Presentation is loading. Please wait.

Presentation is loading. Please wait.

Darren T. Nielsen M.Ad, CPP, CISA, PCI, PSP, CHPP, CBRA, CBRM Senior Compliance Auditor, Cyber & Physical Security V5/FERC Order 822 updates February 25,

Published bySpencer Wilfrid Beasley Modified over 8 years ago

Similar presentations

Presentation on theme: "Darren T. Nielsen M.Ad, CPP, CISA, PCI, PSP, CHPP, CBRA, CBRM Senior Compliance Auditor, Cyber & Physical Security V5/FERC Order 822 updates February 25,"— Presentation transcript:

1 Darren T. Nielsen M.Ad, CPP, CISA, PCI, PSP, CHPP, CBRA, CBRM Senior Compliance Auditor, Cyber & Physical Security V5/FERC Order 822 updates February 25, 2016 San Jose, CA W ESTERN E LECTRICITY C OORDINATING C OUNCIL

2 We get paid for this!! W ESTERN E LECTRICITY C OORDINATING C OUNCIL

3 And this.. W ESTERN E LECTRICITY C OORDINATING C OUNCIL

4 Speaker Intro: Darren T. Nielsen, CPP, CISSP, CISA, CPP, PCI, PSP, CHPP,CBRA 26 years Physical Security Experience – Marine Corps Veteran (PRP) – Retired Law Enforcement Officer – 9 years Critical Infrastructure Protection Program – ASIS Utilities Security Council – Past Chairman – ASIS Physical Security Council – Education: M.Ad. (Leadership Emphasis) w/Distinction - Northern Arizona University – BA- Police Science- Ottawa University (Summa Cum Laude) W ESTERN E LECTRICITY C OORDINATING C OUNCIL

5 Discussion Topics FERC Actions – CIP V5 Revisions – FERC-led Audits CIP-002-5 / CIP-014-2 Self-Certification NERC Standardized CIP Audit Request for Information CIP V5 / V6 Guidance WECC/NERC Outreach Plans 5 W ESTERN E LECTRICITY C OORDINATING C OUNCIL

6 FERC Update – CIP V5 Revisions FERC Approved the CIP V5 Revisions on January 21, 2016 (Order 822). – Removed Identify, Assess, and Correct language – Clarified protections for Low Impact BES Cyber Systems – New Glossary definitions – Accepted NERC’s discussion of the term “communication networks” in lieu of a new Glossary definition – Approved the Implementation Plan, violation risk factors, and violation severity levels 6 W ESTERN E LECTRICITY C OORDINATING C OUNCIL

7 FERC Update – CIP V5 Revisions ORDER 822 directed: – Develop risk-based modifications to the CIP Standards to address FERC’s concerns regarding: Protection for transient electronic devices used at Low Impact BES Cyber Systems Protections for communication links and data communicated between Bulk Electric System Control Centers – Modify the definition of Low Impact External Routable Connectivity (LERC) consistent with the related discussion found in the Guidelines and Technical Basis section of CIP-003-6. 7 W ESTERN E LECTRICITY C OORDINATING C OUNCIL

8 FERC Update – CIP V5 Revisions CIP-006-6 introduces protections for control centers with extended ESPs. Restrict physical access to cabling and other nonprogrammable communication components used for connection between Cyber Assets within the same ESP if those communication links are located outside of a PSP. Where physical access to such communication links is not restricted, implement one or more of the following: – Encryption – Monitoring the status of the communication link and issuing an alarm or alert in response to detected communication failures within 15 minutes of – Equally effective logical control 8 W ESTERN E LECTRICITY C OORDINATING C OUNCIL

9 FERC Update – CIP V5 Revisions CIP-010-2 introduces the management of Transient Cyber Assets and Removable Media (R4). Below are the highlights: Transient Cyber Assets and Removable Media: Are defined as devices connected for 30 days or less to:  A BES Cyber Asset; A network within an ESP; or A Protected Cyber Asset. 9 W ESTERN E LECTRICITY C OORDINATING C OUNCIL

10 FERC Update – CIP V5 Revisions Do not provide BES reliability services and are not part of the BES Cyber Asset to which they are connected Examples include, but are not limited to: Diagnostic test equipment; Packet sniffers; Equipment used for BES Cyber System maintenance; Equipment used for BES Cyber System configuration; Equipment used to perform vulnerability assessments; or Floppy disks, compact disks, USB flash drives, external hard drives, and other flash memory cards/drives that contain nonvolatile memory 10 W ESTERN E LECTRICITY C OORDINATING C OUNCIL

11 FERC Update – CIP V5 Revisions Have different requirements depending on whether they are:  Managed by the Responsible Entity  Managed by a Party Other than the Responsible Entity Requirements include:  Authorized use for individuals/groups and locations  Software vulnerability mitigation  Malicious code mitigation 11 W ESTERN E LECTRICITY C OORDINATING C OUNCIL

12 FERC Update – CIP V5 Revisions Order 822 directed: NERC to complete and submit by April 1, 2017, a study of the efficacy of the remote access protections afforded by the CIP V5 Standards Order 822 deferred further action on Supply Chain Management until after the technical conference held on January 28, 2016. – Free live webcast is archived for three months Free live webcast 12 W ESTERN E LECTRICITY C OORDINATING C OUNCIL

13 FERC Update – CIP V5 Revisions Order 822 is effective 65 days after being published in the Federal Register. Per Paragraph 80 of Order 822, the CIP V5 Revisions will become effective on “the first day of the first calendar quarter that is three months after the effective date of the Commission’s order approving the proposed Reliability Standard (i.e., July 1, 2016).” – Per the Implementation Plan, CIP-003-6, Requirement R1, Part 1.2 and Requirement R2 are enforceable April 1, 2017. – Other new requirements have delayed effective dates. 13 W ESTERN E LECTRICITY C OORDINATING C OUNCIL

14 FERC Update – CIP Revisions 14 W ESTERN E LECTRICITY C OORDINATING C OUNCIL

15 FERC Update – FERC Led Audits Awaiting formal FERC guidance and notification Currently expecting to only be able to do three audits in fiscal year (FY) 2016 (ends 9/30/2016) May perform one audit in last quarter of calendar year 2016 (first quarter FY 2017) 15 W ESTERN E LECTRICITY C OORDINATING C OUNCIL

16 CIP-002-5.1 / CIP-014-2 Self Certification Both are a compliance Self-Certification with data collection (2/1 – 5/2) – NERC-standardized Excel workbook will be used for data collection May use data submission mechanism in webCDMS for data collection – If the Registered Entity responds “yes” to certain questions, WECC will contact the Registered Entity to get additional detail about the identified substations Goal to develop accurate impact of CIPv5/CIP-014 16 W ESTERN E LECTRICITY C OORDINATING C OUNCIL

17 NERC Standardized Request for Information Current version of evidence request and user guide posted on NERC web siteevidence request and user guide – Developed in response to industry concerns about Regional audit consistency – Developed against the CIP V5 Revisions – Seeking industry review and comment – Use is optional – Considering addition of a completed sample using fictitious data 17 W ESTERN E LECTRICITY C OORDINATING C OUNCIL

18 CIP V5 / V6 Guidance Audit Period – Audit period will start no earlier than April 1, 2016 – Audit evidence collection will be for V5/V6 Revisions (depending on Standards in effect at the time) – If V5 non-compliance is found for a Requirement/Part with a mostly compatible V3 predecessor Requirement, the audit team will look at compliance with prior versions to determine the start of the violation Reliability Gaps – Will identify gaps in the Standards as recommendations – Will be discussed separately in the audit report 18 W ESTERN E LECTRICITY C OORDINATING C OUNCIL

19 WECC Outreach Plans WECC/NERC Outreach – Two Low Impact focused Small Group Advisory Sessions for industry hosted by NERC October 6-7 -or- October 25-27 (Atlanta) November 15-17 (location TBD) -Low Impact Conference June 28-29 (TBD) 19 W ESTERN E LECTRICITY C OORDINATING C OUNCIL

