Iden%fying & Audi%ng Low Impact BES Assets: A Mock Audit BC Outreach Webinar: Session 2 Salt Lake City UT January 9, 2018
|
|
- Griffin Webster
- 5 years ago
- Views:
Transcription
1 Iden%fying & Audi%ng Low Impact BES Assets: A Mock Audit BC Outreach Webinar: Session 2 Salt Lake City UT January 9, 2018 Joseph B. Baugh, PhD Senior Compliance Auditor Cyber Security Western Electricity Coordina%ng Council
2 2 Speaker Intro: Dr. Joseph Baugh Electrical U%lity Experience (44+ years) Senior Compliance Auditor, Cyber Security IT Manager & Power Trading/Scheduling Manager IT Program Manager & Project Manager NERC Cer%fied System Operator Barehand Qualified Transmission Lineman Educa%onal Experience Degrees earned: Ph.D., MBA, BS- Computer Science Cer%fica%ons: PMP, CISSP, CISA, CRISC, CISM, PSP, NSA- IAM/IEM Academic & Technical Course Teaching Experience (20+ years) Business Strategy, Leadership, and Management Informa%on Technology, IT Security, and Project Management PMP, CISA, CISSP, CISM, ITIL, & Cisco exam prepara%on CIP Compliance workshops and other outreach sessions
3 3 Agenda Review CIP Requirements Review CIP Team audit approach Defining the Inventory of BES Assets CIP Mock Audit Focus on Low Impact BES Assets Ques%ons
4 4 CIP Overview CIP is the first step on CIP Compliance trail All Registered En%%es who perform the BA, DP, GO, GOP, IA, RC, TO, and/or TOP registered func%ons are required to be compliant with CIP CIP adds the DP func%on, TSP func%on drops out Some en%%es may find they are only required to be compliant with CIP (R1 & R2) and with CIP (R1.2, R2, R3, & R4) True, if the IRC applica%on on the en%ty s inventory of BES Assets (see Part R1.i R1.vi) generates Null R1.1 & R1.2 lists Must provide a valid R1.3 list of Low Impact BES Assets Typically requires a reduced scope audit that may be conducted on- site, at WECC offices, or other loca%ons, as necessary
5 5 CIP : Part R1.i R1.vi Each Responsible En%ty shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: [Viola'on Risk Factor: High][Time Horizon: Opera'ons Planning] i. Control Centers and backup Control Centers; ii. Transmission sta%ons and substa%ons; iii. Genera%on resources; iv. Systems and facili%es cri%cal to system restora%on, including Blackstart Resources and Cranking Paths and ini%al switching requirements; v. Special Protec%on Systems that support the reliable opera%on of the Bulk Electric System; and vi. For Distribu%on Providers, Protec%on Systems specified in Applicability sec%on above. May generate Low impact BES Assets for R1.3 list under IRC 3.6
6 6 CIP : R1 Inventory of BES Assets Inputs R1 Process Outputs List of High, Medium, & Low Assets List of High & Medium Assets Inputs R1.1 - R1-2 Process: Identify BCS Outputs R1.1, R1.2, Lists List of Low Impact Assets Input R1.3 List Each Responsible En%ty shall implement a process that considers each of the following assets (see Part R1.i- R1.vi) for purposes of parts 1.1 through 1.3:
7 7 CIP Requirements: R2 R1.1, R1.2, R1.3 Lists Inputs R2 Review & Approval Process Outputs Signed and Dated Records En%ty must review iden%fica%ons made in R1 (and update them, if necessary) at least every 15 months [R2.1] The CIP Senior Manager or delegate (as defined in CIP R2 or CIP R3 & R4) must approve the ini%al lists [R2.2] and at least once every 15 months, thereajer: The R1.1, R1.2, and R1.3 lists Include signed and dated null lists, if applicable The en%ty must maintain signed and dated records of the approvals listed above Electronic or physical approvals accepted
8 8 WECC Audit Team Approach Use a methodical approach to deliver consistent results across all en%%es Start with the RSAW supplied by the en%ty as ini%al working papers to document the audit and findings Review the evidence to develop findings Submit data requests for more informa%on, as needed
9 9 WECC Evidence Review Review Ini%al Evidence package supplied by the en%ty in response to the Pre- Audit Request for Informa%on [RFI]: One- line diagrams Specific CIP eviden%ary documents Documented process to iden%fy and categorize the en%ty s BCS and BES Assets Implementa%on of the process (i.e., applica%on of the IRC to the inventory of BES Assets to develop the lists) Reviewed and approved R1.1 R1.3 lists En%ty responses to data requests, as applicable
10 Review entity s documented R1 process Apply IRC to inventory of BES assets to identify & list High-, Medium-, & Low-impact rated BES assets [from R1.i - R1.vi] 10 CIP Audit Use inventory of BES Cyber Assets at the High or Medium BES asset to identify BCS at each such asset Validate List of BES Cyber Assets to account for all BCS, PCA, EACM & PACS within/around each tentative ESP at the BES asset Yes (Continue BCS evaluations) Are any BES assets rated for High or Medium BCS? Add BCS to the appropriate list: R1.1: High Impact BCS, R1.2: Medium Impact BCS Are there more High or Medium BES assets? No (Place all Low BES assets on R1.3 List) Yes (Evaluate High & Medium BES assets for all applicable BCS) No (Continue to R2) R2.1: Review the R1.1, R1.2, & R1.3 Lists after the initial identification and at least once every 15 calendar months thereafter. R2.2: CIP Senior Manager or delegate approves lists after the initial identification and at least once every 15 calendar months thereafter. Entity applies CIP through CIP protections to the components of the three lists, as applicable Team Approach Audit to the Standard Review the evidence: En%ty s documented process Inventory of BES Assets One line diagrams Applica%on of the IRC R1.1, R1.2, R1.3 lists R2 records of current and prior approved versions of R1 & R2 documents (the bookends) DR for addi%onal informa%on, as needed Determine findings Complete the RSAW Develop the Audit Report
