SlideShare a Scribd company logo

2015 04 16_WECC Open Mic Webinar Slide Deck

B
Bryan Carr

The document provides an agenda and materials for a webinar on NERC CIP compliance topics. The agenda includes presentations on CIP-014 third party assessments, NERC compliance registry updates, and an overview of the NERC CIP standards. The materials include information on CIP-014 implementation, the FERC order on risk-based registration, and explanations of some of the key CIP standards such as CIP-002 on categorization, CIP-003 on security management controls, and CIP-005 on electronic security perimeters. Contact information is also provided for follow up questions.

1 of 50
Download to read offline
Compliance Open Webinar Thursday, April 16, 2015
Agenda • CIP-014 Third Party Assessments - Bryan Carr • Registration Update – Brittany Power • Presentation on CIP Basics – Brent Castagnetto W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-014-1: Updates Open Webinar April 16, 2015 Bryan Carr, PMP, CISA, PSP, CBRM, CBRA Nick Weber, CPP, PSP, CBRM, CBRA Compliance Auditors Physical and Cyber Security W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-014-1 Process Overview W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L R1: Applicability R2: Unaffiliated Review R3: Notify Control Centers R4: Conduct Threat and Vulnerability Assessment R5: Develop a Security Plan R6: Unaffiliated Review
CIP-014-1 Implementation Less than nine months from effective date to Security Plan completion W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L CIP-014-1 Implementation Timeline Activity Implementation Not Later Than Total R1 Assessment Effective Date 10/1/2015 0 Days R2 Verification Effective + 90 12/30/2015 90 Days R2.3 Address Discrepancies R2.2 + 60 2/28/2016 150 Days R3 Notify Control Center R2 + 7 1/6/2016 157 Days R4 Threat and Vulnerability Evaluation R2 + 120 6/27/2016 270 Days R5 Security Plan R2 + 120 6/27/2016 270 Days R6 Review R5 + 90 9/25/2016 360 Days R6.3 Address Discrepancies R6.2 + 60 11/24/2016 420 Days
CIP-014-1 R1 Risk Assessment R1: Each Transmission Owner shall perform an initial risk assessment and subsequent risk assessments of its Transmission stations and Transmission substations (existing and planned to be in service within 24 months) that meet the criteria specified in Applicability Section 4.1.1. The initial and subsequent risk assessments shall consist of a transmission analysis or transmission analyses designed to identify the Transmission station(s) and Transmission substation(s) that if rendered inoperable or damaged could result in instability, uncontrolled separation, or Cascading within an Interconnection. W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-014-1 R1 Risk Assessment Three methodologies have been shared with the WECC CIP Audit Team to date: • PAC/APS Proposed Methodology • BPA Methodology • Peak Reliability Methodology W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-014-1 R1 Risk Assessment W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-014-1 R1 Risk Assessment
CIP-014-1 R1 Risk Assessment Audit Approach Questions: • Does the methodology define cascading, uncontrolled separation, and instability with criteria for each? • Does the methodology effectively determine whether or not loss of the Station/Substation will result in cascading, uncontrolled separation, or instability? The methodologies shared with the WECC CIP Team meet both criteria, but are not an all-inclusive list of methodologies. Entities are free to develop their own methodology. W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-014-1 R2/R6 Third Party Reviews Audit Approach Questions: • Is the third party unaffiliated and qualified to conduct the review? • Was the review conducted and documented? • Did the entity address all reviewer recommendations in accordance with Part 2.3/Part 6.3? • Did the entity implement procedures for protecting sensitive or confidential information? Entities should focus on the reviewer’s ability to strengthen their program by providing a unique perspective. The language of the standard sets no parameters on the depth, rigor, or focal points of the review. W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
At Your Service • PSWG- Get plugged in! http://www.wecc.biz/committees/StandingCommittees/OC/CIIM S/PSWG/default.aspx • Phone call or email away • We want to help • Always willing to provide our audit approach W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Contacts Bryan Carr, PMP, CISA, PSP, CBRM, CBRA Compliance Auditor, Physical and Cyber Security Western Electricity Coordinating Council 155 North 400 West, Suite 200 Salt Lake City, UT 84103 (801) 819-7691 bcarr@wecc.biz Nick Weber, CPP, PSP, CBRM, CBRA Compliance Auditor, Physical and Cyber Security Western Electricity Coordinating Council 155 North 400 West, Suite 200 Salt Lake City, UT 84103 (801) 386-6288 nweber@wecc.biz 13 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Registration Update Brittany Power Data Coordinator W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Current Status • FERC RBR Order • Interchange Authority & Purchase-Selling Entity Functions • Distribution Provider Function • UFLS Only Distribution Providers • Next Steps – Load-Serving Entity Registration • Next Steps – Changes to Appendix 15 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
FERC RBR Order On March 19, 2015, the Federal Energy Regulatory Commission (FERC) released Order 150 FERC ¶ 61,213 on Electric Reliability Organization Risk Based Registration Initiative and Requiring Compliance Filing (RBR Order). 16 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
FERC RBR Order Under the RBR Order, FERC has approved the following: • Modification of the Compliance Registry Criteria by removing Purchasing-Selling Entities (PSEs) and Interchange Authorities (IAs) as registered functions • Raising the threshold for registering entities as Distribution Providers (DPs) • Aligning five functional registration categories to the definition of Bulk Electric System 17 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
IA & PSE Functions Removal of the IA & PSE Functions will require no action from entities that are registered under one of the eliminated functional categories. 18 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Distribution Provider Function FERC approved the peak load threshold for Distribution Providers from 25 MW to 75 MW and the entity’s system must be directly connected to the BES. DPs below 75 MW remain eligible for registration if they own or operate protection systems such as: • Under Voltage Load Shedding • Special Protection Systems • Remedial Action Schemes • Other Transmission Protection Systems 19 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
UFLS Only Distribution Providers FERC also approved the possibility of a Distribution Provider registered only for the reliability functions related to Underfrequency Load Shedding Protection. FERC directed NERC to include PRC-005 to this new class of UFLS Only Distribution Providers. 20 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Next Steps - LSE In the RBR Order, FERC gave NERC 60 days to provide a proposal for removing Load-Serving Entities (LSEs) from the registry criteria with no reliability gaps. 21 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Next Steps - Changes to Appendix In order to carry out the FERC order, NERC must introduce changes to its Rules of Procedure Section 302.1 and Appendices 5A & 5B. Comments on the proposed revisions to the NERC Rules of Procedure are being requested from industry. The 45-day comment period began on Monday April 13, 2015 and ends on Thursday, May 28, 2015. 22 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
WECC Support weccsupport@wecc.biz 801-883-6879 or 877-937-9722 23 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP Basics Open Webinar April 16 2015 Brent Castagnetto, Manager Cyber Security Audits & Investigations W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Agenda • Introduction • Acronym Soup • CIP Standards Overview • Questions & Answers 25 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Introduction • Critical Infrastructure Protection (CIP) – Urgent Action 1200 (2003) • Voluntary suite of standards and requirements affording protections to Cyber Assets essential to the operation of the Bulk Electric System (BES) – Energy Policy Act of 2005 / Section 215 Federal Power Act • Moved daylight savings time up • Set Federal reliability standards regulating our industry 26 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Why CIP? • Federal Energy Regulatory Commission (FERC) Order 706 – FERC designated NERC as the Electric Reliability Organization (ERO) – NERC has a delegation agreement with 8 regional entities – NERC develops CIP version 1,2,3,4,5… and so on. 27 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
8 Regional Entities 28 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Acronym Soup • BCA – BES Cyber Asset • BCS – BES Cyber System • BES CSI - BES Cyber Security Information • BROS – BES Reliability Operating Services • EAP – Electronic Access Point • EACMS – Electronic Access Control and Monitoring Systems • ESP – Electronic Security Perimeter • ERC – External Routable Connectivity • IRA – Interactive Remote Access • PACS – Physical Access Control Systems • PSP – Physical Security Perimeter • PCA – Protected Cyber Asset *Not a comprehensive list 29 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP v5 Standards • Most recent set of approved CIP Standards • Mandatory and Enforceable 4/1/2016 • NERC CIP v5 Transition Guidance provides entities an opportunity to move to v5 now 30 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Decrypting CIP v5 31 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-002-5-1 • BES Cyber System Categorization – BES Cyber System (BCS) • One or more BES Cyber Assets logically grouped together that perform one or more reliability tasks • Example: EMS, SCADA 32 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-002-5.1 • BES Reliability Operating Services (BROS) – Support defining BES Cyber Systems – See CIP-002-5.1 Attachment 1 • Monitoring & Control • Restoration of BES • Situational Awareness *Not a comprehensive list 33 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-003-6 • Security Management Controls – Policies that support CIP-004 – CIP-011 Objectives • Example Personnel & Training, Electronic Security Controls, Physical Security Controls – Low Impact Controls (Mandatory & Enforceable 2017) – Identification of CIP Senior Manager responsible for entity CIP Compliance Program 34 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-004-6 • Personnel & Training – Quarterly Security Awareness – Training – Personnel Risk Assessment (PRA) – Access Management • Logical and physical 35 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-005-5 • Electronic Security Perimeter(s) – Establishing a logical border around BES Cyber Assets with routable connectivity – Access Control , Authentication mechanisms – Detection of possible malicious communication at the logical border – Interactive Remote Access • Encryption • Multifactor authentication 36 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-005-5 Interactive Remote Access 37 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L IP-SEC VPN Tunnel: Access Control via- ACS, AD, Biometric RDP From Remote Host to Corp Host or Jump Host : Access Control via AD & Biometric RDP From Corp Host to Jump Host: Access Control via AD & Biometric Jump Host to BCA/PCA: Access Control via AD/local auth BCA/PCA to Jump Host Remote User w/ Thumb Reader Remote User w/ Thumb Reader Remote User w/ Thumb Reader Remote User w/ Thumb Reader
CIP-006-6 • Physical Security – Operational and procedural controls to restrict physical access – Physical access controls, monitoring of physical access, alert & alarm – Pay close attention to the applicable systems column – Physical access logging – Visitor escort procedures 38 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-007-6 • System Security Management – Ports & Services • Includes physical ports – Security Patch Management • Tracking & evaluation – Malicious Code Prevention • Deter, detect or prevent (BES Cyber System Level) – Security Event Monitoring • Log and generate alerts for security events 39 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-007-6 • System Security Management – System Access Control • Interactive user access authentication • Account management – Default, generic, shared accounts – Password management 40 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-008-5 • Cyber Security Incident Response – Incident identification / classification – Reporting to Electricity Sector Information Sharing & Analysis Center (ES-ISAC) – Annual testing of the Cyber Security Incident Response Plan – Document lessons learned, communication plan 41 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-009-5 • Recovery Plans for BES Cyber Systems – Develop a recovery plan – Backup and storage of information used for recovery – Testing every 15 months • Recovery from an incident • Paper drill or table top • Operational exercise – Testing every 36 months • Operational Exercise • Pay close attention to Applicable Systems column • High Impact BES Cyber Systems only – Document lessons learned, update, communicate 42 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-010-2 • Change Management / Vulnerability Assessment – Baseline Configuration for BES Cyber Systems – Authorize & document changes within 30 days or completing the change – Pay close attention to applicable systems column – Configuration Monitoring (High Impact BES Cyber Systems) – Vulnerability Assessment every 15 months – Active Vulnerability Assessment every 36 months • Transient Cyber Assets – CIP-010-2 Attachments 1 & 2 43 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-011-2 • Cyber Security – Information Protection – Identification of BES Cyber System Information – Secure procedures • Storage, handling, transit, use – Reuse & Disposal 44 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP-014-2 • Physical Security Substations and Transmission Control Centers – Identification of facilities via transmission analysis – Threat and Vulnerability Assessment – Tactical Security Plan – Required 3rd party reviews 45 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Upcoming CIP Events • CIP Low Impact Event – July 7-8 San Ramon, CA. • Registration information 46 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Helpful Links • http://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx • http://www.ferc.gov/whats-new/comm-meet/2013/112113/E-2.pdf • http://www.nerc.com/pa/CI/Pages/Transition-Program-V5-Implementation-Study.aspx • https://www.wecc.biz/TrainingAndEducation/Pages/Compliance.aspx 47 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
CIP Subject Matter Experts 48 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Questions Brent Castagnetto Manager, Cyber Security Audits and Investigations bcastagnetto@wecc.biz 49 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
Upcoming Events • WECC Compliance 101 Webinar - May 21, 2015 • WECC CUG/CIPUG Conference – Portland, OR - June 2 – 4, 2015 • CIP Low Impact Training – San Ramon, CA – July 7 – 8, 2015 50 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L

Recommended

06 CIP-002-5.1 Additional Consideration - 10 13 15
06 CIP-002-5.1 Additional Consideration - 10 13 1506 CIP-002-5.1 Additional Consideration - 10 13 15
06 CIP-002-5.1 Additional Consideration - 10 13 15Bryan Carr
 
Electrical inspection-checklists
Electrical inspection-checklistsElectrical inspection-checklists
Electrical inspection-checklists
AMIR ABDULYUNUS ABDULMAJID
 
CV -Ian Marshall 3
CV -Ian Marshall 3CV -Ian Marshall 3
CV -Ian Marshall 3Ian Marshall
 
Moccia cv
Moccia cvMoccia cv
Moccia cv
Marco Francesco Moccia
 
QEI - Capacitor Control
QEI - Capacitor ControlQEI - Capacitor Control
QEI - Capacitor Control
LeePearce18
 
EESS 2018 Day 2 - Mark Spinks
EESS 2018 Day 2 - Mark SpinksEESS 2018 Day 2 - Mark Spinks
EESS 2018 Day 2 - Mark Spinks
NSW Environment and Planning
 
Final Proposal
Final ProposalFinal Proposal
Final ProposalAndrew Milota
 
W(level3) wcdma rno rf optimization-20041217-a-1[1].0
W(level3) wcdma rno rf optimization-20041217-a-1[1].0W(level3) wcdma rno rf optimization-20041217-a-1[1].0
W(level3) wcdma rno rf optimization-20041217-a-1[1].0
Malik Md Nurani
 

Recommended

06 CIP-002-5.1 Additional Consideration - 10 13 15
06 CIP-002-5.1 Additional Consideration - 10 13 1506 CIP-002-5.1 Additional Consideration - 10 13 15
06 CIP-002-5.1 Additional Consideration - 10 13 15Bryan Carr
 
Electrical inspection-checklists
Electrical inspection-checklistsElectrical inspection-checklists
Electrical inspection-checklists
AMIR ABDULYUNUS ABDULMAJID
 
CV -Ian Marshall 3
CV -Ian Marshall 3CV -Ian Marshall 3
CV -Ian Marshall 3Ian Marshall
 
Moccia cv
Moccia cvMoccia cv
Moccia cv
Marco Francesco Moccia
 
QEI - Capacitor Control
QEI - Capacitor ControlQEI - Capacitor Control
QEI - Capacitor Control
LeePearce18
 
EESS 2018 Day 2 - Mark Spinks
EESS 2018 Day 2 - Mark SpinksEESS 2018 Day 2 - Mark Spinks
EESS 2018 Day 2 - Mark Spinks
NSW Environment and Planning
 
Final Proposal
Final ProposalFinal Proposal
Final ProposalAndrew Milota
 
W(level3) wcdma rno rf optimization-20041217-a-1[1].0
W(level3) wcdma rno rf optimization-20041217-a-1[1].0W(level3) wcdma rno rf optimization-20041217-a-1[1].0
W(level3) wcdma rno rf optimization-20041217-a-1[1].0
Malik Md Nurani
 
fpl resume
fpl resumefpl resume
fpl resumeChris Babcock
 
CV-Bokarica
CV-BokaricaCV-Bokarica
CV-BokaricaCvjetko Bokarica
 
JND CV 2016
JND CV 2016JND CV 2016
JND CV 2016Jayanta Narayan Das
 
Ankit updated Resume
Ankit updated ResumeAnkit updated Resume
Ankit updated ResumeAnkit Agarwal
 
Robotic bridge inspection and infrastructure inspections
Robotic bridge inspection and infrastructure inspectionsRobotic bridge inspection and infrastructure inspections
Robotic bridge inspection and infrastructure inspections
Infrastructure Preservation Corporation
 
Raytheon Veteran Open Job List - January 2018
Raytheon Veteran Open Job List - January 2018Raytheon Veteran Open Job List - January 2018
Raytheon Veteran Open Job List - January 2018
Toni Havlik
 
LATEST UPDATED CV OF MR SAJEEV R
LATEST UPDATED CV OF MR SAJEEV RLATEST UPDATED CV OF MR SAJEEV R
LATEST UPDATED CV OF MR SAJEEV Rsajeevrajagopalan nair
 
Transforming End of Life Care in Acute Hospitals AM Workshop 1: EPaCCS 2020 ‘...
Transforming End of Life Care in Acute Hospitals AM Workshop 1: EPaCCS 2020 ‘...Transforming End of Life Care in Acute Hospitals AM Workshop 1: EPaCCS 2020 ‘...
Transforming End of Life Care in Acute Hospitals AM Workshop 1: EPaCCS 2020 ‘...
NHS Improving Quality
 
BuseResumeBinder
BuseResumeBinderBuseResumeBinder
BuseResumeBinderTaylor Buse
 
Azenqos portfolio generic 27112014
Azenqos portfolio generic 27112014Azenqos portfolio generic 27112014
Azenqos portfolio generic 27112014
Don Plooksawasdi
 
Instrument Engineeer
Instrument EngineeerInstrument Engineeer
Instrument EngineeerMoammed Iftekhar
 
Raytheon Veteran Job list - Sept 2017
Raytheon Veteran Job list - Sept 2017Raytheon Veteran Job list - Sept 2017
Raytheon Veteran Job list - Sept 2017
Toni Havlik
 
ANSI C12.1 and NY State PSC Part 92
ANSI C12.1 and NY State PSC Part 92ANSI C12.1 and NY State PSC Part 92
ANSI C12.1 and NY State PSC Part 92
TESCO - The Eastern Specialty Company
 
R1 142802 highlight from ran#64 for ran1#78 v2
R1 142802 highlight from ran#64 for ran1#78 v2R1 142802 highlight from ran#64 for ran1#78 v2
R1 142802 highlight from ran#64 for ran1#78 v2
yioh
 
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
dma1965
 
10 - CIP-002-5.1 Medley - Carr
10 - CIP-002-5.1 Medley - Carr10 - CIP-002-5.1 Medley - Carr
10 - CIP-002-5.1 Medley - CarrBryan Carr
 
Alan Bull CTOTF NERC Presentation
Alan Bull CTOTF NERC PresentationAlan Bull CTOTF NERC Presentation
Alan Bull CTOTF NERC Presentation
NAES Corporation
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
EnergySec
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance Guide
Rapid7
 
Intellibind Top Ten Most Violated Standards Presentation 2011 01 27 (F)
Intellibind Top Ten Most Violated Standards Presentation 2011 01 27 (F)Intellibind Top Ten Most Violated Standards Presentation 2011 01 27 (F)
Intellibind Top Ten Most Violated Standards Presentation 2011 01 27 (F)
bluecedars2
 
Open RAN SRV mid-point review.pdf
Open RAN SRV mid-point review.pdfOpen RAN SRV mid-point review.pdf
Open RAN SRV mid-point review.pdf
Andy Jones
 
360 cellutions casestudy
360 cellutions casestudy360 cellutions casestudy
360 cellutions casestudy360cell
 

More Related Content

What's hot

Ankit updated Resume
Ankit updated ResumeAnkit updated Resume
Ankit updated ResumeAnkit Agarwal
 
Robotic bridge inspection and infrastructure inspections
Robotic bridge inspection and infrastructure inspectionsRobotic bridge inspection and infrastructure inspections
Robotic bridge inspection and infrastructure inspections
Infrastructure Preservation Corporation
 
Raytheon Veteran Open Job List - January 2018
Raytheon Veteran Open Job List - January 2018Raytheon Veteran Open Job List - January 2018
Raytheon Veteran Open Job List - January 2018
Toni Havlik
 
Transforming End of Life Care in Acute Hospitals AM Workshop 1: EPaCCS 2020 ‘...
Transforming End of Life Care in Acute Hospitals AM Workshop 1: EPaCCS 2020 ‘...Transforming End of Life Care in Acute Hospitals AM Workshop 1: EPaCCS 2020 ‘...
Transforming End of Life Care in Acute Hospitals AM Workshop 1: EPaCCS 2020 ‘...
NHS Improving Quality
 
BuseResumeBinder
BuseResumeBinderBuseResumeBinder
BuseResumeBinderTaylor Buse
 
Azenqos portfolio generic 27112014
Azenqos portfolio generic 27112014Azenqos portfolio generic 27112014
Azenqos portfolio generic 27112014
Don Plooksawasdi
 
Raytheon Veteran Job list - Sept 2017
Raytheon Veteran Job list - Sept 2017Raytheon Veteran Job list - Sept 2017
Raytheon Veteran Job list - Sept 2017
Toni Havlik
 
ANSI C12.1 and NY State PSC Part 92
ANSI C12.1 and NY State PSC Part 92ANSI C12.1 and NY State PSC Part 92
ANSI C12.1 and NY State PSC Part 92
TESCO - The Eastern Specialty Company
 
R1 142802 highlight from ran#64 for ran1#78 v2
R1 142802 highlight from ran#64 for ran1#78 v2R1 142802 highlight from ran#64 for ran1#78 v2
R1 142802 highlight from ran#64 for ran1#78 v2
yioh
 

What's hot (14)

fpl resume
fpl resumefpl resume
fpl resume
 
CV-Bokarica
CV-BokaricaCV-Bokarica
CV-Bokarica
 
JND CV 2016
JND CV 2016JND CV 2016
JND CV 2016
 
Ankit updated Resume
Ankit updated ResumeAnkit updated Resume
Ankit updated Resume
 
Robotic bridge inspection and infrastructure inspections
Robotic bridge inspection and infrastructure inspectionsRobotic bridge inspection and infrastructure inspections
Robotic bridge inspection and infrastructure inspections
 
Raytheon Veteran Open Job List - January 2018
Raytheon Veteran Open Job List - January 2018Raytheon Veteran Open Job List - January 2018
Raytheon Veteran Open Job List - January 2018
 
LATEST UPDATED CV OF MR SAJEEV R
LATEST UPDATED CV OF MR SAJEEV RLATEST UPDATED CV OF MR SAJEEV R
LATEST UPDATED CV OF MR SAJEEV R
 
Transforming End of Life Care in Acute Hospitals AM Workshop 1: EPaCCS 2020 ‘...
Transforming End of Life Care in Acute Hospitals AM Workshop 1: EPaCCS 2020 ‘...Transforming End of Life Care in Acute Hospitals AM Workshop 1: EPaCCS 2020 ‘...
Transforming End of Life Care in Acute Hospitals AM Workshop 1: EPaCCS 2020 ‘...
 
BuseResumeBinder
BuseResumeBinderBuseResumeBinder
BuseResumeBinder
 
Azenqos portfolio generic 27112014
Azenqos portfolio generic 27112014Azenqos portfolio generic 27112014
Azenqos portfolio generic 27112014
 
Instrument Engineeer
Instrument EngineeerInstrument Engineeer
Instrument Engineeer
 
Raytheon Veteran Job list - Sept 2017
Raytheon Veteran Job list - Sept 2017Raytheon Veteran Job list - Sept 2017
Raytheon Veteran Job list - Sept 2017
 
ANSI C12.1 and NY State PSC Part 92
ANSI C12.1 and NY State PSC Part 92ANSI C12.1 and NY State PSC Part 92
ANSI C12.1 and NY State PSC Part 92
 
R1 142802 highlight from ran#64 for ran1#78 v2
R1 142802 highlight from ran#64 for ran1#78 v2R1 142802 highlight from ran#64 for ran1#78 v2
R1 142802 highlight from ran#64 for ran1#78 v2
 

Similar to 2015 04 16_WECC Open Mic Webinar Slide Deck

NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
dma1965
 
10 - CIP-002-5.1 Medley - Carr
10 - CIP-002-5.1 Medley - Carr10 - CIP-002-5.1 Medley - Carr
10 - CIP-002-5.1 Medley - CarrBryan Carr
 
Alan Bull CTOTF NERC Presentation
Alan Bull CTOTF NERC PresentationAlan Bull CTOTF NERC Presentation
Alan Bull CTOTF NERC Presentation
NAES Corporation
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
EnergySec
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance Guide
Rapid7
 
Intellibind Top Ten Most Violated Standards Presentation 2011 01 27 (F)
Intellibind Top Ten Most Violated Standards Presentation 2011 01 27 (F)Intellibind Top Ten Most Violated Standards Presentation 2011 01 27 (F)
Intellibind Top Ten Most Violated Standards Presentation 2011 01 27 (F)
bluecedars2
 
Open RAN SRV mid-point review.pdf
Open RAN SRV mid-point review.pdfOpen RAN SRV mid-point review.pdf
Open RAN SRV mid-point review.pdf
Andy Jones
 
360 cellutions casestudy
360 cellutions casestudy360 cellutions casestudy
360 cellutions casestudy360cell
 
The Clarity Project: SSAE-18 Essentials
The Clarity Project: SSAE-18 EssentialsThe Clarity Project: SSAE-18 Essentials
The Clarity Project: SSAE-18 Essentials
NICSA
 
Importance of the NERC PRC-005 Standard - Challenges and Audit Tips
Importance of the NERC PRC-005 Standard - Challenges and Audit TipsImportance of the NERC PRC-005 Standard - Challenges and Audit Tips
Importance of the NERC PRC-005 Standard - Challenges and Audit Tips
Certrec
 
Change management infra basic - quick guideline v1.1 tj
Change management infra basic - quick guideline v1.1 tjChange management infra basic - quick guideline v1.1 tj
Change management infra basic - quick guideline v1.1 tj
Tijs -T.J.- van Velthoven, MBA - AVAILABLE
 
CCNP service provider presentation complete
CCNP service provider presentation completeCCNP service provider presentation complete
CCNP service provider presentation complete
mehtabalam97653
 
European Data Centre Standards
European Data Centre StandardsEuropean Data Centre Standards
European Data Centre Standards
ICT FOOTPRINT .eu
 
1 - Introduction to Computerized Systems Validation - for review.pptx
1 - Introduction to Computerized Systems Validation - for review.pptx1 - Introduction to Computerized Systems Validation - for review.pptx
1 - Introduction to Computerized Systems Validation - for review.pptx
patemalabanan
 
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...TheAnfieldGroup
 
Infrastructure preservation robotic infrastructure technology teaser
Infrastructure preservation robotic infrastructure technology teaserInfrastructure preservation robotic infrastructure technology teaser
Infrastructure preservation robotic infrastructure technology teaser
Infrastructure Preservation Corporation
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
EnergySec
 
Mapping Networks for Day 3 Management
Mapping Networks for Day 3 Management Mapping Networks for Day 3 Management
Mapping Networks for Day 3 Management
Inflectiontech Ltd
 
What is Benchmarking & how it work in power system
What is Benchmarking & how it work in power system What is Benchmarking & how it work in power system
What is Benchmarking & how it work in power system
Power System Operation
 

Similar to 2015 04 16_WECC Open Mic Webinar Slide Deck (20)

NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
NERC CIP Compliance 101 Workshop - Smart Grid Security East 2011
 
10 - CIP-002-5.1 Medley - Carr
10 - CIP-002-5.1 Medley - Carr10 - CIP-002-5.1 Medley - Carr
10 - CIP-002-5.1 Medley - Carr
 
Alan Bull CTOTF NERC Presentation
Alan Bull CTOTF NERC PresentationAlan Bull CTOTF NERC Presentation
Alan Bull CTOTF NERC Presentation
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance Guide
 
Intellibind Top Ten Most Violated Standards Presentation 2011 01 27 (F)
Intellibind Top Ten Most Violated Standards Presentation 2011 01 27 (F)Intellibind Top Ten Most Violated Standards Presentation 2011 01 27 (F)
Intellibind Top Ten Most Violated Standards Presentation 2011 01 27 (F)
 
Open RAN SRV mid-point review.pdf
Open RAN SRV mid-point review.pdfOpen RAN SRV mid-point review.pdf
Open RAN SRV mid-point review.pdf
 
360 cellutions casestudy
360 cellutions casestudy360 cellutions casestudy
360 cellutions casestudy
 
The Clarity Project: SSAE-18 Essentials
The Clarity Project: SSAE-18 EssentialsThe Clarity Project: SSAE-18 Essentials
The Clarity Project: SSAE-18 Essentials
 
TN Resume 11-17-2015
TN Resume 11-17-2015TN Resume 11-17-2015
TN Resume 11-17-2015
 
Importance of the NERC PRC-005 Standard - Challenges and Audit Tips
Importance of the NERC PRC-005 Standard - Challenges and Audit TipsImportance of the NERC PRC-005 Standard - Challenges and Audit Tips
Importance of the NERC PRC-005 Standard - Challenges and Audit Tips
 
Change management infra basic - quick guideline v1.1 tj
Change management infra basic - quick guideline v1.1 tjChange management infra basic - quick guideline v1.1 tj
Change management infra basic - quick guideline v1.1 tj
 
CCNP service provider presentation complete
CCNP service provider presentation completeCCNP service provider presentation complete
CCNP service provider presentation complete
 
European Data Centre Standards
European Data Centre StandardsEuropean Data Centre Standards
European Data Centre Standards
 
1 - Introduction to Computerized Systems Validation - for review.pptx
1 - Introduction to Computerized Systems Validation - for review.pptx1 - Introduction to Computerized Systems Validation - for review.pptx
1 - Introduction to Computerized Systems Validation - for review.pptx
 
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
 
Infrastructure preservation robotic infrastructure technology teaser
Infrastructure preservation robotic infrastructure technology teaserInfrastructure preservation robotic infrastructure technology teaser
Infrastructure preservation robotic infrastructure technology teaser
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
 
Mapping Networks for Day 3 Management
Mapping Networks for Day 3 Management Mapping Networks for Day 3 Management
Mapping Networks for Day 3 Management
 
What is Benchmarking & how it work in power system
What is Benchmarking & how it work in power system What is Benchmarking & how it work in power system
What is Benchmarking & how it work in power system
 

2015 04 16_WECC Open Mic Webinar Slide Deck

  • 2. Agenda • CIP-014 Third Party Assessments - Bryan Carr • Registration Update – Brittany Power • Presentation on CIP Basics – Brent Castagnetto W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 3. CIP-014-1: Updates Open Webinar April 16, 2015 Bryan Carr, PMP, CISA, PSP, CBRM, CBRA Nick Weber, CPP, PSP, CBRM, CBRA Compliance Auditors Physical and Cyber Security W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 4. CIP-014-1 Process Overview W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L R1: Applicability R2: Unaffiliated Review R3: Notify Control Centers R4: Conduct Threat and Vulnerability Assessment R5: Develop a Security Plan R6: Unaffiliated Review
  • 5. CIP-014-1 Implementation Less than nine months from effective date to Security Plan completion W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L CIP-014-1 Implementation Timeline Activity Implementation Not Later Than Total R1 Assessment Effective Date 10/1/2015 0 Days R2 Verification Effective + 90 12/30/2015 90 Days R2.3 Address Discrepancies R2.2 + 60 2/28/2016 150 Days R3 Notify Control Center R2 + 7 1/6/2016 157 Days R4 Threat and Vulnerability Evaluation R2 + 120 6/27/2016 270 Days R5 Security Plan R2 + 120 6/27/2016 270 Days R6 Review R5 + 90 9/25/2016 360 Days R6.3 Address Discrepancies R6.2 + 60 11/24/2016 420 Days
  • 6. CIP-014-1 R1 Risk Assessment R1: Each Transmission Owner shall perform an initial risk assessment and subsequent risk assessments of its Transmission stations and Transmission substations (existing and planned to be in service within 24 months) that meet the criteria specified in Applicability Section 4.1.1. The initial and subsequent risk assessments shall consist of a transmission analysis or transmission analyses designed to identify the Transmission station(s) and Transmission substation(s) that if rendered inoperable or damaged could result in instability, uncontrolled separation, or Cascading within an Interconnection. W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 7. CIP-014-1 R1 Risk Assessment Three methodologies have been shared with the WECC CIP Audit Team to date: • PAC/APS Proposed Methodology • BPA Methodology • Peak Reliability Methodology W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 8. CIP-014-1 R1 Risk Assessment W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 9. CIP-014-1 R1 Risk Assessment
  • 10. CIP-014-1 R1 Risk Assessment Audit Approach Questions: • Does the methodology define cascading, uncontrolled separation, and instability with criteria for each? • Does the methodology effectively determine whether or not loss of the Station/Substation will result in cascading, uncontrolled separation, or instability? The methodologies shared with the WECC CIP Team meet both criteria, but are not an all-inclusive list of methodologies. Entities are free to develop their own methodology. W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 11. CIP-014-1 R2/R6 Third Party Reviews Audit Approach Questions: • Is the third party unaffiliated and qualified to conduct the review? • Was the review conducted and documented? • Did the entity address all reviewer recommendations in accordance with Part 2.3/Part 6.3? • Did the entity implement procedures for protecting sensitive or confidential information? Entities should focus on the reviewer’s ability to strengthen their program by providing a unique perspective. The language of the standard sets no parameters on the depth, rigor, or focal points of the review. W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 12. At Your Service • PSWG- Get plugged in! http://www.wecc.biz/committees/StandingCommittees/OC/CIIM S/PSWG/default.aspx • Phone call or email away • We want to help • Always willing to provide our audit approach W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 13. Contacts Bryan Carr, PMP, CISA, PSP, CBRM, CBRA Compliance Auditor, Physical and Cyber Security Western Electricity Coordinating Council 155 North 400 West, Suite 200 Salt Lake City, UT 84103 (801) 819-7691 bcarr@wecc.biz Nick Weber, CPP, PSP, CBRM, CBRA Compliance Auditor, Physical and Cyber Security Western Electricity Coordinating Council 155 North 400 West, Suite 200 Salt Lake City, UT 84103 (801) 386-6288 nweber@wecc.biz 13 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 14. Registration Update Brittany Power Data Coordinator W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 15. Current Status • FERC RBR Order • Interchange Authority & Purchase-Selling Entity Functions • Distribution Provider Function • UFLS Only Distribution Providers • Next Steps – Load-Serving Entity Registration • Next Steps – Changes to Appendix 15 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 16. FERC RBR Order On March 19, 2015, the Federal Energy Regulatory Commission (FERC) released Order 150 FERC ¶ 61,213 on Electric Reliability Organization Risk Based Registration Initiative and Requiring Compliance Filing (RBR Order). 16 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 17. FERC RBR Order Under the RBR Order, FERC has approved the following: • Modification of the Compliance Registry Criteria by removing Purchasing-Selling Entities (PSEs) and Interchange Authorities (IAs) as registered functions • Raising the threshold for registering entities as Distribution Providers (DPs) • Aligning five functional registration categories to the definition of Bulk Electric System 17 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 18. IA & PSE Functions Removal of the IA & PSE Functions will require no action from entities that are registered under one of the eliminated functional categories. 18 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 19. Distribution Provider Function FERC approved the peak load threshold for Distribution Providers from 25 MW to 75 MW and the entity’s system must be directly connected to the BES. DPs below 75 MW remain eligible for registration if they own or operate protection systems such as: • Under Voltage Load Shedding • Special Protection Systems • Remedial Action Schemes • Other Transmission Protection Systems 19 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 20. UFLS Only Distribution Providers FERC also approved the possibility of a Distribution Provider registered only for the reliability functions related to Underfrequency Load Shedding Protection. FERC directed NERC to include PRC-005 to this new class of UFLS Only Distribution Providers. 20 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 21. Next Steps - LSE In the RBR Order, FERC gave NERC 60 days to provide a proposal for removing Load-Serving Entities (LSEs) from the registry criteria with no reliability gaps. 21 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 22. Next Steps - Changes to Appendix In order to carry out the FERC order, NERC must introduce changes to its Rules of Procedure Section 302.1 and Appendices 5A & 5B. Comments on the proposed revisions to the NERC Rules of Procedure are being requested from industry. The 45-day comment period began on Monday April 13, 2015 and ends on Thursday, May 28, 2015. 22 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 23. WECC Support weccsupport@wecc.biz 801-883-6879 or 877-937-9722 23 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 24. CIP Basics Open Webinar April 16 2015 Brent Castagnetto, Manager Cyber Security Audits & Investigations W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 25. Agenda • Introduction • Acronym Soup • CIP Standards Overview • Questions & Answers 25 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 26. Introduction • Critical Infrastructure Protection (CIP) – Urgent Action 1200 (2003) • Voluntary suite of standards and requirements affording protections to Cyber Assets essential to the operation of the Bulk Electric System (BES) – Energy Policy Act of 2005 / Section 215 Federal Power Act • Moved daylight savings time up • Set Federal reliability standards regulating our industry 26 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 27. Why CIP? • Federal Energy Regulatory Commission (FERC) Order 706 – FERC designated NERC as the Electric Reliability Organization (ERO) – NERC has a delegation agreement with 8 regional entities – NERC develops CIP version 1,2,3,4,5… and so on. 27 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 28. 8 Regional Entities 28 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 29. Acronym Soup • BCA – BES Cyber Asset • BCS – BES Cyber System • BES CSI - BES Cyber Security Information • BROS – BES Reliability Operating Services • EAP – Electronic Access Point • EACMS – Electronic Access Control and Monitoring Systems • ESP – Electronic Security Perimeter • ERC – External Routable Connectivity • IRA – Interactive Remote Access • PACS – Physical Access Control Systems • PSP – Physical Security Perimeter • PCA – Protected Cyber Asset *Not a comprehensive list 29 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 30. CIP v5 Standards • Most recent set of approved CIP Standards • Mandatory and Enforceable 4/1/2016 • NERC CIP v5 Transition Guidance provides entities an opportunity to move to v5 now 30 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 31. Decrypting CIP v5 31 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 32. CIP-002-5-1 • BES Cyber System Categorization – BES Cyber System (BCS) • One or more BES Cyber Assets logically grouped together that perform one or more reliability tasks • Example: EMS, SCADA 32 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 33. CIP-002-5.1 • BES Reliability Operating Services (BROS) – Support defining BES Cyber Systems – See CIP-002-5.1 Attachment 1 • Monitoring & Control • Restoration of BES • Situational Awareness *Not a comprehensive list 33 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 34. CIP-003-6 • Security Management Controls – Policies that support CIP-004 – CIP-011 Objectives • Example Personnel & Training, Electronic Security Controls, Physical Security Controls – Low Impact Controls (Mandatory & Enforceable 2017) – Identification of CIP Senior Manager responsible for entity CIP Compliance Program 34 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 35. CIP-004-6 • Personnel & Training – Quarterly Security Awareness – Training – Personnel Risk Assessment (PRA) – Access Management • Logical and physical 35 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 36. CIP-005-5 • Electronic Security Perimeter(s) – Establishing a logical border around BES Cyber Assets with routable connectivity – Access Control , Authentication mechanisms – Detection of possible malicious communication at the logical border – Interactive Remote Access • Encryption • Multifactor authentication 36 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 37. CIP-005-5 Interactive Remote Access 37 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L IP-SEC VPN Tunnel: Access Control via- ACS, AD, Biometric RDP From Remote Host to Corp Host or Jump Host : Access Control via AD & Biometric RDP From Corp Host to Jump Host: Access Control via AD & Biometric Jump Host to BCA/PCA: Access Control via AD/local auth BCA/PCA to Jump Host Remote User w/ Thumb Reader Remote User w/ Thumb Reader Remote User w/ Thumb Reader Remote User w/ Thumb Reader
  • 38. CIP-006-6 • Physical Security – Operational and procedural controls to restrict physical access – Physical access controls, monitoring of physical access, alert & alarm – Pay close attention to the applicable systems column – Physical access logging – Visitor escort procedures 38 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 39. CIP-007-6 • System Security Management – Ports & Services • Includes physical ports – Security Patch Management • Tracking & evaluation – Malicious Code Prevention • Deter, detect or prevent (BES Cyber System Level) – Security Event Monitoring • Log and generate alerts for security events 39 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 40. CIP-007-6 • System Security Management – System Access Control • Interactive user access authentication • Account management – Default, generic, shared accounts – Password management 40 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 41. CIP-008-5 • Cyber Security Incident Response – Incident identification / classification – Reporting to Electricity Sector Information Sharing & Analysis Center (ES-ISAC) – Annual testing of the Cyber Security Incident Response Plan – Document lessons learned, communication plan 41 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 42. CIP-009-5 • Recovery Plans for BES Cyber Systems – Develop a recovery plan – Backup and storage of information used for recovery – Testing every 15 months • Recovery from an incident • Paper drill or table top • Operational exercise – Testing every 36 months • Operational Exercise • Pay close attention to Applicable Systems column • High Impact BES Cyber Systems only – Document lessons learned, update, communicate 42 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 43. CIP-010-2 • Change Management / Vulnerability Assessment – Baseline Configuration for BES Cyber Systems – Authorize & document changes within 30 days or completing the change – Pay close attention to applicable systems column – Configuration Monitoring (High Impact BES Cyber Systems) – Vulnerability Assessment every 15 months – Active Vulnerability Assessment every 36 months • Transient Cyber Assets – CIP-010-2 Attachments 1 & 2 43 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 44. CIP-011-2 • Cyber Security – Information Protection – Identification of BES Cyber System Information – Secure procedures • Storage, handling, transit, use – Reuse & Disposal 44 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 45. CIP-014-2 • Physical Security Substations and Transmission Control Centers – Identification of facilities via transmission analysis – Threat and Vulnerability Assessment – Tactical Security Plan – Required 3rd party reviews 45 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 46. Upcoming CIP Events • CIP Low Impact Event – July 7-8 San Ramon, CA. • Registration information 46 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 47. Helpful Links • http://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx • http://www.ferc.gov/whats-new/comm-meet/2013/112113/E-2.pdf • http://www.nerc.com/pa/CI/Pages/Transition-Program-V5-Implementation-Study.aspx • https://www.wecc.biz/TrainingAndEducation/Pages/Compliance.aspx 47 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 48. CIP Subject Matter Experts 48 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 49. Questions Brent Castagnetto Manager, Cyber Security Audits and Investigations bcastagnetto@wecc.biz 49 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L
  • 50. Upcoming Events • WECC Compliance 101 Webinar - May 21, 2015 • WECC CUG/CIPUG Conference – Portland, OR - June 2 – 4, 2015 • CIP Low Impact Training – San Ramon, CA – July 7 – 8, 2015 50 W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L