nerc physical security standard cip-014-1

Click here to load reader

Post on 30-Dec-2015

278 views

Category:

Documents

1 download

Embed Size (px)

DESCRIPTION

NERC Physical Security Standard CIP-014-1. Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014. Agenda. Project Overview Drafting Team members Standard Highlights Implementation Plan Timeline. Project Overview. - PowerPoint PPT Presentation

TRANSCRIPT

Security Challenges facing the Power Generation Industry

NERC Physical SecurityStandard CIP-014-1

Allan Wick, CFE, CPP, PSP, PCI, CBCPChief Security OfficerWECC Joint Meeting October 8, 2014#VP Western Division of G4S Secure Solutions regional conference1AgendaProject OverviewDrafting Team membersStandard HighlightsImplementation PlanTimeline

#VP Western Division of G4S Secure Solutions regional conferenceProject OverviewThe FERC directed NERC to submit proposed physical security reliability standards to the Commission within 90 days of the date of the March 7, 2014 order.Only a relatively small number of Transmission Owners and Transmission Operators will need to comply with the entire Standard (25).Includes confidentiality requirements.Three step process.

#VP Western Division of G4S Secure Solutions regional conferenceStandard HighlightsBackgroundThe Reliability Standard addresses the directives from the FERC order issued March 7, 2014, Reliability Standards for Physical Security Measures, 146 FERC 61,166 (2014), which required NERC to develop a physical security reliability standard(s) to identify and protect facilities that if rendered inoperable or damaged could result in widespread instability, uncontrolled separation, or Cascading within an Interconnection.Drafted as Critical Infrastructure Protection (CIP) family of standards.

#VP Western Division of G4S Secure Solutions regional conferenceStandard HighlightsRequirements R1-R3Perform risk assessments to identify Transmission stations and Transmission substations that meet the medium impact criteria from CIP-002-5.1, and their associated primary control centers, thenArrange for a third party verification of the identifications; andNotify Transmission Operators of identified primary control centers that operationally control the verified Transmission stations and Transmission substations.The requirements provide the periodicity for satisfying these obligations. Only an entity that owns or operates one or more of the identified facilities has further obligations in Requirements R4 through R6. If an entity identifies a null set after applying Requirements R1 through R2, the rest of the standard does not apply.Transmission Owner shall implement procedures, such as the use of non-disclosure agreements, for protecting sensitive or confidential information made available to the unaffiliated third party verifier and to protect or exempt sensitive or confidential information developed pursuant to this Reliability Standard from public disclosure.

#VP Western Division of G4S Secure Solutions regional conferenceStandard HighlightsRequirements R4-R6The evaluation of potential threats and vulnerabilities of a physical attack to the facilities identified and verified according to the earlier requirements, The development and implementation of a security plan(s) designed in response to the evaluation, andA third party review of the evaluation and security plan(s).Transmission Owner shall implement procedures, such as the use of non-disclosure agreements, for protecting sensitive or confidential information made available to the unaffiliated third party verifier and to protect or exempt sensitive or confidential information developed pursuant to this Reliability Standard from public disclosure.#VP Western Division of G4S Secure Solutions regional conferenceKey DatesFinal Ballot Closed May 5 Passed 85%NERC BOT Adopted May 13, 2014FERC BOD Proposed Approved July 17, 2014Two directives, FERC add/delete & instability vs. widespread instability45 day comment period, September 8, 2014Effective the first day of the first calendar quarter that is six months beyond the date that the standard is approved by applicable regulatory authorities, . #VP Western Division of G4S Secure Solutions regional conferenceImplementation Plan

#VP Western Division of G4S Secure Solutions regional conferenceImplementation PlanThe initial performance of CIP0141, Requirements R2 through R6, must be completed according to the timelines specified in those requirements after the effective date of the proposed Reliability Standard, as follows:Requirement R2 shall be completed as follows:Parts 2.1, 2.2, and 2.4 shall be completed within 90 calendar days of the effective date of the proposed Reliability Standard.Part 2.3 shall be completed within 60 calendar days of the completion of performance under Requirement R2 part 2.2.#VP Western Division of G4S Secure Solutions regional conferenceImplementation PlanRequirement R3 shall be completed within 7 calendar days of completion of performance under Requirement R2.Requirements R4 and R5 shall be completed within 120 calendar days of completion of performance under Requirement R2.Requirement R6 shall be completed as follows:Parts 6.1, 6.2, and 6.4 shall be completed within 90 calendar days of completion of performance under Requirement R5.Part 6.3 shall be completed within 60 calendar days of Requirement R6 part 6.

#VP Western Division of G4S Secure Solutions regional conferenceTimeline

#VP Western Division of G4S Secure Solutions regional conference#VP Western Division of G4S Secure Solutions regional conference12

View more