responsibilities... 3 3. Overview... 3 4. Asset Database...
More informationStandards Authorization Request Justification
Standards Authorization Request Justification Project 2009-02 Real-time Monitoring and Analysis Capabilities NERC Report Title Report Date 1 of 30 3353 Peachtree Road NE Suite 600, North Tower Atlanta,
More informationStandards Authorization Request Form
Standards Authorization Request Form When completed, email this form to: sarcomm@nerc.com NERC welcomes suggestions to improve the reliability of the bulk power system through improved reliability standards.
More informationStandard CIP 005 4a Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-4a 3. Purpose: Standard CIP-005-4a requires the identification and protection of the Electronic Security Perimeter(s)
More informationUnofficial Comment Form Project Operating Personnel Communications Protocols COM Operating Personnel Communications Protocols
Project 2007-02 Operating Personnel Communications Protocols COM-002-4 Operating Personnel Communications Protocols Please DO NOT use this form. Please use the electronic comment form to submit comments
More informationLesson Learned Initiatives to Address and Reduce Misoperations
Lesson Learned Initiatives to Address and Reduce Misoperations Primary Interest Groups Transmission Owners (TOs) Generator Owners (GOs) Problem Statement A registered entity experienced a high rate of
More informationNovember 9, Revisions to the Violation Risk Factors for Reliability Standards IRO and TOP
!! November 9, 2016 VIA ELECTRONIC FILING Jim Crone Director, Energy Division Manitoba Innovation, Energy and Mines 1200-155 Carlton Street Winnipeg MB R3C 3H8 RE: Revisions to the Violation Risk Factors
More informationBlackout 2003 Reliability Recommendations
Blackout 2003 Reliability Recommendations 2005 NPCC General Meeting The Cranwell Resort Lenox, MA September 29, 2005 Philip A. Fedora Director, Market Reliability Interface Northeast Power Coordinating
More informationCritical Infrastructure Protection Committee Strategic Plan
Critical Infrastructure Protection Committee Strategic Plan 2015-2018 CIPC Executive Committee Updated: December 13, 2016 NERC Report Title Report Date I Table of Contents Preface... iv Executive Summary...
More informationStandard CIP 007 4a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4a 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for
More informationRELIABILITY COMPLIANCE ENFORCEMENT IN ONTARIO
RELIABILITY COMPLIANCE ENFORCEMENT IN ONTARIO June 27, 2016 Training provided for Ontario market participants by the Market Assessment and Compliance Division of the IESO Module 1 A MACD training presentation
More informationCIP Version 5 Evidence Request User Guide
CIP Version 5 Evidence Request User Guide Version 1.0 December 15, 2015 NERC Report Title Report Date I Table of Contents Preface... iv Introduction... v Purpose... v Evidence Request Flow... v Sampling...
More informationStandard COM-002-2a Communications and Coordination
A. Introduction 1. Title: Communication and Coordination 2. Number: COM-002-2a 3. Purpose: To ensure Balancing Authorities, Transmission Operators, and Generator Operators have adequate communications
More informationCritical Infrastructure Protection Committee Strategic Plan
Critical Infrastructure Protection Committee Strategic Plan 2013-2016 CIPC Executive Committee 5/14/2013 3353 Peachtree Road NE Suite 600, North Tower Atlanta, Georgia 30326 404-446-2560 www.nerc.com Table
More informationProject Retirement of Reliability Standard Requirements
Project 2013-02 Retirement of Reliability Standard Requirements Unofficial Comment Form for Paragraph 81 (P81) Project Retirement of Reliability Standard Requirements This form is provided in a Word format
More informationState of Reliability Report 2013
State of Reliability Report 2013 Jessica Bian, Director of Performance Analysis Reliability Assessment and Performance Analysis (RAPA), NERC Risk Issues Steering Committee Meeting, July 11-12, 2013 State
More informationCyber Security Reliability Standards CIP V5 Transition Guidance:
Cyber Security Reliability Standards CIP V5 Transition Guidance: ERO Compliance and Enforcement Activities during the Transition to the CIP Version 5 Reliability Standards To: Regional Entities and Responsible
More informationCYBER SECURITY POLICY REVISION: 12
1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred
More informationNERC Management Response to the Questions of the NERC Board of Trustees on Reliability Standard COM September 6, 2013
