SGAS Low Impact Atlanta, GA September 14, 2016
|
|
- Lee Owens
- 6 years ago
- Views:
Transcription
1 SGAS Low Impact Atlanta, GA September 14, 2016 Lisa Wood, CISA, Security+, CBRA, CBRM Compliance Auditor Cyber Security Western Electricity Coordinating Council
2 Slide 2 Agenda Low Impact Case Study Overview Key Conclusions, Challenges, Recommendations Questions September 14, 2016 Western Electricity Coordinating Council
3 Slide 3 Low Impact Case Study Goals Ensure an Efficient and Effective Transition Understand and address challenges Foster Communication and knowledge sharing Identify Guidance Topics September 14, 2016 Western Electricity Coordinating Council
4 Slide 4 Case study ran from October 2015 through May 2016 Four (4) Participants Selected One (1) Mixed Impact Entity Three (3) Low Only Entities Participation Details September 14, 2016 Western Electricity Coordinating Council
5 Slide 5 LICS Key Conclusions, Challenges, Recommendations September 14, 2016 Western Electricity Coordinating Council
6 Slide 6 Resource Impact Used on-hand resources Small Critical/Technical Staff If a team member was sick, the project came to a halt Finding time to review and create the required LERC/LEAP documentation Used on hand resources, but brought in a 3 rd party based on their size with 40+ configuration files September 14, 2016 Western Electricity Coordinating Council
7 Slide 7 Participant Challenges CIP R1.3 not required to have a discreet list, but found it much easier to have the lists for the SMEs to be able to implement Programs, Policies, Procedures, and Plans Reconciling internal definitions with the NERC definitions Updated documentation to match September 14, 2016 Western Electricity Coordinating Council
8 Slide 8 Low Impact Strategy & Tactics September 14, 2016 Western Electricity Coordinating Council
9 Slide 9 Participant Challenges Reference Models Identifying where they already had equipment addressing the LEAP control Understanding how to demonstrate the LEAP configurations If using a firewall, understand the ACLs and configuration files needed in order to meet the LEAP expectations, and being able to demonstrate this September 14, 2016 Western Electricity Coordinating Council
10 Slide 10 LERC and LEAP Challenges Communication Gap/Learning curve - understanding the new terminology and being able to explain it to the technical people. Translating compliance language (BCS, LERC/LEAP) to IT language (Low Only and Mixed Impact) Understanding the Environment Most practical approach is to have a detailed inventory of your environment so you can document and understand the interactions of the cyber assets (Low Only) Developed a network diagram of entire network, identifying ESPs, PSPs, LERCs, LEAPs. They needed to understand the environment to determine where they had LERC and in turn needed LEAPs (Mixed Impact) September 14, 2016 Western Electricity Coordinating Council
11 Slide 11 Additional Points Vendors seemed to be stuck in High or Medium realm and not keyed into CIP R2 Attachment 1, 2, and G&TB (Specifically, Section 3.1) Compliance AND Security Ensuring requirements are met, while focusing on physical and electronic access controls, securing the network and facilities, at a reasonable cost September 14, 2016 Western Electricity Coordinating Council
12 Slide 12 Participant Recommendations Don t make it more difficult or bigger than it is. Lean on existing policies already in place. Plug in early, something will always pop-up and potentially impact the project. Build some extra time into your project timeline for testing & feedback, budget cycles, and unplanned contingencies Review the standards/requirements and clarify all of the documentation requirements for each standard early on Research, Research, Research - Tap unlikely resources such as your commercial insurance carrier/broker One participant used a great template from their insurance carrier for their cyber incident response plan Don t be fooled by the generic and oversimplified requirements for policies and requirements - They are simplistic by design to allow you the flexibility for workable policies and plans September 14, 2016 Western Electricity Coordinating Council
13 Slide 13 Recommendations (cont.) Engage SMEs and plant/field personnel who are going to have to live with the results of your creations early on Have weekly team meetings even if there s not much to discuss, it keeps the project on everyone s radar Make sure all documents, at minimum, undergo a basic technical and legal review and then a final formatting review cut & paste is a blessing and a curse! If you are coming from the IT side of the house, go shake hands with and learn about the OT environment, as it will allow you to better understand the assets you re trying to protect September 14, 2016 Western Electricity Coordinating Council
14 Slide 14 Physical Security and Electronic Access Controls September 14, 2016 Western Electricity Coordinating Council
15 Slide 15 Physical Security Controls All participants already had at least the minimum controls in place Gate, fence, key pads, key cards, video monitoring, 24/7 staff WECC recommended being forward looking and consider how they may address future control requirements September 14, 2016 Western Electricity Coordinating Council
16 16 Electronic Access Controls 3. Electronic Access Controls: Each Responsible Entity shall : 3.1 For LERC, if any, implement a LEAP to permit only necessary inbound and outbound bi-directional routable protocol access; and 3.2 Implement authentication of all Dial-up Connectivity, if any, that provides access to low impact BES Cyber Systems, per Cyber Asset capability. September 14, 2016 Western Electricity Coordinating Council
17 17 CIP Perspective CIP maturity New to controls compliance Footprint September 14, 2016 Western Electricity Coordinating Council
18 18 Low Impact BES Asset Substation A /24 Substation B /24 SONET RING DEMARC Layer 2 Switch September 14, 2016 SCADA Servers Low Impact Control Center /24 Operator Consoles
19 19 Low Impact BES Asset Substation A /24 Substation B /24 SONET RING DEMARC Transparent Firewall September 14, 2016 SCADA Servers Low Impact Control Center /24 Operator Consoles
20 20 Managed Firewall Will compliance evidence require actual configuration files, demonstrating access controls for each designated electronic access control? September 14, 2016 Western Electricity Coordinating Council
21 21 Managed Firewall September 14, 2016 Western Electricity Coordinating Council
22 22 Managed Firewall Evidence September 14, 2016 Western Electricity Coordinating Council
23 23 Managed Firewall Evidence User logs in with their network username and password then they are granted access No one has access to anything without a login September 14, 2016 Western Electricity Coordinating Council
24 24 Firewall Configuration September 14, 2016 Western Electricity Coordinating Council
25 25 Inventory List Non-BES Cyber Asset Low impact BES Cyber System September 14, 2016 Western Electricity Coordinating Council
26 26 Inventory List Non-BES Cyber Asset Low impact BES Cyber System September 14, 2016 Western Electricity Coordinating Council
27 MGT CONSOLE USB PWR FAN ALM STS HA TMP 27 Breaking LERC Substation RTU/COM Processor/Security Break/Protocol Break Communication Path External VLAN Internal VLAN PA HA1 HA2 DEMARC To Next Substation Intra-Substation Network September 14, 2016 Western Electricity Coordinating Council
28 Slide 28 Reference Model 6 (NERC, 2014, CIP-003-6: Cyber Security, p. 38) September 14, 2016 Western Electricity Coordinating Council
29 29 FAQs/Lessons Learned What constitutes a protocol/authentication/security break for LERC? September 14, 2016 Western Electricity Coordinating Council
30 Slide 30 Questions Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security Desk: Cell: September 14, 2016 Western Electricity Coordinating Council
31 Auditing Low Impact BES Cyber Systems Scott R. Mix, CISSP, NERC CIP Technical Manager NERC Small Group Advisory Sessions Low Impact Webinar September 14, 2016
32 Disclaimer The information contained in this presentation is preliminary, and represents a possible approach being considered by the ERO as of the fall of 2015, and updated with Standard Drafting Team initial draft posting in the late summer of These approaches are subject to review and modification as the ERO finalizes the audit approaches in response to pre-audit outreach conducted before the effective date of the requirements. These approaches are also subject to review and modification based on further modifications to the requirements by standards development actions. 2
33 Agenda Lists Not all Low Impact Locations are Equal Possible Audit Approaches Sampling Connectivity (LERC) Generation Transmission Control Centers Physical Security Security Awareness Incident Response Mixed Environments 3
34 Low Impact Lists Discrete lists of Low Impact BES Cyber Systems are not required HOWEVER: A list containing the name of each asset that contains a low impact BES Cyber System is required (CIP Requirement R1 Part 1.3 Identify each asset that contains a low impact BES Cyber System ) This would be a list of generating plants, transmission stations, certain distribution stations, and certain small control centers, that contain low impact BES Cyber Systems 4
35 Low Impact Lists The entity should be prepared to demonstrate that all BES assets (locations) are accounted for on either the list of high impact, medium impact or low impact locations (note: a list of high or medium impact locations is not specifically required, but can be surmised by looking at lists of high impact and medium impact BES Cyber Systems, if they exist) The entity should be prepared to demonstrate that all the low impact BES Cyber Systems at the assets on the lists have been afforded electronic and physical protections, and are included in incident response plans 5
36 Low Impact Lists Similarly, lists of personnel with access to low impact BES Cyber Systems is not required HOWEVER: The entity should be prepared to demonstrate how it determines whether personnel have a need to access the low impact BES Cyber Systems The entity should be prepared to demonstrate how the electronic security protections and physical protections are implemented to ensure that only personnel that have a need have access The entity should be prepared to demonstrate that all those personnel have had access to the security awareness materials 6
37 Low Impact Lists Even though BES Cyber Asset / BES Cyber System lists are not required for compliance, it is in the entity s best interest to maintain lists to ensure that all low impact BES Cyber Systems are properly secured with both physical and electronic controls Station, plant, or Control Center drawings showing all Cyber Assets at the location, drawings showing computer network paths through identified access control devices, and drawings of physical locations to demonstrate required physical access control may be beneficial in demonstrating compliance These lists will not be assessed for completeness only to help the entity tell its story 7
38 Not All Low Impact Locations are Equal Low impact covers a wide range of BES locations and Facilities Within low impact there are potentially vastly different BES impacts The CIP Standards don t make a distinction between a big (i.e., more impactful) low impact site and a small (i.e., less impactful) low impact site Consider the following field examples: 8
39 Not All Low Impact Locations are Equal 115 kv 115 kv 9 Transmission Considerations 69 kv
40 Not All Low Impact Locations are Equal 345 kv 345 kv 115 kv 10 Transmission Considerations
41 Not All Low Impact Locations are Equal To SUB A 345 kv 345 kv To SUB B 115 kv 115 kv 11 Transmission Considerations
42 Not All Low Impact Locations are Equal 30 MW 115 kv Generation Considerations 12
43 Not All Low Impact Locations are Equal 700 MW 700 MW 230 kv Generation Considerations 13
44 Not All Low Impact Locations are Equal 4 x 700 MW (with segmented control systems) 345 kv Generation Considerations 14
45 Compliance Implications Pure random sampling of low impact assets for audit purposes is not appropriate Random sampling within specific subsets of low impact assets may be appropriate Expect risk and impact based judgmental sampling Expect more audit attention at low impact locations with larger impact Expect more audit attention to larger generation plants than at smaller plants 15
46 Auditing Connectivity The following audit approach is based on the initial draft posting of the LERC changes The SDT will be analyzing comments from industry and making changes in response to those comments The audit approach will need to be updated after the next posting 16
47 Auditing Connectivity In order to determine if LERC is present, expect a number of questions: 1. Is there any routable protocol communications in the wide area network used to communication with assets containing low impact BES Cyber Systems? If no, then there is no LERC If yes, then further questions are needed Expect to be asked for network drawings, configurations, etc. to support your answer 17
48 Auditing Connectivity 2. For each low impact location (asset), is there routable protocol communications in the wide area network connecting to that location? If no, there is no LERC at that location If yes, there is LERC, and additional questions will be asked Expect to be asked for network drawings, configurations, etc. to support your answer 18
49 Auditing Connectivity 3. Does the routable communication connect in any way to the low impact BES Cyber Systems? If no, describe how the routable communication is isolated from the low impact BES Cyber Systems Logical or physical separation is allowed If yes, describe how the low impact BES Cyber Systems are protected from external routable access Firewall, proxy, application protocol break, authentication, etc. Expect to be asked for network drawings, configurations, etc. to support your answer 19
