Standards Subject to Future Enforcement 2017

Slides:

Advertisements

Similar presentations

Project QC Consultation on Proposed Reliability Standards and Supporting Documents Information Session with Entities Concerned January 11 and 16,

Advertisements

Notice of Proposed Rulemaking on Standards WECC Board of Directors Meeting December 7-8, 2006.

NERC New Approved Standards

PER Update & Compliance Lessons Learned

FRCC Fall Compliance Workshop October , 2013

Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.

Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)

Brent Castagnetto Manager, Cyber Security Audits & Investigations Team CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City, UT May 14-15, 2014.

State of Standards and Standards in Development Sean Cavote, Manager of Standards Development WECC Operating Committee Meeting March 26, 2015.

UNC Modification Proposal Revised Timescales for LDZ Shrinkage Arrangements Simon Trivella – 25 th September 2008 Distribution Workstream.

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

1. 11/26/2012: NERC Board of Trustees adopted CIP v5 CIP thru CIP CIP and CIP Version 5 Filing FERC requested filing by 3/31/2013.

CIP Version 5 Update OC Meeting November 7, 2013.

Physical Security CIP NERC Standing Committees December 9-10, 2014.

Reliability Standards Update

Cyber Security Standard Workshop Status of Draft Cyber Security Standards Larry Bugh ECAR Standard Drafting Team Chair January 2005.

WECC Standards Update Steve Rueckert – Director of Standards W ESTERN E LECTRICITY C OORDINATING C OUNCIL.

Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.

Nuclear Power Plant “Bright-Line” NERC:. Tim Roxey and Jim Hughes NRC:

Update in NERC CIP Activities June 5, Update on CIP Update on Revisions to CIP Version 5 –BES Cyber Asset Survey –Implementation Plan Questions.

Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security

Alberta Reliability Standards Stakeholder Information Session Jason Murray, Director Operational Effectiveness October 11, 2011.

Implementing the New Reliability Standards Status of Draft Cyber Security Standards CIP through CIP Larry Bugh ECAR Standard Drafting Team.

January 2008 Texas Regional Entity Report. 2 Performance Highlights ●ERCOT’s Control Performance Standard (NERC CPS1) score for November – ●Scores.

SPP.org 1. EMS Users Group – CIP Standards The Compliance Audits Are Coming… Are You Ready?

Overview of WECC and Regulatory Structure

K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.

Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.

Project System Protection Coordination Requirement revisions to PRC (ii) Texas Reliability Entity NERC Standards Reliability Subcommittee.

Problem Areas Updates Penalties FRCC Compliance Workshop September / October

Date CIP Standards Update Chris Humphreys Texas RE CIP Compliance.

NERC Project S ystem Protection Coordination - PRC-027 Presentation to the NSRS Conference Call August 17, 2015 Sam Francis Oncor Electric Delivery.

NSRS Update Recent NERC Standards Activities RSC – January 2013 Presented by: Andrew Gallo, NSRS Chair.

Page 1 of 13 Texas Regional Entity ROS Presentation April 16, 2009 T EXAS RE ROS P RESENTATION A PRIL 2009.

Tony Purgar June 22,  Background  Portal Update ◦ CIP 002 thru 009 Self Certification Forms  Functional Specific (i.e. BA, RC, TOP – SCC, Other)

NERC Project PRC-005 FERC Order No. 803 Directive Presentation to the NSRS Conference Call August 17, 2015 Sam Francis Oncor Electric Delivery.

Standards Update Merrill Brimhall Staff Engineer W ESTERN E LECTRICITY C OORDINATING C OUNCIL.

NSRS Update Recent NERC Standards Activities RSC – June 2013 Presented by: Lisa Martin, NSRS Chair.

Dennis Glass Compliance Analyst III January 21, 2016 PRC Protection System, Automatic Reclosing, and Sudden Pressure Relaying Maintenance Talk with.

Darren T. Nielsen M.Ad, CPP, CISA, PCI, PSP, CHPP, CBRA, CBRM Senior Compliance Auditor, Cyber & Physical Security V5/FERC Order 822 updates February 25,

ROS Meeting – 06/12/081Texas Nodal Program - TPTF Update Texas Nodal Transition Plan Task Force ROS Meeting Stacy Bridges, ERCOT Thursday, 06/12/08.

WECC – NERC Standards Update

MOPC Meeting Oct , 2016 Little Rock, AR

Mandatory Reliability Standards (MRS)

NOGRR-169 OWG discussion Bill Blevins June 28, 2017.

Mandatory Reliability Standards (MRS)

Rachel Coyne Manager, Reliability Standards Program

Planning Geomagnetic Disturbance Task Force (PGDTF) Update to the ROS

WECC Regional Standards Update

NERC Reliability Standard EOP 001

ERCOT Technical Advisory Committee June 2, 2005

PRC Implementation Plan and Summary of Devices

Western Electricity Coordinating Council

Phil O’Donnell, Manager Operations and Planning Audits

Merrill Brimhall – Engineer, Staff

NERC Cyber Security Standards Pre-Ballot Review

CEO/Co-founder, SOS Intl

Understanding Existing Standards:

Larry Bugh ECAR Standard Drafting Team Chair January 2005

Larry Bugh ECAR Standard Drafting Team Chair January 2005

2017/18 Payment Calendar Due Date Cut-off Day 1st of every month

Coordinate Operations Standard

NERC Reliability Standards Development Plan

Larry Bugh ECAR Standard Drafting Team Chair June 1, 2005

Phil O’Donnell, Manager Operations and Planning Audits

NERC Reliability Standards Development Plan

Review Group Action November 2008.

PLAN OF WORK Plan of work is the general scheduling of program according to major activities (or phases) such as planning, implementation and evaluation.

Standards Review Subcommittee Update

Presentation transcript:

Standards Subject to Future Enforcement 2017 Rachel Coyne, Manager, Reliability Standards Program

Standards Upcoming Enforcement Dates – 4/1/2017 RAS Definition Changes Standard/Requirement EOP-004-3 PRC-015-1 FAC-010-3 PRC-016-1 FAC-011-3 PRC-017-1 MOD-029-2a PRC-023-4 MOD-030-3

Standards Upcoming Enforcement Dates – 4/1/2017 TOP/IRO Standards Standard/Requirement IRO-001-4 IRO-017-1 IRO-002-4 TOP-001-3 IRO-008-2 TOP-002-4 IRO-010-2 R3 TOP-003-3 R5 IRO-014-3

Standards Upcoming Enforcement Dates – 4/1/2017 Standard/Requirement Enforcement Date EOP-010-1 R2 4/1/2017 EOP-011-1 IRO-010-2 R3 PRC-004-5(i) PRC-005-6 (Partial) PRC-010-1 PRC-010-2 4/2/2017 TOP-003-3 R5

Standards Upcoming Enforcement Dates – 7/1/2017 Standard/Requirement Enforcement Date MOD-033-1 7/1/2017 TPL-007-1 Phased in beginning 7/1/2017

Non-CIP Standards Upcoming Enforcement Dates – 10/1/2017 Standard/Requirement Enforcement Date COM-001-3 10/1/2017

Standards Upcoming Enforcement Dates – 1/1/2018 Standard/Requirement Enforcement Date PRC-026-1 Phased in beginning 1/1/2018

EOP-010-1 Implementation Plan Standard Enforcement Date: First day of first calendar quarter six months after effective date of order = 4/1/2015 Requirement Compliant By R1, R3 4/1/2015 R2 4/1/2017

IRO-010-2 Implementation Plan Standard Enforcement Date: First day of first calendar quarter nine months after effective date of order = 1/1/2017 Requirement Compliant By R1, R2 1/1/2017 R3 4/1/2017

PRC-005-6 Enforcement Dates Maximum Maintenance Interval % Compliant By Date PRC-005-6 General Implementation Plan Less than 1 year 100% Oct. 1, 2015 (1D/1Q 18 mo. following regulatory approval) 1–2 calendar years Apr. 1, 2017 (1D/1Q 36 mo. following regulatory approval) 3 calendar years 30% Apr. 1, 2016 (1D/1Q 24 mo. following regulatory approval) Note 1 60% Apr. 1, 2018 (1D/1Q 48 mo. following regulatory approval) 6 calendar years Apr. 1, 2017 (1D/1Q 36 mo. following regulatory approval) Note 2 Apr. 1, 2019 (1D/1Q 60 mo. following regulatory approval) Apr. 1, 2021 (1D/1Q 84 mo. following regulatory approval) 12 calendar years Apr. 1, 2023 (1D/1Q 108 mo. following regulatory approval) Apr. 1, 2027 (1D/1Q 156 mo. following regulatory approval) PRC-005 new additions for Auto Reclosing and Sudden Pressure Relay additions Jan. 1, 2016 (1D/1Q following regulatory approval) Jan. 1, 2019 (1D/1Q 36 mo. following regulatory approval) Jan. 1, 2021 (1D/1Q 60 mo. following regulatory approval) Jan. 1, 2023 (1D/1Q 84 mo. following regulatory approval) Jan. 1, 2025 (1D/1Q 108 mo. following regulatory approval) Jan. 1, 2029 (1D/1Q 156 mo. following regulatory approval) Note 1 Or, for generating plants with scheduled outage intervals exceeding two years, at the conclusion of the first succeeding maintenance outage. Note 2 Or, for generating plants with scheduled outage intervals exceeding three years, at the conclusion of the first succeeding maintenance outage.

