nerc cipc chair report highlights...¢  nerc presented draft rsaws for cip -002, cip -007,...

Click here to load reader

Download NERC CIPC Chair Report Highlights...¢  NERC presented draft RSAWs for CIP -002, CIP -007, and CIP -009

Post on 20-May-2020

2 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • NERC CIPC Chair Report Chuck Abell

    June 10, 2014

  • 2 RELIABILITY | ACCOUNTABILITY

    2014 Efforts & Activities

    • Security Technology Awareness Workshop

    • CIP-014-1 Physical Security Standard

    • CIP V5 “791” Standards Drafting Team

    • CIP V5 Transition Program

    • Scenario Planning for GridEx III

    • Continuation of CRISP Program

    • Heartbleed Vulnerability Response

  • 3 RELIABILITY | ACCOUNTABILITY

    2014 Efforts & Activities

    • Continued EO/PPD Efforts

    • David Revill Approved by Board to CIPC EC

    • CIPC Executive Committee Annual Planning

    • Grid Security Conference 2014

    • Reactivation of the CSSWG

    • Business Continuity Guideline Task Force

  • 4 RELIABILITY | ACCOUNTABILITY

    GridEx II Assignments

    Security Training Working Group (w/ ESISTF)

    Develop a training module to help individual entities

    understand when, how, and what information should

    be shared or reported, and how it is used by the

    receiving organizations.

  • 5 RELIABILITY | ACCOUNTABILITY

    GridEx II Assignments

    Control System Security Working Group (CSSWG)

    Complete Business Networks Guideline work begun in

    2011 by the CSSWG to specifically address separation

    of business networks and control networks during an

    emergency.

  • 6 RELIABILITY | ACCOUNTABILITY

    GridEx II Assignments

    Electricity Subsector Information Sharing TF (ESISTF)

    While the ES-ISAC has the responsibility for this item,

    the ESISTF will assist by providing early input

    regarding priorities & options, and help develop

    mechanisms to communicate these processes to

    stakeholders.

  • 7 RELIABILITY | ACCOUNTABILITY

    GridEx II Assignments

    Business Continuity Guideline TF

    Complete Business Continuity guideline work to

    specifically address preservation of forensic data

    following a physical or cyber attack.

  • 8 RELIABILITY | ACCOUNTABILITY

    CIP Committee Structure

    Physical Security Subcommittee (David Grubbs)

    Cyber Security Subcommittee

    (Marc Child)

    Operating Security Subcommittee

    (Jim Brenton)

    Policy Subcommittee (Nathan Mitchell)

    Physical Security WG

    (Ross Johnson)

    CIPC Executive Committee Marc Child Chuck Abell, Chair Melanie Seader David Grubbs Nathan Mitchell, Vice Chair Jack Cashin Ross Johnson Jim Brenton, Vice Chair Barry Lawson David Revill Bob Canada, Secretary

    Security Training WG

    (William Whitney)

    Control System Security WG

    (Mikhail Flakovich)

    Cyber Security Analysis WG

    (Vacant)

    ES Information Sharing TF

    (Stephen Diebold)

    Grid Exercise WG

    (Tim Conway)

    Cyber Attack Tree TF

    (Mark Engels)

    BES Security Metrics WG

    (James Sample)

    Personnel Security Clearance TF

    (Nathan Mitchell)

    Compliance & Enforcement Input WG

    (Paul Crist)

    Physical Security Guidelines

    WG (John Breckenridge)

    Business Continuity Guideline TF

    (Darren Meyers)

  • Critical Infrastructure Protection

    Matt Blizard, PE Director, Critical Infrastructure Protection CIPC, Orlando June 10th, 2014

  • 2 RELIABILITY | ACCOUNTABILITY

    CIP Updates and Activities

    • NERC Updates: o ESISAC – (CRISP, CRAPA, Aurora, Threats & Vulnerabilities…) o CIP v5 transition – Effective and Efficient Roll Out o CIP v5 revisions, FERC Order 791 o Physical Security – CIP-014-1 o Physical Security Manager o Security Reliability Program (SRP) o GridEx II Lessons Learned – Distributed Play and Executive Table Top o Executive Order – NIPP, NIST Cybersecurity Framework o CIPC – Work Groups and Task Forces

    • Activities:  GridSecCon 14-16 October 2014, Hyatt Regency, San Antonio, Tx  GridEx III 18-19 November 2015

  • 3 RELIABILITY | ACCOUNTABILITY

  • CIP Version 5 Revisions Standard Drafting Team Update

    Ryan Stewart, NERC Standards Developer June 11, 2014 CIPC

  • RELIABILITY | ACCOUNTABILITY2

    • Overview of FERC Directives • Overview of Development Activities • Overview of Revisions • Identify, Assess, and Correct – struck from 17 Requirements • Low Impact Assets – revised CIP-003 • Communication Networks – revised CIP-006 & CIP-007 • Transient Devices – revised CIP-004 & CIP-010 • Implementation Plan • Next Steps

    Agenda

  • RELIABILITY | ACCOUNTABILITY3

    • FERC approved CIP standards in January 2013. • FERC directed NERC to modify certain aspects.

     Identify, Assess, and Correct language.  Communication Networks.  Low Impact assets protections  Transient Devices.

    • Identify, Assess, and Correct and Communication Networks modifications must be filed at FERC by February 3, 2015.

    Overview of FERC Directives

  • RELIABILITY | ACCOUNTABILITY4

    • SDT and observers participated in aggressive development schedule from February to May  Ten hours of conference calls per week, including subgroup calls

    focused on each directive area  Four face-to-face SDT meetings

    • Participation from variety of stakeholders ensured that the SDT considered different perspectives from industry, government, and NERC

    Overview of Development Activities

  • RELIABILITY | ACCOUNTABILITY5

    • Address all four directive areas by the filing deadline • Outreach crucial during development and during comment

    period • Observer engagement critical to success

    Key Objectives

  • RELIABILITY | ACCOUNTABILITY6

    • Identify, Assess, Correct language struck from all 17 requirements  SDT determined that the requirements should state the performance

    expectation and compliance language should be removed

    • Substantive requirements remain the same • Violation Severity Levels revised accordingly

    Identify, Assess, Correct

  • RELIABILITY | ACCOUNTABILITY7

    • SDT continues coordination with NERC Compliance and Enforcement Staff on supporting documents  NERC presented draft RSAWs for CIP-002, CIP-007, and CIP-009 to the

    SDT at its last meeting  RSAW development team continuing to modify drafts to prepare for

    concurrent posting with standards  SDT suggested scenarios for NERC to address under RAI  FAQ document on IAC and RAI

    • NERC staff will offer a more comprehensive view of RAI beyond CIP standards in a June 19 webinar (following SDT webinar)

    Identify, Assess, Correct

  • RELIABILITY | ACCOUNTABILITY8

    • SDT posed questions to NERC Enforcement and Compliance regarding Reliability Assurance Initiative (RAI)

    • Questions are included in a Frequently Asked Questions document posted as a supplement to the revised standards

    • Document focuses on how the RAI will handle high frequency low risk security obligations in the compliance and enforcement domains once IAC is removed

    Identify, Assess, Correct

  • RELIABILITY | ACCOUNTABILITY9

    • CIP-003-6 Requirement R2 now in table format  SDT kept all requirements applicable to low impact assets in this

    requirement  Technical areas same as CIP-003-5 passed by industry but with more

    specificity to meet FERC directive  Proposed requirement language borrowed from existing, FERC- and

    industry-approved V5 standards but tailored to low impact

    • Parent requirement above table parts is as follows:

    Low Impact Assets

  • RELIABILITY | ACCOUNTABILITY10

    • CIP-003-6 Requirement R2 now in table format  Part 2.1 – CIP Senior Manager review and approval  Part 2.2 – Operational or procedural control(s) to restrict physical access  Part 2.3 – Physical access controls at Control Centers  Part 2.4 – Electronic access controls  Part 2.5 – Cyber Security Incident response plan(s)  Part 2.6 – Reinforcing of security awareness

    Low Impact Assets

  • RELIABILITY | ACCOUNTABILITY11

    • CIP-006-6 Requirement R1, new Part 1.10  Restrict physical access to cabling and other nonprogrammable

    communication components used for connection between applicable Cyber Assets within the same ESP in those instances when such cabling and components are located outside of a PSP.

     Where physical access restrictions are not implemented, entity shall document and implement: o Encryption of data o Monitoring the status of the communication link and issuing an alarm o Equally effective logical protection

     Applicable to High Impact BES Cyber Systems and PCAs and Medium BES Cyber Systems at Control Centers and PCAs

    Communication Networks

  • RELIABILITY | ACCOUNTABILITY12

    • CIP-007-6 Requirement R1, Part 1.2: new applicability and incorporated new glossary term

    Communication Networks

  • RELIABILITY | ACCOUNTABILITY13

    • Transient Cyber Asset - A Cyber Asset directly connected for 30 consecutive calendar days or less, to: (1) a BES Cyber Asset, (2) a network within an ESP, or (3) a Protected Cy

View more