Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP 002 - 009 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP 002 - 009.

Slides:



Advertisements
Similar presentations
Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
Advertisements

1 WECC/AESO Membership and Coordinating Operating Agreement WECC Board of Directors Meeting December 2007 Diana Pommen Director Interjurisdictional Affairs.
2007 Goals. Introduction Western Electricity Coordinating Council (WECC) will be primarily defined throughout the 2007 year by Electric Reliability.
Notice of Proposed Rulemaking on Standards WECC Board of Directors Meeting December 7-8, 2006.
NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.
PER
Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)
Why TADS Is Needed No systematic transmission outage data collection effort exists for all of North America Energy Information Administration data (Schedule.
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst.
1. 11/26/2012: NERC Board of Trustees adopted CIP v5 CIP thru CIP CIP and CIP Version 5 Filing FERC requested filing by 3/31/2013.
BS Information Systems – University of Redlands BS Information Systems – University of Redlands AS Electronic Technology AS Electronic Technology Project.
1 Eric T. Whitley Selected Relevant Experience Background Eric T. Whitley President & CEO 1831 Iron Point Road, Suite 140 Folsom, CA Tel: (916)
Jeffery J. Gust IOWA INDUSTRIAL ENERGY GROUP FALL CONFERENCE Tuesday, October 14, 2014 MidAmerican Energy Company.
Physical Security CIP NERC Standing Committees December 9-10, 2014.
Electric Power Infrastructure: Status and Challenges for the Future Mark Lauby Director, Reliability Assessments and Performance Analysis.
Mandatory Reliability Rules Implementing the Electric Reliability Organization David W. Hilt Vice President & Director of Compliance APPA Reliability Symposium.
1 FRCC Compliance Organization and Entity Registration 2008 FRCC Compliance Workshop.
Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.
Ontario Overview Dave Short Senior Regulatory Analyst, Regulatory Affairs IESO’s ERO Workshop – June 28, 2006.
GOP and QSE Relationship Jeff Whitmer Manager, Compliance Assessments Talk with Texas RE June 25, 2012.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security
City of Leesburg Electric Department Internal Compliance Program (ICP)
Federal Energy Regulatory Commission June Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
Entity Registration Under EPAct 2005 Public Power Council April 6, 2006 Louise McCarren Chief Executive Officer WECC.
1 Arizona Corporation Commission BTA Workshop Presenter: Steven Cobb May 23, 2008.
Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation - ERO Perspective David R. Nevius and Michael J. Assante 2009 NRC Regulatory.
APPA RELIABILITY STANDARDS & COMPLIANCE SYMPOSIUM Case Study: City Utilities of Springfield, MO January 11, 2007.
Integration of Variable Generation Task Force Preliminary Conclusions and Actions.
1 CIP Critical Cyber Asset Identification A Compliance Perspective Lew Folkerth CIP Compliance Workshop Baltimore, MD August 19-20, 2009 © ReliabilityFirst.
Implementing the New Reliability Standards Status of Draft Cyber Security Standards CIP through CIP Larry Bugh ECAR Standard Drafting Team.
NERC as the ERO Craig Lawrence Manager of Organization Registration, Certification, and Compliance Monitoring.
Texas Regional Entity Update Sam Jones Interim CEO and President Board of Directors July 18, 2006.
Actions Affecting ERCOT Resulting From The Northeast Blackout ERCOT Board Of Directors Meeting April 20, 2004 Sam Jones, COO.
Overview of WECC and Regulatory Structure
1. 2 NERC Bulk Electric System (BES) Definition (NERC Glossary of Terms Used in Reliability Standards) FERC Order 693 FRCC Handbook Review Task Force.
Status Report for Critical Infrastructure Protection Advisory Group
“NERC Hot Topics” Marc Butts May 9, 2008 Marc Butts May 9, 2008.
Mandatory Electric Reliability Standards and Transmission Expansion Suedeen G. Kelly Commissioner Federal Energy Regulatory Commission The Canadian Institute.
Item 5d Texas RE 2011 Budget Assumptions April 19, Texas RE Preliminary Budget Assumptions Board of Directors and Advisory Committee April 19,
WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.
Generation assets important to the reliable operation of the Bulk Electric System What does this mean?
The Electric Reliability Organization: Getting from here to there. Gerry Cauley Director, Standards ERO Project Manager ERO Slippery Slope NERC Today Uphill.
Problem Areas Updates Penalties FRCC Compliance Workshop September / October
Project Cyber Security Order 706 Version 5 CIP Standards Potential to Adversely Impact ERCOT Black Start Capability.
Date CIP Standards Update Chris Humphreys Texas RE CIP Compliance.
Updated 1/28/2011.
Standing Up The New Electric Reliability Organization Ellen P. Vancko North American Electric Reliability Council.
COMPLIANCE ROLLOUT Vann Weldon Compliance Training Administrator March 23, 2005 NERC FUNCTIONAL MODEL REVIEW.
Congestion Management in a Market Environment David Nevius Senior Vice President North American Electric Reliability Council.
November 2, 2006 LESSONS FROM CIPAG 1 Lessons from Critical Infrastructure Group Bill Bojorquez November 2, 2006.
RSC An Overview of Fill-In-the-Blanks (FIB) Reliability Standards Farzaneh Tafreshi Manager, Reliability Standards Texas Regional Entity
Overview of the Grid Clean Power Plan and Tribes October 15, 2015 webinar.
Electric Reliability Organization and Issues in Texas Technical Advisory Committee January 4, 2006 Jess Totten Director, Electric Industry Oversight Division.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
SAR 001 DT Presentation Texas RE Presentation to SAR-001 Drafting Team Farzaneh Tafreshi Manager, Reliability Standards Texas Regional Entity.
1 Power System Restoration. 2 Not Active 3 4 Compliance Audit Process APPA E&O Technical Conference – Atlanta April 16, 2007.
State Regulation in the Natural Monopoly Sphere Agency of the Republic of Kazakhstan on Regulation of Natural Monopolies ALMATY – 2006.
ERCOT Technical Advisory Committee June 2, 2005
NERC Cyber Security Standards Pre-Ballot Review
CEO/Co-founder, SOS Intl
Understanding Existing Standards:
NERC Critical Infrastructure Protection Advisory Group (CIP AG)
Workshop Session 1: Overview
NERC Cyber Security Standard
The Electric Reliability Organization: Getting from here to there.
Mandatory Reliability Standards
Workshop Session 1: Overview
Larry Bugh ECAR Standard Drafting Team Chair June 1, 2005
Presentation transcript:

gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP

gcpud2 Once Upon a Time Shared rights and responsibilities for transmission planning and operations, transmission service –Payments in kind –Loose coordination agreements –No third-party transmission access Costs of service allocated broadly –Federal and state rate regulation North American Electric Reliability Council (NERC) sets voluntary operating policies –Membership comprised of eight regional reliability councils –Regional councils set broad range of requirements to implement operating policies Shared rights and responsibilities for transmission planning and operations, transmission service –Payments in kind –Loose coordination agreements –No third-party transmission access Costs of service allocated broadly –Federal and state rate regulation North American Electric Reliability Council (NERC) sets voluntary operating policies –Membership comprised of eight regional reliability councils –Regional councils set broad range of requirements to implement operating policies Once Upon a Time

gcpud3 Things Changed Following severe economic dislocations, broad-based initiatives to bring market discipline to business sectors Intense debates produced Energy Policy Act of 1992 –Authorizes FERC to set rules for third-party access to high-voltage transmission to make sales for resale –Order 888 that eventually lead to Order 2003 standards for generation interconnection. Following severe economic dislocations, broad-based initiatives to bring market discipline to business sectors Intense debates produced Energy Policy Act of 1992 –Authorizes FERC to set rules for third-party access to high-voltage transmission to make sales for resale –Order 888 that eventually lead to Order 2003 standards for generation interconnection. Things Changed

gcpud4 FERC Jurisdiction “…over the ERO,…any regional entities, and all users, owners, and operators of the bulk-power system,…” and any entities included in the ERO rules. “…for purposes of approving standards …and enforcing compliance.” “Bulk power system” –“…facilities and control systems necessary for operating an interconnected electric energy transmission network, and electric energy from generation…needed to maintain reliability,…” excluding local distribution facilities. “…over the ERO,…any regional entities, and all users, owners, and operators of the bulk-power system,…” and any entities included in the ERO rules. “…for purposes of approving standards …and enforcing compliance.” “Bulk power system” –“…facilities and control systems necessary for operating an interconnected electric energy transmission network, and electric energy from generation…needed to maintain reliability,…” excluding local distribution facilities. FERC Jurisdiction

gcpud5 E R O Natural evolution to seek clarification of roles, rights, and responsibilities for physical system planning and operations 1998 –Call begins for federal legislation requiring creation of organization to set and enforce mandatory standards 2005 –Energy Policy Act of 2005 (EPAct) creates Section 215 of the Federal Power Act Expands FERC regulatory authority to reliability Defines Electric Reliability Organization (ERO) Natural evolution to seek clarification of roles, rights, and responsibilities for physical system planning and operations 1998 –Call begins for federal legislation requiring creation of organization to set and enforce mandatory standards 2005 –Energy Policy Act of 2005 (EPAct) creates Section 215 of the Federal Power Act Expands FERC regulatory authority to reliability Defines Electric Reliability Organization (ERO) E R O

