Project CIP Modifications. Webinar on Revisions in Response to LERC Directive August 16, 2016

Similar documents
Meeting Notes Project Modifications to CIP Standards Drafting Team June 28-30, 2016

Critical Infrastructure Protection (CIP) Version 5 Revisions. Standard Drafting Team Update Industry Webinar September 19, 2014

Project CIP Modifications

Modifications to TOP and IRO Standards

Implementation Plan. Project CIP Version 5 Revisions. January 23, 2015

Implementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015

Breakfast. 7:00 a.m. 8:00 a.m.

Project Modifications to CIP Standards

Project Modifications to CIP Standards. Technical Conference April 19, 2016 Atlanta, GA

Supply Chain Cybersecurity Risk Management Standards. Technical Conference November 10, 2016

Project CIP Modifications

Industry Webinar. Project Modifications to CIP-008 Cyber Security Incident Reporting. November 16, 2018

Industry Webinar. Project Single Points of Failure. August 23, 2018

NERC-Led Technical Conferences

Standard Development Timeline

Standard Development Timeline

Project Modifications to CIP Standards. Consideration of Comments Initial Comment Period

Project Modifications to BAL Frequency Response and Frequency Bias Setting. Industry Webinar December 18, 2018

Project CIP Modifications

Standard Development Timeline

Designing Secure Remote Access Solutions for Substations

Standard CIP 005 2a Cyber Security Electronic Security Perimeter(s)

Implementation Plan for Version 5 CIP Cyber Security Standards

Cyber Security Supply Chain Risk Management

Standard CIP Cyber Security Electronic Security Perimeter(s)

Additional 45-Day Comment Period September Final Ballot is Conducted October/November Board of Trustees (Board) Adoption November 2014

CIP Cyber Security Security Management Controls

Low Impact BES Cyber Systems. Cyber Security Security Management Controls CIP Dave Kenney

CIP Cyber Security Security Management Controls. A. Introduction

Compliance: Evidence Requests for Low Impact Requirements

Standard CIP 005 4a Cyber Security Electronic Security Perimeter(s)

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Management and Vulnerability Assessments

SGAS Low Impact Atlanta, GA September 14, 2016

Draft CIP Standards Version 5

CIP V5 Updates Midwest Energy Association Electrical Operations Conference

Standard CIP Cyber Security Critical Cyber Asset Identification

Additional 45-Day Comment Period and Ballot November Final Ballot is Conducted January Board of Trustees (Board) Adoption February 2015

Standard CIP Cyber Security Physical Security

Standard CIP Cyber Security Critical Cyber Asset Identification

This draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791.

Standard Development Timeline

Standard CIP-006-3c Cyber Security Physical Security

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015

Standards Authorization Request Form

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.

Standard CIP Cyber Security Critical Cyber As s et Identification

CIP Standards Development Overview

Standard CIP 004 3a Cyber Security Personnel and Training

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

Standard CIP-006-4c Cyber Security Physical Security

Standard Development Timeline

Unofficial Comment Form Project Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i)

CIP Cyber Security Personnel & Training

Title. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.

CIP Cyber Security Electronic Security Perimeter(s)

Draft CIP Standards Version 5

Standard CIP Cyber Security Incident Reporting and Response Planning

CIP Cyber Security Systems Security Management

CIP Cyber Security Security Management Controls. Standard Development Timeline

A. Introduction 1. Title: 2. Number: 3. Purpose: 4. Applicability: 4.1. Functional Entities: Balancing Authority Distribution Provider

CIP Cyber Security Incident Reporting and Response Planning

Standard CIP Cyber Security Critical Cyber As s et Identification

CIP Cyber Security Personnel & Training

CIP Cyber Security Recovery Plans for BES Cyber Systems

CIP Cyber Security Physical Security of BES Cyber Systems

Standard CIP Cyber Security Electronic Security Perimeter(s)

Philip Huff Arkansas Electric Cooperative Corporation Doug Johnson Commonwealth Edison Company. CSO706 SDT Webinar August 24, 2011

DRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1

Standard COM Communication and Coordination

Standard CIP 007 3a Cyber Security Systems Security Management

Purpose. ERO Enterprise-Endorsed Implementation Guidance

Cyber Security Reliability Standards CIP V5 Transition Guidance:

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

March 10, 2016 VIA ELECTRONIC FILING

Standard CIP Cyber Security Security Management Controls

CIP 005 R2: Electronic Access Controls

Standard CIP 007 4a Cyber Security Systems Security Management

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Physical Security of BES Cyber Systems

Standards Development Update

NPCC Compliance Monitoring Team Classroom Session

Low Impact Generation CIP Compliance. Ryan Walter

Reliability Standard Audit Worksheet 1

Disturbance Monitoring Standard Drafting Team August 7, p.m. 5 p.m. August 8, a.m. 5 p.m. August 9, a.m. noon

