Presentation is loading. Please wait.

Presentation is loading. Please wait.

Federal Energy Regulatory Commission July 20091 Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

Similar presentations


Presentation on theme: "Federal Energy Regulatory Commission July 20091 Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal."— Presentation transcript:

1 Federal Energy Regulatory Commission July 20091 Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal Energy Regulatory Commission

2 July 20092 The views expressed in this presentation do not represent the views of the Federal Energy Regulatory Commission or of the United States Disclaimer

3 Federal Energy Regulatory Commission July 20093 Increased Cyber Security Concerns Automation & Data Gathering Connectivity of Control Systems –To Corporate Computers –To Vendors Use of Wireless Communications Interest of –Nation States – the equalizer –Hackers –Criminals –To Internet –To Remote Maintenance

4 Federal Energy Regulatory Commission July 20094 Cyber Security and Reliability Standards Historically – Voluntary Standards Urgent Action Standard 1200 –Voluntary –Adopted by NERC Summit 2003 –Replaced by CIP-002-1 thru CIP-009-1, June 2006

5 Federal Energy Regulatory Commission July 20095 Enforcement of Reliability Standards Western Electricity Coordinating Council Midwest Reliability Organization Southwest Power Pool, Inc Electric Reliability Council of Texas Northeast Power Coordinating Council Reliability First Corp SERC Reliability Corp. Florida Reliability Coordination Council NERC has regional delegation agreements with 8 Regional Entities

6 Federal Energy Regulatory Commission July 20096 Standards Development Process Standard Authorization Request Drafting Team Formed Proposed Standard Developed Comments Solicited Ballot –Quorum: 75% of Ballot Pool –Approval: 2/3 of Weighted Segment Votes Re-ballot? Board of Trustees Approval FERC & Canadian Approvals (w/ Public Comments)

7 Federal Energy Regulatory Commission July 20097 CIP Standards Continued I. Management involvement Security of sensitive information Cyber security training Personnel risk

8 Federal Energy Regulatory Commission July 20098 CIP Standards Continued II. Physical security of critical cyber assets Change control Access control Electronic security perimeters Critical Assets - Facilities, systems, and equipment which, if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the Bulk Electric System.

9 Federal Energy Regulatory Commission July 20099 FERC Approval of CIP Standards Order No. 706 January 18, 2008 Required many modifications –Critical Asset identification – required a wide-area oversight –Exceptions to Compliance – required oversight & approval mechanism –Reasonable Business Judgment language – required removal –Defense in Depth –Revoke Access Authorization

10 Federal Energy Regulatory Commission July 200910 Order No. 706 Modifications Phase I (Version 2 of CIP Standards) Low-hanging fruit Reasonable Business Judgment language removed Approved by Ballot Body & NERC BoT Filed with FERC May 22 Expect two more phases

11 Federal Energy Regulatory Commission July 200911 Proposed Policy Statement and Action Plan March 19, 2009 Docket No. PL09-4-000 Ultimately: Prioritize development of key interoperability standards Provide guidance on cyber security Provide interim rate policy

12 Federal Energy Regulatory Commission July 200912 Proposed Smart Grid Policy A smarter grid would permit two-way communication between the electric system and a much larger number of devices located outside of controlled utility environments Interoperability standards and protocols leave no gaps in cyber or physical security

13 Federal Energy Regulatory Commission July 200913 Proposed Smart Grid Policy Maintain compliance with Commission-approved Reliability Standards Technologies must address: –Integrity of data –Authentication of communications –Logging of all modifications – none unauthorized –Physical protection of devices –Potential impact of unauthorized use of devices


Download ppt "Federal Energy Regulatory Commission July 20091 Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal."

Similar presentations


Ads by Google