Cyber Security Standard Workshop Status of Draft Cyber Security Standards Larry Bugh ECAR Standard Drafting Team Chair January 2005.

Slides:



Advertisements
Similar presentations
NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.
Advertisements

CIP Cyber Security – Security Management Controls
Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.
Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)
1 Compliance Guidance for Initial Compliance Review Dates Lew Folkerth 2Q2010 Webinar June 22, 2010.
Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.
TIA Engineering Manual 6 th Edition Preview and Overview.
Bryan J. Carr, PMP, CISA Compliance Auditor, Cyber Security
Information Security Policies and Standards
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
June 6, 2007 TAC Meeting NERC Registration Issues Andrew Gallo, Assistant General Counsel, Litigation and Business Operations ERCOT Legal Dept.
Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.
Update in NERC CIP Activities June 5, Update on CIP Update on Revisions to CIP Version 5 –BES Cyber Asset Survey –Implementation Plan Questions.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Compliance Monitoring Audit Tutorial Version 1.0 April 2013.
Loss Control Program Compliance Audits An overview of the purpose and procedures of program auditing.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
CIP 43 ReliabilityFirst Audit Observations ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Tony Purgar, Sr. Consultant - Compliance.
Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security
Atlanta Public Schools Project Management Framework Proposed to the Atlanta Board of Education to Complete AdvancED/SACS “Required Actions” January 24,
Unit 8:COOP Plan and Procedures  Explain purpose of a COOP plan  Propose an outline for a COOP plan  Identify procedures that can effectively support.
Implementing the New Reliability Standards Status of Draft Cyber Security Standards CIP through CIP Larry Bugh ECAR Standard Drafting Team.
Roles and Responsibilities
SPP.org 1. EMS Users Group – CIP Standards The Compliance Audits Are Coming… Are You Ready?
Oilpalm.wildasia.org RSPO SCC Standard Group Certification (Part 3) RSPO LEAD AUDITOR SERIES SCCS M2c May 2013.
Introduction to the ISO series ISO – principles and vocabulary (in development) ISO – ISMS requirements (BS7799 – Part 2) ISO –
Actions Affecting ERCOT Resulting From The Northeast Blackout ERCOT Board Of Directors Meeting April 20, 2004 Sam Jones, COO.
1 CIP Cyber Security – Personnel & Training Steve Garn CIP Compliance Workshop Baltimore, MD August 19-20, 2009 © ReliabilityFirst Corporation.
K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.
Project System Protection Coordination Requirement revisions to PRC (ii) Texas Reliability Entity NERC Standards Reliability Subcommittee.
Project (COM-001-3) Interpersonal Communications Capabilities Michael Cruz-Montes, CenterPoint Energy Senior Consultant, Policy & Compliance, SDT.
Item 5d Texas RE 2011 Budget Assumptions April 19, Texas RE Preliminary Budget Assumptions Board of Directors and Advisory Committee April 19,
Project Real-time Monitoring and Analysis Capabilities Mark Olson, Senior Standards Developer Texas RE NSRS October 5, 2015.
WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.
Paragraph 81 Project. 2RELIABILITY | ACCOUNTABILITY Background FERC March 15, 2012 Order regarding the Find, Fix, Track and Report (FFT) process  Paragraph.
Project Kick-off Meeting Presented By: > > > > Office of the Chief Information Officer.
Company Confidential Registration Management Committee (RMC) AS9104/2A Presentation San Diego, CA January 17, 2013 Tim Lee The Boeing Company 1 Other Party.
Date CIP Standards Update Chris Humphreys Texas RE CIP Compliance.
Employee Privacy at Risk? APPA Business & Financial Conference Austin, TX September 25, 2007 Scott Mix, CISSP Manager of Situation Awareness and Infrastructure.
Exit Capacity Substitution and Revision Transmission Workstream meeting, 3 rd December 2009.
NERC Project S ystem Protection Coordination - PRC-027​ Presentation to the NSRS Conference Call April 20, 2015 Sam Francis Oncor Electric Delivery.
Page 1 of 13 Texas Regional Entity ROS Presentation April 16, 2009 T EXAS RE ROS P RESENTATION A PRIL 2009.
Tony Purgar June 22,  Background  Portal Update ◦ CIP 002 thru 009 Self Certification Forms  Functional Specific (i.e. BA, RC, TOP – SCC, Other)
Consideration Of Updates And Additional Revisions To Procedures For Conducting Board and Committee Activities Board Item # 2.
Projects System Protection Coordination Draft 2 of TOP Texas Reliability Entity NERC Standards Reliability Subcommittee November 2, 2015.
Company LOGO. Company LOGO PE, PMP, PgMP, PME, MCT, PRINCE2 Practitioner.
Planning Coordinator - Gap Resolution Team Lorissa Jones – GRT Chair PCC Update March 2016 W ESTERN E LECTRICITY C OORDINATING C OUNCIL.
Company Confidential Registration Management Committee RMC Auditor Workshop Charleston, SC July Ballot: What is it all about? Information.
Project Standard Drafting Team (IRO SDT) Stephen Solis, IRO-SDT NSRS Meeting June 1, 2015.
MOPC Meeting Oct , 2016 Little Rock, AR
Session objectives After completing this session you will:
Standards Subject to Future Enforcement 2017
ERCOT Technical Advisory Committee June 2, 2005
NERC Cyber Security Standards Pre-Ballot Review
Understanding Existing Standards:
Larry Bugh ECAR Standard Drafting Team Chair January 2005
Larry Bugh ECAR Standard Drafting Team Chair January 2005
NERC Critical Infrastructure Protection Advisory Group (CIP AG)
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
NERC Cyber Security Standard
Exit Capacity Substitution and Revision
NERC Reliability Standards Development Plan
Larry Bugh ECAR Standard Drafting Team Chair June 1, 2005
IAQG 9120:2009 Revision Overview
What Is VQIP? FDA required to establish a program to provide for the expedited review of food imported by voluntary participants. Eligibility is limited.
NERC Reliability Standards Development Plan
WebCast on Draft Cyber Security Standard 1300 October 18, 2004
Lyn Provost, IAASB Member and Task Force Chair IAASB Meeting
Presentation transcript:

Cyber Security Standard Workshop Status of Draft Cyber Security Standards Larry Bugh ECAR Standard Drafting Team Chair January 2005

2 Agenda for This Session ● Status Update ● Format/Numbering Changes ● Other Major Changes ● Transition from Standard 1200 to new Cyber Security Standards ● Proposed Development Schedule ● Proposed Implementation Plan

3 Status Update ● Draft 1 of standard and FAQ posted Sep. 15 th for public comment ● Webcast conducted Oct. 18th ● Draft 2 of standards and FAQ posted Jan. 17, 2005 for 30 days ● Draft 1 of Proposed Implementation Plan posted Jan. 17, 2005 for 30 days ● Development Highlights posted.

4 Agenda for This Session ● Status Update ● Format/Numbering Changes ● Other Major Changes ● Transition from Standard 1200 to new Cyber Security Standards ● Proposed Development Schedule ● Proposed Implementation Plan

5 Format/Numbering Changes ● New numbering scheme for NERC Reliability Standards ● New format for NERC Reliability Standards  All requirements together, all measures, etc.  Option to keep 1300 as one standard or separate standards ● Decided to separate by section ● One implementation plan ● Likely ballot as a package

6 Format/Numbering Changes New standards as compared to sections in Draft Standard 1300 – Draft 1 Old Section #TopicNew Std # 1301Security Management ControlsCIP Critical Cyber AssetsCIP Personnel and TrainingCIP Electronic SecurityCIP Physical SecurityCIP Systems Security ManagementCIP Incident Reporting and Response Planning CIP Recovery PlansCIP-009-1

7 Agenda for This Session ● Status Update ● Format/Numbering Changes ● Other Major Changes ● Transition from Standard 1200 to new Cyber Security Standards ● Proposed Development Schedule ● Proposed Implementation Plan

8 Other Major Changes ● Overall  Applicable entities with no critical cyber assets exempt from CIP through CIP  Definitions revised.  Definition for Critical Cyber Asset revised.  Standards do not apply to nuclear facilities. ● CIP – Critical Cyber Assets (1302)  Reinforced relationship of critical assets to operations  Modified criteria for generation/generation control  Documentation/Protection of all cyber assets within the ePerimeter ● CIP – Security Management Controls (1301)  Moved Change Management requirements from CIP to this standard.

9 Other Major Changes ● CIP – Personnel and Training (1303)  Background Screening" was changed to "Personnel Risk Assessment", based upon several comments, and to be more inclusive in application.  SSN verification was changed to "Identity Verification" to provide for legal variance between the laws in member entity's countries.  The wording "unrestricted access" was changed to "authorized access" throughout for consistency and clarity.  Access revocation and records change requirements under this section were changed throughout to "7 calendar days, and 24 hours for personnel terminated for cause" for flexibility and consistency.  We did not add drug screening to the requirements, despite several comments, due to the complexity and administrative issues associated with that area. Companies are free to pursue measures beyond the Standard, which seeks to set the baseline.

10 Other Major Changes (con’t) ● CIP – Electronic Security (1304)  Clarified requirement for strong technical and procedural controls for access to perimeter  Technical feasibility caveat added for banners  Fixed inconsistency in levels of non-compliance ● CIP – Physical Security (1305)  Requirements section was updated to more clearly define the physical security elements of the Security Plan.  Physical security perimeter requirement was clarified, removing references to assigned security levels, and modifying the four-wall boundary concept.  Updated levels of non-compliance for consistency across all proposed NERC Cyber Security Standards.  CCTV monitoring control was modified to include the point of facility access as a monitoring point.  Manual logging control was modified to include remote verification as a means of ensuring completeness.

11 Other Major Changes (con’t) ● CIP – Systems Security Management (1306)  Reference to "unattended facilities" was added and a delineation for requirements between "attended" and "unattended" facilities was included in sub-sections where appropriate.  In draft one, for a few sub-sections, requirements were indicated in the measures section. In draft two, this was cleared up and requirements were moved to the requirements section.  Risk based assessment was added to the Security Patch Management section for determining patch applicability.  Review requirements were updated for consistency.  A statement was added to the Retention of System Logs section to indicate the entity is responsible for determining their logging strategy.  Clarified various terms & concepts (i.e., potential vs. known vulnerabilities, end-user accounts, generic account policy)

12 Other Major Changes (con’t) ● CIP – Incident Reporting and Response Planning (1307)  Combined Incident and Security Incident definitions to create a new definition: Cyber Security Incident  Changed the title to Incident Reporting and Response Planning to better reflect standard scope  Updated introduction paragraph to clarify the requirements of the standard  Updated the Cyber Security Incident Reporting requirement to reflect that the responsible entity is accountable for ensuring that the Electricity Sector Information and Analysis Center (ES ISAC) receives the cyber security incident report  If a cyber security incident occurs and is not reported to the ES ISAC it will now result in level three noncompliance  Includes minor formatting changes to make the requirement, measurement, and non-compliance sections clearer.

13 Other Major Changes (con’t) ● CIP – Recovery Plans (1308)  The third paragraph was moved to the FAQ as it primarily explained the degree of recovery required in consideration of the expected impact and risk involved.  The requirement to 'post' a recovery contact list was stricken from the Standard. The drafting team agreed with several comments made that posting a contact list is procedural and often unacceptable depending on the situation at that location.  Some grammar, structure and clarification were made in keeping with comments posted.

14 Agenda for This Session ● Status Update ● Format/Numbering Changes ● Other Major Changes ● Transition from UA Standard 1200 to new Cyber Security Standards ● Proposed Development Schedule ● Proposed Implementation Plan

15 Transition from 1200 – new Cyber Security Standards ● Drafting Team recognizes impact of changes. ● Implementation plan proposes to phase in new requirements. ● 1 st draft of implementation plan posted w/draft 2

16 Agenda for This Session ● Status Update ● Format/Numbering Changes ● Other Major Changes ● Transition from Standard 1200 to new Cyber Security Standards ● Proposed Development Schedule ● Proposed Implementation Plan

17 Proposed Development Schedule ● Tentative posting/review schedule for CIP — CIP-009-1:  Jan 17 - Feb 17Post Draft 2 for a 30-day comment period (abbreviated period).  Feb 2Conduct a Webcast for the Registered Ballot Body  Feb 18 - March 15 Resolve comments on Draft 2 and prepare Draft 3.  March 15 - April 30Post draft 3 for a 45-day comment period  May 1 – May 31Resolve comments on Draft 3 and prepare final draft  June 1 – June 30Post final draft for 30-day review prior to ballot  July 1 – July 31Hold two rounds of balloting (includes time to respond to first ballots cast with negative comments.)  August 1 – 31Post for 30 days prior to BOT adoption into the compliance program (assuming a positive vote by the ballot pool)

18 Agenda for This Session ● Status Update ● Format/Numbering Changes ● Other Major Changes ● Transition from Standard 1200 to new Cyber Security Standards ● Proposed Development Schedule ● Proposed Implementation Plan

19 Proposed Implementation Plan Sample Compliance Schedule for Standards CIP through CIP (from Implementation Plan – Draft 1) 1 st Qtr st Qtr & Beyond Requirement Control Center Other Facilities Control Center Other Facilities Control Center Other Facilities Standard CIP – Personnel & Training BA & RC R1ACSCAC R2ACSCAC R3ACSCAC R4SC AC Implementation Plan – Draft 1 contains comparable tables for Draft Standards CIP through CIP AC - Auditably Compliant means the entity meets the full intent of the requirement and can prove compliance to an auditor. SC - Substantially Compliant means an entity has begun the process to become compliant with a requirement, but is not yet Auditably Compliant.

20 Contact info: Larry Bugh – ECAR

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.