NERC Cyber Security Standards Pre-Ballot Review

Slides:

Advertisements

Similar presentations

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.

Advertisements

Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.

Course Material Overview of Process Safety Compliance with Standards

STATUS OF BULK ELECTRIC SYSTEM DEFINITION PROJECT

CIP Cyber Security – Security Management Controls

PER Update & Compliance Lessons Learned

Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.

Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)

Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP

Compliance Application Notice Process Update and Discussion with NERC MRC.

Cyber Security Plan Implementation Presentation to CMBG Glen Frix, Duke Energy June 20,

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

1. 11/26/2012: NERC Board of Trustees adopted CIP v5 CIP thru CIP CIP and CIP Version 5 Filing FERC requested filing by 3/31/2013.

Jeffery J. Gust IOWA INDUSTRIAL ENERGY GROUP FALL CONFERENCE Tuesday, October 14, 2014 MidAmerican Energy Company.

Cyber Security Standard Workshop Status of Draft Cyber Security Standards Larry Bugh ECAR Standard Drafting Team Chair January 2005.

June 6, 2007 TAC Meeting NERC Registration Issues Andrew Gallo, Assistant General Counsel, Litigation and Business Operations ERCOT Legal Dept.

Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.

Update in NERC CIP Activities June 5, Update on CIP Update on Revisions to CIP Version 5 –BES Cyber Asset Survey –Implementation Plan Questions.

GOP and QSE Relationship Jeff Whitmer Manager, Compliance Assessments Talk with Texas RE June 25, 2012.

B O N N E V I L L E P O W E R A D M I N I S T R A T I O N 1 Network Operating Committee (NOC) June 12 th, 2014.

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

CIP 43 ReliabilityFirst Audit Observations ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Tony Purgar, Sr. Consultant - Compliance.

Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security

Federal Energy Regulatory Commission June Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation - ERO Perspective David R. Nevius and Michael J. Assante 2009 NRC Regulatory.

1 Remote Access Update ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Lew Folkerth, Senior Engineer - Compliance.

Implementing the New Reliability Standards Status of Draft Cyber Security Standards CIP through CIP Larry Bugh ECAR Standard Drafting Team.

SPP.org 1. EMS Users Group – CIP Standards The Compliance Audits Are Coming… Are You Ready?

Standards Update Steve Rueckert – Director of Standards W ESTERN E LECTRICITY C OORDINATING C OUNCIL.

Actions Affecting ERCOT Resulting From The Northeast Blackout ERCOT Board Of Directors Meeting April 20, 2004 Sam Jones, COO.

1 CIP Cyber Security – Personnel & Training Steve Garn CIP Compliance Workshop Baltimore, MD August 19-20, 2009 © ReliabilityFirst Corporation.

Overview of WECC and Regulatory Structure

Status Report for Critical Infrastructure Protection Advisory Group

Project System Protection Coordination Requirement revisions to PRC (ii) Texas Reliability Entity NERC Standards Reliability Subcommittee.

Project (COM-001-3) Interpersonal Communications Capabilities Michael Cruz-Montes, CenterPoint Energy Senior Consultant, Policy & Compliance, SDT.

Item 5d Texas RE 2011 Budget Assumptions April 19, Texas RE Preliminary Budget Assumptions Board of Directors and Advisory Committee April 19,

Generation assets important to the reliable operation of the Bulk Electric System What does this mean?

Paragraph 81 Project. 2RELIABILITY | ACCOUNTABILITY Background FERC March 15, 2012 Order regarding the Find, Fix, Track and Report (FFT) process  Paragraph.

Project Cyber Security Order 706 Version 5 CIP Standards Potential to Adversely Impact ERCOT Black Start Capability.

Date CIP Standards Update Chris Humphreys Texas RE CIP Compliance.

NERC Project S ystem Protection Coordination - PRC-027 Presentation to the NSRS Conference Call August 17, 2015 Sam Francis Oncor Electric Delivery.

September 25, 2008 Public ERCOT Critical Infrastructure Protection Advisory Group (CIP AG) TASOR TF Update Jim Brenton, CISSP CISM Director of Security.

Employee Privacy at Risk? APPA Business & Financial Conference Austin, TX September 25, 2007 Scott Mix, CISSP Manager of Situation Awareness and Infrastructure.

