Powering BC
NERC Critical Infrastructure Protection CommitteeSeptember 16, 2014
Jim AttridgeManager, Cyber Security
About BC Hydro
700 kms
1300
km
s
944,700 km2
2
Technology Drivers for BC HydroOur business environment
•Need to deliver clean reliable electricity in safe manner
•Aging assets
•Capital constraints
•Pressure to keep rates low
•Human resource constraints – aging workforce + new skills needed
•Emergence of disruptive technologies
•Challenging energy policies
3
Key Technology Investments
Looking to the Future
Electric vehicle charging stations
Wide-area situational awareness Widely-deployed sensors
Microgrids
4
Cyber Security at BC Hydro - Overview
5
Segregation? That is so 2009!
Cyber Security Challenges at BC Hydro
6
Cyber Security at BC Hydro – Another Challenge
RIP Antivirus Table showing yearly unique malware instances
7
Cyber Security at BC Hydro – Challenge Accepted!
BC Hydro Initiatives Underway
1. Application Control
2. IT/OT Security Reference Architecture
3. Improvements in Real Time Monitoring
8
Thank you and welcome to Vancouver!!
9
NERC CIPC Chair ReportChuck Abell
September 16, 2014
2 RELIABILITY | ACCOUNTABILITY
2014 Efforts & Activities
• Security Technology Awareness Workshop
• Grid Security Conference – San Antonio, TX
• CIP-014-1 Physical Security Standard
• CIP V5 “791” Standards Drafting Team
• CIP V5 Transition Program
• CRISP Program Expansion/Funding
• GridEx III – Team forming / Planning beginning
• CIPC Strategic Plan Bi-annual Update
3 RELIABILITY | ACCOUNTABILITY
CIP Committee Structure
Physical Security Subcommittee(David Grubbs)
Cyber Security Subcommittee
(Marc Child)
Operating Security Subcommittee
(Jim Brenton)
Policy Subcommittee(Nathan Mitchell)
Physical Security WG
(Ross Johnson)
CIPC Executive CommitteeMarc Child Chuck Abell, Chair Melanie SeaderDavid Grubbs Nathan Mitchell, Vice Chair Jack CashinRoss Johnson Jim Brenton, Vice Chair Barry Lawson David Revill Bob Canada, Secretary
Security Training WG
(William Whitney)
Control System Security WG
(Mikhail Flakovich)
Cyber Security AnalysisWG
(Vacant)
ES Information Sharing TF
(Stephen Diebold)
Grid Exercise WG
(Tim Conway)
Cyber Attack Tree TF
(Mark Engels)
BES Security Metrics WG
(James Sample)
Personnel Security Clearance TF
(Nathan Mitchell)
Compliance & Enforcement Input WG
(Paul Crist)
Physical Security Guidelines
WG(John Breckenridge)
Business Continuity Guideline TF
(Darren Meyers)
Critical Infrastructure Protection
Matt Blizard, PEDirector, Critical Infrastructure ProtectionCIPC, VancouverSeptember 16th, 2014
2 RELIABILITY | ACCOUNTABILITY
CIP Updates and Activities
• NERC Updates: o CID/ESISAC Restoration and Recovery (training…)o ES-ISAC – update (CRISP, Cyber IQ, etc.)o CIP v5 transition – “effective and efficient implementation”o CIP v5 revisions, FERC Order 791 - updateo Security Reliability Program (SRP) advancementso Physical Security – CIP-014-1 Implementationo Manager, Physical Security and CIPCo GridEx II lessons learned actions – “address and act upon…”o GridEx III – moving forward…o CIPC – Work Groups and Task Forceso CIPC – Annual Planning
• Activities: GridSecCon 14-17 October 2014, Hyatt Regency, San Antonio, TX GridEx III 18-19 November 2015
3 RELIABILITY | ACCOUNTABILITY
ES-ISAC UpdateCIPCSeptember 16-17, 2014
RELIABILITY | ACCOUNTABILITY2
Portal Upgrades
Under Active Development Since June• Moved to new provider in May• Various platform (OS, etc) upgrades• Custom user provisioning and user authentication system
deployed in August• Impending Cyber Awareness Monitoring pilot
RELIABILITY | ACCOUNTABILITY3
Remaining 2014 Upgrades
Q4 of 2014 Rollout of Industry Rolodex (ESCC asked)
o Emergency POCso IP Space identification
Rollout of Threat Collaborationo Consolidate and target threat information feeds for the user
STIX/TAXII services Piloto Uniform data format for sharing IOCs
Site look and feel will slowly improve as well
RELIABILITY | ACCOUNTABILITY4
Upcoming Events
• GridSecCon CRPA Workshop ES-ISAC Room
• SANS ICS Summit 2015 CRPA Workshop ES-ISAC Room Exposure 2 closure
RELIABILITY | ACCOUNTABILITY5
CRISP Update
We are nearing the finish line….or the starting line!
• This is a very significant effort Huge cross section of industry Nearly $10M program
• Takes the public-private partnership to a new level • Positions this industry to address cybersecurity more
effectively• It’s not just about technology – its about building the
mechanisms for greater collaboration and coordination of effort
RELIABILITY | ACCOUNTABILITY6
CRISP Update Cont’d
• Significant progress Master Services Agreement Complete Finalizing PNNL Contract Statement of Work and Budgets Developed
• Outreach 20 One-on-One Calls with Prospective Participants Targeting 28 Companies by Q1 2015 Good response from across the industry Will only succeed if we get sufficient participation
CIP V3-V5 Transition
Strategic Plan and Tactical ExecutionSeptember 2014Tobias Whitney, Manager of CIP Assurance
RELIABILITY | ACCOUNTABILITY2
Purpose of the Transition Program
Transitioning entities confident in implementation
Vision 2016: smooth transition to CIP Version 5
“Support all entities in the timely, effective, and efficient transition to CIP Version 5”
RELIABILITY | ACCOUNTABILITY3
Responsibilities of the ERO (NERC & Regional Entities)• The purpose of the strategy is to supplement the overall transition program to
validate that communications and tools are delivered and to assure that:1. As of the effective date the registered entities have confidence that what they are doing
is actually compliant and there is confidence that the compliance auditors will perform oversight in a consistent manner.
2. Over 90% of all registered functions have been contacted and provided with tools and resources to assure a successful transition. Specifically focusing on the identification and classification of assets, understanding types and adequacy of evidence, clear understanding of testing methodology.
3. Requisite training is delivered to 100% of compliance auditors for assessing risk, scoping audits, gathering and evaluating evidence, and utilizing defined approved audit approaches.
4. Execute the vision and concepts of the Transition Guidance document.5. Proactively identify and resolve issues that may result in violations prior to formal
compliance monitoring activity.
Goal of the Transition Program
RELIABILITY | ACCOUNTABILITY4
Transition Elements
Continuous Outreach
Compliance and Enforcement
Periodic Guidance
Training
RELIABILITY | ACCOUNTABILITY5
CIP Market Segmentation
Type 1“New High and
Medium”
Large Substation
Mix
No V3 compliance
history
<100 Entities
Type 2“Legacy V3”
Large Substation
Mix
Significant V3 History
<200 Entities
Type 3“Large Entity
w/Low”
Large Substation &
Gen Mix
Significant V3 History
<200 Entities
Type 4“Small Entity
w/Low”
Small Substation &
Gen Mix
No V3 Compliance
History
>1000 Entities
2016 2017
RELIABILITY | ACCOUNTABILITY6
Type 1: Outreach Approach
• NERC will work closely with Regions to identify specific entities impacted by V5 WECC has already identified 27 New V5 entities (for High
and Medium) Less than 100 of these entities ERO-wide
• Targeted SRPs – based on Regional target group Contact each entity individually Organize group specific training for the “newcomers”
• IRA and compliance monitoring planning for these entities will be critical
Type 1“New High and
Medium”
Small-Med Substation
Mix
No V3 compliance
history
<100 Entities
RELIABILITY | ACCOUNTABILITY7
Type 2: Outreach Approach
• Regions are the lead for outreach NERC staff shall support regional outreach activities May accompany V3 audits for discussion re: V5
• Execute Transition Guidance Evaluate entity’s V5 progress Proactively address V5 related questions 50% of time or more should be allocated to
assessing V5 readiness
• Continue Current Outreach Approach CIPC Auditor Training Workshops Regional Workshops
Type 2“Legacy V3”
Large Substation
Mix
Significant V3 History
<200 Entities
RELIABILITY | ACCOUNTABILITY8
Type 3: Outreach Approach
• Monitor SDT efforts closely to determine requirements for Low Impact
• Begin developing RAI-based audit Approach for Lows While lists may not be required, what are methods that could be
used to enable entities to demonstrate their compliance with Low remotely (off-site audit)
Consider guided self-certification forms for annual Low Impact certifications
• Continue Current Outreach Approach Regional Workshops NERC Standards and Compliance Workshops Webinars & SRPs
• Entity type may pose significant risk to BPS reliability due to sheer size and scale
Type 3“Large Entity
w/Low”
Large Substation &
Gen Mix
Significant V3 History
<200 Entities
RELIABILITY | ACCOUNTABILITY9
Type 4: Outreach Approach
• Monitor SDT efforts closely to determine requirements for Low Impact
• Most entities in this group are not well plugged into NERC communications engine thus will require partnering with APPA and NRECA to perform targeted outreach
• Review 693 compliance history to determine and develop RAI profile
• Overwhelming majority of Responsible Entities but individually do not pose a significant BPS risk, but a significant compliance risk.
• Outreach: “ERO Advisory Sessions” in coordination with Trades
• Develop a Compliance Reference guide (ERO Compliance and Enforcement)
Type 4“Small Entity
w/Low”
Small Substation &
Gen Mix
No V3 Compliance
History
>1000 Entities
RELIABILITY | ACCOUNTABILITY10
Transition Guidance Highlights
• CIP Version 5 will be reviewed in the course of audits during the transition period Entities will be able to signal to their RE which Version applies to which
assets Recommendations and Areas of Concern will be used for V5 issues as
opposed to PVs
• Off-site Audits have been postponed until further notice Additional outreach Proactively identify Type 1 entity’s in your region
• Entities may elect to use a V3 RBAM, continue to use the V4 BLC or use the V5 IRC to identify in-scope assets during the transition.
RELIABILITY | ACCOUNTABILITY11
Compliance Monitoring During the Transition Period
RELIABILITY | ACCOUNTABILITY12
Reference Compatibility Tables
http://www.nerc.com/pa/CI/Documents/V3-V5%20Compatibility%20Tables.pdf
RELIABILITY | ACCOUNTABILITY13
• Additional Guidance: Responsible Entities adopting either the CIP V4 Critical Asset Criteria or
the CIP V5 Impact Rating Criteria must adopt the Criteria in their entirety, subject to the caveats documented in the CIP V5 Transition Guidance.
Adoption of either the CIP V4 Critical Asset Criteria or the CIP V5 Impact Rating Criteria should be documented by a Memorandum of Record or other, similar memorialization. A documented RBAM is not required.
Responsible Entities must annually apply the CIP V3 RBAM or alternative CIP V4 or V5 Criteria to derive an updated Critical Asset list.
Critical Asset Identification
RELIABILITY | ACCOUNTABILITY14
• Adoption and application of either the CIP V4 Critical Asset Criteria or the CIP V5 Impact Rating Criteria will result in an updated Critical Asset list. Most existing Critical Assets will continue to be Critical Assets. Some Critical Assets will not satisfy the Criteria and can be immediately
removed from the Critical Asset list. New Critical Assets may be identified as a result of adopting and
applying the Criteria.o Newly identified Critical Assets should be flagged on the updated Critical
Asset list as resulting from applying the CIP V4 Critical Asset Criteria or the CIP V5 Impact Rating Criteria.
Newly Identified Critical Assets
RELIABILITY | ACCOUNTABILITY15
• After updating the Critical Asset list, the performance of CIP-002-3, Requirement R3, will result in an updated Critical Cyber Asset list.
• Any newly identified Critical Cyber Assets associated with a newly identified Critical Asset will not be expected to come into compliance with the CIP V3 Standards. Newly identified Critical Cyber Assets should be flagged on the updated
Critical Cyber Asset list Such Critical Cyber Assets will be taken straight to CIP V5 compliance
per the CIP V5 Implementation Plan.
Updated Critical Cyber Asset List
RELIABILITY | ACCOUNTABILITY16
• After updating the Critical Asset list, the performance of CIP-002-3, Requirement R3, will result in an updated Critical Cyber Asset list.
• Any newly identified Critical Cyber Assets associated with a newly identified Critical Asset will not be expected to come into compliance with the CIP V3 Standards. Newly identified Critical Cyber Assets should be flagged on the updated
Critical Cyber Asset list Such Critical Cyber Assets will be taken straight to CIP V5 compliance
per the CIP V5 Implementation Plan.
Updated Critical Cyber Asset List
RELIABILITY | ACCOUNTABILITY17
• Critical Cyber Assets associated with removed Critical Assets may be immediately removed from the Critical Cyber Asset list. Removed Critical Cyber Assets will immediately come out of the CIP V3
compliance program. Such Cyber Assets will likely come back into the CIP compliance program
under CIP V5 as Low impacting BES Cyber Systems. Resumed compliance under CIP V5 will be pursuant to the CIP V5
Standards Implementation Plan.
Updated Critical Cyber Asset List
RELIABILITY | ACCOUNTABILITY18
• Existing Critical Cyber Assets that remained on the Critical Cyber Asset list after adoption and application of the CIP V4 or V5 Criteria and subsequent performance of CIP-002-3, Requirement R3, shall remain in the CIP V3 compliance program through the Transition Period. No lapse of CIP compliance is permitted. CIP V3 compliance must be maintained subject to the provisions of the
CIP V5 Transition Guidance. Replacement Cyber Assets must be CIP V3 or V5 compliant upon
commissioning.
Updated Critical Cyber Asset List
RELIABILITY | ACCOUNTABILITY19
• Consistent with the CIP V3 Implementation Plan for Newly Identified Critical Cyber Assets and Newly Registered Entitiesand the CIP V5 Implementation Plan, new and upgraded/replaced Critical Cyber Assets resulting from a planned change must be fully compliant upon commissioning. During the Transition Period, compliance may be with either the CIP V3
or CIP V5 standards. Examples include planned replacement of the SCADA/EMS and planned
conversion from a non-routable to a routable protocol in a Transmission substation or generating plant.
Changes to Existing CAs/CCAs
RELIABILITY | ACCOUNTABILITY20
• A planned change that elevates BES Cyber Systems to a higher categorization during the Transition Period must be compliant with the higher impacting CIP V5 requirements by the effective date of the requirement. Example includes a planned increase in generation that results in a
higher categorization of BES Cyber Systems at the Control Center.
• Unplanned changes will need to be compliant by the later of the CIP V5 Standards effective date or the Compliance Implementation date shown in the CIP V5 Implementation Plan Examples include Criteria 2.3 and 2.6 notifications.
Changes to Existing CAs/CCAs
RELIABILITY | ACCOUNTABILITY21
• On-site CIP compliance audits of Responsible Entities registered as Reliability Coordinators, Balancing Authorities, or Transmission Operators, and other Responsible Entities with Critical Cyber Assets will continue through the Transition Period.
• Off-site CIP compliance audits of Responsible Entities with no Critical Cyber Assets (other than Reliability Coordinators, Balancing Authorities, and Transmission Operators) are cancelled through the Transition Period. Self-reports, spot checks, and self-certifications still allowed. Audits of “off-site entities” may resume with CIP V5.
Compliance Monitoring During the Transition Period
RELIABILITY | ACCOUNTABILITY22
• Responsible Entities audited during the Transition Period may choose to be audited against the CIP V3 or CIP V5 Standards. Election made on requirement-by-requirement basis. Election may be made on a site-by-site basis.
• Request for Information will be issued 45 days prior to issuance of the 90-day audit notice (135 days prior to the audit). Regions will issue a spreadsheet with selection options. Entities will have 15 days to respond.
Compliance Monitoring During the Transition Period
RELIABILITY | ACCOUNTABILITY23
Compliance Monitoring During the Transition Period
RELIABILITY | ACCOUNTABILITY24
• At audit, in-scope requirements will be initially evaluated per the Responsible Entity’s selection. If CIP V5 selected and compliance with the V5 language is determined,
the V5 compliance will be viewed as CIP V3 compliant and a “No Finding” will be issued.
If CIP V5 is selected and non-compliance with the V5 language is determined, the audit team will revert back to the CIP V3 language. If V3 compliance is determined, a “No Finding” will be issued.
If neither CIP V3 nor V5 compliance is determined, a “Possible Violation” or “Area of Concern” will be issued.
Compliance Monitoring During the Transition Period
RELIABILITY | ACCOUNTABILITY25
• If a CIP V5 Requirement is selected by the entity, a “Possible Violation” will not be found for any part of the Requirement that is unique to CIP V5. The audit team will conduct outreach to help steer the Responsible
Entity back on course to CIP V5 compliance. An “Area of Concern” may be issued to document the future potential
non-compliance issue.
• Example includes aspects of the annual security training requirements of CIP-004-5, Requirement R2, such as Requirement R2.1.4 (the visitor control program).
Compliance Monitoring During the Transition Period
RELIABILITY | ACCOUNTABILITY26
• While not specified by the CIP V5 Transition Guidance, Responsible Entities selecting the CIP V3 audit option will not eliminate a CIP V5 evaluation opportunity. If the V3 option is selected and non-compliance is determined, the audit
team will determine if the issue of non-compliance would also be a CIP V5 violation.
If CIP V5 has eliminated the non-compliant aspect of the CIP V3 requirement, the audit team will issue an “Area of Concern” and not a “Possible Violation.”o Example includes lack of an Electronic Access Point for non-routable
communications as required by CIP-005-3, Requirement R1.
Compliance Monitoring During the Transition Period
RELIABILITY | ACCOUNTABILITY27
• Mitigation of any Open Enforcement Actions during the Transition Period should focus on achieving full compliance with the “Mostly Compatible” CIP V5 Requirement. This includes violations found prior to the August 12, 2014 release of
the CIP V5 Transition Guidance that have not completed mitigation. Full compliance with the CIP V5 Standards must be achieved by the CIP
V5 effective date. An unmitigated Open Enforcement Action cannot be used to extend the
CIP V5 compliance date.
Compliance Monitoring During the Transition Period
RELIABILITY | ACCOUNTABILITY28
• TFEs are still required for certain CIP V5 Requirements. Existing TFEs carried forward for equivalent CIP V5 Requirements. New TFEs required for CIP V5 Requirements with no equivalent V3
Requirement. TFEs for CIP V3 Requirements with no equivalent V5 Requirement will
be terminated upon the CIP V5 effective date.
• CIP V5 TFEs cannot be submitted before October 1, 2015 to allow time for required portal changes.
Technical Feasibility Exceptions
RELIABILITY | ACCOUNTABILITY29
• TFEs under the CIP V3 Standards with equivalent CIP V5 Requirements (i.e., carry forward).
Technical Feasibility Exceptions
RELIABILITY | ACCOUNTABILITY30
• New CIP V5 TFE-eligible Requirements with no equivalent CIP V3 Requirement (i.e., submit).
Technical Feasibility Exceptions
RELIABILITY | ACCOUNTABILITY31
• CIP V3 TFEs no longer required under CIP V5 (i.e., will be terminated).
Technical Feasibility Exceptions
RELIABILITY | ACCOUNTABILITY32
• What is the Stakeholder Advisory Group? A group that reflect Industry, Regions, SDT and NERC to help build consensus on
industry issues. Prioritizes the development of guidance document to aide the transition.
• How will issues be addressed that identify during the course of an Audit? The Regions are encouraged to send their questions to the CCWG listserv. All draft questions and answers will be tracked and vetted by the Stakeholder
Group.• Are guidance documents enforceable?
Guidance documents and lessons learned are written to support the Standards and can be used to clarify or reinforce the SDT’s intended language.
• Will more training be made available? Yes – NERC and Regions will have 2 CIP auditor seminars between each auditor
workshops.
General Q&A
RELIABILITY | ACCOUNTABILITY33
Resources
RELIABILITY | ACCOUNTABILITY34
CIP Version 5 RevisionsAdditional Comment Period and Ballot OutreachSeptember 2014
Scott Mix, NERC CIP Technical ManagerCIPCSeptember 16-17, 2014
RELIABILITY | ACCOUNTABILITY2
• Development Steps• CIP-003-6 Revisions• CIP-010-2 Revisions• -X Posting• Next Steps
Discussion Topics
RELIABILITY | ACCOUNTABILITY3
• Initial comment period and ballot ended July 16, 2014
• SDT received over 200 pages of comments
• SDT met July 29-31 and August 19-21 to revise the standards based on stakeholder comments
• Latest revisions and consideration of comments posted for additional comment and ballot period Sept 3-Oct 17
Development Steps
Directive Area Standard
Weighted Segment
Vote
Communication Networks
CIP-006-6 76.20%
CIP-007-6 78.35%
Identify, Assess, Correct CIP-009-6 85.29%
Lows Impact Assets CIP-003-6 35.72%
Transient Devices
CIP-004-6 80.71%
CIP-010-2 49.48%
CIP-011-2 82.51%
Definitions 78.52%
RELIABILITY | ACCOUNTABILITY4
• Define external routable protocol path• Security awareness timeframes• More guidance• Inventory implications• Requirement placement
CIP-003-6 Comment Themes
RELIABILITY | ACCOUNTABILITY5
CIP-003-6 New Definitions
• Low Impact BES Cyber System Electronic Access Point (LEAP) A Cyber Asset interface that allows Low Impact External Routable
Connectivity. The Cyber Asset may reside at a location external to the asset or assets containing low impact BES Cyber Systems. The Low Impact BES Cyber System Electronic Access Point is not an Electronic Access Control or Monitoring System.
• Low Impact External Routable Connectivity (LERC) Bi-directional routable communications between low impact BES Cyber
System(s) and Cyber Assets outside the asset containing those low impact BES Cyber System(s). Communication protocols created for Intelligent Electronic Device (IED) to IED communication for protection and/or control functions from assets containing low impact BES Cyber Systems are excluded (examples of this communication include, but are not limited to, IEC 61850 GOOSE or vendor proprietary protocols).
RELIABILITY | ACCOUNTABILITY6
Use Case 1
RELIABILITY | ACCOUNTABILITY7
Use Case 2
RELIABILITY | ACCOUNTABILITY8
Use Case 3
RELIABILITY | ACCOUNTABILITY9
• Requirement R1 now contains a separate requirement part for inclusion of lows topics
• The term policy refers to one or a collection of written documents that are used to communicate the Responsible Entities’ management goals, objectives and expectations for how the Responsible Entity will protect its BES Cyber Systems. The use of policies also establishes an overall governance foundation for creating a culture of security and compliance with laws, regulations, and standards.
CIP-003-6, Requirement R1
RELIABILITY | ACCOUNTABILITY10
• Attachment 1 – Required Elements for Cyber Security Plan(s) for Assets Containing Low Impact BES Cyber Systems
• Attachment 2 – Examples of Evidence for Cyber Security Plan(s) for Assets Containing Low Impact BES Cyber Systems
CIP-003-6, Requirement R2
RELIABILITY | ACCOUNTABILITY11
• Authorization• Inspection• Vendor-managed devices• “Prior to use”• More guidance
CIP-010-2 Comment Themes
RELIABILITY | ACCOUNTABILITY12
CIP-010-2, Requirement R4
• Attachment 1 – Required Elements for Plans for Transient Cyber Assets and Removable Media
• Attachment 2 – Examples of Evidence for Plans for Transient Cyber Assets and Removable Media
RELIABILITY | ACCOUNTABILITY13
-X Posting
• Purpose of the posting is as a practical contingency• -X decouples the IAC and Communication Network revisions
from the Low Impact and Transient Device revisions• Single ballot for the –X package• Approval of the –X standards enables the SDT to meet the
FERC filing deadline of February 3, 2015 should the Lows or Transient Device revisions fail in the second ballot
• All proposed revisions will be subject to final ballot
RELIABILITY | ACCOUNTABILITY14
Next Steps
• Additional comment period – September 3-October 17• Webinar September 19 – 11:30am-1:00pm ET• Ballot period – October 8-17• SDT meeting October 22-24 – ERCOT (Austin, TX)• Targeted final ballot – October 31 – November 10• Targeted NERC BOT meeting to approve revisions – November
13• The SDT appreciates your support
RELIABILITY | ACCOUNTABILITY15
Update on RISC Activities
CIPC Meeting September 16/17, 2014
Jim Brenton CIPC RISC MemberPrincipal, Regional Security Coordinator ERCOT – Electric Reliability Council of Texas
2 RELIABILITY | ACCOUNTABILITY
RISC Mission & Purpose*
• Provides a framework for steering, developing, formalizing, and organizing recommendations to help NERC and the industry effectively focus their resources on the critical issues needed to best improve the reliability of the BPS
• Benefits of the RISC include improved efficiency of the NERC standards program. In some cases, that includes recommending reliability solutions other than the development of new or revised standards and offering high-level stakeholder leadership engagement and input on issues that enter the standards process.
* Per the RISC Charter
3 RELIABILITY | ACCOUNTABILITY
RISC Mission & Purpose*
• Triages and provides front-end, high-level leadership and accountability for nominated issues of strategic importance to bulk power system (BPS) reliability
• Assists the Board, NERC standing committees, NERC staff, regulators, Regional Entities, and industry stakeholders in establishing a common understanding of the scope, priority, and goals for the development of solutions to address these issues
* Per the RISC Charter
4 RELIABILITY | ACCOUNTABILITY
Recent RISC Activity – Jun - Sep
• June Reviewed 2015-2017 DRAFT Reliability Standards Development Plan Initiated Update to RISC Priority Recommendations
• July Reviewed ERO Risk Profiles to inform RISC Priorities
• Aug RISC met with Board of Trustees and Member Representatives
Committee to recap RISC activity. Reviewed work 2014 Risk Profile and Prioritization Review. Finalized RLS planning
• Sep RLS Summit Finalize work on RISC Priority Recommendations
5 RELIABILITY | ACCOUNTABILITY
NERC RLS: Sep 11 in Washington
• Reliability Leadership Summit Focused on Key Strategies to Address BES Reliability Challenges Changing resource mix Integration of renewables and potential generation retirements
and low-cost natural gas and environmental regulations Electricity-gas interdependency Communications during and while recovering from bulk power
system emergencies, and Importance of ES-ISAC and new systems/processes (CRISP)
• Cyber and Physical Security issues were addressed but NOT the focus of discussions as in previous Summits Good/Bad: Too soon to tell, NERC has lot of activities focused on
CPS and there is perception by leadership that all is on track
6 RELIABILITY | ACCOUNTABILITYRELIABILITY | ACCOUNTABILITY
Risk Profiles & Priority Mapping
7 RELIABILITY | ACCOUNTABILITY
Risk Profiles & Priorities
1. Changing Resource Mix (Operational Risks)
2. Cyber Attacks
3. Extreme Physical Events – Acts of Nature
4. Extreme Physical Events – Man Made
5. Failure to Maintain and Manage Assets
6. Generator Unavailability
7. Loss of Situational Awareness
8. Pandemic
8 RELIABILITY | ACCOUNTABILITY
Risk Profiles & Priorities – Cont
9. Poor Human Performance
10. Protection System Failures
11. Regulatory Uncertainty
12. Uncoordinated Planning
13. Poor Event Response / Recovery
14. Poor Resource Planning
9 RELIABILITY | ACCOUNTABILITY
Cyber Attack - High Priority
• NERC CID monitoring current activities and reports to RISC on those efforts, and their support to address this highest priority item.
• NERC CIPC EC met with NERC RISC Staff to review lessons learned from GridEx-2013 into the RISC Priorities and ensure projects support CID activities.
10 RELIABILITY | ACCOUNTABILITY
Future RISC Meetings
• Oct 7 – Conference Call - 9-12 ET• Nov 13 – Atlanta - Post-BOT Meeting - 12:30-2:30 ET• December 2 – Phoenix - RISC Meeting – 8-5 MT
11 RELIABILITY | ACCOUNTABILITY
Questions ?
Electricity Sector Information Sharing Task ForceE
FS
TSIProgress Report
September 2014Stephen Diebold, ChairmanJoe Doetzl, Vice Chairman
3 RELIABILITY | ACCOUNTABILITY
Contents
Charter Task Force Members Mission Statement Timeline Outreach
4 RELIABILITY | ACCOUNTABILITY
Charter
• CIPC approved the ESISTF Charter on August 21, 2014
• ESISTF members recruited August 2014
• ESISTF has started work on its deliverables
5 RELIABILITY | ACCOUNTABILITY
Task Force Members
• Stephen Diebold Chair• Joe Doetzl Vice Chair
• Donald Roberts Core Team• Fred Hintermister Core Team• Orlando Stevenson Core Team• Bob Canada Core Team
• John Breckenridge Secondary Reviewer• Brian Harrell Secondary Reviewer
• Jim Brenton Final Reviewer
6 RELIABILITY | ACCOUNTABILITY
Mission Statement
• Develop a presentation to be used for communicating across industry, especially to cybersecurity and operations personnel, Hydra Team roles and functions.
• Develop a presentation to be used for outreach promoting the ES-ISAC portal use as a central coordination point and reporting tool in crisis.
9 RELIABILITY | ACCOUNTABILITY
TimelineBegin Outreach Program
June CIPC
Select Task Force Members
Approval of ES-ISAC and Hydra Presentation
March CIPC
December CIPC
Charter Approved
September CIPC
CIPC Status Report
September CIPC
Aug ------- 2014
CIPC Status Report
Finalize ES-ISAC Presentation
Finalize Hydra Presentation
Draft of Hydra Presentation
Draft of ES-ISAC Presentation
CIPC Status Report
Begin Work on ES-ISAC Presentation
CIPC Status Report
Begin Work on Hydra Presentation
--
Sep ------- 2015
--
--
Jun ------- 2015
--
--
Mar ------- 2015
--
--
Dec ------ 2014
--
--
Sep ------- 2014
10 RELIABILITY | ACCOUNTABILITY
Outreach
• The ESISTF will schedule a webinar for disseminating the information
• Would like to present at NERC Region meetings• Looking for other opportunities at relevant
electricity sector conferences
ESISTF
ESISTF
Personnel Security Clearance Task Force (PSCTF)Critical Infrastructure Protection CommitteeSeptember 16, 2014
Nathan Mitchell, Chair – Policy Subcommittee
2 RELIABILITY | ACCOUNTABILITY
Executive CommitteeDavid Revill, NRECA Chuck Abell, Chair, Ameren Melanie Seader, EEIDavid Grubbs, ERCOT Nathan Mitchell, Vice Chair, APPA Jack Cashin, EPSARoss Johnson, CEA Jim Brenton, Vice Chair, ERCOT Marc Child, Great River
Bob Canada, Secretary
Physical Security Subcommittee(David Grubbs)
Cyber Security Subcommittee
(Marc Child)
Operating Security Subcommittee
(Jim Brenton)
Policy Subcommittee(Nathan Mitchell)
Physical SecurityWG
(Ross Johnson)
Security Training WG
(William Whitney)
Control System Security WG
(Mikhail Falkovich)
Cyber Security AnalysisWG
(TBD)
ES Information Sharing TF
(Stephen Diebold)
Grid Exercise WG
(Tim Conway)
Cyber Attack Tree TF
(Mark Engels)
BES Security Metrics WG
(James Sample)
Personnel Security Clearance TF
(Nathan Mitchell)
Compliance & Enforcement Input WG
(Paul Crist)
Physical Security Guidelines
WG(John Breckenridge)
September 2014
Business Continuity Guideline TF
(Darren Meyers)
Critical Infrastructure Protection Committee
3 RELIABILITY | ACCOUNTABILITY
Current Activity
• ESCC is coordinating with DHS to develop a handbook on the security clearance process.
• Set to be adopted at the October 8, 2014 ESCC Meeting
• Key Changes: Initial and Annual Security Training Report of Foreign Travel ([email protected]) Termination of Need to Know Deactivation of a clearance
4 RELIABILITY | ACCOUNTABILITY
Current Activity
• Deactivation of a clearance• DHS will deactivate a clearance for any of the
following reasons: Failure to complete annual security refresher training Change in employment (a new DHS Form 9014 must be
submitted to reactivate) Change in Name Change in citizenship No access to classified information for more than one (1)
year
BES Security Metrics WGProgress Report
James W. Sample, ChairRoland Miller, Vice-ChairSeptember 17, 2014
2 RELIABILITY | ACCOUNTABILITY
How we fit in!
3 RELIABILITY | ACCOUNTABILITY
Activities
Previous Update:
• Discussed the outcome of the February workshop and the introduction of macro/micro metrics
• Macro metrics focused primarily on what a Strong Security Posture looks like for the sector
• Micro metrics focused primarily on evidence supporting the macro metrics
• Discussed we were looking into how to leverage ALR by adding security attributes
Activity Since Previous Update:
• Conducted three day workshop at NERC (Aug 6-8)
4 RELIABILITY | ACCOUNTABILITY
Strong Security Posture: Macro Metrics
5 RELIABILITY | ACCOUNTABILITY
Micro Metric:ALR Framework (Lagging)
6 RELIABILITY | ACCOUNTABILITY
Next Steps
• Assimilate data out of workshop
• Determine if we can deliver any metrics to be included in the State of Reliability Report
NERC CIPC Update
Sept. 16-17th, 2014
John Galloway
• CEIWG Conference Calls- August 14th, 2014
Agenda Items1. Update on Virtualization Lessons Learned/Whitepaper
work
2. Draft Review of Lessons Learned for Interactive Remote Access (IRA)
• Participation in Lessons Learned Document Reviews
• Participation in the RAI Advisory Group
• Participation in the V3-V5 Transition Advisory Group
•Meetings• 2nd Thursday of the Month at 1:00 CST
Questions?
Cyber Security Sub-cmteProgress Report
Marc Child, Chair
2 RELIABILITY | ACCOUNTABILITYJune 2013
3 RELIABILITY | ACCOUNTABILITY
CAP – HILF TF Recommendations
1. Geomagnetic Disturbance Task Forcea. Work Product: Interim Report: Effects of Geomagnetic Disturbances in the Bulk Power Systemb. No CIPC Cyber Security Subcommittee items
2. Spare Equipment Database Task Forcea. Work Product: Spare Equipment Database report b. No CIPC Cyber Security Subcommittee items
3. Severe Impact Resilience Task Forcea. Work Product: Severe Impact Resilience: Considerations and Recommendationsb. No CIPC Cyber Security Subcommittee items
4. Cyber Attack Task Forcea. Work Product: Cyber Attack Task Force – Final Reportb. Item 15: Continue developing Attack Tree methodologyc. Item 16: Continue to develop security and operations staff skills to
address increasingly sophisticated cyber threats.d. Item 17: Augment operator training with cyber attack scenarios.
NERC Attack Tree Task Force
September 2014
5 RELIABILITY | ACCOUNTABILITY
CSSWG
• Upcoming Activities Continue working on the document to support the actual
attack trees. Will contain the assumptions and methods used by the team.
Augment the attack trees to incorporate more mitigations and reflect that in the findings to see what changed.
Migrate to next version of Amenaza SecurITree software Provide next update on additional findings in December. Determine when to turn attack trees over to ES-ISAC.
Chair: Mark Engels
Cyber Security Subcommittee
Cyber Security Events Analysis WG
Chair: <open>
7 RELIABILITY | ACCOUNTABILITY
Cyber Security Events Analysis WG
1. Next Stepsa. Obtain a Chair for the working groupb. Continue to liaise with the ES-ISAC, EAS & STWGc. Begin scheduling quarterly calls, emails or portal postings with liaisons d. Continue to develop priorities and establish work plans:
i. Research and recommend activities to improve the security of Bulk Electric System facilities;ii. Develop expertise to liaise and coordinate with the Events Analysis WG;iii. Develop procedures for evaluating malicious events while maintaining entity security; andiv. Work with the CIP Training WG to assist in developing training products that are relevant to
current threat tactics and techniques.
e. Creation of, and approval for, the cyber events analysis process document
Chair: <open>
Cyber Security Subcommittee
Control Systems Security WGChair: Mikhail Falkovich
9 RELIABILITY | ACCOUNTABILITY
CSSWG
Status Charter has been approved First assignment: Business Network
connectivity guidelineo Due Date: 12/31/2014
Solicitation of additional volunteers in progress
Kick-off call scheduled for 9/19/2014 Working with ESISAC to create a
collaboration space on the portal
GridEx II
Lesson Learned #4 Recommendations SummaryAssess the business and operational implications of isolating IT assets during a cyber-event to ensure critical functions can be maintained during a crisis.
10 RELIABILITY | ACCOUNTABILITY
CSSWG
NIST Mapping Project
Requested by the ESCC Map the NIST CSF to CIP v5 and CIP v3
11 RELIABILITY | ACCOUNTABILITY
CSSWG
Task Force Members
Mark Morgan (PNNL) Nadya Bartol (UTC)Cynthia Hill-Watson (TVA) Bill Noto (GE)Christine Hasha (ERCOT) Beth Lemke (WPS)Cliff Glantz (PNNL) Jarrid Hall (CSGI)
NERC Staff: Laura Brown
12 RELIABILITY | ACCOUNTABILITY
CSSWG
Remaining Tasks
Error-check and balance the CIP v5 mappings
Finalize guidance where mapping is not obvious
Convert to CIP v3 Determine final format and publish October completion date
Cyber Security Subcommittee
Questions?
Physical Security WGProgress Report
Ross Johnson, CPP
2 RELIABILITY | ACCOUNTABILITY
How We Fit in
3 RELIABILITY | ACCOUNTABILITY
Security Training WG
PSRGTwo calls held in previous quarter
• Discussed CIP 14-1 requirements related to ERO approval of third-party security contractors
• Brian Harrell discussed recent shooting attacks on electricity infrastructure
4 RELIABILITY | ACCOUNTABILITY
Security Training WG
PortalMuch-improved portal available, but ability to upload
documents is crucial to the activities of the group
5 RELIABILITY | ACCOUNTABILITY
Security Training WG
PSWGWe have been concentrating on the Physical Security
Roundtable Group, but with the portal almost ready it's time to get the Working Group reconstituted. I'm looking for volunteers
6 RELIABILITY | ACCOUNTABILITY
1. Security Management Program2. Security Risk Management3. Information Security Management4. Information Technology/Control Systems Security5. Personnel Security6. Physical Security Measures7. Security Incident Management8. Change Management Process9. Evaluation & Review10.Continuous Improvement
Security Management Program (proposed for discussion)
Based on the Canadian StandardAssociation’s Z246.1-09 Security Management for Petroleum and Natural Gas Industry Systems
6
Security Training WGProgress Report
William Whitney III, ChairDavid Godfrey, Vice Chair
2 RELIABILITY | ACCOUNTABILITY
Security Training WG
1. Chartera. CIPC will provide meeting attendees with an opportunity to participate in
physical, cyber, and operational security training, as well as, educational outreach opportunities.
2. Current MembersBob Canada, David Grubbs, John Breckenridge, David Godfrey, Ross Johnson, Chantel Haswell, Rick Carter, James McQuiggan, Jason Phillips, Nick Santora, David Scott, Ronald Keen, Tim Conway, and William Whitney III
3 RELIABILITY | ACCOUNTABILITY
How We Fit in
4 RELIABILITY | ACCOUNTABILITY
Security Training WG
3. Latest Activitiesa. Conference calls to discuss goals and actions – 2nd Friday each monthb. Working on HILF recommendation to raise operator awareness about cyber
attacks on the grid with SOS and SANS. SANS is currently developing the Operator training.
c. Provided a successful security training webinar to the industrya. 7/17 – Active Shooter Training Webinar (Open Forum) – 161 Registeredb. 9/16 – Cyber Incident Response Planning Workshop – Registered – 54 Registered
d. Working on tasks assigned to us from the GridEx II Lessons Learnede. Now recording webinars and CIPC training events. Working on making
content available online.f. Continuing to compile a list of free training resources available to entities
5 RELIABILITY | ACCOUNTABILITY
Security Training WG
1. Webinar Schedule 2014a. April – Physical Security Programs Panel Webinarb. May – National Labs Physical Security – Risk vs Protection/Costs Webinarc. June – BC Hydro presentation on laser intrusion detectiond. July – Active Shooter webinar with Danny O. Coulsone. August – Skippedf. September – Cyber Incident Response Planning Workshopg. October- TBDh. November- Proposed ES-ISAC Portal Trainingi. December- TBD
6 RELIABILITY | ACCOUNTABILITY
Security Training WG
1. Training Linksa. TEEX - http://www.teex.org/
b. DHS - http://www.dhs.gov/training-programs-infrastructure-partners
c. DOD - http://iase.disa.mil/eta/online-catalog.html
d. FEMA - https://training.fema.gov/IS/
e. DOE - https://ntc.doe.gov/
Have a link for free, quality, training? Please share with us to add to the list.
7 RELIABILITY | ACCOUNTABILITY
Security Training WG
4. Next Stepsa. Continue to expand the list of free on demand training from reputable
agencies and vendorsb. Schedule and prepare future Pre-CIPC training sessions and webinarsc. Work with vendors and/or individuals in the industry to provide specific
training to industrya. This means you and/or your co-workers that have information to share
with the industryd. Continue work with SOS and SANS to compile operator training with cyber
attack scenarios per the HILF recommendations and plan a training date.e. Complete GridEx II Lessons Learned assignments from EC
5. CIPC Actionsa. Concerns and/or suggestions for today’s discussion
NATF Security Practices Group Activity Update
Wayne VanOsdol, NATF Program Manager - Practices
NERC CIPC MeetingSeptember 16-17, 2014
2
Discussion Topics
• Brief NATF Overview
• Cyber Security Project Update: CIP-002 V5 Guide
• Physical Security Project Update: CIP-014-1 R4 & R5
• Modeling / Planning Project Update: CIP-014-1 R1
NATF Membership
Organization types (75 Members)– Investor-owned– State/Municipal– Cooperative– Federal/Provincial– ISO/RTO
Expertise– 3600 subject-matter experts
Coverage (North America Wide)– 85% Peak Demand– 75% 100kV and higher circuits• Membership open to companies that
own/operate 50 circuit miles 100 kV transmission or, operate 24/7 control center
3
NATF Mission, Vision, Approach
Mission Promote excellence in the reliable operation of the electric transmission system
Vision Continuously improve the reliability of the electric transmission system
Approach Pursue reliability and security excellence via: Constructive peer challenge Effective, relevant information sharing
o lessons learned, superior practices, etc.
4
Guiding Principles
Community The complex, interconnected grid requires active collaboration to promote higher levels of reliability, security, and resiliency
Confidentiality Confidentiality promotes open, candid intra-membership dialogue
Candor Direct, objective performance feedback is delivered as a membership norm
Commitment Members’ senior leaders commit to the NATF’s mission of promoting excellence
5
Value Add and Strategic Goals
Value Proposition(s)• Improve transmission
reliability, security, and resilience
• Increase member compliance margin
• Promote efficient use of resources
Strategic Goals1. Increase Industry Impact2. Achieve Results3. Manage Knowledge
Effectively4. Continuously Improve5. Proactively identify and
address emerging issues
6
7
Cyber Security Project Update
CIP-002 V5 Practices Guide
8
CIP-002 V5 Project Update
Other Items To Note:• Tom Galloway (NATF President & CEO) will be
meeting with Gerry Cauley during 4th quarter of 2014 to discuss how the CIP-002 V5 Guide could be shared with a broader audience
• Tom Galloway is having discussions with EPRI, who has requested to receive a copy of the guide
• The CIP-002 V5 Guide Maintenance Oversight Team is responsible for obtaining Use Cases from NATF members throughout the second half of 2014, and for logging information pertaining to any Industry or Regulatory decisions, and adding attachments or addendums to the guide throughout the year
Purpose: • The purpose was to develop a NERC CIP-002
Version 5 Guide for identifying Cyber Assets and defining corresponding BES Cyber Systems for transmission facilities and assets.
Deliverables:• Security CIP-002 V5 Guide became an approved
practice document on July 1, 2014. • New product includes recommendations,
examples, and templates for documenting a program, such as diagrams / flow charts, that will assist in standardizing CIP-002 documentation across the NATF membership.
Physical Security Project Update
CIP-014-1 R4 & R5 Practices Guide
Physical Security Project UpdatePhysical Security Work Group “New Project”: CIP-014-1 R4 & R5 Practices Guide
Purpose & Deliverable: • The purpose of this project is to develop a NERC CIP-014-1 R4 and R5 Reliability Standard guide
that is defensible (but not prescriptive) for conducting evaluations as required in requirement 4, and for developing and implementing a physical security plan as required in requirement 5.
• Complete project by year-end 2014 or early 2015.NERC CIP-014-1:R4 - Conduct evaluation of potential threats and vulnerabilities of a physical attack to stations and primary control centers identified under R1 and verified under R2, and R5- Develop and implement a documented physical security plan.
– Step 1 (completed): Create project scope and timeline – Step 2 (completed): Discussed new project at the August Security Practices Group Core
Team and All-Group meetings– Step 3 (completed): Identify project team participants– Step 4: Schedule meetings and begin work
Modeling / Planning Project Update
CIP-014-1 R1 Assessment Guide
Modeling / Planning Project UpdateModeling / Planning Work Group “New Project”: CIP-014-1 Assessment Guide
Purpose & Deliverable: • The purpose of this project is to develop a general guideline to be used for the risk
assessment identified in R1 of CIP-014-1 “Physical Security”.• Complete project in the fall of 2014
– Step 1: Identify stations to be analyzed based on criteria 4.1.1. – Step 2: Identify cases/system conditions to be analyzed. – Step 3: Define nature of initiating event and how it will be modeled – Step 4: Develop criteria/proxies for widespread instability, uncontrolled separation or
Cascading, based on the engineering knowledge and judgment of the planner performing the actual studies
– Step 5: Perform steady-state power flow analysis– Step 6: Conduct stability simulations, if determined to be required
Thank you!
• Questions?
GridEx IIIGrid Security Exercise
NERC CIPCSeptember 16-17, 2014
RELIABILITY | ACCOUNTABILITY2
What You Need to Know
GridEx III DatesIncreased RC focusRefresh of Working Group
RELIABILITY | ACCOUNTABILITY3
Table Top Exercises
Fire Drill Scavenger Hunt
Simulation
RELIABILITY | ACCOUNTABILITY4
Calendar and Entity Prep
November 18 – 19, 2015Leadership Buy InIdentify Level of Play CapabilityObtain Internal Player / Planer
CommitmentsIdentify Training Needs - CEHParticipate in GridEx Planner /
Player Calls
-
RELIABILITY | ACCOUNTABILITY5
Distributed Play Participation
GridEx 2011 had 420 individual participants compared to GridEx II with 2,000
42
115
19
97
914
6 8
0
20
40
60
80
100
120
140
GridEx 2011 (76) GridEx II (234)
GridEx Participating Organizations Comparison
Utilities
Government/Academia/Other
Reliability Coordinator/Independent System Operator
NERC Regional Entity
RELIABILITY | ACCOUNTABILITY6
Growth
173 % 410 % 376 %Utility Growth Government
GrowthPlayer Growth
Growth from GridEx 2011 to GridEx 2013
We need to mature the exercise model due to increasing participation.
RELIABILITY | ACCOUNTABILITY7
GridEx II Distributed Play
RELIABILITY | ACCOUNTABILITY8
Proposed GridEx III Distributed Play
RELIABILITY | ACCOUNTABILITY9
Grid Reliability during GridEx II
RELIABILITY | ACCOUNTABILITY10
GridEx III Scenario Escalation Timeline
RELIABILITY | ACCOUNTABILITY11
• David London• James P. Miller• Susan Mueller• Cynthia M Peluso• Don Roberts• Edmond Rogers• Jim Rowan• Chris Sawall• Paul Skare• William O. Thompson• Robert D. Canada• Brian M Harrell• Bill Lawrence
GridEx II Working Group
• John Breckenridge• Jim Brenton• Stuart J. Brindley• Bobby Brown• Larry Bugh• Glen Clarkson• Tim Conway• Carl J. Eng• Mark Fabro• Mikhail Falkovich• Greg Goodrich• Scott King
RELIABILITY | ACCOUNTABILITY12
GridEx III Working Group
• Operations
• Cybersecurity
• Physical Security
RELIABILITY | ACCOUNTABILITY13
WorkingGroup
Initial Planning
Phase
Mid-term Planning
Phase
Final Planning
PhaseConduct After
Action
Establish Working Group Members
Establish Mail list
GridExTraining
Initiate outreach
Shape scenario themes
Confirm exercise mechanics
Craft scenario narrative
Develop materials
Confirm participation
Oversee distributed play
Facilitate senior TTX
Capture player actions and findings
Analyze findings and lessons learned
Draft After Action Report and Briefing
Finalize MSEL Conduct
training Distribute
player materials
Set up venue and logistics
CIPC Meeting(December)
IPC(March ?)
MPC(June ?)
FPC(October ?)
Execute GridEx II(November 18-19)
Deliver Final Report
(Q1 2016)
GridEx III Timeline
2014 - 2015
Kick-Off
Confirm goal & objectives
Finalize timeline
Discuss outreach goals/plan
C&O Meeting(February ?)
- 2016
RELIABILITY | ACCOUNTABILITY14
-
Physical Security Implementation
September 16-17, 2014Stephen Crutchfield – NERC Standards
RELIABILITY | ACCOUNTABILITY2
• Background on CIP-014-1, Physical Security Standard FERC Order Summary NOPR Concerns
• Applicability and Requirements• Implementation
Agenda
RELIABILITY | ACCOUNTABILITY3
• On March 7, 2014 – FERC Order: Perform a risk assessment to identify facilities that, if rendered
inoperable or damaged, could result in instability, uncontrolled separation, or cascading failures on the BPS.
Evaluate the potential threats and vulnerabilities to those identified facilities.
Develop and implement a security plan designed to protect against physical attacks to those identified facilities based on the assessment of the potential threats and vulnerabilities to their physical security.
Background
RELIABILITY | ACCOUNTABILITY4
• Additionally, FERC directed that the proposed Standard(s) should also Include confidentiality provisions for sensitive or confidential
information. Include a procedure for a third party to verify the list of identified
facilities and allow the verifying entity, as well as FERC, to add or remove facilities from the list of critical facilities.
Include a procedure for a third party to review the evaluation of threats and vulnerabilities and the security plan.
Require that the identification of the facilities, the assessment of the potential risks and vulnerabilities, and the security plans be periodically reevaluated and revised to ensure their continued effectiveness.
Background
RELIABILITY | ACCOUNTABILITY5
• Overview of Physical Security NOPR July 17, 2014 Proposes to approve CIP-014-1 and NERC to modify the standard in two
respects:o Include a procedure to allow governmental authorities to add or subtract
facilities from an entity’s list of critical facilities.o Remove the term “widespread” from CIP-014-1.
In addition to comments on the proposed directives, FERC is seeking comments on:o Applicability to GOs and GOPs – FERC proposes to approve the applicability
of CIP-014-1 without the inclusion of GOs and GOPs.o Third-Party Recommendations – FERC proposes to approve CIP-014’s
approach to third-party review and verification. Proposes to direct NERC to submit two informational filings addressing
need to include all “High Impact” control centers and addressing resiliency measures that can be taken to maintain the reliable operation following loss of critical facilities.
NOPR
RELIABILITY | ACCOUNTABILITY6
• CIP-014-1 Purpose: “To identify and protect Transmission stations and Transmission substations, and their associated primary control centers, that if rendered inoperable or damaged as a result of a physical attack could result in widespread instability, uncontrolled separation, or Cascading within an Interconnection.”
Overview
RELIABILITY | ACCOUNTABILITY7
• The applicability of proposed CIP-014-1 starts with those Transmission Owners that own Transmission facilities that meet the bright line criteria in Reliability Standard CIP-002-5.1 for a “medium impact” rating.
• The SDT sought to ensure that entities could apply the same set of criteria to assist with identification of facilities under CIP Version 5 and proposed CIP-014-1.
• By application of the requirements, only certain Transmission Operators that are notified under the standard’s Requirement R3 have obligations under the standard.
Applicability
RELIABILITY | ACCOUNTABILITY8
• The first three requirements of CIP-014-1 require Transmission Owners to: Perform risk assessments to identify those Transmission
stations/substations that meet the “medium impact” criteria from CIP-002-5.1, and their associated primary control centers
Arrange for a third party verification of the identifications; and Notify Transmission Operators of identified primary control centers. Periodically repeat the risk assessments Only an entity that owns or operates one or more of the identified
facilities has further obligations in Requirements R4 through R6. If an entity identifies a null set after applying Requirements R1 through
R2, the rest of the standard does not apply.
Requirements R1-R3
RELIABILITY | ACCOUNTABILITY9
• The final three requirements of CIP-014-1 require: The evaluation of potential threats and vulnerabilities of a physical
attack to the facilities identified and verified according to the earlier requirements,
The development and implementation of a security plan(s) designed in response to the evaluation, and
A third party review of the evaluation and security plan(s) (as directed in the order).
Requirements R4-R6
RELIABILITY | ACCOUNTABILITY10
• Critical facility identification must be verified by third party Directed by FERC order Verifier must be PC, TP, RC, or entity with transmission planning
experience Verification may recommend addition/subtraction
• Threat evaluation and security plan must be reviewed by third party Directed by FERC order Reviewer must meet certain experience criteria Review may recommend changes to security plan
Third-party verifications/reviews
RELIABILITY | ACCOUNTABILITY11
• Physical Security Order, Paragraph 10: “…NERC should include in the Reliability Standards a procedure that
will ensure confidential treatment of sensitive or confidential information but still allow for the Commission, NERC and the Regional Entities to review and inspect any information that is needed to ensure compliance with the Reliability Standards.”
Addressed in Requirement R2, Part 2.4 and Requirement R6, Part 6.4.
• CIP-014-1, Section 1.4. Additional Compliance Information Confidentiality: To protect the confidentiality and sensitive nature of
the evidence for demonstrating compliance with this standard, all evidence will be retained at the Transmission Owner’s and Transmission Operator’s facilities.
Confidentiality
RELIABILITY | ACCOUNTABILITY12
• Transmission Owner to identify critical facilities on or before the effective date of CIP-014-1 (6 months following FERC approval)
• Tiered implementation timeline for balance of requirements (within15 months)
• Security Plan implementation may specify timelines for completion of security measures
• ERO to monitor implementation
CIP-014-1 Implementation
RELIABILITY | ACCOUNTABILITY13
CIP-014-1 Implementation Timeline
RELIABILITY | ACCOUNTABILITY14
Information
• NERC Standards Developer, Steve Crutchfield Email at [email protected] Telephone: 609-651-9455
Project Web Page is: http://www.nerc.com/pa/Stand/Pages/Project-2014-04-Physical-Security.aspx CIP-014-1 Standard may be found here:
http://www.nerc.com/_layouts/PrintStandard.aspx?standardnumber=CIP-014-1&title=Physical%20Security&jurisdiction=United%20States
RELIABILITY | ACCOUNTABILITY15
Legislative Update
Critical Infrastructure Protection CommitteeSeptember 16, 2014
Nathan Mitchell, American Public Power Association
2 RELIABILITY | ACCOUNTABILITY
• Cyber Intelligence and Protection Act (CISPA)• To provide for the sharing of certain cyber threat
intelligence and cyber threat information between the intelligence community and cybersecurity entities.
• Passed House on 4/18/2013; Referred to Senate Select Committee on Intelligence
• Mike Rogers (R-MI), Dutch Ruppersberger (D-MD)
HR 624
3 RELIABILITY | ACCOUNTABILITY
• Cybersecurity Information Sharing Act of 2014• To improve cybersecurity in the United States
through enhanced sharing of information about cybersecurity threats.
• Introduced to Senate Select Committee on Intelligence 7/10/2014
• Diane Feinstein (D-CA)
S 2588
4 RELIABILITY | ACCOUNTABILITY
• National Cybersecurity and Critical Infrastructure Protection Act of 2014
• To amend the Homeland Security Act of 2002 to make certain improvements regarding cybersecurity and critical infrastructure protection.
• Passed House on 7/28/2014; Referred to Senate Committee on Homeland Security and Governmental Affairs
• Michael McCaul (R-TX), Bennie Thompson (D-MS)
HR 3696
5 RELIABILITY | ACCOUNTABILITY
• Cybersecurity Act of 2014• To provide for an ongoing, voluntary public-
private partnership to improve cybersecurity, and to strengthen cybersecurity research and development, workforce development and education, and public awareness and preparedness.
• Introduced to Senate Committee on Commerce, Science, and Transportation 7/24/2014
• John Rockefeller (D-WV), John Thune (R-SD)
S 1353
6 RELIABILITY | ACCOUNTABILITY
• The Federal Information Modernization Act• To amend chapter 35 of title 44, United States
Code, to provide for reform to Federal information security.
• Referred to Senate Committee on Homeland Security and governmental Affairs 6/24/2014
• Thomas Carper (D-DE), Tom Coburn (R-OK)
S 2521
7 RELIABILITY | ACCOUNTABILITY
• National Cybersecurity and Communications Integration Act of 2014
• To codify an existing operations center for cybersecurity.
• Referred to Senate Committee on Homeland Security and Governmental Affairs 6/25/2014
• Thomas Carper (D-DE), Tom Coburn (R-OK)
S 2519
8 RELIABILITY | ACCOUNTABILITY
• Critical Infrastructure Research and Development Advancement Act of 2014 (CIRDA Act of 2014)
• To authorize the Secretary of Education to make grants for the establishment of State Networks on Science, Technology, Engineering, and Mathematics Education.
• Passed House 7/28/2014; Referred to Senate Committee on Homeland Security and Governmental Affairs
• Patrick Meehan (R-PA)
HR 2952
9 RELIABILITY | ACCOUNTABILITY
Questions?