gcpud6 Energy Policy Act of 2005 Assigns ownership of the issue of bulk power system reliability to FERC in the US Applies to all users, owners, and operators of the bulk power system Create an Electric Reliability Organization –NERC named ERO in July 2006 –Creates reliability standards –Sets reliability standards for bulk power system –Monitors & enforces compliance with standards Assigns ownership of the issue of bulk power system reliability to FERC in the US Applies to all users, owners, and operators of the bulk power system Create an Electric Reliability Organization –NERC named ERO in July 2006 –Creates reliability standards –Sets reliability standards for bulk power system –Monitors & enforces compliance with standards

gcpud7 NERC REGIONS

gcpud8 Who Does What? RO - Reliability Coordinator TO -Transmission Owner GO - Generation Owner LSE - Load Serving Entity RO - Reliability Coordinator TO -Transmission Owner GO - Generation Owner LSE - Load Serving Entity BA - Balancing Authority TSP -Transmission Service Provider TO -Transmission Operator GO - Generation Operator RRO - Regional Reliability Organization BA - Balancing Authority TSP -Transmission Service Provider TO -Transmission Operator GO - Generation Operator RRO - Regional Reliability Organization Who Does What?

gcpud9 The Big Picture NPCCSERCERCOTRFCFRCCWECCMROSPP RCBATOTOPTSPGOGOPLSENERCRRO Implementation Schedule Table 1 Implementation Schedule Table 2 Implementation Schedule Table 3 Implementation Schedule Table 4 CIP003CIP004CIP005CIP006CIP007CIP008CIP009 Begin Work Substantially Compliant Auditably Compliant CIP002 - Critical Cyber Asset Identification Control Centers Transmission Substations Generation System Restoration (Blackstart) Automatic Load Shed (300 MW) Special Protection Systems Other Controls and Documentation The Big Picture

gcpud10 Scope of CIP Applies to these bulk power system entities: –IOUs –Coops –Federal –Municipals –State agencies –Others Within the entities –Operations –Substations –IT –Generating Plants Applies to these bulk power system entities: –IOUs –Coops –Federal –Municipals –State agencies –Others Within the entities –Operations –Substations –IT –Generating Plants

gcpud11 Cyber Security Standards –CIP002: Critical Cyber Asset Identification –CIP003: Security Management Controls –CIP004: Personnel and Training –CIP005: Electronic Security Perimeter(s) –CIP006: Physical Security –CIP007: Systems Security Management –CIP008: Incident Reporting and Response Planning –CIP009: Recovery Plans for Critical Cyber Assets –CIP002: Critical Cyber Asset Identification –CIP003: Security Management Controls –CIP004: Personnel and Training –CIP005: Electronic Security Perimeter(s) –CIP006: Physical Security –CIP007: Systems Security Management –CIP008: Incident Reporting and Response Planning –CIP009: Recovery Plans for Critical Cyber Assets Cyber Security Standards

gcpud12 BULK ELECTRIC SYSTEM As defined by the Regional Reliability Organization, the electrical generation resources, transmission lines, interconnections with neighboring systems, and associated equipment, generally operated at voltages of 100 kV or higher. Radial transmission facilities serving only load with one transmission source are generally not included. As defined by the Regional Reliability Organization, the electrical generation resources, transmission lines, interconnections with neighboring systems, and associated equipment, generally operated at voltages of 100 kV or higher. Radial transmission facilities serving only load with one transmission source are generally not included.

gcpud13 CIP 002 Critical Cyber Asset Identification 1 Filtering Identifying Critical Assets Critical Electric Assets Output list of CCAs Bulk Electric Assets

gcpud14 Risk Basis If the asset were to be compromised or removed from service, what would be the impact, either direct or indirect to transmission grid reliability or operatability.’ If the asset were to be compromised or removed from service, what would be the impact, either direct or indirect to transmission grid reliability or operatability.’