11 11 Sample One- Line Diagram
12 12 WECC Audit Team Approach Review the applica%on of the IRC [R1], list of High BCS [R1.1], list of Medium BCS [R1.2], list of Low impact BES Assets [R1.3], even if one or more of these lists are null Compare the lists against the one- lines and BES Asset inventory Hold interviews with the en%ty s CIP SMEs, if necessary If audit is on- site, perform site visits (Trust, but Verify) Validate annual approval documenta%on [R2] Submit DR s, as needed, to clarify compliance Determine findings (NF, PV, or OA) Discuss findings with en%re Cyber Security Team Complete RSAW Prepare CIP audit report (ATL & CPC)
13 13 Pre- Audit CIP Evidence [R1]: Provide documenta%on of the process and its implementa%on to consider each BES asset included in the asset types listed in R1.i - R1.vi to iden%fy the following lists: [R1.1]: A list of High impact BCS at each asset iden%fied by applica%on of Aoachment 1, Sec%on 1. [R1.2]: A list of Medium impact BCS at each asset iden%fied by applica%on of Aoachment 1, Sec%on 2. [R1.3]: A list of iden%fied Low impact BES Assets iden%fied by applica%on of Aoachment 1, Sec%on 3]. [R2]: Signed and dated records of the list reviews and CIP Senior Manager or delegate approvals of the iden%fica%ons required by R1, even if such lists are null.
14 14 CIP- 101 Mock Audit Overview Compare inventory of BES Assets against current defini%on of Bulk Electric System as adopted by the BCUC (BCUC, 2015 July 24, Order RM , p. 15; see also NERC, 2016 May 17, Glossary of Terms, pp ; NERC, 2014 April, BES Defini%on Guidance Document, v2) Did the en%ty iden%fy and document lists of High impact BCS [R1.1], Medium impact BCS [R1.2] and a list of Low impact BES Assets [R1.3] through an applica%on of the Impact Ra%ng Criteria [IRC] (BCUC, 2018 October 1, CIP : AMachment 1, pp )
15 15 The En%ty's BES Asset Iden%fica%on The first step in a normal CIP audit is to review the applica%on of the IRC Starts with an overall Inventory of en%ty BES assets Inventory is validated against the one- line diagram(s) Apply the IRC to validate the R1.x lists
16 16 Defini%on of Control Center One or more facili%es hos%ng opera%ng personnel that monitor and control the Bulk Electric System (BES) in real- %me to perform the reliability tasks, including their associated data centers, of: 1) a Reliability Coordinator, 2) a Balancing Authority, 3) a Transmission Operator for transmission Facili%es at two or more loca%ons, or 4) a Generator Operator for genera%on Facili%es at two or more loca%ons. (NERC, 2016 May 17, Glossary of Terms, p. 33)
17 17 Low IRC (Control Centers)
18 18 IRC Medium or Low Impact
19 19 IRC 2.5 and Genera%on Interconnec%ons NERC Lessons Learned document (2015 Oct 1) discusses how En%%es should consider genera%on lead lines or interconnec%on lines as they apply IRC 2.5 A radial generator lead line with no network flows (i.e., no power would flow through the line if the generator is off- line) and with the sole purpose of connec%ng generator output to a networked Transmission system would not qualify as a Transmission Line to be included in the IRC AWV calcula%on May apply to standalone genera%on units and distributed genera%on Facili%es Iden%fy interconnec%on points in the analysis
20 20 Low IRC (Transmission not in Sec%on 2)
21 21 Low IRC (Genera%on not in Sec%on 2)
22 22 Low IRC (Protec%on Systems)
23 23 Low IRC (DP Systems)
24 24 Audit Lists of High & Medium BCS Review the R1.1 list of High impact BCS Review the R1.2 list of Medium impact BCS For most en%%es in this session, both the R1.1 and the R1.2 lists will be null, but must be explicitly: Reviewed by technical SMEs [R2.1], and Approved by the CIP Senior Manager or delegate at least once every 15 calendar months [R2.2]
25 25 Audit List of Low Impact BES Assets Review the R1.3 list of Low impact BES Assets Correlate this list against: The en%ty s inventory of BES Assets The en%ty s one- line diagram The en%ty must provide CIP protec%ons, as applicable, to its Low impact BES Assets
26 26 Validate BES Asset Lists Review and compare the en%ty s one- line diagram to the current lists of BES Assets Did the results seem reasonable? Do the Transmission BES Assets align with the one- line diagram? Did the en%ty provide evidence of net Real Power capability to support Genera%on Facility ra%ngs? Does the audit team have any other ques%ons before moving on to the R1.1, R1.2, and R1.3 lists?
