CIP V5 Updates Midwest Energy Association Electrical Operations Conference

Size: px
Start display at page:

Download "CIP V5 Updates Midwest Energy Association Electrical Operations Conference"

Transcription

1 CIP V5 Updates Midwest Energy Association Electrical Operations Conference May 2015 Bob Yates, CISSP, MBA Principal Technical Auditor ReliabilityFirst Corporation

2 Agenda Cyber Security Standards Version 5 Revisions Transition Advisory Group Guidance Development 2

3 CIP Standards Version 5 CIP *: BES Cyber Asset and BES Cyber System Categorization CIP-003-6**: Security Management Controls CIP-004-6**: Personnel and Training CIP-005-5: Electronic Security Perimeter(s) CIP-006-6: Physical Security of BES Cyber Systems CIP-007-6**: Systems Security Management CIP-008-5: Incident Reporting and Response Planning CIP-009-6: Recovery Plans for BES Cyber Assets and Systems CIP-010-2***: Configuration Management and Vulnerability Assessments CIP-011-2***: Information Protection * - Changed Devices to Systems in background section ** - Developed as version 7 *** - Developed as version 3 3

4 FERC Final Rule Issued November 3, 2013 Effective February 3, 2014 Four directives: Identify Assess and Correct language Communication Networks Low Impact BES Cyber Systems Transient Devices First two had one-year deadline Filing deadline February 3,

5 Identify, Assess, and Correct FERC preferred to not have compliance language included within technical requirement SDT responded by deleting language from 17 requirements Risk-based Compliance Monitoring and Enforcement replaces need for IAC language 5

6 Communication Networks FERC Directed creation of definition of communication networks and requirements to address issues: Locked wiring closets Disconnected or locked spare jacks Protection of cabling by conduit or cable trays 6

7 Communication Networks SDT responded by adding CIP-006 Part 1.10 to address protections of non programmable components of communication networks that are inside an ESP, but outside of a PSP SDT also modified CIP-007 Part 1.2 to address unused physical ports on nonprogrammable communication components and devices at high and medium impact Control Centers Formal definition determined by SDT to be unnecessary at this time 7

8 Transient Devices Described in Final Rule as devices connected for less than 30-days (USB, laptop, etc) FERC directed modifications to address the following concerns: Device authorization Software authorization Security patch management Malware prevention Unauthorized physical access Procedures for connecting to different impact level systems 8

9 Transient Devices 9 SDT developed two additional definitions Removable Media Transient Cyber Assets Added CIP-010 Requirement R4 dealing with issue Detailed requirements in attachment and measures in a separate attachment Separated into three areas: Transient Cyber Assets managed by Responsible Entity Transient Cyber Assets managed by other parties Removable Media Modified CIP-004 Part 2.1 to address training on risks associated with Transient Cyber Assets and Removable Media

10 Low Impact BES Cyber Systems FERC concerned with lack of objective criteria for evaluating Low Impact protections Introduces unacceptable level of ambiguity and potential inconsistency into the compliance process Open to alternative approaches the criteria NERC proposes for evaluating a responsible entities protections for Low impact facilities should be clear, objective and commensurate with their impact on the system, and technically justified. No detailed inventory required list of locations / Facilities OK 10

11 Low Impact BES Cyber Systems SDT maintained all low impact requirements in CIP-003 Low-only entities only need to comply with CIP-002 and CIP- 003 Added CIP-003 Part 1.2 dealing with security policy for low impact BES Cyber Systems Added Attachments dealing with the technical requirement and measures Kept four original areas 11

12 Low Impact BES Cyber Systems Security Awareness reinforce, at least every 15 calendar months, cyber security practices Incident Response Modeled from medium impact 5 elements (of 9: collapsed process requirements and update requirements together; no documentation of deviations or specific record retention but still need to demonstrate compliance) Physical Security control physical access based on need 12

13 Low Impact BES Cyber Systems Electronic Security Two new definitions LERC and LEAP Similar to but different from ERC and EAP concepts at medium & high permit only necessary inbound and outbound bi-directional routable protocol access authentication for all Dial-up Connectivity Seven reference model drawings showing LERC & LEAP in Guidelines and Technical Basis section 13

14 Implementation Plan Phased implementation plan: IAC no change (4/1/16) Communication Networks 9 months after the effective date of the standard Transient Devices 9 months after the effective date of the standard Low Impact Latter of 4/1/17 or 9 months after the effective date of the standard for policy, plan, security awareness, and response Latter of 9/1/18 or 9 months after the effective date of the standard for physical and electronic security 14

15 Current Status NERC Board approved responses to IAC and Communication Networks directives on November 13, 2014 NERC Board approved responses to Low Impact and Transient Device directives on February 12, 2015 Board action adjusted version numbers to -6 and -2 All four directive areas filed with FERC on February 13, 2015 (10-day extension granted due to scheduled NERC board meeting) FERC must go through its approval process 15

16 Guidance Development Process 16

17 April 22 CIP V5 Transition Update Discussed the purpose of guidance provided through Lessons Learned and FAQs Guidance Documents Provide explanation of effective implementation approaches of topics Identified during transition period Lessons Learned Increased technical discussion and analysis FAQs Questions with shorter more basic responses 17

18 April 22 CIP V5 Transition Update Discussed five topics not appropriately addressed through a lesson learned or FAQ Not consistent with the purpose of those guidance documents Related to questions regarding the meaning of a particular requirement NERC posted separate documents that discuss each of these issues and the manner in which NERC understands the relevant requirement or NERC Glossary term, as informed by the plain language of and the record of development for the CIP version 5 standards 18

19 Lesson Learned Status Far-end Relay Generation Segmentation Mixed Trust EACMs Interactive Remote Access Grouping of BES Cyber Systems Virtualization (Networks and Servers) 19

20 Lesson Learned Status Far-end Relay (AKA Transfer-Trip) Status: Approved by Standards Committee and Posted as Final. The far-end relay does not automatically inherit a Medium impact categorization if the near-end substation satisfies the qualifications of Criterion

21 Lesson Learned Status Generation Segmentation Status: Approved by Standards Committee and Posted as Final. BES Cyber Systems associated with a generating plant in excess of 1500 MW Net Real Power Capability can be segmented such that there are no Medium impacting BES Cyber Systems. Includes a discussion of evidence required to demonstrate sufficient segregation. 21

22 Lesson Learned Status Mixed Trust Electronic Access Control or Monitoring Systems Status: Addressing industry comments The issue is whether corporate resources (Active Directory servers, remote access authentication servers, log servers, Intrusion Detection Systems, etc.) supporting both corporate and Electronic Security Perimeter access control are Electronic Access Control or Monitoring Systems. Current position is that if the Cyber Asset is providing electronic access control or monitoring support to the CIP environment, the Cyber Asset is an EACMS for the purposes of CIP compliance. 22

23 Lesson Learned Status Interactive Remote Access Status: Addressing industry comments provide guidance on implementing security controls for the use of Interactive Remote Access. Open question is whether scripts under programmatic control and actions performed by management consoles constitute Interactive Remote Access. 23

24 Lesson Learned Status Grouping of BES Cyber Systems Status: Addressing industry comments Purpose is to describe useful methods to group BES Cyber Assets into BES Cyber Systems (BCS). 24

25 Lesson Learned Status Virtualization (Networks and Servers) Status: To be issued as a Lessons Learned in May The concern with virtualization is when there is a mixed trust environment The standards do not due a good job of addressing the technology For virtual servers where a mixed trust environment is being used there will be a lot of scrutiny of security controls in place For networks using mixed trust will need to see that the appropriate Electronic Access Point Controls are in place for the device 25

26 FAQs 3 are already posted on the V5 Transition Program page on the NERC web site as Technical FAQs 34 FAQs were posted for industry comment April 2 with comments due back by May FAQs were posted for industry comment May 1 with comments due back by June 15 26

27 NERC Communications Impact Rating Criteria 2.3 and 2.6 Impact rating for generation interconnections Facilities Programmable Electronic Devices Network and Externally Accessible Devices Control Centers and functional obligations 27

28 NERC Communications Impact Rating Criteria 2.3 and 2.6 Status: Issued as NERC Communication on April 22, 2015 Learned For IRC 2.3 and 2.6 Reliability Coordinator, Planning Coordinator, or Transmission Planner addresses the facility (generation or transmission) The asset owning registered entity must then determine which BES Cyber Assets or BES Cyber Systems support the identified Facility 28

29 NERC Communications Impact rating for generation interconnections Facilities Status: Issued as NERC Communication on April 22, 2015 Learned The question is whether a generator lead line should be included in the aggregate weighted value calculation under Criterion 2.5 Impact Rating Criteria. Consistent with the language of Criterion 2.5 and the Guidelines and Technical Basis section of CIP , a radial generator lead line with no network flows (i.e., no power would flow through the line if the generator is off-line) and with the sole purpose of connecting generator output to a networked Transmission system would not qualify as a Transmission line to be included in the Criterion 2.5 calculation. 29