Page 1 of 13 Texas Regional Entity ROS Presentation April 16, 2009 T EXAS RE ROS P RESENTATION A PRIL 2009.

Tony Purgar June 22,  Background  Portal Update ◦ CIP 002 thru 009 Self Certification Forms  Functional Specific (i.e. BA, RC, TOP – SCC, Other)

Projects System Protection Coordination Draft 2 of TOP Texas Reliability Entity NERC Standards Reliability Subcommittee November 2, 2015.

WECC – NERC Standards Update

COM Operating Personnel Communications Protocols

ERCOT Technical Advisory Committee June 2, 2005

NERC CIP Implementation – Lessons Learned and Path Forward

CEO/Co-founder, SOS Intl

Understanding Existing Standards:

Larry Bugh ECAR Standard Drafting Team Chair January 2005

CIPC Relationships & Roles

Background (history, process to date) Status of CANs

Larry Bugh ECAR Standard Drafting Team Chair January 2005

NERC Critical Infrastructure Protection Advisory Group (CIP AG)

NERC Cyber Security Standard

Reliability Standards Development Plan

Critical Infrastructure Protection Committee

NERC Reliability Standards Development Plan

Larry Bugh ECAR Standard Drafting Team Chair June 1, 2005

Steve Rueckert – Director of Standards

NERC Reliability Standards Development Plan

WECC – NERC Standards Update

WebCast on Draft Cyber Security Standard 1300 October 18, 2004

CR-GR-HSE-302 Management of change

Management of Change GROUP HSE RULE (CR-GR-HSE-302)

Presentation transcript:

NERC Cyber Security Standards Pre-Ballot Review

Background President’s Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action Cyber Security Standards 1200 Joint US-Canada Task Force Report on the August 2003 Blackout National Infrastructure Protection Plan

General Numerous comments received on Draft 3 Comments focused on technical issues Comments represented industry consensus

General Ensured that requirements are clear and concise. Eliminated redundancy between the standards. Ensured that levels of noncompliance correctly align with the requirements and are auditable. Removed references to IAW/SOP

Definitions The definition of Critical Assets was changed to remove the references to “large quantities of customers” and “significant risk to public health and safety.” The new definition is “Facilities, systems, and equipment which, if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the Bulk Electric System.”

CIP-002 Critical Cyber Asset Identification List of Required Critical Assets in Requirement 1 was removed. R1 divided into two requirements: “R1. Critical Asset Identification Method” and “R2. Critical Asset Identification.” (New R1 requires Responsible Entities to identify and document a risk-based assessment methodology that shall consider, at a minimum, certain assets as listed in the standard.) R2 requires Responsible Entities to apply the risk-based assessment methodology required in R1 to identify their lists of Critical Assets. The assets listed for consideration no longer contain references to “IROL” or “80% or greater of the largest single contingency within the Regional Reliability Coordinator.”

CIP-004 Personnel and Training The update period for Personnel Risk Assessment was extended to 7 years. The review period was changed to be consistent with the update period. Personnel risk assessments and training no longer need to be completed prior to permitting authorized cyber or authorized unescorted physical access; rather, they must be conducted within 90 calendar days of personnel being granted such access.

Other Changes of Significance CIP-003 – Security Management Controls Provision for emergency situations Removed “test environment” from Change Management CIP-005 – Electronic Security Perimeter(s) Removed requirement for port scanning

Implementation Plan for Standards Implementation plan has been modified to recognize the time necessary to fully implement these standards. New phase of compliance has been added to the tables. Begin Work (BW) has been clarified to mean a Responsible Entity has developed and approved a plan to address the requirements of a standard, has begun to identify and plan for necessary resources, and has begun implementing the requirements. This new phase is “C” for compliance, which means that a Responsible Entity is in compliance with the requirements of the standards, but has not yet had the time necessary to compile a full calendar year’s worth of documentation where necessary.

Ballot Process Balloting opens Feb. 17th for ten days Drafting Team will respond to any negative comments If necessary, recirculation balloting will be conducted Persons interested in voting must be registered to ballot pool by Feb. 17th

And now it’s time for your questions and comments. Larry Bugh Chair, Cyber Security Standards Drafting Team 330.580.8017 larry.bugh@rfirst.org