27 27 Low impact BCS Security Controls Provide physical security protec%ons at Low impact BES Assets, in accordance with R2.2 (BCUC, 2018 October 1, CIP , p. 5) Electronic Protec%ons If a Low impact BCS [LIBCS] is contained within a Medium BCS ESP, protect the LIBCS as PCA to the Medium BCS, as applicable If a Low impact BCS has electronic access or dial- up connec%vity, protect it with controls described in accordance with R2.3 (Ibid, p. 5) Future alert: Review NERC CIP for physical and electronic access controls that may be implemented in the BCUC footprint (more on this in Session 3)
28 28 R1.3 List of Low impact BES Assets R1.3 does not require discrete lists of Low impact BES Cyber Systems. However, R1.3 does require a list containing the name of each asset that contains a low impact BES Cyber System. This list should contain all genera%ng plants, transmission sta%ons, certain distribu%on sta%ons, and certain small control centers, that meet one or more of the Sec%on 3 IRC and contain low impact BES Cyber Systems.
29 29 R1.3 List of Low impact BES Assets The en%ty should be prepared to demonstrate that all BES assets (loca%ons) are accounted for on either the list of high impact, medium impact or low impact loca%ons The en%ty should be prepared to demonstrate that all the low impact BES Cyber Systems at the assets on the lists have been afforded electronic and physical protec%ons (per CIP R2.2- R2.3)
30 30 Comparing Low impact BES Assets Not all Low impact BES Assets are created equal Low impact covers a wide range of BES loca%ons and Facili%es Within Low impact there are poten%ally vastly different risks and impacts to the reliability of the BES. The CIP Standards don t make a dis%nc%on between a big (i.e., more impacvul) Low impact BES Asset and a small (i.e., less impacvul) Low impact BES Asset Consider the following examples of IRC 2.1 (w/ net Real Power capability [NRPC] calcula%ons and Aggregated Weighted Value [AWV]) and IRC 2.5 (w/ AWV calcula%ons):
31 31 IRC 2.1 Low- impact GO/GOP Examples NRPC = 30 MWs AWV = 0 NRPC = 1400 MWs AWV = 1400 NRPC = 2800 MWs AWV = 3900
32 32 IRC 2.5 Low- impact TO/TOP Examples To SUB C AWV = 0 AWV = 2600 AWV = 5200
33 33 Compliance & Audit Implica%ons Random or sta+s+cal sampling of low impact assets for CIPv5 audit purposes is not appropriate when sampling for Low impact BES Asset site visits Expect the audit team to apply judgmental or non- sta+s+cal sampling based on the audit team s percep%on of risk and impact to the BES Expect more audit aoen%on at Low impact Transmission Facili%es with larger impacts Expect more audit aoen%on at larger Low impact Genera%on plants than at smaller plants, par%cularly those that equal or exceed 1500 MWs net Real Power capability, but which have been segmented to reduce the BCS impact ra%ng under IRC 2.1
34 34 Compliance & Audit Implica%ons Expect more aoen%on at any genera%on plant > 1500 MW NPRC, regardless of control system segmenta%on. The en%ty should be prepared to: Demonstrate how the unit controls are segmented, including computer network diagrams, firewall configura%ons, data flow analysis, etc., Demonstrate the analysis of any common systems at the plant, Explain the analysis and include both %me- based and impact- based components, and Facilitate site visits to any Genera%on plants with >= 1500 MW net Real Power capability.
35 35 Compliance & Audit Implica%ons Expect more aoen%on at any Low impact Transmission substa%on with a significant number of 230kV and/or 345kV lines. The en%ty should be prepared to: Demonstrate how IRC 2.5 was applied Discuss all Transmission lines that were not calculated into the total AWV, e.g.: Excluded as Radial lines serving only load, or Classified as Genera%on Interconnec%on Facili%es. Facilitate poten%al site visits to any Transmission substa%ons that have mixed BCS impact levels
36 36 R1: BES Asset List Review Ques%ons Did the En%ty apply the IRC appropriately? Did the En%ty confer with its RC, PA, and/or TP to consider any Cri%cal Assets rela%ve to Criteria 2.3, 2.6, or 2.8 before moving them to the Low BES Asset list? Applica%on Ques%ons: Did the En%ty consider all BES asset types in R1.i through R1.vi? Did the En%ty review & evaluate all BES Assets through the IRC? Did the En%ty clearly iden%fy and document all BES assets in the appropriate impact ra%ng? Is any addi%onal informa%on necessary?
37 37 The En%ty s Review & Approval Process R1.1, R1.2, R1.3 Lists Inputs R2 Review & Approval Process Outputs Signed and Dated Records The next step in a CIP audit is to determine if the en%ty reviewed the iden%fica%ons of the lists created in R1, even if such lists are null. R1.1 list of High BCS R1.2 list of Medium BCS R1.3 list of Low impact BES assets Review the signed and dated records of the CIP Senior Manager s or delegate s approval of the lists Either electronic or wet- ink signatures are acceptable
38 38 R2: Annual Approval Review Ques%ons Did the En%ty review its R1.1- R1.3 lists at least every 15 calendar months ajer the ini%al iden%fica%ons? Did the En%ty update the lists, as necessary? Did the the En%ty CIP Senior Manager or delegate approve the R1.1- R1.3 lists at least every 15 calendar months ajer the ini%al iden%fica%on, even if such lists are null? Applica%on Ques%ons Did the En%ty provide evidence of periodic list reviews [R2.1] and signed and dated approvals [R2.2]? Are any DR s necessary? If so, what addi%onal informa%on is required?
39 39 A Word to the Wise The WECC CIP- 002 team has noted several issues with R2 during transi%on period audits that generated either Recommenda%ons or an Area of Concern [AoC] A Recommenda%on is a sugges%on for improvement, but does not indicate a failure to comply An AoC related to CIP R1 or R2 during a transi%on audit will likely be a Possible Viola%on [PV] ajer October 1, 2018 Several En%%es have prepared nicely defined signature blocks, but failed to cite or include the actual R1.1, R1.2, and R1.3 lists
40 40 Key Issues from the Transi%on An En%ty that only has Low- impact BES Assets [R1.3] should s%ll evaluate its inventory of BES Assets against the IRC, prepare, review, and approve: A null list of High BCS [R1.1] A null list of Medium BCS [R1.2] Be sure to implement your documented R1 process, review the resul%ng three lists, and have the CIP Senior Manager or delegate approve them at least once every 15 calendar months
41 41 Lower- BCS Connec%on to Higher BCS Facili%es may be owned by the same en%ty or different en%%es. If mul%ple en%%es are involved, iden%fy the: Point(s) of connec%on between the en%%es, En%ty responsible for compliance at/around the demarca%on point, and En%ty responsible for CIP physical security compliance. May involve EACMS or LEAP depending on impact ra%ngs and connec%vity characteris%cs. Protect all BCS, as applicable.
42 42 Substa%on BCS Segmenta%on Reference Model 7 (NERC, CIP , Guidelines and Technical Basis, p. 37) provides an illustra%on of mixed- impact BCS within a single BES Asset boundary.
43 Connec%ng Low- impact 43? BES Assets No Backcas%ng impact levels. Similar to the Far- end Relay Lesson Learned. Consider all communica%ons paths. BCA/BCS Owners are obligated to comply with the applicable CIP Standards Performance may be delegated via an opera%ng agreement or other clearly defined binding agreement
44 44 Value- Added Ac%vity: Feedback WECC Audit Teams never prescribe solu%ons, but we do: Brief en%%es on findings Encourage good security prac%ces Discuss examples of industry best prac%ces Provide Recommenda%ons and sugges%ons for improvement, when appropriate Iden%fy any AoC, which may not currently be viola%ons, but may become a Possible Viola%on [PV] in a future audit, if not addressed Support development of a sustainable compliance culture
45 45 Addi%onal Audit Team Member Ac%vi%es Available to address and respond to En%ty ques%ons/ comments Par%cipate in WECC En%ty outreach ac%vi%es: Semi- annual Compliance Workshops (next one in Boise ID), Monthly Open Webinars, and Special events such as this event. Work at Na%onal level: CCTF, Standard Drajing Team, Comment on new Standards and guidance documents, Run CIP pilot studies, and Aoend and present at Cyber Security Conferences, Regional, Na%onal, and Interna%onal Outreach events.
46 46 Summary Audit to the Standard Provide useful feedback to the en%ty Prepare a valid report Be available to CIP personnel at the en%%es Work at Na%onal level
47 47 Remember the Auditor s Mission Just the facts, Ma am, Just the facts!
