Agenda Critical Infrastructure Protection Committee December 12, 2017 | 1:00 p.m. – 5:00 p.m. Eastern December 13, 2017 | 8:00 a.m. – Noon Eastern The Whitley Hotel (formerly The Ritz- Carlton Buckhead) 3434 Peachtree Rd NE Atlanta, GA 30326 Introduction and Chair’s Remarks NERC Antitrust Compliance Guidelines and Public Announcement Agenda Items

1. Opening Remarks – Ken McIntyre, Vice President and Director of Standards and Compliance, NERC

2. Administrative – Tobias Whitney, CIPC Secretary, NERC

a. Safety Briefing and Emergency Precautions – The Whitley Hotel Staff (formerly The Ritz- Carlton Buckhead)

b. Declaration of CIPC Quorum

c. CIPC Roster

d. Parliamentary Procedures – In the absence of specific provisions in the CIPC charter, the committee shall conduct its meetings guided by the most recent edition of Robert’s Rules of Order, Newly Revised.

3. Consent Agenda – David Revill and Nathan Mitchell, CIPC Vice-Chair’s

a. Draft September CIPC Minutes – (Approve)

b. PRA Implementation Guide Finalization

c. Nomination Subcommittee Task Force Updates – Michael Mertz, Vice President – Chief Information Officer, PNM Resources

4. Chair’s Remarks – David Revill and Nathan Mitchell, CIPC Vice-Chair’s

a. 2018 Work Plan* – (Approve)

b. Working Group Updates

5. Agency Updates

a. Federal Energy Regulatory Commission

i. FERC Led Audit Observations (Report)

Agenda – Critical Infrastructure Protection Committee – December 12-13, 2017 2

b. Department of Energy

c. Department of Homeland Security

6. CIP Programs Update – Tobias Whitney, CIPC Secretary, NERC

a. Remote Access Study Report

b. High Impact Control Center Report

7. E-ISAC Update* – Steve Herrin, Director of Operations, NERC E-ISAC

a. GridSecCon Update– Steve Herrin, Director of Operations, NERC E-ISAC

b. GridEx Update – Bill Lawrence, Senior Director, NERC E-ISAC

c. Notable cyber incidents past quarter – Steve Herrin, CRISP Manager

d. Notable physical incidents past quarter* – Charlotte de Siebert, Principal Physical Security Analyst, NERC E-ISAC

8. NERC Alerts – Sam Chanoski, Director - Situational Awareness and Event Analysis, NERC

9. CIP Standards Update* – David Revill, CIPC Vice Chair, Georgia System Operations Corporation

a. CIP Modification Team Update

b. CIP Supply Chain Team Update* – Howard Gugel, Senior Director - Standards and Education, NERC

10. Emerging Technology Roundtable Update - Tobias Whitney, CIPC Secretary, NERC

a. Research Labs Update – Scott R. Mix, Senior Grid Security Project Manager, PNNL

b. IEC-61850 Boot Camp – Chan Wong, Senior Engineer, Entergy

c. Cloud Computing Update- Tobias Whitney, CIPC Secretary, NERC

11. Regional Report (SPP RE)* – Eric Ervin, Director – Corporate Security, Westar Energy

12. Regional Report (WECC)* – Lisa Carrington, APS and Michael Mertz, Vice President – Chief Information Officer, PNM Resources

13. Legislative Update – Nathan Mitchell, CIPC Vice Chair, APPA

14. Electricity Subsector Coordinating Council Update – Nathan Mitchell, CIPC Vice Chair, APPA

15. Reliability Issues Steering Committee Update – Nathan Mitchell, CIPC Vice Chair, APPA

16. North American Transmission Forum* – Ken Keels, Director-Practices and Initiatives, NATF

17. Operating Security Subcommittee – Joe Garmon, Subcommittee Chair, Seminole Electric Cooperative

a. Joint CIPC / OC Project – Joe Garmon, Subcommittee Chair, Seminole Electric Cooperative

b. Grid Exercise Working Group (GEWG) – Tim Conway,

GEWG Charter

Agenda – Critical Infrastructure Protection Committee – December 12-13, 2017 3

18. Cybersecurity Subcommittee

a. Control Systems Security Working Group (CSSWG)* – Carter Manucy, Cyber Security Manager, Florida Municipal Power Agency and Michael Mertz, Vice President- Chief Information Officer, PNM Resources

CSSWG Charter

b. Security Training Working Group (STWG)* – David Godfrey, STWG Co-chair, City of Garland Power and Light and Amelia Sawyer, Policy and Compliance, CenterPoint Energy

STWG Charter

19. Physical Security Subcommittee – David Grubbs, Subcommittee Chair, City of Garland Power and Light

a. Physical Security Guidelines Work Group- Darrell Klimitchek, Manager of Technical Services, South Texas Electric Cooperative

i. Charter Vote – (Approve)

b. Alberta Provincial Electricity Physical Security Working Group – Ross Johnson, Senior Manager, Capital Power

c. Security Management Program Guideline for the Electricity Subsector - Ross Johnson, Senior Manager, Capital Power

d. E-ISAC Physical Security Advisory Group* – John Breckinridge, Chair, KCP&L

20. Policy Subcommittee – John Galloway, Subcommittee Chair, ISO New England

a. Security Metrics Working Group (SMWG)* – Larry Bugh, SMWG Chair, ReliabilityFirst

SMWG Charter

b. Compliance Enforcement and Input Working Group (CEIWG)* – Paul Crist, CEIWG Chair, Lincoln Electric System

i. VOIP Compliance Considerations*

ii. Shared Facility Considerations*

iii. Nuclear Personnel PRA’s

CEIWG Charter

21. Schedule of Important Dates:

Dates Time Type Location Hotel

December 12-13, 2017 12:00 p.m. – 5:00 p.m. 8:00 a.m. – 12:00 p.m.

CIPC Meeting Atlanta The

Whitley, Buckhead

December 13, 2017 1:00 p.m. – 5:00 p.m. Classified Briefing Atlanta, GA (FBI Office)

N/A

Agenda – Critical Infrastructure Protection Committee – December 12-13, 2017 4

Dates Time Type Location Hotel

December 14, 2017 8:00 a.m. – 6:00 p.m. IEEE Workshop Atlanta, GA The

Whitley, Buckhead

March 6-7, 2018 12:00 p.m. – 5:00 p.m. 8:00 a.m. – 12:00 p.m.

CIPC Meeting

Jacksonville, FL Hyatt Regency

Jacksonville Riverfront

June 5-6, 2018 12:00 p.m. – 5:00 p.m. 8:00 a.m. – 12:00 p.m.

CIPC Meeting TBD TBD

September 11-12, 2018 12:00 p.m. – 5:00 p.m. 8:00 a.m. – 12:00 p.m.

CIPC Meeting TBD TBD

December 11-12, 2018 12:00 p.m. – 5:00 p.m. 8:00 a.m. – 12:00 p.m.

CIPC Meeting TBD TBD

22. Closing Remarks and Action Items

23. Adjournment

Antitrust Compliance Guidelines I. General It is NERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that unreasonably restrains competition. It is the responsibility of every NERC participant and employee who may in any way affect NERC’s compliance with the antitrust laws to carry out this commitment. Antitrust laws are complex and subject to court interpretation that can vary over time and from one court to another. The purpose of these guidelines is to alert NERC participants and employees to potential antitrust problems and to set forth policies to be followed with respect to activities that may involve antitrust considerations. In some instances, the NERC policy contained in these guidelines is stricter than the applicable antitrust laws. Any NERC participant or employee who is uncertain about the legal ramifications of a particular course of conduct or who has doubts or concerns about whether NERC’s antitrust compliance policy is implicated in any situation should consult NERC’s General Counsel immediately. II. Prohibited Activities Participants in NERC activities (including those of its committees and subgroups) should refrain from the following when acting in their capacity as participants in NERC activities (e.g., at NERC meetings, conference calls and in informal discussions):

• Discussions involving pricing information, especially margin (profit) and internal cost information and participants’ expectations as to their future prices or internal costs.

• Discussions of a participant’s marketing strategies.

• Discussions regarding how customers and geographical areas are to be divided among competitors.

• Discussions concerning the exclusion of competitors from markets.

• Discussions concerning boycotting or group refusals to deal with competitors, vendors or suppliers.

NERC Antitrust Compliance Guidelines 2

• Any other matters that do not clearly fall within these guidelines should be reviewed with NERC’s General Counsel before being discussed.

III. Activities That Are Permitted From time to time decisions or actions of NERC (including those of its committees and subgroups) may have a negative impact on particular entities and thus in that sense adversely impact competition. Decisions and actions by NERC (including its committees and subgroups) should only be undertaken for the purpose of promoting and maintaining the reliability and adequacy of the bulk power system. If you do not have a legitimate purpose consistent with this objective for discussing a matter, please refrain from discussing the matter during NERC meetings and in other NERC-related communications. You should also ensure that NERC procedures, including those set forth in NERC’s Certificate of Incorporation, Bylaws, and Rules of Procedure are followed in conducting NERC business. In addition, all discussions in NERC meetings and other NERC-related communications should be within the scope of the mandate for or assignment to the particular NERC committee or subgroup, as well as within the scope of the published agenda for the meeting. No decisions should be made nor any actions taken in NERC activities for the purpose of giving an industry participant or group of participants a competitive advantage over other participants. In particular, decisions with respect to setting, revising, or assessing compliance with NERC reliability standards should not be influenced by anti-competitive motivations. Subject to the foregoing restrictions, participants in NERC activities may discuss:

• Reliability matters relating to the bulk power system, including operation and planning matters such as establishing or revising reliability standards, special operating procedures, operating transfer capabilities, and plans for new facilities.

• Matters relating to the impact of reliability standards for the bulk power system on electricity markets, and the impact of electricity market operations on the reliability of the bulk power system.

• Proposed filings or other communications with state or federal regulatory authorities or other governmental entities.

Matters relating to the internal governance, management and operation of NERC, such as nominations for vacant committee positions, budgeting and assessments, and employment matters; and procedural matters such as planning and scheduling meetings.

Agenda Item 4a-4b CIPC Meeting December 12-13 2017

Chair’s Remarks – 2018 Work Plan & Working Group Updates

Action Approve Background In September 2017 the CIPC Executive Committee (CIPC-EC) met in a strategic session to review and, where necessary, update the committee charter and work-plan for the coming year. This report is intended to summarize and discuss the changes to both the CIPC Charter and the CIPC Strategic Plan for 2018, then vote for approval. Summary Modest changes were made to the CIPC Charter, including language that strengthens the good working relationship the committee has with federal partners on both sides of the US-CAN border. A new class of CIPC non-voting member, referred to as ‘Partner Members’, has been added to the Charter and includes 11 specific government agencies that are strategic partners in the security of the bulk electric system and whose contributions in the past have been invaluable, and whose partnership the committee counts on going forward. The CIPC Strategic Plan has been updated to align closely with the new ERO Enterprise Long Term Strategy & Operating Plan, as well as with the draft RISC report.

1

Agenda Item 6 CIPC Meeting December 12-13, 2017

Critical Infrastructure Protection Update Action Discussion Background In 2017, NERC and the Regional Entities have been focusing Compliance Monitoring and Enforcement Program (CMEP) activities on key aspects of the Critical Infrastructure Protection (CIP) Reliability Standards. NERC worked with the Regional Entities to conduct a study that identified the strengths and challenges of the CIP Version 5 remote access controls in response to FERC Order 822,1 which was filed in July. In September, NERC completed an annual report on the effectiveness of the Technical Feasibility Exception (TFE) program. Lastly, NERC performed an analysis of whether High Impact Control Centers should receive the CIP-014 protections in response to FERC Order 8022 and filed the report in October. Based on the conclusions from these reports, the following activities will be conducted in concert with industry, the Critical Infrastructure Protection Committee (CIPC), or compliance monitoring activities:

1. NERC, in coordination with the CIPC and the Standards Drafting Team, will continue its analysis of remote access controls to ensure effective mitigation of security risks.

2. NERC will initiate its stakeholder processes, including the Critical Infrastructure Protection Committee, to further identify those High Impact Control Centers that 1) have operational control of BES assets; and 2) if damaged, rendered inoperable, or seized as a result of a physical attack, could result in instability, uncontrolled separation, or Cascading in an Interconnection.

3. Through continued compliance monitoring activities, NERC will evaluate the use and prevalence of TFEs.

Summary The presentation will cover the remote access study and the High Impact Control Center report.

1 Order No. 822, Revised CIP Reliability Standards, 154 FERC ¶ 61,037 at P 64 (2016). 2 Physical Security Reliability Standard, Order No. 802, 149 FERC ¶ 61,140 (2014). Subsequently, the Commission approved a second version of the standard, CIP-014-2, to remove the term “widespread” from the requirements, consistent with the Commission’s directive in Order No. 802. North American Electric Reliability Corporation, Letter Order, Docket No. RD15-4-000 (Jul. 14, 2015).

Agenda Item 7 CIPC Meeting December 12-13, 2017

E-ISAC Update

Action Discussion Background The E-ISAC provides regular updates at CIPC meetings. Summary The E-ISAC will provide an update on current activities, threats and vulnerabilities (both Cyber and Physical), including a briefing on supply chain issues, GridSecCon, and GridEx.

Agenda Item 8 CIPC Meeting December 12-13, 2017

NERC Alerts Program Overview

Action Informational Background NERC’s Rules of Procedure, Section 810, prescribes the three levels of Alerts (Advisory, Recommendation, and Essential Action) that NERC can issue to disseminate information to registered entities for their use in ensuring the security and reliability of the bulk power system in North America. Summary Sam Chanoski, NERC Director of Situation Awareness and Event Analysis, will present an overview of how NERC operationalizes the guidance in Section 810. Specific topics covered will include

• Considerations behind issuing an Alert, or using other means of communication

• Processes used to draft, vet, and approve the content of an Alert – paying particular attention to the material differences between Alerts dealing with security-related versus reliability-related topics

• Processes used to disseminate Alerts

• Registered entity requirements and expectations, including handling instructions

• Processes used for collecting, safeguarding, analyzing, and reporting data requested from Level 2 Recommendations

• Resources to address questions about the NERC Alerts Program, and content-specific information on particular Alerts

E-ISAC leadership and staff will be present to address content-related questions specifically related to the October 5, 2017, NERC Alert entitled “Supply Chain Risk.”

Agenda Item 9a CIPC Meeting December 12-13, 2017

CIP Modification Team Update

Action Informational Background The CIP Modifications Standards Drafting team is tasked with addressing certain issues as identified by the Version 5 Transition Advisory Group (V5TAG) as outlined in the V5TAG Transfer Document and by FERC in Order No. 822. The V5 TAG transferred issues to the Version 5 SDT that were identified during the industry transition to implementation of the Version 5 CIP Standards. Specifically, the issues that the SDT will address are:

• Cyber Asset and BES Cyber Asset Definitions

• Network and Externally Accessible Devices

• Transmission Owner (TO) Control Centers Performing Transmission Operator (TOP) Obligations

• Virtualization On January 21, 2016, FERC issued Order No. 822 Revised Critical Infrastructure Protection Reliability Standards. In this order, FERC approved revisions to version 5 of the CIP standards and also directed that NERC address each of the Order 822 directives by developing modifications to requirements in CIP standards and the definition of Low Impact External Routable Connectivity (LERC), or the SDT shall develop an equally efficient and effective alternative. To address concerns identified in Order 822, the Commission directed the following:

• Develop modifications to the CIP Reliability Standards to provide mandatory protection for transient devices used at Low Impact BES Cyber Systems based on the risk posed to Bulk Electric System (BES) reliability.

• Develop modifications to the CIP Reliability Standards to require responsible entities to implement controls to protect, at a minimum, communication links and sensitive bulk electric system data communicated between BES Control Centers in a manner that is appropriately tailored to address the risks posed to the BES by the assets being protected (i.e., high, medium, or low impact).

• Develop a modification to provide the needed clarity, within one year of the effective date of this Final Rule, to the LERC definition consistent with the commentary in the Guidelines and Technical Basis section of CIP-003-6.

Summary This presentation will provide a summary of the current work and next steps of the CIP Modifications Standards Drafting Team.

1

Agenda Item 9b CIPC Meeting December 12-13, 2017

Supply Chain Standards Implementation

Action Information Background On July 21, 2016, the Federal Energy Regulatory Commission (Commission) issued Order No. 829, directing NERC to develop a new or modified Reliability Standard that addresses supply chain risk management for industrial control system hardware, software, and computing and networking services associated with Bulk Electric System (BES) operations, as follows:

[The Commission directs] NERC to develop a forward-looking, objective-based Reliability Standard to require each affected entity to develop and implement a plan that includes security controls for supply chain management for industrial control system hardware, software, and services associated with bulk electric system operations. The new or modified Reliability Standard should address the following security objectives, [discussed in detail in the Order]: (1) software integrity and authenticity; (2) vendor remote access; (3) information system planning; and (4) vendor risk management and procurement controls. (P. 45)

The Commission established a filing deadline of one year from the effective date of Order No. 829, which is September 27, 2017. Following the issuance of Order No. 829, NERC staff initiated Reliability Standards Project 2016-03 to develop a set of Critical Infrastructure Protection (CIP) supply chain risk management standards (“Supply Chain Standards”). The Supply Chain Standards, CIP-005-6, CIP-010-3, and CIP-013-1, support reliability by requiring entities to implement plans and processes to mitigate supply chain cyber security risks to high and medium impact assets. The requirements target risks in four objective areas: (1) software integrity and authenticity; (2) vendor remote access; (3) information system planning; and (4) vendor risk management and procurement controls. Following industry approval of the Supply Chain Standards on July 20, 2017, the Board adopted the Supply Chain Standards at its August 10, 2017 meeting. NERC staff filed the Supply Chain Standards with the Commission on September 26, 2017, where they are currently pending action by the Commission. In adopting the Supply Chain Standards, the board concurrently adopted additional resolutions related to implementation and risk evaluation.1 The resolutions outlined in detail six actions by 1 The Proposed Additional Resolutions for Agenda Item 9.a: Cyber Security – Supply Chain Risk Management – CIP-

005-6, CIP-010-3, and CIP-013-1, NERC Board of Trustees Meeting, August 10, 2017, is available at:

2

NERC management and stakeholders to assist in the implementation and evaluation of the Supply Chain Standards as well as other actions to address potential supply chain risks for assets not currently subject to the standards. Collectively, the activities to address the Board supply chain resolution will establish a common understanding of the supply chain risk to the Bulk Electric System and initiate activities to mitigate those risks. The resolutions, in summary form, include: Support Effective and Efficient Implementation: NERC to commence preparations for implementation of the Supply Chain Standards using similar methods during the CIP V5 transition, and regularly report to the Board on those activities. Cyber Security Supply Chain Risk Study: Study the nature and complexity of cyber security supply chain risks, including those associated with low impact assets not currently subject to the Supply Chain Standards, and develop recommendations for follow-up actions that will best address identified risks. (Interim report 12 months after adoption of the resolutions and a follow-up final report 18 months after adoption). Communicate Supply Chain Risks to Industry: NERC should communicate supply chain risk developments and risks to industry and in connection with the Cyber Security Supply Chain Risk Study. Forum White Papers: The Board requested that the North American Transmission Forum and the North American Generation Forum (the “Forums”) to develop (and distribute, as permissible) white papers to address best and leading practices in supply chain management, as described in the resolution. Association White Papers: The Board requested that the National Rural Electric Cooperative Association and the American Public Power Association (the “Associations”) to develop (and distribute, as permissible) white papers to address best and leading practices in supply chain management, as described in the resolution, focusing on smaller entities that are not members of the Forums, for the membership of the Associations. Evaluate Supply Chain Standard Effectiveness: Collaborating with NERC technical committees and other experts, NERC should develop a plan to evaluate the effectiveness of the Supply Chain Standards, as described in the resolution, and report to the Board. As part of NERC’s petition to FERC requesting approval of the Supply Chain Standard, NERC referenced the Board resolution and provided a detailed outline of activities to support each of the resolution requests. These specific activities maintain focus and engagement of the ERO

http://www.nerc.com/gov/bot/Agenda%20highlights%20and%20Mintues%202013/Proposed%20Resolutions%20re%20Supply%20Chain%20Follow-up%20v2.pdf.

3

Enterprise and its stakeholders, to understand and share the complexities of the supply chain with industry, while mitigating the associated risks.

At the December CIPC meeting, NERC staff will provide an update on the plans and status to address the supply chain resolution, and will continue to do so at each scheduled meeting.

Agenda Item 10 CIPC Meeting December 12-13, 2017

SPP Re Regional Entity

Action Discussion Background Overview of the SPP Security Working Group (SECWG) Summary Providing an overview of SPP Security Working Group including the following:

• Overview of the SPP System

• SPP SECWG Membership

• Purpose and Scope

• Agenda/Actions Items

Agenda Item 11 CIPC Meeting December 12-13, 2017

2017 WECC Regional Update

Action Update

Background Critical Infrastructure Protection Committee (CIPC) has established quarterly reporting by each region. Summary An update the efforts within the WECC region as it pertains to Critical infrastructure protection related activities.

Agenda Item 12 CIPC Meeting December 12-13, 2017

Legislative Update

Action Informational Background Discuss the legislation and current climate of the U.S. Government and its relation to the Energy Sector with updates on government issues.

Agenda Item 13 CIPC Meeting December 12-13, 2017

Electricity Subsector Coordinating Council

Action Informational Background Discuss the activities of the Electricity Subsector Coordinating Council (ESCC), which includes representatives from government, industry, and other groups. Committees of the council focus on strategies that address threats and vulnerabilities on a collaborative basis.

Agenda Item 14 CIPC Meeting December 12-13, 2017

Reliability Issues Steering Committee

Action Informational Background Discuss the Reliability Issues Steering Committee (RISC). Provide and update on current and future activities of the Committee.

Agenda Item 15 CIPC Meeting December 12-13, 2017

NATF Update for NERC CIPC

Action (Discussion) Background The North American Transmission Forum (NATF) is an organization of 87 members representing a total of 153 transmission owning and/or operating companies across North America. Collectively, NATF member companies own and operate 80% of the 200 kV and above transmission mileage and serve about 90% of the North American peak demand. The NATF promotes the highest levels of reliability, security, and resiliency in the operation of electric transmission systems, built on the principle that the open and candid exchange of information among its members is the key to improving the reliability of the transmission systems in the U.S. and Canada. Summary Ken Keels, NATF director of practices and initiatives, will provide an update on recent NATF activities and publications, with a focus on critical infrastructure protection, security, resilience, and supply-chain risk management. These periodic reports from the NATF to the NERC technical committees are intended to brief committee members on NATF efforts, identify areas of overlap, and establish dialogue on coordination to reduce duplicative efforts by industry subject-matter experts.

Agenda Item 17b CIPC Meeting December 12-13, 2017

Security Training Working Group Update

Action Discussion Background Review future Critical Infrastructure Protection Committee (CIPC) training opportunities Summary Request and discuss training topic ideas from CIPC Membership for future CIPC meetings.

Critical Infrastructure Protection Task Force Charter Deliverables and Work Schedule Date: 09/13/2017

Physical Security Guideline Task Force

1. Statement of Need: CIPC will encourage the development of Physical Security Guidelines as suggested in Risk Profile #8: Physical Security Vulnerabilities of the “ERO Reliability Risk Priorities”, dated November 2016.

2. Background: The Reliability Issue Steering Committee (RISC) reviewed and assembled information from ERO Enterprise1 stakeholders, policy makers, and focused executive leadership interviews to develop a composite set of risk profiles and a graphic depiction of the key risks to the system. The depiction presents the likelihood of occurrence, the expected impact on reliability, and the trajectory of the associated risks. The Physical Security Guidelines are categorized as a Moderate Risk Profile. Moderate risks still represent a large potential impact to the bulk power system, but there is consensus that the industry understands the risk and necessary steps to improve reliability. The recommendation from the RISC Committee and approved by the NERC Board of Directors was that further guidance was desired for certain recommendations in the report. 3. Objectives/Duties: Create a Physical Security Guidelines Task Force. Select a Chair Select members for the Task Force from stakeholders Develop guideline(s) to address 7(a) of the Physical Security Risk Profile in the RISC report. Make recommendations for endorsement for the first guideline to the CIPC by second quarter, 2018. Submit endorsed recommendations to CIPC for approval. 4. Members and Structure: The Physical Security Guideline Task Force will generally follow the organizational structure and voting rights of the Critical Infrastructure Protection Committee (CIPC) with the following addition: Non-voting members who are industry subject matter experts, for the work at hand. A NERC staff member will be assigned as the non-voting coordinator. The chair and vice chair will be appointed by the CIPC for one two-year term.

Name Chair Darrell Klimitchek EC Sponsor David Grubbs NERC Staff TBD Industry, Government and Other Members

5. Reporting: The Task Force will administratively report to the Physical Security Subcommittee of CIPC. 6. Deliverables and Work Schedule:

• Four to six meetings per year. Emphasis will be given to conference calls and web-based meetings.

• To be completed in consultation with EC Sponsor • Proposed timeline:

September, 2017 CIPC Meeting - Present Charter to NERC CIPC

November 10, 2017 Email draft guideline to NERC CIPC

December, 2017 CIPC Meeting – Present to CIPC for Q&A

January 2018 – Incorporate comments / NERC Technical Review

February 2018 – Email revised guideline to CIPC for approval of 45 day public comment period to begin

April 2018 – Review responses and post comments

May 2018 – Final draft complete – Email to CIPC

Allan Wick Tri-State G&T Cory Lasseigne Utility Services David Grubbs City of Garland Don Hargrove Oklahoma Gas & Electric Jay Spradling Salt River Project John Breckenridge Kansas City Power & Light Jonathan Trepanier Hydro Quebec Mike Kraft Basin Electric Coop Ross Johnson Capital Power Tyson Finch Eversource Energy

June 2018 – Approval Ballot by CIPC

7. References and Resources: To be completed by Task Force Chair

Approved by the NERC Critical Infrastructure Protection Committee (CIPC): _______________________ Date

Agenda Item 18a CIPC Meeting December 12-13, 2017

Physical Security Guideline Task Force

Action Approve/Discuss Background The Physical Security Subcommittee was asked to prepare a guideline in response to the “Electric Reliability Organization (ERO) Reliability Risk Priorities” from the November 2016 report, Risk Profile #8: Physical Security Vulnerabilities, Item 7a. CIPC created this task force to prepare the guideline. Summary Approval of the task force charter, as well as, discuss the draft of guideline: “Physical Security Guideline for the Electricity Sector: Extreme Events”. Guideline is expected to be presented for approval at the March CIPC meeting.

Agenda Item 18b CIPC Meeting December 12-13, 2017

Alberta Provincial Electricity Physical Security Working Group

Action Information Background The electricity sub-sector in Alberta has come together with the oil & gas, telecom, law enforcement, and provincial government to develop methods of reducing metal theft in our communities. Summary We have made significant progress in developing training materials for law enforcement to help them to recognize stolen material and equipment, we are developing construction security best practices, and we are working with the provincial government to develop a law to regulate metal recyclers.

Agenda Item 18c CIPC Meeting December 12 -13, 2017

Security Management Program Guideline for the Electricity Sub-Sector 2018

Action Information and request for material Background The Security Management Program Guideline for the Electricity Sub-Sector is distributed out of the E-ISAC on the public side of their portal. It is a guide for security managers in our sub-sector who are looking for information or assistance. Summary The intent is to update the Guideline every year, and I am looking for material to add to it in the 2018 version. If anyone has anything they think should be in it, please let me know and I will include it.

Agenda Item 19b CIPC Meeting December 12-13, 2017

Compliance Enforcement and Input Working Group (CEIWG) Update

Action Discussion Background Critical Infrastructure Protection Committee (CIPC) will support the NERC Compliance Monitoring and Enforcement Program (CMEP) initiatives by providing timely technical expertise on matters related to cyber and physical security as requested by the NERC Compliance Assurance department and the NERC Compliance Enforcement department. Summary Update on the Implementation Guidance Documents:

• CIP-004-6 R3 - NGOP Employee Access to TO Sites (NERC Endorsed October 10, 2017)

• Voice Communications in a CIP Environment (CIPC Approved)

• Shared Ownership of Bulk Electric System Facilities (CIPC Email Vote ended November 29, 2017)

The CEIWG has been focused on writing 3 implementation guidance documents and one is NERC-Approved, one is CIPC-Approved, and one completed CIPC voting. The CEIWG is at a point of taking on additional assignments and a request has been received from NERC for Implementation Guidance on Cloud Computing and other topics. We will also be completing our annual charter review for revisions and updating our participant list.

Agenda Item 20a CIPC Meeting December 12-13.2017

Security Metrics Working Group (SMWG)

Action Discussion Background CIPC will discuss the recent activities of the SMWG. The SMWG held a workshop on September 20-21, 2017 to reflect on the status of its work over the past few years and consider the next phase of its work. The SMWG confirmed its overall goal to support the NERC Board of Trustees’ high level of interest in security metrics and to:

• Clarify the scope of the SMWG and its role with the E-ISAC

• Critically review metrics developed to-date

• Brainstorm new metrics The SMWG is meeting on December 11, 2017 and will:

• Review the Q3 2017 metrics results prepared by the E-ISAC

• Finalize a revised charter for CIPC approval

• Review the status of actions from the September 20-21, 2017 workshop