CIP V5 Implementation Study SMUD s Experience
|
|
- Dominick Lindsey
- 5 years ago
- Views:
Transcription
1 CIP V5 Implementation Study SMUD s Experience Tim Kelley October 16, 2014 Powering forward. Together.
2 SMUD Fast Facts General Information SMUD employs approximately 2,000 individuals Service area of 900 square miles Population served is 1.4 million ~625,000 customers 477 miles of transmission Peak Load (MW): 3,300 (SMUD), 5,000 (BANC) Generation Specifics 1,000 MW of thermal generation (9 BES Units) 688 MW Hydro (7 BES Units) 100 MW of solar generation 230 MW of wind generation within the California ISO NERC Registrations TOP, TO, GO, GOP, TSP, TP, PA, RP, DP, PSE, LSE - Also performs BA reliability compliance for the BANC 2
3 Study Participants 3
4 Overview of CIP Standards Critical Infrastructure Protection (CIP) Standards: CIP BES Cyber System Categorization CIP Security Management Controls CIP Personnel and Training CIP Electronic Security Perimeter CIP Physical Security of BES Cyber Systems CIP System Security Management CIP Incident Reporting and Response Planning CIP Recovery Plans for BES Cyber Systems CIP Configuration Mgt. and Vulnerability Assessments (new, V5) CIP Information Protection (new, V5) 4
5 V3 to V5 Changes Version 3 Version 5 Version 3 Version 5 High Impact (control centers) *Primary Control Center *Backup Control Center *Distribution Control Center (new) Medium Impact (substations) *Substation #1 (new) Substation #2 (new) Substation #3 (new) Substation #4 (new) (* included in V5 Study scope) 5
6 V5 Major Impacts Cyber Security BES Cyber Assets increased from 119 to 391 devices (228% ) Evidence requirements for CIP-007 increased: From 3,332 to 10,948 pieces Firewalls and cyber monitoring at substations (PSP, ESP, EAP, EACMS) Patch Management: Assess all security patches for all assets every 35 days Installed in test environment, security scans performed In v3 - patches applied on 6-9 month cycle Logging: Review every 15 days Configuration management every 30 days (annually in v3) 6
7 V5 Major Impacts Physical Security 150 to 250 additional employees under CIP-004 training and PRAs now required Substation relays and RTUs are now in scope Badge readers at the substations Dual authentication at the control centers badge readers and PIN-pads Access to cyber assets removed within 24 hours instead of 7 days. 7
8 Study Timeline and Beyond Key Dates and Goals: July 31, 2014 Oct. 13, 2014 January 1, 2015 July 1, 2015 April 1, 2016 Study Milestones Completed Study Report Released V5 Compliant at PCC, BCC, DCC, (1) MI Substation V5 Compliant at Remaining 3 Medium Impact Substation V5 Effective & Enforceable 8
9 CIP BES Cyber System Categorization
10 What is a BES Cyber Asset (BCA)? BCA definition Cyber Asset that if rendered unavailable, degraded, or misused would, within 15 minutes of its required operation, misoperation, or non operation, adversely impact one or more Facilities, systems, or equipment, which, if destroyed, degraded, or otherwise rendered unavailable when needed, would affect the reliable operation of the Bulk Electric System. Redundancy of affected Facilities, systems, and equipment shall not be considered when determining adverse impact. [more ] 10
11 What is a BES Cyber Asset (BCA)? Recommend you define what is a Cyber Asset What? Cyber Asset is already defined, right? Cyber Asset definition Programmable electronic devices, and communication networks including the hardware, software, and data in those devices. Recommend you define what is a programmable device Lots of discussion around differences of programmable and configurable SMUD s definition of programmable = Anything with a microprocessor in it 11
12 BCS Categorization Process Keep It Simple! SMUD s process includes 3 documents Procedure (only 5 pages) Facilities Analysis (spreadsheet) BES Cyber Asset List (spreadsheet) Steps: Complete a list of SMUD s assets that impact BES Apply Attachment 1 IRC to list to determine facility levels For all High and Medium Impact control centers: List all Cyber Assets (CA) in the host file used by the EMS Scan each network in host file for devices not already listed Perform physical inspection at each MI, HI control center 12
13 Facilities Analysis 13