gcpud15 Methodology A four (4) step process. Task 1: Assemble team of SMEs (Subject Mater Experts) to list electric assets by both physical and calculated means using power flow models and system simulations. Task 2: Eliminate non critical assets and list in ‘Null List’; remaining are Critical Electrical Assets. Task 3: Select Cyber Assets supporting Critical Electric Assets. Task 4: Determine Critical Cyber Assets. A four (4) step process. Task 1: Assemble team of SMEs (Subject Mater Experts) to list electric assets by both physical and calculated means using power flow models and system simulations. Task 2: Eliminate non critical assets and list in ‘Null List’; remaining are Critical Electrical Assets. Task 3: Select Cyber Assets supporting Critical Electric Assets. Task 4: Determine Critical Cyber Assets.

gcpud16 CIP 002 Critical Cyber Asset Identification 2 Filtering Essential to operation of critical asset and meets CIP002-R3 Cyber Assets Critical Electric Assets CRITICAL CYBER ASSETS

gcpud17 Cyber Asset Definiation Critical cyber assets are assets that meet at least one of the following requirements: –the cyber asset uses a routable protocol to communicate outside the electronic security perimeter; or, –the cyber asset uses a routable protocol within a control center; or, –the cyber asset is dial-up accessible. Critical cyber assets are assets that meet at least one of the following requirements: –the cyber asset uses a routable protocol to communicate outside the electronic security perimeter; or, –the cyber asset uses a routable protocol within a control center; or, –the cyber asset is dial-up accessible.

gcpud18 RAM - T RAM-DSM was the first RAM developed at Sandia for critical infrastructures. Bonneville Power Administration commissioned Sandia National Laboratories to develop the Risk Assessment Methodology for Transmissions (RAM- TSM) based on RAM-DSM. RAM-TSM is a way to analyze the current security risks and systematically characterize and assess the security requirements of the nation's electrical transmission system facilities to deter, prevent, and mitigate malevolent attacks. The methodology and training has been made available to owners, operators, managers, and others responsible for transmitting electrical power. RAM-DSM was the first RAM developed at Sandia for critical infrastructures. Bonneville Power Administration commissioned Sandia National Laboratories to develop the Risk Assessment Methodology for Transmissions (RAM- TSM) based on RAM-DSM. RAM-TSM is a way to analyze the current security risks and systematically characterize and assess the security requirements of the nation's electrical transmission system facilities to deter, prevent, and mitigate malevolent attacks. The methodology and training has been made available to owners, operators, managers, and others responsible for transmitting electrical power.

gcpud19 What to do next? Attend one of the NERC regional workshops on cyber security standardsAttend one of the NERC regional workshops on cyber security standards ftp:// nnouncement.pdfftp:// nnouncement.pdf Get involved in NERC standards processGet involved in NERC standards process –Registered Ballot Body –Standards drafting teams –Comment of proposed standards Get involved in your regions standards processGet involved in your regions standards process Find out about compliance assurance within your organizationFind out about compliance assurance within your organization –Some companies building formal internal compliance programs Attend one of the NERC regional workshops on cyber security standardsAttend one of the NERC regional workshops on cyber security standards ftp:// nnouncement.pdfftp:// nnouncement.pdf Get involved in NERC standards processGet involved in NERC standards process –Registered Ballot Body –Standards drafting teams –Comment of proposed standards Get involved in your regions standards processGet involved in your regions standards process Find out about compliance assurance within your organizationFind out about compliance assurance within your organization –Some companies building formal internal compliance programs

gcpud20 NERC WORKSHOP How to make an Asset Inventory Set up Change Management Physical and Electronic Access Control and Monitoring Governance Incident Response Documentation, Classification & Control Network Management Personnel Risk Assessment Physical Security Recovery Operations Systems Management Testing procedures Employee Training Performing Vulnerability Assessments Prepare for a Compliance Audit. How to make an Asset Inventory Set up Change Management Physical and Electronic Access Control and Monitoring Governance Incident Response Documentation, Classification & Control Network Management Personnel Risk Assessment Physical Security Recovery Operations Systems Management Testing procedures Employee Training Performing Vulnerability Assessments Prepare for a Compliance Audit.

gcpud21 NERC CIP Workshops 1-1/2 days Help entity identify steps needed to determine if it has critical assets and critical cyber assets under CIP standards. To be held in 9 remaining cities through January 2007 For information and registration go to: 1-1/2 days Help entity identify steps needed to determine if it has critical assets and critical cyber assets under CIP standards. To be held in 9 remaining cities through January 2007 For information and registration go to: ftp://

gcpud22 Acknowledgements Marty Sidor – NERC Director of Education Mark Kuras – NERC – Standards Education Team Dave Dworzak – Edison Electric Institute Marty Sidor – NERC Director of Education Mark Kuras – NERC – Standards Education Team Dave Dworzak – Edison Electric Institute

gcpud23

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.