30 NERC Communications Programmable Electronic Devices (PED) Status: Issued as NERC Communication on April 22, 2015 Learned some entities, including the Implementation Study participants, requested further clarification on the meaning of the phrase programmable electronic device, which is not defined in the NERC Glossary. Record of development indicates that the CIP version 5 SDT intended a programmable electronic device to be any device that is electronic and capable of executing a set of instructions. Nothing in the Cyber Asset definition or the development record indicates that the SDT sought to exclude configurable-only devices or distinguish between Cyber Assets that are physically programmable as opposed to remotely programmable via cyber means. 30

31 NERC Communications Network and Externally Accessible Devices Status: Issued as NERC Communication on April 22, 2015 Learned Does the definition of a BES Cyber Asset ( BCA ) include network devices, such as routers, core network switches, communication processers, modems, front-end processors, and data concentrators? o Under the plain language of the BCA definition, entities cannot categorically exclude network devices from the definition of BCA but must evaluate the reliability impact of the network device to determine whether it meets the BCA definition. A BCA is defined in the NERC Glossary as follows: 31

32 NERC Communications Network and Externally Accessible Devices (cont.) Does the scope of the exemption for Cyber Assets associated with communication networks and data communication links between Electronic Security Perimeters cover network devices with routable connectivity that would otherwise meet the BCA definition and be included in an Electronic Security Perimeter (ESP)? Is there an exemption for similar Cyber Assets associated with non-routable communication networks and data communication links? o Because the exemption applies to devices between ESPs, which are typically owned and operated by third parties, the exemption does not apply to network devices that meet the BCA definition and would otherwise be required to reside in an ESP. o NERC will exercise its discretion to exempt any Cyber Assets associated with non-routable communication networks/links that would be exempt if they were routable communication between discrete ESPs. 32

33 NERC Communications Network and Externally Accessible Devices (cont.) Are the requirements applicable to BES Cyber Systems (BCS) with routable connectivity (i.e., requirements related to having an ESP and External Routable Connectivity (ERC)) applicable to a natively serial-based (non-routable) BCA that has been modified to be externally accessible via a routable network? o serial device is plugged into the converter such that accessing the serial device is achieved not point to point, but via a network address, the converter s address, and a unique port number assigned to the serial device. In such cases, the natively serial-based device now has a unique routable network address and an associated network address. 33

34 NERC Communications Control Centers and functional obligations Status: Issued as NERC Communication on April 22, 2015 Learned High Impact Rating (H) Each Control Center or backup Control Center used to perform the functional obligations of the Transmission Operator for one or more of the assets that meet criterion 2.2, 2.4, 2.5, 2.7, 2.8, 2.9, or Medium Impact Rating (M) Each Control Center or backup Control Center used to perform the functional obligations of the Transmission Operator not included in High Impact Rating (H), above. Went back to the official record of the Standard Drafting Team and determined it was clearly addressed that the SDT intent was the functions you are performing and not how you are registered. 34

35 References Project Development History: CIP Version 5 Revisions page: Critical-Infrastructure-Protection-Version-5-Revisions.aspx CIP Version 5 Transition page: 35

36 Questions & Answers Forward Together ReliabilityFirst 36

Project Modifications to CIP Standards. Technical Conference April 19, 2016 Atlanta, GA

Project Modifications to CIP Standards. Technical Conference April 19, 2016 Atlanta, GA Project 2016-02 Modifications to CIP Standards Technical Conference April 19, 2016 Atlanta, GA Agenda Welcome Steven Noess NERC Antitrust Compliance Guidelines and Public Announcement* - Al McMeekin Logistics

More information

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014 Federal Energy Regulatory Commission Order No. 791 June 2, 2014 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently proposed

More information

Critical Infrastructure Protection (CIP) Version 5 Revisions. Standard Drafting Team Update Industry Webinar September 19, 2014

Critical Infrastructure Protection (CIP) Version 5 Revisions. Standard Drafting Team Update Industry Webinar September 19, 2014 Critical Infrastructure Protection (CIP) Version 5 Revisions Standard Drafting Team Update Industry Webinar September 19, 2014 Administrative Items NERC Antitrust Guidelines It is NERC s policy and practice

More information

Purpose. ERO Enterprise-Endorsed Implementation Guidance

Purpose. ERO Enterprise-Endorsed Implementation Guidance Lesson Learned CIP Version 5 Transition Program CIP-002-5.1 Requirement R1: Impact Rating of Generation Resource Shared BES Cyber Systems Version: January 29, 2015 Authorized by the Standards Committee

More information

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015 Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently

More information

Title. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.

