1. WECC COMPLIANCE OUTREACH OPEN WEBINAR
Thursday, September 19, 2013
2:00 pm MT

2. Agenda NERC Transition Guidance on CIP v.5 B. Castagnetto
FERC Approval of RoP Change – TFE update B. Carr
Confirming Scope During CMP Submittal K. Sarin
Registration Tool Taylor Allred
2014 Actively Monitored List K. Israelsson

3. Brent Castagnetto CBRM, CBRA, MABR Manager, Cyber Security Audits & Investigations
CIP Version 5 Transition Guidance
September 2013 Open-Webinar
September 19th 2013

4. Mandatory and Enforceable = V3
The WECC Cyber Security Audit Team will audit to Version 3 of the CIP Standards until such time as:
Version 4 becomes mandatory & enforceable (10/1/14)
FERC provides remand of V4, or approves V5
NERC provides implementation plan guidance on V3 – V5 transition
There will be opportunity to begin preparing for V5
Slide used last month. Now NERC has the guidance so we are talking about it

5. NERC Version 5 Transition Guidance
On April 18th 2013 FERC issued a NOPR proposing to approve CIP V5
Some changes were requested & NERC has responded
On September 5th 2013 NERC provided revised guidance related to CIP Version 5
Transition Period is from 9/5/2013 to V5 mandatory and enforceable date (still unknown)

6. Version 4 / 5 Update
On 7/18/2013, the “Trade Associations” filed a motion to delay the deadline for complying with V4.
FERC granted a six month extension on V4 to 10/1/2014.
Logical conclusion that V5 will be approved before. Intel suggests approval sometime in Q4 of Tea leaves etc

7. CIP Version 5 Transition Guidance
“Prior to the date of mandatory enforcement of CIP Version 5, a Responsible Entity must continue to comply with the CIP Version 3 Standards (CIP through CIP-009-3) during the Transition Period”
An entity may continue to maintain and apply its CIP RBAM during the transition period or it may choose one of two options to identify and document Critical Assets in lieu of maintaining a RBAM (R1) and applying (R2) its CIP RBAM.

8. CIP Version 5 Transition Guidance
On or after April 11th 2013, Registered Entities may choose:
Option 1. Utilize the CIP Version 4 bright-line criteria in its entirety, with the exception of criterion 1.4 (Blackstart Resources) and criterion 1.5 (Cranking Paths), to identify assets subject to the controls in CIP through CIP-009-3, or

9. CIP Version 5 Transition Guidance
On or after September 5th 2013, Registered Entities may choose:
Option 2. Utilize the CIP Version 5 “High” and “Medium” Impact Ratings (see CIP Attachment 1: IRC, pp ) to identify assets subject to the controls in CIP through CIP-009-3

10. CIP Version 5 Transition Guidance
Things to consider:
Entities choosing option 1 or 2 as a valid Critical Asset Identification [CAID] methodology may decide to remove Critical Assets previously identified under a CIP RBAM.
CIP Versions 4 and 5 contain requirements for asset identification that permit certain third parties to designate an asset as critical (Reliability Coordinators, Transmission Planners, Planning Coordinators, or Planning Authorities)

11. CIP Version 5 Transition Guidance
Things to consider:
If option 1 (V4) is selected, be aware of Bright-Line Criteria 1.3, 1.8, 1.9, and 1.10
If option 2 (V5) is selected, be aware of Impact Rating Criteria 2.3, 2.6 and 2.8

12. CIP R3
After the application of one of the two options to identify and document a list of Critical Assets, the entity must use the list of Critical Assets and apply its current CIP R3 Critical Cyber Asset Identification methodology [CCAID] to document a list of Critical Cyber Assets [CCAs] that are essential to the operation of the Critical Asset and meet one of the qualifying connectivity attributes (R3.1-R3.3).
No change from the current CIP R3 process

13. CIP R4
The CIP Senior Manager must also review and approve the list of Critical Assets and the list of Critical Cyber Assets, even if such lists are null, at least annually (R4).
The only change to R4 is annual review and approval of the RBAM will not be required if the entity has chosen option 1 or 2.

14. CIP through CIP-009-3
Based on the results of the application of the chosen CAID methodology, and subsequent application of the CCAID methodology to the list of Critical Assets, if the entity identifies a list of CCAs, the entity must continue to comply with all of CIP through CIP
If the list of CCAs is null, the entity must continue to comply with CIP R1-R4 (with the changes identified above) and CIP R2.

15. CIP Version 5 Transition Guidance
A Responsible Entity must identify the approach it is using for asset identification as part of its response to a pre-Compliance Audit Survey, a pre-Spot Check data request, or as otherwise requested pursuant to the Compliance Monitoring and Enforcement Program
WECC will request information surrounding your approach in the audit / spot check notices in 2014
A good practice to meet this data request is to have the CIP Senior Manager sign and date a statement declaring the entity’s choice of CAID methodology.

16. CIP Version 5 Transition Guidance
Within the Transition Guidance Document there is reference to the CIP Version 5 Study
The study will collect and evaluate data from selected entities regarding implementation of CIP V5
These results will be shared with industry upon completion of the study

17. CIP Version 5 Transition Guidance
What is the purpose of Transition Implementation Study?
Determine compliance and enforcement expectations for the Industry during the transition from v3 to v5
Determine technical challenges or compliance issues that limit the effective compliance to the CIP standards
Improve consistency, transparency and awareness of the newly approved CIP standards

18. CIP Version 5 Transition Timeline

19. How will WECC Prepare for V5?
WECC will provide significant outreach beginning at the September CIP-101 and throughout 2014 on the CIP Version 5 audit approach.
Two Day outreach events will be held in various locations around the western interconnection to facilitate in person attendance.
February 5-6 & March
Open webinar and CIPUG events will be used to advise WECC entities

20. References References used in this presentation
FERC Notice of Proposed Rulemaking (NOPR) on CIP Version 5
Trade Associations Request
FERC Notice Granting Extension Of Time
NERC V5 Transition Guidance

21. WECC CIP-002 Subject Matter Experts
Dr. Joe Baugh
(M)
(O)
Bryan Carr
(O)  
(M)  

22. Questions? Brent Castagnetto CBRM, CBRA, MABR
Manager, Cyber Security Audits & Investigations O: M:

23. Bryan Carr PMP, CISA Compliance Auditor – Cyber Security
TFE Update – Revised Appendix 4D
September 2013 Open Webinar
September 19, 2013

24. FERC Approved Appendix 4D
FERC Docket No. RR – Sep. 3, 2013
Order approving proposed revisions to Appendix 4D of the NERC Rules of Procedure
Two items require response from NERC
Timing of submitting Material Change Reports
Annual reports to FERC
Industry comments on changes due Oct. 31, 2013
Detailed Summary of Proposed Revisions
Redline Version of Appendix 4D

25. Who moved my cheese?
Changes required to accommodate the revised process:
WebCDMS fields, workflow, and other processes
How you track, manage, and update TFEs and their associated Cyber Assets

26. TFEs – Interim Steps
Read, re-read, and then read again revised Appendix 4D
Until updates to webCDMS and other processes are complete, prepare to track TFEs and associated devices in spreadsheet or database
WECC continues to work with NERC and will work with you during this transition process
CIPUG Anaheim October 24, 2013 – presentation with additional details
Briefly review CIP 008 requirements

27. For More Information… FERC Order: NERC Documents: WECC Presentations:
NERC Documents:
WECC Presentations:

28. Questions? Bryan Carr PMP, CISA Compliance Auditor – Cyber Security
Western Electricity Coordinating Council
155 N 400 W, Suite 200
Salt Lake City, UT 84103

29. Keshav Sarin Manager, Enforcement O&P and CIP
Confirming Scope during CMP submittal
September 19, 2013

30. What’s a CMP? Completed Mitigation Plan
Includes evidence that all actions identified in the Mitigation Plan were completed

31. Confirming Violation Scope
We always ensure the complete scope of a violation has been identified
Violation Review
Mitigation Plan Review

32. What’s New?
During CMP submittal, please include a brief statement that the scope of the violation has not changed.
E.g. The scope of this violation has not changed since the mitigation plan was accepted by WECC

33. Questions? Keshav Sarin Manager, Enforcement O&P and CIP
(801)

34. Taylor Allred Associate Compliance Process Analyst
Registration Tracking System
September 19, 2013
Compliance Open Webinar

35. Registration Tracking System
Benefits of the Registration Tracking System
Detailed registration form and document upload
Reduce process cycle time
Eliminate repetitive data entry
Provide automated communications to registrants helping to improve customer service

36. Types of Registration Requests
Types of Registration Requests submitted through the new Registration Form
New Registrations
Functional Change Registrations
Transfer of Assets
Foot Print Changes
Deactivations
Legal Name Changes

37. Where is the WECC Registration Web Page?

38. Where is the New Form Located?

39. Registration Request Web Page

40. You will Need a WECC Website Account to Access the Registration Form

41. Registration Tracking System Implementation Timeline
Date
Description
Location
October 23, 2013
Registration Tool Overview
CUG
October 29, :00 PM (MDT)
Registration User Training
Webinar
November 1, 2013
All Registration Requests are required to be submitted via the new form
N/A

42. Questions? Taylor Allred Associate Compliance Process Analyst

43. Kim Israelsson Lead Compliance Data Analyst
2014 Actively Monitored List
September 19, 2013

44. Questions? Laura Scholl Managing Director of Stakeholder Outreach