Standard CIP-006-1a Cyber Security Physical Security

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

A. Introduction. Page 1 of 22

Unofficial Comment Form

NERC Relay Loadability Standard Reliability Standards Webinar November 23, 2010

Standard CIP Cyber Security Systems Security Management

Physical Security Reliability Standard Implementation

Standard CIP Cyber Security Physical Security

Better Practices to Provide Reasonable Assurance of Compliance with the CIP Standards, Part 2

Cyber Security Standards Drafting Team Update

Proposed Clean and Redline for Version 2 Implementation Plan

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

Reliability Standard Audit Worksheet 1

primary Control Center, for the exchange of Real-time data with its Balancing

Transcription:

Project 2016-02 CIP Modifications Webinar on Revisions in Response to LERC Directive August 16, 2016

Administrative Items NERC Antitrust Guidelines It is NERC s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that unreasonably restrains competition. Notice of Open Meeting Participants are reminded that this webinar is public. The access number was widely distributed. Speakers on the call should keep in mind that the listening audience may include members of the press and representatives of various governmental authorities, in addition to the expected participation by industry stakeholders. 2

The CIP Standard Drafting Team Name Entity Chair Margaret Powell Exelon Vice Chair Christine Hasha Electric Reliability Council of Texas Vice Chair David Revill Georgia Transmission Corporation Members Steven Brain Dominion Jay Cribb Jennifer Flandermeyer Tom Foster Richard Kinas Forrest Krigbaum Philippe Labrosse Mark Riley Zach Trublood Southern Company Kansas City Power and Light PJM Interconnection Orlando Utilities Commission Bonneville Power Administration Hydro-Quebec TransEnergie Associated Electric Cooperative, Inc. Sacramento Municipal Utility District 3

Webinar Agenda Introductions Opening Remarks Approach to the Revisions LERC Definition Update and Retirement of LEAP CIP-003-7, Attachment 1 - Requirements CIP-003-7, Attachment 2 - Measures Guidelines and Technical Basis, Reference Models Implementation Plan Next Steps 4

Approach to Clarify LERC Definition The SDT considered two approaches to address the directive to clarify direct. Option 1 Revise the LERC definition to enable a security control external to the BES Cyber Asset (such as an application break) to indicate the absence of LERC Option 2 Revise the LERC definition to identify all routable protocol communications crossing the asset boundary without regard to 'direct vs. indirect' access. Also, revise the CIP-003 requirements to implement electronic access controls and update and expand the Guidelines and Technical Basis. Both options meet the same security objective. The SDT selected Option 2 - to revise the definition, requirement language, and guidelines and technical basis. 5

LERC Definition Changed Low Impact External Routable Connectivity to Low Impact External Routable Communication (LERC) to focus on the communication that occurs crossing the boundary of the asset containing the low impact BES Cyber Systems to more cleanly align with the output of CIP-002-5.1 R1, Part 1.3. Removed from the definition the word direct thus expanding the LERC definition to be inclusive of both direct and indirect connections. Simplified LERC as an attribute of a BES asset concerning whether there is routable protocol communications across the asset boundary. Removed the dependency between the electronic access controls that may be in place and having those controls determine whether LERC exists or not. 6

LERC Definition Revised Definition: Low Impact External Routable Communication (LERC): Routable protocol communication that crosses the boundary of an asset containing one or more low impact BES Cyber System(s), excluding communications between intelligent electronic devices used for time-sensitive protection or control functions between non-control Center BES assets containing low impact BES Cyber Systems including, but not limited to, IEC 61850 GOOSE or vendor proprietary protocols. Current Definition: Low Impact External Routable Connectivity (LERC): Direct userinitiated interactive access or a direct device-to-device connection to a low impact BES Cyber System(s) from a Cyber Asset outside the asset containing those low impact BES Cyber System(s) via a bi-directional routable protocol connection. Pointto-point communications between intelligent electronic devices that use routable communication protocols for time-sensitive protection or control functions between Transmission station or substation assets containing low impact BES Cyber Systems are excluded from this definition (examples of this communication include, but are not limited to, IEC 61850 GOOSE or vendor proprietary protocols). 7

Retirement of LEAP The changes to LERC changed the focus of the CIP-003 requirements and no longer emphasized the interface that controlled the connectivity. Current Term: Low Impact BES Cyber System Electronic Access Point (LEAP): A Cyber Asset interface that controls Low Impact External Routable Connectivity. The Cyber Asset containing the LEAP may reside at a location external to the asset or assets containing low impact BES Cyber Systems. As a result, the SDT removed use of the term LEAP and proposed its retirement. 8

CIP-003-7 Requirements For those BES assets that have LERC, the SDT changed the requirement to requiring electronic access controls to permit only necessary electronic access to low impact BES Cyber Systems. The SDT also revised CIP-003-6, Attachment 1, Section 2 to accommodate the retirement of LEAP in the physical security section and to provide for the physical security of the Cyber Assets performing the electronic access controls required in Section 3. 9