Title. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018. Critical Infrastructure Protection Getting Low with a Touch of Medium Title CanWEA Operations and Maintenance Summit 2018 January 30, 2018 George E. Brown Compliance Manager Acciona Wind Energy Canada

More information

Implementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015

Implementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015 Implementation Plan Project 2014-02 CIP Version 5 Revisions January 23, 2015 This Implementation Plan for the Reliability Standards developed as part of Project 2014 02 CIP Version 5 Revisions replaces

More information

NERC-Led Technical Conferences

NERC-Led Technical Conferences NERC-Led Technical Conferences NERC s Headquarters Atlanta, GA Tuesday, January 21, 2014 Sheraton Phoenix Downtown Phoenix, AZ Thursday, January 23, 2014 Administrative Items NERC Antitrust Guidelines

More information

Lesson Learned CIP Version 5 Transition Program CIP : Communications and Networking Cyber Assets Version: October 6, 2015

Lesson Learned CIP Version 5 Transition Program CIP : Communications and Networking Cyber Assets Version: October 6, 2015 Lesson Learned CIP Version 5 Transition Program CIP-002-5.1: Communications and Networking Cyber Assets Version: October 6, 2015 Authorized by the Standards Committee on October 29, 2015 for posting as

More information

Implementation Plan. Project CIP Version 5 Revisions. January 23, 2015

Implementation Plan. Project CIP Version 5 Revisions. January 23, 2015 Implementation Plan Project 2014-02 CIP Version 5 Revisions January 23, 2015 This Implementation Plan for the Reliability Standards developed as part of Project 2014-02 CIP Version 5 Revisions replaces

More information

Standards Authorization Request Form

Standards Authorization Request Form Standards Authorization Request Form When completed, email this form to: sarcomm@nerc.com NERC welcomes suggestions to improve the reliability of the bulk power system through improved reliability standards.

More information

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Breakfast. 7:00 a.m. 8:00 a.m.

Breakfast. 7:00 a.m. 8:00 a.m. Breakfast 7:00 a.m. 8:00 a.m. Opening Announcements NERC 2015 Standards and Compliance Spring Workshop April 3, 2015 NERC Antitrust Compliance Guidelines It is NERC s policy and practice to obey the antitrust

More information

Summary of FERC Order No. 791

Summary of FERC Order No. 791 Summary of FERC Order No. 791 On November 22, 2013, the Federal Energy Regulatory Commission ( FERC or Commission ) issued Order No. 791 adopting a rule that approved Version 5 of the Critical Infrastructure

More information

Standard Development Timeline

Standard Development Timeline Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).

More information

CIP V5 Implementation Study SMUD s Experience

CIP V5 Implementation Study SMUD s Experience CIP V5 Implementation Study SMUD s Experience Tim Kelley October 16, 2014 Powering forward. Together. SMUD Fast Facts General Information SMUD employs approximately 2,000 individuals Service area of 900

More information

CIP Cyber Security Security Management Controls. A. Introduction

CIP Cyber Security Security Management Controls. A. Introduction CIP-003-7 - Cyber Security Security Management Controls A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-7 3. Purpose: To specify consistent and sustainable security

More information

CYBER SECURITY POLICY REVISION: 12

CYBER SECURITY POLICY REVISION: 12 1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred

More information

CIP Cyber Security Security Management Controls

CIP Cyber Security Security Management Controls A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-6 3. Purpose: To specify consistent and sustainable security management controls that establish responsibility and

More information

Lesson Learned CIP Version 5 Transition Program CIP : Communications and Networking Cyber Assets Draft Version: August 18, 2015

Lesson Learned CIP Version 5 Transition Program CIP : Communications and Networking Cyber Assets Draft Version: August 18, 2015 Lesson Learned CIP Version 5 Transition Program CIP-002-5.1: Communications and Networking Cyber Assets Draft Version: August 18, 2015 This document is designed to convey lessons learned from NERC s various

More information

DRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1

DRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1 DRAFT Cyber Security Communications between Control Centers Technical Rationale and Justification for Reliability Standard CIP-012-1 March May 2018 NERC Report Title Report Date I Table of Contents Preface...

