Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security Standard Workshop Status of Draft Cyber Security Standards Larry Bugh ECAR Standard Drafting Team Chair January 2005.

Published byReynold Gerald Johnston Modified over 8 years ago

Similar presentations

Presentation on theme: "Cyber Security Standard Workshop Status of Draft Cyber Security Standards Larry Bugh ECAR Standard Drafting Team Chair January 2005."— Presentation transcript:

1 Cyber Security Standard Workshop Status of Draft Cyber Security Standards Larry Bugh ECAR Standard Drafting Team Chair January 2005

2 2 Agenda for This Session ● Status Update ● Format/Numbering Changes ● Other Major Changes ● Transition from Standard 1200 to new Cyber Security Standards ● Proposed Development Schedule ● Proposed Implementation Plan

3 3 Status Update ● Draft 1 of standard and FAQ posted Sep. 15 th for public comment ● Webcast conducted Oct. 18th ● Draft 2 of standards and FAQ posted Jan. 17, 2005 for 30 days ● Draft 1 of Proposed Implementation Plan posted Jan. 17, 2005 for 30 days ● Development Highlights posted.

4 4 Agenda for This Session ● Status Update ● Format/Numbering Changes ● Other Major Changes ● Transition from Standard 1200 to new Cyber Security Standards ● Proposed Development Schedule ● Proposed Implementation Plan

5 5 Format/Numbering Changes ● New numbering scheme for NERC Reliability Standards ● New format for NERC Reliability Standards  All requirements together, all measures, etc.  Option to keep 1300 as one standard or separate standards ● Decided to separate by section ● One implementation plan ● Likely ballot as a package

6 6 Format/Numbering Changes New standards as compared to sections in Draft Standard 1300 – Draft 1 Old Section #TopicNew Std # 1301Security Management ControlsCIP-003-1 1302Critical Cyber AssetsCIP-002-1 1303Personnel and TrainingCIP-004-1 1304Electronic SecurityCIP-005-1 1305Physical SecurityCIP-006-1 1306Systems Security ManagementCIP-007-1 1307Incident Reporting and Response Planning CIP-008-1 1308Recovery PlansCIP-009-1

7 7 Agenda for This Session ● Status Update ● Format/Numbering Changes ● Other Major Changes ● Transition from Standard 1200 to new Cyber Security Standards ● Proposed Development Schedule ● Proposed Implementation Plan

8 8 Other Major Changes ● Overall  Applicable entities with no critical cyber assets exempt from CIP- 003-1 through CIP-009-1.  Definitions revised.  Definition for Critical Cyber Asset revised.  Standards do not apply to nuclear facilities. ● CIP-002-1 – Critical Cyber Assets (1302)  Reinforced relationship of critical assets to operations  Modified criteria for generation/generation control  Documentation/Protection of all cyber assets within the ePerimeter ● CIP-003-1 – Security Management Controls (1301)  Moved Change Management requirements from CIP-006-1 to this standard.

9 9 Other Major Changes ● CIP-004-1 – Personnel and Training (1303)  Background Screening" was changed to "Personnel Risk Assessment", based upon several comments, and to be more inclusive in application.  SSN verification was changed to "Identity Verification" to provide for legal variance between the laws in member entity's countries.  The wording "unrestricted access" was changed to "authorized access" throughout for consistency and clarity.  Access revocation and records change requirements under this section were changed throughout to "7 calendar days, and 24 hours for personnel terminated for cause" for flexibility and consistency.  We did not add drug screening to the requirements, despite several comments, due to the complexity and administrative issues associated with that area. Companies are free to pursue measures beyond the Standard, which seeks to set the baseline.

10 10 Other Major Changes (con’t) ● CIP-005-1 – Electronic Security (1304)  Clarified requirement for strong technical and procedural controls for access to perimeter  Technical feasibility caveat added for banners  Fixed inconsistency in levels of non-compliance ● CIP-006-1 – Physical Security (1305)  Requirements section was updated to more clearly define the physical security elements of the Security Plan.  Physical security perimeter requirement was clarified, removing references to assigned security levels, and modifying the four-wall boundary concept.  Updated levels of non-compliance for consistency across all proposed NERC Cyber Security Standards.  CCTV monitoring control was modified to include the point of facility access as a monitoring point.  Manual logging control was modified to include remote verification as a means of ensuring completeness.

11 11 Other Major Changes (con’t) ● CIP-007-1 – Systems Security Management (1306)  Reference to "unattended facilities" was added and a delineation for requirements between "attended" and "unattended" facilities was included in sub-sections where appropriate.  In draft one, for a few sub-sections, requirements were indicated in the measures section. In draft two, this was cleared up and requirements were moved to the requirements section.  Risk based assessment was added to the Security Patch Management section for determining patch applicability.  Review requirements were updated for consistency.  A statement was added to the Retention of System Logs section to indicate the entity is responsible for determining their logging strategy.  Clarified various terms & concepts (i.e., potential vs. known vulnerabilities, end-user accounts, generic account policy)

12 12 Other Major Changes (con’t) ● CIP-008-1 – Incident Reporting and Response Planning (1307)  Combined Incident and Security Incident definitions to create a new definition: Cyber Security Incident  Changed the title to Incident Reporting and Response Planning to better reflect standard scope  Updated introduction paragraph to clarify the requirements of the standard  Updated the Cyber Security Incident Reporting requirement to reflect that the responsible entity is accountable for ensuring that the Electricity Sector Information and Analysis Center (ES ISAC) receives the cyber security incident report  If a cyber security incident occurs and is not reported to the ES ISAC it will now result in level three noncompliance  Includes minor formatting changes to make the requirement, measurement, and non-compliance sections clearer.

13 13 Other Major Changes (con’t) ● CIP-009-1 – Recovery Plans (1308)  The third paragraph was moved to the FAQ as it primarily explained the degree of recovery required in consideration of the expected impact and risk involved.  The requirement to 'post' a recovery contact list was stricken from the Standard. The drafting team agreed with several comments made that posting a contact list is procedural and often unacceptable depending on the situation at that location.  Some grammar, structure and clarification were made in keeping with comments posted.

14 14 Agenda for This Session ● Status Update ● Format/Numbering Changes ● Other Major Changes ● Transition from UA Standard 1200 to new Cyber Security Standards ● Proposed Development Schedule ● Proposed Implementation Plan

15 15 Transition from 1200 – new Cyber Security Standards ● Drafting Team recognizes impact of changes. ● Implementation plan proposes to phase in new requirements. ● 1 st draft of implementation plan posted w/draft 2

16 16 Agenda for This Session ● Status Update ● Format/Numbering Changes ● Other Major Changes ● Transition from Standard 1200 to new Cyber Security Standards ● Proposed Development Schedule ● Proposed Implementation Plan

17 17 Proposed Development Schedule ● Tentative posting/review schedule for CIP-002-1 — CIP-009-1:  Jan 17 - Feb 17Post Draft 2 for a 30-day comment period (abbreviated period).  Feb 2Conduct a Webcast for the Registered Ballot Body  Feb 18 - March 15 Resolve comments on Draft 2 and prepare Draft 3.  March 15 - April 30Post draft 3 for a 45-day comment period  May 1 – May 31Resolve comments on Draft 3 and prepare final draft  June 1 – June 30Post final draft for 30-day review prior to ballot  July 1 – July 31Hold two rounds of balloting (includes time to respond to first ballots cast with negative comments.)  August 1 – 31Post for 30 days prior to BOT adoption into the compliance program (assuming a positive vote by the ballot pool)

18 18 Agenda for This Session ● Status Update ● Format/Numbering Changes ● Other Major Changes ● Transition from Standard 1200 to new Cyber Security Standards ● Proposed Development Schedule ● Proposed Implementation Plan

19 19 Proposed Implementation Plan Sample Compliance Schedule for Standards CIP-002-1 through CIP-009-1 (from Implementation Plan – Draft 1) 1 st Qtr 20061 st Qtr 20072008 & Beyond Requirement Control Center Other Facilities Control Center Other Facilities Control Center Other Facilities Standard CIP-004-1 – Personnel & Training BA & RC R1ACSCAC R2ACSCAC R3ACSCAC R4SC AC Implementation Plan – Draft 1 contains comparable tables for Draft Standards CIP-003-1 through CIP-009-1 AC - Auditably Compliant means the entity meets the full intent of the requirement and can prove compliance to an auditor. SC - Substantially Compliant means an entity has begun the process to become compliant with a requirement, but is not yet Auditably Compliant.

20 20 Contact info: Larry Bugh – ECAR 330.580.8017 larryb@ecar.org http://www.nerc.com/

Download ppt "Cyber Security Standard Workshop Status of Draft Cyber Security Standards Larry Bugh ECAR Standard Drafting Team Chair January 2005."

Similar presentations

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.

Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.
Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)

Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)
1 Compliance Guidance for Initial Compliance Review Dates Lew Folkerth 2Q2010 Webinar June 22, 2010.

1 Compliance Guidance for Initial Compliance Review Dates Lew Folkerth 2Q2010 Webinar June 22, 2010.
Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP 002 - 009 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP 002 - 009.

Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Project 2008-06 Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.
TIA Engineering Manual 6 th Edition Preview and Overview.

TIA Engineering Manual 6 th Edition Preview and Overview.
Bryan J. Carr, PMP, CISA Compliance Auditor, Cyber Security

Bryan J. Carr, PMP, CISA Compliance Auditor, Cyber Security
Information Security Policies and Standards

Information Security Policies and Standards
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
June 6, 2007 TAC Meeting NERC Registration Issues Andrew Gallo, Assistant General Counsel, Litigation and Business Operations ERCOT Legal Dept.

June 6, 2007 TAC Meeting NERC Registration Issues Andrew Gallo, Assistant General Counsel, Litigation and Business Operations ERCOT Legal Dept.
Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.

Critical Infrastructure Protection Update Christine Hasha CIP Compliance Lead Advisor, ERCOT TAC March 27, 2014.
Update in NERC CIP Activities June 5, 2014. 2 Update on CIP-014-1 Update on Revisions to CIP Version 5 –BES Cyber Asset Survey –Implementation Plan Questions.

Update in NERC CIP Activities June 5, Update on CIP Update on Revisions to CIP Version 5 –BES Cyber Asset Survey –Implementation Plan Questions.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Compliance Monitoring Audit Tutorial Version 1.0 April 2013.

Compliance Monitoring Audit Tutorial Version 1.0 April 2013.
Loss Control Program Compliance Audits An overview of the purpose and procedures of program auditing.

Loss Control Program Compliance Audits An overview of the purpose and procedures of program auditing.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
CIP 43 ReliabilityFirst Audit Observations ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Tony Purgar, Sr. Consultant - Compliance.

CIP 43 ReliabilityFirst Audit Observations ReliabilityFirst CIP Webinar Thursday, September 30, 2010 Tony Purgar, Sr. Consultant - Compliance.

Similar presentations

Ads by Google