CIP-003-7 Requirements (Attachment 1) Section 2. Physical Security Controls: Each Responsible Entity shall control physical access, based on need as determined by the Responsible Entity, to (1) the asset or the locations of the low impact BES Cyber Systems within the asset and (2) the Low Impact BES Cyber System Electronic Access Points (LEAPs), the Cyber Asset(s), as specified by the Responsible Entity, that provide electronic access control(s) implemented for Section 3.1, if any. Section 3. Electronic Access Controls: Each Responsible Entity shall: 3.1 Implement electronic access control(s) for LERC, if any, implement a LEAP to permit only necessary inbound and outbound bi-directional routable protocol access; and electronic access to low impact BES Cyber System(s). 3.2 Implement authentication for all Dial-up Connectivity, if any, that provides access to low impact BES Cyber Systems, per Cyber Asset capability. 10

CIP-003 Measures (Attachment 2) The SDT revised CIP-003-6, Attachment 2, Sections 2 and 3 to make the Measures consistent with the revised requirement language. Section 2. Physical Security Controls: Examples of evidence for Section 2 may include, but are not limited to: Documentation of the selected access control(s) (e.g., card key, locks, perimeter controls), monitoring controls (e.g., alarm systems, human observation), or other operational, procedural, or technical physical security controls that control physical access to both: a. The asset, if any, or the locations of the low impact BES Cyber Systems within the asset; and b. The Cyber Asset specified by the Responsible Entity that provides electronic access controls implemented for Section 3.1, if any, containing a LEAP. 11

CIP-003 Measures Section 3. Electronic Access Controls: Examples of evidence for Section 3 may include, but are not limited to: 1. Documentation, such as representative diagrams or lists of implemented electronic access controls (e.g., restricting IP addresses, ports, or services; authenticating users; air-gapping networks; terminating routable protocol sessions on a non-bes Cyber Asset; implementing unidirectional gateways) showing that inbound and outbound connections for any LEAP(s) are LERC at each asset or group of assets containing low impact BES Cyber Systems, is confined to only those to that access the Responsible Entity deems necessary (e.g., by restricting IP addresses, ports, or services) ; and 2. Documentation of authentication for Dial-up Connectivity (e.g., dial out only to a preprogrammed number to deliver data, dial-back modems, modems that must be remotely controlled by the control center or control room, or access control on the BES Cyber System). 12

Asset Boundaries Removes ambiguity of where routable protocol must exist in current definition ( via a bi-directional routable protocol connection ) Used for determining which routable protocol communications and networks are internal or inside or local to the BES asset and which are external to or outside the BES asset. Not an Electronic Security Perimeter or Physical Security Perimeter 13

LERC Reference Model 1 14

LERC Reference Model 2 15

LERC Reference Model 3 16

LERC Reference Model 4 17

LERC Reference Model 5 18

LERC Reference Model 6 19

LERC Reference Model 7 20

LERC Reference Model 8 21

LERC Reference Model 9 22

Implementation Plan The Implementation Plan does not modify the effective date for CIP-003-6 or any of the phased-in compliance dates in the CIP- 003-6 Implementation Plan. Provides a single compliance date for the newly revised sections (Sections 2 and 3) in CIP-003-7, Attachment 1. The enforcement deadline will be the later of September 1, 2018 or the first day of the first calendar quarter that is nine (9) calendar months after the effective date of the order providing applicable regulatory approval. Carries forward by reference the provisions for planned or unplanned changes. 23

Implementation Plan 24

Implementation Plan Effective Date Where approval by an applicable governmental authority is required, Reliability Standard CIP-003-7 and the NERC Glossary term Low Impact External Routable Communication (LERC) shall become effective on the later of September 1, 2018 or the first day of the first calendar quarter that is nine (9) calendar months after the effective date of the applicable governmental authority s order approving the standard and NERC Glossary term, or as otherwise provided for by the applicable governmental authority. Where approval by an applicable governmental authority is not required, Reliability Standard CIP-003-7 and the NERC Glossary term Low Impact External Routable Communication (LERC) shall become effective on the first day of the first calendar quarter that is nine (9) calendar months after the date the standard is adopted by the NERC Board of Trustees, or as otherwise provided for in that jurisdiction. 25

Posting Schedule LERC July 21 - August 19 Join the Ballot Pools July 21 - September 6 Planned 45 day Comment Period August 10 - September 6 RSAW Comment Period August 26 - September 6 Ballot Period REMINDER: CIP-002-5.1 Interpretation July 27 - August 25 Join Ballot Pool July 27 - September 12 Planned 45 day Comment Period August 30 - September 12 Ballot Period 26

Resources This slide deck and other information relative to the CIP Modifications SDT may be found on the Project 2016-02 Project Page under Related Files: 02%20Modifications%20to%20CIP%20Standards.aspx The Project 2015-INT-01 Interpretation of CIP-002-5.1 for Energy Sector Security Consortium (EnergySec) may be found: http://www.nerc.com/pa/stand/pages/project%202016- http://www.nerc.com/pa/stand/pages/project-2015-int-01-interpretation-of-cip- 002-5-1-for-EnergySec.aspx 27

28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback