Efficiency and Effectiveness of Stakeholder Engagement

Similar documents
Critical Infrastructure Protection Committee Strategic Plan

ERO Reliability Risk Priorities Report. Peter Brandien, Reliability Issues Steering Committee Chair WECC Reliability Workshop March 21, 2018

Critical Infrastructure Protection Version 5

Critical Infrastructure Protection Committee Strategic Plan

NERC Critical Infrastructure Protection Committee (CIPC) Highlights

CIP Version 5 Transition. Steven Noess, Director of Compliance Assurance Member Representatives Committee Meeting November 12, 2014

Power System Resilience & Reliability. Robert W. Cummings Senior Director of Engineering and Reliability Initiatives i-pcgrid March 28, 2017

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION ) )

ERO Enterprise Strategic Planning Redesign

Critical Infrastructure Protection Committee Strategic Plan

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

ERO Reliability Risk Priorities Report. Peter Brandien, RISC Chair Member Representatives Committee Meeting November 1, 2016

Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013

Grid Security & NERC

Reliability Standards Development Plan

Chapter X Security Performance Metrics

Cyber Security Incident Report

Reliability Issues Steering Committee

Chapter X Security Performance Metrics

Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION. Foundation for Resilient Societies ) Docket No.

Cyber Security Reliability Standards CIP V5 Transition Guidance:

New Brunswick 2018 Annual Implementation Plan Version 1

NERC Staff Organization Chart Budget 2019

NERC Staff Organization Chart Budget 2019

Agenda Critical Infrastructure Protection Committee March 6, :00 p.m. 5:00 p.m. Eastern March 7, :00 a.m. Noon Eastern

ERO Enterprise IT Projects Update

Electric Reliability Organization Enterprise Operating Plan

FERC Reliability Technical Conference Panel III: ERO Performance and Initiatives ESCC and the ES-ISAC

Standard Development Timeline

NERC Staff Organization Chart Budget 2018

Québec Reliability Standards Compliance Monitoring and Enforcement Program Implementation Plan Annual Implementation Plan

NERC Staff Organization Chart Budget 2017

2018 MRO Regional Risk Assessment

Cyber Security Standards Drafting Team Update

Compliance Monitoring and Enforcement Program Technology Project Update

Physical Security Reliability Standard Implementation

Standards. Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016

Agenda Critical Infrastructure Protection Committee March 8, :00 5:00 p.m. Eastern March 9, :00 a.m. Noon Eastern

HPH SCC CYBERSECURITY WORKING GROUP

NERC Staff Organization Chart Budget 2017

Industry role moving forward

EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,

Standards Development Update

Member Representatives Committee. Pre-Meeting and Informational Webinar January 16, 2013

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Critical Infrastructure Protection Committee Draft Minutes September 16-17, 2014

Agenda Critical Infrastructure Protection Committee September 12, :00 5:00 p.m. Eastern September 13, :00 a.m.

Standard Development Timeline

WECC Internal Controls Evaluation Process WECC Compliance Oversight Effective date: October 15, 2017

The NIST Cybersecurity Framework

NERC Staff Organization Chart 2015 Budget

July 5, Mr. John Twitty, Chair NERC Member Representatives Committee. Dear John:

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Scope Cyber Attack Task Force (CATF)

Multi-Region Registered Entity Coordinated Oversight Program

NERC Staff Organization Chart Budget

Statement for the Record

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

NERC Staff Organization Chart

Cybersecurity Overview

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Standards. Mark Lauby, Vice President and Director of Standards Board of Trustees Meeting November 7, 2013

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

PIPELINE SECURITY An Overview of TSA Programs

History of NERC December 2012

Critical Cyber Asset Identification Security Management Controls

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Standard CIP Cyber Security Critical Cyber Asset Identification

Updates to the NIST Cybersecurity Framework

NERC-Led Technical Conferences

Cyber Threats? How to Stop?

Department of Defense. Installation Energy Resilience

Welcome. Jim Jones, VP & CIO September 11, 2018

Project Cyber Security - Order No. 791 Identify, Assess, and Correct; Low Impact; Transient Devices; and Communication Networks Directives

June 4, 2014 VIA ELECTRONIC FILING. Veronique Dubois Régie de l'énergie Tour de la Bourse 800, Place Victoria Bureau 255 Montréal, Québec H4Z 1A2

Compliance Exception and Self-Logging Report Q4 2014

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

Board of Trustees Compliance Committee

Standard CIP Cyber Security Critical Cyber Asset Identification

CIP Cyber Security Personnel & Training

ERO Reliability Risk Priorities

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

History of NERC January 2018

Cybersecurity and Data Protection Developments

GridEx IV Initial Lessons Learned and Resilience Initiatives

Implementing Cyber-Security Standards

Why you should adopt the NIST Cybersecurity Framework

CIP Version 5 Evidence Request User Guide

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015

Security and Privacy Governance Program Guidelines

Compliance Enforcement Initiative

Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Implementation Plan for Version 5 CIP Cyber Security Standards

Transcription:

Efficiency and Effectiveness of Stakeholder Engagement Michael Walker, Senior Vice President and Chief Enterprise Risk and Strategic Development Officer Member Representatives Committee Meeting February 7, 2018

Background ERO Enterprise Long-Term Strategy and Operating Plan recognize the importance of effective industry expertise Emerging issues are increasing resource demands on both industry and the ERO Enterprise There are opportunities to improve efficiency and effectiveness for the benefit of stakeholders, the ERO Enterprise, and reliability Requested policy input on ways to improve efficiency and effectiveness of stakeholder engagement 2

Themes of Policy Input Responses Include wider stakeholder involvement in effectiveness and efficiency reviews Review stakeholder committee organization and charters Track and share stakeholder time devoted to ERO groups Leverage technology to reduce travel time and costs Enhance ERO staff training and tools to engage stakeholders Increase communications with and among segments and sectors Increase executive-level stakeholder involvement Avoid duplicate work within the ERO Enterprise and between the ERO Enterprise and industry 3

Next Steps Open discussion of input during MRC meeting Obtain feedback from Board of Trustees Follow-up discussion at the May meeting 4

5

ERO Reliability Risk Priorities Report Peter Brandien, Reliability Issues Steering Committee Chair Member Representatives Committee Meeting February 7, 2018

Purpose and Process Strategically defines and prioritizes risks to the reliable operation of the bulk power system (BPS) Supports ERO Enterprise strategic and operational planning Key inputs Reliability Issues Steering Committee s (RISC s) subject matter expertise Reliability Leadership Summit FERC Technical Conference Pulse point interviews Review of a number of NERC technical studies Department of Energy grid study 2

Risk Profiles and Recommendations Nine inherent risk profiles for continued level of attention No new profiles; shift in Profile 4 from asset management and maintenance to increasing complexity in protection and control systems Includes recommended actions to mitigate the risks Effort to narrow recommendations since last draft Reduced 99 recommendations to 53 Removed overlapping recommendations and those captured in ongoing activities 3

Risk Groupings Risk profiles categorized by mapping of likelihood and impact RISC recommends higher likelihood, higher impact profiles be given highest priority All risk profiles warrant attention regardless of categorization Higher Likelihood, Higher Impact Cybersecurity Vulnerabilities Changing Resource Mix BPS Planning Resource Adequacy 4

Risk Groupings Higher Likelihood, Lower Impact Increasing Complexity in Protection and Control Systems Human Performance and Skilled Workforce Lower Likelihood, Higher Impact Loss of Situational Awareness Lower Likelihood, Lower Impact Physical Security Vulnerabilities Extreme Natural Events 5

Risk Mapping 6

Next Steps Present report to Board of Trustees (Board) for acceptance on February 8, 2018 Next Reliability Leadership Summit Q1/Q2 2019 Next report to Board August 2019 7

8

Resilience Framework Peter Brandien, Reliability Issues Steering Committee Chair Member Representatives Committee Meeting February 7, 2018

Recommended Framework Develop common understanding and definition of the key elements of bulk power system (BPS) resilience Understand how key elements of BPS resilience fit in the existing ERO framework Evaluate whether additional steps are needed to address key elements of BPS resilience within the ERO framework 2

Understanding and Defining Resilience National Infrastructure Advisory Council s (NIAC s) resilience framework includes four outcome-focused abilities: Robustness absorb shocks and continue operating Resourcefulness skillfully manage a crisis as it unfolds Rapid Recovery get services back as quickly as possible Adaptability incorporate lessons learned from past events to improve resilience 3

ERO Enterprise Activities Supporting NIAC Framework Robustness Risk, event, and performance monitoring Reliability and emerging risk assessments Technical committee work Operator training and certification Reliability Standards and Reliability Guidelines E-ISAC information-sharing programs Resourcefulness Situational awareness and industry coordination Government coordination Cross-sector information sharing Reliability Standards and Functional Model 4

ERO Enterprise Activities Supporting NIAC Framework Rapid Recovery Situational awareness and industry coordination Government coordination Cross-sector information sharing Adaptability Reliability assessments Event analysis and forensics Reliability Guidelines Technical committee work 5

Recommended Next Steps Request standing committee input to the RISC Provide recommendations at the May 2018 Member Representatives Committee meeting Monitor FERC proceedings 6

7

2017 Reliability Assessments Standard and Guideline Recommendations Mark Lauby, Senior Vice President and Chief Reliability Officer Member Representatives Committee February 7, 2018