NERC Management Response to the Questions of the NERC Board of Trustees on Reliability Standard COM-003-1 September 6, 2013 At the August 14-15, 2013 meeting of the Board of Trustees ( Board ) of the North
More informationEEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,
EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1, 2008 www.morganlewis.com Overview Reliability Standards Enforcement Framework Critical Infrastructure Protection (CIP)
More informationInternal Controls Evaluation (ICE) Processing
Internal Controls Evaluation (ICE) September 28, 2017 RAM-102 3000 Bayport Drive, Suite 600 Tampa, Florida 33607-8411 (813) 289-5644 - Phone (813) 289-5646 Fax www.frcc.com Table of Contents Page 3 of
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationChapter X Security Performance Metrics
DRAFT February 19, 15 BES Security s Working Group Page 1 of 7 Chapter X Security Performance s 1 3 3 3 3 0 Background The State of Reliability 1 report noted that the NERC PAS was collaborating with the
More information2 nd Annual NERC Monitoring and Situational Awareness Conference: FPL s Operational Technology Center
2 nd Annual NERC Monitoring and Situational Awareness Conference: FPL s Operational Technology Center Ed Batalla Director of Grid Control Systems Florida Power & Light Company Sept. 24, 2014 Florida Power
More informationScope Cyber Attack Task Force (CATF)
Scope Cyber Attack Task Force (CATF) PART A: Required for Committee Approval Purpose This document defines the scope, objectives, organization, deliverables, and overall approach for the Cyber Attack Task
More informationDEFINITIONS AND REFERENCES
DEFINITIONS AND REFERENCES Definitions: Insider. Cleared contractor personnel with authorized access to any Government or contractor resource, including personnel, facilities, information, equipment, networks,
More informationStandard Authorization Request Form
Title of Proposed Standard Cyber Security Request Date May 2, 2003 SAR Requestor Information Name Charles Noble (on behalf of CIPAG) Company Telephone SAR Type (Check box for one of these selections.)
More informationNERC-Led Technical Conferences
NERC-Led Technical Conferences NERC s Headquarters Atlanta, GA Tuesday, January 21, 2014 Sheraton Phoenix Downtown Phoenix, AZ Thursday, January 23, 2014 Administrative Items NERC Antitrust Guidelines
More informationERO Reliability Risk Priorities Report. Peter Brandien, RISC Chair Member Representatives Committee Meeting November 1, 2016
ERO Reliability Risk Priorities Report Peter Brandien, RISC Chair Member Representatives Committee Meeting November 1, 2016 RISC s Proposed 2016 Risk Profiles Changing Resource Mix Bulk Power System Planning
More informationIT CONTINUITY, BACKUP AND RECOVERY POLICY
IT CONTINUITY, BACKUP AND RECOVERY POLICY IT CONTINUITY, BACKUP AND RECOVERY POLICY Effective Date May 20, 2016 Cross- Reference 1. Emergency Response and Policy Holder Director, Information Business Resumption
More informationStandards Development Update
Standards Development Update Steven Noess, Director of Standards Development FRCC Reliability Performance Industry Outreach Workshop September 20, 2017 Supply Chain Risk Management 1 Cyber Security Supply
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationDRAFT Risks and Mitigations for Losing EMS Functions
DRAFT Risks and Mitigations for Losing EMS Functions 1.0 Executive Summary Energy Management System (EMS) is a system of computer-aided tools used by System Operators to monitor, control, and optimize
More informationPower System Resilience & Reliability. Robert W. Cummings Senior Director of Engineering and Reliability Initiatives i-pcgrid March 28, 2017
Power System Resilience & Reliability Robert W. Cummings Senior Director of Engineering and Reliability Initiatives i-pcgrid March 28, 2017 NERC, Reliability, & Resilience NERC has addressed reliability
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationAudit and Compliance Committee - Agenda
Audit and Compliance Committee - Agenda Board of Trustees Audit and Compliance Committee April 17, 2018, 1:30 2:30 p.m. President s Board Room Conference Call-In Phone #1-800-442-5794, passcode 463796
More informationCritical Infrastructure Protection Committee Strategic Plan
Critical Infrastructure Protection Committee Strategic Plan 2018-2019 CIPC Executive Committee Updated:xxxxxxxx NERC Report Title Report Date I Table of Contents Preface... iii CIPC Organizational Structure...
