Potential CIP decision tree for PMUs
|
|
- Lorraine Cain
- 5 years ago
- Views:
Transcription
1 Potential CIP decision tree for PMUs Questions Is the PMU used to control and/or protect high or medium classified BES equipment? If Yes, device should be classified CIP JDK Comments If any type of automated control is associated with the data or device then it makes sense that is should be classified as CIP. Dual function devices fall under CIP if the box has a protection function. Does the loss, degradation, or misuse of the synchrophasor data supplied by a PMU for greater than 15 minutes impact reliable operation of the BES? If Yes, device should be classified CIP Will the data be used by the PMU owner to make real time operational decisions within 15 minutes? If Yes and synchrophasor data will be only input in the decision making process then the device should be classified as CIP If Yes but other data sources exist that will be used to validate the data before any decisions have been made then continue Will the data be used by others (RCs, TOPs, Bas, etc..) to make real time operational decisions within 15 minutes? If Yes and synchrophasor data will be only input in the decision making process then the device should be classified as CIP If Yes but other data sources exist that will be used to validate the data before any decisions have been made then continue Will the synchrophasor data be used as an input to a state estimation application? If Yes and the loss, degradation, or misuse of the data could affect the state estimator s ability to solve then the device should be classified as CIP If Yes and the loss, degradation, or misuse of the data would not affect the state estimator s ability to solve then continue Will the synchrophasor data be used as part of situational awareness tools? Is the synchrophasor data planned to be used as part of the owner s restoration or recovery plans? If Yes and the loss of SCADA\EMS functionality is assumed such that synchrophasor data would be the sole source of information then the device should be classified as CIP If Yes and SCADA/EMS functionality is assumed and restoration and recovery would not be available in a synchrophasor only scenario then continue If No then continue If we can t survive 15 minutes without any data then I assume it should be classified as CIP If we say it is isn t CIP if other data is used to make the decision how do people track that to prove they were compliant? Might be easier to just treat it as CIP so there aren t any questions. Need to make sure the story matches how you classify the data. Can other entities force CIP status on an owner s device? Probably yes. If the data is being used for reliability purposes by others, should it be CIP and protected as such? Probably yes. Entities should be able to configure their SE applications to minimize the impacts of bad data so this should not be an issue. SE s job is to identify bad data. It depends on criticality of the input data Most entities argue that video walls/situational awareness tools are not critical to real time operations Are there other scenarios where synchrophasor data and applications will be used to operate when EMS is lost? Need to better define scope of restoration during a hurricane type event restoration may occur over days/weeks
2 Is the data used to support a Linear State Estimator [LSE] application that could be used to support the operation of BES facilities for the loss of traditional SE? If Yes, device should be classified CIP I m not sure the use of LSE without SE should force treatment as CIP.
