nerc - cipc - compliant settings workflow management for ... · setting calculation (cape, manual,...
TRANSCRIPT
Maintenance Intelligence of Tomorrow
NERC - CIPC - Compliant Settings Workflow Management
for CAPE Users
Dr. Zeljko Schreiner IPS GmbH
© 2009 IPS GmbH 1
Content
IntroductionNERC - CIPC RequirementsCurrent Detected ProblemsIntegrated Process SolutionConclusions
Introduction
NERC – North American Electric Reliability CorporationRecognition of possibility of “cyber” attacks on electrical gridNERC has established Critical Infrastructure Protection Committee (CIPC) to define challenges in cyber securityImpact of NERC – CIPC Requirements on life cycle management of protection devices
Internal Cyber Security External Cyber SecurityImpact on IT SystemsImpact on Protection Setting ManagementImpact on Protection Data Management
Cyber Security
NERC CIPC Standards: 8 Standards with 41 high-level requirementsReducing risk of cyber attacks on Critical Cyber AttacksWhat are “Critical Cyber Assets” ?
Digital Protection Relays, SCADA, RTU’s, etc...
NERC CIPC STANDARDS
© 2009 IPS GmbH 5
Eight Standards / 41 High-Level RequirementsEight Standards / 41 High-Level Requirements
CRITICAL CYBER ASSETS
CRITICAL CYBER ASSETS
SECURITY MANAGEMENT
CONTROLS
SECURITY MANAGEMENT
CONTROLSPERSONNEL
AND TRAINING
PERSONNEL AND TRAINING ELECTRONIC
SECURITY
ELECTRONIC SECURITY PHYSICAL
SECURITY
PHYSICAL SECURITY
SYSTEMS SECURITY
MANAGEMENT
SYSTEMS SECURITY
MANAGEMENT
INCIDENT REPORTING &
RESPONSE PLANNING
INCIDENT REPORTING &
RESPONSE PLANNING
RECOVERY PLANS FOR
CCA
RECOVERY PLANS FOR
CCA
CIP-002 CIP-003 CIP-004 CIP-005 CIP-006 CIP-007 CIP-008 CIP-009
1. PLAN2. PHYSICAL
ACCESS CONTROLS
3. MONITORING PHYSICAL ACCESS
4. LOGGING PHYSICAL ACCESS
5. ACCESS LOG RETENTION
6. MAINTE-NANCE & TESTING
1. PLAN2. PHYSICAL
ACCESS CONTROLS
3. MONITORING PHYSICAL ACCESS
4. LOGGING PHYSICAL ACCESS
5. ACCESS LOG RETENTION
6. MAINTE-NANCE & TESTING
1. TEST PROCEDURES
2. PORTS & SERVICES
3. SECURITY PATCH MANAGEMENT
4. MALICIOUS SOFTWARE PREVENTION
5. ACCOUNT MANAGEMENT
6. SECURITY STATUS MONITORING
7. DISPOSAL OR REDEPLOY-MENT
8. CYBER VULNERABILITY ASSESSMENT
9. DOCUMEN-TATION
1. TEST PROCEDURES
2. PORTS & SERVICES
3. SECURITY PATCH MANAGEMENT
4. MALICIOUS SOFTWARE PREVENTION
5. ACCOUNT MANAGEMENT
6. SECURITY STATUS MONITORING
7. DISPOSAL OR REDEPLOY-MENT
8. CYBER VULNERABILITY ASSESSMENT
9. DOCUMEN-TATION
1. CYBER SECURITY INCIDENT RESPONSE PLAN
2. DOCUMEN-TATION
1. CYBER SECURITY INCIDENT RESPONSE PLAN
2. DOCUMEN-TATION
1. RECOVERY PLANS
2. EXERCISES3. CHANGE
CONTROL4. BACKUP &
RESTORE5. TESTING
BACKUP MEDIA
1. RECOVERY PLANS
2. EXERCISES3. CHANGE
CONTROL4. BACKUP &
RESTORE5. TESTING
BACKUP MEDIA
1. CRITICAL ASSETS
2. CRITICAL CYBER ASSETS
3. ANNUAL REVIEW
4. ANNUAL APPROVAL
1. CRITICAL ASSETS
2. CRITICAL CYBER ASSETS
3. ANNUAL REVIEW
4. ANNUAL APPROVAL
1. ELECTRONIC SECURITY PERIMETER
2. ELECTRONIC ACCESS CONTROLS
3. MONITORING ELECTRONIC ACCESS
4. CYBER VULNER-ABILITY ASSESSMENT
5. DOCUMEN-TATION
1. ELECTRONIC SECURITY PERIMETER
2. ELECTRONIC ACCESS CONTROLS
3. MONITORING ELECTRONIC ACCESS
4. CYBER VULNER-ABILITY ASSESSMENT
5. DOCUMEN-TATION
1. AWARENESS2. TRAINING3. PERSONNEL
RISK ASSESSMENT
4. ACCESS
1. AWARENESS2. TRAINING3. PERSONNEL