PRC-026-1 Implementation Plan Enforcement Dates 1st day of first calendar year 12 months following regulatory approval R1 Compliant by 1/1/2018 R2, R3, R4 1st day of first calendar year 36 months following regulatory approval 1/1/2020

TOP-003-3 Implementation Plan Standard Enforcement Date: First day of first calendar quarter nine months after effective date of order = 1/1/2017 Requirement Compliant By R1, R2, R3, R4 1/1/2017 R5 4/1/2017

TPL-007-1 Implementation Plan Enforcement Dates Compliant by 6 months following regulatory approval 7/1/2017 R2 18 months following regulatory approval 7/1/2018 R5 24 months following regulatory approval 1/1/2019 R6 48 months following regulatory approval 1/1/2021 R3, R4, R7 60 months following regulatory approval 1/1/2022

CIP Implementation Plans CIP v5v6 Standards Enforcement Date = 7/1/2016 Some requirements have an initial performance requirement in accordance with the Implementation Plan for Version 5 CIP Cyber Security Standards dated October 26, 2012.

CIP-003-6 Implementation Plan Enforcement Dates 1st day of first calendar quarter after the effective date of the order 7/1/2016 All req. with exceptions listed below Compliant by R1.2 4/1/2017 R2 R2 Attachment 1, section 1 R2 Attachment 1, section2 9/1/2018 R2 Attachment 1, section 3 R2 Attachment 1, section 4

CIP-004-6 Initial Performance Dates Standard Requirement Initial Performance by Notes CIP-004-6 Part 2.3 7/1/2017 Initial performance for this Part is required by July 1, 2017 (i.e., within 12 calendar months after July 1, 2016), per the Implementation Plan for Version 5 CIP Cyber Security Standards, dated October 26, 2012 and incorporated by reference into the Implementation Plan for CIP Version 5 Revisions, dated January 23, 2015. CIP-004-6 Part 3.5 7/1/16 (or within 7 years of the previous PRA) Initial performance of this part is required within 7 years after the last personnel risk assessment that was performed pursuant to a previous version of the CIP Cyber Security Standards, per the Implementation Plan for Version 5 CIP Cyber Security Standards, dated October 26, 2012 and incorporated by reference into the Implementation Plan for CIP Version 5 Revisions, dated January 23, 2015. CIP-004-6 Part 4.2 10/1/2016 Initial performance for this Part is required by October 1, 2016 (i.e., within 3 calendar months after July 1, 2016), per the Implementation Plan for Version 5 CIP Cyber Security Standards, dated October 26, 2012 and incorporated by reference into the Implementation Plan for CIP Version 5 Revisions, dated January 23, 2015. CIP-004-6 Part 4.3 CIP-004-6 Part 4.4

CIP-006-6 Initial Performance Dates Standard Requirement Initial Performance by Notes CIP-006-6 Part 1.10 7/1/2016 (or 4/1/2017 for new high and medium impact BCS) For new high or medium impact BES Cyber Systems at Control Centers identified by CIP-002-5.1 which were not identified as Critical Cyber Assets in CIP Version 3, the compliance date for this Part is April 1, 2017, per the Implementation Plan for CIP Version 5 Revisions dated January 23, 2015. CIP-006-6 Part 3.1 7/1/2017 Initial performance for this Part is required by July 1, 2017 (i.e., within 12 calendar months after July 1, 2016), per the Implementation Plan for Version 5 CIP Cyber Security Standards, dated October 26, 2012 and incorporated by reference into the Implementation Plan for CIP Version 5 Revisions, dated January 23, 2015.