3 Supporting Information A BES cyber asset includes in its definition, that if rendered unavailable, degraded, or misused would, within 15 minutes adversely impact the reliable operation of the BES. BES Reliability Functions - From (CIP a Cyber Security BES Cyber System Categorization) The following table provides guidance that a Responsible Entity may use to identify the BES Cyber Systems that would be in scope. The concept of BES reliability operating service is useful in providing Responsible Entities with the option of a defined process for scoping those BES Cyber Guidelines and Technical Basis Systems that would be subject to CIP a. The concept includes a number of named BES reliability operating services:
4 Question Groupings How is synchrophasor data different than SCADA data? I ve got a meter (SCADA point) and that s not classified as CIP How does the classification work for other EMS sources (all SCADA data)? Stand-alone devices that are (just) meters. It depends on the use of the data David Schooley: In terms of CIP requirements, how is PMU data different than SCADA data? MISO: From the MISO DOE project, the approach to CIP requirements for PMU data is that it should be treated the same as RTU data. What are the requirements for CIP for RTU data today? Once this is understood, then how do we extend this to synchrophasor data. What can we use synchrophasor data for without bringing CIP into the discussion? Time horizon of actions is critical in determination of CIP What happens when PMU data is one of many sources of data? Ryan Nice question on using PMU data as one of multiple sources PMUs on the control room screen(s) but no operating procedures existing just a situational awareness display only (call Ops support for further analysis) utilities are NOT classifying this as CIP o Like weather data o How do you prove that you DIDN T do anything within the timeframes (15 minutes) o Does that need to be proved that you DIDN T do anything with that data? Or would just showing that the operating procedure to make decisions does not include the data? ISO-NE: PMU data as a sole source: if the operators see an oscillation from PMU data and called operations support to confirm. However, if operations support also only has PMU data to use, assuming SCADA data didn t capture the oscillation, which is quite often, would they be able to suggest any actions within 15 minutes based on this sole data source? And in this situation, would the PMU system be required to be CIP? ISO-NE: PMU data as a tipoff: if the operators see oscillations from PMU data; however before taking any actions, they called the plant to verify. And if plant staff verified the oscillation using their internal high-sampling-rate data, would the operators be able to take actions based on the plant feedback? In this case, does the PMU system need to be CIP compliant? What if the plant couldn t verify yet PMU data clearly shows a dangerous and worsening situation (sole source situation)? If an oscillation is identified on the non-cip screen, the action is to call the Ops support and they re using PMU data to make that determination on actions, what s the classification? o Is it CIP if step is to call the plant and coordinate? o Is it CIP if step does not include calling the plant? We would like to allow the Operators to start viewing the data in the control room. If we enable synchrophasor data on control room screen(s) just for situational awareness are the source PMUs considered to be CIP devices? o Concerns that if we force CIP classification too soon it will keep people from introducing the technology to the control room where operations personnel can start to derive value
5 Costs Many comments on the costs associated with moving assets to the CIP environment Do we have a way to compute a per-unit/per-device average cost to CIP-ify a PMU (which would cover the end-to-end infrastructure)? Making a station with no high-speed communications a CIP station because of a PMU huge cost Peak: As Synchrophasor applications is supplemental means to RC function i.e. Operation can live with lower tool availability and server redundancy, compared to real-time EMS tools, can utility apply less strict CIP compliance standards than the current EMS software? If so, the cost of Synchrophasor technology implementation in control room will be reduced significantly. State Estimator Impacts State estimator? Is every SCADA point that s fed into the state estimator considered a CIP asset? If so, does that same concept hold for PMUs? If that concept is not the case, then why would it hold for PMUs? For state estimators, PJM makes an assessment on how impactful the measurements are and that s considered in the determination of whether the assets are CIP Impacts if others use data for real time decision making PJM CIP expert stated that they can only make determination of their own CIP systems, but can t enforce other entities to require their assets to be CIP. Is this the case? What if PJM is making real-time decisions using that data? How is that gap bridged? CIP classification in TO/RTO paradigm o What if the RTO is (wanting to) using PMU data for decision How does the CIP classification work in the RTO environment as a complete CIP system? If the RTO is using the data for real-time decisions, how does the classification at the TO level happen? If an oscillation is identified on the non-cip screen, the action is to call the Ops support and they re using PMU data to make that determination on actions, what s the classification? o Step is to call the plant and coordinate o Step does not include calling the plant and ISO-NE: o External PMU data: if an entity were to integrate external PMU data into its operating systems and use them for operational use, would that data also be required to be CIP compliant? Would that entity need written assurances from the data owner for guaranteed CIP and/or confidence for operational use?
6 Other Will it take a regulatory requirement to move PMUs into CIP? Floyd Galvan, Entergy Lisa Beard: What are the most vulnerable parts of PMU systems (end to end)? Can we prioritize how we spend resources to protect our investments? If not now, when do we think the timeframe will be for using synchrophasors for operational decision making? According to the FERC-NERC-Regional Entity Joint Review of Restoration and Recovery Plans Planning Restoration Absent SCADA or EMS (PRASE) report, the committee recommends having phasor SE and produces one-line display to operators during system restorations. The use of PMU data as a backup data source absent SCADA/EMS during system restoration or normal operations also raises the CIP compliance question. Frankie Dominion devices are CIP, central devices (PDCs) are not CIP. Two separate environments for CIP and non-cip (depending on if data is coming from CIP device (relay) or non-cip device (DFR). PJM bulletin on CIP compliance for PMUs (compliance bulletin #19). Should we dig deeper into this? EPG: CIP requirements for cloud deployment of WAMS, simulation software, etc. How to deal with these? Medium vs. high impact stations and how does that play into the determination of CIP? o Going to vary a lot based on interpretation of requirements, internal controls, etc. o Depends on retrofit vs. initial implementation (e.g., cabinet with card reader) SPP: Based on the SMS CIP discussion today, I wanted to pass along our PMU Members Planning document which contains a CIP Considerations section. This is still a draft document and it is slated to be reviewed by the SPP Reliability Compliance Working Group in June. As the disclaimer states, this is being developed only to help our TOs better understand the related CIP standards and help provide them with additional information. This document should count for at least one question for Mike and I. :)
7
8
Lesson Learned CIP Version 5 Transition Program CIP : Communications and Networking Cyber Assets Version: October 6, 2015
Lesson Learned CIP Version 5 Transition Program CIP-002-5.1: Communications and Networking Cyber Assets Version: October 6, 2015 Authorized by the Standards Committee on October 29, 2015 for posting as
More informationCIP V5 Implementation Study SMUD s Experience
CIP V5 Implementation Study SMUD s Experience Tim Kelley October 16, 2014 Powering forward. Together. SMUD Fast Facts General Information SMUD employs approximately 2,000 individuals Service area of 900
More informationSummary of FERC Order No. 791
Summary of FERC Order No. 791 On November 22, 2013, the Federal Energy Regulatory Commission ( FERC or Commission ) issued Order No. 791 adopting a rule that approved Version 5 of the Critical Infrastructure
More informationNB Appendix CIP NB-0 - Cyber Security Recovery Plans for BES Cyber Systems
This appendix establishes modifications to the FERC approved NERC standard CIP-009-6 for its specific application in New Brunswick. This appendix must be read with CIP-009-6 to determine a full understanding
More informationPurpose. ERO Enterprise-Endorsed Implementation Guidance
Lesson Learned CIP Version 5 Transition Program CIP-002-5.1 Requirement R1: Impact Rating of Generation Resource Shared BES Cyber Systems Version: January 29, 2015 Authorized by the Standards Committee
More informationTitle. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.
Critical Infrastructure Protection Getting Low with a Touch of Medium Title CanWEA Operations and Maintenance Summit 2018 January 30, 2018 George E. Brown Compliance Manager Acciona Wind Energy Canada
More informationUNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION ) )
UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION Version 5 Critical Infrastructure Protection Reliability Standards ) ) Docket No. RM13-5- INFORMATIONAL FILING OF THE NORTH AMERICAN
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Worksheet 1 CIP-002-5.1 Cyber Security BES Cyber System Categorization This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered Entity: NCR
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014
Federal Energy Regulatory Commission Order No. 791 June 2, 2014 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently proposed
More informationCyber Threats? How to Stop?
Cyber Threats? How to Stop? North American Grid Security Standards Jessica Bian, Director of Performance Analysis North American Electric Reliability Corporation AORC CIGRE Technical Meeting, September
More informationPJM Interconnection Smart Grid Investment Grant Update
PJM Interconnection Smart Grid Investment Grant Update Bill Walker walkew@pjm.com NASPI Work Group Meeting October 12-13, 2011 Acknowledgment: "This material is based upon work supported by the Department
More informationNorth American SynchroPhasor Initiative (NASPI) Overview
North American SynchroPhasor Initiative (NASPI) Overview Data Exchange Panel ipcgrid 2013 hosted by Pacific Gas & Electric March 28, 2013 Jeff Dagle, PE Chief Electrical Engineer Advanced Power and Energy
More informationCyber Attacks on Energy Infrastructure Continue
NERC Cybersecurity Compliance Stephen M. Spina February 26, 2013 www.morganlewis.com Cyber Attacks on Energy Infrastructure Continue According to DHS, the energy sector was the focus of 40% of the reported
More informationNB Appendix CIP NB-0 - Cyber Security Personnel & Training
This appendix establishes modifications to the FERC approved NERC standard CIP-004-5.1 for its specific application in New Brunswick. This appendix must be read with CIP-004-5.1 to determine a full understanding
More informationDRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1
DRAFT Cyber Security Communications between Control Centers Technical Rationale and Justification for Reliability Standard CIP-012-1 March May 2018 NERC Report Title Report Date I Table of Contents Preface...
More informationLesson Learned CIP Version 5 Transition Program CIP : Communications and Networking Cyber Assets Draft Version: August 18, 2015
Lesson Learned CIP Version 5 Transition Program CIP-002-5.1: Communications and Networking Cyber Assets Draft Version: August 18, 2015 This document is designed to convey lessons learned from NERC s various
More informationStandard CIP Cyber Security Critical Cyber As s et Identification
A. Introduction 1. Title: Cyber Security Critical Cyber Asset Identification 2. Number: CIP-002-4 3. Purpose: NERC Standards CIP-002-4 through CIP-009-4 provide a cyber security framework for the identification
More informationLesson Learned CIP Version 5 Transition Program
Lesson Learned CIP Version 5 Transition Program CIP-002-5: BES Cyber Assets Version: December 7, 2015 This document is designed to convey lessons learned from NERC s various CIP version 5 transition activities.
More informationStandard Development Timeline
CIP-002-6 Cyber Security BES Cyber System Categorization Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the
More informationCyber Security Reliability Standards CIP V5 Transition Guidance:
Cyber Security Reliability Standards CIP V5 Transition Guidance: ERO Compliance and Enforcement Activities during the Transition to the CIP Version 5 Reliability Standards To: Regional Entities and Responsible
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationCIP V5 Updates Midwest Energy Association Electrical Operations Conference
CIP V5 Updates Midwest Energy Association Electrical Operations Conference May 2015 Bob Yates, CISSP, MBA Principal Technical Auditor ReliabilityFirst Corporation Agenda Cyber Security Standards Version
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015
Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently
More informationStandard CIP Cyber Security Critical Cyber As s et Identification
A. Introduction 1. Title: Cyber Security Critical Cyber Asset Identification 2. Number: CIP-002-4 3. Purpose: NERC Standards CIP-002-4 through CIP-009-4 provide a cyber security framework for the identification
More informationFrequently Asked Questions November 25, 2014 CIP Version 5 Standards
Frequently Asked Questions November 25, 2014 CIP Version 5 Standards This document provides answers to questions asked by entities as they transition to the CIP Version 5 Standards. The questions are listed
More informationCIP Standards Update. SANS Process Control & SCADA Security Summit March 29, Michael Assante Patrick C Miller
CIP Standards Update SANS Process Control & SCADA Security Summit March 29, 2010 Michael Assante Patrick C Miller Background FERC s Cyber Security Order 706 directed extensive modifications of CIP-002
More informationDisclaimer Executive Summary Introduction Overall Application of Attachment Generation Transmission...
CIP-002-4 Cyber Security Critical Cyber Asset Identification Rationale and Implementation Reference Document September, 2010 Table of Contents TABLE OF CONTENts Disclaimer... 3 Executive Summary... 4 Introduction...
More informationNORTH AMERICAN ELECTRIC RELIABILITY CORPORATION
NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION NARUC Energy Regulatory Partnership Program The Public Services Regulatory Commission of Armenia and The Iowa Utilities Board Janet Amick Senior Utility
More informationNASPI Reliability Coordinator Data Quality Survey Summary. Alison Silverstein NASPI Project Manager March 21, 2016
NASPI Reliability Coordinator Data Quality Survey Summary Alison Silverstein NASPI Project Manager March 21, 2016 Overview Improving data quality is essential to assure that synchrophasor technology can
More informationAlarming and Operations of openpdc at ISO-NE
A U G 1 4, 2 0 1 3 A T L A N T A, G A Alarming and Operations of openpdc at ISO-NE Qiang Frankie Zhang, Patrick Pentz (Developer) Outline Project Overview Project Status Development Challenges Discussion
More informationprimary Control Center, for the exchange of Real-time data with its Balancing
A. Introduction 1. Title: Reliability Coordination Monitoring and Analysis 2. Number: IRO-002-5 3. Purpose: To provide System Operators with the capabilities necessary to monitor and analyze data needed
More informationCIP Cyber Security Standards. Development Update
CIP Cyber Security Standards Development Update John Lim Consolidated Edison Co. of New York Rob Antonishen Ontario Power Generation September 21-22, 2010 1 Disclaimer This NPCC TFIST workshop provides
More informationNERC Management Response to the Questions of the NERC Board of Trustees on Reliability Standard COM September 6, 2013
NERC Management Response to the Questions of the NERC Board of Trustees on Reliability Standard COM-003-1 September 6, 2013 At the August 14-15, 2013 meeting of the Board of Trustees ( Board ) of the North
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationNew Brunswick 2018 Annual Implementation Plan Version 1
New Brunswick Energy and Utilities Board Reliability Standards, Compliance and Enforcement Program New Brunswick 2018 Annual Implementation Plan Version 1 December 28, 2017 Table of Contents Version History...
More informationTOP-010-1(i) Real-time Reliability Monitoring and Analysis Capabilities
A. Introduction 1. Title: Real-time Reliability Monitoring and Analysis Capabilities 2. Number: TOP-010-1(i) 3. Purpose: Establish requirements for Real-time monitoring and analysis capabilities to support
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationStandard Development Timeline
CIP-002-6 Cyber Security BES Cyber System Categorization Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the
More informationrequirements in a NERC or Regional Reliability Standard.
CIP 002 5.1 Cyber Security BES Cyber System Categorization A. Introduction 1. Title: Cyber Security BES Cyber System Categorization 2. Number: CIP 002 5.1 3. Purpose: To identify and categorize BES Cyber
More informationCybersecurity for the Electric Grid
Cybersecurity for the Electric Grid Electric System Regulation, CIP and the Evolution of Transition to a Secure State A presentation for the National Association of Regulatory Utility Commissioners March
More informationImplementation Plan. Project CIP Version 5 Revisions. January 23, 2015
Implementation Plan Project 2014-02 CIP Version 5 Revisions January 23, 2015 This Implementation Plan for the Reliability Standards developed as part of Project 2014-02 CIP Version 5 Revisions replaces
More informationMISO. Smart Grid Investment Grant Update. Kevin Frankeny NASPI Workgroup Meeting October 17-18, 2012
MISO Smart Grid Investment Grant Update Kevin Frankeny kfrankeny@misoenergy.org NASPI Workgroup Meeting October 17-18, 2012 ARRA Disclaimer "This report was prepared as an account of work sponsored by
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationLow Impact Generation CIP Compliance. Ryan Walter
Low Impact Generation CIP Compliance Ryan Walter Agenda Entity Overview NERC CIP Introduction CIP-002-5.1, Asset Classification What Should Already be Done CIP-003-7, Low Impact Requirements Tri-State
More informationStrategy Consulting Digital Technology Operations. Transmission Distribution SCADA Separation 2017 EMMOS Conference
Strategy Consulting Digital Technology Operations Transmission Distribution SCADA Separation 2017 EMMOS Conference SCADA for Electric Utility Operations The SCADA platform is at the heart of Electric Utility
More informationCritical Cyber Asset Identification Security Management Controls
Implementation Plan Purpose On January 18, 2008, FERC (or Commission ) issued Order. 706 that approved Version 1 of the Critical Infrastructure Protection Reliability Standards, CIP-002-1 through CIP-009-1.
More informationPhysical Security Reliability Standard Implementation
Physical Security Reliability Standard Implementation Attachment 4b Action Information Background On March 7, 2014, the Commission issued an order directing NERC to submit for approval, within 90 days,
More informationImplementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015
Implementation Plan Project 2014-02 CIP Version 5 Revisions January 23, 2015 This Implementation Plan for the Reliability Standards developed as part of Project 2014 02 CIP Version 5 Revisions replaces
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationInformation Technology Branch Organization of Cyber Security Technical Standard
Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:
More informationImproving data quality in PSE&G s synchrophasor network PING YE PHD PSE&G ZACHARY HARDING PSE&G (IBRIDGE)
Improving data quality in PSE&G s synchrophasor network PING YE PHD PSE&G ZACHARY HARDING PSE&G (IBRIDGE) Synchrophasors at PSE&G PJM SynchroPhasor Project ~Circa 2008 DOE PJM AEP AP BGE ComEd DOM DUQ
More informationCIP Cyber Security Configuration Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationLesson Learned CIP Version 5 Transition Program
Lesson Learned CIP Version 5 Transition Program CIP-002-5: BES Cyber Assets Version: September 9, 2015 This document is designed to convey lessons learned from NERC s various CIP version 5 transition activities.
More informationCIP Cyber Security Critical Cyber Asset Identification. Rationale and Implementation Reference Document
CIP-002-4 Cyber Security Critical Cyber Asset Identification Rationale and Implementation Reference Document NERC Cyber Security Standards Drafting Team for Order 706 December 2010 This document provides
More informationNERC-Led Technical Conferences
NERC-Led Technical Conferences NERC s Headquarters Atlanta, GA Tuesday, January 21, 2014 Sheraton Phoenix Downtown Phoenix, AZ Thursday, January 23, 2014 Administrative Items NERC Antitrust Guidelines
More informationThreat and Vulnerability Assessment Tool
TABLE OF CONTENTS Threat & Vulnerability Assessment Process... 3 Purpose... 4 Components of a Threat & Vulnerability Assessment... 4 Administrative Safeguards... 4 Logical Safeguards... 4 Physical Safeguards...
More informationCategorizing Cyber Systems
Categorizing Cyber Systems An Approach Based on BES Reliability Functions NERC Cyber Security Standards Drafting Team for Order 706 06/15/2009 Team CATEGORIZING CYBER SYSTEMS: AN APPROACH BASED ON IMPACT
More informationJim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas
Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas Facts expressed in this presentation are Facts Opinions express in this presentation are solely my own The voices I
More informationPJM Interconnection Smart Grid Investment Grant Update
PJM Interconnection Smart Grid Investment Grant Update Bill Walker walkew@pjm.com NASPI Work Group Meeting October 22-24, 2013 Acknowledgment: "This material is based upon work supported by the Department
More informationOPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith
OPUC Workshop March 13, 2015 Cyber Security Electric Utilities Portland General Electric Co. Travis Anderson Scott Smith 1 CIP Version 5 PGE Implementation Understanding the Regulations PGE Attended WECC
More informationCIP Cyber Security Recovery Plans for BES Cyber Systems
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationGUIDE. MetaDefender Kiosk Deployment Guide
GUIDE MetaDefender Kiosk Deployment Guide 1 SECTION 1.0 Recommended Deployment of MetaDefender Kiosk(s) OPSWAT s MetaDefender Kiosk product is deployed by organizations to scan portable media and detect
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationModifications to TOP and IRO Standards
Modifications to TOP and IRO Standards Jason Smith, Southwest Power Pool Industry Webinar July 22, 2016 NERC Antitrust Guidelines It is NERC's policy and practice to obey the antitrust laws to avoid all
More informationDraft CIP Standards Version 5
Draft CIP Standards Version 5 Technical Webinar Part 1 Project 2008-06 Cyber Security Order 706 Standards Drafting Team November 15, 2011 Agenda Opening Remarks John Lim, Consolidated Edison, Chair V5
More informationCIP Cyber Security Recovery Plans for BES Cyber Systems
A. Introduction 1. Title: Cyber Security Recovery Plans for BES Cyber Systems 2. Number: CIP-009-6 3. Purpose: To recover reliability functions performed by BES Cyber Systems by specifying recovery plan
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationCISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager.
Course Outline CISM - Certified Information Security Manager 20 Nov 2017 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led
More informationInternal Controls Evaluation (ICE) Tony Eddleman, P.E. NERC Compliance Manager Nebraska Public Power District
Internal Controls Evaluation (ICE) Tony Eddleman, P.E. NERC Compliance Manager Nebraska Public Power District 2 Topics NPPD Overview Reliability Controls NPPD Internal Control Evaluation (ICE) Sample Controls
More informationAnalysis of CIP-006 and CIP-007 Violations
Electric Reliability Organization (ERO) Compliance Analysis Report Reliability Standard CIP-006 Physical Security of Critical Cyber Assets Reliability Standard CIP-007 Systems Security Management December
More informationViolation Risk Factor and Violation Severity Level Justifications Project Modifications to CIP Standards
Violation Risk Factor and Violation Severity Level Justifications Project 2016-02 Modifications to CIP Standards This document provides the standard drafting team s (SDT s) justification for assignment
More informationCISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager. 22 Mar
Course Outline CISM - Certified Information Security Manager 22 Mar 2019 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationStandard CIP 007 4a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4a 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for
More informationConcept White Paper. Concepts for Proposed Content of Eventual Standard(s) for Project : Real-Time Monitoring and Analysis Capabilities
Concept White Paper Concepts for Proposed Content of Eventual Standard(s) for Project 2009-02: Real-Time Monitoring and Analysis Capabilities Real-time Monitoring and Analysis Capabilities Standard Drafting
More informationManchester Metropolitan University Information Security Strategy
Manchester Metropolitan University Information Security Strategy 2017-2019 Document Information Document owner Tom Stoddart, Information Security Manager Version: 1.0 Release Date: 01/02/2017 Change History
More informationCritical Infrastructure Protection (CIP) Version 5 Revisions. Standard Drafting Team Update Industry Webinar September 19, 2014
Critical Infrastructure Protection (CIP) Version 5 Revisions Standard Drafting Team Update Industry Webinar September 19, 2014 Administrative Items NERC Antitrust Guidelines It is NERC s policy and practice
More informationCIP Standards Development Overview
CIP Standards Development Overview CSSDTO706 Meeting with FERC Technical Staff July 28, 2011 Objectives Historical Timeline CIP-002-4 CIP-005-4 CIP Version 5 2 Project 2008-06 Overview FERC Order 706 SDT
More informationNERC and Regional Coordination Update
NERC and Regional Coordination Update Mark Kuras Sr. Lead Engineer, NERC and Regional Coordination Planning Committee April 7, 2016 NERC Standards Under Development Standards Project Activity Due Date
More informationThis section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft
More informationGridEx IV Initial Lessons Learned and Resilience Initiatives
GridEx IV Initial Lessons Learned and Resilience Initiatives LeRoy T. Bunyon, MBA, CBCP Sr. Lead Analyst, Business Continuity 2017 GridEx IV GridEx is a NERC-sponsored, North American grid resilience exercise
More informationCIP Cyber Security Personnel & Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-6 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the Bulk Electric
More informationStandards Authorization Request Form
Standards Authorization Request Form When completed, email this form to: sarcomm@nerc.com NERC welcomes suggestions to improve the reliability of the bulk power system through improved reliability standards.
