Cyber Threats? How to Stop?

Similar documents
Summary of FERC Order No. 791

NB Appendix CIP NB-0 - Cyber Security Personnel & Training

NB Appendix CIP NB-0 - Cyber Security Recovery Plans for BES Cyber Systems

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Cybersecurity for the Electric Grid

Standard Development Timeline

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Lesson Learned CIP Version 5 Transition Program CIP : Communications and Networking Cyber Assets Version: October 6, 2015

CIP Cyber Security Systems Security Management

Title. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.

Standard CIP 005 4a Cyber Security Electronic Security Perimeter(s)

Standard CIP Cyber Security Systems Security Management

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.

CIP Cyber Security Electronic Security Perimeter(s)

Implementation Plan. Project CIP Version 5 Revisions. January 23, 2015

Purpose. ERO Enterprise-Endorsed Implementation Guidance

CIP Cyber Security Personnel & Training

Standard CIP 007 4a Cyber Security Systems Security Management

Standard CIP Cyber Security Critical Cyber As s et Identification

NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION

Implementation Plan. Project CIP Version 5 Revisions 1. January 23, 2015

CIP Cyber Security Security Management Controls. A. Introduction

Standard CIP Cyber Security Critical Cyber As s et Identification

Standard CIP 005 2a Cyber Security Electronic Security Perimeter(s)

requirements in a NERC or Regional Reliability Standard.

CIP Cyber Security Physical Security of BES Cyber Systems

Cyber Security Incident Report

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

Standard CIP Cyber Security Electronic Security Perimeter(s)

Standard CIP 007 3a Cyber Security Systems Security Management

Critical Cyber Asset Identification Security Management Controls

A. Introduction 1. Title: 2. Number: 3. Purpose: 4. Applicability: 4.1. Functional Entities: Balancing Authority Distribution Provider

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Standard CIP Cyber Security Systems Security Management

Critical Infrastructure Protection (CIP) Version 5 Revisions. Standard Drafting Team Update Industry Webinar September 19, 2014

CIP Cyber Security Security Management Controls. Standard Development Timeline

requirements in a NERC or Regional Reliability Standard.

This draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791.

CIP Cyber Security Information Protection

EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,

Implementation Plan for Version 5 CIP Cyber Security Standards

Standard Development Timeline

NERC CIP: Fundamental Security Requirements of an Electronic Access Control and Monitoring System (EACMS) Requirements Mapping to ConsoleWorks

Violation Risk Factor and Violation Severity Level Justifications Project Modifications to CIP Standards

Draft CIP Standards Version 5

October 2, CIP-014 Report Physical Security Protection for High Impact Control Centers Docket No. RM15-14-

Standard CIP Cyber Security Security Management Controls

Reliability Standard Audit Worksheet 1

CIP Cyber Security Recovery Plans for BES Cyber Systems

CIP Cyber Security Configuration Change Management and Vulnerability AssessmentsManagement

CIP Cyber Security Personnel & Training

Physical Security Reliability Standard Implementation

Standard CIP Cyber Security Incident Reporting and Response Planning

CIP Cyber Security Configuration Management and Vulnerability Assessments

Project Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives

Standard Development Timeline

CIP Cyber Security Recovery Plans for BES Cyber Systems

1. SAR posted for comment on January 15, Standard Drafting Team appointed on January 29, 2014

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION ) )

New Brunswick 2018 Annual Implementation Plan Version 1

Standard CIP-006-4c Cyber Security Physical Security

Cyber Security Reliability Standards CIP V5 Transition Guidance:

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

Standard CIP-006-3c Cyber Security Physical Security

Standard Development Timeline

Standard CIP Cyber Security Physical Security

Standard Development Timeline

Standard CIP Cyber Security Critical Cyber Asset Identification

Standard Development Timeline

Standard CIP Cyber Security Critical Cyber Asset Identification

DRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1

Standard CIP Cyber Security Electronic Security Perimeter(s)

CIP V5 Implementation Study SMUD s Experience

Disclaimer Executive Summary Introduction Overall Application of Attachment Generation Transmission...

TOP-010-1(i) Real-time Reliability Monitoring and Analysis Capabilities

A. Introduction. Page 1 of 22

Violation Risk Factor and Violation Severity Level Justification Project Modifications to CIP-008 Cyber Security Incident Reporting

NERC-Led Technical Conferences

Implementing Cyber-Security Standards

1. SAR posted for comment on January 15, Standard Drafting Team appointed on January 29, 2014

Security Standards for Electric Market Participants

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015

CIP Configuration Change Management & Vulnerability Assessments

CIP Cyber Security Physical Security of BES Cyber Systems

Standard Development Timeline

Additional 45-Day Comment Period September Final Ballot is Conducted October/November Board of Trustees (Board) Adoption November 2014

Interactive Remote Access FERC Remote Access Study Compliance Workshop October 27, Eric Weston Compliance Auditor Cyber Security.

Unofficial Comment Form Project Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i)

Frequently Asked Questions November 25, 2014 CIP Version 5 Standards

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

BILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers

Cyber Attacks on Energy Infrastructure Continue

CIP Cyber Security Recovery Plans for BES Cyber Systems

Grid Security & NERC

Lesson Learned CIP Version 5 Transition Program

Project Physical Security Directives Mapping Document

CIP Cyber Security Systems Security Management

NERC CIP Compliance Matrix of RUGGEDCOM CROSSBOW Operating System

Transcription:

Cyber Threats? How to Stop? North American Grid Security Standards Jessica Bian, Director of Performance Analysis North American Electric Reliability Corporation AORC CIGRE Technical Meeting, September 4-5, 2013

Agenda Overview of Critical Infrastructure Protection Version 5 Focus on Correcting Deficiencies Examples CIP V5 Implementation Timeline Question and Answer 2 RELIABILITY ACCOUNTABILITY

What is NERC? NERC was certified as ERO by the U.S. Federal Energy Regulatory Commission (FERC) in 2006 Partnership with eight (8) regional entities to manage reliability in North America FERC provides oversight, approves standards and ERO budgets (NERC/regions) 3 RELIABILITY ACCOUNTABILITY

About NERC: Mission To ensure the reliability of the North American bulk power system Develop and enforce reliability standards Assess, measure, and investigate historic trends and future projections to improve bulk power system reliability Develop solid technical understanding of the reliability risks Solutions, strategies, and initiatives to enhance bulk reliability Analyze system events and recommend improved practices 4 RELIABILITY ACCOUNTABILITY

CIP Version 5 CIP 002 5 Cyber Security BES Cyber System Categorization CIP 003 5 Cyber Security Security Management Controls CIP 004 5 Cyber Security Personnel and Training CIP 005 5 Cyber Security Electronic Security Perimeter(s) CIP 006 5 Cyber Security Physical Security of BES Cyber Systems CIP 007 5 Cyber Security Systems Security Management CIP 008 5 Cyber Security Incident Reporting and Response Planning CIP 009 5 Cyber Security Recovery Plans for BES Cyber Systems CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments CIP 011 1 Cyber Security Information Protection 5 RELIABILITY ACCOUNTABILITY

CIP Standards Version History Urgent Action 1200 CIP Version 1 CIP Version 2 CIP Version 3 Currently Effective CIP Version 4 Effective 10/1/2014 CIP Version 5 Effective in 2015/2016 BOT Approved 07/2003 Renewed 2005 BOT Approval 5/2006 FERC Approval 1/2008 BOT Approval 5/2009 FERC Approval 9/2009 BOT Approval 12/2009 FERC Approval 3/2010 BOT Approval 1/2011 FERC Approval 4/2012 (effective 10/2014) BOT Approval 11/2012 FERC Notice for Approval 4/2013 6 RELIABILITY ACCOUNTABILITY

Comparative Table Version 4 Version 5 42 requirements; 113 parts 32 requirements; 110 Parts No contextual information Many documentary compliance requirements Measures on high level requirement only 14 requirements with TFE triggering language Undefined periodic terms Many binary VSLs Includes background, rationale, and guidelines and technical Basis Many requirements include consideration for self correcting process improvement Measures for each requirement, including parts 10 requirements with TFE triggering language Clear periodic requirements: initial requirements in Implementation Plan More gradated VSLs 7 RELIABILITY ACCOUNTABILITY

CIP V5 Approach to Correcting Deficiencies Each Responsible Entity shall implement, in a manner that identifies, assesses, and corrects deficiencies, one or more documented processes that collectively include each of the applicable items. Empowers industry Shifts focus from whether deficiencies occur to correcting deficiencies Continuous Improvement o From: backward looking, individual violations o To: forward looking, holistic focus Reliability and security emphasis that promotes the identification and correction of deficiencies 8 RELIABILITY ACCOUNTABILITY

Incorporation into V5 Instances of Identify, Assess, and Correct Deficiencies Language in CIP Version 5 Standard CIP 003 5 CIP 004 5 CIP 006 5 CIP 007 5 CIP 009 5 CIP 010 1 CIP 011 1 Requirement R2,R4 R2, R3, R4, R5 R1, R2 R1, R2, R3, R4, R5 R2 R1, R2 R1 9 RELIABILITY ACCOUNTABILITY

BES Cyber Asset Definitions A Cyber Asset that if rendered unavailable, degraded, or misused would, within 15 minutes of its required operation, misoperation, or non operation, adversely impact one or more Facilities, systems, or equipment, which, if destroyed, degraded, or otherwise rendered unavailable when needed, would affect the BES reliable operation. Control Center One or more facilities hosting operating personnel that monitor and control the BES in real time to perform the reliability tasks, including their associated data centers, of: 1) a Reliability Coordinator, 2) a Balancing Authority, 3) a Transmission Operator for transmission Facilities at two or more locations, or 4) a Generation Operator for generation Facilities at two or more locations. 10 RELIABILITY ACCOUNTABILITY

ESPs and PCAs Electronic Security Perimeters Network security, not compliance boundary focus Only required on routable protocol networks Protected Cyber Assets Historically known as non critical Cyber Assets 11 RELIABILITY ACCOUNTABILITY

High Water Marking High Water Marking A new concept from our tiered impact model Highest impact BES Cyber System in a network determines impact level of all Cyber Assets in the ESP 12 RELIABILITY ACCOUNTABILITY

Asset based approach List of types of assets to be considered o 3000 MW threshold for High BA Control Center o 1500 MW threshold for Medium BA Control Center o 1500 MW threshold for Medium GOP Control Center CIP-002-5 Identify and categorize High and Medium Impact BES Cyber Systems, if any, at each asset Identify assets that contain Low Impact BES Cyber Systems 13 RELIABILITY ACCOUNTABILITY

CIP-007-5 Patch Management Changed to a monthly process instead of per patch process No mitigation plans needed if patch installed Existing mitigation plans may be modified with approval Malware 35 day signature update requirement replaced Have a process for updating that includes testing and installing 14 RELIABILITY ACCOUNTABILITY

CIP-006-5 R1 Each Responsible Entity shall implement one or more documented physical security plans that includes: 15 RELIABILITY ACCOUNTABILITY

CIP-006-5 R1 (continued) Each Responsible Entity shall implement, in a manner that identifies, assesses and corrects deficiencies, one or more documented physical security plans that includes: 16 RELIABILITY ACCOUNTABILITY

Violation Severity Level VSLs Old Language The Responsible Entity does not have a process to monitor the Physical Security Perimeter twenty four hours a day, seven days a week for unauthorized circumvention of a physical access control into a Physical Security Perimeter. New Language The Responsible Entity has a process to monitor for unauthorized access through a physical access point into a Physical Security Perimeter and identified deficiencies but did not assess or correct the deficiencies 17 RELIABILITY ACCOUNTABILITY

