CIP Cyber Security Standards. Development Update

Similar documents
Disclaimer Executive Summary Introduction Overall Application of Attachment Generation Transmission...

Draft CIP Standards Version 5

CIP Cyber Security Critical Cyber Asset Identification. Rationale and Implementation Reference Document

CIP Standards Development Overview

Standard CIP Cyber Security Critical Cyber As s et Identification

CIP Standards Update. SANS Process Control & SCADA Security Summit March 29, Michael Assante Patrick C Miller

Philip Huff Arkansas Electric Cooperative Corporation Doug Johnson Commonwealth Edison Company. CSO706 SDT Webinar August 24, 2011

Standard CIP Cyber Security Critical Cyber As s et Identification

Project Cyber Security Order 706 SDT Meeting Agenda

Critical Asset Identification Methodology. William E. McEvoy Northeast Utilities

Project Cyber Security Order 706 SDT. Meeting Agenda

Implementing Cyber-Security Standards

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Draft CIP Standards Version 5

New Brunswick 2018 Annual Implementation Plan Version 1

Standard Development Timeline

Standard Development Timeline

Standard Development Timeline

Implementation Plan for Version 5 CIP Cyber Security Standards

Standard Development Timeline

requirements in a NERC or Regional Reliability Standard.

CIP Cyber Security Incident Reporting and Response Planning

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.

Purpose. ERO Enterprise-Endorsed Implementation Guidance

Project Cyber Security Order 706 SDT. Meeting Agenda

CIP Cyber Security Security Management Controls. Standard Development Timeline

CIP V5 Updates Midwest Energy Association Electrical Operations Conference

Reliability Standard Audit Worksheet 1

Standard CIP Cyber Security Critical Cyber Asset Identification

Cyber Attacks on Energy Infrastructure Continue

Standard CIP Cyber Security Critical Cyber Asset Identification

EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,

Supply Chain Cybersecurity Risk Management Standards. Technical Conference November 10, 2016

Physical Security Reliability Standard Implementation

Violation Risk Factor and Violation Severity Level Justification Project Modifications to CIP-008 Cyber Security Incident Reporting

CIP Cyber Security Recovery Plans for BES Cyber Systems

Title. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.

This draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791.

NERC Relay Loadability Standard Reliability Standards Webinar November 23, 2010

Cyber Security Supply Chain Risk Management

Violation Risk Factor and Violation Severity Level Justifications Project Modifications to CIP Standards

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Standard Development Timeline

CIP Cyber Security Recovery Plans for BES Cyber Systems

Standards Authorization Request Form

DRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1

Cyber Security Standards Drafting Team Update

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Standard Authorization Request Form

Project Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives

CIP Cyber Security Recovery Plans for BES Cyber Systems

Québec Reliability Standards Compliance Monitoring and Enforcement Program Implementation Plan Annual Implementation Plan

Additional 45-Day Comment Period September Final Ballot is Conducted October/November Board of Trustees (Board) Adoption November 2014

Cyber Security Reliability Standards CIP V5 Transition Guidance:

CIP Cyber Security Configuration Management and Vulnerability Assessments

CIP Cyber Security Systems Security Management

CIP Cyber Security Physical Security of BES Cyber Systems

Critical Infrastructure Protection (CIP) Version 5 Revisions. Standard Drafting Team Update Industry Webinar September 19, 2014

Cyber Threats? How to Stop?

Alberta Reliability Standard Cyber Security Incident Reporting and Response Planning CIP-008-AB-5

COM Operating Personnel Communications Protocols. October 31, 2013

Standard Development Timeline

Industry Webinar. Project Modifications to CIP-008 Cyber Security Incident Reporting. November 16, 2018

Cyber Security Incident Report

CIP Cyber Security Personnel & Training

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.

Critical Cyber Asset Identification Security Management Controls

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION

CIP Cyber Security Electronic Security Perimeter(s)

Standard Development Timeline

A. Introduction 1. Title: 2. Number: 3. Purpose: 4. Applicability: 4.1. Functional Entities: Balancing Authority Distribution Provider

Standard CIP 007 4a Cyber Security Systems Security Management

Implementation Plan. Project CIP Version 5 Revisions. January 23, 2015

CIP Cyber Security Physical Security of BES Cyber Systems

Standards Authorization Request Form

Implementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015

Standard CIP-006-4c Cyber Security Physical Security

Standard CIP Cyber Security Electronic Security Perimeter(s)

Modifications to TOP and IRO Standards

Standard CIP 005 4a Cyber Security Electronic Security Perimeter(s)

primary Control Center, for the exchange of Real-time data with its Balancing

Standards Development Update

CIP Standards Development Overview

Meeting Notes Project Modifications to CIP Standards Drafting Team June 28-30, 2016

NERC and Regional Coordination Update

1. SAR posted for comment on January 15, Standard Drafting Team appointed on January 29, 2014

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Standard Development Timeline

CIP Cyber Security Systems Security Management

NERC Management Response to the Questions of the NERC Board of Trustees on Reliability Standard COM September 6, 2013

Standard CIP Cyber Security Systems Security Management

Additional 45-Day Comment Period and Ballot November Final Ballot is Conducted January Board of Trustees (Board) Adoption February 2015

Standard Development Timeline

CIP Cyber Security Security Management Controls. A. Introduction

Categorizing Cyber Systems

British Columbia Utilities Commission Reliability Standards with Effective Dates adopted in British Columbia

CIP Cyber Security Personnel & Training

Standard CIP-006-3c Cyber Security Physical Security

Transcription:

CIP Cyber Security Standards Development Update John Lim Consolidated Edison Co. of New York Rob Antonishen Ontario Power Generation September 21-22, 2010 1

Disclaimer This NPCC TFIST workshop provides a forum for the presentation and discussion of member experience in the implementation of compliance programs for the NERC CIP Cyber Security Standards. Materials presented or discussed are the presenters own interpretation and recommendations and do not necessarily represent those of their organizations or NPCC. September 21-22, 2010 2

h Agenda Development Process Changes CIP-002-4 CIP-005-4 Urgent Action CIP-10 and CIP-011 September 21-22, 2010 3

CIP Standard Development Process Approved by NERC Standards Committee Informal Comments Forms Webinars Workshops Other venues (regional meetings, etc.) Formal response to each comment not required September 21-22, 2010 4

CIP Standard Development Process(2) Formal Comments (45 days) Concurrent Ballot Pool formation/pre-ballot Review (1st 30 days) Ballot (Last 10 days) All comments must be responded to. Re-ballot Can make changes to standard between ballots As many as required for consensus September 21-22, 2010 5

What Has Been Completed Version 2 (CIP-002-2 CIP-009-2) Phase 1 Low Hanging Fruits for FERC 706 Directives Became Effective 4/2010 Version 3 (CIP-002-3 CIP-009-3) 90 day FERC directed changes to Version 2 Effective 10/2010 September 21-22, 2010 6

What s In Progress CIP-002-4 1st formal posting/concurrent ballot: September 2010 Target: Complete by 12/2010 CIP-005-4 Urgent Action: Response to Remote Access Vulnerability Separate Drafting Team Posted for Comment/Ballot: 08/18/2010 Intent to File to FERC with CIP-002-4 package CIP-10 & CIP-011 Concept Paper: July 2009 Informal Posting: CIP-002-4 12/2009 (not the same as the current CIP-002-4) Informal Posting: CIP-010 and CIP-011 07/2010 Target: 2011 September 21-22, 2010 7

CIP-002-4 CIP-002-4 Narrow Scope Non-uniform application of methodologies for identifying Critical Assets, resulting in wide variation in the types and number of critical assets across regions. Replace the Entity defined Risk-Based Methodology requirement with a bright-line based criteria requirement for identifying Critical Assets. FERC Order 706 comments and directives regarding oversight of the lists of identified Critical Assets in CIP-002. (Para. 329). Requirement for oversight is significantly mitigated. External perceptions of insufficiency of the Entity defined methodologies in identification of Critical Assets. September 21-22, 2010 8

CIP-002-4 Schedule Sep 20 Posting for Comment and Ballot Nov 4 Ballot Closes Comments Due Nov 19 30 Second Ballot Oct 25 Ballot Opens Nov 5 18 Drafting Team Responds to Comments Incorporates Changes 9

Posted Documents CIP V4 Standards CIP-002-4 Main revisions CIP-003-4, CIP-004-4, CIP-006-4, CIP-007-4, and CIP-008-4, CIP-009-4 Conforming changes Implementation Plan Reference (Guidance) Document Mapping Document VRF/VSL Analysis Summary Response to CIP-010 Attachment 2 Consideration of Comments on Question 7 10

CIP-002-4 Replace Risk-Based Methodology with Bright-line Criteria (R1 & Attachment 1) Generation Transmission Control Centers Minor changes to R2 Identification of Critical Cyber Assets No changes to CIP-003-CIP-009 except conforming changes Reference Document and Implementation Plan September 21-22, 2010 11

Requirement R1 Critical Asset Identification Each Responsible Entity shall develop a list of its identified Critical Assets determined through an annual application of the criteria contained in CIP-002-4 Attachment I Critical Asset Criteria. The Responsible Entity shall review this list at least annually, and update it as necessary. 12

Requirement R2 Critical Cyber Asset Identification.. For each group of generating units (including nuclear generation) at a single plant location identified in Attachment 1, criterion 1.1, the only Cyber Assets that must be considered are those shared Cyber Assets that could adversely impact the reliable operation of any combination of units that in aggregate exceed Attachment 1, criterion 1.1 within 15 minutes. V3 qualifications still apply 13

Requirement R3 Annual Approval The senior manager or delegate(s) shall approve annually the list of Critical Assets and the list of Critical Cyber Assets.. No change in the requirement substance 14

Attachment 1 Criteria for Identification of Critical Assets (BES) Bright-lines Generation Transmission Control Centers Anything else the Responsible Entity wants to include 15

Generation Plants with group of units = or > 1500 MW Single unit or multiple unit plants Critical Cyber Assets: Aggregate Impact Nuclear Facilities evaluated based on bright line Required to run for reliability reasons Designated by Transmission Planners Blackstart Resources Designated by Transmission Operator in its restoration plan Initial Plant for restoration Glossary Term defined and used by EOP-005-2 16

Transmission Reactive resources = or > 1000 MVARS Cranking Paths up to multiple path options Operating at = or > 500 KV Operating at = or > 300 KV with 3 other stations Facilities, if lost, etc., would violate IROLs FACTS, if lost, etc., would violate IROLs Loss of Critical Generation Nuclear Plant Interface Requirements (NPIRs) SPS/RAS, if lost, etc., would result in IROLs 17

Control Centers Primary and Backup Performing the functional obligations of RC, BA, TOP Refer to Reference Document for delegated functions (TOs) Generation Control = or > 1500 MW in a single interconnection 18

And Any additional assets that the Responsible Entity deems appropriate to include 19

Version 4: Implementation Timeline 3/31/2011 FERC Approves CIP Version 4 10/1/2011 Comply with CIP-002-4 for all CCA s Comply with CIP-003-009-4 for previously identified CCAs 4/1/2013 Comply with CIP-003-009-4 for new CCAs 4/1/11 7/1/11 10/1/11 1/1/12 4/1/12 7/1/12 10/1/12 1/1/13 4/1/13 1/1/11 7/1/13 All dates included in the timeline are purely speculative and are for example purposes only. 20

CIP-005-4 Urgent Action Process Addresses Remote Access vulnerability Counterpart to CAN-005 Remote Access for Support and Maintenance Formal comments and Pre-ballot Review: 8/18/2010 to 9/17/2010 Ballot: 9/17 September 21-22, 2010 21

CIP-005-4 Schedule Pre-ballot posting and formation of ballot pool closed on 9/17/2010 Balloting started on 9/17/2010 for 10 days Likely withdraw CIP-005-4 in response to ballot comments modify and re-post for initial ballot Schedule to complete for concurrent approval and filing of CIP-002-4 with regulators at the end of the year 22

CIP-010 Categorized list of BES Cyber Systems Based on Impact on Functions High Medium Low Basis for Application of Appropriate Controls (CIP-011) Formal Comment: 7/2011 September 21-22, 2010 23

CIP-011 Posted for informal comment May 2010 SDT reviewed comments and feedback received at the May 2010 workshop in Dallas. SDT determined it was infeasible to address all of the concerns and achieve industry consensus on CIP-011 by the initial target date of December 2010. Efforts on updating CIP-011 have been substantially deferred, with plans to resume in December. Efforts to review and respond to comments has continued. September 21-22, 2010 24

CIP-011 Scope and Objectives Address FERC Order 706 Directives: 2 or more diverse security measures for defense in depth at the security boundaries Active vulnerability assessments every 3 years Incorporate forensic data collection and procedures Consideration of adapting the NIST Security Risk Management Framework September 21-22, 2010 25

CIP-011 Structure The SDT requested feedback on the new CIP-011 format: Keep CIP-011-1 as one standard Break CIP-011-1 up into multiple standards No Preference Industry response: No preference (1/3 1/3 1/3) September 21-22, 2010 26

CIP-011 Guiding Principles Policy focuses on high-level subject areas. To draft standards at a higher level to minimize the need for TFEs. STD will attempt to preserve the effort invested by Responsible Entities by developing a mapping from the existing standards 003-009 to 011. September 21-22, 2010 27

CIP-011 Sub-Teams Personnel and Physical Security: Doug Johnson (Lead), Rob Antonishen, Patrick Leon, Kevin Sherlin (FERC: Drew Kittey) System Security and Boundary Protection: Jay Cribb (Lead), Jackie Collett, John Varnell, John Van Boxtel, Philip Huff (Observer Participant: Brian Newell) (FERC: Justin Kelly) September 21-22, 2010 28

CIP-011 Sub-Teams (cont.) Incident Response and Recovery: Scott Rosenberger (Lead), Joe Doetzl, Tom Stevenson (Observer Participant: Jason Marshall) (FERC: Dan Bogle) Access Control and Boundary Protection: Sharon Edwards (Lead), Jeff Hoffman, Frank Kim, Jerry Freese (Observer Participants: Roger Fradenburgh, Sam Merrell) (FERC: Mike Keane) September 21-22, 2010 29

CIP-011 Sub-Teams (cont.) Change Management, System Lifecycle, Information Protection, Maintenance, and Governance: Dave Revill (Lead), Jon Stanford, Keith Stouffer, Bill Winters (Observer Participant: Brian Newell) (FERC: Jan Bargen, Matthew Dale) September 21-22, 2010 30

What should you be doing? September 21-22, 2010 31

Q&A Questions or Comments? September 21-22, 2010 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback