Federal Energy Regulatory Commission July 20091 Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

Slides:

Advertisements

Similar presentations

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.

Advertisements

Reliability in British Columbia

NERC Orientation Joint Guidance Committee WECC Leadership

Notice of Proposed Rulemaking on Standards WECC Board of Directors Meeting December 7-8, 2006.

BAL-002-WECC-1 Contingency Reserves

Interpreting Regional Criteria and Regional Standards Brian Silverstein Board of Directors April, 2010.

Panel 3D = XML file pointer 08/09/20091 LHCb calorimeter meeting (jean-luc PANAZOL)

K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.

Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.

Update in NERC CIP Activities September 4, Update on CIP Update on Revisions to CIP Version 5  -x Posting  v6 Posting Questions Agenda.

Steve Rueckert Director of Standards Standards Update June 5, 2014 Joint Guidance Committee Meeting Salt Lake City, UT.

Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)

Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst.

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

2009 Performance Assessment Member Representatives Committee Meeting October 28, 2008.

1. 11/26/2012: NERC Board of Trustees adopted CIP v5 CIP thru CIP CIP and CIP Version 5 Filing FERC requested filing by 3/31/2013.

BS Information Systems – University of Redlands BS Information Systems – University of Redlands AS Electronic Technology AS Electronic Technology Project.

Jeffery J. Gust IOWA INDUSTRIAL ENERGY GROUP FALL CONFERENCE Tuesday, October 14, 2014 MidAmerican Energy Company.

Physical Security CIP NERC Standing Committees December 9-10, 2014.

Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.

Update in NERC CIP Activities June 5, Update on CIP Update on Revisions to CIP Version 5 –BES Cyber Asset Survey –Implementation Plan Questions.

Ontario Overview Dave Short Senior Regulatory Analyst, Regulatory Affairs IESO’s ERO Workshop – June 28, 2006.

GOP and QSE Relationship Jeff Whitmer Manager, Compliance Assessments Talk with Texas RE June 25, 2012.

Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security

Lessons Learned in Smart Grid Cyber Security

City of Leesburg Electric Department Internal Compliance Program (ICP)

Federal Energy Regulatory Commission June Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

1 Arizona Corporation Commission BTA Workshop Presenter: Steven Cobb May 23, 2008.

Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation - ERO Perspective David R. Nevius and Michael J. Assante 2009 NRC Regulatory.

Implementing the New Reliability Standards Status of Draft Cyber Security Standards CIP through CIP Larry Bugh ECAR Standard Drafting Team.

NERC Compliance Program Overview FRCC 2007 Compliance Workshop April 4 and 11, 2007.

Texas Regional Entity Update Sam Jones Interim CEO and President Board of Directors July 18, 2006.

Actions Affecting ERCOT Resulting From The Northeast Blackout ERCOT Board Of Directors Meeting April 20, 2004 Sam Jones, COO.

Overview of WECC and Regulatory Structure

1. 2 NERC Bulk Electric System (BES) Definition (NERC Glossary of Terms Used in Reliability Standards) FERC Order 693 FRCC Handbook Review Task Force.

K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.

Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.

Status Report for Critical Infrastructure Protection Advisory Group

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

FCC Field Hearing on Energy and the Environment Monday November 30, 2009 MIT Stratton Student Center, Twenty Chimneys Peter Brandien, Vice President System.

Project (COM-001-3) Interpersonal Communications Capabilities Michael Cruz-Montes, CenterPoint Energy Senior Consultant, Policy & Compliance, SDT.

Item 5d Texas RE 2011 Budget Assumptions April 19, Texas RE Preliminary Budget Assumptions Board of Directors and Advisory Committee April 19,

WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.

Paragraph 81 Project. 2RELIABILITY | ACCOUNTABILITY Background FERC March 15, 2012 Order regarding the Find, Fix, Track and Report (FFT) process  Paragraph.

1 RIC 2009 Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation George Wilson NRR/ADES/DE/EEEB March 11, 2009.

The Electric Reliability Organization: Getting from here to there. Gerry Cauley Director, Standards ERO Project Manager ERO Slippery Slope NERC Today Uphill.

Project Cyber Security Order 706 Version 5 CIP Standards Potential to Adversely Impact ERCOT Black Start Capability.

Date CIP Standards Update Chris Humphreys Texas RE CIP Compliance.