More information

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:

More information

Unofficial Comment Form Project Modifications to CIP Standards Virtualization in the CIP Environment

Unofficial Comment Form Project Modifications to CIP Standards Virtualization in the CIP Environment Unofficial Comment Form Project 2016-02 Modifications to CIP Standards Virtualization in the CIP Environment Do not use this form for submitting comments. Use the electronic form to submit comments on

More information

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:

More information

Unofficial Comment Form Project Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i)

Unofficial Comment Form Project Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i) Unofficial Comment Form Project 2016-02 Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i) Do not use this form for submitting comments. Use the electronic form to submit

More information

Additional 45-Day Comment Period and Ballot November Final Ballot is Conducted January Board of Trustees (Board) Adoption February 2015

Additional 45-Day Comment Period and Ballot November Final Ballot is Conducted January Board of Trustees (Board) Adoption February 2015 Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Low Impact BES Cyber Systems. Cyber Security Security Management Controls CIP Dave Kenney

Low Impact BES Cyber Systems. Cyber Security Security Management Controls CIP Dave Kenney Low Impact BES Cyber Systems Cyber Security Security Management Controls CIP-003-6 Dave Kenney November 9, 2016 Presentation Agenda Outreach Observations/Audit Approach Cyber Security Awareness Physical

More information

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010 Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes

More information

SGAS Low Impact Atlanta, GA September 14, 2016

SGAS Low Impact Atlanta, GA September 14, 2016 SGAS Low Impact Atlanta, GA September 14, 2016 Lisa Wood, CISA, Security+, CBRA, CBRM Compliance Auditor Cyber Security Western Electricity Coordinating Council Slide 2 Agenda Low Impact Case Study Overview

More information

Standard Development Timeline

Standard Development Timeline CIP-003-67(i) - Cyber Security Security Management Controls Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when

More information

Low Impact Generation CIP Compliance. Ryan Walter

Low Impact Generation CIP Compliance. Ryan Walter Low Impact Generation CIP Compliance Ryan Walter Agenda Entity Overview NERC CIP Introduction CIP-002-5.1, Asset Classification What Should Already be Done CIP-003-7, Low Impact Requirements Tri-State

More information

CIP Cyber Security Personnel & Training

CIP Cyber Security Personnel & Training A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-6 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the Bulk Electric

More information

Standard CIP 005 4a Cyber Security Electronic Security Perimeter(s)

Standard CIP 005 4a Cyber Security Electronic Security Perimeter(s) A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-4a 3. Purpose: Standard CIP-005-4a requires the identification and protection of the Electronic Security Perimeter(s)

More information

Critical Cyber Asset Identification Security Management Controls

Critical Cyber Asset Identification Security Management Controls Implementation Plan Purpose On January 18, 2008, FERC (or Commission ) issued Order. 706 that approved Version 1 of the Critical Infrastructure Protection Reliability Standards, CIP-002-1 through CIP-009-1.

More information

Standard Development Timeline

Standard Development Timeline CIP 003 7 Cyber Security Security Management Controls Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard

More information

CIP Technical Workshop

CIP Technical Workshop CIP Technical Workshop Scott R, Mix, CISSP, NERC CIP Technical Manager Nick Santora, CISSP, CISA, GISP, CIP Cybersecurity Specialist Tobias R. Whitney, Manager, CIP Compliance March 4, 2014 Agenda Welcome

More information

This draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791.

This draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791. Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Project Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives

Project Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives Project 2014-02 - Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives Violation Risk Factor and Justifications The tables

More information

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES 002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission

More information

Compliance: Evidence Requests for Low Impact Requirements

Compliance: Evidence Requests for Low Impact Requirements MIDWEST RELIABILITY ORGANIZATION Compliance: Evidence Requests for Low Impact Requirements Jess Syring, CIP Compliance Engineer MRO CIP Low Impact Workshop March 1, 2017 Improving RELIABILITY and mitigating

More information

Frequently Asked Questions CIP Version 5 Standards Consolidated FAQs and Answers Version: October 2015

Frequently Asked Questions CIP Version 5 Standards Consolidated FAQs and Answers Version: October 2015 Frequently Asked Questions CIP Version 5 Standards Consolidated FAQs and Answers Version: October 2015 This document is designed to provide answers to questions asked by entities as they transition to

More information

Lesson Learned CIP Version 5 Transition Program

Lesson Learned CIP Version 5 Transition Program Lesson Learned CIP Version 5 Transition Program CIP-002-5: BES Cyber Assets Version: December 7, 2015 This document is designed to convey lessons learned from NERC s various CIP version 5 transition activities.

More information

Designing Secure Remote Access Solutions for Substations

Designing Secure Remote Access Solutions for Substations Designing Secure Remote Access Solutions for Substations John R Biasi MBA, CISA, CISSP October 19, 2017 Agenda Brief Biography Interactive Remote Access Dial-Up Access Examples Transient Devices Vendor

More information

Standard Development Timeline

Standard Development Timeline Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft

More information

Cyber Security Incident Report

Cyber Security Incident Report Cyber Security Incident Report Technical Rationale and Justification for Reliability Standard CIP-008-6 January 2019 NERC Report Title Report Date I Table of Contents Preface... iii Introduction... 1 New

More information

Standard Development Timeline

Standard Development Timeline Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).

