The document provides an agenda and materials for a webinar on NERC CIP compliance topics. The agenda includes presentations on CIP-014 third party assessments, NERC compliance registry updates, and an overview of the NERC CIP standards. The materials include information on CIP-014 implementation, the FERC order on risk-based registration, and explanations of some of the key CIP standards such as CIP-002 on categorization, CIP-003 on security management controls, and CIP-005 on electronic security perimeters. Contact information is also provided for follow up questions.
Fourteen (14) years of experience as an Engineer Technical Specialist / QA-QC Senior Inspector.
Specialized in Oil & Gas and Automation system: electric, electronic and instrumentation commodities.
Main roles covered: management of various projects starting from Kick Off Meeting to items delivery.
QEI produces a variety of single-phase and 3-phase capacitor controllers. Using the easy-to-use QEI SmartWare II software, configure the capacitor controllers to switch capacitor banks based on voltage, kVAR, kW, current, temperature, time, day of the week, and power factor.
https://www.qeiinc.com/?page_id=493
Fourteen (14) years of experience as an Engineer Technical Specialist / QA-QC Senior Inspector.
Specialized in Oil & Gas and Automation system: electric, electronic and instrumentation commodities.
Main roles covered: management of various projects starting from Kick Off Meeting to items delivery.
QEI produces a variety of single-phase and 3-phase capacitor controllers. Using the easy-to-use QEI SmartWare II software, configure the capacitor controllers to switch capacitor banks based on voltage, kVAR, kW, current, temperature, time, day of the week, and power factor.
https://www.qeiinc.com/?page_id=493
Bridge inspections using modern technology and robotics to provide quantitative data and bring safer bridges and infrastructure to the traveling public.
Transforming End of Life Care in Acute Hospitals AM Workshop 1: EPaCCS 2020 ‘...NHS Improving Quality
Transforming End of Life Care in Acute Hospitals AM Workshop 1: EPaCCS 2020 ‘Where we are and where we need to be’ presented by Jeri Hawkins, NHS England and Stephen Burrows, Greater Manchester, Lancashire and South Cumbria SCN & Cheshire and Merseyside SCN
This presentation gives insight into the American National Standard Institute, Inc. (ANSI) and specifically the C12.1 group of standards for electric metering. Also discussed is the law in New York State for all things metering in NY State PSC Part 92. This presentation was given at the MEUA Meter School. 03.04.20
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
Regulated entities should consider the RSAW templates when preparing evidence of compliance with the NERC CIP Standards. There are a number of implicit requirements in CIP v5 which an entity needs to fulfill to be compliant, which are not specifically identified in the actual requirements.
In this webinar, our experts will discuss such implicit requirements. Key learning's from this session would be:
RSAW format
Implicit requirements of CIP RSAWs
Leveraging technology for RSAW management
The North American Electric Reliability Corporation (NERC) introduced Critical Infrastructure Protections (CIPs) as mandatory cyber security regulations, intended to protect the bulk electric grid. This compliance guide, updated according to NERC CIP version 4 (applicable as of June 25, 2012), provides an overview of the compliance requirements as well as steps to achieve NERC compliance.
To download a free Nexpose demo, click here:
http://www.rapid7.com/products/nexpose/compare-downloads.jsp
To download a free Metasploit demo, click here:
http://www.rapid7.com/products/metasploit/download.jsp
Intellibind Top Ten Most Violated Standards Presentation 2011 01 27 (F)bluecedars2
This is the presentation made at the WECC CUG meeting in Feburuary 2011 and sponsored by LADWP. This presentation can also be found on the WECC website.
Bridge inspections using modern technology and robotics to provide quantitative data and bring safer bridges and infrastructure to the traveling public.
Transforming End of Life Care in Acute Hospitals AM Workshop 1: EPaCCS 2020 ‘...NHS Improving Quality
Transforming End of Life Care in Acute Hospitals AM Workshop 1: EPaCCS 2020 ‘Where we are and where we need to be’ presented by Jeri Hawkins, NHS England and Stephen Burrows, Greater Manchester, Lancashire and South Cumbria SCN & Cheshire and Merseyside SCN
This presentation gives insight into the American National Standard Institute, Inc. (ANSI) and specifically the C12.1 group of standards for electric metering. Also discussed is the law in New York State for all things metering in NY State PSC Part 92. This presentation was given at the MEUA Meter School. 03.04.20
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
Regulated entities should consider the RSAW templates when preparing evidence of compliance with the NERC CIP Standards. There are a number of implicit requirements in CIP v5 which an entity needs to fulfill to be compliant, which are not specifically identified in the actual requirements.
In this webinar, our experts will discuss such implicit requirements. Key learning's from this session would be:
RSAW format
Implicit requirements of CIP RSAWs
Leveraging technology for RSAW management
The North American Electric Reliability Corporation (NERC) introduced Critical Infrastructure Protections (CIPs) as mandatory cyber security regulations, intended to protect the bulk electric grid. This compliance guide, updated according to NERC CIP version 4 (applicable as of June 25, 2012), provides an overview of the compliance requirements as well as steps to achieve NERC compliance.
To download a free Nexpose demo, click here:
http://www.rapid7.com/products/nexpose/compare-downloads.jsp
To download a free Metasploit demo, click here:
http://www.rapid7.com/products/metasploit/download.jsp
Intellibind Top Ten Most Violated Standards Presentation 2011 01 27 (F)bluecedars2
This is the presentation made at the WECC CUG meeting in Feburuary 2011 and sponsored by LADWP. This presentation can also be found on the WECC website.
The Auditing Standards Board issued an updated Statement on Standards for Attestation Engagements (SSAE 18) effective May 1, 2017. Why the changes? What’s different? Join us to learn more about how these new standards will impact your next SOC review and report.
Importance of the NERC PRC-005 Standard - Challenges and Audit TipsCertrec
A whitepaper from Certrec presenting many of the difficulties involved with the PRC-005 standard and tips to meet those challenges.
To learn how Certrec's regulatory experts can assist you through a NERC audit, visit: https://www.certrec.com
Cisco network ccnp service provider complete presentation ppt with introduction to, it's overview, it's benefits, real life usages, about course and it's certificate, how to prepare for entry test and exam preparation, roles and it's feature, career opportunities, conclusion
Nondestructive Testing and robotic engineering focused on transportation infrastructure. Updating 50 year old manual/subjective inspections with modern technology and robotics. Providing advanced condition assessment reports so asset managers can better allocate assets and make repairs prior to them becoming a danger to the public. By providing more quantitative data, proper maintenance and repairs can help extend the service life of critical infrastructure assets saving billions in untimely repairs and loss of life. Cable Stay Bridges, Suspension Bridges, Pedestrian bridges and more. Turn to Infrastructure Preservation Corporation for your bridge inspection needs. NBI -National Bridge Inventory inspection specialists.
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...EnergySec
Presenters: Robert Landavazo, PNM Resources and Katherine Brocklehurst, Tripwire
With countless hours of work to go, PNM was far from ready for its coming audit in just 18 months. Confidence levels in its existing manual, and incomplete security controls, were at an all-time low; and the visibility into control center environments for quantifying its status and progress towards compliance was immeasurable.
With Tripwire, PNM’s preparation of the looming CIPv3 audit noticeably improved. With efficient reporting and automation, PNM’s now positioned to hold itself accountable for CIP auditable compliance of more than 3,500 explicit and supporting control points, satisfying CIP-002-3, CIP-004-3, CIP-005-3, CIP-007-3 and CIP-009-3. In addition, enhanced visibility and better control gave PNM the ability to effectively communicate meaningful and measurable initiatives to executive teams – resulting in increased support for their funding needs.
In this session, PNM – New Mexico’s largest electricity provider – will share a case study on its journey towards achieving continuous NERC CIP compliance despite a highly limited headcount, how it saved countless hours of labor-intensive manual effort, and the essential role that automation played in its success.
Management techniques and processes are still lagging behind the technology, whilst network infrastructure is constantly evolving to meet increasing data volumes and mission criticality. It is no surprise then that many companies experience unplanned disruption and increasing project lead times – as the increasing complexity often means longer planning cycles.
This webcast explains the practical steps on how to achieve efficient day 3 operational management of your network infrastructure, including real Case Studies where Inflectiontech have been engaged to help customers map their networks and gain discernible benefits.
Benchmarking is comparing one's performance to the industry and peers via same or similar metrics. Benchmarking could also be used to track changes in the performance of the system.
The process typically identifies the reference for benchmarking and compares them with certain targets. The aim is to learn how well the target system performs against the benchmark.
Benchmarking requires a set of specific indicators or indices that are directly comparable; in completely depends on it.
Determining a minimum set of indices that can be used for effective transmission system PQ benchmarking was one of the principal aims of the WG
Similar to 2015 04 16_WECC Open Mic Webinar Slide Deck (20)
2. Agenda
• CIP-014 Third Party Assessments - Bryan Carr
• Registration Update – Brittany Power
• Presentation on CIP Basics – Brent Castagnetto
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
3. CIP-014-1: Updates
Open Webinar
April 16, 2015
Bryan Carr, PMP, CISA, PSP, CBRM, CBRA
Nick Weber, CPP, PSP, CBRM, CBRA
Compliance Auditors
Physical and Cyber Security
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
4. CIP-014-1 Process Overview
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
R1:
Applicability
R2:
Unaffiliated
Review
R3: Notify
Control
Centers
R4: Conduct
Threat and
Vulnerability
Assessment
R5: Develop
a Security
Plan
R6:
Unaffiliated
Review
5. CIP-014-1 Implementation
Less than nine months from effective date to Security Plan completion
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-014-1 Implementation Timeline
Activity Implementation Not Later Than Total
R1 Assessment Effective Date 10/1/2015 0 Days
R2 Verification Effective + 90 12/30/2015 90 Days
R2.3 Address Discrepancies R2.2 + 60 2/28/2016 150 Days
R3 Notify Control Center R2 + 7 1/6/2016 157 Days
R4 Threat and Vulnerability
Evaluation
R2 + 120 6/27/2016 270 Days
R5 Security Plan R2 + 120 6/27/2016 270 Days
R6 Review R5 + 90 9/25/2016 360 Days
R6.3 Address Discrepancies R6.2 + 60 11/24/2016 420 Days
6. CIP-014-1 R1 Risk Assessment
R1: Each Transmission Owner shall perform an initial risk assessment and
subsequent risk assessments of its Transmission stations and Transmission
substations (existing and planned to be in service within 24 months) that
meet the criteria specified in Applicability Section 4.1.1. The initial and
subsequent risk assessments shall consist of a transmission analysis or
transmission analyses designed to identify the Transmission station(s) and
Transmission substation(s) that if rendered inoperable or damaged could
result in instability, uncontrolled separation, or Cascading within an
Interconnection.
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
7. CIP-014-1 R1 Risk Assessment
Three methodologies have been shared with the WECC CIP Audit Team to
date:
• PAC/APS Proposed Methodology
• BPA Methodology
• Peak Reliability Methodology
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
8. CIP-014-1 R1 Risk Assessment
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
10. CIP-014-1 R1 Risk Assessment
Audit Approach Questions:
• Does the methodology define cascading, uncontrolled separation, and
instability with criteria for each?
• Does the methodology effectively determine whether or not loss of the
Station/Substation will result in cascading, uncontrolled separation, or
instability?
The methodologies shared with the WECC CIP Team meet both criteria, but
are not an all-inclusive list of methodologies. Entities are free to develop
their own methodology.
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
11. CIP-014-1 R2/R6 Third Party Reviews
Audit Approach Questions:
• Is the third party unaffiliated and qualified to conduct the review?
• Was the review conducted and documented?
• Did the entity address all reviewer recommendations in accordance with
Part 2.3/Part 6.3?
• Did the entity implement procedures for protecting sensitive or
confidential information?
Entities should focus on the reviewer’s ability to strengthen their program by
providing a unique perspective. The language of the standard sets no
parameters on the depth, rigor, or focal points of the review.
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
12. At Your Service
• PSWG- Get plugged in!
http://www.wecc.biz/committees/StandingCommittees/OC/CIIM
S/PSWG/default.aspx
• Phone call or email away
• We want to help
• Always willing to provide our audit approach
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
13. Contacts
Bryan Carr, PMP, CISA, PSP, CBRM, CBRA
Compliance Auditor, Physical and Cyber Security
Western Electricity Coordinating Council
155 North 400 West, Suite 200
Salt Lake City, UT 84103
(801) 819-7691
bcarr@wecc.biz
Nick Weber, CPP, PSP, CBRM, CBRA
Compliance Auditor, Physical and Cyber Security
Western Electricity Coordinating Council
155 North 400 West, Suite 200
Salt Lake City, UT 84103
(801) 386-6288
nweber@wecc.biz
13
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
15. Current Status
• FERC RBR Order
• Interchange Authority & Purchase-Selling
Entity Functions
• Distribution Provider Function
• UFLS Only Distribution Providers
• Next Steps – Load-Serving Entity Registration
• Next Steps – Changes to Appendix
15
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
16. FERC RBR Order
On March 19, 2015, the Federal Energy
Regulatory Commission (FERC) released Order
150 FERC ¶ 61,213 on Electric Reliability
Organization Risk Based Registration Initiative
and Requiring Compliance Filing (RBR Order).
16
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
17. FERC RBR Order
Under the RBR Order, FERC has approved the
following:
• Modification of the Compliance Registry Criteria
by removing Purchasing-Selling Entities (PSEs)
and Interchange Authorities (IAs) as registered
functions
• Raising the threshold for registering entities as
Distribution Providers (DPs)
• Aligning five functional registration categories to
the definition of Bulk Electric System
17
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
18. IA & PSE Functions
Removal of the IA & PSE Functions will require
no action from entities that are registered under
one of the eliminated functional categories.
18
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
19. Distribution Provider Function
FERC approved the peak load threshold for
Distribution Providers from 25 MW to 75 MW and
the entity’s system must be directly connected to
the BES.
DPs below 75 MW remain eligible for registration if
they own or operate protection systems such as:
• Under Voltage Load Shedding
• Special Protection Systems
• Remedial Action Schemes
• Other Transmission Protection Systems
19
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
20. UFLS Only Distribution Providers
FERC also approved the possibility of a
Distribution Provider registered only for the
reliability functions related to Underfrequency
Load Shedding Protection. FERC directed NERC
to include PRC-005 to this new class of UFLS
Only Distribution Providers.
20
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
21. Next Steps - LSE
In the RBR Order, FERC gave NERC 60 days to
provide a proposal for removing Load-Serving
Entities (LSEs) from the registry criteria with no
reliability gaps.
21
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
22. Next Steps - Changes to Appendix
In order to carry out the FERC order, NERC must
introduce changes to its Rules of Procedure
Section 302.1 and Appendices 5A & 5B.
Comments on the proposed revisions to the
NERC Rules of Procedure are being requested
from industry.
The 45-day comment period began on Monday
April 13, 2015 and ends on Thursday, May 28,
2015.
22
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
24. CIP Basics
Open Webinar
April 16 2015
Brent Castagnetto, Manager Cyber
Security Audits & Investigations
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
25. Agenda
• Introduction
• Acronym Soup
• CIP Standards Overview
• Questions & Answers
25
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
26. Introduction
• Critical Infrastructure Protection (CIP)
– Urgent Action 1200 (2003)
• Voluntary suite of standards and requirements
affording protections to Cyber Assets essential to the
operation of the Bulk Electric System (BES)
– Energy Policy Act of 2005 / Section 215 Federal
Power Act
• Moved daylight savings time up
• Set Federal reliability standards regulating our industry
26
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
27. Why CIP?
• Federal Energy Regulatory Commission (FERC)
Order 706
– FERC designated NERC as the Electric Reliability
Organization (ERO)
– NERC has a delegation agreement with 8 regional
entities
– NERC develops CIP version 1,2,3,4,5… and so on.
27
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
28. 8 Regional Entities
28
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
29. Acronym Soup
• BCA – BES Cyber Asset
• BCS – BES Cyber System
• BES CSI - BES Cyber Security Information
• BROS – BES Reliability Operating Services
• EAP – Electronic Access Point
• EACMS – Electronic Access Control and Monitoring Systems
• ESP – Electronic Security Perimeter
• ERC – External Routable Connectivity
• IRA – Interactive Remote Access
• PACS – Physical Access Control Systems
• PSP – Physical Security Perimeter
• PCA – Protected Cyber Asset
*Not a comprehensive list
29
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
30. CIP v5 Standards
• Most recent set of approved CIP Standards
• Mandatory and Enforceable 4/1/2016
• NERC CIP v5 Transition Guidance provides
entities an opportunity to move to v5 now
30
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
31. Decrypting CIP v5
31
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
32. CIP-002-5-1
• BES Cyber System Categorization
– BES Cyber System (BCS)
• One or more BES Cyber Assets logically grouped
together that perform one or more reliability tasks
• Example: EMS, SCADA
32
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
33. CIP-002-5.1
• BES Reliability Operating Services (BROS)
– Support defining BES Cyber Systems
– See CIP-002-5.1 Attachment 1
• Monitoring & Control
• Restoration of BES
• Situational Awareness
*Not a comprehensive list
33
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
34. CIP-003-6
• Security Management Controls
– Policies that support CIP-004 – CIP-011 Objectives
• Example Personnel & Training, Electronic Security
Controls, Physical Security Controls
– Low Impact Controls (Mandatory & Enforceable
2017)
– Identification of CIP Senior Manager responsible
for entity CIP Compliance Program
34
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
35. CIP-004-6
• Personnel & Training
– Quarterly Security Awareness
– Training
– Personnel Risk Assessment (PRA)
– Access Management
• Logical and physical
35
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
36. CIP-005-5
• Electronic Security Perimeter(s)
– Establishing a logical border around BES Cyber
Assets with routable connectivity
– Access Control , Authentication mechanisms
– Detection of possible malicious communication at
the logical border
– Interactive Remote Access
• Encryption
• Multifactor authentication
36
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
37. CIP-005-5 Interactive Remote Access
37
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
IP-SEC VPN Tunnel:
Access Control via-
ACS, AD, Biometric
RDP From Remote Host
to Corp Host or Jump Host :
Access Control via AD & Biometric
RDP From Corp Host to Jump Host:
Access Control via AD & Biometric
Jump Host to BCA/PCA:
Access Control via AD/local auth
BCA/PCA to Jump Host
Remote User w/
Thumb Reader
Remote User w/
Thumb Reader
Remote User w/
Thumb Reader
Remote User w/
Thumb Reader
38. CIP-006-6
• Physical Security
– Operational and procedural controls to restrict
physical access
– Physical access controls, monitoring of physical
access, alert & alarm
– Pay close attention to the applicable systems
column
– Physical access logging
– Visitor escort procedures
38
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
39. CIP-007-6
• System Security Management
– Ports & Services
• Includes physical ports
– Security Patch Management
• Tracking & evaluation
– Malicious Code Prevention
• Deter, detect or prevent (BES Cyber System Level)
– Security Event Monitoring
• Log and generate alerts for security events
39
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
40. CIP-007-6
• System Security Management
– System Access Control
• Interactive user access authentication
• Account management
– Default, generic, shared accounts
– Password management
40
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
41. CIP-008-5
• Cyber Security Incident Response
– Incident identification / classification
– Reporting to Electricity Sector Information Sharing
& Analysis Center (ES-ISAC)
– Annual testing of the Cyber Security Incident
Response Plan
– Document lessons learned, communication plan
41
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
42. CIP-009-5
• Recovery Plans for BES Cyber Systems
– Develop a recovery plan
– Backup and storage of information used for recovery
– Testing every 15 months
• Recovery from an incident
• Paper drill or table top
• Operational exercise
– Testing every 36 months
• Operational Exercise
• Pay close attention to Applicable Systems column
• High Impact BES Cyber Systems only
– Document lessons learned, update, communicate
42
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
43. CIP-010-2
• Change Management / Vulnerability Assessment
– Baseline Configuration for BES Cyber Systems
– Authorize & document changes within 30 days or
completing the change
– Pay close attention to applicable systems column
– Configuration Monitoring (High Impact BES Cyber
Systems)
– Vulnerability Assessment every 15 months
– Active Vulnerability Assessment every 36 months
• Transient Cyber Assets
– CIP-010-2 Attachments 1 & 2
43
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
44. CIP-011-2
• Cyber Security – Information Protection
– Identification of BES Cyber System Information
– Secure procedures
• Storage, handling, transit, use
– Reuse & Disposal
44
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
45. CIP-014-2
• Physical Security Substations and Transmission
Control Centers
– Identification of facilities via transmission analysis
– Threat and Vulnerability Assessment
– Tactical Security Plan
– Required 3rd party reviews
45
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
46. Upcoming CIP Events
• CIP Low Impact Event
– July 7-8 San Ramon, CA.
• Registration information
46
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
47. Helpful Links
• http://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx
• http://www.ferc.gov/whats-new/comm-meet/2013/112113/E-2.pdf
• http://www.nerc.com/pa/CI/Pages/Transition-Program-V5-Implementation-Study.aspx
• https://www.wecc.biz/TrainingAndEducation/Pages/Compliance.aspx
47
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
48. CIP Subject Matter Experts
48
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
49. Questions
Brent Castagnetto
Manager, Cyber Security Audits and Investigations
bcastagnetto@wecc.biz
49
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
50. Upcoming Events
• WECC Compliance 101 Webinar - May 21, 2015
• WECC CUG/CIPUG Conference – Portland, OR -
June 2 – 4, 2015
• CIP Low Impact Training – San Ramon, CA –
July 7 – 8, 2015
50
W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L