Evaluating Emerging Risks Through Assessments Key assessments from 2017 Special Reliability Assessment: Potential Bulk Power System Impacts Due to Severe Disruptions on the Natural Gas System 2017 Long-Term Reliability Assessment Recommendations aligned with RISC priorities 2

Special Reliability Assessment Objective of report: Evaluate disruptions of key natural gas facilities and their impact to BPS reliability Recommendation: NERC, with industry s support, should enhance its Reliability Guidelines and/or Standards as necessary to include additional planning and operating requirements for analyzing disruptions to the natural gas infrastructure and their impacts on the reliable operation of the BPS 3

Special Reliability Assessment Current Plan of Action: Planning Committee advisory group forming Review current requirements (e.g., TPL-001-4) Identify the need and scope for a Reliability Guideline Determine if existing controls are in place to assure extreme conditions due to natural gas disruptions are considered in planning Next Step: Plan of action will be presented for policy input in April 2018 An update of progress will be provided on a quarterly basis 4

2017 Long-Term Reliability Assessment Objective of Report: Review, assess, and report on the overall electric generation and transmission reliability of the BPS Recommendation: NERC should conduct a comprehensive evaluation of its Reliability Standards to ensure compatibility with nonsynchronous and distributed energy resources as well as for completeness related to essential reliability services, generator performance, system protection and control, and balancing functions. 5

2017 Long-Term Reliability Assessment Significant activity in progress: Revisions planned for MOD-032 to address data sharing Inverter-Based Resources Task Force (Reliability Guideline and Alert) Standard Authorization Request in place to address frequency control and balancing PC assessment of BES-connected dynamic reactive devices Next Steps: Standing Committee Coordinating Group to monitor progress across technical committees An update of progress will be provided on a quarterly basis 6

7

CIPC Workplan Update Critical Infrastructure Protection Committee Marc A. Child, Great River Energy, CIPC Chair Member Representatives Committee Meeting February 7, 2018

CIPC Organizational Chart Executive Committee Ross Johnson, Phys SME, Capital Power Marc Child, Chair, Great River Energy Melanie Seader, EEI Brenda Davis, Cyber SME, CPS Energy David Grubbs, Vice Chair, City of Garland (vacant) APPA Lisa Carrington, Ops SME, Ariz Public Svc David Revill, Vice Chair, NRECA (vacant) EPSA Jeff Fuller, Policy SME, AES Tobias Whitney, Secretary, NERC (vacant) IPC Physical Security Subcommittee (Ross Johnson) Cybersecurity Subcommittee (Brenda Davis) Operating Security Subcommittee (Lisa Carrington) Policy Subcommittee (Jeff Fuller) Physical Security WG (PSAG) (Ross Johnson) Control Systems Security WG (Mike Mertz) (Carter Manucy) Grid Exercise WG (Tim Conway) Security Metrics WG (Larry Bugh) Physical Security Guidelines TF (Darrell Klimitchek) Security Training WG (David Godfrey) (Amelia Sawyer) Planning Committee Joint Project Criticality Reduction (Vacant) Compliance and Enforcement Input WG (Paul Crist) Supply Chain Working Group (Vacant) 2

CIPC Charter Key updates to CIPC Charter: Minor verbiage update to acknowledge security guidelines and standards implementation guidance are key deliverables of CIPC Added IEEE to the list of key collaborative organizations Added new non-voting member class: Partner Members Federal Energy Regulatory Commission US Department of Homeland Security US Department of Energy US Department of Energy Laboratories Public Safety Canada Natural Resources Canada Oil & Natural Gas subsector Telecomm sector Financial Services sector Critical Manufacturing sector Water sector 3

CIPC Strategic Plan and Work Plan 2018 2019 Strategic Plan & Work Plan Change in format to better align with the Electric Reliability Organization (ERO) strategic goals ERO Enterprise Long-Term Strategy ERO Reliability Risk Priorities ( RISC Report ) E-ISAC Long Term Strategic Plan Appendix removed to reduce redundancy and enhance readability Organized into six major activities Advisory panel to the NERC Board of Trustees (Board) Cyber security risk management Physical security risk management NERC standards implementation input BES security metrics Training, outreach, and industry communications 4

Advisory Panel to the Board Reports to the Board will become more strategic to address emerging risks and issues pertinent to the security of BES Solicit input from the Board regarding priorities and new challenges Identify opportunities for collaboration with other subcommittees Less focus on status reporting and more focus on the proactive resolution of issues 5

Cyber Security Risk Management Cyber security program efforts address the RISC, E-ISAC Long Term Strategic Plan, and the ERO Enterprise Long Term Strategy Identification and reduction of cyber risks Cyber security risk of Fuel Handling SCADA systems for Generation Updated guidance in relation to NERC s Remote Access Study GridEx planning and preparation Supply Chain (vendor security controls and legacy systems testing) 6

