Cyber Threats? How to Stop?

Transcription

1 Cyber Threats? How to Stop? North American Grid Security Standards Jessica Bian, Director of Performance Analysis North American Electric Reliability Corporation AORC CIGRE Technical Meeting, September 4-5, 2013

2 Agenda Overview of Critical Infrastructure Protection Version 5 Focus on Correcting Deficiencies Examples CIP V5 Implementation Timeline Question and Answer 2 RELIABILITY ACCOUNTABILITY

3 What is NERC? NERC was certified as ERO by the U.S. Federal Energy Regulatory Commission (FERC) in 2006 Partnership with eight (8) regional entities to manage reliability in North America FERC provides oversight, approves standards and ERO budgets (NERC/regions) 3 RELIABILITY ACCOUNTABILITY

4 About NERC: Mission To ensure the reliability of the North American bulk power system Develop and enforce reliability standards Assess, measure, and investigate historic trends and future projections to improve bulk power system reliability Develop solid technical understanding of the reliability risks Solutions, strategies, and initiatives to enhance bulk reliability Analyze system events and recommend improved practices 4 RELIABILITY ACCOUNTABILITY

5 CIP Version 5 CIP Cyber Security BES Cyber System Categorization CIP Cyber Security Security Management Controls CIP Cyber Security Personnel and Training CIP Cyber Security Electronic Security Perimeter(s) CIP Cyber Security Physical Security of BES Cyber Systems CIP Cyber Security Systems Security Management CIP Cyber Security Incident Reporting and Response Planning CIP Cyber Security Recovery Plans for BES Cyber Systems CIP Cyber Security Configuration Change Management and Vulnerability Assessments CIP Cyber Security Information Protection 5 RELIABILITY ACCOUNTABILITY

6 CIP Standards Version History Urgent Action 1200 CIP Version 1 CIP Version 2 CIP Version 3 Currently Effective CIP Version 4 Effective 10/1/2014 CIP Version 5 Effective in 2015/2016 BOT Approved 07/2003 Renewed 2005 BOT Approval 5/2006 FERC Approval 1/2008 BOT Approval 5/2009 FERC Approval 9/2009 BOT Approval 12/2009 FERC Approval 3/2010 BOT Approval 1/2011 FERC Approval 4/2012 (effective 10/2014) BOT Approval 11/2012 FERC Notice for Approval 4/ RELIABILITY ACCOUNTABILITY

7 Comparative Table Version 4 Version 5 42 requirements; 113 parts 32 requirements; 110 Parts No contextual information Many documentary compliance requirements Measures on high level requirement only 14 requirements with TFE triggering language Undefined periodic terms Many binary VSLs Includes background, rationale, and guidelines and technical Basis Many requirements include consideration for self correcting process improvement Measures for each requirement, including parts 10 requirements with TFE triggering language Clear periodic requirements: initial requirements in Implementation Plan More gradated VSLs 7 RELIABILITY ACCOUNTABILITY

8 CIP V5 Approach to Correcting Deficiencies Each Responsible Entity shall implement, in a manner that identifies, assesses, and corrects deficiencies, one or more documented processes that collectively include each of the applicable items. Empowers industry Shifts focus from whether deficiencies occur to correcting deficiencies Continuous Improvement o From: backward looking, individual violations o To: forward looking, holistic focus Reliability and security emphasis that promotes the identification and correction of deficiencies 8 RELIABILITY ACCOUNTABILITY

9 Incorporation into V5 Instances of Identify, Assess, and Correct Deficiencies Language in CIP Version 5 Standard CIP CIP CIP CIP CIP CIP CIP Requirement R2,R4 R2, R3, R4, R5 R1, R2 R1, R2, R3, R4, R5 R2 R1, R2 R1 9 RELIABILITY ACCOUNTABILITY

10 BES Cyber Asset Definitions A Cyber Asset that if rendered unavailable, degraded, or misused would, within 15 minutes of its required operation, misoperation, or non operation, adversely impact one or more Facilities, systems, or equipment, which, if destroyed, degraded, or otherwise rendered unavailable when needed, would affect the BES reliable operation. Control Center One or more facilities hosting operating personnel that monitor and control the BES in real time to perform the reliability tasks, including their associated data centers, of: 1) a Reliability Coordinator, 2) a Balancing Authority, 3) a Transmission Operator for transmission Facilities at two or more locations, or 4) a Generation Operator for generation Facilities at two or more locations. 10 RELIABILITY ACCOUNTABILITY

11 ESPs and PCAs Electronic Security Perimeters Network security, not compliance boundary focus Only required on routable protocol networks Protected Cyber Assets Historically known as non critical Cyber Assets 11 RELIABILITY ACCOUNTABILITY

12 High Water Marking High Water Marking A new concept from our tiered impact model Highest impact BES Cyber System in a network determines impact level of all Cyber Assets in the ESP 12 RELIABILITY ACCOUNTABILITY

13 Asset based approach List of types of assets to be considered o 3000 MW threshold for High BA Control Center o 1500 MW threshold for Medium BA Control Center o 1500 MW threshold for Medium GOP Control Center CIP Identify and categorize High and Medium Impact BES Cyber Systems, if any, at each asset Identify assets that contain Low Impact BES Cyber Systems 13 RELIABILITY ACCOUNTABILITY

14 CIP Patch Management Changed to a monthly process instead of per patch process No mitigation plans needed if patch installed Existing mitigation plans may be modified with approval Malware 35 day signature update requirement replaced Have a process for updating that includes testing and installing 14 RELIABILITY ACCOUNTABILITY

15 CIP R1 Each Responsible Entity shall implement one or more documented physical security plans that includes: 15 RELIABILITY ACCOUNTABILITY

16 CIP R1 (continued) Each Responsible Entity shall implement, in a manner that identifies, assesses and corrects deficiencies, one or more documented physical security plans that includes: 16 RELIABILITY ACCOUNTABILITY

17 Violation Severity Level VSLs Old Language The Responsible Entity does not have a process to monitor the Physical Security Perimeter twenty four hours a day, seven days a week for unauthorized circumvention of a physical access control into a Physical Security Perimeter. New Language The Responsible Entity has a process to monitor for unauthorized access through a physical access point into a Physical Security Perimeter and identified deficiencies but did not assess or correct the deficiencies 17 RELIABILITY ACCOUNTABILITY

18 CIP Implementation 18 RELIABILITY ACCOUNTABILITY

19 When to Self-Report Plan does not exist Plan has not been implemented Did not assess or correct identified deficiencies Deficiencies that create high risk to the Bulk Electric System 19 RELIABILITY ACCOUNTABILITY

20 Questions and Answers 20 RELIABILITY ACCOUNTABILITY

21 Background Materials 21 RELIABILITY ACCOUNTABILITY

22 All CIP Standards View at: 1. Title: Sabotage Reporting Number: CIP 001 2a Purpose: Disturbances or unusual occurrences, suspected or determined to be caused by sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory bodies. 22 RELIABILITY ACCOUNTABILITY

23 All CIP Standards 2. Title: Cyber Security BES Cyber System Categorization Number: CIP Purpose: To identify and categorize BES Cyber Systems and their associated BES Cyber Assets for the application of cyber security requirements commensurate with the adverse impact that loss, compromise, or misuse of those BES Cyber Systems could have on the reliable operation of the BES. Identification and categorization of BES Cyber Systems support appropriate protection against compromises that could lead to misoperation or instability in the BES. 23 RELIABILITY ACCOUNTABILITY

24 All CIP Standards 3. Title: Cyber Security Security Management Controls Number: CIP Purpose: To specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES Cyber Systems against compromise that could lead to misoperation or instability in the BES. 4. Title: Cyber Security Personnel & Training Number: CIP Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the BES from individuals accessing BES Cyber Systems by requiring an appropriate level of personnel risk assessment, training, and security awareness in support of protecting BES Cyber Systems. 24 RELIABILITY ACCOUNTABILITY

25 All CIP Standards 5. Title: Cyber Security Electronic Security Perimeter(s) Number: CIP Purpose: To manage electronic access to BES Cyber Systems by specifying a controlled Electronic Security Perimeter in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES. 6. Title: Cyber Security Physical Security of BES Cyber Systems Number: CIP Purpose: To manage physical access to BES Cyber Systems by specifying a physical security plan in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES. 25 RELIABILITY ACCOUNTABILITY

26 All CIP Standards 7. Title: Cyber Security System Security Management Number: CIP Purpose: To manage system security by specifying select technical, operational, and procedural requirements in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES. 8. Title: Cyber Security Incident Reporting and Response Planning Number: CIP Purpose: Standard CIP ensures the identification, classification, response, and reporting of Cyber Security Incidents related to Critical Cyber Assets. Standard CIP should be read as part of a group of standards numbered Standards CIP through CIP RELIABILITY ACCOUNTABILITY

27 All CIP Standards 9. Title: Cyber Security Recovery Plans for BES Cyber Systems Number: CIP Purpose: To recover reliability functions performed by BES Cyber Systems by specifying recovery plan requirements in support of the continued stability, operability, and reliability of the BES. 10. Title: Cyber Security Configuration Change Management and Vulnerability Assessments Number: CIP Purpose: To prevent and detect unauthorized changes to BES Cyber Systems by specifying configuration change management and vulnerability assessment requirements in support of protecting BES Cyber Systems from compromise that could lead to misoperation or instability in the BES. 27 RELIABILITY ACCOUNTABILITY

28 All CIP Standards 11.Title: Cyber Security Information Protection Number: CIP Purpose: To prevent unauthorized access to BES Cyber System Information by specifying information protection requirements in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES. 28 RELIABILITY ACCOUNTABILITY