More informationNERC Monitoring and Situational Awareness Conference: Loss of Control Center Procedures and Testing Practices
NERC Monitoring and Situational Awareness Conference: Loss of Control Center Procedures and Testing Practices Ed Batalla Director of Technology Florida Power & Light Company September 19, 2013 Florida
More informationCIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security System Security Management 2. Number: CIP-007-5 3. Purpose: To manage system security by specifying select technical, operational, and procedural requirements in
More informationUnofficial Comment Form Project Operating Personnel Communications Protocols COM Operating Personnel Communications Protocols
Project 2007-02 Operating Personnel Communications Protocols COM-002-4 Operating Personnel Communications Protocols Please DO NOT use this form. Please use the electronic comment form to submit comments
More informationProject Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives
Project 2014-02 - Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives Violation Risk Factor and Justifications The tables
More informationCritical Asset Identification Methodology. William E. McEvoy Northeast Utilities
Critical Asset Identification Methodology William E. McEvoy Northeast Utilities Disclaimer This NPCC TFIST workshop provides a forum for the presentation and discussion of member experience in the implementation
More informationGrid Protection Alliance NYISO 2010 Smart Grid Vendor Forum. December 9, 2010
Grid Protection Alliance NYISO 2010 Smart Grid Vendor Forum December 9, 2010 1 Who is GPA? A not-for-profit corporation to support the utility industry The Grid Solutions Division of GPA is an open-source
More informationImplementing Cyber-Security Standards
Implementing Cyber-Security Standards Greg Goodrich TFIST Chair, CISSP New York Independent System Operator Northeast Power Coordinating Council General Meeting Montreal, QC November 28, 2012 Topics Critical
More informationTechnical Questions and Answers CIP Version 5 Standards Version: June 13, 2014
Technical s and s CIP Version 5 Standards Version: June 13, 2014 This document is designed to convey lessons learned from NERC s various activities. It is not intended to establish new requirements under
More informationRecommended Guidelines for NERC CIP Compliance for Synchrophasor Systems
PNNL-27062 / NASPI-2017-TR-006 Prepared for the U.S. Department of Energy Under Contract DE-AC05-76RL01830 Recommended Guidelines for NERC CIP Compliance for Synchrophasor Systems SR Mix H Kirkham A Silverstein
More information2012 EMS User's Group. MISO Synchrophasor Project
2012 EMS User's Group MISO Synchrophasor Project Dan s Background My primary focus has been centered around developing custom applications for energy companies. Illinois Power (10 years) Clinton Nuclear
More informationRKNEAL Verve Security Center Supports Effective, Efficient Cybersecurity Management
ARC VIEW OCTOBER 27, 2016 RKNEAL Verve Security Center Supports Effective, Efficient Cybersecurity Management By Sid Snitkin Keywords Industrial Cybersecurity Management Solutions, RKNEAL Verve Security
More informationJim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas
Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas Facts expressed in this presentation are Facts Opinions express in this presentation are solely my own The voices I
More information2017 MRO Performance Areas and an Update on Inherent Risk Assessments
MIDWEST RELIABILITY ORGANIZATION 2017 MRO Performance Areas and an Update on Inherent Risk Assessments Adam Flink, Risk Assessment and Mitigation Engineer November 16, 2016 Improving RELIABILITY and mitigating
More informationLesson Learned CIP Version 5 Transition Program CIP R1: Grouping BES Cyber Assets Version: September 8, 2015
Lesson Learned CIP Version 5 Transition Program CIP-002-5.1 R1: Grouping BES Cyber Assets Version: September 8, 2015 This document is designed to convey lessons learned from NERC s various CIP version
More informationStandard CIP 005 4a Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-4a 3. Purpose: Standard CIP-005-4a requires the identification and protection of the Electronic Security Perimeter(s)
More informationStandard CIP Cyber Security Security Management Controls
A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-4 3. Purpose: Standard CIP-003-4 requires that Responsible Entities have minimum security management controls in
More information