More information

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft

More information

CIP Cyber Security Physical Security of BES Cyber Systems

CIP Cyber Security Physical Security of BES Cyber Systems Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

CIP Cyber Security Physical Security of BES Cyber Systems

CIP Cyber Security Physical Security of BES Cyber Systems A. Introduction 1. Title: Cyber Security Physical Security of BES Cyber Systems 2. Number: CIP-006-5 3. Purpose: To manage physical access to BES Cyber Systems by specifying a physical security plan in

More information

Additional 45-Day Comment Period September Final Ballot is Conducted October/November Board of Trustees (Board) Adoption November 2014

Additional 45-Day Comment Period September Final Ballot is Conducted October/November Board of Trustees (Board) Adoption November 2014 Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Frequently Asked Questions CIP Version 5 Standards April 1, 2015

Frequently Asked Questions CIP Version 5 Standards April 1, 2015 Frequently Asked Questions CIP Version 5 Standards April 1, 2015 This draft document provides answers to questions asked by entities as they transition to the CIP Version 5 Reliability Standards. The information

More information

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements

More information

Standard CIP Cyber Security Critical Cyber Asset Identification

Standard CIP Cyber Security Critical Cyber Asset Identification Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed

More information

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:

More information

Lesson Learned CIP Version 5 Transition Program CIP R1: Grouping BES Cyber Assets Version: September 8, 2015

Lesson Learned CIP Version 5 Transition Program CIP R1: Grouping BES Cyber Assets Version: September 8, 2015 Lesson Learned CIP Version 5 Transition Program CIP-002-5.1 R1: Grouping BES Cyber Assets Version: September 8, 2015 This document is designed to convey lessons learned from NERC s various CIP version

More information

Reliability Standard Audit Worksheet 1

Reliability Standard Audit Worksheet 1 Reliability Standard Audit Worksheet 1 CIP-006-6 Cyber Security Physical Security of BES Cyber Systems This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered Entity:

More information

CIP Cyber Security Security Management Controls. Standard Development Timeline

CIP Cyber Security Security Management Controls. Standard Development Timeline Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

CIP Cyber Security Personnel & Training

CIP Cyber Security Personnel & Training A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-5.1 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the BES from individuals

More information

Hang on it s going to be a wild ride

Hang on it s going to be a wild ride AGA/EEI Utility Internal Auditor's Training Course Washington, DC August 26, 2015 Hang on it s going to be a wild ride There are no NERC CIP Babel Fish "The Babel fish is small, yellow, leech-like, and

More information

Standard CIP 005 2a Cyber Security Electronic Security Perimeter(s)

Standard CIP 005 2a Cyber Security Electronic Security Perimeter(s) A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2a 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)

More information

Standard CIP Cyber Security Critical Cyber Asset Identification

Standard CIP Cyber Security Critical Cyber Asset Identification Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed

More information

Standard CIP Cyber Security Critical Cyber As s et Identification

Standard CIP Cyber Security Critical Cyber As s et Identification A. Introduction 1. Title: Cyber Security Critical Cyber Asset Identification 2. Number: CIP-002-4 3. Purpose: NERC Standards CIP-002-4 through CIP-009-4 provide a cyber security framework for the identification

More information

CIP Cyber Security Configuration Management and Vulnerability Assessments

CIP Cyber Security Configuration Management and Vulnerability Assessments Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

CIP Cyber Security Implementation

CIP Cyber Security Implementation CIP-003-6 Cyber Security Implementation Electronic Access Controls and Cyber Security Incident Response Joe Peterson, Substation Cyber Lead ALLETE/Minnesota Power MRO CIP Low Impact Workshop March 1, 2017

More information

Standard CIP Cyber Security Critical Cyber As s et Identification

Standard CIP Cyber Security Critical Cyber As s et Identification A. Introduction 1. Title: Cyber Security Critical Cyber Asset Identification 2. Number: CIP-002-4 3. Purpose: NERC Standards CIP-002-4 through CIP-009-4 provide a cyber security framework for the identification

More information

CIP Cyber Security Electronic Security Perimeter(s)

CIP Cyber Security Electronic Security Perimeter(s) A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-5 3. Purpose: To manage electronic access to BES Cyber Systems by specifying a controlled Electronic Security

More information

Violation Risk Factor and Violation Severity Level Justifications Project Modifications to CIP Standards

