NERC Critical Infrastructure Protection Committee (CIPC) Highlights Mike Kraft, Basin Electric Power Cooperative MRO Board of Directors Meeting March 17, 2016 Midwest Reliability Organization Standards Committee
NOTICE The is an industry stakeholder committee which includes subject matter experts from MRO member organizations in various technical areas. Any materials, guidance, and views from stakeholder committees are meant to be helpful to industry participants; but should not be considered approved or endorsed by MRO staff or its board of directors unless specified.
NERC CIPC MRO Representatives Voting Members: Marc Child, Great River Energy - Cyber Security SME: mchild@grenergy.com Paul Crist, Lincoln Electric System - Physical Security SME: pcrist@les.com Damon Ounsworth, Saskatchewan Power - Operations Security SME: dounsworth@saskpower.com (pending) Alternate Voting Members: John Hochevar, ATC Cyber Security SME: jhochevar@atcllc.com Mike Kraft, Basin Electric Physical Security SME: mkraft@bepc.com Tony Rowan, MISO North Operations Security SME: arowan@misoenergy.org (pending) Steen Fjalstad, MRO At Large Security SME: sj.fjalstad@midwestreliability.org 3
1. Administrative Marc Child of Great River Energy assumed the NERC CIPC Chair position as of January 1, 2016 The MRO Operations alternate Damon Ounsworth of Saskatchewan Power represented the region for the vacant MRO Operations representative at the December CIPC meeting Pending confirmation Damon Ounsworth - Primary Operations Security SME Tony Rowan, MISO North Alternate Operations Security SME
2. Electricity Information Sharing and Analysis Center (E- ISAC) Update Strategic direction is being driven by the Electricity Sector Coordinating Council (ESCC) Marc Sachs of the E-ISAC gave a 2015 year in review presentation and overview of the 2016 strategic direction. Some key items highlighted included: portal enhancements Infrastructure improvements Staffing additional summary reporting Additional analysis activities. Bob Canada of the E-ISAC gave an update on the activities of the physical security advisory group. Two major projects: Design Basis Threat (DBT) tools - released via E-ISAC Portal Enhanced background checks for critical employees Regulatory avoidance strategies for reporting do not help entities become more secure
3. GridEx III Post-Exercise Observations Bill Lawrence of E-ISAC reported there were approximately 208 active organizations 161 observing organizations Approximately 369 organizations involved Approximately 4,227 registered participants Lessons learned and after action reports are being developed GridEx IV - November 15-16, 2017 IPC - Initial Planning Conference - September 2016 MPC - Mid-term Planning Conference - March 2017 FPC - Final Planning Conference - June 2017
4. CIP-014-2 Physical Security Self-certifications will be sent to entities for response by May 2, 2016 March 17, 2016 Webinar Discussion of FERC assisted audits in 2016 with a focus on R1.
5. CIP V5 Transition and CIP V5 Revisions Tobias Whitney of NERC provided an update on the CIP V5 Transition - CIP Version 5 Transition Advisory Group (V5TAG) NERC driven CIP-002-5.1 self-certifications sent to entities - updated return date of July 15, 2016. Entities can expect more outreach on low impact requirements in 2016. Project 2016-02 Modifications to CIP Standards http://www.nerc.com/pa/stand/pages/project%202016-02%20modifications%20to%20cip%20standards.aspx April 19, 2016 CIP Standards Technical Conference Protection of transient electronic devices used at low-impact bulk electric system cyber systems Protections for communication network components between control centers Refinement of the definition for Low Impact External Routable Connectivity (LERC) Cyber Asset and BES Cyber Asset Definitions Network and Externally Accessible Devices Transmission Owner (TO) Control Centers Performing Transmission Operator (TOP) Obligations Virtualization
6. Legislative Update Nathan Mitchell of APPA gave an update on federal legislation Cybersecurity Information Sharing Act of 2015 (CISA) DHS Automated Indicator Sharing (AIS) by March 17, 2016 - STIX and TAXII Sharing of cyber threat indicators and defensive measures by the federal government Guidance to share cyber threat indicators and defensive measures with federal entities. Section 215A addition to the Federal Power Act DOE Plan for Strategic Transformer Reserve Resolves conflict between environmental and grid reliability - Must run Secretary of Energy has broader authority to address grid security emergencies Energy Policy Act Revisited
7. Electricity Sector Coordinating Council (ESCC) Nathan Mitchell of APPA gave an update on ESCC activities ESCC Playbook v5.0 was released Cybersecurity Risk Information Sharing Program (CRISP) Subgroups Cyber Mutual Assistance Enhanced Background Investigation Screening (EBIS) WG E-ISAC Member Executive Committee (MEC) EMP Task Force ESCC Metrics Working Group
8. Federal Update Dave Norton of FERC reported FERC items FERC led CIP audits, less than 10, which should feel like a regular audit Regions will be involved and house the data Rehearing requested for Order 822 Jim McGlone of DOE pre-cipc classified briefing DOE Design Basis Threat (DBT) will be classified Ben Mayo of DHS Regional Cyber Security Advisors (CSAs) to augment Protective Security Advisors (PSAs) Updated Active Shooter Preparedness materials available
NERC Alert R-2016-02-09-01 Manipulation of ICS NERC Alert R-2016-02-09-01 Manipulation of ICS Reclassified to TLP:Amber Cooperatives should reach out to NERC for further guidance Information on E-ISAC Portal Response due April 9, 2016
Ukraine event December 23, 2015 Wire Article http://www.wired.com/2016/03/inside-cunningunprecedented-hack-ukraines-power-grid/ Mitigations Council on Cybersecurity - Top 20 Critical Security Controls Application Whitelisting Contingency plans for safe shutdown Isolate ICS and SCADA networks Audit and monitor trusted external connections
Next Meetings June 6-8, 2016 in St. Louis June 6-7 CIPC Workshops June 7-8 CIPC Meeting September 20-21, 2016 with Location TBD December 13-14, 2016 in Atlanta, GA
Critical Infrastructure Protection Committee Executive Committee Joe Garmon, FMPA Marc Child, Chair, Great River Energy Melanie Seader, EEI David Grubbs, City of Garland Nathan Mitchell, Vice Chair, APPA Jack Cashin, EPSA Ross Johnson, CEA David Revill, Vice Chair, NRECA Chuck Abell, Ameren John Galloway, ISO-NE Sam Chanoski, Secretary, NERC Physical Security Subcommittee (David Grubbs) Cybersecurity Subcommittee (David Revill) Operating Security Subcommittee (Joe Garmon) Policy Subcommittee (John Galloway) Physical Security WG (Ross Johnson) Control Systems Security WG (Mikhail Falkovich) Grid Exercise WG (Tim Conway) BES Security Metrics WG (VACANT) Physical Security Guidelines WG (John Breckenridge) Security Training WG (William Whitney) Business Continuity Guideline TF (Darren Myers) Physical Security Standard WG (Allan Wick) Compliance and Enforcement Input WG (Paul Crist) January 2016 15 RELIABILITY ACCOUNTABILITY
MRO Security Conference 2016 Scheduled for September 22, 2016 Draft motto: Going beyond theory to explain the 'how' Draft theme: The definition of genius is taking the complex and making it simple. - Einstein Agenda includes keynotes and industry leading experts in physical and cyber security