Presentation is loading. Please wait.

Presentation is loading. Please wait.

Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.

Published byHugh Walton Modified over 9 years ago

Similar presentations

Presentation on theme: "Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014."— Presentation transcript:

1 Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014

2 2 CIP Version 5 Revisions NERC Project 2014-02

3 2014 Key Dates DateFirst Occurrence Apr 22-24 SDT Meeting Atlanta, GA May 12-14 SDT Meeting Columbus, OH Jun 2-17First 45-Day Comment Period & Ballot Aug 29-13Second 45-Day Comment Period & Ballot Oct 31- Nov10Final Ballot Nov 13 Presentation to NERC Board of Trustees for Adoption Dec 31NERC Files Petition with the Applicable Governmental Authorities

4 Scope Focused on four directives from FERC Order 791 –Identify, Assess, Correct (IAC) – one-year deadline for revisions –Low Impact Assets – no deadline –Communication Networks – one-year deadline for revisions –Transient Devices – no deadline Coordination Coordinating with other NERC initiatives –IAC alignment to Reliability Assurance Initiative (RAI) –May address issues arising from transition study CIP v5 Revisions

5 CIP v5 Revision Subteams Identify, Assess, Correct Leads: Greg Goodrich, Scott Saunders Support: Maggy Powell, Ryan Stewart Tuesday 1-3 pm (Eastern) Low Impact Assets Leads: Jay Cribb, Forrest Krigbaum Support: Maggy Powell, Marisa Hecht Thursday 1-3 pm (Eastern) Communication Networks Leads: David Revill, David Dockery Support: Phil Huff, Marisa Hecht Tuesday 3-5 pm (Eastern) Transient Devices Leads: Steve Brain, Christine Hasha Support: Phil Huff, Ryan Stewart Thursday 3-5 pm (Eastern)

6 6 Physical Security: CIP-014-1 NERC Project 2014-04

7 One or more Reliability Standards addressing: –Risk assessment –Evaluate threats & vulnerabilities –Develop & implement action plan –Protect confidential information –Verified by other entities such as NERC, the relevant Regional Entity, the Reliability Coordinator, or another entity with appropriate expertise Due within 90 days of the date of the order –Order posted to Federal Register on March 14, 2014 Overview of Order

8 Owners or operators of the Bulk-Power System perform a risk assessment of their systems to identify their “critical facilities.” –Based on objective analysis, technical expertise, and experienced judgment. –Considers resilience of the grid when identifying critical facilities, and the elements that make up those facilities How the system is designed, operated, and maintained Sophistication of recovery plans and inventory management Equipment that typically requires significant time to repair or replace A critical facility is one that, if rendered inoperable or damaged, could have a critical impact on the operation of the interconnection through instability, uncontrolled separation or cascading failures on the Bulk-Power System. Step 1: Risk Assessment

9 Owners or operators tailor their evaluation to the unique characteristics of the identified critical facilities and the type of attacks that can be realistically contemplated. May vary from facility to facility based on factors such as the facility’s location, size, function, existing protections and attractiveness as a target. May require owners and operators to consult with entities with appropriate expertise as part of this evaluation process. Step 2: Evaluate Threats & Vulnerabilities

10 Owners or operators of critical facilities develop and implement a security plan designed to protect against attacks to those identified critical facilities Based on the assessment of the potential threats and vulnerabilities to their physical security. Owners or operators of identified critical facilities have a plan that results in an adequate level of protection against the potential physical threats and vulnerabilities they face at the identified critical facilities. Reliability Standards need not dictate specific steps an entity must take to protect against attacks on the identified facilities. Step 3: Security Plan

11 2014 Key Dates DateFirst Occurrence Apr 1 Physical Security Technical Conference Atlanta, GA Apr 2-3SDT Kickoff Meeting Atlanta, GA

12 12 CIP Version 5 Implementation

13 4/1/2016High Impact BES Cyber Systems 4/1/2016Medium Impact BES Cyber Systems 4/1/2017Low Impact BES Cyber Systems Key Dates – Effective Dates

14 Key Dates –Recurring Activities DateFirst OccurrenceApplicability 4/16/2016 CIP-007 R4, Part 4.4 15-day log review High Impact Medium Impact 5/16/2016 CIP-010 R2, Part 2.1 35-day baseline review High Impact 6/1/2016 CIP-004 R4, Part 4.2 Quarterly cyber asset access review High Impact Medium Impact 4/1/2017 CIP-004 R2, Part 2.3 15-month cyber security training High Impact Medium Impact 4/1/2017CIP-004 R4, Part 4.3 15-month cyber asset access review High Impact Medium Impact

15 Key Dates – Recurring Activities DateFirst OccurrenceApplicability 4/1/2017 CIP-004 R4, Part 4.4 15-month information access review High Impact Medium Impact 4/1/2017 CIP-006 R3, Part 3.1 24-month physical security maintenance & testing High Impact Medium Impact 4/1/2017 CIP-008 R2, Part 2.1 15-month incident response plan test High Impact Medium Impact 4/1/2017CIP-009 R2, Part 2.1 15-month recovery plan non- operational testing High Impact Medium Impact

16 Key Dates – Recurring Activities DateFirst OccurrenceApplicability 4/1/2017 CIP-009 R2, Part 2.2 15-month backup media testing High Impact Medium Impact 4/1/2017 CIP-010 R3, Part 3.1 15-month vulnerability assessment High Impact Medium Impact 4/1/2018 CIP-009 R2, Part 2.3 36-month full recovery plan operational test High Impact 4/1/2018CIP-010 R3, Part 3.2 36-month full active vulnerability assessment High Impact

17 QUESTIONS

18 Project 2014-02 Critical Infrastructure Protection Standards Version 5 Revisions –http://www.nerc.com/pa/Stand/Pages/Project-2014-XX-Critical- Infrastructure-Protection-Version-5-Revisions.aspxhttp://www.nerc.com/pa/Stand/Pages/Project-2014-XX-Critical- Infrastructure-Protection-Version-5-Revisions.aspx Project 2014-04 Physical Security –http://www.nerc.com/pa/Stand/Pages/Project-2014-04-Physical- Security.aspxhttp://www.nerc.com/pa/Stand/Pages/Project-2014-04-Physical- Security.aspx References

Download ppt "Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014."

Similar presentations

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.
Federal Energy Regulatory Commission July 20091 Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.
Presented to PGDTF February 11, 2015

Presented to PGDTF February 11, 2015
Key Reliability Standard Spot Check Frank Vick Compliance Team Lead.

Key Reliability Standard Spot Check Frank Vick Compliance Team Lead.
Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.

Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.
Update in NERC CIP Activities September 4, 2014. 2 Update on CIP-014-1 Update on Revisions to CIP Version 5  -x Posting  v6 Posting Questions Agenda.

Update in NERC CIP Activities September 4, Update on CIP Update on Revisions to CIP Version 5  -x Posting  v6 Posting Questions Agenda.
Steve Rueckert Director of Standards Standards Update June 5, 2014 Joint Guidance Committee Meeting Salt Lake City, UT.

Steve Rueckert Director of Standards Standards Update June 5, 2014 Joint Guidance Committee Meeting Salt Lake City, UT.
Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)

Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)
Brent Castagnetto Manager, Cyber Security Audits & Investigations Team CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City, UT May 14-15, 2014.

Brent Castagnetto Manager, Cyber Security Audits & Investigations Team CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City, UT May 14-15, 2014.
State of Standards and Standards in Development Sean Cavote, Manager of Standards Development WECC Operating Committee Meeting March 26, 2015.

State of Standards and Standards in Development Sean Cavote, Manager of Standards Development WECC Operating Committee Meeting March 26, 2015.
Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP 002 - 009 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP 002 - 009.

Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst.

Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst.
NRC Cyber Security Regulatory Program Development Background ANSI Nuclear Energy Standards Coordination Collaborative (NESCC) Meeting November 3, 2014November.

NRC Cyber Security Regulatory Program Development Background ANSI Nuclear Energy Standards Coordination Collaborative (NESCC) Meeting November 3, 2014November.
Project 2008-06 Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1. 11/26/2012: NERC Board of Trustees adopted CIP v5 CIP-002-5 thru CIP-009-5 CIP-010-1 and CIP-011-1 Version 5 Filing FERC requested filing by 3/31/2013.

1. 11/26/2012: NERC Board of Trustees adopted CIP v5 CIP thru CIP CIP and CIP Version 5 Filing FERC requested filing by 3/31/2013.
BS Information Systems – University of Redlands BS Information Systems – University of Redlands AS Electronic Technology AS Electronic Technology Project.

BS Information Systems – University of Redlands BS Information Systems – University of Redlands AS Electronic Technology AS Electronic Technology Project.
CIP Version 5 Update OC Meeting November 7, 2013.

CIP Version 5 Update OC Meeting November 7, 2013.

Similar presentations

Ads by Google