20 CIP is a “Ruff” world. W ESTERN E LECTRICITY C OORDINATING C OUNCIL

21 Helpful Resources FERC. (2016 January 26). Order No. 822: Revised Critical Infrastructure Protection Reliability Standards. 18 CFR Part 40: 154 FERC ¶ 61, 037: Docket No. RM15-14-000. Published in Federal Register: Vol. 81, No. 16 (pp. 4177-4191). Retrieved from https://www.gpo.gov/fdsys/pkg/FR-2016-01- 26/pdf/2016-01505.pdf https://www.gpo.gov/fdsys/pkg/FR-2016-01- 26/pdf/2016-01505.pdf 21 W ESTERN E LECTRICITY C OORDINATING C OUNCIL

22 At Your Service Working Groups - Get plugged in! Phone call away We want to help. Always willing to provide our audit approach W ESTERN E LECTRICITY C OORDINATING C OUNCIL

23 Darren T. Nielsen, M.Ad, CPP, CISA, PCI, PSP, CHPP, CBRA, CBRM Senior Compliance Auditor, Cyber Security Western Electricity Coordinating Council 155 North 400 West, Suite 200 Salt Lake City, UT 84103 (801) 857-9134 dnielsen@wecc.biz Questions?

Download ppt "Darren T. Nielsen M.Ad, CPP, CISA, PCI, PSP, CHPP, CBRA, CBRM Senior Compliance Auditor, Cyber & Physical Security V5/FERC Order 822 updates February 25,"

Similar presentations

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.
Federal Energy Regulatory Commission July 20091 Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
Standards Development and Approval Process Steve Rueckert Director of Standards Joint Guidance Committee WECC Leadership Annual Training Session Salt Lake.

Standards Development and Approval Process Steve Rueckert Director of Standards Joint Guidance Committee WECC Leadership Annual Training Session Salt Lake.
NERC Orientation Joint Guidance Committee WECC Leadership

NERC Orientation Joint Guidance Committee WECC Leadership
NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.
Brent Castagnetto, CBRM, CBRA, MABR Manager, Cyber Security Audits

Brent Castagnetto, CBRM, CBRA, MABR Manager, Cyber Security Audits
Keshav Sarin Manager, Compliance Risk Analysis

Keshav Sarin Manager, Compliance Risk Analysis
Key Reliability Standard Spot Check Frank Vick Compliance Team Lead.

Key Reliability Standard Spot Check Frank Vick Compliance Team Lead.
Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.

Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.
Update in NERC CIP Activities September 4, 2014. 2 Update on CIP-014-1 Update on Revisions to CIP Version 5  -x Posting  v6 Posting Questions Agenda.

Update in NERC CIP Activities September 4, Update on CIP Update on Revisions to CIP Version 5  -x Posting  v6 Posting Questions Agenda.
Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)

Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)
Brent Castagnetto Manager, Cyber Security Audits & Investigations Team CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City, UT May 14-15, 2014.

Brent Castagnetto Manager, Cyber Security Audits & Investigations Team CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City, UT May 14-15, 2014.
State of Standards and Standards in Development Sean Cavote, Manager of Standards Development WECC Operating Committee Meeting March 26, 2015.

State of Standards and Standards in Development Sean Cavote, Manager of Standards Development WECC Operating Committee Meeting March 26, 2015.
Compliance Application Notice Process Update and Discussion with NERC MRC.

Compliance Application Notice Process Update and Discussion with NERC MRC.
Darren T. Nielsen, M.Ad., CISA, CPP, PCI, PSP, CBRA, CBRM Senior Compliance Auditor, Cyber Security Salt Lake City, UT Office CIP-006 V3 to CIP-006 V5.

Darren T. Nielsen, M.Ad., CISA, CPP, PCI, PSP, CBRA, CBRM Senior Compliance Auditor, Cyber Security Salt Lake City, UT Office CIP-006 V3 to CIP-006 V5.
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Project 2008-06 Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Bryan J. Carr, PMP, CISA Compliance Auditor, Cyber Security

Bryan J. Carr, PMP, CISA Compliance Auditor, Cyber Security
CIP Version 5 Update OC Meeting November 7, 2013.

CIP Version 5 Update OC Meeting November 7, 2013.

Similar presentations

Ads by Google