48 48 References BCUC. (2015 July 24). Order R Retrieved from hop:// DOC_44244_R _BCH_MRS_RPT_8.pdf BCUC. (2018 October 1). CIP Cyber Security Standard BES Cyber System Categoriza'on. Retrieved from hops:// pdf BCUC. (2018 October 1). CIP Cyber Security Security Management Controls. Retrieved from hops:// pdf
49 49 References NERC. (2014 April). Bulk Electric System Defini'on Reference Document (Version 2). Retrieved from hop:// bes_phase2_reference_document_ _final _clean.pdf NERC. (2016 May 17). Glossary of Terms used in NERC Reliability Standards. Retrieved from hop:// %20terms/glossary_of_terms.pdf
50 50 Speaker Contact Informa%on Joseph B. Baugh, Ph.D., MBA PMP, CISA, CISSP, CRISC, CISM Senior Compliance Auditor - Cyber Security Western Electricity Coordina%ng Council (WECC) jbaugh (at) wecc (dot) biz (C) (O)
Joseph B. Baugh, PhD, PMP, CISA, CISSP, CRISC, CISM Senior Compliance Auditor Cyber Security WECC: Vancouver WA Office
Joseph B. Baugh, PhD, PMP, CISA, CISSP, CRISC, CISM Senior Compliance Auditor Cyber Security WECC: Vancouver WA Office CIP-101: CIP-002 v3 to v5 Transition WECC Office: Salt Lake City UT September 24-25,
More informationLow Impact BES Assets: Best Prac4ces BC Outreach Webinar: Session 3 Salt Lake City UT January 9, 2018
Low Impact BES Assets: Best Prac4ces BC Outreach Webinar: Session 3 Salt Lake City UT January 9, 2018 Joseph B. Baugh, PhD Senior Compliance Auditor Cyber Security Western Electricity Coordina4ng Council
More informationCIP V5 Updates Midwest Energy Association Electrical Operations Conference
CIP V5 Updates Midwest Energy Association Electrical Operations Conference May 2015 Bob Yates, CISSP, MBA Principal Technical Auditor ReliabilityFirst Corporation Agenda Cyber Security Standards Version
More informationStandard CIP Cyber Security Critical Cyber As s et Identification
A. Introduction 1. Title: Cyber Security Critical Cyber Asset Identification 2. Number: CIP-002-4 3. Purpose: NERC Standards CIP-002-4 through CIP-009-4 provide a cyber security framework for the identification
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Worksheet 1 CIP-002-5.1 Cyber Security BES Cyber System Categorization This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered Entity: NCR
More informationStandard CIP Cyber Security Critical Cyber As s et Identification
A. Introduction 1. Title: Cyber Security Critical Cyber Asset Identification 2. Number: CIP-002-4 3. Purpose: NERC Standards CIP-002-4 through CIP-009-4 provide a cyber security framework for the identification
More informationStandard Development Timeline
CIP-002-6 Cyber Security BES Cyber System Categorization Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the
More informationStandard Development Timeline
CIP-002-6 Cyber Security BES Cyber System Categorization Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the
More informationCIP V5 Implementation Study SMUD s Experience
CIP V5 Implementation Study SMUD s Experience Tim Kelley October 16, 2014 Powering forward. Together. SMUD Fast Facts General Information SMUD employs approximately 2,000 individuals Service area of 900
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationDraft CIP Standards Version 5
Draft CIP Standards Version 5 Technical Webinar Part 1 Project 2008-06 Cyber Security Order 706 Standards Drafting Team November 15, 2011 Agenda Opening Remarks John Lim, Consolidated Edison, Chair V5
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationPurpose. ERO Enterprise-Endorsed Implementation Guidance
Lesson Learned CIP Version 5 Transition Program CIP-002-5.1 Requirement R1: Impact Rating of Generation Resource Shared BES Cyber Systems Version: January 29, 2015 Authorized by the Standards Committee
More informationCompliance: Evidence Requests for Low Impact Requirements
MIDWEST RELIABILITY ORGANIZATION Compliance: Evidence Requests for Low Impact Requirements Jess Syring, CIP Compliance Engineer MRO CIP Low Impact Workshop March 1, 2017 Improving RELIABILITY and mitigating
More informationCyber Security Reliability Standards CIP V5 Transition Guidance:
Cyber Security Reliability Standards CIP V5 Transition Guidance: ERO Compliance and Enforcement Activities during the Transition to the CIP Version 5 Reliability Standards To: Regional Entities and Responsible
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Worksheet 1 CIP-006-6 Cyber Security Physical Security of BES Cyber Systems This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered Entity:
More informationTitle. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.
Critical Infrastructure Protection Getting Low with a Touch of Medium Title CanWEA Operations and Maintenance Summit 2018 January 30, 2018 George E. Brown Compliance Manager Acciona Wind Energy Canada
More informationrequirements in a NERC or Regional Reliability Standard.
CIP 002 5.1 Cyber Security BES Cyber System Categorization A. Introduction 1. Title: Cyber Security BES Cyber System Categorization 2. Number: CIP 002 5.1 3. Purpose: To identify and categorize BES Cyber
More informationSGAS Low Impact Atlanta, GA September 14, 2016
SGAS Low Impact Atlanta, GA September 14, 2016 Lisa Wood, CISA, Security+, CBRA, CBRM Compliance Auditor Cyber Security Western Electricity Coordinating Council Slide 2 Agenda Low Impact Case Study Overview
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationThis section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft
More informationDRAFT Reliability Standard Audit Worksheet 1
DRAFT Reliability Standard Audit Worksheet 1 PRC-025-2 Generator Relay Loadability This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered Entity: NCR Number: Compliance
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationCIP Version 5 Evidence Request User Guide
CIP Version 5 Evidence Request User Guide Version 1.0 December 15, 2015 NERC Report Title Report Date I Table of Contents Preface... iv Introduction... v Purpose... v Evidence Request Flow... v Sampling...
