PowerWorld & NERC Physical Security Station List.

Slides:

Advertisements

Similar presentations

Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

Advertisements

NERC New Approved Standards

Key Reliability Standard Spot Check Frank Vick Compliance Team Lead.

Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.

Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)

Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP

RFC Webinar June 17, 2009 Presented By: Mark Kuras Chair, UFLS SDT.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst.

Critical Infrastructure Protection Updates (CIP Compliance)

1. 11/26/2012: NERC Board of Trustees adopted CIP v5 CIP thru CIP CIP and CIP Version 5 Filing FERC requested filing by 3/31/2013.

Brett Wangen, Director of Engineering James O’Brien, Senior Engineer Peak Reliability CIP Guideline and Study Verification Service.

Jeffery J. Gust IOWA INDUSTRIAL ENERGY GROUP FALL CONFERENCE Tuesday, October 14, 2014 MidAmerican Energy Company.

Risk Management.

Physical Security CIP NERC Standing Committees December 9-10, 2014.

Mandatory Reliability Rules Implementing the Electric Reliability Organization David W. Hilt Vice President & Director of Compliance APPA Reliability Symposium.

Homeland Security Conference Symposium on Homeland Security & Defense Christopher Newport University May 18,

Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.

The Transmission Imperative November 3, 2011 Jay Caspary.

SafeZone® patent pending 1 Detect. Inform. Prevent. NERC Physical Security Standards and Guidelines SafeZone® Detect. Inform. Prevent.

ELECTRICAL CRITICAL INFRASTRUCTURE SECURITY Charles Hookham, P.E., M.ASCE, VP, Utility Projects HDR Engineering 1.

Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security

City of Leesburg Electric Department Internal Compliance Program (ICP)

Applying the Distribution System in Grid Restoration/NERC CIP-014 Risk Assessment Srijib Mukherjee, Ph.D., P.E. UC Synergetic.

Federal Energy Regulatory Commission June Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

Entity Registration Under EPAct 2005 Public Power Council April 6, 2006 Louise McCarren Chief Executive Officer WECC.

Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation - ERO Perspective David R. Nevius and Michael J. Assante 2009 NRC Regulatory.

NERC Compliance Program Overview FRCC 2007 Compliance Workshop April 4 and 11, 2007.

Texas Regional Entity Update Sam Jones Interim CEO and President Board of Directors July 18, 2006.

NERC Data Collection & Coordination. Rules of Procedure: Section 1600 Overview  NERC’s authority to issue a mandatory data request in the U.S. is contained.

1 Texas Regional Entity 2008 Budget Update May 16, 2007.

Overview of WECC and Regulatory Structure

Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.

Status Report for Critical Infrastructure Protection Advisory Group

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

Phoenix Convention Center Phoenix, Arizona When Prevention and Preparation May Not be Enough: Resilience and Recovery for the Electricity Sub-Sector Operational.

Role for Electric Sector in Critical Infrastructure Protection R&D Presented to NERC CIPC Washington D.C. June 9, 2005 Bill Muston Public Release.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Appendix C: Designing an Operations Framework to Manage Security.

WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.

Generation assets important to the reliable operation of the Bulk Electric System What does this mean?

1 RIC 2009 Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation George Wilson NRR/ADES/DE/EEEB March 11, 2009.

The Electric Reliability Organization: Getting from here to there. Gerry Cauley Director, Standards ERO Project Manager ERO Slippery Slope NERC Today Uphill.

Grid Reliability -- Needs of Nuclear Power Plants Joe McClelland, Director Division of Reliability Joint NRC/FERC Meeting April 24, 2006.

Updated 1/28/2011.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Lead in Agenda (Tracy Rolstad) CIP-014 Background (Metcalf) Compliance Attack Methods (General) Peak RC.

Employee Privacy at Risk? APPA Business & Financial Conference Austin, TX September 25, 2007 Scott Mix, CISSP Manager of Situation Awareness and Infrastructure.

Advanced Accounting Information Systems Day 19 Control and Security Frameworks October 7, 2009.

Security at FERC Energy Projects Energy Bar Association Mid-Year Meeting Robert J. Cupina, Deputy Director Office of Energy Projects Federal Energy Regulatory.

1 RIC 2009 Cyber Security at Nuclear Facilities Scott A. Morris Office of Nuclear Security & Incident Response March 11, 2009.

1 DOE Office of Electricity Delivery and Energy Reliability David Meyer – May 2005 Developing Policy Options To Enhance Security of Energy Supply for Electricity.

Fiscal Year 2007 Urban Area Security Initiative Nonprofit Security Grant Program Investment Justification Questions, Criteria, and Prioritization Methodology.

PGDTF Update to ROS November 5, 2015 Michael Juricek PGDTF Chairman 111/5/2015 ROS Meeting.

Homeland Security, First Edition © 2012 Pearson Education, Inc. All rights reserved. Overview of National Infrastructure Protection CHAPTER 3.

Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

CenterPoint Energy Proprietary and Confidential Information John Brockhan Summary of NERC HILF Activities April 26, 2016.

CS457 Introduction to Information Security Systems

MOPC Meeting Oct , 2016 Little Rock, AR

Aaron Clark-Ginsberg and Rebecca Slayton

Cyber Security Fingerprint Secure systems, protect production

NERC Cyber Security Standards Pre-Ballot Review

Understanding Existing Standards:

Pacific Power Seismic Preparedness Update

Role for Electric Sector in Critical Infrastructure Protection R&D

NERC Critical Infrastructure Protection Advisory Group (CIP AG)

Lead in Agenda (Tracy Rolstad)

Standards Review Subcommittee Update

Presentation transcript:

PowerWorld & NERC Physical Security Station List

Back Story 16 April 2013 PG&E Metcalf station attacked – It WAS in the press!!! (contrary to what you might read or hear) FERC Chairman(former) Jon Wellinghoff – Championed the issue of physical security – He has powerful help: Rep. Henry Waxman (D-Calif.) Sen. Harry Reid (D-Nevada) Sen. Dianne Feinstein (D-Calif.) Sen. Ron Wyden (D-Oregon)

Recent WSJ Article…the Back Story When seconds matter cops are only minutes away…

Security Briefing Industry Update – How Did We Get Here? Attack Ideas Available on the Internet 1/15/2013 Attacks on Critical Infrastructure Metcalf 4/16/2013 Arkansas 9/16/ “If someone decides to blast a transformer at its base as prepper Bryan Smith did, and the oil drains out, then the transformer either burns out catastrophically, or if the utility is lucky, a software routine notices the problem and shuts the substation (or at least the affected portion) down” ( owens.com/2013/01/shock-the-system/) owens.com/2013/01/shock-the-system/

Security Briefing Industry Update – How Did We Get Here? Press Reports Fan The Flames… and Politics in Action…

The Standard (CIP ) Identify Stations on the “List” – All 500 kV stations – 200 kV to 499 kV with 3 or more lines and where the summed aggregate of the lines exceed 3000 (see table for weights): Voltage Value of a LineWeight Value per Line less than 200 kV (not applicable) (not applicable) 200 kV to 299 kV kV to 499 kV kV and above0

FERC Docket No. RD days of the ORDER…not the Federal Register

Read It Here RD pdf RD pdf

What the?

What Policy Makers Hear! OMG! So NOT true!!!

FERC says Standards should… …require owners or operators of the Bulk-Power System to perform a risk assessment of their systems to identify their “critical facilities.” …require owners or operators of the identified critical facilities to evaluate the potential threats and vulnerabilities to those identified facilities. …require those owners or operators of critical facilities to develop and implement a security plan designed to protect against attacks to those identified critical facilities based on the assessment of the potential threats and vulnerabilities to their physical security.

FERC wants Oversight In addition, the risk assessment used by an owner or operator to identify critical facilities should be verified by an entity other than the owner or operator. Such verification could be performed by NERC, the relevant Regional Entity, a Reliability Coordinator, or another entity. The Reliability Standards should include a procedure for the verifying entity, as well as the Commission, to add or remove facilities from an owner’s or operator’s list of critical facilities Columbia Grid?

CIP Applicability

CIP Requirement R1

CIP Requirement R2

Risk Assessment Risk equals – Probability * Consequences Good luck with sorting out the probability problem… Examples of Risk Assessment gone bad – Katrina (New Orleans) – Fukushima Daiichi Nuclear Power Station – Sandy (New York) – Challenger & Columbia – Thresher & Scorpion

Threat Profile (G/Y/R)