WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

Slides:



Advertisements
Similar presentations
Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
Advertisements

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.
Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.
Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.
Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)
Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP
Prepared for: DISA September 17, 2003 Establishing a Government Information Security System Presented to the IT AND COMMUNICATIONS SYSTEMS SECURITY CONFERENCE.
Standards Development: Update to IMO Regulatory Standing Committee May 14, 2003.
Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst.
Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
NERC and Regional Efforts to Ensure Reliability Dave Nevius, NERC Sr. VP David Cook, NERC VP & General Counsel Louise McCarren, WECC CEO Don Benjamin,
Critical Infrastructure Interdependencies H. Scott Matthews March 30, 2004.
Jeffery J. Gust IOWA INDUSTRIAL ENERGY GROUP FALL CONFERENCE Tuesday, October 14, 2014 MidAmerican Energy Company.
Physical Security CIP NERC Standing Committees December 9-10, 2014.
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.
Cyber Security Standard Workshop Status of Draft Cyber Security Standards Larry Bugh ECAR Standard Drafting Team Chair January 2005.
+ PROJECT BACKGROUND: KENYA THE NEED FOR CONSUMER PARTICIPATION IN THE REFORMS PROCESS OF THE ELECTRICTY SUB-SECTOR Susanne Rabisch, CUTS Nairobi.
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
Homeland Security Conference Symposium on Homeland Security & Defense Christopher Newport University May 18,
Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.
GOP and QSE Relationship Jeff Whitmer Manager, Compliance Assessments Talk with Texas RE June 25, 2012.
ELECTRICAL CRITICAL INFRASTRUCTURE SECURITY Charles Hookham, P.E., M.ASCE, VP, Utility Projects HDR Engineering 1.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Federal Energy Regulatory Commission June Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation - ERO Perspective David R. Nevius and Michael J. Assante 2009 NRC Regulatory.
Implementing the New Reliability Standards Status of Draft Cyber Security Standards CIP through CIP Larry Bugh ECAR Standard Drafting Team.
CIPC Executive Committee Update CIPC Meeting Denver CO September 29, 2005 Stuart Brindley CIPC Chair Public Release.
Actions Affecting ERCOT Resulting From The Northeast Blackout ERCOT Board Of Directors Meeting April 20, 2004 Sam Jones, COO.
Supervision of Information Security and Technology Risk Barbara Yelcich, Federal Reserve Bank of New York Presentation to the World Bank September 10,
Overview of WECC and Regulatory Structure
K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.
Status Report for Critical Infrastructure Protection Advisory Group
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
Role for Electric Sector in Critical Infrastructure Protection R&D Presented to NERC CIPC Washington D.C. June 9, 2005 Bill Muston Public Release.
Project (COM-001-3) Interpersonal Communications Capabilities Michael Cruz-Montes, CenterPoint Energy Senior Consultant, Policy & Compliance, SDT.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.
Generation assets important to the reliable operation of the Bulk Electric System What does this mean?
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
September 25, 2008 Public ERCOT Critical Infrastructure Protection Advisory Group (CIP AG) TASOR TF Update Jim Brenton, CISSP CISM Director of Security.
Project – Alignment of Terms WECC Joint Meeting July 15, 2015.
Governor’s Office of Homeland Security & Emergency Preparedness LOUISIANA BANKERS ASSOCIATION 2010 Louisiana Emergency Preparedness Coalition Meetings.
NERC and ESISAC Electricity Sector Information Sharing and Analysis Center Update March 2006 CIPC Confidentiality: Public Release.
November 2, 2006 LESSONS FROM CIPAG 1 Lessons from Critical Infrastructure Group Bill Bojorquez November 2, 2006.
What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.
1 Thoughts on ERCOT-Wide Critical Infrastructure Protection Committee Bill Muston October 31, 2006.
Grid Operations Report To ERCOT Board Of Directors December 16, 2003 Sam Jones, COO.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
ERCOT IT Update Ken Shoquist VP, CIO Information Technology Board Meeting February 2004.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
March 23, 2015 Missouri Public Service Commission | Jefferson City, MO.
Aaron Clark-Ginsberg and Rebecca Slayton
Agenda Control systems defined
ERCOT Technical Advisory Committee June 2, 2005
I have many checklists: how do I get started with cyber security?
NERC Cyber Security Standards Pre-Ballot Review
Understanding Existing Standards:
Larry Bugh ECAR Standard Drafting Team Chair January 2005
Larry Bugh ECAR Standard Drafting Team Chair January 2005
Role for Electric Sector in Critical Infrastructure Protection R&D
NERC Critical Infrastructure Protection Advisory Group (CIP AG)
NERC Cyber Security Standard
Larry Bugh ECAR Standard Drafting Team Chair June 1, 2005
CIPC Executive Committee Update
Cyber Security in a Risk Management Framework
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard

WebCast 5 May 2003 AGENDA Why A Cyber Security Standard Is Needed Why Initiate An Urgent Action Standard Scope Of The Proposed Cyber Security Standard What Is Not In The Scope Compliance The Future For The Cyber Security Standard Q&A

WebCast 5 May 2003 Why A Cyber Security Standard Is Needed Due Diligence Responsibility to Stakeholders Responsibility to Interdependent Critical Infrastructures Industry Defined Practices If the Electricity Sector is not able to self- regulate, the federal government will regulate for us.

WebCast 5 May 2003 Why Initiate An Urgent Action Standard There has been a rapid increase in the number of reported cyber security incidents January 2003 SQL Slammer Worm Impacted Electricity Sector organizations March 2003 Federal Advisory regarding foreign attack scenarios Weakest Link Principle - The bulk electric system is highly inter- connected, a vulnerability for one can be a vulnerability for all

WebCast 5 May 2003 Why Initiate An Urgent Action Standard “A spectrum of malicious actors can and do conduct attacks against our critical information infrastructures. Of primary concern is the threat of organized cyber attacks capable of causing debilitating disruption to our Nation’s critical infrastructures, economy, or national security.” The National Strategy to Secure Cyberspace, The President’s Critical Infrastructure Protection Board, February 2003

WebCast 5 May 2003 Scope Of The Proposed Standard Applies to Reliability Authority, Balancing Authority, Interchange Authority, Transmission Service Provider, Transmission Operator, Generator, or Load-Serving Entity functions that manage Critical Cyber Assets. Critical Cyber Assets are those computers, including software and data, and communication networks that support, operate, or otherwise interact with the bulk electric system operations.

WebCast 5 May 2003 Scope Of The Proposed Standard Requires: Establishing a Cyber Security Program Policy and Procedures Identify Accountable Management Identifying/Documenting Critical Cyber Assets Defining/Implementing Electronic – Security Perimeters Access Controls Monitoring Controls

WebCast 5 May 2003 Scope Of The Proposed Standard Requires: (Cont.) Defining/Implementing Physical – Security Perimeters Access Controls Monitoring Controls Defining/Implementing Personnel Authorization Controls Security Awareness Training Information Protection Controls

WebCast 5 May 2003 Scope Of The Proposed Standard Requires: (Cont.) Cyber System Management Controls Cyber System Test Procedures Incident Response and Reporting for Cyber and Physical Security Recovery Planning

WebCast 5 May 2003 What Is Not In The Scope The definition of Critical Cyber Assets currently does not include process control systems, distributed control systems, or electronic relays installed in generating stations, switching stations and substations. Does not include cyber assets that otherwise support, operate, or interact with market operations.

WebCast 5 May 2003 Compliance Compliance is managed by the Regions There will be a self-certification process No financial penalties – letters only Acknowledgement of partial compliance acceptable for January 2004 Full compliance by January 2005

WebCast 5 May 2003 The Future Current review period ends May 11, 23:59 EDT Voting runs from May 12, 00:01 EDT to May 21, 23:59 EDT Requires 2/3 majority to pass If passed, it will be submitted to Board of Trustees at their June 10 meeting The Urgent Action standard expires after one year – a one year extension is possible

WebCast 5 May 2003 The Future Formal process to develop the permanent standard was initiated by CIPAG on May 2, Development will take at least a year The permanent standard will have two separate review and comment cycles – One to refine/finalize SAR requirements One to refine/finalize drafted standard

WebCast 5 May 2003 Questions Please submit questions via the conference line Questions can also be submitted to after the webcast

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.