More informationCOM Operating Personnel Communications Protocols. October 31, 2013
COM-002-4 Operating Personnel Communications Protocols October 31, 2013 Agenda Introductory Remarks: Mark Lauby Project 2007 02 Background COM 002 4 Requirements Implementation Plan Compliance VSL/VRF
More informationSupplemental Information
Retirement of NPCC Directory# 3 Supplemental Information On April 1, 2015, NPCC Directory# 3 was retired upon the effective date of PRC-005-2 Protection System Maintenance which is subject to a 12 year
More informationProject Posting 8 Frequently Asked Questions Guide
Project 2007-02 Posting 8 Frequently Asked Questions Guide General Questions 1. What were the inputs that drove the development of posting 8 of Project 2007-02? The NERC Board of Trustees November 7 th,
More informationStandard CIP Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)
More informationImplementing Cyber-Security Standards
Implementing Cyber-Security Standards Greg Goodrich TFIST Chair, CISSP New York Independent System Operator Northeast Power Coordinating Council General Meeting Montreal, QC November 28, 2012 Topics Critical
More informationHistory of NERC August 2013
History of NERC August 2013 Timeline Date 1962 1963 November 9, 1965 1967 1967 1968 June 1, 1968 July 13 14, 1977 1979 Description The electricity industry creates an informal, voluntary organization of
More informationGamma Service Incident Report Final 18/9/14
Gamma Service Report Final 18/9/14 Broadband Service Please read the following as it could have an impact on some of your customers. Reference: Start Date: Start Time: Actual Clear Date: Actual Clear Time:
More informationCIP Version 5 Transition. Steven Noess, Director of Compliance Assurance Member Representatives Committee Meeting November 12, 2014
CIP Version 5 Transition Steven Noess, Director of Compliance Assurance Member Representatives Committee Meeting November 12, 2014 Purpose of the Transition Program Transitioning entities confident in
More informationQuébec Reliability Standards Compliance Monitoring and Enforcement Program Implementation Plan Annual Implementation Plan
Québec Reliability Standards Compliance Monitoring and Enforcement Program Implementation Plan 2017 Annual Implementation Plan Effective Date: January 1, 2017 Approved by the Régie: December 1, 2016 Table
More informationModifications to TOP and IRO Standards
Modifications to TOP and IRO Standards Jason Smith, Southwest Power Pool Industry Webinar July 22, 2016 NERC Antitrust Guidelines It is NERC's policy and practice to obey the antitrust laws to avoid all
More informationMeeting Minutes Reliability Metrics Working Group
Meeting Minutes Reliability Metrics Working Group August 18, 2010 2 p.m. 3 p.m. Conference Call Convene Chair William Adams convened the Reliability Metrics Working Group (RMWG) conference call on Aug
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationStandard CIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for securing
More informationNERC Monitoring and Situational Awareness Conference: Loss of Control Center Procedures and Testing Practices
NERC Monitoring and Situational Awareness Conference: Loss of Control Center Procedures and Testing Practices Ed Batalla Director of Technology Florida Power & Light Company September 19, 2013 Florida
More informationERO Enterprise Strategic Planning Redesign
ERO Enterprise Strategic Planning Redesign Mark Lauby, Senior Vice President and Chief Reliability Officer Member Representatives Committee Meeting February 10, 2016 Strategic Planning Redesign Current
More informationReliability Coordinator Procedure PURPOSE... 1
No. RC0550 Restriction: Table of Contents PURPOSE... 1 1. RESPONSIBILITIES... 2 1.1.1. CAISO RC... 2 1.1.2. RC Working Groups... 2 1.1.3. Operationally Affected Parties... 2 1.1.4. RC Oversight Committee...
More informationNYS DFS Cybersecurity Requirements. Stephen Head Senior Manager Risk Advisory Services
NYS DFS Cybersecurity Requirements Stephen Head Senior Manager Risk Advisory Services December 5, 2017 About Me Stephen W. Head Mr. Head is a Senior Manager with Experis Finance, and has over thirty-five
More informationStandard CIP 004 3a Cyber Security Personnel and Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-3a 3. Purpose: Standard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access
More informationDRAFT. Standard 1300 Cyber Security
These definitions will be posted and balloted along with the standard, but will not be restated in the standard. Instead, they will be included in a separate glossary of terms relevant to all standards
More information