Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Remote Access Update ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Lew Folkerth, Senior Engineer - Compliance.

Published byErick Gaines Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Remote Access Update ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Lew Folkerth, Senior Engineer - Compliance."— Presentation transcript:

1 1 Remote Access Update ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Lew Folkerth, Senior Engineer - Compliance

2 Activity Since Previous Webinar CAN-0005 Posted 6/22; Revised 7/6 “Identifying Critical Cyber Assets” approved by SC for posting 8/12 CIP-002-3 R3 RFI Posted for Comment 9/8 CIP-005-4 Posted for Initial Ballot 9/17 CIP-002-4 Posted for Comment 9/20 Guidance Document: “Secure Remote Access” Posted 9/21 2

3 CAN-0005 Available at: http://www.nerc.com/files/CAN- 0005_6Jul2010_CIP-002-3%20R3.pdfhttp://www.nerc.com/files/CAN- 0005_6Jul2010_CIP-002-3%20R3.pdf “System operator laptops with the capability and purpose of controlling Bulk Electric System assets remotely (whether in normal operations or in emergencies) should be designated as CCAs under CIP-002-3 Requirement R3.” Does not change audit practice for RFC audit teams – this is what we’ve been doing 3

4 “Identifying Critical Cyber Assets” Available at: http://www.nerc.com/fileUploads/File/Standards/Critcal% 20Cyber%20Asset_approved%20by%20CIPCl%20and %20SC%20for%20Posting%20with%20CIP-002- 1,%20CIP-002-2,%20CIP-002-3.pdf http://www.nerc.com/fileUploads/File/Standards/Critcal% 20Cyber%20Asset_approved%20by%20CIPCl%20and %20SC%20for%20Posting%20with%20CIP-002- 1,%20CIP-002-2,%20CIP-002-3.pdf Guidance (not a standard) on how to identify CCAs Approved by NERC BoT Standards Committee for posting as a reference document 4

5 CIP-002-3 R3 RFI Available at: http://www.nerc.com/docs/standards/sar/Interpre tation_2010-INT-05_Duke_RFI_CIP- 002_R3.docx http://www.nerc.com/docs/standards/sar/Interpre tation_2010-INT-05_Duke_RFI_CIP- 002_R3.docx Examples list in R3 is not prescriptive “The phrase ‘essential to the operation of the Critical Asset’ means that the Critical Cyber Asset is used to perform a function essential to the operation of the Critical Asset.” 5

6 CIP-005-4 Available Through Project 2010-15 Page: http://www.nerc.com/filez/standards/SAR- Urgent_Action_Revisions%20to%20CIP-005-3.html http://www.nerc.com/filez/standards/SAR- Urgent_Action_Revisions%20to%20CIP-005-3.html Removes old R2.4; R2.5 -> R2.4; R2.6 -> R2.5 Adds R6, “Remote Access Controls,” with four sub-requirements: R6.1: Procedural controls to authorize remote access R6.2: Technical controls for authorized remote access R6.3: Restrict protocols permitted R6.4: Implement an intermediate device 6

7 CIP-002-4 Available Through 706 Phase II Page: http://www.nerc.com/filez/standards/Project_200 8-06_Cyber_Security_PhaseII_Standards.html http://www.nerc.com/filez/standards/Project_200 8-06_Cyber_Security_PhaseII_Standards.html Completely changes the way in which Critical Assets are identified: Does away with risk-based assessment methodology Attachment 1 adds 16 criteria for determining Critical Assets 7

8 “Secure Remote Access” Available at: http://www.nerc.com/docs/standards/sar/S ecure_Remote_Access_Reference_Docu ment.pdf http://www.nerc.com/docs/standards/sar/S ecure_Remote_Access_Reference_Docu ment.pdf Addresses access for “maintenance and support” Based on issues raised in CIP Awareness Bulletin on VPNs (3/31/2010, FOUO) 8

9 Questions Questions should be emailed to Karen Yoder (karen.yoder@rfirst.org) Subject: “CIP WEBINAR”karen.yoder@rfirst.org Questions will be considered in the order they are received Clarifying questions are welcome and we will do our best to answer during the question period Challenges to a position should be addressed to the presenter and will be taken offline

Download ppt "1 Remote Access Update ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Lew Folkerth, Senior Engineer - Compliance."

Similar presentations

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.
2004 NERC, NPCC & New England Compliance Programs John Norden Manager, Operations Training, Documentation & Compliance August 31, 2003 RC Meeting.

2004 NERC, NPCC & New England Compliance Programs John Norden Manager, Operations Training, Documentation & Compliance August 31, 2003 RC Meeting.
Federal Energy Regulatory Commission July 20091 Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
Document Categorization Steve Ashbaker Director of Operations Joint Guidance Committee WECC Leadership Annual Training Session Salt Lake City, UT May 6-7,

Document Categorization Steve Ashbaker Director of Operations Joint Guidance Committee WECC Leadership Annual Training Session Salt Lake City, UT May 6-7,
NERC Orientation Joint Guidance Committee WECC Leadership

NERC Orientation Joint Guidance Committee WECC Leadership
Brent Castagnetto, CBRM, CBRA, MABR Manager, Cyber Security Audits

Brent Castagnetto, CBRM, CBRA, MABR Manager, Cyber Security Audits
CIP Version 5 Transition Guidance September 2013 Open-Webinar

CIP Version 5 Transition Guidance September 2013 Open-Webinar
Office of Special Education & Early Intervention Services What happens after Focused Monitoring? -

Office of Special Education & Early Intervention Services What happens after Focused Monitoring? -
STATUS OF BULK ELECTRIC SYSTEM DEFINITION PROJECT

STATUS OF BULK ELECTRIC SYSTEM DEFINITION PROJECT
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
Q1 Q – The data retention period for Standards CIP-002 to CIP-009 versions 2 and 3 state: “The Responsible Entity shall keep all documentation and records.

Q1 Q – The data retention period for Standards CIP-002 to CIP-009 versions 2 and 3 state: “The Responsible Entity shall keep all documentation and records.
Update in NERC CIP Activities September 4, 2014. 2 Update on CIP-014-1 Update on Revisions to CIP Version 5  -x Posting  v6 Posting Questions Agenda.

Update in NERC CIP Activities September 4, Update on CIP Update on Revisions to CIP Version 5  -x Posting  v6 Posting Questions Agenda.
Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)

Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)
1 Hot Topics in the CIP Standards First Quarter 2010 Dial-in Number: 877-309-4265 Meeting ID: 1299 Password: 123789  If possible, please consolidate your.

1 Hot Topics in the CIP Standards First Quarter 2010 Dial-in Number: Meeting ID: 1299 Password:  If possible, please consolidate your.
State of Standards and Standards in Development Sean Cavote, Manager of Standards Development WECC Operating Committee Meeting March 26, 2015.

State of Standards and Standards in Development Sean Cavote, Manager of Standards Development WECC Operating Committee Meeting March 26, 2015.
1 Compliance Guidance for Initial Compliance Review Dates Lew Folkerth 2Q2010 Webinar June 22, 2010.

1 Compliance Guidance for Initial Compliance Review Dates Lew Folkerth 2Q2010 Webinar June 22, 2010.
RFC Webinar June 17, 2009 Presented By: Mark Kuras Chair, UFLS SDT.

RFC Webinar June 17, 2009 Presented By: Mark Kuras Chair, UFLS SDT.
Cyber Security Plan Implementation Presentation to CMBG Glen Frix, Duke Energy June 20, 2010 1.

Cyber Security Plan Implementation Presentation to CMBG Glen Frix, Duke Energy June 20,
Project 2008-06 Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Similar presentations

Ads by Google