SlideShare a Scribd company logo

06 CIP-002-5.1 Additional Consideration - 10 13 15

B
Bryan Carr
1 of 26
Download to read offline
CIPUG CIP-002-5.1 Additional Considerations San Diego, CA October 13, 2015 Bryan Carr PMP, CISA, PSP Sr. Compliance Auditor, Cyber Security Western Electricity Coordinating Council
Speaker Intro: Bryan Carr • Joined WECC in August 2012 • a.k.a Dr. TFE (Emeritus) • Former CIP Program Manager • Project manager • 3:37 Marathoner – BQ 3:10 • Donut enthusiast Western Electricity Coordinating Council 2
Agenda • 2015 Audit Recap & Observations • Q&A • Distribution Providers Western Electricity Coordinating Council 3
2015 Audit Recap Slide 4 Western Electricity Coordinating Council • 21 Onsite audits completed – 11 v3 audits – 10 v5 transition audits
2015 Audit Recap - Observations • Many hesitant to leverage NERC v5 transition guidance. • Implementation delays due to interpretations, waiting on Lessons Learned & FAQ. • Entities who regularly reach out to audit team and attend outreach were better prepared. Western Electricity Coordinating Council 5
CIP-002-5.1 Entity Q&A • Sources include email, audit, ERO-wide auditor workshops/distribution lists, etc. • Q&A sanitized to protect the innocent. • All entities appearing in this presentation are fictitious. Any resemblance to real entities, living or dead, is purely coincidental. Western Electricity Coordinating Council 6
Q1 • We plan to associate BCAs (including SPS/RAS) with the operating voltage of the high side of the transformer, as well as any BCA associated with both the high and low side of the transformer (e.g. bank differential relays). Is this a valid approach? Western Electricity Coordinating Council 7
A1 • Protect BCS associated with SPS/RAS at the highest applicable impact rating. • IRC 2.9 may bring in some BCS that would normally be Low into scope as Medium BCS. • Each SPS/RAS BCS should be evaluated independently as you apply the IRC. Western Electricity Coordinating Council 8
Q2 • In counting the number of lines coming into a substation, should a bus bar with a tie-circuit breaker be considered a line? Western Electricity Coordinating Council 9
A2 • Normally a tie bus would not be considered a transmission "line" as it does not typically cross substation boundaries. • If, however, the tie bus in question crosses substation boundaries, a strict interpretation of IRC2.5 would indicate that would qualify as a "line" coming in and/or out of the substation. Western Electricity Coordinating Council 10
Q3 • For jointly owned locations – is documentation required for who is performing the compliance obligations? Slide 11 Western Electricity Coordinating Council
A3 • Yes, if a single entity is responsible for performing the compliance obligations at a jointly owned Facility, that should be clarified in the operating agreement, through a memorandum, or other binding document in which these obligations are clearly defined and assigned to a single party. • Without a binding document defining compliance responsibility, WECC will look to the owner of each applicable BCS to fulfill the compliance obligations. Slide 12 Western Electricity Coordinating Council
Q4 Western Electricity Coordinating Council 13 • We will have only Low Impact BCS under CIP v5, therefore we have nothing to do (no compliance obligations) until April 1, 2017. Is this correct?
A4 • Not quite. CIP-002-5.1 R1 & R2 and CIP-003-6 R3 & R4 must be complete (documented and approved) by April 1, 2016 for ALL applicable entities, including those with only Low Impact BCS. • Low Impact requirements in CIP-003-6 R1.2, R2, Attachment 1 – Sections 1 & 4 must be complete by April 1, 2017. • Low Impact requirements in CIP-003-6 R2 Attachment 3 & 4 must be complete by September 1, 2018. Slide 14 Western Electricity Coordinating Council
Q5 • Should meters be considered BCA? 15 Western Electricity Coordinating Council
A5 • Certain meters may be considered BCA. For example, tie-line (aka interchange) meters providing data for ACE calculations are required to have an update interval of no greater than 6 seconds (BAL-005-0.2b R8), those Cyber Assets come into scope as real-time Cyber Assets that support one or more BROS and should be identified as BCA, grouped into one or more appropriate BCS, and afforded the full protections of the CIPv5 Standards, as applicable, based on the impact rating of their host Facilities. Slide 16 Western Electricity Coordinating Council
Q6 • We were just notified by PEAK that we’re now part of an IROL, which will raise the the impact rating of a couple of our facilities from Low to Medium. The implementation plan allows for 12-24 months, but when does that clock start ticking? Slide 17 Western Electricity Coordinating Council
A6 • The IRC 2.3 and 2.6 Lesson Learned document recently posted on NERC’s website adds an implementation period for Medium BCS identified prior to April 1, 2016, and extends CIP compliance for newly identified BCS under these two IRC by 12-24 months. • The clock starts ticking upon completion of the R1 Assessment following an IRC 2.3 or 2.6 notification, not the date of notification itself. Should such notification occur between now and April 1, 2016, WECC expects re-evaluation of R1 be completed on or before April 1, 2016, at which point the implementation period would begin. Slide 18 Western Electricity Coordinating Council
Q7 • Our low impact substation has a backup EMS server which is part of our High Impact Control Center. The EMS server and Low BCS (protection equipment) are physically located in the same building, but are logically separate. Does this mean the entire facility must be treated as High Impact, or can we separate the two somehow? Slide 19 Western Electricity Coordinating Council
A7 • The impact rating of the facility could remain Low under certain conditions, however the High Impact BCS would need to be afforded all the physical and logical protections specified in the CIP Standards. • Options to consider: 1. Create a separate PSP around just the High Impact BCS. 2. Treat the entire building as a High PSP. Slide 20 Western Electricity Coordinating Council
I’m a DP, is CIP v5 Applicable to Me? • All DPs should implement a CIP-002-5.1 process to evaluate their system to rule out anything that might be applicable under the Impact Rating Criteria [IRC] and Section 4.2.1. • If the DP can demonstrate that NONE of its system are applicable under this section, then they should document the evaluation and its results. • Under an abundance of caution, a best practice would be to document a null list for R1.1, R1.2, and R1.3, then apply its process at least every 15 calendar months to ensure that no systems changed to the extent that they came into scope under Section 4.2.1. Slide 21 Western Electricity Coordinating Council
What if I have a UFLS/UVLS? • If you have an applicable UFLS/UVLS under section 4.2.1 (NERC, 2012 Nov 22, CIP-002- 5.1, p. 1), these BCS should be evaluated as Low-impact under IRC 3.6 and, therefore, the Facilities containing them should be listed as Low-impact BES [R1.3]. • Any specific DP UFLS/UVLS has to meet both conditions of Section 4.2.1.1 to come into scope as Low-impact. Slide 22 Western Electricity Coordinating Council
What About Blackstart Units? • Black-start resources and their associated cranking paths can come into scope under CIPv5 as Low-impact BES Assets under two conditions: – IRC 3.4: Systems and facilities critical to system restoration, including Blackstart Resources and Cranking Paths and initial switching requirements (CIP-002-5.1, p. 16), or – Section 4.1.2.4: Each Cranking Path and group of Elements meeting the initial switching requirements from a Blackstart Resource up to and including the first interconnection point of the starting station service of the next generation unit(s) to be started (CIP-002-5.1, p. 1). • You may have a small non-BES Generation unit and/or cranking path facility that are included in a Restoration plan. Talk to your RC and TOP to make sure that you do not. Slide 23 Western Electricity Coordinating Council
Evaluation Results • A prudent DP will evaluate its systems, at a minimum, against IRC 3.4, 3.6, and Section 4.2.1 and document that it either has no applicable systems or it has provided the appropriate protections to its applicable systems. • A DP with applicable systems that come into scope under CIPv5 will generally have approved null R1.1 and R1.2 lists, and a relatively short R1.3 list. • A DP that does not have applicable systems should have null lists for all three categories. Slide 24 Western Electricity Coordinating Council
Summary • A DP should not just assume it has no applicable systems, implement the R1 process anyway. • This approach is effectively no different from the LSE or other Registered Entity that applied its RBAM every year under CIPv3 to ensure its null lists of CAs and CCAs were still valid. • WECC’s compliance monitoring approach for DPs will seek evidence that the DP implemented the process required by CIP-002-5.1 and documented the results of the evaluation of its systems to demonstrate compliance with the CIPv5 Standards. Slide 25 Western Electricity Coordinating Council
Speaker Contact Information Bryan Carr bcarr@wecc.biz 801-819-7691 Slide 26 Western Electricity Coordinating Council

Recommended

10 - CIP-002-5.1 Medley - Carr
10 - CIP-002-5.1 Medley - Carr10 - CIP-002-5.1 Medley - Carr
10 - CIP-002-5.1 Medley - Carr
Bryan Carr
 
2015 04 16_WECC Open Mic Webinar Slide Deck
2015 04 16_WECC Open Mic Webinar Slide Deck2015 04 16_WECC Open Mic Webinar Slide Deck
2015 04 16_WECC Open Mic Webinar Slide Deck
Bryan Carr
 
R1 142802 highlight from ran#64 for ran1#78 v2
R1 142802 highlight from ran#64 for ran1#78 v2R1 142802 highlight from ran#64 for ran1#78 v2
R1 142802 highlight from ran#64 for ran1#78 v2
yioh
 
Final Proposal
Final ProposalFinal Proposal
Final Proposal
Andrew Milota
 
운영체제론 Ch16
운영체제론 Ch16운영체제론 Ch16
운영체제론 Ch16
Jongmyoung Kim
 
Electrical inspection-checklists
Electrical inspection-checklistsElectrical inspection-checklists
Electrical inspection-checklists
AMIR ABDULYUNUS ABDULMAJID
 
George Gilbert (Bert) Yates resume updated 5 5-16
George Gilbert (Bert) Yates resume updated 5 5-16George Gilbert (Bert) Yates resume updated 5 5-16
George Gilbert (Bert) Yates resume updated 5 5-16
Bert Yates
 
SoftQL - Telecom Triage Services
SoftQL - Telecom Triage Services SoftQL - Telecom Triage Services
SoftQL - Telecom Triage Services
Amar Uppalapati
 

Recommended

10 - CIP-002-5.1 Medley - Carr
10 - CIP-002-5.1 Medley - Carr10 - CIP-002-5.1 Medley - Carr
10 - CIP-002-5.1 Medley - Carr
Bryan Carr
 
2015 04 16_WECC Open Mic Webinar Slide Deck
2015 04 16_WECC Open Mic Webinar Slide Deck2015 04 16_WECC Open Mic Webinar Slide Deck
2015 04 16_WECC Open Mic Webinar Slide Deck
Bryan Carr
 
R1 142802 highlight from ran#64 for ran1#78 v2
R1 142802 highlight from ran#64 for ran1#78 v2R1 142802 highlight from ran#64 for ran1#78 v2
R1 142802 highlight from ran#64 for ran1#78 v2
yioh
 
Final Proposal
Final ProposalFinal Proposal
Final Proposal
Andrew Milota
 
운영체제론 Ch16
운영체제론 Ch16운영체제론 Ch16
운영체제론 Ch16
Jongmyoung Kim
 
Electrical inspection-checklists
Electrical inspection-checklistsElectrical inspection-checklists
Electrical inspection-checklists
AMIR ABDULYUNUS ABDULMAJID
 
George Gilbert (Bert) Yates resume updated 5 5-16
George Gilbert (Bert) Yates resume updated 5 5-16George Gilbert (Bert) Yates resume updated 5 5-16
George Gilbert (Bert) Yates resume updated 5 5-16
Bert Yates
 
SoftQL - Telecom Triage Services
SoftQL - Telecom Triage Services SoftQL - Telecom Triage Services
SoftQL - Telecom Triage Services
Amar Uppalapati
 
Unido_industry-4_final
Unido_industry-4_finalUnido_industry-4_final
Unido_industry-4_final
Nicole Kenton
 
CurbsideCleanUpAppScreenShots
CurbsideCleanUpAppScreenShotsCurbsideCleanUpAppScreenShots
CurbsideCleanUpAppScreenShots
Amy Riley
 
Arquivo 482 22
Arquivo 482 22Arquivo 482 22
Arquivo 482 22
Eliezer Tavares
 
Seguros de tranporte internacional de mercancia
Seguros de tranporte internacional de mercanciaSeguros de tranporte internacional de mercancia
Seguros de tranporte internacional de mercancia
Sergio Puelles
 
Neighborhood App Images
Neighborhood App ImagesNeighborhood App Images
Neighborhood App Images
Amy Riley
 
Stanley J Marek, Jr Resume
Stanley J Marek, Jr ResumeStanley J Marek, Jr Resume
Stanley J Marek, Jr Resume
Marek Stanley
 
GarageSalePacket2016
GarageSalePacket2016GarageSalePacket2016
GarageSalePacket2016
Amy Riley
 
General presentation Luxury Mints 2016 show
General presentation Luxury Mints 2016 showGeneral presentation Luxury Mints 2016 show
General presentation Luxury Mints 2016 show
Konstantin Ruz
 
Heitham Muweis CV1
Heitham Muweis CV1Heitham Muweis CV1
Heitham Muweis CV1
Heitham Muweis
 
Muscular y tegumentario
Muscular y tegumentarioMuscular y tegumentario
Muscular y tegumentario
felipe leal aldea
 
Herramientas informaticas
Herramientas informaticasHerramientas informaticas
Herramientas informaticas
Brayan jarrin
 
catalogo contem1g 2017
catalogo contem1g 2017catalogo contem1g 2017
catalogo contem1g 2017
Eliezer Tavares
 
Presentation_Version 5 Attachment G - Notice of Audit_01-29-15
Presentation_Version 5 Attachment G - Notice of Audit_01-29-15Presentation_Version 5 Attachment G - Notice of Audit_01-29-15
Presentation_Version 5 Attachment G - Notice of Audit_01-29-15
Bryan Carr
 
Alan Bull CTOTF NERC Presentation
Alan Bull CTOTF NERC PresentationAlan Bull CTOTF NERC Presentation
Alan Bull CTOTF NERC Presentation
NAES Corporation
 
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
dma1965
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
EnergySec
 
Seun_slides_icann day
Seun_slides_icann daySeun_slides_icann day
Seun_slides_icann day
AFRINIC
 
Ask the Expert: The Hazardous Waste Generator Improvements Rule
Ask the Expert: The Hazardous Waste Generator Improvements RuleAsk the Expert: The Hazardous Waste Generator Improvements Rule
Ask the Expert: The Hazardous Waste Generator Improvements Rule
Triumvirate Environmental
 
ICC Banking Commission Technical Meeting
ICC Banking Commission Technical MeetingICC Banking Commission Technical Meeting
ICC Banking Commission Technical Meeting
International Chamber of Commerce - ICC
 
Grid code
Grid codeGrid code
Grid code
NAVEENGEHLOT5
 
The Hazardous Waste Generator Improvements Rule Proposal
The Hazardous Waste Generator Improvements Rule ProposalThe Hazardous Waste Generator Improvements Rule Proposal
The Hazardous Waste Generator Improvements Rule Proposal
Triumvirate Environmental
 
So just-what-rule
So just-what-ruleSo just-what-rule
So just-what-rule
Mike Beck
 

More Related Content

Viewers also liked

Unido_industry-4_final
Unido_industry-4_finalUnido_industry-4_final
Unido_industry-4_final
Nicole Kenton
 
CurbsideCleanUpAppScreenShots
CurbsideCleanUpAppScreenShotsCurbsideCleanUpAppScreenShots
CurbsideCleanUpAppScreenShots
Amy Riley
 
Neighborhood App Images
Neighborhood App ImagesNeighborhood App Images
Neighborhood App Images
Amy Riley
 
Stanley J Marek, Jr Resume
Stanley J Marek, Jr ResumeStanley J Marek, Jr Resume
Stanley J Marek, Jr Resume
Marek Stanley
 
GarageSalePacket2016
GarageSalePacket2016GarageSalePacket2016
GarageSalePacket2016
Amy Riley
 
General presentation Luxury Mints 2016 show
General presentation Luxury Mints 2016 showGeneral presentation Luxury Mints 2016 show
General presentation Luxury Mints 2016 show
Konstantin Ruz
 
Presentation_Version 5 Attachment G - Notice of Audit_01-29-15
Presentation_Version 5 Attachment G - Notice of Audit_01-29-15Presentation_Version 5 Attachment G - Notice of Audit_01-29-15
Presentation_Version 5 Attachment G - Notice of Audit_01-29-15
Bryan Carr
 

Viewers also liked (13)

Unido_industry-4_final
Unido_industry-4_finalUnido_industry-4_final
Unido_industry-4_final
 
CurbsideCleanUpAppScreenShots
CurbsideCleanUpAppScreenShotsCurbsideCleanUpAppScreenShots
CurbsideCleanUpAppScreenShots
 
Arquivo 482 22
Arquivo 482 22Arquivo 482 22
Arquivo 482 22
 
Seguros de tranporte internacional de mercancia
Seguros de tranporte internacional de mercanciaSeguros de tranporte internacional de mercancia
Seguros de tranporte internacional de mercancia
 
Neighborhood App Images
Neighborhood App ImagesNeighborhood App Images
Neighborhood App Images
 
Stanley J Marek, Jr Resume
Stanley J Marek, Jr ResumeStanley J Marek, Jr Resume
Stanley J Marek, Jr Resume
 
GarageSalePacket2016
GarageSalePacket2016GarageSalePacket2016
GarageSalePacket2016
 
General presentation Luxury Mints 2016 show
General presentation Luxury Mints 2016 showGeneral presentation Luxury Mints 2016 show
General presentation Luxury Mints 2016 show
 
Heitham Muweis CV1
Heitham Muweis CV1Heitham Muweis CV1
Heitham Muweis CV1
 
Muscular y tegumentario
Muscular y tegumentarioMuscular y tegumentario
Muscular y tegumentario
 
Herramientas informaticas
Herramientas informaticasHerramientas informaticas
Herramientas informaticas
 
catalogo contem1g 2017
catalogo contem1g 2017catalogo contem1g 2017
catalogo contem1g 2017
 
Presentation_Version 5 Attachment G - Notice of Audit_01-29-15
Presentation_Version 5 Attachment G - Notice of Audit_01-29-15Presentation_Version 5 Attachment G - Notice of Audit_01-29-15
Presentation_Version 5 Attachment G - Notice of Audit_01-29-15
 

Similar to 06 CIP-002-5.1 Additional Consideration - 10 13 15

So just-what-rule
So just-what-ruleSo just-what-rule
So just-what-rule
Mike Beck
 
EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045
Javier Tallón
 
Aquaculture Facility Rehabilitation - Presentation 04-29-2013
Aquaculture Facility Rehabilitation - Presentation 04-29-2013Aquaculture Facility Rehabilitation - Presentation 04-29-2013
Aquaculture Facility Rehabilitation - Presentation 04-29-2013
David M. Athey, PE
 
PERFORMANCE TOOLS FOR ELECTRIC COOPERATIVES
PERFORMANCE TOOLS FOR ELECTRIC COOPERATIVESPERFORMANCE TOOLS FOR ELECTRIC COOPERATIVES
PERFORMANCE TOOLS FOR ELECTRIC COOPERATIVES
jo bitonio
 

Similar to 06 CIP-002-5.1 Additional Consideration - 10 13 15 (20)

Alan Bull CTOTF NERC Presentation
Alan Bull CTOTF NERC PresentationAlan Bull CTOTF NERC Presentation
Alan Bull CTOTF NERC Presentation
 
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Seun_slides_icann day
Seun_slides_icann daySeun_slides_icann day
Seun_slides_icann day
 
Ask the Expert: The Hazardous Waste Generator Improvements Rule
Ask the Expert: The Hazardous Waste Generator Improvements RuleAsk the Expert: The Hazardous Waste Generator Improvements Rule
Ask the Expert: The Hazardous Waste Generator Improvements Rule
 
ICC Banking Commission Technical Meeting
ICC Banking Commission Technical MeetingICC Banking Commission Technical Meeting
ICC Banking Commission Technical Meeting
 
Grid code
Grid codeGrid code
Grid code
 
The Hazardous Waste Generator Improvements Rule Proposal
The Hazardous Waste Generator Improvements Rule ProposalThe Hazardous Waste Generator Improvements Rule Proposal
The Hazardous Waste Generator Improvements Rule Proposal
 
So just-what-rule
So just-what-ruleSo just-what-rule
So just-what-rule
 
Availing the Net metering facility: impact of BOI's reforms
Availing the Net metering facility: impact of BOI's reformsAvailing the Net metering facility: impact of BOI's reforms
Availing the Net metering facility: impact of BOI's reforms
 
ICC BANKING COMMISSION MIAMI MEETING 2018: Day 2 @ 11:45 E-compatibility of I...
ICC BANKING COMMISSION MIAMI MEETING 2018: Day 2 @ 11:45 E-compatibility of I...ICC BANKING COMMISSION MIAMI MEETING 2018: Day 2 @ 11:45 E-compatibility of I...
ICC BANKING COMMISSION MIAMI MEETING 2018: Day 2 @ 11:45 E-compatibility of I...
 
Intellibind Top Ten Most Violated Standards Presentation 2011 01 27 (F)
Intellibind Top Ten Most Violated Standards Presentation 2011 01 27 (F)Intellibind Top Ten Most Violated Standards Presentation 2011 01 27 (F)
Intellibind Top Ten Most Violated Standards Presentation 2011 01 27 (F)
 
IEGC_PPT_SLDC.ppt
IEGC_PPT_SLDC.pptIEGC_PPT_SLDC.ppt
IEGC_PPT_SLDC.ppt
 
EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045EUCA22 - Patch Management ISO_IEC 15408 & 18045
EUCA22 - Patch Management ISO_IEC 15408 & 18045
 
SLAs the heart of Outsourcing
SLAs the heart of OutsourcingSLAs the heart of Outsourcing
SLAs the heart of Outsourcing
 
Amendments To O Reg 153 04
Amendments To O Reg 153 04Amendments To O Reg 153 04
Amendments To O Reg 153 04
 
Aquaculture Facility Rehabilitation - Presentation 04-29-2013
Aquaculture Facility Rehabilitation - Presentation 04-29-2013Aquaculture Facility Rehabilitation - Presentation 04-29-2013
Aquaculture Facility Rehabilitation - Presentation 04-29-2013
 
PERFORMANCE TOOLS FOR ELECTRIC COOPERATIVES
PERFORMANCE TOOLS FOR ELECTRIC COOPERATIVESPERFORMANCE TOOLS FOR ELECTRIC COOPERATIVES
PERFORMANCE TOOLS FOR ELECTRIC COOPERATIVES
 
Importance of the NERC PRC-005 Standard - Challenges and Audit Tips
Importance of the NERC PRC-005 Standard - Challenges and Audit TipsImportance of the NERC PRC-005 Standard - Challenges and Audit Tips
Importance of the NERC PRC-005 Standard - Challenges and Audit Tips
 
Calgary Oil & Gas Regulatory and Standards Day January 18th 2023
Calgary Oil & Gas Regulatory and Standards Day January 18th 2023Calgary Oil & Gas Regulatory and Standards Day January 18th 2023
Calgary Oil & Gas Regulatory and Standards Day January 18th 2023
 

06 CIP-002-5.1 Additional Consideration - 10 13 15

  • 1. CIPUG CIP-002-5.1 Additional Considerations San Diego, CA October 13, 2015 Bryan Carr PMP, CISA, PSP Sr. Compliance Auditor, Cyber Security Western Electricity Coordinating Council
  • 2. Speaker Intro: Bryan Carr • Joined WECC in August 2012 • a.k.a Dr. TFE (Emeritus) • Former CIP Program Manager • Project manager • 3:37 Marathoner – BQ 3:10 • Donut enthusiast Western Electricity Coordinating Council 2
  • 3. Agenda • 2015 Audit Recap & Observations • Q&A • Distribution Providers Western Electricity Coordinating Council 3
  • 4. 2015 Audit Recap Slide 4 Western Electricity Coordinating Council • 21 Onsite audits completed – 11 v3 audits – 10 v5 transition audits
  • 5. 2015 Audit Recap - Observations • Many hesitant to leverage NERC v5 transition guidance. • Implementation delays due to interpretations, waiting on Lessons Learned & FAQ. • Entities who regularly reach out to audit team and attend outreach were better prepared. Western Electricity Coordinating Council 5
  • 6. CIP-002-5.1 Entity Q&A • Sources include email, audit, ERO-wide auditor workshops/distribution lists, etc. • Q&A sanitized to protect the innocent. • All entities appearing in this presentation are fictitious. Any resemblance to real entities, living or dead, is purely coincidental. Western Electricity Coordinating Council 6
  • 7. Q1 • We plan to associate BCAs (including SPS/RAS) with the operating voltage of the high side of the transformer, as well as any BCA associated with both the high and low side of the transformer (e.g. bank differential relays). Is this a valid approach? Western Electricity Coordinating Council 7
  • 8. A1 • Protect BCS associated with SPS/RAS at the highest applicable impact rating. • IRC 2.9 may bring in some BCS that would normally be Low into scope as Medium BCS. • Each SPS/RAS BCS should be evaluated independently as you apply the IRC. Western Electricity Coordinating Council 8
  • 9. Q2 • In counting the number of lines coming into a substation, should a bus bar with a tie-circuit breaker be considered a line? Western Electricity Coordinating Council 9
  • 10. A2 • Normally a tie bus would not be considered a transmission "line" as it does not typically cross substation boundaries. • If, however, the tie bus in question crosses substation boundaries, a strict interpretation of IRC2.5 would indicate that would qualify as a "line" coming in and/or out of the substation. Western Electricity Coordinating Council 10
  • 11. Q3 • For jointly owned locations – is documentation required for who is performing the compliance obligations? Slide 11 Western Electricity Coordinating Council
  • 12. A3 • Yes, if a single entity is responsible for performing the compliance obligations at a jointly owned Facility, that should be clarified in the operating agreement, through a memorandum, or other binding document in which these obligations are clearly defined and assigned to a single party. • Without a binding document defining compliance responsibility, WECC will look to the owner of each applicable BCS to fulfill the compliance obligations. Slide 12 Western Electricity Coordinating Council
  • 13. Q4 Western Electricity Coordinating Council 13 • We will have only Low Impact BCS under CIP v5, therefore we have nothing to do (no compliance obligations) until April 1, 2017. Is this correct?
  • 14. A4 • Not quite. CIP-002-5.1 R1 & R2 and CIP-003-6 R3 & R4 must be complete (documented and approved) by April 1, 2016 for ALL applicable entities, including those with only Low Impact BCS. • Low Impact requirements in CIP-003-6 R1.2, R2, Attachment 1 – Sections 1 & 4 must be complete by April 1, 2017. • Low Impact requirements in CIP-003-6 R2 Attachment 3 & 4 must be complete by September 1, 2018. Slide 14 Western Electricity Coordinating Council
  • 15. Q5 • Should meters be considered BCA? 15 Western Electricity Coordinating Council
  • 16. A5 • Certain meters may be considered BCA. For example, tie-line (aka interchange) meters providing data for ACE calculations are required to have an update interval of no greater than 6 seconds (BAL-005-0.2b R8), those Cyber Assets come into scope as real-time Cyber Assets that support one or more BROS and should be identified as BCA, grouped into one or more appropriate BCS, and afforded the full protections of the CIPv5 Standards, as applicable, based on the impact rating of their host Facilities. Slide 16 Western Electricity Coordinating Council
  • 17. Q6 • We were just notified by PEAK that we’re now part of an IROL, which will raise the the impact rating of a couple of our facilities from Low to Medium. The implementation plan allows for 12-24 months, but when does that clock start ticking? Slide 17 Western Electricity Coordinating Council
  • 18. A6 • The IRC 2.3 and 2.6 Lesson Learned document recently posted on NERC’s website adds an implementation period for Medium BCS identified prior to April 1, 2016, and extends CIP compliance for newly identified BCS under these two IRC by 12-24 months. • The clock starts ticking upon completion of the R1 Assessment following an IRC 2.3 or 2.6 notification, not the date of notification itself. Should such notification occur between now and April 1, 2016, WECC expects re-evaluation of R1 be completed on or before April 1, 2016, at which point the implementation period would begin. Slide 18 Western Electricity Coordinating Council
  • 19. Q7 • Our low impact substation has a backup EMS server which is part of our High Impact Control Center. The EMS server and Low BCS (protection equipment) are physically located in the same building, but are logically separate. Does this mean the entire facility must be treated as High Impact, or can we separate the two somehow? Slide 19 Western Electricity Coordinating Council
  • 20. A7 • The impact rating of the facility could remain Low under certain conditions, however the High Impact BCS would need to be afforded all the physical and logical protections specified in the CIP Standards. • Options to consider: 1. Create a separate PSP around just the High Impact BCS. 2. Treat the entire building as a High PSP. Slide 20 Western Electricity Coordinating Council
  • 21. I’m a DP, is CIP v5 Applicable to Me? • All DPs should implement a CIP-002-5.1 process to evaluate their system to rule out anything that might be applicable under the Impact Rating Criteria [IRC] and Section 4.2.1. • If the DP can demonstrate that NONE of its system are applicable under this section, then they should document the evaluation and its results. • Under an abundance of caution, a best practice would be to document a null list for R1.1, R1.2, and R1.3, then apply its process at least every 15 calendar months to ensure that no systems changed to the extent that they came into scope under Section 4.2.1. Slide 21 Western Electricity Coordinating Council
  • 22. What if I have a UFLS/UVLS? • If you have an applicable UFLS/UVLS under section 4.2.1 (NERC, 2012 Nov 22, CIP-002- 5.1, p. 1), these BCS should be evaluated as Low-impact under IRC 3.6 and, therefore, the Facilities containing them should be listed as Low-impact BES [R1.3]. • Any specific DP UFLS/UVLS has to meet both conditions of Section 4.2.1.1 to come into scope as Low-impact. Slide 22 Western Electricity Coordinating Council
  • 23. What About Blackstart Units? • Black-start resources and their associated cranking paths can come into scope under CIPv5 as Low-impact BES Assets under two conditions: – IRC 3.4: Systems and facilities critical to system restoration, including Blackstart Resources and Cranking Paths and initial switching requirements (CIP-002-5.1, p. 16), or – Section 4.1.2.4: Each Cranking Path and group of Elements meeting the initial switching requirements from a Blackstart Resource up to and including the first interconnection point of the starting station service of the next generation unit(s) to be started (CIP-002-5.1, p. 1). • You may have a small non-BES Generation unit and/or cranking path facility that are included in a Restoration plan. Talk to your RC and TOP to make sure that you do not. Slide 23 Western Electricity Coordinating Council
  • 24. Evaluation Results • A prudent DP will evaluate its systems, at a minimum, against IRC 3.4, 3.6, and Section 4.2.1 and document that it either has no applicable systems or it has provided the appropriate protections to its applicable systems. • A DP with applicable systems that come into scope under CIPv5 will generally have approved null R1.1 and R1.2 lists, and a relatively short R1.3 list. • A DP that does not have applicable systems should have null lists for all three categories. Slide 24 Western Electricity Coordinating Council
  • 25. Summary • A DP should not just assume it has no applicable systems, implement the R1 process anyway. • This approach is effectively no different from the LSE or other Registered Entity that applied its RBAM every year under CIPv3 to ensure its null lists of CAs and CCAs were still valid. • WECC’s compliance monitoring approach for DPs will seek evidence that the DP implemented the process required by CIP-002-5.1 and documented the results of the evaluation of its systems to demonstrate compliance with the CIPv5 Standards. Slide 25 Western Electricity Coordinating Council
  • 26. Speaker Contact Information Bryan Carr bcarr@wecc.biz 801-819-7691 Slide 26 Western Electricity Coordinating Council