CIP Implementation 18 RELIABILITY ACCOUNTABILITY

When to Self-Report Plan does not exist Plan has not been implemented Did not assess or correct identified deficiencies Deficiencies that create high risk to the Bulk Electric System 19 RELIABILITY ACCOUNTABILITY

Questions and Answers 20 RELIABILITY ACCOUNTABILITY

Background Materials 21 RELIABILITY ACCOUNTABILITY

All CIP Standards View at: http://www.nerc.com/pa/stand/reliability%20standards%20complete%20set/rscompleteset.pdf 1. Title: Sabotage Reporting Number: CIP 001 2a Purpose: Disturbances or unusual occurrences, suspected or determined to be caused by sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory bodies. 22 RELIABILITY ACCOUNTABILITY

All CIP Standards 2. Title: Cyber Security BES Cyber System Categorization Number: CIP 002 5 Purpose: To identify and categorize BES Cyber Systems and their associated BES Cyber Assets for the application of cyber security requirements commensurate with the adverse impact that loss, compromise, or misuse of those BES Cyber Systems could have on the reliable operation of the BES. Identification and categorization of BES Cyber Systems support appropriate protection against compromises that could lead to misoperation or instability in the BES. 23 RELIABILITY ACCOUNTABILITY

All CIP Standards 3. Title: Cyber Security Security Management Controls Number: CIP 003 5 Purpose: To specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES Cyber Systems against compromise that could lead to misoperation or instability in the BES. 4. Title: Cyber Security Personnel & Training Number: CIP 004 5 Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the BES from individuals accessing BES Cyber Systems by requiring an appropriate level of personnel risk assessment, training, and security awareness in support of protecting BES Cyber Systems. 24 RELIABILITY ACCOUNTABILITY

All CIP Standards 5. Title: Cyber Security Electronic Security Perimeter(s) Number: CIP 005 5 Purpose: To manage electronic access to BES Cyber Systems by specifying a controlled Electronic Security Perimeter in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES. 6. Title: Cyber Security Physical Security of BES Cyber Systems Number: CIP 006 5 Purpose: To manage physical access to BES Cyber Systems by specifying a physical security plan in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES. 25 RELIABILITY ACCOUNTABILITY

All CIP Standards 7. Title: Cyber Security System Security Management Number: CIP 007 5 Purpose: To manage system security by specifying select technical, operational, and procedural requirements in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES. 8. Title: Cyber Security Incident Reporting and Response Planning Number: CIP 008 3 Purpose: Standard CIP 008 3 ensures the identification, classification, response, and reporting of Cyber Security Incidents related to Critical Cyber Assets. Standard CIP 008 23 should be read as part of a group of standards numbered Standards CIP 002 3 through CIP 009 3. 26 RELIABILITY ACCOUNTABILITY

All CIP Standards 9. Title: Cyber Security Recovery Plans for BES Cyber Systems Number: CIP 009 5 Purpose: To recover reliability functions performed by BES Cyber Systems by specifying recovery plan requirements in support of the continued stability, operability, and reliability of the BES. 10. Title: Cyber Security Configuration Change Management and Vulnerability Assessments Number: CIP 010 1 Purpose: To prevent and detect unauthorized changes to BES Cyber Systems by specifying configuration change management and vulnerability assessment requirements in support of protecting BES Cyber Systems from compromise that could lead to misoperation or instability in the BES. 27 RELIABILITY ACCOUNTABILITY

All CIP Standards 11.Title: Cyber Security Information Protection Number: CIP 011 1 Purpose: To prevent unauthorized access to BES Cyber System Information by specifying information protection requirements in support of protecting BES Cyber Systems against compromise that could lead to misoperation or instability in the BES. 28 RELIABILITY ACCOUNTABILITY

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback