Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing the New Reliability Standards Status of Draft Cyber Security Standards CIP-002-1 through CIP-009-1 Larry Bugh ECAR Standard Drafting Team.

Published byAmie Wilkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Implementing the New Reliability Standards Status of Draft Cyber Security Standards CIP-002-1 through CIP-009-1 Larry Bugh ECAR Standard Drafting Team."— Presentation transcript:

1 Implementing the New Reliability Standards Status of Draft Cyber Security Standards CIP-002-1 through CIP-009-1 Larry Bugh ECAR Standard Drafting Team Chair June 1, 2005

2 2 Status Update ● Draft 3 of the standards, updated FAQ, Development Highlights, Draft 2 of the Implementation Plan, and the comment form posted May 9, 2005 for 45 day comment period.  http://www.nerc.com/~filez/standards/Cyber-Security- Permanent.html ● Drafting team responses to Draft 2 comments to be posted soon.

3 3 Significant Changes ● Overall  Definitions revised.  Major review for consistency across the standards.  Two Tech Editors helped with review  Matching Requirements with Measures  Reviewing Levels of Non-Compliance  Consistency with Measures  Consistency across all eight standards

4 4 Significant Changes ● Cyber Security – Critical Cyber Assets – CIP-002-1  The purpose statement has been revised.  Critical Assets in Requirement 1 have been split into Required Critical Assets and Additional Critical Assets.  Requirement for updating Critical Asset/Critical Cyber Asset list has been changed to 90 days from 30 days.  Requirement to list non-critical assets on the same network as critical assets has been removed and the Requirements to protect non-critical assets within the Electronic Security Perimeter have been moved to CIP-005-1.  Requirements for Critical Cyber Assets with dial-up access and not using a routable protocol have been moved to CIP-005-1.

5 5 Significant Changes ● Cyber Security – Critical Cyber Assets – CIP-002-1  Cyber Assets at a substation or generating station using a routable protocol that does not extend through the electronic security perimeter, and without direct dial-up access, will not be identified as Critical Cyber Assets.  The review and approval of the Critical Asset and Critical Cyber Asset lists by a senior manager has been revised to be done annually.  The standard recognizes that a Responsible Entity may determine it has no Critical Assets or Critical Cyber Assets. If such a determination is made, the Responsible Entity must document that determination to show compliance with this standard.

6 6 Significant Changes ● Cyber Security – Security Management Controls – CIP-003-1  Draft 2 incorrectly introduced new Requirements in the Measures section. Draft 3 corrects this error and matches Requirements to Measures.  In response to several comments, titles have been added to all top-level requirements for clarity. The Levels of Non-compliance section has been revised. ● Cyber Security – Personnel and Training – CIP-004-1  Levels of Non-compliance were modified to address issues raised in public comments.

7 7 Significant Changes ● Cyber Security – Electronic Security – CIP-005-1  Requirement R1 been broken into sub-requirements for clarity.  Requirement R1 now also includes a sub-requirement to provide the same Electronic Security Perimeter protections to Cyber Assets used to implement access controls and monitoring of the Electronic Security Perimeter(s).  Requirement R2 from Draft 2 (network ports and services) has been moved as a sub-requirement (R2.1) of an overall Access Control requirements section R2 in Draft 3.  Requirement R3 from Draft 2 (access control for modems) has been moved as a sub-requirement (R2.3) of an overall Access Control requirements section R2 in Draft 3.  The Requirement for strong access controls for external interactive access to the Electronic Security Perimeter has been clarified. References to specific technologies have been removed and are more appropriately addressed in the FAQ.

8 8 Significant Changes ● Cyber Security – Electronic Security – CIP-005-1  For clarity, Requirement R3 includes sub-requirements for reviewing authorized access on a periodic basis where monitoring cannot be implemented or can only be partially implemented.  The requirements for vulnerability assessment of the access points to the Electronic Security Perimeters, originally included in CIP-007-1, have been moved to this standard for consistency.  Corresponding changes to the Measures and Levels of Non- compliance were made.

9 9 Significant Changes ● Cyber Security – Physical Security – CIP-006-1  The Requirement for defining physical access controls of a security cage has been removed.  The access controls for a security cage should be addressed in the physical security plan as a perimeter. ● Cyber Security – Systems Security Management – CIP-007-1  References to attended and unattended facilities have been removed.  Titles for the following Requirements have changed; Account and Password Management changed to Account Management, Operating Status Monitoring Tools changed to Security Status Monitoring, Integrity Software changed to Anti-Virus Software, and Identification of Vulnerabilities and Responses changed to Cyber Vulnerability Assessment.  Requirements for non-critical assets within the Electronic Security Perimeter have been added to this standard.

10 10 Significant Changes ● Cyber Security – Systems Security Management – CIP-007-1  Test Procedures and Account Management Requirements have been broken out into separate sub-requirements.  What constitutes “significant changes” for Test Procedures has been clarified.  The Requirements for Patch Management and Anti-Virus Software have been updated for clarity.  The Requirement for Cyber Vulnerability Assessment was updated to clarify the intent.  The Requirement for Ports and Services was clarified to apply to devices inside the Electronic Security Perimeter (those devices on the Perimeter are addressed in CIP-005.)  A Requirement was added specifying that field devices without electronic access controls shall have physical access controls.  A Requirement for protection of Critical Cyber Assets disposed or redeployed was added.

11 11 Significant Changes ● Cyber Security – Systems Security Management – CIP-007-1  Requirements for Documentation Review and Maintenance were added.  The Measures and Levels of Non-compliance were updated to reflect the updated Requirements.  The stand-alone Requirement for Retention of System Logs was removed and the retention requirement added as a sub- requirement in the appropriate Requirements.  Requirements for Configuration Management were removed from CIP-007 as they are addressed in CIP-003.  The Backup and Recovery requirement was moved to CIP-009.

12 12 Significant Changes ● Cyber Security – Incident Reporting and Response Planning – CIP-008-1  The definition of Cyber Security Incident has been updated to clearly include the Electronic Security Perimeter.  References to “incident” were changed to “Cyber Security Incident” as appropriate.  Testing the Incident Response Plan has been added as a requirement. ● Cyber Security – Recovery Plans – CIP-009-1  Language has been added to address backup of information critical to successful restoration of Critical Cyber Assets.

13 13 Proposed Development Schedule ● Tentative posting/review schedule for CIP-002-1 — CIP-009-1:  May 9 – June 23Post draft 3 for a 45-day comment period  June 1WebEx on Draft 3  June 24 – July 21Resolve comments on Draft 3 and prepare final draft  July 22 – August 21Post final draft for 30-day review prior to ballot  August 22 – Sep. 26Hold two rounds of balloting (includes time to respond to first ballots cast with negative comments.)  Sept 27 – October 26Post for 30 days prior to BOT adoption into the compliance program (assuming a positive vote by the ballot pool)

14 14 Proposed Implementation Plan ● Draft 2 modified to recognize the time necessary to fully implement standards. ● Includes a new phase of implementation referred to as “Begin Work.” ● The Implementation Plan has been divided into three separate tables to recognize three separate groups of Responsible Entities:  Balancing Authorities and Transmission Operators that were required to self- certify compliance to NERC’s Urgent Action Cyber Security Standard 1200 (UA 1200), and Reliability Coordinators;  Transmission Operators and Balancing Authorities that were not required to self- certify compliance to UA Standard 1200, Transmission Providers, and the offices of NERC and the Regional Reliability Organizations.  Interchange Authorities, Transmission Owners, Generator Owners, Generator Operators, and Load-Serving Entities. ● For Responsible Entities in the first two groups, the implementation plan requires Auditable Compliance to all Requirements by second quarter 2009. ● For Responsible Entities in the third group, the implementation plan requires Auditable Compliance to all Requirements within 36 months of the registration to a Functional Model function.

15 15 Proposed Implementation Plan Table 1 Compliance Schedule for Standards CIP-002-1 through CIP-009-1 Balancing Authorities and Transmission Operators Required to Self-certify to UA Standard 1200, and Reliability Coordinators 2ndQtr 20062ndQtr 20072ndQtr 20082ndQtr 2009 Requirement System Control Center Other Facilities System Control Center Other Facilities System Control Center Other Facilities System Control Center Other Facilities Standard CIP-002-1 — Critical Cyber Assets R1SCBWACSCACSCAC R2SCBWACSCACSCAC R3SCBWACSCACSCAC

16 16 Contact info: Larry Bugh – ECAR 330.580.8017 larryb@ecar.org http://www.nerc.com/

Download ppt "Implementing the New Reliability Standards Status of Draft Cyber Security Standards CIP-002-1 through CIP-009-1 Larry Bugh ECAR Standard Drafting Team."

Similar presentations

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.
2004 NERC, NPCC & New England Compliance Programs John Norden Manager, Operations Training, Documentation & Compliance August 31, 2003 RC Meeting.

2004 NERC, NPCC & New England Compliance Programs John Norden Manager, Operations Training, Documentation & Compliance August 31, 2003 RC Meeting.
Federal Energy Regulatory Commission July 20091 Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.

Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
Q1 Q – The data retention period for Standards CIP-002 to CIP-009 versions 2 and 3 state: “The Responsible Entity shall keep all documentation and records.

Q1 Q – The data retention period for Standards CIP-002 to CIP-009 versions 2 and 3 state: “The Responsible Entity shall keep all documentation and records.
PER-005-2.

PER
Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.

Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.
Update in NERC CIP Activities September 4, 2014. 2 Update on CIP-014-1 Update on Revisions to CIP Version 5  -x Posting  v6 Posting Questions Agenda.

Update in NERC CIP Activities September 4, Update on CIP Update on Revisions to CIP Version 5  -x Posting  v6 Posting Questions Agenda.
Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)

Recent NERC Standards Activities RSC – Jan. 5, 2011 NSRS Update Date Meeting Title (optional)
State of Standards and Standards in Development Sean Cavote, Manager of Standards Development WECC Operating Committee Meeting March 26, 2015.

State of Standards and Standards in Development Sean Cavote, Manager of Standards Development WECC Operating Committee Meeting March 26, 2015.
1 Compliance Guidance for Initial Compliance Review Dates Lew Folkerth 2Q2010 Webinar June 22, 2010.

1 Compliance Guidance for Initial Compliance Review Dates Lew Folkerth 2Q2010 Webinar June 22, 2010.
Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP 002 - 009 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP 002 - 009.

Gcpud1 CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst.

Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst.
Cyber Security Plan Implementation Presentation to CMBG Glen Frix, Duke Energy June 20, 2010 1.

Cyber Security Plan Implementation Presentation to CMBG Glen Frix, Duke Energy June 20,
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Project 2008-06 Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.
Information Security Policies and Standards

Information Security Policies and Standards
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Physical Security CIP-014-1 NERC Standing Committees December 9-10, 2014.

Physical Security CIP NERC Standing Committees December 9-10, 2014.

Similar presentations

Ads by Google