Presentation is loading. Please wait.

Presentation is loading. Please wait.

NERC Cyber Security Standards Pre-Ballot Review

Published byTheodora Pope Modified over 5 years ago

Similar presentations

Presentation on theme: "NERC Cyber Security Standards Pre-Ballot Review"— Presentation transcript:

1 NERC Cyber Security Standards Pre-Ballot Review

2 Background President’s Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action Cyber Security Standards 1200 Joint US-Canada Task Force Report on the August 2003 Blackout National Infrastructure Protection Plan

3 General Numerous comments received on Draft 3 Comments focused on technical issues Comments represented industry consensus

4 General Ensured that requirements are clear and concise. Eliminated redundancy between the standards. Ensured that levels of noncompliance correctly align with the requirements and are auditable. Removed references to IAW/SOP

5 Definitions The definition of Critical Assets was changed to remove the references to “large quantities of customers” and “significant risk to public health and safety.” The new definition is “Facilities, systems, and equipment which, if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the Bulk Electric System.”

6 CIP-002 Critical Cyber Asset Identification
List of Required Critical Assets in Requirement 1 was removed. R1 divided into two requirements: “R1. Critical Asset Identification Method” and “R2. Critical Asset Identification.” (New R1 requires Responsible Entities to identify and document a risk-based assessment methodology that shall consider, at a minimum, certain assets as listed in the standard.) R2 requires Responsible Entities to apply the risk-based assessment methodology required in R1 to identify their lists of Critical Assets. The assets listed for consideration no longer contain references to “IROL” or “80% or greater of the largest single contingency within the Regional Reliability Coordinator.”

7 CIP-004 Personnel and Training
The update period for Personnel Risk Assessment was extended to 7 years. The review period was changed to be consistent with the update period. Personnel risk assessments and training no longer need to be completed prior to permitting authorized cyber or authorized unescorted physical access; rather, they must be conducted within 90 calendar days of personnel being granted such access.

8 Other Changes of Significance
CIP-003 – Security Management Controls Provision for emergency situations Removed “test environment” from Change Management CIP-005 – Electronic Security Perimeter(s) Removed requirement for port scanning

9 Implementation Plan for Standards
Implementation plan has been modified to recognize the time necessary to fully implement these standards. New phase of compliance has been added to the tables. Begin Work (BW) has been clarified to mean a Responsible Entity has developed and approved a plan to address the requirements of a standard, has begun to identify and plan for necessary resources, and has begun implementing the requirements. This new phase is “C” for compliance, which means that a Responsible Entity is in compliance with the requirements of the standards, but has not yet had the time necessary to compile a full calendar year’s worth of documentation where necessary.

10 Ballot Process Balloting opens Feb. 17th for ten days
Drafting Team will respond to any negative comments If necessary, recirculation balloting will be conducted Persons interested in voting must be registered to ballot pool by Feb. 17th

11 And now it’s time for your questions and comments.
Larry Bugh Chair, Cyber Security Standards Drafting Team

Download ppt "NERC Cyber Security Standards Pre-Ballot Review"

Similar presentations

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.
Federal Energy Regulatory Commission July 20091 Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.
Course Material Overview of Process Safety Compliance with Standards

Course Material Overview of Process Safety Compliance with Standards
STATUS OF BULK ELECTRIC SYSTEM DEFINITION PROJECT

STATUS OF BULK ELECTRIC SYSTEM DEFINITION PROJECT
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
PER-005-2.

PER
PER Update & Compliance Lessons Learned

PER Update & Compliance Lessons Learned
Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.

Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.
Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)

Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)
Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP 002 - 009 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP 002 - 009.

Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP
Compliance Application Notice Process Update and Discussion with NERC MRC.

Compliance Application Notice Process Update and Discussion with NERC MRC.
Cyber Security Plan Implementation Presentation to CMBG Glen Frix, Duke Energy June 20, 2010 1.

Cyber Security Plan Implementation Presentation to CMBG Glen Frix, Duke Energy June 20,
Project 2008-06 Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.
1. 11/26/2012: NERC Board of Trustees adopted CIP v5 CIP-002-5 thru CIP-009-5 CIP-010-1 and CIP-011-1 Version 5 Filing FERC requested filing by 3/31/2013.

1. 11/26/2012: NERC Board of Trustees adopted CIP v5 CIP thru CIP CIP and CIP Version 5 Filing FERC requested filing by 3/31/2013.
Jeffery J. Gust IOWA INDUSTRIAL ENERGY GROUP FALL CONFERENCE Tuesday, October 14, 2014 MidAmerican Energy Company.

Jeffery J. Gust IOWA INDUSTRIAL ENERGY GROUP FALL CONFERENCE Tuesday, October 14, 2014 MidAmerican Energy Company.
Cyber Security Standard Workshop Status of Draft Cyber Security Standards Larry Bugh ECAR Standard Drafting Team Chair January 2005.

Cyber Security Standard Workshop Status of Draft Cyber Security Standards Larry Bugh ECAR Standard Drafting Team Chair January 2005.
June 6, 2007 TAC Meeting NERC Registration Issues Andrew Gallo, Assistant General Counsel, Litigation and Business Operations ERCOT Legal Dept.

June 6, 2007 TAC Meeting NERC Registration Issues Andrew Gallo, Assistant General Counsel, Litigation and Business Operations ERCOT Legal Dept.
Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.

Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.
Update in NERC CIP Activities June 5, 2014. 2 Update on CIP-014-1 Update on Revisions to CIP Version 5 –BES Cyber Asset Survey –Implementation Plan Questions.

Update in NERC CIP Activities June 5, Update on CIP Update on Revisions to CIP Version 5 –BES Cyber Asset Survey –Implementation Plan Questions.

Similar presentations

Ads by Google