50 Auditing Connectivity Once LERC has been determined to exist at an asset, the low impact BES Cyber Systems must all be protected logically Expect to be asked for network drawings showing that all low impact BES Cyber Systems are appropriately protected Detailed inventory lists are not required, but high-level network drawings may be beneficial for describing what needs to be protected Detailed inventory lists may be provided (at the entity s option) to help support decisions, but the detailed lists will not themselves be subject to audit 20
51 Low Impact Audit Evidence Since lists of BES Cyber Assets / Systems are not required, what kinds of evidence are appropriate? Since there are no device-specific requirements, lists aren t needed Requirements are for border protection or systemlevel recovery 21
52 Low Impact Audit Evidence Existing as-built documentation and drawings should provide sufficient detail to allow the ERO to determine whether protections are put into place Drawings show connectivity Drawings show high-level component detail Drawings allow auditors to determine whether all required logical protections (e.g., access control devices) are put into place Drawings can indicate physical locations that need to be protected (or at least identify what needs physical protection) Drawings can show what systems need incident response plans 22
53 Possible Low Impact Evidence 23 Source: (modified)
54 Possible Low Impact Evidence 24 Source: gration%20considerations%20for%20large%20scale%20iec% %20systems.pdf (modified)
55 Possible Low Impact Evidence Corporate Workstation No Connectivity 25 Source: gration%20considerations%20for%20large%20scale%20iec% %20systems.pdf (modified)
56 LERC The entity should be prepared to provide a list of access control devices, and indicate which (assets containing) low impact BES Cyber Systems are associated with each device The entity should be prepared to demonstrate rationale for what constitutes necessary inbound and outbound bi-directional routable protocol access The entity should be prepared to demonstrate the access control lists that ensure that only necessary inbound and outbound connections are allowed 26
57 LERC Expect that large or complicated access control devices may receive additional inspection to ensure that all traffic between different low impact BES Cyber Systems is correctly filtered Expect that access control devices at Control Centers will be audited concurrently with the Control Centers 27
58 Dial-up The entity should be prepared to demonstrate Dial-up Connectivity protections at low impact BES Cyber System locations, the authentication methods in place, and any per Cyber Asset capabilities documented 28
59 Large Generation Based on inherent risk and impact, expect more attention at any generation plant > 1500 MW The entity should be prepared to demonstrate how the unit controls are segregated, including computer network diagrams, firewall configurations, data flow analysis, etc. The entity should be prepared to demonstrate the analysis of any common systems at the plant - Expect the analysis to include both a time-based component as well as an impact-based component The entity should be prepared to allow inspection of any common control rooms that have control of >1500 MW of generation 29
60 Larger Low Impact Transmission Based on inherent risk and impact, expect more attention at large networked transmission stations For example: Transmission stations that have multiple lines, but with some excluded from the IRC 2.5 calculation because they are generator interconnection lines Transmission stations that have multiple lines, but connect to only two other Transmission stations Transmission stations that have multiple lines, with large capacity connections to non-bes facilities The requirements are the same, but they may be more likely to be reviewed as part of the audit 30
61 Control Center Based on inherent risk and impact, expect more attention at Balancing Authority and multi-function Control Centers Based on inherent risk and impact, expect more attention if the control center is close to a medium impact threshold 31
62 Physical Security Low Impact physical security is significantly different than that required for CIP-014 CIP-014 uses medium impact transmission as a starting point Much of existing physical protections (e.g., for copper theft protection, or for human safety) should be leveraged: Fencing, locked gates, lighting, cameras, motion sensing, etc. Physical security is required for all low impact BES Cyber System locations regardless of electronic connectivity 32
63 Physical Security Physical Security applies to both the BES asset locations (i.e., generation plants, transmission stations, control centers) as well as to locations containing access control devices These might be at BES locations containing low impact BES Cyber Systems, BES locations containing medium impact BES Cyber Systems, at telecommunication hub locations, or at Control Centers 33
64 Physical Security The entity should be prepared to demonstrate how it controls access to the BES asset or access control device If the access control method is electronic card, the entity should be prepared to demonstrate how it provisions and manages access cards, and determines what accesses are assigned to those cards, including procedures for revocation of the access once access is no longer required. If the access control method is a brass key, the entity should be prepared to demonstrate its key management procedures, including how those keys are assigned or provisioned, lock core management, lost key processes, and revocation of the key once access is no longer required. 34
65 Physical Security The entity should be prepared to demonstrate how it assesses the based on need clause of the requirement If the access determination method is job title, the entity should be prepared to demonstrate how the job description provides justification for access. If the access determination method is job location, the entity should be prepared to demonstrate how personnel are assigned to job locations. The entity should be prepared to demonstrate it has procedures for assigning and revoking access regardless of the method. 35
66 Physical Security Since access control devices can be located at field locations, Control Centers, or at other locations (e.g., communications hubs), the entity should be prepared to produce a list of locations containing access control devices, especially if they are located outside of BES assets. Physical access to the access control devices has the same set of requirements as access to the low impact BES Cyber Systems as described above. 36
67 Physical Security The entity should be prepared to demonstrate that all Low Impact BES Cyber Systems and access control devices have been afforded the appropriate protections. Drawings, floor plans, etc. are acceptable, so long as they provide sufficient detail to indicate that all required BES Cyber Systems and access control devices are included Detailed inventory lists are not required, and reviews will be conducted at a high level 37
68 Cyber Security Awareness The entity should be prepared to demonstrate that cyber security awareness materials have been made available Materials and audit approaches are the same as for high and medium Examples include s, posters, meeting presentations, etc. Specific actions are similar to CIP Requirement R1 Part 1.1, but a change interval of 15 months rather than 3 months. 38
69 Incident Response The entity should be prepared to demonstrate it has the required procedure documentation and evidence that the procedure has been followed Specific actions are similar to CIP-008-5, but relaxed testing timeframes (36 months rather than 15 months) and plan update timeframes (180 days rather than 90 days). 39
70 Mixed High/Med and Low The low impact requirements are not expected to be implemented in a vacuum Entities with low impact BES Cyber Systems as well as high or medium impact BES Cyber Systems may take advantage of existing programs or procedures, for example: Cyber Security Awareness materials and delivery may be the same for all impact levels Physical Security plan documentation developed for CIP Requirement R1, Part 1.1 may include sections on how physical security controls are applied to locations containing low impact BES Cyber Systems 40
71 Mixed High/Med and Low Examples continued: Configuration and management of electronic access controls may be similar for access control devices and EACMS containing EAPs (e.g., common vendor, common equipment, common configuration tools, common procedures for requesting and granting access, common administrative staff) Cyber Security Incident Response procedures may share procedural documentation for all impact levels The entity should be prepared to demonstrate procedures for applicability and note differences between high/medium impact and low impact, if any 41
72 42
73 What is the Implementation Timeframe for Low Impact? Scott R. Mix, CISSP, NERC CIP Technical Manager NERC Small Group Advisory Sessions Low Impact Webinar September 14, 2016
74 Agenda Implementation Plan Language Already required as of 7/1/2016 Required on 4/1/17 Required on 9/1/2018 2
75 Implementation Plan Language V5 Proposed Effective Date for Version 5 CIP Cyber Security Standards Responsible entities shall comply with all requirements in CIP-002-5, CIP-003-5, CIP-004-5, CIP-005-5, CIP-006-5, CIP-007-5, CIP-008-5, CIP-009-5, CIP-010-1, and CIP as follows: Months Minimum The Version 5 CIP Cyber Security Standards, except for CIP R2, shall become effective on the later of July 1, 2015, or the first calendar day of the ninth calendar quarter after the effective date of the order providing applicable regulatory approval. CIP-003-5, Requirement R2, shall become effective on the later of July 1, 2016, or the first calendar day of the 13th calendar quarter after the effective date of the order providing applicable regulatory approval. Notwithstanding any order to the contrary, CIP through CIP do not become effective, and CIP through CIP remain in effect and are not retired until the effective date of the Version 5 CIP Cyber Security Standards under this implementation plan.2 2. In those jurisdictions where no regulatory approval is required, the Version 5 CIP Cyber Security Standards, except for CIP R2, shall become effective on the first day of the ninth calendar quarter following Board of Trustees approval, and CIP R2 shall become effective on the first day of the 13th calendar quarter following Board of Trustees approval, or as otherwise made effective pursuant to the laws applicable to such ERO governmental authorities. 3
76 Implementation Plan Language V6 Effective Dates (for CIP Version 6) The effective dates for each of the proposed Reliability Standards and NERC Glossary terms are provided below. Where the standard drafting team identified the need for a longer implementation period for compliance with a particular section of a proposed Reliability Standard (i.e., an entire Requirement or a portion thereof), the additional time for compliance with that section is specified below. The compliance date for those particular sections represents the date that entities must begin to comply with that particular section of the Reliability Standard, even where the Reliability Standard goes into effect at an earlier date. 1. CIP Cyber Security Security Management Controls Reliability Standard CIP shall become effective on the later of April 1, 2016 or the first day of the first calendar quarter that is three calendar months after the date that the standard is approved by an applicable governmental authority, or as otherwise provided for in a jurisdiction where approval by an applicable governmental authority is required for a standard to go into effect. Where approval by an applicable governmental authority is not required, the standard shall become effective on the later of April 1, 2016 or the first day of the first calendar quarter that is three calendar months after the date the standard is adopted by the NERC Board of Trustees, or as otherwise provided for in that jurisdiction. 4
77 Implementation Plan Language V6 Compliance Date for CIP-003-6, Requirement R1, Part 1.2 Registered Entities shall not be required to comply with Reliability Standard CIP-003-6, Requirement R1, Part 1.2 until the later of April 1, 2017 or nine calendar months after the effective date of Reliability Standard CIP Compliance Date for CIP-003-6, Requirement R2 Registered Entities shall not be required to comply with Reliability Standard CIP-003-6, Requirement R2 until the later of April 1, 2017 or nine calendar months after the effective date of Reliability Standard CIP Compliance Date for CIP-003-6, Attachment 1, Section 1 Registered Entities shall not be required to comply with Reliability Standard CIP-003-6, Attachment 1, Section 1 until the later of April 1, 2017 or nine calendar months after the effective date of Reliability Standard CIP Compliance Date for CIP-003-6, Attachment 1, Section 2 Registered Entities shall not be required to comply with Reliability Standard CIP-003-6, Attachment 1, Section 2 until the later of September 1, 2018 or nine calendar months after the effective date of Reliability Standard CIP
78 Implementation Plan Language V6 Compliance Date for CIP-003-6, Attachment 1, Section 3 Registered Entities shall not be required to comply with Reliability Standard CIP-003-6, Attachment 1, Section 3 until the later of September 1, 2018 or nine calendar months after the effective date of Reliability Standard CIP Compliance Date for CIP-003-6, Attachment 1, Section 4 Registered Entities shall not be required to comply with Reliability Standard CIP-003-6, Attachment 1, Section 4 until the later of April 1, 2017 or nine calendar months after the effective date of Reliability Standard CIP
79 FERC Effective Dates FERC approved CIP V5 on November 22, 2013, with an effective date of the order of February 3, 2014 (based on publication in the Federal Register), making CIP V5 effective April 1, 2016 FERC approved the CIP V6 changes on January 21, 2016, with an effective date of the order of March 31, 2016 (based on publication in the Federal Register), making the V6 changes effective July 1, 2016 FERC action on February 25, 2016 aligned all CIP V5 & V6 compliance dates to July 1,
80 Already Required as of 7/1/2016 CIP CIP Requirement R3 CIP Requirement R4 8
81 Already Required as of 7/1/2016 There were no changes to CIP done as part of the CIP V6 SDT effort The approved CIP V5 Implementation Plan therefore remained unchanged for CIP
82 Already Required as of 7/1/2016 CIP : CIP Requirement R1 requires identification of all high impact BES Cyber Systems, medium impact BES Cyber Systems, and identifying each asset that contains a low impact BES Cyber System CIP Requirement R2 requires the process be repeated, at least every 15 calendar months, and the CIP Senior Manager approved the identifications in Requirement R1 10
83 Already Required as of 7/1/2016 CIP Requirement R3 Requirement R3 unchanged as part of CIP V6 SDT effort (not discussed in the CIP V6 Implementation Plan) Requires the identification of a CIP Senior Manager CIP Senior Manager must approve the identifications made in CIP , Requirement R2 11
84 Already Required as of 7/1/2016 CIP Requirement R4 Requirement R4 unchanged as part of CIP V6 SDT effort (not discussed in the CIP V6 Implementation Plan) Requires the creation of a documented process to delegate the approvals of the CIP Senior Manager, unless no delegations are used. CIP approvals may be delegated 12
85 Required on 4/1/2017 CIP Requirement R1, Part 1.2 CIP Requirement R2, Attachment 1, Section 1 CIP Requirement R2, Attachment 1, Section 4 13
86 Required on 4/1/2017 CIP Requirement R1, Part 1.2 Requires the creation of cyber security policies for: 1. Cyber security awareness 2. Physical security controls 3. Electronic access controls for Low Impact External Routable Connectivity [Communications] (LERC and Dial-up Connectivity 4. Cyber Security Incident Response Must be approved by the CIP Senior Manager (no delegation allowed) 14
87 Required on 4/1/2017 CIP Requirement R2, Attachment 1, Section 1 Requires that each Responsible Entity shall reinforce, at least once every 15 calendar months, cyber security practices (which may include associated physical security practices). 15
88 Required on 4/1/2017 CIP Requirement R2, Attachment 1, Section 4 Requires that Each Responsible Entity shall have one or more Cyber Security Incident response plan(s), either by asset or group of assets, which shall include: 4.1 Identification, classification, and response to Cyber Security Incidents; 4.2 Determination of whether an identified Cyber Security Incident is a Reportable Cyber Security Incident and subsequent notification to the Electricity Information Sharing and Analysis Center (E-ISAC), unless prohibited by law; 4.3 Identification of the roles and responsibilities for Cyber Security Incident response by groups or individuals; 16
89 Required on 4/1/ Incident handling for Cyber Security Incidents; 4.5 Testing the Cyber Security Incident response plan(s) at least once every 36 calendar months by: (1) responding to an actual Reportable Cyber Security Incident; (2) using a drill or tabletop exercise of a Reportable Cyber Security Incident; or (3) using an operational exercise of a Reportable Cyber Security Incident; and 4.6 Updating the Cyber Security Incident response plan(s), if needed, within 180 calendar days after completion of a Cyber Security Incident response plan(s) test or actual Reportable Cyber Security Incident. 17
90 Required on 4/1/2017 Note: In order to properly develop policy (Section 1) and incident response (Section 4), physical (Section 2) and electronic (Section 3) access control procedures (i.e., the controls to be implemented) need to be initially developed, but they will not themselves be subject to audit 18
91 Required on 9/1/2018 CIP Requirement R2, Attachment 1, Section 2 CIP Requirement R2, Attachment 1, Section 3 19
92 Required on 9/1/2018 CIP Requirement R2, Attachment 1, Section 2 (draft language) Physical Security Controls: Each Responsible Entity shall control physical access, based on need as determined by the Responsible Entity, to (1) the asset or the locations of the low impact BES Cyber Systems within the asset, and (2) the Cyber Asset(s), as specified by the Responsible Entity, that provide electronic access control(s) implemented for Section 3.1, if any. 20
93 Required on 9/1/2018 CIP Requirement R2, Attachment 1, Section 3 (draft language) Electronic Access Controls: Each Responsible Entity shall: 3.1 Implement electronic access control(s) for LERC, if any, to permit only necessary electronic access to low impact BES Cyber System(s). 3.2 Implement authentication for all Dial up Connectivity, if any, that provides access to low impact BES Cyber Systems, per Cyber Asset capability. 21
94 Required on 9/1/2018 All physical and electronic access control protections must be in place at all assets containing low impact BES Cyber Assets or BES Cyber Systems by 9/1/
95 23
96 Upcoming Low Impact Requirements Scott R. Mix, CISSP, NERC CIP Technical Manager NERC Small Group Advisory Sessions Low Impact Webinar September 14, 2016
97 Agenda LERC changes Transient Cyber Assets at Low Impact assets Control Center communications Transmission Operator Control Centers CIP Exceptional Circumstances Cyber Asset and BES Cyber Asset (BCA) Definitions Network and Externally Accessible Devices Virtualization 2
98 LERC Changes Initial comment period and ballot complete Proposed that LERC becomes the property of a BES asset (e.g., station, plant, Control Center) Likely minimal technical differences between V6 and proposed changes May have increased documentation to demonstrate all LERC possibilities Significant volume of comments from industry SDT will be meeting in 2 weeks to discuss comments and make changes in response 3
99 LERC Changes Since LERC is the property of a BES asset, it may exist even if there are no routable connections to low impact BES Cyber Systems Logical or physical network separation is an effective control Firewall-like filtering, data diodes, proxy services, etc may be used if connections are required Auditors were going to ask about it anyhow 4
100 Transient Cyber Assets at Low impact Assets Currently in development by SDT Includes Transient Cyber Assets and Removable Media Modeled after requirements in CIP-010, but adjusted to account for technical differences (no ESP, PCA) No obligation for authorization or software vulnerability mitigation Places in CIP-003 as Section 5 of Attachments 1 and 2 5
101 Control Center Communications FERC Order specifically include low impact Control Centers in the order SDT continues to work on details What data is to be protected Risk-based approach to protections High-watermarking of communications link (??) 6
102 Transmission Operations Control Centers SDT is continuing to work on the issue Developing a white paper for posting to industry 7
103 CIP Exceptional Circumstances SDT Considering adding CIP Exceptional Circumstances to additional requirements Probably no change to low impact 8
104 Cyber Asset and BES Cyber Asset (BCA) Definitions SDT is evaluating whether changes to the core definitions (Cyber Asset, BES Cyber Asset) are necessary May impact designation of low impact BES Cyber Systems Also looking at other modifications, which are not germane to low impact 9
105 Network and Externally Accessible Devices Probably minimal to no impact for low impact BES Cyber Systems 10
106 Virtualization SDT is investigating how to include virtualization concepts into the CIP Standards May include server, network and storage virtualization May impact low impact Control Centers (all virtualization technologies), as well as stations (primarily virtual network) 11
107 12
CIP V5 Updates Midwest Energy Association Electrical Operations Conference
CIP V5 Updates Midwest Energy Association Electrical Operations Conference May 2015 Bob Yates, CISSP, MBA Principal Technical Auditor ReliabilityFirst Corporation Agenda Cyber Security Standards Version
More informationImplementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015
Implementation Plan Project 2014-02 CIP Version 5 Revisions January 23, 2015 This Implementation Plan for the Reliability Standards developed as part of Project 2014 02 CIP Version 5 Revisions replaces
More informationImplementation Plan. Project CIP Version 5 Revisions. January 23, 2015
Implementation Plan Project 2014-02 CIP Version 5 Revisions January 23, 2015 This Implementation Plan for the Reliability Standards developed as part of Project 2014-02 CIP Version 5 Revisions replaces
More informationImplementation Plan for Version 5 CIP Cyber Security Standards
Implementation Plan for Version 5 CIP Cyber Security Standards April 10September 17, 2012 Note: On September 17, 2012, NERC was alerted that some references in the Initial Performance of Certain Periodic
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationCritical Infrastructure Protection (CIP) Version 5 Revisions. Standard Drafting Team Update Industry Webinar September 19, 2014
Critical Infrastructure Protection (CIP) Version 5 Revisions Standard Drafting Team Update Industry Webinar September 19, 2014 Administrative Items NERC Antitrust Guidelines It is NERC s policy and practice
More informationCIP Cyber Security Configuration Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationThis draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationStandard Development Timeline
CIP-003-67(i) - Cyber Security Security Management Controls Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when
More informationLow Impact BES Cyber Systems. Cyber Security Security Management Controls CIP Dave Kenney
Low Impact BES Cyber Systems Cyber Security Security Management Controls CIP-003-6 Dave Kenney November 9, 2016 Presentation Agenda Outreach Observations/Audit Approach Cyber Security Awareness Physical
More informationStandard CIP 005 4a Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-4a 3. Purpose: Standard CIP-005-4a requires the identification and protection of the Electronic Security Perimeter(s)
More informationCompliance: Evidence Requests for Low Impact Requirements
MIDWEST RELIABILITY ORGANIZATION Compliance: Evidence Requests for Low Impact Requirements Jess Syring, CIP Compliance Engineer MRO CIP Low Impact Workshop March 1, 2017 Improving RELIABILITY and mitigating
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft
More informationStandard CIP-006-4c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-4c 3. Purpose: Standard CIP-006-4c is intended to ensure the implementation of a physical security
More informationCIP Cyber Security Security Management Controls
A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-6 3. Purpose: To specify consistent and sustainable security management controls that establish responsibility and
More informationCIP Cyber Security Personnel & Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-5.1 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the BES from individuals
More informationProject Modifications to CIP Standards. Technical Conference April 19, 2016 Atlanta, GA
Project 2016-02 Modifications to CIP Standards Technical Conference April 19, 2016 Atlanta, GA Agenda Welcome Steven Noess NERC Antitrust Compliance Guidelines and Public Announcement* - Al McMeekin Logistics
More informationCIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security System Security Management 2. Number: CIP-007-5 3. Purpose: To manage system security by specifying select technical, operational, and procedural requirements in
More information1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010
Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationCYBER SECURITY POLICY REVISION: 12
1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred
More informationAdditional 45-Day Comment Period and Ballot November Final Ballot is Conducted January Board of Trustees (Board) Adoption February 2015
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationAdditional 45-Day Comment Period September Final Ballot is Conducted October/November Board of Trustees (Board) Adoption November 2014
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationCIP Cyber Security Personnel & Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-6 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the Bulk Electric
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015
Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently
More informationStandard Development Timeline
CIP 003 7 Cyber Security Security Management Controls Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard
More informationCIP Cyber Security Security Management Controls. A. Introduction
CIP-003-7 - Cyber Security Security Management Controls A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-7 3. Purpose: To specify consistent and sustainable security
More informationPage 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES
002 5 R1. Each Responsible Entity shall implement a process that considers each of the following assets for purposes of parts 1.1 through 1.3: i. Control Centers and backup Control Centers; ii. Transmission
More informationTitle. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.
Critical Infrastructure Protection Getting Low with a Touch of Medium Title CanWEA Operations and Maintenance Summit 2018 January 30, 2018 George E. Brown Compliance Manager Acciona Wind Energy Canada
More informationPhysical Security Reliability Standard Implementation
Physical Security Reliability Standard Implementation Attachment 4b Action Information Background On March 7, 2014, the Commission issued an order directing NERC to submit for approval, within 90 days,
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014
Federal Energy Regulatory Commission Order No. 791 June 2, 2014 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently proposed
More informationStandard CIP-006-3c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3c 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security
More informationStandard CIP 005 2a Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2a 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)
More informationCIP Cyber Security Incident Reporting and Response Planning
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationProject CIP Modifications. Webinar on Revisions in Response to LERC Directive August 16, 2016
Project 2016-02 CIP Modifications Webinar on Revisions in Response to LERC Directive August 16, 2016 Administrative Items NERC Antitrust Guidelines It is NERC s policy and practice to obey the antitrust
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationStandard CIP Cyber Security Critical Cyber As s et Identification
A. Introduction 1. Title: Cyber Security Critical Cyber Asset Identification 2. Number: CIP-002-4 3. Purpose: NERC Standards CIP-002-4 through CIP-009-4 provide a cyber security framework for the identification
More informationThis section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft
More informationCyber Security Reliability Standards CIP V5 Transition Guidance:
Cyber Security Reliability Standards CIP V5 Transition Guidance: ERO Compliance and Enforcement Activities during the Transition to the CIP Version 5 Reliability Standards To: Regional Entities and Responsible
More informationDraft CIP Standards Version 5
Draft CIP Standards Version 5 Technical Webinar Part 1 Project 2008-06 Cyber Security Order 706 Standards Drafting Team November 15, 2011 Agenda Opening Remarks John Lim, Consolidated Edison, Chair V5
More informationCritical Infrastructure Protection Version 5
Critical Infrastructure Protection Version 5 Tobias Whitney, Senior CIP Manager, Grid Assurance, NERC Compliance Committee Open Meeting August 9, 2017 Agenda Critical Infrastructure Protection (CIP) Standards
More informationA. Introduction 1. Title: 2. Number: 3. Purpose: 4. Applicability: 4.1. Functional Entities: Balancing Authority Distribution Provider
The Background, VRF/VSLs, and Guidelines and Technical Basis Sections have been removed for this informal posting. The Project 2016-02 is seeking comments around the concept of the Requirement/Measure
More informationLow Impact Generation CIP Compliance. Ryan Walter
Low Impact Generation CIP Compliance Ryan Walter Agenda Entity Overview NERC CIP Introduction CIP-002-5.1, Asset Classification What Should Already be Done CIP-003-7, Low Impact Requirements Tri-State
More informationCyber Security Incident Report
Cyber Security Incident Report Technical Rationale and Justification for Reliability Standard CIP-008-6 January 2019 NERC Report Title Report Date I Table of Contents Preface... iii Introduction... 1 New
More informationStandard CIP Cyber Security Critical Cyber As s et Identification
A. Introduction 1. Title: Cyber Security Critical Cyber Asset Identification 2. Number: CIP-002-4 3. Purpose: NERC Standards CIP-002-4 through CIP-009-4 provide a cyber security framework for the identification
More informationStandard CIP Cyber Security Security Management Controls
A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-4 3. Purpose: Standard CIP-003-4 requires that Responsible Entities have minimum security management controls in
More informationNPCC Compliance Monitoring Team Classroom Session
NPCC Compliance Monitoring Team Classroom Session John Muir - Director, Compliance Monitoring Jacqueline Jimenez - Senior Compliance Engineer David Cerasoli, CISSP - Manager, CIP Audits 5/14/2018 1 Compliance
More informationCIP Cyber Security Security Management Controls. Standard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationCIP Standards Development Overview
CIP Standards Development Overview CSSDTO706 Meeting with FERC Technical Staff July 28, 2011 Objectives Historical Timeline CIP-002-4 CIP-005-4 CIP Version 5 2 Project 2008-06 Overview FERC Order 706 SDT
More informationStandard CIP Cyber Security Incident Reporting and Response Planning
A. Introduction 1. Title: Cyber Security Incident Reporting and Response Planning 2. Number: CIP-008-4 3. Purpose: Standard CIP-008-4 ensures the identification, classification, response, and reporting
More informationCIP Cyber Security Physical Security of BES Cyber Systems
A. Introduction 1. Title: Cyber Security Physical Security of BES Cyber Systems 2. Number: CIP-006-5 3. Purpose: To manage physical access to BES Cyber Systems by specifying a physical security plan in
More informationStandard CIP Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security program
More informationCIP Cyber Security Implementation
CIP-003-6 Cyber Security Implementation Electronic Access Controls and Cyber Security Incident Response Joe Peterson, Substation Cyber Lead ALLETE/Minnesota Power MRO CIP Low Impact Workshop March 1, 2017
More informationLesson Learned CIP Version 5 Transition Program CIP R1: Grouping BES Cyber Assets Version: March 2, 2014
Lesson Learned CIP Version 5 Transition Program CIP-002-5.1 R1: Grouping BES Cyber Assets Version: March 2, 2014 This document is designed to convey lessons learned from NERC s various CIP version 5 transition
More informationMeeting Notes Project Modifications to CIP Standards Drafting Team June 28-30, 2016
Meeting Notes Project 2016-02 Modifications to CIP Standards Drafting Team June 28-30, 2016 Exelon Chicago, IL Administrative 1. Introductions / Chair s Remarks The meeting was brought to order by S. Crutchfield
More informationStandard CIP Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)
More informationCIP Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-5 3. Purpose: To manage electronic access to BES Cyber Systems by specifying a controlled Electronic Security
More informationCIP Cyber Security Recovery Plans for BES Cyber Systems
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationStandard CIP 004 3a Cyber Security Personnel and Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-3a 3. Purpose: Standard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access
More informationCIP Cyber Security Physical Security of BES Cyber Systems
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationLesson Learned CIP Version 5 Transition Program CIP : Communications and Networking Cyber Assets Version: October 6, 2015
Lesson Learned CIP Version 5 Transition Program CIP-002-5.1: Communications and Networking Cyber Assets Version: October 6, 2015 Authorized by the Standards Committee on October 29, 2015 for posting as
More informationCIP Cyber Security Recovery Plans for BES Cyber Systems
A. Introduction 1. Title: Cyber Security Recovery Plans for BES Cyber Systems 2. Number: CIP-009-5 3. Purpose: To recover reliability functions performed by BES Cyber Systems by specifying recovery plan
More informationStandard CIP Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-1 3. Purpose: Standard CIP-005 requires the identification and protection of the Electronic Security Perimeter(s)
More informationProject Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives
Project 2014-02 - Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives Violation Risk Factor and Justifications The tables
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationCyber Security Standards Drafting Team Update
Cyber Security Standards Drafting Team Update Michael Assante, VP & Chief Security Officer North American Electric Reliability Corp. February 3, 2008 Overview About NERC Project Background Proposed Modifications
More informationUnofficial Comment Form Project Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i)
Unofficial Comment Form Project 2016-02 Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i) Do not use this form for submitting comments. Use the electronic form to submit
More informationStandard Development Timeline
CIP-008-6 Incident Reporting and Response Planning Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard
More informationProject Modifications to CIP Standards
Project 2016-02 Modifications to CIP Standards Virtualization and other Technology Innovations Presenters Jay Cribb, Southern Company Steve Brain, Dominion Energy Forrest Krigbaum, Bonneville Power Administration
More information1. SAR posted for comment on January 15, Standard Drafting Team appointed on January 29, 2014
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationNERC-Led Technical Conferences
NERC-Led Technical Conferences NERC s Headquarters Atlanta, GA Tuesday, January 21, 2014 Sheraton Phoenix Downtown Phoenix, AZ Thursday, January 23, 2014 Administrative Items NERC Antitrust Guidelines
More informationCritical Cyber Asset Identification Security Management Controls
Implementation Plan Purpose On January 18, 2008, FERC (or Commission ) issued Order. 706 that approved Version 1 of the Critical Infrastructure Protection Reliability Standards, CIP-002-1 through CIP-009-1.
More informationCyber Security Supply Chain Risk Management
Cyber Security Supply Chain Risk Management JoAnn Murphy, SDT Vice Chair, PJM Interconnection May 31, 2017 FERC Order No. 829 [the Commission directs] that NERC, pursuant to section 215(d)(5) of the FPA,
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationStandard CIP 007 4a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4a 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationUnofficial Comment Form Project Modifications to CIP Standards Virtualization in the CIP Environment
Unofficial Comment Form Project 2016-02 Modifications to CIP Standards Virtualization in the CIP Environment Do not use this form for submitting comments. Use the electronic form to submit comments on
More informationStandard CIP Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-1 3. Purpose: Standard CIP-006 is intended to ensure the implementation of a physical security program
More informationNERC CIP Compliance Matrix of RUGGEDCOM CROSSBOW Operating System
Application description 04/2017 NERC CIP Compliance Matrix of RUGGEDCOM RUGGEDCOM https://support.industry.siemens.com/cs/ww/en/view/109747098 Warranty and Liability Warranty and Liability Note The Application
More informationStandard CIP-006-1a Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-1a 3. Purpose: Standard CIP-006 is intended to ensure the implementation of a physical security program
More informationLesson Learned CIP Version 5 Transition Program CIP R1: Grouping BES Cyber Assets Version: September 8, 2015
Lesson Learned CIP Version 5 Transition Program CIP-002-5.1 R1: Grouping BES Cyber Assets Version: September 8, 2015 This document is designed to convey lessons learned from NERC s various CIP version
More informationCIP Technical Workshop
CIP Technical Workshop Scott R, Mix, CISSP, NERC CIP Technical Manager Nick Santora, CISSP, CISA, GISP, CIP Cybersecurity Specialist Tobias R. Whitney, Manager, CIP Compliance March 4, 2014 Agenda Welcome
More informationCIP Version 5 Evidence Request User Guide
CIP Version 5 Evidence Request User Guide Version 1.0 December 15, 2015 NERC Report Title Report Date I Table of Contents Preface... iv Introduction... v Purpose... v Evidence Request Flow... v Sampling...
More informationDRAFT Cyber Security Incident Reporting and Response Planning
DRAFT Implementation Guidance Pending Submittal for ERO Enterprise Endorsement DRAFT Cyber Security Incident Reporting and Response Planning Implementation Guidance for CIP-008-6 NERC Report Title Report
More informationPhilip Huff Arkansas Electric Cooperative Corporation Doug Johnson Commonwealth Edison Company. CSO706 SDT Webinar August 24, 2011
CIP Standards Version 5 Requirements & Status Philip Huff Arkansas Electric Cooperative Corporation Doug Johnson Commonwealth Edison Company David Revill Georgia Transmission Corporation CSO706 SDT Webinar
More informationCIP Cyber Security Recovery Plans for BES Cyber Systems
A. Introduction 1. Title: Cyber Security Recovery Plans for BES Cyber Systems 2. Number: CIP-009-6 3. Purpose: To recover reliability functions performed by BES Cyber Systems by specifying recovery plan
More informationStandards Development Update
Standards Development Update Steven Noess, Director of Standards Development FRCC Reliability Performance Industry Outreach Workshop September 20, 2017 Supply Chain Risk Management 1 Cyber Security Supply
More informationDesigning Secure Remote Access Solutions for Substations
Designing Secure Remote Access Solutions for Substations John R Biasi MBA, CISA, CISSP October 19, 2017 Agenda Brief Biography Interactive Remote Access Dial-Up Access Examples Transient Devices Vendor
More informationStandards Authorization Request Form
Standards Authorization Request Form When completed, email this form to: sarcomm@nerc.com NERC welcomes suggestions to improve the reliability of the bulk power system through improved reliability standards.
More informationDRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1
DRAFT Cyber Security Communications between Control Centers Technical Rationale and Justification for Reliability Standard CIP-012-1 March May 2018 NERC Report Title Report Date I Table of Contents Preface...
More informationPurpose. ERO Enterprise-Endorsed Implementation Guidance
Lesson Learned CIP Version 5 Transition Program CIP-002-5.1 Requirement R1: Impact Rating of Generation Resource Shared BES Cyber Systems Version: January 29, 2015 Authorized by the Standards Committee
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Worksheet 1 CIP-006-6 Cyber Security Physical Security of BES Cyber Systems This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered Entity:
More informationCIP V5 Implementation Study SMUD s Experience
CIP V5 Implementation Study SMUD s Experience Tim Kelley October 16, 2014 Powering forward. Together. SMUD Fast Facts General Information SMUD employs approximately 2,000 individuals Service area of 900
More information1. SAR posted for comment on January 15, Standard Drafting Team appointed on January 29, 2014
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Development Steps Completed
More informationDraft CIP Standards Version 5
Draft CIP Standards Version 5 Technical Webinar Part 2 Project 2008-06 Cyber Security Order 706 Standards Drafting Team November 29, 2011 Agenda Opening Remarks John Lim, Consolidated Edison, Chair V5
More informationA. Introduction. Page 1 of 22
The Background, VRF/VSLs, and Guidelines and Technical Basis Sections have been removed for this informal posting. The Project 2016-02 is seeking comments around the concept of the Requirement/Measure
More informationTechnical Questions and Answers CIP Version 5 Standards Version: June 13, 2014
Technical s and s CIP Version 5 Standards Version: June 13, 2014 This document is designed to convey lessons learned from NERC s various activities. It is not intended to establish new requirements under
More information