Violation Risk Factor and Violation Severity Level Justifications Project Modifications to CIP Standards Violation Risk Factor and Violation Severity Level Justifications Project 2016-02 Modifications to CIP Standards This document provides the standard drafting team s (SDT s) justification for assignment

More information

Technical Questions and Answers CIP Version 5 Standards Version: June 13, 2014

Technical Questions and Answers CIP Version 5 Standards Version: June 13, 2014 Technical s and s CIP Version 5 Standards Version: June 13, 2014 This document is designed to convey lessons learned from NERC s various activities. It is not intended to establish new requirements under

More information

Standard CIP-006-4c Cyber Security Physical Security

Standard CIP-006-4c Cyber Security Physical Security A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-4c 3. Purpose: Standard CIP-006-4c is intended to ensure the implementation of a physical security

More information

CIP Version 5 Evidence Request User Guide

CIP Version 5 Evidence Request User Guide CIP Version 5 Evidence Request User Guide Version 1.0 December 15, 2015 NERC Report Title Report Date I Table of Contents Preface... iv Introduction... v Purpose... v Evidence Request Flow... v Sampling...

More information

CIP Cyber Security Recovery Plans for BES Cyber Systems

CIP Cyber Security Recovery Plans for BES Cyber Systems Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Lesson Learned CIP Version 5 Transition Program CIP R1: Grouping BES Cyber Assets Version: March 2, 2014

Lesson Learned CIP Version 5 Transition Program CIP R1: Grouping BES Cyber Assets Version: March 2, 2014 Lesson Learned CIP Version 5 Transition Program CIP-002-5.1 R1: Grouping BES Cyber Assets Version: March 2, 2014 This document is designed to convey lessons learned from NERC s various CIP version 5 transition

More information

Project Modifications to CIP Standards

Project Modifications to CIP Standards Project 2016-02 Modifications to CIP Standards Virtualization and other Technology Innovations Presenters Jay Cribb, Southern Company Steve Brain, Dominion Energy Forrest Krigbaum, Bonneville Power Administration

More information

Standard Development Timeline

Standard Development Timeline CIP-002-6 Cyber Security BES Cyber System Categorization Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the

More information

Standard CIP Cyber Security Physical Security

Standard CIP Cyber Security Physical Security A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security program

More information

Standard CIP 007 4a Cyber Security Systems Security Management

Standard CIP 007 4a Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4a 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for

More information

Cyber Security Reliability Standards CIP V5 Transition Guidance:

Cyber Security Reliability Standards CIP V5 Transition Guidance: Cyber Security Reliability Standards CIP V5 Transition Guidance: ERO Compliance and Enforcement Activities during the Transition to the CIP Version 5 Reliability Standards To: Regional Entities and Responsible

More information

CIP Cyber Security Recovery Plans for BES Cyber Systems

CIP Cyber Security Recovery Plans for BES Cyber Systems A. Introduction 1. Title: Cyber Security Recovery Plans for BES Cyber Systems 2. Number: CIP-009-6 3. Purpose: To recover reliability functions performed by BES Cyber Systems by specifying recovery plan

More information

Standard CIP Cyber Security Electronic Security Perimeter(s)

Standard CIP Cyber Security Electronic Security Perimeter(s) A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)

More information

CIP Cyber Security Systems Security Management

CIP Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security System Security Management 2. Number: CIP-007-5 3. Purpose: To manage system security by specifying select technical, operational, and procedural requirements in

More information

Standard Development Timeline

Standard Development Timeline CIP-002-6 Cyber Security BES Cyber System Categorization Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the

More information

CIP Cyber Security Systems Security Management

CIP Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security System Security Management 2. Number: CIP-007-6 3. Purpose: To manage system security by specifying select technical, operational, and procedural requirements in

More information

Standard Development Timeline

Standard Development Timeline CIP-008-6 Incident Reporting and Response Planning Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard

More information

BILLING CODE P DEPARTMENT OF ENERGY FEDERAL ENERGY REGULATORY COMMISSION. 18 CFR Part 40. [Docket No. RM ]

BILLING CODE P DEPARTMENT OF ENERGY FEDERAL ENERGY REGULATORY COMMISSION. 18 CFR Part 40. [Docket No. RM ] This document is scheduled to be published in the Federal Register on 07/22/2015 and available online at http://federalregister.gov/a/2015-17920, and on FDsys.gov BILLING CODE 6717-01-P DEPARTMENT OF ENERGY

