CIP Version 5 Transition Guidance September 2013 Open-Webinar

Slides:

Advertisements

Similar presentations

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.

Advertisements

2004 NERC, NPCC & New England Compliance Programs John Norden Manager, Operations Training, Documentation & Compliance August 31, 2003 RC Meeting.

WECC/TEPPC Response to DOE Funding Opportunity Status Update June 29, 2009 Bradley Nickell Renewable Integration and Planning Director.

Unscheduled Flow Administrative Subcommittee Report Robin Chung October 24, 2013 Anaheim, CA.

NERC TPL Standard Issues TSS Meeting #146 Seattle, WA August 15-17, 2007 Chifong Thomas.

Standards Development and Approval Process Steve Rueckert Director of Standards Joint Guidance Committee WECC Leadership Annual Training Session Salt Lake.

1 MSRATF Update to TSS (Modeling SPS and RAS Ad Hoc Task Force) Scope of Work Approval January 25, 2013 Joe Seabrook Puget Sound Energy.

Process for Developing and Approving WECC Regional Criteria Preschedule Process Regional Criteria Drafting Team Meeting Conference Call - Webinar October.

WECC Response to BAL-002-WECC-1 Remand Order December 10, 2010 WECC Board of Directors Meeting Steve Rueckert Director of Standards.

Document Categorization Steve Ashbaker Director of Operations Joint Guidance Committee WECC Leadership Annual Training Session Salt Lake City, UT May 6-7,

1 Compliance Report WECC Board of Directors Meeting December 7-8, 2006 Steve Rueckert Director, Standards and Compliance.

NERC Orientation Joint Guidance Committee WECC Leadership

Reliability Provisions of EPAct of 2005 & FERC’s Final Rule

Notice of Proposed Rulemaking on Standards WECC Board of Directors Meeting December 7-8, 2006.

Interchange Scheduling and Accounting Subcommittee Update October 2008 Gary Nolan ISAS Vice-Chair.

Market Interface Committee Recent Regulatory Activities Philip Tice October 14, 2011.

3/2/ STANLEY LIGAS, et al. v. JULIE HAMOS, et al. First Annual Report of the Monitor September 27, 2012 Tony Records, Monitor

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION

MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

Gaining Senior Leadership Support for Continuity of Operations

FERC Order minute Scheduling.

Laura Scholl Managing Director of Stakeholder Outreach

EMS Checklist (ISO model)

1 Dr. Ashraf El-Farghly SECC. 2 Level 3 focus on the organization - Best practices are gathered across the organization. - Processes are tailored depending.

Human Capital Investment Programme Disability Activation Project (DACT) WELCOME Support Workshop Thursday 7 th February

Brent Castagnetto, CBRM, CBRA, MABR Manager, Cyber Security Audits

Reliability Subcommittee Report Vishal C. Patel Chair – Reliability Subcommittee March 2014.

Jerry Rust Chair - Underfrequency Load Shedding Criterion Team

NERC ATC Standards Update W. Shannon Black Manager, Business Practices and Standards Processes April 22, 2009.

WECC COMPLIANCE OUTREACH OPEN WEBINAR

CUG Meeting June 3 – 5 Salt Lake City, UT

W. Shannon Black Manager, Standards Processes Results Based Drafting 2013.

Keshav Sarin Manager, Compliance Risk Analysis

1 Training Package Re-Design and its opportunities.

1 ASX Listing Rule Amendments – Reporting Requirements for Mining Companies and the JORC Code 2012 ASX Presentation 2013.

Addition 1’s to 20.

GRS Transmittal 23 GRS Team Records Management Services Office of the Chief Records Officer.

Electronic Personnel Master File (ePMF) 1 District Preparation Overview Managing the Electronic Staff Collection Process New York State Education.

North American Electric Reliability Council 1 Coordinate Operations Standard Jason Shaver Standard Drafting Team Chair September 29, 2005.

Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.

Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)

Brent Castagnetto Manager, Cyber Security Audits & Investigations Team CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City, UT May 14-15, 2014.

1 Compliance Guidance for Initial Compliance Review Dates Lew Folkerth 2Q2010 Webinar June 22, 2010.

Compliance Application Notice Process Update and Discussion with NERC MRC.

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

1. 11/26/2012: NERC Board of Trustees adopted CIP v5 CIP thru CIP CIP and CIP Version 5 Filing FERC requested filing by 3/31/2013.

BS Information Systems – University of Redlands BS Information Systems – University of Redlands AS Electronic Technology AS Electronic Technology Project.

CIP Version 5 Update OC Meeting November 7, 2013.

Physical Security CIP NERC Standing Committees December 9-10, 2014.

Update in NERC CIP Activities June 5, Update on CIP Update on Revisions to CIP Version 5 –BES Cyber Asset Survey –Implementation Plan Questions.

Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security

Federal Energy Regulatory Commission June Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

1 Arizona Corporation Commission BTA Workshop Presenter: Steven Cobb May 23, 2008.

Steve Rueckert Director of Standards TPL Discussion – PCC Steering Committee March 25, 2014.

1 Remote Access Update ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Lew Folkerth, Senior Engineer - Compliance.

SPP.org 1. EMS Users Group – CIP Standards The Compliance Audits Are Coming… Are You Ready?

1 Texas Regional Entity 2008 Budget Update May 16, 2007.

Status Report for Critical Infrastructure Protection Advisory Group

Item 5d Texas RE 2011 Budget Assumptions April 19, Texas RE Preliminary Budget Assumptions Board of Directors and Advisory Committee April 19,

Employee Privacy at Risk? APPA Business & Financial Conference Austin, TX September 25, 2007 Scott Mix, CISSP Manager of Situation Awareness and Infrastructure.

Page 1 of 13 Texas Regional Entity ROS Presentation April 16, 2009 T EXAS RE ROS P RESENTATION A PRIL 2009.

Texas Regional Entity ROS Presentation January 15, 2009 T EXAS RE ROS P RESENTATION J ANUARY 2009.

NERC Cyber Security Standards Pre-Ballot Review

Background (history, process to date) Status of CANs

Support Systems and Tools

Standards Development Process

Presentation transcript:

Brent Castagnetto CBRM, CBRA, MABR Manager, Cyber Security Audits & Investigations CIP Version 5 Transition Guidance September 2013 Open-Webinar September 19th 2013

Mandatory and Enforceable = V3 The WECC Cyber Security Audit Team will audit to Version 3 of the CIP Standards until such time as: Version 4 becomes mandatory & enforceable (10/1/14) FERC provides remand of V4, or approves V5 NERC provides implementation plan guidance on V3 – V5 transition There will be opportunity to begin preparing for V5 Slide used last month. Now NERC has the guidance so we are talking about it

NERC Version 5 Transition Guidance On April 18th 2013 FERC issued a NOPR proposing to approve CIP V5 Some changes were requested & NERC has responded On September 5th 2013 NERC provided revised guidance related to CIP Version 5 Transition Period is from 9/5/2013 to V5 mandatory and enforceable date (still unknown)

Version 4 / 5 Update On 7/18/2013, the “Trade Associations” filed a motion to delay the deadline for complying with V4. FERC granted a six month extension on V4 to 10/1/2014. Logical conclusion that V5 will be approved before. Intel suggests approval sometime in Q4 of 2013. Tea leaves etc http://elibrary.ferc.gov/idmws/file_list.asp?accession_num=20130812-3014 http://bit.ly/13ZFLWx

CIP Version 5 Transition Guidance “Prior to the date of mandatory enforcement of CIP Version 5, a Responsible Entity must continue to comply with the CIP Version 3 Standards (CIP-003-3 through CIP-009-3) during the Transition Period” An entity may continue to maintain and apply its CIP-002-3 RBAM during the transition period or it may choose one of two options to identify and document Critical Assets in lieu of maintaining a RBAM (R1) and applying (R2) its CIP-002-3 RBAM.

CIP Version 5 Transition Guidance On or after April 11th 2013, Registered Entities may choose: Option 1. Utilize the CIP Version 4 bright-line criteria in its entirety, with the exception of criterion 1.4 (Blackstart Resources) and criterion 1.5 (Cranking Paths), to identify assets subject to the controls in CIP-003-3 through CIP-009-3, or

CIP Version 5 Transition Guidance On or after September 5th 2013, Registered Entities may choose: Option 2. Utilize the CIP Version 5 “High” and “Medium” Impact Ratings (see CIP-002-5 -Attachment 1: IRC, pp. 14-16) to identify assets subject to the controls in CIP-003-3 through CIP-009-3

CIP Version 5 Transition Guidance Things to consider: Entities choosing option 1 or 2 as a valid Critical Asset Identification [CAID] methodology may decide to remove Critical Assets previously identified under a CIP-002-3 RBAM. CIP Versions 4 and 5 contain requirements for asset identification that permit certain third parties to designate an asset as critical (Reliability Coordinators, Transmission Planners, Planning Coordinators, or Planning Authorities)

CIP Version 5 Transition Guidance Things to consider: If option 1 (V4) is selected, be aware of Bright-Line Criteria 1.3, 1.8, 1.9, and 1.10 If option 2 (V5) is selected, be aware of Impact Rating Criteria 2.3, 2.6 and 2.8

CIP-002-3 R3 After the application of one of the two options to identify and document a list of Critical Assets, the entity must use the list of Critical Assets and apply its current CIP-002-3 R3 Critical Cyber Asset Identification methodology [CCAID] to document a list of Critical Cyber Assets [CCAs] that are essential to the operation of the Critical Asset and meet one of the qualifying connectivity attributes (R3.1-R3.3). No change from the current CIP-002-3 R3 process

CIP-002-3 R4 The CIP Senior Manager must also review and approve the list of Critical Assets and the list of Critical Cyber Assets, even if such lists are null, at least annually (R4). The only change to R4 is annual review and approval of the RBAM will not be required if the entity has chosen option 1 or 2.

CIP-003-3 through CIP-009-3 Based on the results of the application of the chosen CAID methodology, and subsequent application of the CCAID methodology to the list of Critical Assets, if the entity identifies a list of CCAs, the entity must continue to comply with all of CIP-003-3 through CIP-009-3. If the list of CCAs is null, the entity must continue to comply with CIP-002-3 R1-R4 (with the changes identified above) and CIP-003-3 R2.

CIP Version 5 Transition Guidance A Responsible Entity must identify the approach it is using for asset identification as part of its response to a pre-Compliance Audit Survey, a pre-Spot Check data request, or as otherwise requested pursuant to the Compliance Monitoring and Enforcement Program WECC will request information surrounding your approach in the audit / spot check notices in 2014 A good practice to meet this data request is to have the CIP Senior Manager sign and date a statement declaring the entity’s choice of CAID methodology.

CIP Version 5 Transition Guidance Within the Transition Guidance Document there is reference to the CIP Version 5 Study The study will collect and evaluate data from selected entities regarding implementation of CIP V5 These results will be shared with industry upon completion of the study

CIP Version 5 Transition Guidance What is the purpose of Transition Implementation Study? Determine compliance and enforcement expectations for the Industry during the transition from v3 to v5 Determine technical challenges or compliance issues that limit the effective compliance to the CIP standards Improve consistency, transparency and awareness of the newly approved CIP standards

CIP Version 5 Transition Timeline

How will WECC Prepare for V5? WECC will provide significant outreach beginning at the September CIP-101 and throughout 2014 on the CIP Version 5 audit approach. Two Day outreach events will be held in various locations around the western interconnection to facilitate in person attendance. February 5-6 & March 19-20 2014 Open webinar and CIPUG events will be used to advise WECC entities

References References used in this presentation FERC Notice of Proposed Rulemaking (NOPR) on CIP Version 5 http://www.ferc.gov/whats-new/comm-meet/2013/041813/E-7.pdf Trade Associations Request http://bit.ly/13ZFLWx FERC Notice Granting Extension Of Time http://elibrary.ferc.gov/idmws/file_list.asp?accession_num=20130812-3014 NERC V5 Transition Guidance http://www.nerc.com/pa/comp/Resources/ResourcesDL/Cyber%20Security%20Standards%20Transition%20Guidance%20(Revised).pdf

WECC CIP-002 Subject Matter Experts Dr. Joe Baugh jbaugh@wecc.biz (M) 520.331.6351 (O) 360.567.4061 Bryan Carr bcarr@wecc.biz (O) 801-819-7691 (M) 801-837-8425

Questions? Brent Castagnetto CBRM, CBRA, MABR Manager, Cyber Security Audits & Investigations O: 801.819.7627 M: 801.597.7957 bcastagnetto@wecc.biz