Compliance Update September Control Performance Highlights  NERC CPS1 Performance ERCOT’s August score was ERCOT’s CPS1 scores show significant.

ERCOT VRT Voltage Ride Through Standards. Standards Groups Edison Electric Institute (EEI) National Electrical Manufactures Association (NEMA) American.

Electric Reliability Organization and Issues in Texas Technical Advisory Committee January 4, 2006 Jess Totten Director, Electric Industry Oversight Division.

SAR 001 DT Presentation Texas RE Presentation to SAR-001 Drafting Team Farzaneh Tafreshi Manager, Reliability Standards Texas Regional Entity.

Reliability Standards Development Plan David Taylor Manager Standards Development Standards Committee Meeting June 12-13, 2008.

WECC Regional Standards Update

ERCOT Technical Advisory Committee June 2, 2005

NERC TPL Standard Overview

NERC Cyber Security Standards Pre-Ballot Review

Understanding Existing Standards:

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Cyber System-Centric Approach To Cyber Security and CIP

NERC Cyber Security Standard

The Electric Reliability Organization: Getting from here to there.

Reliability Standards Development Plan

NERC Reliability Standards Development Plan

Larry Bugh ECAR Standard Drafting Team Chair June 1, 2005

NERC Reliability Standards Development Plan

Standards Development Process

Presentation transcript:

Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal Energy Regulatory Commission

July The views expressed in this presentation do not represent the views of the Federal Energy Regulatory Commission or of the United States Disclaimer

Federal Energy Regulatory Commission July Increased Cyber Security Concerns Automation & Data Gathering Connectivity of Control Systems –To Corporate Computers –To Vendors Use of Wireless Communications Interest of –Nation States – the equalizer –Hackers –Criminals –To Internet –To Remote Maintenance

Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Historically – Voluntary Standards Urgent Action Standard 1200 –Voluntary –Adopted by NERC Summit 2003 –Replaced by CIP thru CIP-009-1, June 2006

Federal Energy Regulatory Commission July Enforcement of Reliability Standards Western Electricity Coordinating Council Midwest Reliability Organization Southwest Power Pool, Inc Electric Reliability Council of Texas Northeast Power Coordinating Council Reliability First Corp SERC Reliability Corp. Florida Reliability Coordination Council NERC has regional delegation agreements with 8 Regional Entities

Federal Energy Regulatory Commission July Standards Development Process Standard Authorization Request Drafting Team Formed Proposed Standard Developed Comments Solicited Ballot –Quorum: 75% of Ballot Pool –Approval: 2/3 of Weighted Segment Votes Re-ballot? Board of Trustees Approval FERC & Canadian Approvals (w/ Public Comments)

Federal Energy Regulatory Commission July CIP Standards Continued I. Management involvement Security of sensitive information Cyber security training Personnel risk

Federal Energy Regulatory Commission July CIP Standards Continued II. Physical security of critical cyber assets Change control Access control Electronic security perimeters Critical Assets - Facilities, systems, and equipment which, if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the Bulk Electric System.

Federal Energy Regulatory Commission July FERC Approval of CIP Standards Order No. 706 January 18, 2008 Required many modifications –Critical Asset identification – required a wide-area oversight –Exceptions to Compliance – required oversight & approval mechanism –Reasonable Business Judgment language – required removal –Defense in Depth –Revoke Access Authorization

Federal Energy Regulatory Commission July Order No. 706 Modifications Phase I (Version 2 of CIP Standards) Low-hanging fruit Reasonable Business Judgment language removed Approved by Ballot Body & NERC BoT Filed with FERC May 22 Expect two more phases

Federal Energy Regulatory Commission July Proposed Policy Statement and Action Plan March 19, 2009 Docket No. PL Ultimately: Prioritize development of key interoperability standards Provide guidance on cyber security Provide interim rate policy

Federal Energy Regulatory Commission July Proposed Smart Grid Policy A smarter grid would permit two-way communication between the electric system and a much larger number of devices located outside of controlled utility environments Interoperability standards and protocols leave no gaps in cyber or physical security

Federal Energy Regulatory Commission July Proposed Smart Grid Policy Maintain compliance with Commission-approved Reliability Standards Technologies must address: –Integrity of data –Authentication of communications –Logging of all modifications – none unauthorized –Physical protection of devices –Potential impact of unauthorized use of devices