Peter J. Buerling Director, Records & Information Compliance. ReliabilityFirst Workshop April 15, 2016
|
|
- Primrose Morton
- 5 years ago
- Views:
Transcription
1 Peter J. Buerling Director, Records & Information Compliance April 15, 2016
2 Opening Comments Presentation Topic Disclaimer Presentation Support Introductions Mark Koziel Consultant, CIP Compliance Don Morrison Manager, Asset Operations 2
3 FirstEnergy Facts at a Glance Headquartered in Akron, Ohio Among the largest investor-owned electric systems in the U.S. 6 million customers More than $52 billion in assets $15 billion in annual revenues 15,800 employees All data as of Dec. 31,
4 FE Service Territories 10 Operating Companies Ohio Edison The Illuminating Company Toledo Edison Penn Power Met-Ed Penelec Jersey Central Power & Light West Penn Power MonPower Potomac Edison Potomac Edison VA Transmission Zone 4
5 FE Transmission System FirstEnergy s transmission systems are located in the PJM region. PJM is the Regional Transmission Organization (RTO) and is the registered TOP, RC and BA FirstEnergy transmission systems are operated within the ReliabilityFirst (RF) Regional Reliability Organization territory All-time coincident peak load: FirstEnergy reached 35,346 MW on July 21, 2011 Voltage Levels Miles 765 kv *N/A 500 kv 1, kv 1, kv 1, kv 7, kv 1,904 * FEU has one 765 kv transformer tie into the AEP 765kV system 5
6 FirstEnergy Diverse Generating Sources Overview Supercritical Coal 8,072 MW Subcritical Coal 1,334 Fully Regulated Nuclear 4,048 Partially Regulated Map excludes 99 MW of wind output in IL * Includes generation from nominal gas/oil units not shown on map Updated as of Feb. 16, % 8% 24% 11% 9% Gas/Oil 1,592 Renewable 1,906 Hydro 1,410 Wind 476 Solar 20 Total 16,952 MW ** * 6
7 Compliance Ownership and Oversight Executive Reliability Steering Committee Compliance Oversight FERC Compliance Contact to External Regulatory Groups Compliance Ownership Operations Leadership Business Units Review of Standards Develop & Communicate Compliance Policies Facilitate Compliance Process Development Independent Audit Controls & Measures FERC Compliance Responsible for independent oversight of compliance with NERC Reliability Standards Business Units Responsible for compliance with NERC Reliability Standards via process, procedures, training, etc. Compliance Champion Contact /liaison with FERC Compliance and responsible to assist business units in managing and providing BU oversight for all NERC applicable Reliability Standards Compliance Champions Follow Compliance Policies & Programs Develop BU Supporting Processes & Procedures Conduct BU Training & Testing Collect and Retain BU Documents & Reports Coordinate Site and Master CIP List 7
8 Executive Reliability Steering Committee Fossil/ Generation IT Infrastructure Corporate Security FirstEnergy Utilities FirstEnergy Utilities Vice President Transmission Internal Auditing Executive Director Internal Auditing Information Technology Vice President IT Operation Senior Vice President Corporate Services & Chief Information Officer FERC Compliance Vice President Compliance and Regulated Services & Chief FERC Compliance Officer Enterprise-Wide Risk Management Vice President Corporate Risk & Chief Risk Officer FENOC (Nuclear) Senior Vice President Fleet Engineering Generation Vice President Fuel and Unit Dispatch Fossil Operations Vice President Fossil Fleet Operations Legal Associate General Counsel 8
9 Compliance History FirstEnergy has a single CIP Compliance Program All business units roll up to an overall corporate program Single CIP senior manager for FirstEnergy Common programs Use shared procedures across enterprise. Audit 2010 First CIP audit Audit 2012 Merged programs with Allegheny 18 registered entities Audit registered entities 9
10 Project Plan for Implementing CIPv5 Implementation was divided into 3 phases Phase I BES Cyber System Identification and Project Planning Phase II High and Medium Impact BES Cyber Systems Phase III Low Impact BES Cyber Systems Goal: Be compliant with Version 5 by Dec. 31, 2015 High and Medium BES Cyber Systems Shakedown: Jan. 1 March 31, 2016 (June 30, 2016) January 1, 2014 June 30, 2014 December 31, 2015 June 30, 2016 September 31, 2018 Phase I Phase II Shakedown Phase III 10
