Presentation is loading. Please wait.

Presentation is loading. Please wait.

NERC Cyber Security Standard

Published byLesley Atkinson Modified over 5 years ago

Similar presentations

Presentation on theme: "NERC Cyber Security Standard"— Presentation transcript:

1 NERC Cyber Security Standard
Overview of Proposed Cyber Security Standard WebCast 5 May 2003

2 AGENDA Why A Cyber Security Standard Is Needed
Why Initiate An Urgent Action Standard Scope Of The Proposed Cyber Security Standard What Is Not In The Scope Compliance The Future For The Cyber Security Standard Q&A WebCast 5 May 2003

3 Why A Cyber Security Standard Is Needed
Due Diligence Responsibility to Stakeholders Responsibility to Interdependent Critical Infrastructures Industry Defined Practices If the Electricity Sector is not able to self-regulate, the federal government will regulate for us. WebCast 5 May 2003

4 Why Initiate An Urgent Action Standard
There has been a rapid increase in the number of reported cyber security incidents January 2003 SQL Slammer Worm Impacted Electricity Sector organizations March 2003 Federal Advisory regarding foreign attack scenarios Weakest Link Principle - The bulk electric system is highly inter-connected, a vulnerability for one can be a vulnerability for all WebCast 5 May 2003

5 Why Initiate An Urgent Action Standard
“A spectrum of malicious actors can and do conduct attacks against our critical information infrastructures. Of primary concern is the threat of organized cyber attacks capable of causing debilitating disruption to our Nation’s critical infrastructures, economy, or national security.” The National Strategy to Secure Cyberspace, The President’s Critical Infrastructure Protection Board, February 2003 WebCast 5 May 2003

6 Scope Of The Proposed Standard
Applies to Reliability Authority, Balancing Authority, Interchange Authority, Transmission Service Provider, Transmission Operator, Generator, or Load-Serving Entity functions that manage Critical Cyber Assets. Critical Cyber Assets are those computers, including software and data, and communication networks that support, operate, or otherwise interact with the bulk electric system operations. WebCast 5 May 2003

7 Scope Of The Proposed Standard
Requires: Establishing a Cyber Security Program Policy and Procedures Identify Accountable Management Identifying/Documenting Critical Cyber Assets Defining/Implementing Electronic – Security Perimeters Access Controls Monitoring Controls WebCast 5 May 2003

8 Scope Of The Proposed Standard
Requires: (Cont.) Defining/Implementing Physical – Security Perimeters Access Controls Monitoring Controls Defining/Implementing Personnel Authorization Controls Security Awareness Training Information Protection Controls WebCast 5 May 2003

9 Scope Of The Proposed Standard
Requires: (Cont.) Cyber System Management Controls Cyber System Test Procedures Incident Response and Reporting for Cyber and Physical Security Recovery Planning WebCast 5 May 2003

10 What Is Not In The Scope The definition of Critical Cyber Assets currently does not include process control systems, distributed control systems, or electronic relays installed in generating stations, switching stations and substations. Does not include cyber assets that otherwise support, operate, or interact with market operations. WebCast 5 May 2003

11 Compliance Compliance is managed by the Regions
There will be a self-certification process No financial penalties – letters only Acknowledgement of partial compliance acceptable for January 2004 Full compliance by January 2005 WebCast 5 May 2003

12 The Future Current review period ends May 11, 23:59 EDT
Voting runs from May 12, 00:01 EDT to May 21, 23:59 EDT Requires 2/3 majority to pass If passed, it will be submitted to Board of Trustees at their June 10 meeting The Urgent Action standard expires after one year – a one year extension is possible WebCast 5 May 2003

13 The Future Formal process to develop the permanent standard was initiated by CIPAG on May 2, 2003. Development will take at least a year The permanent standard will have two separate review and comment cycles – One to refine/finalize SAR requirements One to refine/finalize drafted standard WebCast 5 May 2003

14 Questions Please submit questions via the conference line
Questions can also be submitted to after the webcast WebCast 5 May 2003

Download ppt "NERC Cyber Security Standard"

Similar presentations

Federal Energy Regulatory Commission July 20091 Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.

NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.
Homeland Security at the FCC July 10, 2003. FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.

Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.
Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.

Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.
Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)

Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)
Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP 002 - 009 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP 002 - 009.

Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP
Standards Development: Update to IMO Regulatory Standing Committee May 14, 2003.

Standards Development: Update to IMO Regulatory Standing Committee May 14, 2003.
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst.

Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Jeffery J. Gust IOWA INDUSTRIAL ENERGY GROUP FALL CONFERENCE Tuesday, October 14, 2014 MidAmerican Energy Company.

Jeffery J. Gust IOWA INDUSTRIAL ENERGY GROUP FALL CONFERENCE Tuesday, October 14, 2014 MidAmerican Energy Company.
Physical Security CIP-014-1 NERC Standing Committees December 9-10, 2014.

Physical Security CIP NERC Standing Committees December 9-10, 2014.
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
Cyber Security Standard Workshop Status of Draft Cyber Security Standards Larry Bugh ECAR Standard Drafting Team Chair January 2005.

Cyber Security Standard Workshop Status of Draft Cyber Security Standards Larry Bugh ECAR Standard Drafting Team Chair January 2005.
+ PROJECT BACKGROUND: KENYA THE NEED FOR CONSUMER PARTICIPATION IN THE REFORMS PROCESS OF THE ELECTRICTY SUB-SECTOR Susanne Rabisch, CUTS Nairobi.

+ PROJECT BACKGROUND: KENYA THE NEED FOR CONSUMER PARTICIPATION IN THE REFORMS PROCESS OF THE ELECTRICTY SUB-SECTOR Susanne Rabisch, CUTS Nairobi.
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.

K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
Homeland Security Conference Symposium on Homeland Security & Defense Christopher Newport University May 18, 2015 1.

Homeland Security Conference Symposium on Homeland Security & Defense Christopher Newport University May 18,
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security

Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security
Federal Energy Regulatory Commission June 20091 Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

Federal Energy Regulatory Commission June Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

Similar presentations

Ads by Google