More informationCIP Cyber Security Personnel & Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-6 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the Bulk Electric
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Wksheet 1 EOP-008-2 Loss of Control Center Functionality This section to be completed by the Compliance Enfcement Authity. Audit ID: Registered Entity: NCR Number: Compliance
More informationAlberta Reliability Standard Cyber Security Incident Reporting and Response Planning CIP-008-AB-5
A. Introduction Consultation Draft April 5, 2016 1. Title: 2. Number: 3. Purpose: To mitigate the risk to the reliable operation of the bulk electric system as the result of a cyber security incident by
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Worksheet 1 CIP-012-1 Cyber Security Communications between Control Centers This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered Entity:
More informationDisclaimer Executive Summary Introduction Overall Application of Attachment Generation Transmission...
CIP-002-4 Cyber Security Critical Cyber Asset Identification Rationale and Implementation Reference Document September, 2010 Table of Contents TABLE OF CONTENts Disclaimer... 3 Executive Summary... 4 Introduction...
More informationLesson Learned CIP Version 5 Transition Program CIP : Communications and Networking Cyber Assets Version: October 6, 2015
Lesson Learned CIP Version 5 Transition Program CIP-002-5.1: Communications and Networking Cyber Assets Version: October 6, 2015 Authorized by the Standards Committee on October 29, 2015 for posting as
More informationCIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security System Security Management 2. Number: CIP-007-5 3. Purpose: To manage system security by specifying select technical, operational, and procedural requirements in
More informationBryan Carr PMP, CISA Compliance Auditor Cyber Security. Audit Evidence & Attachment G CIP 101 Salt Lake City, UT September 25, 2013
Bryan Carr PMP, CISA Compliance Auditor Cyber Security Audit Evidence & Attachment G CIP 101 Salt Lake City, UT September 25, 2013 About Me Joined WECC in August 2012 Before WECC CIP Compliance Program
More informationStandard CIP Cyber Security Security Management Controls
A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-4 3. Purpose: Standard CIP-003-4 requires that Responsible Entities have minimum security management controls in
More informationPutting the Pieces Together:
Putting the Pieces Together: Leveraging Current Audits to Solve the HITRUST Puzzle Presenter Gene Geiger, A-LIGN Partner - HITRUST Prac77oner CPA CISSP CCSK QSA PCIP ISO 27K LA performance resourceful
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Wksheet 1 CIP 007 6 Cyber Security System Security Management This section to be completed by the Compliance Enfcement Authity. Audit ID: Registered Entity: NCR Number: Compliance
More informationCyber Security Incident Report
Cyber Security Incident Report Technical Rationale and Justification for Reliability Standard CIP-008-6 January 2019 NERC Report Title Report Date I Table of Contents Preface... iii Introduction... 1 New
More informationCIP Cyber Security Security Management Controls. A. Introduction
CIP-003-7 - Cyber Security Security Management Controls A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-7 3. Purpose: To specify consistent and sustainable security
More informationQuébec Reliability Standards Compliance Monitoring and Enforcement Program Implementation Plan Annual Implementation Plan
Québec Reliability Standards Compliance Monitoring and Enforcement Program Implementation Plan 2017 Annual Implementation Plan Effective Date: January 1, 2017 Approved by the Régie: December 1, 2016 Table
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Worksheet 1 PRC-004-3 Protection System Misoperation Identification and Correction This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered
More informationCIP Cyber Security Recovery Plans for BES Cyber Systems
A. Introduction 1. Title: Cyber Security Recovery Plans for BES Cyber Systems 2. Number: CIP-009-6 3. Purpose: To recover reliability functions performed by BES Cyber Systems by specifying recovery plan
More informationDRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1
DRAFT Cyber Security Communications between Control Centers Technical Rationale and Justification for Reliability Standard CIP-012-1 March May 2018 NERC Report Title Report Date I Table of Contents Preface...