11 Project Team Core Team Executive Reliability Steering Committee ERSC Peter Buerling Project Manager Legal Internal Auditing Project Planning Consultant Consultant Project Planner IT Compliance CIP Compliance IT Operations Energy Delivery Planning & Protection FES Dispatch Cyber Security Transmission Physical Security Generation Track Lead Track Lead Track Lead Track Lead Track Lead Track Lead Track Lead Track Lead Track Lead 11
12 Challenges Identifying BES cyber systems Developed a methodology Top-down approach Unifying business units Maintaining a corporate approach Different architectures Mergers Outdated device inventories for new in-scope devices System switchovers Manual systems Concept of external routable connectivity 12
13 Challenges Working around outages Lead time for nuclear units Coordination with other utilities Implementation of CIP v6 Timing Lessons Learned, FAQs & pilot unreliable resources Timing Information Retraction approved vs. unapproved 13
14 CIP Version 5 Landscape As of Dec. 31, high-impact BES cyber systems 119 medium-impact BES cyber systems 895 low-impact assets with low-impact BES cyber systems 14
15 FE Transition Plan NERC provided a flexible enforcement approach for entities to start complying with some or all of V5 requirements while maintaining compliance with V3 requirements Only V3 CIP Cyber Assets and V3 requirements are subject to enforcement during the transition period Compliance with mostly compatible V5 requirement = V3 requirement compliance Transition Period Start Date Feb. 6, 2014 (FERC approves V5 standards) End Date July 1, 2016 (Medium- and high-impact BES cyber systems) 15
16 FE Transition Plan FE developed customized guidelines based on the NERC Transition Plan and other applicable regulatory documents. Implementation plans for V5 and V6 standards Lessons learned, FAQs, and informal regulatory guidance FAQ section provided guidance for specific internal scenarios that arose during transition Compliance with specific V3 annual requirements Initial versions encouraged early compliance with some V5 standards for new devices entering CIP program This piece meal compliance transition approach proved impractical FE transitioned to compliance with all CIP V5 Standards shortly before 12/31/
17 Maintaining Compliance During Transition Maintain a good compliance culture during transition BUs identify compliance concerns with new CIP V5 processes/procedures and notify FE Compliance FE Compliance forwards compliance concerns to PV Review Board when appropriate PV Review Board evaluates issues against both CIP V3 and V5 standard requirements BUs need to be able to identify V3 CIP Cyber Assets throughout the Transition Period Compliance issues associated with BES cyber assets that are not V3 critical cyber assets will result in no self-report Cause evaluations and corrective actions may be appropriate 17
18 IT Operations Leadership Managers engaged at PMO (provide resources, tear-down issues) Directors engaged at steering committee Leverage CIP v3 Work Control centers Partnering with transmission for substations Establishing ownership of device types Device replacement Implementation of Tripwire Baseline library Connected to more than 1,300 devices nightly to detect configuration changes 18
19 IT Operations Implementation of Intrusion Detection Systems and software (18 sites) Training Delta training for seasoned CIP v3 veterans Complete training for rookies More than 500 FE personnel and contractors participated in 1 or more of 15 modules. 19
20 Transmission FE Transmission start point no CIPv3 assets (devices) CIPv5 Transmission Environment >800 BES locations Filtered down to ~ 80 locations to evaluate individual assets Barcoded >20,000 assets (equipment, relays, meters, etc..) Information correlated for ~ 2,000 programmable CIPv5 devices/~ 190 makes/models through review of barcoding data, asset database, bill of materials, construction prints Developed nearly 200 Security Baseline Documents Security configurations Password strategy 20
21 Transmission (Continued) Mobilized Tiger Teams August-December, 2015 Team of best technicians and commissioning engineers for each of 10 Operating Companies CIPv5 assets tracked in separate database Processes manually supported 21
22 Transmission (Continued) Existing CIPv5 Sustainment New Organization created CIP Compliance Implementation Asset Tools Asset Operations Tight integrations with Design/Project Management/Commissioning for new installations Weekly Change Control Meetings with all parties for all field activities Field Training followed up with continued remote training Processes manual with incremental automation/efficiencies to existing 2015 procedures 22
23 Transmission (Continued) Future Improvements Tools Multi-year focus on data integrity across entire footprint Upgrades to Asset Inventory system Upgrades to remote connectivity tool and field assets Purchase and installation a comprehensive Operational Technology Configuration Management (OTCM) tool for all configurable devices within a substation including electromechanical 23
24 Transmission (Continued) Future Improvements Processes All new devices implemented with upgraded security parameters/passwords Limiting new makes/models Upgrade security and passwords of existing devices at maintenance cycles Data Governance Project (10 Applications/60 Attributes) 24
25 Generation Cyber system configuration determined compliance approach Corporate Methodology used to define system rating Medium-impact cyber systems were analyzed to determine if they could be reconfigured/split to be low-impact cyber system In-depth vendor studies used to further determine feasibility of conversion to low impact Approximately 2-year-long effort for analysis, design and implementation Some medium-impact cyber systems were left as medium impact 25
26 Generation Implementation of Plans All control work had detailed implementation plans jointly developed between plants and vendors to reduce outage duration Pre staged equipment and wiring Plant medium-impact cyber systems used corporate compliance program to achieve compliance. Plant cyber security representative (PCSR) position Key person during implementation of all compliance efforts Has general knowledge of the CIP Standards as they relate to plant equipment Has detailed knowledge of plant cyber systems Key person in change control process at plant 26
27 Corporate 27
28 Phase III Low Impact BES Cyber Systems Leverage project and governance structure put in place for Phases I and II Stood up strategy team for LEAP/LERC Stood up strategy team for transient cyber assets and removable media Build out project plan Tabletop exercise of connectivity prior to field visits 28
29 Controls Currently 217 controls have been identified for CIP v5 29
30 Compliance Concern Process 30
31 31
Low Impact Generation CIP Compliance. Ryan Walter
Low Impact Generation CIP Compliance Ryan Walter Agenda Entity Overview NERC CIP Introduction CIP-002-5.1, Asset Classification What Should Already be Done CIP-003-7, Low Impact Requirements Tri-State
More informationSPP RTO Compliance Forum Western Area Power Administration March 11, 2015
SPP RTO Compliance Forum Western Area Power Administration March 11, 2015 Mark Buchholz WAPA Upper Great Plains Region Compliance Manager What is Western? One of four Power Marketing Administration within
More informationCyber Security Reliability Standards CIP V5 Transition Guidance:
Cyber Security Reliability Standards CIP V5 Transition Guidance: ERO Compliance and Enforcement Activities during the Transition to the CIP Version 5 Reliability Standards To: Regional Entities and Responsible
More informationCritical Infrastructure Protection Version 5
Critical Infrastructure Protection Version 5 Tobias Whitney, Senior CIP Manager, Grid Assurance, NERC Compliance Committee Open Meeting August 9, 2017 Agenda Critical Infrastructure Protection (CIP) Standards
More informationCritical Cyber Asset Identification Security Management Controls
Implementation Plan Purpose On January 18, 2008, FERC (or Commission ) issued Order. 706 that approved Version 1 of the Critical Infrastructure Protection Reliability Standards, CIP-002-1 through CIP-009-1.
More informationNERC Overview and Compliance Update
NERC Overview and Compliance Update Eric Ruskamp Manager, Regulatory Compliance August 17, 2018 1 Agenda NERC Overview History Regulatory Hierarchy Reliability Standards Compliance Enforcement Compliance
More informationEEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,
EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1, 2008 www.morganlewis.com Overview Reliability Standards Enforcement Framework Critical Infrastructure Protection (CIP)
More informationCYBER SECURITY POLICY REVISION: 12
1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred
More informationEssential Reliability Services NERC Staff Report
Essential Reliability Services NERC Staff Report Mark Lauby, Senior Vice President and Chief Reliability Officer Annual Meeting of the National Conference of State Legislators August 20, 2014 About NERC
More informationCIP Standards Development Overview
CIP Standards Development Overview CSSDTO706 Meeting with FERC Technical Staff July 28, 2011 Objectives Historical Timeline CIP-002-4 CIP-005-4 CIP Version 5 2 Project 2008-06 Overview FERC Order 706 SDT
More informationCIP V5 Updates Midwest Energy Association Electrical Operations Conference
CIP V5 Updates Midwest Energy Association Electrical Operations Conference May 2015 Bob Yates, CISSP, MBA Principal Technical Auditor ReliabilityFirst Corporation Agenda Cyber Security Standards Version
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationStandard CIP Cyber Security Critical Cyber As s et Identification
A. Introduction 1. Title: Cyber Security Critical Cyber Asset Identification 2. Number: CIP-002-4 3. Purpose: NERC Standards CIP-002-4 through CIP-009-4 provide a cyber security framework for the identification
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014
Federal Energy Regulatory Commission Order No. 791 June 2, 2014 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently proposed
More informationFirstEnergy Facts at a Glance
FirstEnergy Facts at a Glance FirstEnergy is a diversified energy company involved in the generation, transmission and distribution of electricity Headquartered in Akron, Ohio Largest contiguous investor-owned
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationCyber Security Supply Chain Risk Management
Cyber Security Supply Chain Risk Management JoAnn Murphy, SDT Vice Chair, PJM Interconnection May 31, 2017 FERC Order No. 829 [the Commission directs] that NERC, pursuant to section 215(d)(5) of the FPA,
More informationPhysical Security Reliability Standard Implementation
Physical Security Reliability Standard Implementation Attachment 4b Action Information Background On March 7, 2014, the Commission issued an order directing NERC to submit for approval, within 90 days,
More informationNERC-Led Technical Conferences
NERC-Led Technical Conferences NERC s Headquarters Atlanta, GA Tuesday, January 21, 2014 Sheraton Phoenix Downtown Phoenix, AZ Thursday, January 23, 2014 Administrative Items NERC Antitrust Guidelines
More informationCyber Security Standards Drafting Team Update
Cyber Security Standards Drafting Team Update Michael Assante, VP & Chief Security Officer North American Electric Reliability Corp. February 3, 2008 Overview About NERC Project Background Proposed Modifications
More informationNERC Staff Organization Chart Budget 2017
NERC Staff Organization Chart Budget 2017 President and CEO Administrative Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel
More informationProject Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives
Project 2014-02 - Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives Violation Risk Factor and Justifications The tables
More informationStandard CIP-006-4c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-4c 3. Purpose: Standard CIP-006-4c is intended to ensure the implementation of a physical security
More informationCybersecurity for the Electric Grid
Cybersecurity for the Electric Grid Electric System Regulation, CIP and the Evolution of Transition to a Secure State A presentation for the National Association of Regulatory Utility Commissioners March
More informationStandard CIP Cyber Security Critical Cyber As s et Identification
A. Introduction 1. Title: Cyber Security Critical Cyber Asset Identification 2. Number: CIP-002-4 3. Purpose: NERC Standards CIP-002-4 through CIP-009-4 provide a cyber security framework for the identification
More informationDisclaimer Executive Summary Introduction Overall Application of Attachment Generation Transmission...
CIP-002-4 Cyber Security Critical Cyber Asset Identification Rationale and Implementation Reference Document September, 2010 Table of Contents TABLE OF CONTENts Disclaimer... 3 Executive Summary... 4 Introduction...
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationNORTH AMERICAN ELECTRIC RELIABILITY CORPORATION
NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION NARUC Energy Regulatory Partnership Program The Public Services Regulatory Commission of Armenia and The Iowa Utilities Board Janet Amick Senior Utility
More informationReliability Standards Development Plan
Reliability Standards Development Plan Steven Noess, Director of Standards Development Standards Oversight and Technology Committee Meeting November 1, 2016 2017-2019 Reliability Standards Development
More informationOPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith
OPUC Workshop March 13, 2015 Cyber Security Electric Utilities Portland General Electric Co. Travis Anderson Scott Smith 1 CIP Version 5 PGE Implementation Understanding the Regulations PGE Attended WECC
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationCyber and Physical Security: An Integrated Approach Tim Rigg Managing Director, Enterprise Protective Services
A Cultural Petri Dish Cyber and Physical Security: An Integrated Approach Tim Rigg Managing Director, Enterprise Protective Services 2012 NERC Grid Security Conference San Diego, CA October 16-18, 2012
More informationNERC Staff Organization Chart Budget 2018
NERC Staff Organization Chart Budget 2018 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate
More informationNERC Staff Organization Chart Budget 2019
NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate
More informationEHS Steering Team Meting, 2008
EHS Steering Team Meting t, 2008 Duke Energy Fast Facts Duke Energy Corporation is an energy company headquartered in Charlotte, N.C. Its Regulated Utilities business unit serves 7.3 million retail electric
More informationNERC Staff Organization Chart 2015 Budget
NERC Staff Organization Chart President and CEO (Dept. 2100) Executive Assistant (Dept. 2100) Associate Director, Member Relations and MRC Secretary (Dept. 2100) Senior Vice President and Chief Reliability
More informationMANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors
Page 1 of 6 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: June 1, 2018 Contact for More Information: HIPAA Privacy Officer Board Policy Administrative
More informationNew Brunswick 2018 Annual Implementation Plan Version 1
New Brunswick Energy and Utilities Board Reliability Standards, Compliance and Enforcement Program New Brunswick 2018 Annual Implementation Plan Version 1 December 28, 2017 Table of Contents Version History...
More informationCIP Standards Update. SANS Process Control & SCADA Security Summit March 29, Michael Assante Patrick C Miller
CIP Standards Update SANS Process Control & SCADA Security Summit March 29, 2010 Michael Assante Patrick C Miller Background FERC s Cyber Security Order 706 directed extensive modifications of CIP-002
More informationIntegrated Distributed Energy Resources Management Pilot
Integrated Distributed Energy Resources Management Pilot Said Abboudi Chief Business Development Officer BP Global l EMEA December 9, 2008 Outline Jersey Central Power & ight / FirstEnergy Facts BP Global
More informationAnalysis of CIP-006 and CIP-007 Violations
Electric Reliability Organization (ERO) Compliance Analysis Report Reliability Standard CIP-006 Physical Security of Critical Cyber Assets Reliability Standard CIP-007 Systems Security Management December
More informationCritical Asset Identification Methodology. William E. McEvoy Northeast Utilities
Critical Asset Identification Methodology William E. McEvoy Northeast Utilities Disclaimer This NPCC TFIST workshop provides a forum for the presentation and discussion of member experience in the implementation
More informationNERC Staff Organization Chart Budget 2019
NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Officer Senior Vice President, General Counsel and Corporate
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015
Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently
More informationGovernment of Canada IPv6 Adoption Strategy. IEEE International Conference on Communications (ICC 12) June 14 th, 2012
Government of Canada IPv6 Adoption Strategy IEEE International Conference on Communications (ICC 12) June 14 th, 2012 IPv6 Context The internet is running out of IPv4 addresses now IPv6 is here RIPE NCC
More informationNERC Staff Organization Chart
NERC Staff Organization Chart President and CEO Administrative Associate Director to the Office of the CEO Associate Director, Member Relations and MRC Secretary Senior Vice President and Chief Reliability
More informationERO Enterprise Strategic Planning Redesign
ERO Enterprise Strategic Planning Redesign Mark Lauby, Senior Vice President and Chief Reliability Officer Member Representatives Committee Meeting February 10, 2016 Strategic Planning Redesign Current
More informationGridEx IV Panel Discussion
GridEx IV Panel Discussion NERC GridSecCon October, 2016 1 Generation 254 GW Transmission Geography 120,000 Miles 22 States GridEx IV Panel Discussion Focus on Operations NERC GridSecCon October 20, 2016
More informationERO Enterprise Registration Practice Guide: Distribution Provider directly connected Determinations Version 2: July 5, 2018
ERO Enterprise Registration Practice Guide: Distribution Provider directly connected Determinations Version 2: July 5, 2018 Purpose The purpose of this Practice Guide is provide a reference to be used
More informationCIP Cyber Security Configuration Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationThis section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft
More informationCyber Security Update. Bennett L. Gaines Senior Vice President, Corporate Services, CIO, FirstEnergy 2012 Summer Seminar August 5-7, 2012
Cyber Security Update Bennett L. Gaines Senior Vice President, Corporate Services, CIO, FirstEnergy 2012 Summer Seminar August 5-7, 2012 Agenda Timeline Regulatory / Compliance Environment Smart Grid Threats
More informationNERC Staff Organization Chart Budget 2017
NERC Staff Organization Chart Budget 2017 President and CEO Administrative Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationDRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1
DRAFT Cyber Security Communications between Control Centers Technical Rationale and Justification for Reliability Standard CIP-012-1 March May 2018 NERC Report Title Report Date I Table of Contents Preface...
More informationThis draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationBoard of Trustees Compliance Committee
Board of Trustees Compliance Committee August 13, 2014 10:00 a.m. 11:00 a.m. Pacific The Westin Bayshore 1601 Bayshore Drive Vancouver, BC V6G 2V4 Reliability Assurance Initiative (RAI) Progress Report
More informationFirstEnergy s Pennsylvania utilities
September 2016 1 September 2016 2 FirstEnergy Profile Fortune 200 company based in Akron, Ohio Among the largest investor-owned electric systems in U.S. 6 million customers served in Midwest and Mid-Atlantic
More informationCIP Cyber Security Recovery Plans for BES Cyber Systems
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationCIP Cyber Security Security Management Controls. Standard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationMember Representatives Committee Meeting
Member Representatives Committee Meeting August 13, 2014 1:15 p.m. 5:15 p.m. Pacific The Westin Bayshore, Vancouver 1601 Bayshore Drive Vancouver, BC V6G 2V4 Canada Opening Remarks by MRC Chair Consent
More informationCCC Compliance Guidance Task Force. Patti Metro, Manager, Transmission & Reliability Standards, NRECA Compliance Committee May 4, 2016
CCC Compliance Guidance Task Force Patti Metro, Manager, Transmission & Reliability Standards, NRECA Compliance Committee May 4, 2016 Key CCC Compliance Guidance Task Force Deliverables Developed procedure
More informationCIP Cyber Security Standards. Development Update
CIP Cyber Security Standards Development Update John Lim Consolidated Edison Co. of New York Rob Antonishen Ontario Power Generation September 21-22, 2010 1 Disclaimer This NPCC TFIST workshop provides
More informationCIP Version 5 Transition. Steven Noess, Director of Compliance Assurance Member Representatives Committee Meeting November 12, 2014
CIP Version 5 Transition Steven Noess, Director of Compliance Assurance Member Representatives Committee Meeting November 12, 2014 Purpose of the Transition Program Transitioning entities confident in
More informationFrom: Laura Manz, Vice President of Market & Infrastructure Development
California Independent System Operator Corporation Memorandum To: ISO Board of Governors From: Laura Manz, Vice President of Market & Infrastructure Development Date: May 8, 2009 Re: Decision for Conditional
More informationStandard CIP Cyber Security Incident Reporting and Response Planning
A. Introduction 1. Title: Cyber Security Incident Reporting and Response Planning 2. Number: CIP-008-4 3. Purpose: Standard CIP-008-4 ensures the identification, classification, response, and reporting
More informationCritical Infrastructure Protection (CIP) Version 5 Revisions. Standard Drafting Team Update Industry Webinar September 19, 2014
Critical Infrastructure Protection (CIP) Version 5 Revisions Standard Drafting Team Update Industry Webinar September 19, 2014 Administrative Items NERC Antitrust Guidelines It is NERC s policy and practice
More informationGrid Security & NERC
Grid Security & NERC Janet Sena, Senior Vice President, Policy and External Affairs Southern States Energy Board 2017 Associate Members Winter Meeting February 27, 2017 Recent NERC History Energy Policy
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More informationGrid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016
Grid Security & NERC Council of State Governments The Future of American Electricity Policy Academy Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016 1965 Northeast blackout
More informationStandard CIP-006-3c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3c 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security
More informationWECC Internal Controls Evaluation Process WECC Compliance Oversight Effective date: October 15, 2017
WECC Internal Controls Evaluation Process WECC Compliance Oversight Effective date: October 15, 2017 155 North 400 West, Suite 200 Salt Lake City, Utah 84103-1114 WECC Internal Controls Evaluation Process
More informationStandard CIP 007 4a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4a 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for
More informationNERC Monitoring and Situational Awareness Conference: Loss of Control Center Procedures and Testing Practices
NERC Monitoring and Situational Awareness Conference: Loss of Control Center Procedures and Testing Practices Ed Batalla Director of Technology Florida Power & Light Company September 19, 2013 Florida
More informationChief Executive Officer. Pacific Northwest Utilities Conference Committee Portland, Oregon March 8, 2013
Mark W. Maher Chief Executive Officer Pacific Northwest Utilities Conference Committee Portland, Oregon March 8, 2013 Agenda WECC Overview WECC Strategic Planning Initiative Western Interconnection Synchrophasor
More informationHistory of NERC December 2012
History of NERC December 2012 Timeline Date 1962-1963 November 9, 1965 1967 1967-1968 June 1, 1968 July 13-14, 1977 1979 1980 Description Industry creates an informal, voluntary organization of operating
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Worksheet 1 CIP-002-5.1 Cyber Security BES Cyber System Categorization This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered Entity: NCR
More informationProposed Clean and Redline for Version 2 Implementation Plan
Exhibit A Implementation Plans for CIP-002-2 through CIP-009-2 and CIP-002-3 and CIP-009-3 For Generator Owners and Generator Operators of U.S. Nuclear Power Plants Proposed Clean and Redline for Version
More informationUnofficial Comment Form Project Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i)
Unofficial Comment Form Project 2016-02 Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i) Do not use this form for submitting comments. Use the electronic form to submit
More informationImplementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities
Implementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities This Implementation Plan applies to Cyber Security Standards CIP-002-2 through CIP-009-2 and CIP-002-3 through
More informationStandard CIP Cyber Security Security Management Controls
A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-4 3. Purpose: Standard CIP-003-4 requires that Responsible Entities have minimum security management controls in
More informationTitle. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.
Critical Infrastructure Protection Getting Low with a Touch of Medium Title CanWEA Operations and Maintenance Summit 2018 January 30, 2018 George E. Brown Compliance Manager Acciona Wind Energy Canada
More informationWorkshop J. FirstEnergy Pennsylvania - Met-Ed, Penelec, Penn Power, West Penn Power: Electric Rates & Tariffs. 1:45 p.m. to 2:45 p.m.
Workshop J FirstEnergy Pennsylvania - Met-Ed, Penelec, Penn Power, West Penn Power: Electric Rates & Tariffs 1:45 p.m. to 2:45 p.m. Biographical Information Charles V. Fullem, Director Rates & Regulatory
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationImplementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities
Implementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities This Implementation Plan applies to Cyber Security Standards CIP-002-2 through CIP-009-2 and CIP-002-3 through
More informationERO Enterprise IT Projects Update
ERO Enterprise IT Projects Update Stan Hoptroff, Vice President, Chief Technology Officer and Director of Information Technology Technology and Security Committee Meeting November 6, 2018 Agenda ERO IT
More informationNORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives
NORTH CAROLINA MANAGING RISK IN THE INFORMATION TECHNOLOGY ENTERPRISE NC MRITE Nominating Category: Nominator: Ann V. Garrett Chief Security and Risk Officer State of North Carolina Office of Information
More informationImpacts and Implementation: NERC Reliability Standards, Compliance Initiatives, and Regulatory Activities
Impacts and Implementation: NERC Reliability Standards, Compliance Initiatives, and Regulatory Activities NRECA TechAdvantage March 2014 Patti Metro Manager, Transmission & Reliability Standards NRECA
More informationSOUTHERN CALIFORNIA EDISON COMPANY
SOUTHERN CALIFORNIA EDISON COMPANY COMPLIANCE PROCEDURES IMPLEMENTING FERC ORDER 717C STANDARDS OF CONDUCT Version 1.2 Updated June 14, 2017 Purpose: To provide Southern California Edison s (SCE) overall
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationplaybook OpShield for NERC CIP 5 sales PlAy
playbook OpShield for NERC CIP 5 sales PlAy OpShield for NERC CIP 5 The Problem U.S. bulk power entities are federally mandated to comply with NERC CIP requirements that dictate industrial security and
More informationIntegrated Resource Planning April 20, 2010
Integrated Resource Planning April 20, 2010 Judy Stokey, Executive Government and External Affairs Jack McGinley, Development Director, Renewables Gary Smith, Project Director-Smart Technologies Presentation
More informationNERC Staff Organization Chart Budget
NERC Staff Organization Chart 2013 2014 President and CEO (Dept. 2100) Executive Assistant (Dept. 2100) Senior Vice President and Chief Operating Officer (Dept. 2100) Senior Vice President General Counsel
More informationCIP Cyber Security Personnel & Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-6 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the Bulk Electric
More informationReviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.
Assistant Deputy Minister (Review Services) Reviewed by in accordance with the Access to Information Act. Information UNCLASSIFIED. Security Audits: Management Action Plan Follow-up December 2015 1850-3-003
More informationSME License Order Working Group Update - Webinar #3 Call in number:
SME License Order Working Group Update - Webinar #3 Call in number: Canada Local: +1-416-915-8942 Canada Toll Free: +1-855-244-8680 Event Number: 662 298 966 Attendee ID: check your WebEx session under
More informationBusiness Continuity An Integral Part of Risk Management At Constellation Energy
Business Continuity An Integral Part of Risk Management At Constellation Energy World Disaster Management Conference Toronto, Canada June 19, 2006 Robert W. Cornelius Director Business Continuity Operating
More informationWECC Criterion MOD-(11 and 13)-WECC-CRT-1.1
WECC Criterion MOD-(11 and 13)-WECC-CRT-1.1 A. Introduction 1. Title: Steady State and Dynamic Data Requirements 2. Number: MOD-(11 and 13)-WECC-CRT-1.1 3. Purpose: To establish the consistent data requirements
More informationIntroduction to the NYISO
Introduction to the NYISO Power Control Center Guilderland, NY July 21, 2011 1 Today s Topics NYISO History NYISO Roles & Governance NYISO Markets Building Reliability Emerging Trends 2 Evolution of the
More informationA. Introduction 1. Title: 2. Number: 3. Purpose: 4. Applicability: 4.1. Functional Entities: Balancing Authority Distribution Provider
The Background, VRF/VSLs, and Guidelines and Technical Basis Sections have been removed for this informal posting. The Project 2016-02 is seeking comments around the concept of the Requirement/Measure
More information