Presentation is loading. Please wait.

Presentation is loading. Please wait.

Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.

Published byJocelyn Booth Modified over 8 years ago

Similar presentations

Presentation on theme: "Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014."— Presentation transcript:

1 Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014

2 2 CIP Version 5 Revisions NERC Project 2014-02

3 2014 Key Dates DateFirst Occurrence Apr 22-24 SDT Meeting Atlanta, GA May 12-14 SDT Meeting Columbus, OH Jun 2-17First 45-Day Comment Period & Ballot Aug 29-13Second 45-Day Comment Period & Ballot Oct 31- Nov10Final Ballot Nov 13 Presentation to NERC Board of Trustees for Adoption Dec 31NERC Files Petition with the Applicable Governmental Authorities

4 Scope Focused on four directives from FERC Order 791 –Identify, Assess, Correct (IAC) – one-year deadline for revisions –Low Impact Assets – no deadline –Communication Networks – one-year deadline for revisions –Transient Devices – no deadline Coordination Coordinating with other NERC initiatives –IAC alignment to Reliability Assurance Initiative (RAI) –May address issues arising from transition study CIP v5 Revisions

5 CIP v5 Revision Subteams Identify, Assess, Correct Leads: Greg Goodrich, Scott Saunders Support: Maggy Powell, Ryan Stewart Tuesday 1-3 pm (Eastern) Low Impact Assets Leads: Jay Cribb, Forrest Krigbaum Support: Maggy Powell, Marisa Hecht Thursday 1-3 pm (Eastern) Communication Networks Leads: David Revill, David Dockery Support: Phil Huff, Marisa Hecht Tuesday 3-5 pm (Eastern) Transient Devices Leads: Steve Brain, Christine Hasha Support: Phil Huff, Ryan Stewart Thursday 3-5 pm (Eastern)

6 6 Physical Security: CIP-014-1 NERC Project 2014-04

7 2014 Key Dates DateFirst Occurrence Apr 1 Physical Security Technical Conference Atlanta, GA Apr 2-3 SDT Kickoff Meeting Atlanta, GA April 201415-day Formal Comment Period with a 5-day Initial Ballot May 201410-day Formal Comment Period with a 5-day Additional Ballot (if necessary) May 2014Final Ballot May 2014BOT Adoption No later than June 5, 2014 File with applicable Regulatory Authorities

8 Transmission Operator Transmission Owner (TO) that owns any of the following Transmission Facilities (CIP-002-5 Medium Impact Criteria) –Transmission Facilities operated at 500 kV or higher. –Transmission Facilities that are operating between 200 kV and 499 kV and meeting the "aggregate weighted value" criteria (see table) Applicability Voltage Value of a LineWeight Value per Line less than 200 kV (not applicable) 200 kV to 299 kV700 300 kV to 499 kV1300 500 kV and above0

9 –Transmission Facilities critical to the derivation of Interconnection Reliability Operating Limits (IROLs) and their associated contingencies –Transmission Facilities identified as essential to meeting Nuclear Plant Interface Requirements Applicability

10 One or more Reliability Standards addressing: –Risk assessment –Evaluate threats & vulnerabilities –Develop & implement action plan –Protect confidential information –Verified by other entities such as NERC, the relevant Regional Entity, the Reliability Coordinator, or another entity with appropriate expertise Due within 90 days of the date of the order –Order posted to Federal Register on March 14, 2014 Overview of Order

11 Owners or operators of the Bulk-Power System perform a risk assessment of their systems to identify their “critical facilities.” –Based on objective analysis, technical expertise, and experienced judgment. –Considers resilience of the grid when identifying critical facilities, and the elements that make up those facilities How the system is designed, operated, and maintained Sophistication of recovery plans and inventory management Equipment that typically requires significant time to repair or replace A critical facility is one that, if rendered inoperable or damaged, could have a critical impact on the operation of the interconnection through instability, uncontrolled separation or cascading failures on the Bulk-Power System. Step 1: Risk Assessment

12 Owners or operators tailor their evaluation to the unique characteristics of the identified critical facilities and the type of attacks that can be realistically contemplated. May vary from facility to facility based on factors such as the facility’s location, size, function, existing protections and attractiveness as a target. May require owners and operators to consult with entities with appropriate expertise as part of this evaluation process. Step 2: Evaluate Threats & Vulnerabilities

13 Owners or operators of critical facilities develop and implement a security plan designed to protect against attacks to those identified critical facilities Based on the assessment of the potential threats and vulnerabilities to their physical security. Owners or operators of identified critical facilities have a plan that results in an adequate level of protection against the potential physical threats and vulnerabilities they face at the identified critical facilities. Reliability Standards need not dictate specific steps an entity must take to protect against attacks on the identified facilities. Step 3: Security Plan

14 14 CIP Version 5 Implementation

15 4/1/2016High Impact BES Cyber Systems 4/1/2016Medium Impact BES Cyber Systems 4/1/2017Low Impact BES Cyber Systems Key Dates – Effective Dates

16 Key Dates –Recurring Activities DateFirst OccurrenceApplicability 4/16/2016 CIP-007 R4, Part 4.4 15-day log review High Impact Medium Impact 5/16/2016 CIP-010 R2, Part 2.1 35-day baseline review High Impact 6/1/2016 CIP-004 R4, Part 4.2 Quarterly cyber asset access review High Impact Medium Impact 4/1/2017 CIP-004 R2, Part 2.3 15-month cyber security training High Impact Medium Impact 4/1/2017CIP-004 R4, Part 4.3 15-month cyber asset access review High Impact Medium Impact

17 Key Dates – Recurring Activities DateFirst OccurrenceApplicability 4/1/2017 CIP-004 R4, Part 4.4 15-month information access review High Impact Medium Impact 4/1/2017 CIP-006 R3, Part 3.1 24-month physical security maintenance & testing High Impact Medium Impact 4/1/2017 CIP-008 R2, Part 2.1 15-month incident response plan test High Impact Medium Impact 4/1/2017CIP-009 R2, Part 2.1 15-month recovery plan non- operational testing High Impact Medium Impact

18 Key Dates – Recurring Activities DateFirst OccurrenceApplicability 4/1/2017 CIP-009 R2, Part 2.2 15-month backup media testing High Impact Medium Impact 4/1/2017 CIP-010 R3, Part 3.1 15-month vulnerability assessment High Impact Medium Impact 4/1/2018 CIP-009 R2, Part 2.3 36-month full recovery plan operational test High Impact 4/1/2018CIP-010 R3, Part 3.2 36-month full active vulnerability assessment High Impact

19 QUESTIONS

20 Project 2014-02 Critical Infrastructure Protection Standards Version 5 Revisions –http://www.nerc.com/pa/Stand/Pages/Project-2014-XX-Critical- Infrastructure-Protection-Version-5-Revisions.aspxhttp://www.nerc.com/pa/Stand/Pages/Project-2014-XX-Critical- Infrastructure-Protection-Version-5-Revisions.aspx Project 2014-04 Physical Security –http://www.nerc.com/pa/Stand/Pages/Project-2014-04-Physical- Security.aspxhttp://www.nerc.com/pa/Stand/Pages/Project-2014-04-Physical- Security.aspx References

Download ppt "Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014."

Similar presentations

Federal Energy Regulatory Commission July 20091 Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.
NERC New Approved Standards

NERC New Approved Standards
Presented to PGDTF February 11, 2015

Presented to PGDTF February 11, 2015
Key Reliability Standard Spot Check Frank Vick Compliance Team Lead.

Key Reliability Standard Spot Check Frank Vick Compliance Team Lead.
Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.

Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.
Project 2010-17 Definition of Bulk Electric System & Bulk Electric System Rules of Procedure Development Presenter: Peter Heidrich, FRCC – BES Drafting.

Project Definition of Bulk Electric System & Bulk Electric System Rules of Procedure Development Presenter: Peter Heidrich, FRCC – BES Drafting.
Update in NERC CIP Activities September 4, 2014. 2 Update on CIP-014-1 Update on Revisions to CIP Version 5  -x Posting  v6 Posting Questions Agenda.

Update in NERC CIP Activities September 4, Update on CIP Update on Revisions to CIP Version 5  -x Posting  v6 Posting Questions Agenda.
Steve Rueckert Director of Standards Standards Update June 5, 2014 Joint Guidance Committee Meeting Salt Lake City, UT.

Steve Rueckert Director of Standards Standards Update June 5, 2014 Joint Guidance Committee Meeting Salt Lake City, UT.
Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)

Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)
Brent Castagnetto Manager, Cyber Security Audits & Investigations Team CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City, UT May 14-15, 2014.

Brent Castagnetto Manager, Cyber Security Audits & Investigations Team CIP v5 Implementation Guidance CIP v5 Roadshow Salt Lake City, UT May 14-15, 2014.
Why TADS Is Needed No systematic transmission outage data collection effort exists for all of North America Energy Information Administration data (Schedule.

Why TADS Is Needed No systematic transmission outage data collection effort exists for all of North America Energy Information Administration data (Schedule.
Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP 002 - 009 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP 002 - 009.

Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst.

Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst.
NRC Cyber Security Regulatory Program Development Background ANSI Nuclear Energy Standards Coordination Collaborative (NESCC) Meeting November 3, 2014November.

NRC Cyber Security Regulatory Program Development Background ANSI Nuclear Energy Standards Coordination Collaborative (NESCC) Meeting November 3, 2014November.
Project 2008-06 Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.
1. 11/26/2012: NERC Board of Trustees adopted CIP v5 CIP-002-5 thru CIP-009-5 CIP-010-1 and CIP-011-1 Version 5 Filing FERC requested filing by 3/31/2013.

1. 11/26/2012: NERC Board of Trustees adopted CIP v5 CIP thru CIP CIP and CIP Version 5 Filing FERC requested filing by 3/31/2013.
BS Information Systems – University of Redlands BS Information Systems – University of Redlands AS Electronic Technology AS Electronic Technology Project.

BS Information Systems – University of Redlands BS Information Systems – University of Redlands AS Electronic Technology AS Electronic Technology Project.
CIP Version 5 Update OC Meeting November 7, 2013.

CIP Version 5 Update OC Meeting November 7, 2013.

Similar presentations

Ads by Google