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Wksheet 1 CIP-009-6 Cyber Security Security Management Controls This section to be completed by the Compliance Enfcement Authity. Audit ID: Registered Entity: NCR Number: Compliance
More informationCIP Cyber Security Physical Security of BES Cyber Systems
A. Introduction 1. Title: Cyber Security Physical Security of BES Cyber Systems 2. Number: CIP-006-5 3. Purpose: To manage physical access to BES Cyber Systems by specifying a physical security plan in
More informationCIP Cyber Security Recovery Plans for BES Cyber Systems
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Wksheet 1 CIP-008-5 Cyber Security Incident Repting and Response Planning This section to be completed by the Compliance Enfcement Authity. Audit ID: Registered Entity: NCR Number:
More informationCIP Standards Development Overview
CIP Standards Development Overview CSSDTO706 Meeting with FERC Technical Staff July 28, 2011 Objectives Historical Timeline CIP-002-4 CIP-005-4 CIP Version 5 2 Project 2008-06 Overview FERC Order 706 SDT
More informationImplementation Plan. Project CIP Version 5 Revisions. January 23, 2015
Implementation Plan Project 2014-02 CIP Version 5 Revisions January 23, 2015 This Implementation Plan for the Reliability Standards developed as part of Project 2014-02 CIP Version 5 Revisions replaces
More informationThis draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationCIP Cyber Security Personnel & Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-5.1 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the BES from individuals
More informationA. Introduction 1. Title: 2. Number: 3. Purpose: 4. Applicability: 4.1. Functional Entities: Balancing Authority Distribution Provider
The Background, VRF/VSLs, and Guidelines and Technical Basis Sections have been removed for this informal posting. The Project 2016-02 is seeking comments around the concept of the Requirement/Measure
More informationStandard CIP 005 4a Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-4a 3. Purpose: Standard CIP-005-4a requires the identification and protection of the Electronic Security Perimeter(s)
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Wksheet 1 CIP-004-6 Cyber Security Personnel & Training This section to be completed by the Compliance Enfcement Authity. Audit ID: Registered Entity: NCR Number: Compliance
More informationImplementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015
Implementation Plan Project 2014-02 CIP Version 5 Revisions January 23, 2015 This Implementation Plan for the Reliability Standards developed as part of Project 2014 02 CIP Version 5 Revisions replaces
More informationCIP Cyber Security Configuration Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Wksheet 1 CIP-005-6 Cyber Security Electronic Security Perimeter(s) This section to be completed by the Compliance Enfcement Authity. Audit ID: Registered Entity: NCR Number:
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Worksheet 1 PRC-004-3 Protection System Misoperation Identification and Correction This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered
More informationStandard CIP 005 2a Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2a 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)
More informationCritical Asset Identification Methodology. William E. McEvoy Northeast Utilities
Critical Asset Identification Methodology William E. McEvoy Northeast Utilities Disclaimer This NPCC TFIST workshop provides a forum for the presentation and discussion of member experience in the implementation
More informationSummary of FERC Order No. 791
Summary of FERC Order No. 791 On November 22, 2013, the Federal Energy Regulatory Commission ( FERC or Commission ) issued Order No. 791 adopting a rule that approved Version 5 of the Critical Infrastructure
More informationNPCC Compliance Monitoring Team Classroom Session
NPCC Compliance Monitoring Team Classroom Session John Muir - Director, Compliance Monitoring Jacqueline Jimenez - Senior Compliance Engineer David Cerasoli, CISSP - Manager, CIP Audits 5/14/2018 1 Compliance
More informationStandard CIP 004 3a Cyber Security Personnel and Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-3a 3. Purpose: Standard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access
More informationCIP Cyber Security Physical Security of BES Cyber Systems
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationNERC-Led Technical Conferences
NERC-Led Technical Conferences NERC s Headquarters Atlanta, GA Tuesday, January 21, 2014 Sheraton Phoenix Downtown Phoenix, AZ Thursday, January 23, 2014 Administrative Items NERC Antitrust Guidelines
More informationCIP Cyber Security Information Protection
A. Introduction 1. Title: Cyber Security Information Protection 2. Number: CIP-011-2 3. Purpose: To prevent unauthorized access to BES Cyber System Information by specifying information protection requirements
More informationNew Brunswick 2018 Annual Implementation Plan Version 1
New Brunswick Energy and Utilities Board Reliability Standards, Compliance and Enforcement Program New Brunswick 2018 Annual Implementation Plan Version 1 December 28, 2017 Table of Contents Version History...
More informationStandard Development Timeline
CIP-003-67(i) - Cyber Security Security Management Controls Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when
More informationAlberta Reliability Standard Cyber Security Electronic Security Perimeter(s) CIP-005-AB-5
A. Introduction 1. Title: 2. Number: 3. Purpose: To manage electronic access to BES cyber systems by specifying a controlled electronic security perimeter in support of protecting BES cyber systems against
More informationImplementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities
Implementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities This Implementation Plan applies to Cyber Security Standards CIP-002-2 through CIP-009-2 and CIP-002-3 through
More informationImplementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities
Implementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entities This Implementation Plan applies to Cyber Security Standards CIP-002-2 through CIP-009-2 and CIP-002-3 through
More informationNERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks
NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks NERC Standard Requirement Requirement Text Measures ConsoleWorks
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014
Federal Energy Regulatory Commission Order No. 791 June 2, 2014 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently proposed
More information1. SAR posted for comment on January 15, Standard Drafting Team appointed on January 29, 2014
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationWECC Internal Controls Evaluation Process WECC Compliance Oversight Effective date: October 15, 2017
WECC Internal Controls Evaluation Process WECC Compliance Oversight Effective date: October 15, 2017 155 North 400 West, Suite 200 Salt Lake City, Utah 84103-1114 WECC Internal Controls Evaluation Process
More information1. SAR posted for comment on January 15, Standard Drafting Team appointed on January 29, 2014
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationLesson Learned CIP Version 5 Transition Program CIP R1: Grouping BES Cyber Assets Version: March 2, 2014
Lesson Learned CIP Version 5 Transition Program CIP-002-5.1 R1: Grouping BES Cyber Assets Version: March 2, 2014 This document is designed to convey lessons learned from NERC s various CIP version 5 transition
More informationStandard CIP Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-1 3. Purpose: Standard CIP-005 requires the identification and protection of the Electronic Security Perimeter(s)
More informationCIP Cyber Security Critical Cyber Asset Identification. Rationale and Implementation Reference Document
CIP-002-4 Cyber Security Critical Cyber Asset Identification Rationale and Implementation Reference Document NERC Cyber Security Standards Drafting Team for Order 706 December 2010 This document provides
More informationCIP Cyber Security Configuration Change Management and Vulnerability AssessmentsManagement
The Background, VRF/VSLs, and Guidelines and Technical Basis Sections have been removed for this informal posting. The Project 2016-02 is seeking comments around the concept of the Requirement/Measure
More informationStandard Development Timeline
CIP-008-6 Incident Reporting and Response Planning Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard
More informationCIP Cyber Security Security Management Controls
A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-6 3. Purpose: To specify consistent and sustainable security management controls that establish responsibility and
More informationCritical Infrastructure Protection Version 5
Critical Infrastructure Protection Version 5 Tobias Whitney, Senior CIP Manager, Grid Assurance, NERC Compliance Committee Open Meeting August 9, 2017 Agenda Critical Infrastructure Protection (CIP) Standards
More informationNERC Relay Loadability Standard Reliability Standards Webinar November 23, 2010
Transmission Relay Loadability FERC Order 733 Project 2010-1313 NERC Relay Loadability Standard Reliability Standards Webinar November 23, 2010 Project Overview 2 Standards Involved PRC-023-2 Transmission
More informationCIP Baseline Configuration Management Overview. FRCC Spring Compliance Workshop April 14-16, 2015
CIP-010-1 Baseline Configuration Management Overview FRCC Spring Compliance Workshop April 14-16, 2015 Overview Review the configuration change management requirements found in CIP- 10-1 R1 and R2 2 R1.1
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationCIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security System Security Management 2. Number: CIP-007-6 3. Purpose: To manage system security by specifying select technical, operational, and procedural requirements in
More informationHang on it s going to be a wild ride
AGA/EEI Utility Internal Auditor's Training Course Washington, DC August 26, 2015 Hang on it s going to be a wild ride There are no NERC CIP Babel Fish "The Babel fish is small, yellow, leech-like, and
More informationCIP Cyber Security Incident Reporting and Response Planning
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationStandard CIP Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)
More informationCIP Configuration Change Management & Vulnerability Assessments
CIP-010-2 Configuration Change Management & Vulnerability Assessments FRCC Spring RE Workshop April 17-18, 2018 Objective Change Management to prevent unauthorized modifications to Bulk Electric Systems
More informationCritical Infrastructure Protection (CIP) Version 5 Revisions. Standard Drafting Team Update Industry Webinar September 19, 2014
Critical Infrastructure Protection (CIP) Version 5 Revisions Standard Drafting Team Update Industry Webinar September 19, 2014 Administrative Items NERC Antitrust Guidelines It is NERC s policy and practice
More informationBetter Practices to Provide Reasonable Assurance of Compliance with the CIP Standards, Part 2
Better Practices to Provide Reasonable Assurance of Compliance with the CIP Standards, Part 2 David Cerasoli, CISSP Manager, CIP Audits October 30, 2018 Disclaimer The goal of this webinar is to share
More informationrequirements in a NERC or Regional Reliability Standard.
A. Introduction 1. Title: Cyber Security Information Protection 2. Number: CIP 011 1 3. Purpose: To prevent unauthorized access to BES Cyber System Information by specifying information protection requirements
More informationCIP Compliance Workshop Boise, ID March 29, 2018
CIP-006-6 Compliance Workshop Boise, ID March 29, 2018 Mark Lemery, MSc, CPP, PSP Auditor, Cyber and Physical Security 2 Impact on Reliability Identify WECC s audit approach and inform entities of physical
More informationStandards Authorization Request Form
Standards Authorization Request Form When completed, email this form to: sarcomm@nerc.com NERC welcomes suggestions to improve the reliability of the bulk power system through improved reliability standards.
More informationPhysical Security Reliability Standard Implementation
Physical Security Reliability Standard Implementation Attachment 4b Action Information Background On March 7, 2014, the Commission issued an order directing NERC to submit for approval, within 90 days,
More information