More information

NERC CIP Compliance Matrix of RUGGEDCOM CROSSBOW Operating System

NERC CIP Compliance Matrix of RUGGEDCOM CROSSBOW Operating System Application description 04/2017 NERC CIP Compliance Matrix of RUGGEDCOM RUGGEDCOM https://support.industry.siemens.com/cs/ww/en/view/109747098 Warranty and Liability Warranty and Liability Note The Application

More information

NPCC Compliance Monitoring Team Classroom Session

NPCC Compliance Monitoring Team Classroom Session NPCC Compliance Monitoring Team Classroom Session John Muir - Director, Compliance Monitoring Jacqueline Jimenez - Senior Compliance Engineer David Cerasoli, CISSP - Manager, CIP Audits 5/14/2018 1 Compliance

More information

Standard CIP Cyber Security Electronic Security Perimeter(s)

Standard CIP Cyber Security Electronic Security Perimeter(s) A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-1 3. Purpose: Standard CIP-005 requires the identification and protection of the Electronic Security Perimeter(s)

More information

NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks

NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks NERC Standard Requirement Requirement Text Measures ConsoleWorks

More information

1. SAR posted for comment on January 15, Standard Drafting Team appointed on January 29, 2014

1. SAR posted for comment on January 15, Standard Drafting Team appointed on January 29, 2014 Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed

More information

Standard CIP-006-3c Cyber Security Physical Security

Standard CIP-006-3c Cyber Security Physical Security A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3c 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security

More information

Interactive Remote Access FERC Remote Access Study Compliance Workshop October 27, Eric Weston Compliance Auditor Cyber Security.

Interactive Remote Access FERC Remote Access Study Compliance Workshop October 27, Eric Weston Compliance Auditor Cyber Security. Interactive Remote Access Compliance Workshop October 27, 2016 Eric Weston Compliance Auditor Cyber Security 2 Agenda Interactive Remote Access Overview Review of Use Cases and Strategy 1 Interactive Remote

More information

A. Introduction 1. Title: 2. Number: 3. Purpose: 4. Applicability: 4.1. Functional Entities: Balancing Authority Distribution Provider

A. Introduction 1. Title: 2. Number: 3. Purpose: 4. Applicability: 4.1. Functional Entities: Balancing Authority Distribution Provider The Background, VRF/VSLs, and Guidelines and Technical Basis Sections have been removed for this informal posting. The Project 2016-02 is seeking comments around the concept of the Requirement/Measure

More information

Implementing Cyber-Security Standards

Implementing Cyber-Security Standards Implementing Cyber-Security Standards Greg Goodrich TFIST Chair, CISSP New York Independent System Operator Northeast Power Coordinating Council General Meeting Montreal, QC November 28, 2012 Topics Critical

More information

Standard CIP 007 3a Cyber Security Systems Security Management

Standard CIP 007 3a Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for

More information

Standard CIP-006-1a Cyber Security Physical Security

Standard CIP-006-1a Cyber Security Physical Security A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-1a 3. Purpose: Standard CIP-006 is intended to ensure the implementation of a physical security program

More information

CIP Cyber Security Recovery Plans for BES Cyber Systems

CIP Cyber Security Recovery Plans for BES Cyber Systems A. Introduction 1. Title: Cyber Security Recovery Plans for BES Cyber Systems 2. Number: CIP-009-5 3. Purpose: To recover reliability functions performed by BES Cyber Systems by specifying recovery plan

More information

FRCC CIP V5 FAQ and Lessons Learned Tracking

FRCC CIP V5 FAQ and Lessons Learned Tracking FRCC CIP V5 FAQ and Lessons Learned Tracking FRCC CIP V5 FAQ and Lessons Learned Tracking Date: December 19, 2014 1 As part of the FRCC CIP V5 Outreach efforts, FRCC is providing the following information

More information

CIP Cyber Security Physical Security of BES Cyber Systems

CIP Cyber Security Physical Security of BES Cyber Systems A. Introduction 1. Title: Cyber Security Physical Security of BES Cyber Systems 2. Number: CIP-006-6 3. Purpose: To manage physical access to Bulk Electric System (BES) Cyber Systems by specifying a physical

More information

Reliability Standard Audit Worksheet 1

Reliability Standard Audit Worksheet 1 Reliability Standard Audit Worksheet 1 CIP-002-5.1 Cyber Security BES Cyber System Categorization This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered Entity: NCR

More information

Lesson Learned CIP Version 5 Transition Program

Lesson Learned CIP Version 5 Transition Program Lesson Learned CIP Version 5 Transition Program CIP-002-5: BES Cyber Assets Version: September 9, 2015 This document is designed to convey lessons learned from NERC s various CIP version 5 transition activities.

More information