Presentation is loading. Please wait.

Presentation is loading. Please wait.

ERCOT Technical Advisory Committee June 2, 2005

Published byMolly Leonard Modified over 5 years ago

Similar presentations

Presentation on theme: "ERCOT Technical Advisory Committee June 2, 2005"— Presentation transcript:

1 ERCOT Technical Advisory Committee June 2, 2005
Cyber Security Standard Update (Critical Infrastructure Protection) ERCOT Technical Advisory Committee June 2, 2005

2 Why Have a Cyber Security Standard?
Documented Cases of Cyber attacks Several SCADA Systems disabled due to virus attacks EMS & SCADA Systems moving toward more standard architectures with known vulnerabilities Higher risk of cyber incidents due to inside activities August 14, 2003 Northeast Blackout No evidence of terrorist activities, but recognition that the grid is vulnerable.

3 Cyber Security Standard Background
Cyber Security Standards Authorization Request (SAR) for Standard 1200 initiated in April 2003. The NERC Board of Trustees adopted this Standard into the NERC Compliance Enforcement Program (CEP) in August 2003. All Control Areas and Reliability Coordinators (ERCOT) in North America were expected to self-certify in the 1st Quarter 2005.

4 Cyber Security Standard Background (cont’d)
Standard 1200 is set to expire in August 2005 and will be replaced by Standard 1300. NERC is re-organizing its Standard’s naming and number conventions. Standard 1300 is now part of the Critical Infrastructure Protection (CIP) Policy. CIP-002 thru CIP-009 will replace 1301 thru 1308. Currently proposed to become effective on November 1, 2005.

5 Format/Numbering Changes
New standards as compared to sections in Draft Standard 1300 – Draft 1 Old Section # Topic New Std # 1301 Security Management Controls CIP-003-1 1302 Critical Cyber Assets CIP-002-1 1303 Personnel and Training CIP-004-1 1304 Electronic Security CIP-005-1 1305 Physical Security CIP-006-1 1306 Systems Security Management CIP-007-1 1307 Incident Reporting and Response Planning CIP-008-1 1308 Recovery Plans CIP-009-1

6 Who will the Standard Apply to?
Reliability Coordinator (RC) Ensures the reliability of the bulk transmission system within its Reliability Authority area. This is the highest reliability authority. Balancing Authority (BA) Integrates resource plans ahead of time, and maintains load-interchange-resource balance within its metered boundary and supports system frequency in real time Interchange Authority (IA) Authorizes valid and balanced Interchange Schedules Planning Authority (PA) Plans the bulk electric system Transmission Provider (TP) Provides transmission services to qualified market participants under applicable transmission service agreements Transmission Owner (TO) Owns transmission facilities Transmission Operator (TOP) Operates and maintains the transmission facilities, and executes switching orders Distribution Provider (DP) Provides and operates the “wires” between the transmission system and the customer Generator (GOP & GO) Owns and operates generation unit(s) or runs a market for generation products that performs the functions of supplying energy and Interconnected Operations Services Purchasing-Selling Entity (PSE) The function of purchasing or selling energy, capacity and all necessary Interconnected Operations Services as required Load-Serving Entity (LSE) Secures energy and transmission (and related generation services) to serve the end user

7 Standard 1200 Expectations
ERCOT as the Control Area & Reliability Coordinator self-certified in 1Q05 Annual self-certification is required of Control Areas and Reliability Coordinators All owner/operators of SCADA and EMS are expected to be in compliance, but are not required to self-certify There are no sanctions that can be imposed at this time

8 Implementation Schedule
CIP-001- Sabotage Reporting Effective April 1, 2005 for RCs, BAs, TOPs, GOPs, and LSEs. CIP-002 thru CIP-009 BAs, TOPs, RCs, TPs, NERC, & RROs auditably compliant with all requirements by 2Q09. IAs, TOs, GOs, GOPs, & LSEs auditably compliant within 36 months of registration to a Functional Model function.

9 Proposed Implementation Plan
Compliance Schedule for Standard CIP-004-1 Balancing Authorities and Transmission Operators Required to Self-certify to Urgent Action (UA) Standard 1200, and Reliability Coordinators 2nd Qtr 2006 2nd Qtr 2007 2nd Qtr 2008 2nd Qtr 2009 Requirement System Control Center Other Facilities Standard CIP – Personnel & Training R1 SC BW AC R2 R3 R4 AC - Auditably Compliant means the entity meets the full intent of the requirement and can prove compliance to an auditor. SC - Substantially Compliant means an entity has begun the process to become compliant with a requirement, but is not yet Auditably Compliant. BW - Begin Work means a responsible entity has developed a plan to address the requirements of a standard. Implementation Plan - Draft 3 contains comparable tables for the other Draft Standards.

10 Proposed Implementation Plan (cont’d)
Compliance Schedule for Standard CIP-004-1 Transmission Providers, those Balancing Authorities and Transmission Operators Not Required to Self-certify to UA Standard 1200, NERC, and Regional Reliability Organizations. 2nd Qtr 2006 2nd Qtr 2007 2nd Qtr 2008 Dec. 31, 2009 & Beyond Requirement All Facilities Standard CIP – Personnel & Training R1 BW SC AC R2 R3 R4 AC - Auditably Compliant means the entity meets the full intent of the requirement and can prove compliance to an auditor. SC - Substantially Compliant means an entity has begun the process to become compliant with a requirement, but is not yet Auditably Compliant. BW - Begin Work means a responsible entity has developed a plan to address the requirements of a standard. Implementation Plan - Draft 3 contains comparable tables for the other Draft Standards.

11 Standard CIP-004-1 – Personnel & Training
Proposed Implementation Plan (cont’d) Compliance Schedule for Standard CIP Interchange Authorities, Transmission Owners, Generator Owners, Generator Operators, and Load-Serving Entities Registration Registration + 12 months Registration + 24 Registration + 36 months Requirement All Facilities Standard CIP – Personnel & Training R1 BW SC AC R2 R3 R4 AC - Auditably Compliant means the entity meets the full intent of the requirement and can prove compliance to an auditor. SC - Substantially Compliant means an entity has begun the process to become compliant with a requirement, but is not yet Auditably Compliant. BW - Begin Work means a responsible entity has developed a plan to address the requirements of a standard. Implementation Plan - Draft 3 contains comparable tables for the other Draft Standards.

12 NERC Cyber Security Resources
Cyber Security Workshop Presentations NERC Urgent Action Cyber Security Standard 1200 NERC Cyber Security Standards NERC Cyber Security Cross-Reference Draft Implementation Plan for Cyber Security Standards NERC Reliability Standards

Download ppt "ERCOT Technical Advisory Committee June 2, 2005"

Similar presentations

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.
Federal Energy Regulatory Commission July 20091 Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
Interchange Authority Recommendations Board of Directors Meeting December 7, 2007.

Interchange Authority Recommendations Board of Directors Meeting December 7, 2007.
NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.
PER Update & Compliance Lessons Learned

PER Update & Compliance Lessons Learned
FRCC Fall Compliance Workshop October , 2013

FRCC Fall Compliance Workshop October , 2013
Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)

Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)
Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP 002 - 009 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP 002 - 009.

Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP
Standards Development: Update to IMO Regulatory Standing Committee May 14, 2003.

Standards Development: Update to IMO Regulatory Standing Committee May 14, 2003.
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst.

Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst.
NERC Functional Model AND HOW IT RELATES TO THE ERCOT REGION

NERC Functional Model AND HOW IT RELATES TO THE ERCOT REGION
1. 11/26/2012: NERC Board of Trustees adopted CIP v5 CIP-002-5 thru CIP-009-5 CIP-010-1 and CIP-011-1 Version 5 Filing FERC requested filing by 3/31/2013.

1. 11/26/2012: NERC Board of Trustees adopted CIP v5 CIP thru CIP CIP and CIP Version 5 Filing FERC requested filing by 3/31/2013.
BS Information Systems – University of Redlands BS Information Systems – University of Redlands AS Electronic Technology AS Electronic Technology Project.

BS Information Systems – University of Redlands BS Information Systems – University of Redlands AS Electronic Technology AS Electronic Technology Project.
Jeffery J. Gust IOWA INDUSTRIAL ENERGY GROUP FALL CONFERENCE Tuesday, October 14, 2014 MidAmerican Energy Company.

Jeffery J. Gust IOWA INDUSTRIAL ENERGY GROUP FALL CONFERENCE Tuesday, October 14, 2014 MidAmerican Energy Company.
Date Texas RE Board Update to TAC November 5, 2009 Susan Vincent Director, Legal Affairs.

Date Texas RE Board Update to TAC November 5, 2009 Susan Vincent Director, Legal Affairs.
ERCOT’S COMPLIANCE ASSESSMENT PROGRAM Mark Henry Compliance Manager March 23, 2005.

ERCOT’S COMPLIANCE ASSESSMENT PROGRAM Mark Henry Compliance Manager March 23, 2005.
Cyber Security Standard Workshop Status of Draft Cyber Security Standards Larry Bugh ECAR Standard Drafting Team Chair January 2005.

Cyber Security Standard Workshop Status of Draft Cyber Security Standards Larry Bugh ECAR Standard Drafting Team Chair January 2005.
June 6, 2007 TAC Meeting NERC Registration Issues Andrew Gallo, Assistant General Counsel, Litigation and Business Operations ERCOT Legal Dept.

June 6, 2007 TAC Meeting NERC Registration Issues Andrew Gallo, Assistant General Counsel, Litigation and Business Operations ERCOT Legal Dept.
Audit & Compliance Tips Jagan Mandavilli Senior Compliance Engineer.

Audit & Compliance Tips Jagan Mandavilli Senior Compliance Engineer.

Similar presentations

Ads by Google