RISK ASSESSMENT
4. ACCESS
1. CYBER SECURITY POLICY
2. LEADERSHIP3. EXCEPTIONS4. INFORMATION
PROTECTION5. ACCESS
CONTROL6. CHANGE
CONTROL
1. CYBER SECURITY POLICY
2. LEADERSHIP3. EXCEPTIONS4. INFORMATION
PROTECTION5. ACCESS
CONTROL6. CHANGE
CONTROL
Eight Standards / 41 High-Level RequirementsEight Standards / 41 High-Level Requirements
CRITICAL CYBER ASSETS
CRITICAL CYBER ASSETS
SECURITY MANAGEMENT
CONTROLS
SECURITY MANAGEMENT
CONTROLSPERSONNEL
AND TRAINING
PERSONNEL AND TRAINING ELECTRONIC
SECURITY
ELECTRONIC SECURITY PHYSICAL
SECURITY
PHYSICAL SECURITY
SYSTEMS SECURITY
MANAGEMENT
SYSTEMS SECURITY
MANAGEMENT
INCIDENT REPORTING &
RESPONSE PLANNING
INCIDENT REPORTING &
RESPONSE PLANNING
RECOVERY PLANS FOR
CCA
RECOVERY PLANS FOR
CCA
CIP-002 CIP-003 CIP-004 CIP-005 CIP-006 CIP-007 CIP-008 CIP-009
1. PLAN2. PHYSICAL
ACCESS CONTROLS
3. MONITORING PHYSICAL ACCESS
4. LOGGING PHYSICAL ACCESS
5. ACCESS LOG RETENTION
6. MAINTE-NANCE & TESTING
1. PLAN2. PHYSICAL
ACCESS CONTROLS
3. MONITORING PHYSICAL ACCESS
4. LOGGING PHYSICAL ACCESS
5. ACCESS LOG RETENTION
6. MAINTE-NANCE & TESTING
1. TEST PROCEDURES
2. PORTS & SERVICES
3. SECURITY PATCH MANAGEMENT
4. MALICIOUS SOFTWARE PREVENTION
5. ACCOUNT MANAGEMENT
6. SECURITY STATUS MONITORING
7. DISPOSAL OR REDEPLOY-MENT
8. CYBER VULNERABILITY ASSESSMENT
9. DOCUMEN-TATION
1. TEST PROCEDURES
2. PORTS & SERVICES
3. SECURITY PATCH MANAGEMENT
4. MALICIOUS SOFTWARE PREVENTION
5. ACCOUNT MANAGEMENT
6. SECURITY STATUS MONITORING
7. DISPOSAL OR REDEPLOY-MENT
8. CYBER VULNERABILITY ASSESSMENT
9. DOCUMEN-TATION
1. CYBER SECURITY INCIDENT RESPONSE PLAN
2. DOCUMEN-TATION
1. CYBER SECURITY INCIDENT RESPONSE PLAN
2. DOCUMEN-TATION
1. RECOVERY PLANS
2. EXERCISES3. CHANGE
CONTROL4. BACKUP &
RESTORE5. TESTING
BACKUP MEDIA
1. RECOVERY PLANS
2. EXERCISES3. CHANGE
CONTROL4. BACKUP &
RESTORE5. TESTING
BACKUP MEDIA
1. CRITICAL ASSETS
2. CRITICAL CYBER ASSETS
3. ANNUAL REVIEW
4. ANNUAL APPROVAL
1. CRITICAL ASSETS
2. CRITICAL CYBER ASSETS
3. ANNUAL REVIEW
4. ANNUAL APPROVAL
1. ELECTRONIC SECURITY PERIMETER
2. ELECTRONIC ACCESS CONTROLS
3. MONITORING ELECTRONIC ACCESS
4. CYBER VULNER-ABILITY ASSESSMENT
5. DOCUMEN-TATION
1. ELECTRONIC SECURITY PERIMETER
2. ELECTRONIC ACCESS CONTROLS
3. MONITORING ELECTRONIC ACCESS
4. CYBER VULNER-ABILITY ASSESSMENT
5. DOCUMEN-TATION
1. AWARENESS2. TRAINING3. PERSONNEL
RISK ASSESSMENT
4. ACCESS
1. AWARENESS2. TRAINING3. PERSONNEL
RISK ASSESSMENT
4. ACCESS
1. CYBER SECURITY POLICY
2. LEADERSHIP3. EXCEPTIONS4. INFORMATION
PROTECTION5. ACCESS
CONTROL6. CHANGE
CONTROL
1. CYBER SECURITY POLICY
2. LEADERSHIP3. EXCEPTIONS4. INFORMATION
PROTECTION5. ACCESS
CONTROL6. CHANGE
CONTROL
Some NERC Requirements
Cyber SecuritySetting Process Control and traceability
Management of Triggers for setting changeSite Feedback
Password Management for Protection RelaysControlled Management of the Protection parameters and not only files for digital relaysData Consistency CheckNERC Standard Report on network faults and Protection misoperationsControlling fulfilment of the Standard on “Loadability”
Cyber Security related to protection
Protective Relays are essential assets for reliable operation of the power gridManagement and controls of the relay settings need to minimize cyber attacks (Cyber Attacks can be internal or external)Additionally control of physical access standards is required:
Company Cyber Security policyStrong password managementSetting change control managementRelay change controlPersonnel awareness and training
Current Detected Problems
Inconstent Data Management of Digital Protection RelaysSeparate independent management of relay inventory, relay settings, and relay testingInconsistent Management of Relay settings:
Only variable parameter management (“Important parameters”)Inconsistant management of relay setting filesIneffective parameter (setting) change management
Inadequate password managementWho has access?Change management
Inadequate Setting consistency check from start to the end of the processMissing parameter controlling functionality
What is necessary for NERC-CIPC setting management compatibility
Dedicated IT database System with User Rights Management Defined, documented, and IT-supported setting workflow processIntroduction of the Setting Request Identifiers (Identification)Introduction of the Variable and Fixed Setting ParametersSetting Change tracking with Tracking of the parameter value originPassword managementRelay Misoperation managementRelay Failure ManagementIntroduction of the reference setting within setting databaseConsistency check from start (setting change trigger) until site as-built setting (In service)
Trigger for Setting Change
Primary plant changesAsset ReplacementLine Re-conductoringNew ConnectionsNeighboring UtilityExternally-Mandated Line Re-conductoring ChangesTemporary System ChangesMal-operationsRelay FailureChanges to communicationsManufacturer recommendation or AlertSetting ReviewsChange of reliability requirementsSecondary systems changesOthers…
Setting Creation & Management
Setting Calculation (CAPE, Manual, etc…)Used Relay Settings Formats (Output):
Excel Files, Word, Paper, Private DBRelay Files (Manufacturer Binary Formats)CAPE Formats
Setting Data ManagementIn setting software as projectsIn a File Structure: as exported Relay File (Manufacturer Format)In Setting Management System (Database)In calculation software, e.g. CAPE, In Dedicated Setting DB (e.g. IPS-RELEX, EPIS, etc…)
Setting Comissioning
Site Setting ImplementationSite Setting Confirmation
Setting ComparisonSite Setting Testing
DobleOMICRONMeggerEtc…
NERC-CIPC-Compliant Setting Process Data Model
SCN 1 – System Change NotificationGSR 1 – Global Setting Request
RSR 1 – Relay Setting RequestRSR 2...RSR n
...GSR n
Data Exchange IPS-CAPE Bridge™
© 2009 IPS GmbH 22
Import and Export Data from CAPE via IPS-CAPE Bridge™
Management of the mapping between CAPE Styles and IPS Relay Models
Protection Data Setting and Testing Management
Professional (Advanced) Protection Setting Management
Setting Workflow Management
Power System Fault Management including Relays Operation Analyses
Bidirectional Interface CAPE & IPS-RELEX™
IPS-CAPE Bridge™
Conclusions
Necessary Advanced IT Database Support (Process Workflow Management)Advanced Protection Data ModelsData Exchange (Advanced Interfaces) between:
calculation software (CAPE)Relay and Setting Management DatabaseTest Device Software
Mobile System with setting data comparison on siteCyber Security
Log in controlUser rights controlPassword management