Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.

Slides:



Advertisements
Similar presentations
Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
Advertisements

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.
NERC New Approved Standards
Presented to PGDTF February 11, 2015
Key Reliability Standard Spot Check Frank Vick Compliance Team Lead.
Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.
Project Definition of Bulk Electric System & Bulk Electric System Rules of Procedure Development Presenter: Peter Heidrich, FRCC – BES Drafting.
Update in NERC CIP Activities September 4, Update on CIP Update on Revisions to CIP Version 5  -x Posting  v6 Posting Questions Agenda.
Steve Rueckert Director of Standards Standards Update June 5, 2014 Joint Guidance Committee Meeting Salt Lake City, UT.
Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)
Brent Castagnetto Manager, Cyber Security Audits & Investigations Team CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City, UT May 14-15, 2014.
Why TADS Is Needed No systematic transmission outage data collection effort exists for all of North America Energy Information Administration data (Schedule.
Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst.
NRC Cyber Security Regulatory Program Development Background ANSI Nuclear Energy Standards Coordination Collaborative (NESCC) Meeting November 3, 2014November.
Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.
1. 11/26/2012: NERC Board of Trustees adopted CIP v5 CIP thru CIP CIP and CIP Version 5 Filing FERC requested filing by 3/31/2013.
BS Information Systems – University of Redlands BS Information Systems – University of Redlands AS Electronic Technology AS Electronic Technology Project.
CIP Version 5 Update OC Meeting November 7, 2013.
Jeffery J. Gust IOWA INDUSTRIAL ENERGY GROUP FALL CONFERENCE Tuesday, October 14, 2014 MidAmerican Energy Company.
Physical Security CIP NERC Standing Committees December 9-10, 2014.
Homeland Security Conference Symposium on Homeland Security & Defense Christopher Newport University May 18,
Update in NERC CIP Activities June 5, Update on CIP Update on Revisions to CIP Version 5 –BES Cyber Asset Survey –Implementation Plan Questions.
Determine Facility Ratings, SOLs and Transfer Capabilities Paul Johnson Chair of the Determine Facility Ratings Standard Drafting Team An Overview of the.
Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Applying the Distribution System in Grid Restoration/NERC CIP-014 Risk Assessment Srijib Mukherjee, Ph.D., P.E. UC Synergetic.
Federal Energy Regulatory Commission June Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
Standards Update Project Geomagnetic Disturbance Mitigation Kenneth A. Donohoo, Oncor Electric Delivery Co LLC Chairperson, GMD Task Force Presentation.
Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation - ERO Perspective David R. Nevius and Michael J. Assante 2009 NRC Regulatory.
APPA RELIABILITY STANDARDS & COMPLIANCE SYMPOSIUM Case Study: City Utilities of Springfield, MO January 11, 2007.
Implementing the New Reliability Standards Status of Draft Cyber Security Standards CIP through CIP Larry Bugh ECAR Standard Drafting Team.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Project Definition of Bulk Electric System Presenter: Peter Heidrich – Drafting Team Chair Date: March 1, 2011.
PowerWorld & NERC Physical Security Station List.
Actions Affecting ERCOT Resulting From The Northeast Blackout ERCOT Board Of Directors Meeting April 20, 2004 Sam Jones, COO.
1 Texas Regional Entity 2008 Budget Update May 16, 2007.
Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.
Status Report for Critical Infrastructure Protection Advisory Group
July 2008 CPS2 Waiver SDT Technical Workshop for Draft BAL-001-TRE-01 Judith A. James Reliability Standards Manager TRE.
Project System Protection Coordination Requirement revisions to PRC (ii) Texas Reliability Entity NERC Standards Reliability Subcommittee.
Project (COM-001-3) Interpersonal Communications Capabilities Michael Cruz-Montes, CenterPoint Energy Senior Consultant, Policy & Compliance, SDT.
Item 5d Texas RE 2011 Budget Assumptions April 19, Texas RE Preliminary Budget Assumptions Board of Directors and Advisory Committee April 19,
WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.
Reliability Assurance Initiative (RAI) 101 Ben Christensen Senior Compliance Risk Analyst, Cyber Security.
Generation assets important to the reliable operation of the Bulk Electric System What does this mean?
Bill Lewis, Compliance Team Lead NERC Reliability Working Group May 16, 2013 Texas RE Update Talk with Texas RE April 25, 2013.
Project Cyber Security Order 706 Version 5 CIP Standards Potential to Adversely Impact ERCOT Black Start Capability.
Date CIP Standards Update Chris Humphreys Texas RE CIP Compliance.
NERC Project S ystem Protection Coordination - PRC-027​ Presentation to the NSRS Conference Call August 17, 2015 Sam Francis Oncor Electric Delivery.
Employee Privacy at Risk? APPA Business & Financial Conference Austin, TX September 25, 2007 Scott Mix, CISSP Manager of Situation Awareness and Infrastructure.
NERC Project S ystem Protection Coordination - PRC-027​ Presentation to the NSRS Conference Call April 20, 2015 Sam Francis Oncor Electric Delivery.
Projects System Protection Coordination Draft 2 of TOP Texas Reliability Entity NERC Standards Reliability Subcommittee November 2, 2015.
ERCOT Transmission Planning Process Overview and Recommendations November 6, 2002.
Reliability Standards Committee 2009 Scope and Plan Judith James Manager, Reliability Standards.
Reliability Standard TPL Transmission System Planned Performance for Geomagnetic Disturbance Events September 28, 2016 TPL Standard Status.
MOPC Meeting Oct , 2016 Little Rock, AR
Planning Geomagnetic Disturbance Task Force (PGDTF) Update to the ROS
ERCOT Technical Advisory Committee June 2, 2005
NERC Cyber Security Standards Pre-Ballot Review
Understanding Existing Standards:
Larry Bugh ECAR Standard Drafting Team Chair January 2005
Larry Bugh ECAR Standard Drafting Team Chair January 2005
NERC Critical Infrastructure Protection Advisory Group (CIP AG)
Workshop Session 1: Overview
NERC Cyber Security Standard
Workshop Session 1: Overview
Larry Bugh ECAR Standard Drafting Team Chair June 1, 2005
Reliability Assurance Initiative (RAI) 101
Presentation transcript:

Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014

2 CIP Version 5 Revisions NERC Project

2014 Key Dates DateFirst Occurrence Apr SDT Meeting Atlanta, GA May SDT Meeting Columbus, OH Jun 2-17First 45-Day Comment Period & Ballot Aug 29-13Second 45-Day Comment Period & Ballot Oct 31- Nov10Final Ballot Nov 13 Presentation to NERC Board of Trustees for Adoption Dec 31NERC Files Petition with the Applicable Governmental Authorities

Scope Focused on four directives from FERC Order 791 –Identify, Assess, Correct (IAC) – one-year deadline for revisions –Low Impact Assets – no deadline –Communication Networks – one-year deadline for revisions –Transient Devices – no deadline Coordination Coordinating with other NERC initiatives –IAC alignment to Reliability Assurance Initiative (RAI) –May address issues arising from transition study CIP v5 Revisions

CIP v5 Revision Subteams Identify, Assess, Correct Leads: Greg Goodrich, Scott Saunders Support: Maggy Powell, Ryan Stewart Tuesday 1-3 pm (Eastern) Low Impact Assets Leads: Jay Cribb, Forrest Krigbaum Support: Maggy Powell, Marisa Hecht Thursday 1-3 pm (Eastern) Communication Networks Leads: David Revill, David Dockery Support: Phil Huff, Marisa Hecht Tuesday 3-5 pm (Eastern) Transient Devices Leads: Steve Brain, Christine Hasha Support: Phil Huff, Ryan Stewart Thursday 3-5 pm (Eastern)

6 Physical Security: CIP NERC Project

2014 Key Dates DateFirst Occurrence Apr 1 Physical Security Technical Conference Atlanta, GA Apr 2-3 SDT Kickoff Meeting Atlanta, GA April day Formal Comment Period with a 5-day Initial Ballot May day Formal Comment Period with a 5-day Additional Ballot (if necessary) May 2014Final Ballot May 2014BOT Adoption No later than June 5, 2014 File with applicable Regulatory Authorities

Transmission Operator Transmission Owner (TO) that owns any of the following Transmission Facilities (CIP Medium Impact Criteria) –Transmission Facilities operated at 500 kV or higher. –Transmission Facilities that are operating between 200 kV and 499 kV and meeting the "aggregate weighted value" criteria (see table) Applicability Voltage Value of a LineWeight Value per Line less than 200 kV (not applicable) 200 kV to 299 kV kV to 499 kV kV and above0

–Transmission Facilities critical to the derivation of Interconnection Reliability Operating Limits (IROLs) and their associated contingencies –Transmission Facilities identified as essential to meeting Nuclear Plant Interface Requirements Applicability

One or more Reliability Standards addressing: –Risk assessment –Evaluate threats & vulnerabilities –Develop & implement action plan –Protect confidential information –Verified by other entities such as NERC, the relevant Regional Entity, the Reliability Coordinator, or another entity with appropriate expertise Due within 90 days of the date of the order –Order posted to Federal Register on March 14, 2014 Overview of Order

Owners or operators of the Bulk-Power System perform a risk assessment of their systems to identify their “critical facilities.” –Based on objective analysis, technical expertise, and experienced judgment. –Considers resilience of the grid when identifying critical facilities, and the elements that make up those facilities How the system is designed, operated, and maintained Sophistication of recovery plans and inventory management Equipment that typically requires significant time to repair or replace A critical facility is one that, if rendered inoperable or damaged, could have a critical impact on the operation of the interconnection through instability, uncontrolled separation or cascading failures on the Bulk-Power System. Step 1: Risk Assessment

Owners or operators tailor their evaluation to the unique characteristics of the identified critical facilities and the type of attacks that can be realistically contemplated. May vary from facility to facility based on factors such as the facility’s location, size, function, existing protections and attractiveness as a target. May require owners and operators to consult with entities with appropriate expertise as part of this evaluation process. Step 2: Evaluate Threats & Vulnerabilities

Owners or operators of critical facilities develop and implement a security plan designed to protect against attacks to those identified critical facilities Based on the assessment of the potential threats and vulnerabilities to their physical security. Owners or operators of identified critical facilities have a plan that results in an adequate level of protection against the potential physical threats and vulnerabilities they face at the identified critical facilities. Reliability Standards need not dictate specific steps an entity must take to protect against attacks on the identified facilities. Step 3: Security Plan

14 CIP Version 5 Implementation

4/1/2016High Impact BES Cyber Systems 4/1/2016Medium Impact BES Cyber Systems 4/1/2017Low Impact BES Cyber Systems Key Dates – Effective Dates

Key Dates –Recurring Activities DateFirst OccurrenceApplicability 4/16/2016 CIP-007 R4, Part day log review High Impact Medium Impact 5/16/2016 CIP-010 R2, Part day baseline review High Impact 6/1/2016 CIP-004 R4, Part 4.2 Quarterly cyber asset access review High Impact Medium Impact 4/1/2017 CIP-004 R2, Part month cyber security training High Impact Medium Impact 4/1/2017CIP-004 R4, Part month cyber asset access review High Impact Medium Impact

Key Dates – Recurring Activities DateFirst OccurrenceApplicability 4/1/2017 CIP-004 R4, Part month information access review High Impact Medium Impact 4/1/2017 CIP-006 R3, Part month physical security maintenance & testing High Impact Medium Impact 4/1/2017 CIP-008 R2, Part month incident response plan test High Impact Medium Impact 4/1/2017CIP-009 R2, Part month recovery plan non- operational testing High Impact Medium Impact

Key Dates – Recurring Activities DateFirst OccurrenceApplicability 4/1/2017 CIP-009 R2, Part month backup media testing High Impact Medium Impact 4/1/2017 CIP-010 R3, Part month vulnerability assessment High Impact Medium Impact 4/1/2018 CIP-009 R2, Part month full recovery plan operational test High Impact 4/1/2018CIP-010 R3, Part month full active vulnerability assessment High Impact

QUESTIONS

Project Critical Infrastructure Protection Standards Version 5 Revisions – Infrastructure-Protection-Version-5-Revisions.aspxhttp:// Infrastructure-Protection-Version-5-Revisions.aspx Project Physical Security – Security.aspxhttp:// Security.aspx References