CIP-007-6 Initial Performance Dates Standard Requirement Initial Performance by Notes CIP-007-6 Part 1.2 7/1/2016 (or 4/1/2017) The compliance date for CIP-007-6, Requirement R1, Part 1.2 that apply to PCAs and nonprogrammable communication components located inside a PSP and inside an ESP and associated with high and medium impact BES Cyber Systems is April 1, 2017, per the Implementation Plan for CIP Version 5 Revisions dated January 23, 2015. CIP-007-6 Part 4.4 7/15/2016 Initial performance for this Part is required by July 15, 2016 (i.e., within 14 calendar days after July 1, 2016), per the Implementation Plan for Version 5 CIP Cyber Security Standards, dated October 26, 2012 and incorporated by reference into the Implementation Plan for CIP Version 5 Revisions, dated January 23, 2015.

CIP-008-5 Initial Performance Dates Standard Requirement Initial Performance by Notes CIP-008-5 Part 2.1 7/1/2017 Initial performance for this Part is required by July 1, 2017 (i.e., within 12 calendar months after July 1, 2016), per the Implementation Plan for Version 5 CIP Cyber Security Standards, dated October 26, 2012.

CIP-009-6 Initial Performance Dates Standard Requirement Initial Performance by Notes CIP-009-6 Part 2.1 7/1/2017 Initial performance for this Part is required by July 1, 2017 (i.e., within 12 calendar months after July 1, 2016), per the Implementation Plan for Version 5 CIP Cyber Security Standards, dated October 26, 2012 and incorporated by reference into the Implementation Plan for CIP Version 5 Revisions, dated January 23, 2015. CIP-009-6 Part 2.2 CIP-009-6 Part 2.3 7/1/2018 Initial performance for this Part is required by July 1, 2018 (i.e., within 24 calendar months after July 1, 2016), per the Implementation Plan for Version 5 CIP Cyber Security Standards, dated October 26, 2012 and incorporated by reference into the Implementation Plan for CIP Version 5 Revisions, dated January 23, 2015.

CIP-010-2 Initial Performance Dates Standard Requirement Initial Performance by Notes CIP-010-2 Part 2.1 8/5/2016 Initial performance for this Part is required by August 5, 2016 (i.e., within 35 calendar days after July 1, 2016), per the Implementation Plan for Version 5 CIP Cyber Security Standards, dated October 26, 2012 and incorporated by reference into the Implementation Plan for CIP Version 5 Revisions, dated January 23, 2015. CIP-010-2 Part 3.1 7/1/2017 Initial performance for this Part is required by July 1, 2017 (i.e., within 12 calendar months after July 1, 2016), per the Implementation Plan for Version 5 CIP Cyber Security Standards, dated October 26, 2012 and incorporated by reference into the Implementation Plan for CIP Version 5 Revisions, dated January 23, 2015. CIP-010-2 Parts 3.2.1 and 3.2.2 7/1/2018 Initial performance for this Part is required by July 1, 2018 (i.e., within 24 calendar months after July 1, 2016), per the Implementation Plan for Version 5 CIP Cyber Security Standards, dated October 26, 2012 and incorporated by reference into the Implementation Plan for CIP Version 5 Revisions, dated January 23, 2015. CIP-010-2 R4 4/1/2017 The compliance date for CIP-010-2, R4 and its attachment is April 1, 2017, per the Implementation Plan for CIP Version 5 Revisions, dated January 23, 2015. CIP-010-2 Att.1 Sec. 1 CIP-010-2 Att. 1 Sec. 2 CIP-010-2 Att. 1 Sec. 3

CIP-014-2 Enforcement Dates Event Implementation NLT Date Total Days R1 Risk Assessment Effective Date 10/1/2015 Day 0 R2 Verification Effective + 90 12/30/2015 Day 90 R2.3 Modifications Day 90 + 60 2/28/2016 Day 150 R3 Control Centers R2 + 7 3/6/2016 Day 157 R4 Threat Assessment R2 + 120 6/27/2016 Day 270 R5 Security Plan R6 Verification R5 + 90 9/25/2016 Day 360 R6.3 Modifications Day 360 + 60 11/24/2016 Day 420

Resources NERC Standards Webpage One Stop Shop Spreadsheet Reliability Standards U.S. Enforcement Dates Functional Applicability Spreadsheet Balloting and Commenting CIP V5 Transition Program CIP Version 5 Effective Dates Spreadsheet

Questions Rachel Coyne rsm@texasre.org 512-583-4956