Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst.

Slides:

Advertisements

Similar presentations

NERC Policies Introduction

Advertisements

Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

NERC Orientation Joint Guidance Committee WECC Leadership

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.

FRCC Fall Compliance Workshop October , 2013

NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.

Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP

Standards Development: Update to IMO Regulatory Standing Committee May 14, 2003.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

NERC and Regional Efforts to Ensure Reliability Dave Nevius, NERC Sr. VP David Cook, NERC VP & General Counsel Louise McCarren, WECC CEO Don Benjamin,

NERC Functional Model AND HOW IT RELATES TO THE ERCOT REGION

1. 11/26/2012: NERC Board of Trustees adopted CIP v5 CIP thru CIP CIP and CIP Version 5 Filing FERC requested filing by 3/31/2013.

BS Information Systems – University of Redlands BS Information Systems – University of Redlands AS Electronic Technology AS Electronic Technology Project.

Jeffery J. Gust IOWA INDUSTRIAL ENERGY GROUP FALL CONFERENCE Tuesday, October 14, 2014 MidAmerican Energy Company.

ERCOT’S COMPLIANCE ASSESSMENT PROGRAM Mark Henry Compliance Manager March 23, 2005.

Electric Power Infrastructure: Status and Challenges for the Future Mark Lauby Director, Reliability Assessments and Performance Analysis.

June 6, 2007 TAC Meeting NERC Registration Issues Andrew Gallo, Assistant General Counsel, Litigation and Business Operations ERCOT Legal Dept.

Mandatory Reliability Rules Implementing the Electric Reliability Organization David W. Hilt Vice President & Director of Compliance APPA Reliability Symposium.

1 FRCC Compliance Organization and Entity Registration 2008 FRCC Compliance Workshop.

Audit & Compliance Tips Jagan Mandavilli Senior Compliance Engineer.

Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.

GOP and QSE Relationship Jeff Whitmer Manager, Compliance Assessments Talk with Texas RE June 25, 2012.

ERCOT Compliance Audits Robert Potts Sr. Reliability Analyst March 23, 2005.

ELECTRICAL CRITICAL INFRASTRUCTURE SECURITY Charles Hookham, P.E., M.ASCE, VP, Utility Projects HDR Engineering 1.

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security

City of Leesburg Electric Department Internal Compliance Program (ICP)

1 Texas Regional Entity Report December Performance Highlights ERCOT’s Control Performance Standard (NERC CPS1) score for October – Initial.

Texas Regional Entity Compliance Report TAC July 9, 2009.

Federal Energy Regulatory Commission June Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

Entity Registration Under EPAct 2005 Public Power Council April 6, 2006 Louise McCarren Chief Executive Officer WECC.

1 Arizona Corporation Commission BTA Workshop Presenter: Steven Cobb May 23, 2008.

Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation - ERO Perspective David R. Nevius and Michael J. Assante 2009 NRC Regulatory.

APPA RELIABILITY STANDARDS & COMPLIANCE SYMPOSIUM Case Study: City Utilities of Springfield, MO January 11, 2007.

Implementing the New Reliability Standards Status of Draft Cyber Security Standards CIP through CIP Larry Bugh ECAR Standard Drafting Team.

January 2008 Texas Regional Entity Report. 2 Performance Highlights ●ERCOT’s Control Performance Standard (NERC CPS1) score for November – ●Scores.

NERC as the ERO Craig Lawrence Manager of Organization Registration, Certification, and Compliance Monitoring.

Texas Regional Entity Update Sam Jones Interim CEO and President Board of Directors July 18, 2006.

May 16, 2007 Board of Directors Texas Regional Entity Division Update Sam R. Jones ERCOT President & CEO.

Actions Affecting ERCOT Resulting From The Northeast Blackout ERCOT Board Of Directors Meeting April 20, 2004 Sam Jones, COO.

1 Texas Regional Entity 2008 Budget Update May 16, 2007.

Overview of WECC and Regulatory Structure

K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.

Status Report for Critical Infrastructure Protection Advisory Group

“NERC Hot Topics” Marc Butts May 9, 2008 Marc Butts May 9, 2008.

Project (COM-001-3) Interpersonal Communications Capabilities Michael Cruz-Montes, CenterPoint Energy Senior Consultant, Policy & Compliance, SDT.

Item 5d Texas RE 2011 Budget Assumptions April 19, Texas RE Preliminary Budget Assumptions Board of Directors and Advisory Committee April 19,

WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.

Generation assets important to the reliable operation of the Bulk Electric System What does this mean?

The Electric Reliability Organization: Getting from here to there. Gerry Cauley Director, Standards ERO Project Manager ERO Slippery Slope NERC Today Uphill.

Standing Up The New Electric Reliability Organization Ellen P. Vancko North American Electric Reliability Council.

COMPLIANCE ROLLOUT Vann Weldon Compliance Training Administrator March 23, 2005 NERC FUNCTIONAL MODEL REVIEW.

COMPLIANCE UPDATE ERCOT ROS Meeting April 9, 2002.

November 2, 2006 LESSONS FROM CIPAG 1 Lessons from Critical Infrastructure Group Bill Bojorquez November 2, 2006.

Texas Regional Entity Report Mark Henry June 6, 2008.

Texas Regional Entity ROS Presentation January 15, 2009 T EXAS RE ROS P RESENTATION J ANUARY 2009.

1 Power System Restoration. 2 Not Active 3 4 Compliance Audit Process APPA E&O Technical Conference – Atlanta April 16, 2007.

October 29, 2012 RARF Workshop 2 Introduction to ERCOT Modeling Process Jay Teixeira Manager, Model Administration.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Black-Start in a Market Howard F. Illian, President Energy Mark, Inc. July 23, 2002.

MOPC Meeting Oct , 2016 Little Rock, AR

NERC Entity Registration and Certification in the ERCOT Region

ERCOT Technical Advisory Committee June 2, 2005

NERC Cyber Security Standards Pre-Ballot Review

Understanding Existing Standards:

NERC Critical Infrastructure Protection Advisory Group (CIP AG)

NERC Cyber Security Standard

The Electric Reliability Organization: Getting from here to there.

Larry Bugh ECAR Standard Drafting Team Chair June 1, 2005

Presentation transcript:

Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst

Cyber Security Standard STANDARD 1200

Standard 1200 Background Urgent Action Cyber Security SAR initiated April, 2003 to identify & protect critical cyber assets WHY? Documented cases of cyber attacks –Several SCADA systems disabled due to virus attacks EMS & SCADA systems moving toward more standard architectures with known vulnerabilities Higher risk of cyber incidents due to insider activities

Standard 1200 Background (cont) Aug 14, 2003 Northeast Blackout –Several entities violated NERC policies and standards –Existing compliance process did not identify and resolve violations –Differing policy and responsibility interpretations –Previous blackout problems repeated –No evidence of terrorist activities, but recognition that the grid is vulnerable.

NERC 1200 Standard The NERC Board of Trustees has adopted this Standard into the NERC Compliance Enforcement Program (Aug 2003) All Control Areas and Reliability Coordinators (ERCOT) within North America are expected to self-certify their compliance in the 1 st quarter of 2005.

The Standard will Apply to the Following Functions (Check box for each one that applies.) Reliability AuthorityEnsures the reliability of the bulk transmission system within its Reliability Authority area. This is the highest reliability authority. Balancing AuthorityIntegrates resource plans ahead of time, and maintains load-interchange-resource balance within its metered boundary and supports system frequency in real time Interchange AuthorityAuthorizes valid and balanced Interchange Schedules Planning AuthorityPlans the bulk electric system Transmission Service Provider Provides transmission services to qualified market participants under applicable transmission service agreements Transmission OwnerOwns transmission facilities Transmission OperatorOperates and maintains the transmission facilities, and executes switching orders Distribution ProviderProvides and operates the “wires” between the transmission system and the customer GeneratorOwns and operates generation unit(s) or runs a market for generation products that performs the functions of supplying energy and Interconnected Operations Services Purchasing-Selling Entity The function of purchasing or selling energy, capacity and all necessary Interconnected Operations Services as required Load-Serving EntitySecures energy and transmission (and related generation services) to serve the end user √ √ √ √ √ √ √

NERC Cyber Security Standard – Cyber Security Policy 1202 – Critical Cyber Assets 1203 – Electronic Security Perimeter 1204 – Electronic Access Controls 1205 – Physical Security Perimeter 1206 – Physical Access Controls 1207 – Personnel 1208 – Monitoring Physical Access

Standard 1200 (cont.) 1209 – Monitoring Electronic Access 1210 – Information Protection 1211 – Training 1212 – Systems Management 1213 – Test Procedures 1214 – Electronic Incident Response Actions 1215 – Physical Incident Response Actions 1216 – Recovery Plans

Standard 1200 Requirements

Standard 1200 Guidelines In most cases the NERC 1200 Standard does not specify the actual required solution. Those decisions have been left up to the asset owners and operators.

Standard 1200 Expectations ERCOT as the Control Area & Reliability Coordinator self-certified in Q1’05 Annual self-certification is required of Control Areas and Reliability Coordinators All owner/operators of SCADA and EMS are expected to be in compliance, but are not required to self-certify! There are no sanctions that can be imposed at this time

STANDARD 1300

Cyber Security 1300 Standard Standard 1200 is set to expire in Aug, 2005 but will be replaced by Standard 1300 The 16 areas of the 1200 Standard have been combined into 8 areas in the 1300 Standard 1300 encompasses all of 1200 and includes additional items

CIP-002 – CIP-009

NERC Conventions NERC is re-organizing it’s Standards naming and numbering conventions Standard 1300 is now part of the CIP (Critical Infrastructure Protection) policy. CIP-002 thru CIP-009 will replace 1301 thru 1308

Summary ERCOT is required to self-certify to the 1200 Standard and has done so FERC is pressing very hard for the industry through NERC to insure there is full compliance with Standard 1200 All entities with SCADA & EMS are expected to comply but are not required to self-certify at this time

What Should I Do? It is very likely that ERCOT Compliance will be asked to audit and enforce CIP policies either through NERC or through ERCOT developed Protocols & Guides 2005 – not likely 2006 – possible 2007 – very likely but……. Don’t wait – be proactive rather than reactive!

NERC Cyber Security Resources Cyber Security Workshop Presentations – NERC Cyber Security 1200 Standard – NERC Cyber Security 1300 Standard – Permanent.htmlwww.nerc.com/~filez/standards/Cyber-Security- Permanent.html NERC Cyber Security Cross-Reference – Permanent.htmlwww.nerc.com/~filez/standards/Cyber-Security- Permanent.html

1300 CIP-002 – CIP CYBER SECURITY STANDARDS Questions????????