14 BCS Categorization Process (cont d) MI facilities that are not control centers (substations and generating plants) inventory all CAs in control bldg. Determine CAs from preliminary list that are BCA Criteria used for this determination is the applicability of BES Reliability Operating Services along with the definition of a BES Cyber Asset specifically that if rendered unavailable, degraded, or misused would, within 15 minutes adversely impact the reliable operation of the BES. Determine each CA from preliminary list that are: PCA, EACMS, or PACS Associate BCAs, PCAs, EACMSs and PACs to the appropriate BES Cyber System (in following list:) 14
15 BCS Categorization Process (cont d) In general, BCS are large groupings of Cyber Assets One BCS per asset (i.e.): PCC BCS Substation 1 BCS Substation 2 BCS Entity has flexibility to create/group their Cyber Assets into BCS as they see fit 15
16 Non-BCA Examples Pi Historian Pi Servers push data (one direction only) Pi data serves to augment functions within the control center, used to create other views and nice visualizations Evidence stacking: Real-time decisions are not made using Pi data No alarm summaries on Pi Everything displayed on Pi is already in the EMS Operators trained to verify Pi displays with EMS console Caution: Could be considered BCA if operators use the data for real-time decision-making or situational awareness 16
17 Non-BCA Examples Control Room Wallboards EMS servers push wallboard data to a server in DMZ Data is then pushed to wallboard display servers on corporate network Operating procedures call for failures to be addressed on next-business day Not used for system control (no touch-screen capability, cannot operate BES elements from the board) Transmission system fits onto one EMS console screen 17
18 Non-BCA Examples OATi webtrans SMUD does not utilize locally-staged scheduling software uses OATi webtrans All individual schedules are handled through e-tags Operations does not enter any schedules; power marketing group does OATi in Minneapolis consolidates data they receive into interchange numbers OATi webtrans is not a BCA 18
19 V5 Study Lessons Learned
20 Introducing CIP Compliance to Newbies Newbies substation and generation facilities with no prior CIP experience (no Version 3 CCAs) SMUD treated this as a separate project for CIP-004 & 006 Things to consider: Communications s, signs, meetings, tailgates, intranet Training V5 revised, new assets, new personnel, role based PRAs Scheduling, labor agreements, communications 2 Factor Authentication Installation, programming (PIN & thumbs) Visitor Control Program communications Shared Facilities communicate, vet outside personnel (how?) Timing of Everything create a detailed schedule 20
21 21
22 V5 Documentation - Procedure Template EMS Substation Real Time (RTUs and associated equipment) Relays and Communication Processors Jump Hosts (EACM to the listed BES Cyber Systems) EACM devices, other than Jump Hosts (firewalls, routers and switches, Ciscoworks, ACS) IDS devices, SIEM collectors & associated Mgt. Consoles Active Directory Servers at PCC and BCC PACS System & Door Panel Controllers Revenue Meters No ERC Emergency Backup System RTU No ERC 22
23 Devices Directly Accessed through ERC Background: ERC (External Routable Connectivity) Definition of Medium Impact BCS with ERC: Only applies to medium impact BES Cyber Systems with External Routable Connectivity. This also excludes Cyber Assets in the BES Cyber System that cannot be directly accessed through External Routable Connectivity. 23
24 Devices Directly Accessed through ERC Question: For protection relays in a BES Cyber System that are serially connected to a router/protocol converter and the router/protocol converter has External Routable Connectivity, are the relays themselves considered Cyber Assets in the BES Cyber System that can be directly accessed through External Routable Connectivity? Answer: Yes, the protection relays would be considered Cyber Assets with External Routable Connectivity (ERC). If they re connected to the router/protocol converter and they can be accessed outside of its associated Electronic Security Perimeter via a bidirectional routable protocol connection, it doesn t matter if they are serially connected. A protocol converter cannot be used to avoid compliance. If the relay can be accessed and its state can be changed through any means using a bi-directional routable protocol connection, then it is considered to have ERC. 24