Physical Security Risk Management Physical security program efforts address the RISC, E-ISAC Long Term Strategic Plan, and the ERO Enterprise Long Term Strategy Identification and reduction of physical risks Security practices for High Impact Control Centers Security implications of drones on electric power Key management security for physical access 7

NERC Standards Implementation Input The Compliance and Enforcement Input Working Group (CEIWG) is established to solicit industry stakeholders for input to assist NERC staff with clarification on compliance monitoring or enforcement with the following documents: Implications of Cloud Services for CIP Assets (Pilot/Study) Implementation Guidance for Voice-over-IP services Implementation Guidance for Shared Transmission Facilities 8

BES Security Metrics CIPC will utilize the expertise of its members, NERC staff, and others to provide direction, technical oversight, feedback on the collection of industry metrics, and reporting of BES security performance metrics Security Metrics derived from E-ISAC, compliance data, or other sources of periodic reporting Annual security assessment of the BES 9

Training, Outreach, and Communications CIPC will provide training, coordination, and communication with those responsible for both physical and cyber security to various industry segments Re-organize information on NERC.com Industry facing collaboration site to maximize joint project activities Publish annual training plan 10

Timeline of Activities # CIPC Deliverable (non-ongoing projects) Estimated Completion Date 1 Implications of Voice-over-IP and the CIP Standards Q1 2018 2 Develop CIPC Collaboration Site on NERC.com Q2 2018 3 CIP Implications of Shared Transmission Facilities Q2 2018 4 Key management security guideline Q2 2018 5 Vendor Essential Security Practices Model Q3 2018 6 Security implications of UAVs Q3 2018 7 Update CIPC Website on NERC.com Q3 2018 8 Implications of Cloud Services for CIP Assets Q4 2018 9 Assess the cyber security risk of Fuel Handling SCADA systems for Generation Q1 2019 10 Address Remote Access Security Findings #1-#18 Q3 2019 11 Identification and Reduction of Cyber and Physical Security Risks Q4 2019 12 Legacy system testing coordination with National Labs Q4 2019 13 Annual Security Assessment of the BES Q4 2019 11

12

Michael Bardee, Director FERC Office of Electric Reliability February 7, 2018

Final Rule, RM17-12-000, 1/18/18 Approves revised reliability standards: Event Reporting (EOP-004-4) System Restoration from Blackstart Resources (EOP-005-3) System Restoration Coordination (EOP-006-3) Loss of Control Center Functionality (EOP-008-2) Revised standards will: Provide accurate reporting to NERC s event analysis group Specify roles of entities to restore system from blackstart resources Clarify procedures & coordination for RC staff to restore system Refine requirements to continue reliable operation if primary control functionality is lost Effective 60 days after publication in the Federal Register

Proposed Rule, RM17-13, 1/18/18 Proposes to approve supply chain risk management CIP reliability standards: Supply Chain Risk Management (CIP-013-1) Electronic Security Perimeter(s) (CIP-005-6) Configuration Change Management (CIP-010-3) Proposes to direct NERC to expand these standards to include EACMS for medium- and high-impact; and expand study of low-impact to include PACs and PCAs Comments due 60 days after publication in Fed. Reg.

Proposed Rule, RM18-2 & AD17-9, 12/21/17 Proposes to direct NERC to broaden CIP-008 to include mandatory reporting of cyber security incidents that compromise, or attempt to compromise, an entity s Electronic Security Perimeter or associated EACMS Proposes that incident reports be sent to ICS-CERT (in addition to E-ISAC) and that NERC file an annual, public and anonymized summary with FERC Comments due 2/26/18

Order Accepting Filing, RR15-2-005, 11/16/17 Accepts NERC s 2016 Compliance Monitoring and Enforcement Program (CMEP) Annual Report Denies two changes proposed by NERC: Eliminate public posting of CEs identified through self-logging Allow CEs to include certain moderate risk non-compliance Terminates the annual informational filing requirement so long as NERC continues to include: Compliance exceptions in the annual FFT filing Information on RAI program in CMEP report to BOTCC

Proposed Rule, RM16-22, 11/16/17 Proposes to approve: PRC-027-1 (Coordination of Protection Systems for Performance During Faults) PER-006-1 (Specific Training for Personnel) Proposes to direct NERC to expand PRC-027-1 to require an initial protection system coordination study as baseline for proper coordination of their systems Comments due 1/28/18

Order issued in AD18-7 & RM18-1, 1/8/18 Terminates DOE NOPR on grid resilience Opens new proceeding to examine grid resilience Directs RTOs/ISOs to provide information. Goal: Develop common understanding among Commission, industry and others of what resilience of bulk power system means and requires Understand how each RTO/ISO assesses resilience in its footprint Use this info to evaluate whether additional Commission action on resilience is appropriate RTO/ISO submissions due 60 days after 1/8/18; reply comments 30 days later

Thank you! Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback