1 / 19

BS Information Systems – University of Redlands AS Electronic Technology

Michael Espinoza. BS Information Systems – University of Redlands AS Electronic Technology Project Management Certification Program- UCSD. 22 Years SDG&E, Sr EMS Hardware Analyst EMS Hardware Supervisor Infra Project Technical Lead. Agenda. Purpose NERC CIP Standards Standards

chiquita-lane
Télécharger la présentation

BS Information Systems – University of Redlands AS Electronic Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Michael Espinoza • BS Information Systems – University of Redlands • AS Electronic Technology • Project Management Certification Program- UCSD • 22 Years SDG&E, • Sr EMS Hardware Analyst • EMS Hardware Supervisor • Infra Project Technical Lead

  2. Agenda • Purpose • NERC CIP Standards • Standards • Goals/Challenges • Establishing Project Direction • Project Roadmap • Communication is Essential • Feedback • Disclaimer – This presentation represents my own personal interpretation.

  3. Purpose of CIP Cyber Security Standards • Ensure that all entities responsible for the reliability of the Bulk Electric Systems in North America identify and protect Critical Cyber Assets that control or could impact the reliability of the Bulk Electric Systems.

  4. North American Electric SystemsOverview • NERC is made up of eight regions that oversee the reliability and operation of the Bulk Electric System. • >All Electric Generation and Transmission agencies report to one of these regions. • SDG&E reports to the WECC, Western Area reporting agency, • >All regions must comply with NERC CIP 002-009 Standards.

  5. NERC CYBER SECURITY NERC CIP 8 Standards CIP-002 Critical Cyber Asset Identification CIP-004 Personnel & Training CIP-006 Physical Security Of Critical Cyber Assets CIP-008 Incident Reporting And Response Planning CIP-003 Security Management Controls CIP-005 Electronic Security Perimeters CIP-007 Systems Security Management CIP-009 Recovery Plans For Critical Cyber Assets

  6. 41 Requirements

  7. Audit Preparation - Compliance Levels • Compliant (C) - means the entity meets the full intent of the requirements and is beginning to maintain required “data,” “documents,” “documentation,” “logs,” and “records” • Auditably Compliant (AC) - means the entity meets the full intent of the requirement and can demonstrate compliance to an auditor, including 12-calendar-months of auditable “data,” “documents,” “documentation,” “logs,” and “records” 2009 2010

  8. Penalty Matrix* FERC statutory limit: $1,000,000,000 per day, per violation Other limits may apply in Canada *Matrix undergoing revision

  9. GOAL • Comply with new NERC CIP002-009 Cyber Security Standards in advance of the required deadlines • Obstacles Not Withstanding: • - Significant effort is required • - Additional funding and / or personnel • may be needed

  10. CIP Standards Applicability to the following Functions • Generation Owner • Generator Operator • Transmission Owner • Transmission Operator • Load Serving Entity

  11. STANDARD Grid Operations Information Technology Corporate Security Human Resources Regulatory a a CIP-001 CIP-002 CIP-003 CIP-004 CIP-005 CIP-006 CIP-007 CIP-008 CIP-009 a a a a a a a a a a a a a a a a a

  12. “The Challenge” Organizational Links Project Links Internal Auditing Facilities *The key for success -> Ensure all Organizations have the same goal. Regulatory NERC & FERC Electric Ops IT WECC Corp Security HR

  13. Acquire Project Teams Inputs Tools & Techniques Outputs 1.Enterprise Environmental factors 2.Organizational Process Assets 3.Roles and Responsibilities 4.Project organization Charts 5.Staffing Mgmnt plan 1.Pre-assignment 2.Negotiation 3.Acquisition 4.Virtual Teams 1.Project staff assignments 2.Resource availability 3.Staffing Management plan (updates) (PMBOK Guide)

  14. NERC CIPPROJECT PYRAMID 2. Mgmt Approvals

  15. CONCEPT PROCESS EXAMPLE Populate master CCA access list from existing worksheets Grid Operations, Human Resources, Corporate Security, IT

  16. Establishing Project Direction • Develop a master project plan • Assign qualified members to each internal NERC team • Use standardized templates for documentation • Run an ongoing gap analysis to identify redundant and missed processes

  17. CommunicationsUpdates/Feedback Communications • Executive Updates - Monthly • CEO/VP • Directors • Managers • Team Feedback • Monitor Teams for resource requirements • Establish monthly goals for Levels of Compliance • Review Team suggestions • Utilize Tools/Resources • Consultants, wicf · Western Interconnection Compliance Forum, Common Data site (SharePoint), Ticklers Communications

  18. Review • Purpose • NERC CIP Standards • Standards • Goals/Challenges • Establishing Project Direction • Project Roadmap • Communication is Essential • Feedback

  19. Feedback

More Related