25 Devices Directly Accessed through ERC If you can connect to and change the relay settings from a routable protocol connection (I/P), the relays are to be treated as having ERC CAUTION: Lesson Learned is under review by CIP V5 Advisory Group 25
26 Impact Ratings of Cyber Assets and Facilities Using a Shared EMS Background: The entity has a single Energy Management System (EMS) that services both transmission and distribution operations. The Distribution Operations Control Center (DOCC) located inside the entity s Distribution facility does not control any BES elements, however, the DOCC shares the same EMS as the Primary Control Center (PCC) which is classified as a High Impact facility. The entity has identified its EMS at the PCC as a BCS. 26
27 Impact Ratings of Cyber Assets and Facilities Using a Shared EMS Question: In this case, are the EMS DOCC Human Machine Interface (HMI) consoles classified as High impact BES Cyber Assets as part of the main EMS? Question: If so, how is the balance of the Distribution facility, outside of the DOCC, evaluated? Answer: In this case, the HMI consoles at the DOCC use the same EMS as the PCC and it is only logical configuration that prevents a distribution operator from performing transmission operations. Therefore, due to the connectivity and possible misuse of the DOCC HMI consoles, these Cyber Assets should be treated as High Impact. The High Impact rating applies even though the Cyber Assets at the DOCC and PCC have separate Physical and Electronic Security Perimeters. 27
28 BES Cyber System (BCS) boundaries Question: Can a BCS span multiple facilities and locations? 28
29 Simple rules for BCA, BCS, and PSP Background: An entity has a Medium Impact substation that contains a Protection System BES Cyber System (BCS) and a single BES Cyber Asset (BCA). The single BCA has no routable connectivity and is not part of the Protection System BCS. 29
30 Simple rules for BCA, BCS, and PSP Question: Does the single BCA need to be associated with a BES Cyber System (BCS)? Answer: Yes. Every BCA must be associated with a BCS. A BCS can also contain just one BCA. Therefore, in this case, the entity may create a separate BCS that only contains the single BCA, or it may associate the single BCA with the Protection Systems BCS. If the entity chooses the later option, the single BCA must be protected as a BCA with no ERC and not as a Protected Cyber Asset (PCA) inside the ESP. 30
31 Simple rules for BCA, BCS, and PSP Question: Does the single BCA need to be inside an Electronic Security Perimeter (ESP)? Answer: No. A cyber device with no routable connectivity, external or otherwise, cannot be inside an ESP. Question: Does a BCS have to reside entirely within an Electronic Security Perimeter (ESP)? Answer: No. A BCS may have Cyber Assets outside of an ESP. A BCS can contain BCAs in multiple ESPs. A BCS may contain BCAs in multiple PSPs. However the BCS is defined, it must meet the CIP V5 Standards at the system level for all of its component BCAs. 31
32 Simple rules for BCA, BCS, and PSP 32
33 CIP-004 R3 Existing PRAs Question: Do existing Personnel Risk Assessments performed under CIP-004 Version 3 need to be redone under Version 5 by April 1, 2016 to meet compliance with the new seven year criminal history records check requirements? Answer: No. As long as the background check has not exceeded the seven year requirement, there is no need to do it again. All PRA completed prior to April 1, 2016 that are compliant with CIP-004 Version 3 will be grandfathered in under Version 5 as compliant. 33
34 Questions 34
Lesson Learned CIP Version 5 Transition Program CIP : Communications and Networking Cyber Assets Version: October 6, 2015
Lesson Learned CIP Version 5 Transition Program CIP-002-5.1: Communications and Networking Cyber Assets Version: October 6, 2015 Authorized by the Standards Committee on October 29, 2015 for posting as
More informationTitle. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.
Critical Infrastructure Protection Getting Low with a Touch of Medium Title CanWEA Operations and Maintenance Summit 2018 January 30, 2018 George E. Brown Compliance Manager Acciona Wind Energy Canada
More informationPurpose. ERO Enterprise-Endorsed Implementation Guidance
Lesson Learned CIP Version 5 Transition Program CIP-002-5.1 Requirement R1: Impact Rating of Generation Resource Shared BES Cyber Systems Version: January 29, 2015 Authorized by the Standards Committee
More informationCIP V5 Updates Midwest Energy Association Electrical Operations Conference
CIP V5 Updates Midwest Energy Association Electrical Operations Conference May 2015 Bob Yates, CISSP, MBA Principal Technical Auditor ReliabilityFirst Corporation Agenda Cyber Security Standards Version
More informationImplementation Plan. Project CIP Version 5 Revisions. January 23, 2015
Implementation Plan Project 2014-02 CIP Version 5 Revisions January 23, 2015 This Implementation Plan for the Reliability Standards developed as part of Project 2014-02 CIP Version 5 Revisions replaces
More informationImplementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015
Implementation Plan Project 2014-02 CIP Version 5 Revisions January 23, 2015 This Implementation Plan for the Reliability Standards developed as part of Project 2014 02 CIP Version 5 Revisions replaces
More informationLesson Learned CIP Version 5 Transition Program
Lesson Learned CIP Version 5 Transition Program CIP-002-5: BES Cyber Assets Version: December 7, 2015 This document is designed to convey lessons learned from NERC s various CIP version 5 transition activities.
More informationCritical Infrastructure Protection (CIP) Version 5 Revisions. Standard Drafting Team Update Industry Webinar September 19, 2014
Critical Infrastructure Protection (CIP) Version 5 Revisions Standard Drafting Team Update Industry Webinar September 19, 2014 Administrative Items NERC Antitrust Guidelines It is NERC s policy and practice
More informationCyber Threats? How to Stop?
Cyber Threats? How to Stop? North American Grid Security Standards Jessica Bian, Director of Performance Analysis North American Electric Reliability Corporation AORC CIGRE Technical Meeting, September
More informationLesson Learned CIP Version 5 Transition Program CIP R1: Grouping BES Cyber Assets Version: September 8, 2015
Lesson Learned CIP Version 5 Transition Program CIP-002-5.1 R1: Grouping BES Cyber Assets Version: September 8, 2015 This document is designed to convey lessons learned from NERC s various CIP version
More informationLow Impact Generation CIP Compliance. Ryan Walter
Low Impact Generation CIP Compliance Ryan Walter Agenda Entity Overview NERC CIP Introduction CIP-002-5.1, Asset Classification What Should Already be Done CIP-003-7, Low Impact Requirements Tri-State
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationNB Appendix CIP NB-0 - Cyber Security Recovery Plans for BES Cyber Systems
This appendix establishes modifications to the FERC approved NERC standard CIP-009-6 for its specific application in New Brunswick. This appendix must be read with CIP-009-6 to determine a full understanding
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationLesson Learned CIP Version 5 Transition Program CIP R1: Grouping BES Cyber Assets Version: March 2, 2014
Lesson Learned CIP Version 5 Transition Program CIP-002-5.1 R1: Grouping BES Cyber Assets Version: March 2, 2014 This document is designed to convey lessons learned from NERC s various CIP version 5 transition
More informationSummary of FERC Order No. 791
Summary of FERC Order No. 791 On November 22, 2013, the Federal Energy Regulatory Commission ( FERC or Commission ) issued Order No. 791 adopting a rule that approved Version 5 of the Critical Infrastructure
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Worksheet 1 CIP-006-6 Cyber Security Physical Security of BES Cyber Systems This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered Entity:
More informationCIP Cyber Security Personnel & Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-5.1 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the BES from individuals
More informationCYBER SECURITY POLICY REVISION: 12
1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Worksheet 1 CIP-002-5.1 Cyber Security BES Cyber System Categorization This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered Entity: NCR
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationProject Modifications to CIP Standards
Project 2016-02 Modifications to CIP Standards Virtualization and other Technology Innovations Presenters Jay Cribb, Southern Company Steve Brain, Dominion Energy Forrest Krigbaum, Bonneville Power Administration
More informationDRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1
DRAFT Cyber Security Communications between Control Centers Technical Rationale and Justification for Reliability Standard CIP-012-1 March May 2018 NERC Report Title Report Date I Table of Contents Preface...
More informationThis draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationCIP Cyber Security Personnel & Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-6 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the Bulk Electric
More informationFrequently Asked Questions CIP Version 5 Standards April 1, 2015
Frequently Asked Questions CIP Version 5 Standards April 1, 2015 This draft document provides answers to questions asked by entities as they transition to the CIP Version 5 Reliability Standards. The information
More informationDraft CIP Standards Version 5
Draft CIP Standards Version 5 Technical Webinar Part 1 Project 2008-06 Cyber Security Order 706 Standards Drafting Team November 15, 2011 Agenda Opening Remarks John Lim, Consolidated Edison, Chair V5
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationNew Brunswick 2018 Annual Implementation Plan Version 1
New Brunswick Energy and Utilities Board Reliability Standards, Compliance and Enforcement Program New Brunswick 2018 Annual Implementation Plan Version 1 December 28, 2017 Table of Contents Version History...
More informationStandard Development Timeline
CIP-002-6 Cyber Security BES Cyber System Categorization Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the
More informationLesson Learned CIP Version 5 Transition Program CIP : Communications and Networking Cyber Assets Draft Version: August 18, 2015
Lesson Learned CIP Version 5 Transition Program CIP-002-5.1: Communications and Networking Cyber Assets Draft Version: August 18, 2015 This document is designed to convey lessons learned from NERC s various
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Wksheet 1 CIP-004-6 Cyber Security Personnel & Training This section to be completed by the Compliance Enfcement Authity. Audit ID: Registered Entity: NCR Number: Compliance
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationStandard Development Timeline
CIP-002-6 Cyber Security BES Cyber System Categorization Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the
More informationCIP Version 5 Evidence Request User Guide
CIP Version 5 Evidence Request User Guide Version 1.0 December 15, 2015 NERC Report Title Report Date I Table of Contents Preface... iv Introduction... v Purpose... v Evidence Request Flow... v Sampling...
More informationLesson Learned CIP Version 5 Transition Program
Lesson Learned CIP Version 5 Transition Program CIP-002-5: BES Cyber Assets Version: September 9, 2015 This document is designed to convey lessons learned from NERC s various CIP version 5 transition activities.
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationCIP Cyber Security Configuration Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More information1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010
Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes
More informationPotential CIP decision tree for PMUs
Potential CIP decision tree for PMUs Questions Is the PMU used to control and/or protect high or medium classified BES equipment? If Yes, device should be classified CIP JDK Comments If any type of automated
More informationStandard CIP Cyber Security Critical Cyber As s et Identification
A. Introduction 1. Title: Cyber Security Critical Cyber Asset Identification 2. Number: CIP-002-4 3. Purpose: NERC Standards CIP-002-4 through CIP-009-4 provide a cyber security framework for the identification
More informationFrequently Asked Questions CIP Version 5 Standards Consolidated FAQs and Answers Version: October 2015
Frequently Asked Questions CIP Version 5 Standards Consolidated FAQs and Answers Version: October 2015 This document is designed to provide answers to questions asked by entities as they transition to
More informationStandard CIP Cyber Security Critical Cyber As s et Identification
A. Introduction 1. Title: Cyber Security Critical Cyber Asset Identification 2. Number: CIP-002-4 3. Purpose: NERC Standards CIP-002-4 through CIP-009-4 provide a cyber security framework for the identification
More informationCIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security System Security Management 2. Number: CIP-007-5 3. Purpose: To manage system security by specifying select technical, operational, and procedural requirements in
More informationNB Appendix CIP NB-0 - Cyber Security Personnel & Training
This appendix establishes modifications to the FERC approved NERC standard CIP-004-5.1 for its specific application in New Brunswick. This appendix must be read with CIP-004-5.1 to determine a full understanding
More informationCIP Cyber Security Physical Security of BES Cyber Systems
A. Introduction 1. Title: Cyber Security Physical Security of BES Cyber Systems 2. Number: CIP-006-5 3. Purpose: To manage physical access to BES Cyber Systems by specifying a physical security plan in
More informationCybersecurity for the Electric Grid
Cybersecurity for the Electric Grid Electric System Regulation, CIP and the Evolution of Transition to a Secure State A presentation for the National Association of Regulatory Utility Commissioners March
More informationProject Modifications to CIP Standards. Technical Conference April 19, 2016 Atlanta, GA
Project 2016-02 Modifications to CIP Standards Technical Conference April 19, 2016 Atlanta, GA Agenda Welcome Steven Noess NERC Antitrust Compliance Guidelines and Public Announcement* - Al McMeekin Logistics
More informationrequirements in a NERC or Regional Reliability Standard.
CIP 002 5.1 Cyber Security BES Cyber System Categorization A. Introduction 1. Title: Cyber Security BES Cyber System Categorization 2. Number: CIP 002 5.1 3. Purpose: To identify and categorize BES Cyber
More informationA. Introduction 1. Title: 2. Number: 3. Purpose: 4. Applicability: 4.1. Functional Entities: Balancing Authority Distribution Provider
The Background, VRF/VSLs, and Guidelines and Technical Basis Sections have been removed for this informal posting. The Project 2016-02 is seeking comments around the concept of the Requirement/Measure
More informationCIP Configuration Change Management & Vulnerability Assessments
CIP-010-2 Configuration Change Management & Vulnerability Assessments FRCC Spring RE Workshop April 17-18, 2018 Objective Change Management to prevent unauthorized modifications to Bulk Electric Systems
More informationCIP Cyber Security Security Management Controls
A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-6 3. Purpose: To specify consistent and sustainable security management controls that establish responsibility and
More informationCIP Cyber Security Physical Security of BES Cyber Systems
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationHang on it s going to be a wild ride
AGA/EEI Utility Internal Auditor's Training Course Washington, DC August 26, 2015 Hang on it s going to be a wild ride There are no NERC CIP Babel Fish "The Babel fish is small, yellow, leech-like, and
More informationTechnical Questions and Answers CIP Version 5 Standards Version: June 13, 2014
Technical s and s CIP Version 5 Standards Version: June 13, 2014 This document is designed to convey lessons learned from NERC s various activities. It is not intended to establish new requirements under
More informationQuébec Reliability Standards Compliance Monitoring and Enforcement Program Implementation Plan Annual Implementation Plan
Québec Reliability Standards Compliance Monitoring and Enforcement Program Implementation Plan 2017 Annual Implementation Plan Effective Date: January 1, 2017 Approved by the Régie: December 1, 2016 Table
More informationUNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION ) )
UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION Version 5 Critical Infrastructure Protection Reliability Standards ) ) Docket No. RM13-5- INFORMATIONAL FILING OF THE NORTH AMERICAN
More informationCIP Cyber Security Configuration Change Management and Vulnerability AssessmentsManagement
The Background, VRF/VSLs, and Guidelines and Technical Basis Sections have been removed for this informal posting. The Project 2016-02 is seeking comments around the concept of the Requirement/Measure
More informationImplementation Plan for Version 5 CIP Cyber Security Standards
Implementation Plan for Version 5 CIP Cyber Security Standards April 10September 17, 2012 Note: On September 17, 2012, NERC was alerted that some references in the Initial Performance of Certain Periodic
More informationStandard CIP 005 4a Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-4a 3. Purpose: Standard CIP-005-4a requires the identification and protection of the Electronic Security Perimeter(s)
More informationImplementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities
Implementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities This Implementation Plan applies to Cyber Security Standards CIP-002-2 through CIP-009-2 and CIP-002-3 through
More informationCritical Cyber Asset Identification Security Management Controls
Implementation Plan Purpose On January 18, 2008, FERC (or Commission ) issued Order. 706 that approved Version 1 of the Critical Infrastructure Protection Reliability Standards, CIP-002-1 through CIP-009-1.
More informationNERC CIP Compliance Matrix of RUGGEDCOM CROSSBOW Operating System
Application description 04/2017 NERC CIP Compliance Matrix of RUGGEDCOM RUGGEDCOM https://support.industry.siemens.com/cs/ww/en/view/109747098 Warranty and Liability Warranty and Liability Note The Application
More informationCompliance Exception and Self-Logging Report Q4 2014
Agenda Item 5 Board of Trustees Compliance Committee Open Session February 11, 2015 Compliance Exception and Self-Logging Report Q4 2014 Action Information Introduction Beginning in November 2013, NERC
More informationFRCC CIP V5 FAQ and Lessons Learned Tracking
FRCC CIP V5 FAQ and Lessons Learned Tracking FRCC CIP V5 FAQ and Lessons Learned Tracking Date: December 19, 2014 1 As part of the FRCC CIP V5 Outreach efforts, FRCC is providing the following information
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Wksheet 1 CIP 007 6 Cyber Security System Security Management This section to be completed by the Compliance Enfcement Authity. Audit ID: Registered Entity: NCR Number: Compliance
More informationDisclaimer Executive Summary Introduction Overall Application of Attachment Generation Transmission...
CIP-002-4 Cyber Security Critical Cyber Asset Identification Rationale and Implementation Reference Document September, 2010 Table of Contents TABLE OF CONTENts Disclaimer... 3 Executive Summary... 4 Introduction...
More informationNERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks
NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks NERC Standard Requirement Requirement Text Measures ConsoleWorks
More information2017 MRO Performance Areas and an Update on Inherent Risk Assessments
MIDWEST RELIABILITY ORGANIZATION 2017 MRO Performance Areas and an Update on Inherent Risk Assessments Adam Flink, Risk Assessment and Mitigation Engineer November 16, 2016 Improving RELIABILITY and mitigating
More informationDRAFT. Standard 1300 Cyber Security
These definitions will be posted and balloted along with the standard, but will not be restated in the standard. Instead, they will be included in a separate glossary of terms relevant to all standards
More informationCIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra
CIP-014 JEA Compliance Approach FRCC Fall Compliance Workshop Presenter Daniel Mishra Acronyms & Terminologies DHS Department of Homeland Security JEA It s not an acronym JSO Jacksonville Sheriff's Office
More informationAccess Control and CIP 10/20/2011
Access Control and CIP 10/20/2011 Agenda Access Control Requirements Impact on Entities Risk Discussion Response Discussion Future pursuit 2 RELIABILITY ACCOUNTABILITY Let s Talk CIP 3 RELIABILITY ACCOUNTABILITY
More informationAlberta Reliability Standard Cyber Security Electronic Security Perimeter(s) CIP-005-AB-5
A. Introduction 1. Title: 2. Number: 3. Purpose: To manage electronic access to BES cyber systems by specifying a controlled electronic security perimeter in support of protecting BES cyber systems against
More informationImplementing Cyber-Security Standards
Implementing Cyber-Security Standards Greg Goodrich TFIST Chair, CISSP New York Independent System Operator Northeast Power Coordinating Council General Meeting Montreal, QC November 28, 2012 Topics Critical
More informationDesigning Secure Remote Access Solutions for Substations
Designing Secure Remote Access Solutions for Substations John R Biasi MBA, CISA, CISSP October 19, 2017 Agenda Brief Biography Interactive Remote Access Dial-Up Access Examples Transient Devices Vendor
More informationDRAFT Voice Communications in a CIP Environment Critical Infrastructure Protection Committee Implementation Recommendation May 22, 2017
DRAFT Voice Communications in a CIP Environment Critical Infrastructure Protection Committee Implementation Recommendation May 22, 2017 1 Introduction The Critical Infrastructure Protection Committee (CIPC)
More informationStandard CIP 005 2a Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2a 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)
More informationOctober 2, CIP-014 Report Physical Security Protection for High Impact Control Centers Docket No. RM15-14-
October 2, 2017 Ms. Kimberly D. Bose Secretary Federal Energy Regulatory Commission 888 First Street, NE Washington, D.C. 20426 Re: CIP-014 Report Physical Security Protection for High Impact Control Centers
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationImplementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities
Implementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities This Implementation Plan applies to Cyber Security Standards CIP-002-2 through CIP-009-2 and CIP-002-3 through
More informationi-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS
i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS siemens.com/ruggedcom INTERACTIVE REMOTE ACCESS INTELLIGENT ELECTRONIC DEVICES Intelligent Electronic Devices (IEDs) Devices that can provide real-time
More informationUnofficial Comment Form Project Modifications to CIP Standards Virtualization in the CIP Environment
Unofficial Comment Form Project 2016-02 Modifications to CIP Standards Virtualization in the CIP Environment Do not use this form for submitting comments. Use the electronic form to submit comments on
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationAbout NitroSecurity. Application Data Monitor. Log Mgmt Database Monitor SIEM IDS / IPS. NitroEDB
About NitroSecurity NitroEDB IDS / IPS SIEM Log Mgmt Database Monitor Application Data Monitor Born from the INL Highly Optimized Core Architecture, Using Patented Technology - 8 unique mechanisms to improve
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Worksheet 1 CIP-012-1 Cyber Security Communications between Control Centers This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered Entity:
More informationNERC-Led Technical Conferences
NERC-Led Technical Conferences NERC s Headquarters Atlanta, GA Tuesday, January 21, 2014 Sheraton Phoenix Downtown Phoenix, AZ Thursday, January 23, 2014 Administrative Items NERC Antitrust Guidelines
More informationCIP Cyber Security Physical Security of BES Cyber Systems
A. Introduction 1. Title: Cyber Security Physical Security of BES Cyber Systems 2. Number: CIP-006-6 3. Purpose: To manage physical access to Bulk Electric System (BES) Cyber Systems by specifying a physical
More informationInteractive Remote Access FERC Remote Access Study Compliance Workshop October 27, Eric Weston Compliance Auditor Cyber Security.
Interactive Remote Access Compliance Workshop October 27, 2016 Eric Weston Compliance Auditor Cyber Security 2 Agenda Interactive Remote Access Overview Review of Use Cases and Strategy 1 Interactive Remote
More informationStandard CIP-006-4c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-4c 3. Purpose: Standard CIP-006-4c is intended to ensure the implementation of a physical security
More informationNERC and Regional Coordination Update. Operating Committee Preston Walker January 9, 2018
NERC and Regional Coordination Update Operating Committee Preston Walker January 9, 2018 Standards Project Action End Date Project 2017-07 Standards Alignment with Registration NERC Standards Under Development
More informationCyber Security Reliability Standards CIP V5 Transition Guidance:
Cyber Security Reliability Standards CIP V5 Transition Guidance: ERO Compliance and Enforcement Activities during the Transition to the CIP Version 5 Reliability Standards To: Regional Entities and Responsible
More informationCIP Cyber Security Recovery Plans for BES Cyber Systems
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationNERC and Regional Coordination Update
NERC and Regional Coordination Update Mark Kuras Sr. Lead Engineer, NERC and Regional Coordination Planning Committee April 7, 2016 NERC Standards Under Development Standards Project Activity Due Date
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015
Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently
More informationCIP Cyber Security Recovery Plans for BES Cyber Systems
A. Introduction 1. Title: Cyber Security Recovery Plans for BES Cyber Systems 2. Number: CIP-009-5 3. Purpose: To recover reliability functions performed by BES Cyber Systems by specifying recovery plan
More informationCIP Cyber Security Recovery Plans for BES Cyber Systems
A. Introduction 1. Title: Cyber Security Recovery Plans for BES Cyber Systems 2. Number: CIP-009-6 3. Purpose: To recover reliability functions performed by BES Cyber Systems by specifying recovery plan
More informationStandards Authorization Request Form
Standards Authorization Request Form When completed, email this form to: sarcomm@nerc.com NERC welcomes suggestions to improve the reliability of the bulk power system through improved reliability standards.
More information