html5-img
1 / 23

CRITICAL INFRASTRUCTURE PROTECTION

CRITICAL INFRASTRUCTURE PROTECTION. CRITICAL INFRASTRUCTURE PROTECTION. NERC 1200 CIP 002 - 009. NERC 1200 CIP 002 - 009. Shared rights and responsibilities for transmission planning and operations, transmission service Payments in kind Loose coordination agreements

ziazan
Télécharger la présentation

CRITICAL INFRASTRUCTURE PROTECTION

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CRITICAL INFRASTRUCTURE PROTECTION CRITICAL INFRASTRUCTURE PROTECTION NERC 1200 CIP 002 - 009 NERC 1200 CIP 002 - 009 gcpud

  2. Shared rights and responsibilities for transmission planning and operations, transmission service Payments in kind Loose coordination agreements No third-party transmission access Costs of service allocated broadly Federal and state rate regulation North American Electric Reliability Council (NERC) sets voluntary operating policies Membership comprised of eight regional reliability councils Regional councils set broad range of requirements to implement operating policies Once Upon a Time Once Upon a Time gcpud

  3. Following 1979-81 severe economic dislocations, broad-based initiatives to bring market discipline to business sectors Intense debates produced Energy Policy Act of 1992 Authorizes FERC to set rules for third-party access to high-voltage transmission to make sales for resale Order 888 that eventually lead to Order 2003 standards for generation interconnection. Things Changed Things Changed gcpud

  4. “…over the ERO,…any regional entities, and all users, owners, and operators of the bulk-power system,…” and any entities included in the ERO rules. “…for purposes of approving standards …and enforcing compliance.” “Bulk power system” “…facilities and control systems necessary for operating an interconnected electric energy transmission network, and electric energy from generation…needed to maintain reliability,…” excluding local distribution facilities. FERC Jurisdiction FERC Jurisdiction gcpud

  5. Natural evolution to seek clarification of roles, rights, and responsibilities for physical system planning and operations 1998 Call begins for federal legislation requiring creation of organization to set and enforce mandatory standards 2005 Energy Policy Act of 2005 (EPAct) creates Section 215 of the Federal Power Act Expands FERC regulatory authority to reliability Defines Electric Reliability Organization (ERO) E R O E R O gcpud

  6. Assigns ownership of the issue of bulk power system reliability to FERC in the US Applies to all users, owners, and operators of the bulk power system Create an Electric Reliability Organization NERC named ERO in July 2006 Creates reliability standards Sets reliability standards for bulk power system Monitors & enforces compliance with standards Energy Policy Act of 2005 gcpud

  7. NERC REGIONS gcpud

  8. RO - Reliability Coordinator TO -Transmission Owner GO - Generation Owner LSE - Load Serving Entity BA -Balancing Authority TSP -Transmission Service Provider TO -Transmission Operator GO - Generation Operator RRO - Regional Reliability Organization Who Does What? Who Does What? gcpud

  9. NPCC SERC ERCOT RFC FRCC WECC MRO SPP RC BA TO TOP TSP GO GOP LSE RRO NERC Implementation Schedule Table 3 Implementation Schedule Table 4 Implementation Schedule Table 1 Implementation Schedule Table 2 Begin Work Substantially Compliant Compliant Auditably Compliant CIP002 - Critical Cyber Asset Identification Automatic Load Shed (300 MW) Special Protection Systems Other Generation System Restoration (Blackstart) Transmission Substations Control Centers CIP003 CIP004 CIP005 CIP006 CIP007 CIP008 CIP009 Controls and Documentation The Big Picture The Big Picture gcpud

  10. Applies to these bulk power system entities: IOUs Coops Federal Municipals State agencies Others Within the entities Operations Substations IT Generating Plants Scope of CIP 002-009 gcpud

  11. CIP002: Critical Cyber Asset Identification CIP003: Security Management Controls CIP004: Personnel and Training CIP005: Electronic Security Perimeter(s) CIP006: Physical Security CIP007: Systems Security Management CIP008: Incident Reporting and Response Planning CIP009: Recovery Plans for Critical Cyber Assets Cyber Security Standards Cyber Security Standards gcpud

  12. BULK ELECTRIC SYSTEM As defined by the Regional Reliability Organization, the electrical generation resources, transmission lines, interconnections with neighboring systems, and associated equipment, generally operated at voltages of 100 kV or higher. Radial transmission facilities serving only load with one transmission source are generally not included. gcpud

  13. CIP 002Critical Cyber Asset Identification 1 Bulk Electric Assets Filtering Identifying Critical Assets Critical Electric Assets Output list of CCAs gcpud

  14. If the asset were to be compromised or removed from service, what would be the impact, either direct or indirect to transmission grid reliability or operatability.’ Risk Basis gcpud

  15. A four (4) step process. Task 1: Assemble team of SMEs (Subject Mater Experts) to list electric assets by both physical and calculated means using power flow models and system simulations. Task 2: Eliminate non critical assets and list in ‘Null List’; remaining are Critical Electrical Assets. Task 3: Select Cyber Assets supporting Critical Electric Assets. Task 4: Determine Critical Cyber Assets. Methodology gcpud

  16. CIP 002Critical Cyber Asset Identification 2 Critical Electric Assets CRITICAL CYBER ASSETS Filtering Essential to operation of critical asset and meets CIP002-R3 Cyber Assets gcpud

  17. Critical cyber assets are assets that meet at least one of the following requirements: the cyber asset uses a routable protocol to communicate outside the electronic security perimeter; or, the cyber asset uses a routable protocol within a control center; or, the cyber asset is dial-up accessible. Cyber Asset Definiation gcpud

  18. RAM - T RAM-DSM was the first RAM developed at Sandia for critical infrastructures. Bonneville Power Administration commissioned Sandia National Laboratories to develop the Risk Assessment Methodology for Transmissions (RAM-TSM) based on RAM-DSM. RAM-TSM is a way to analyze the current security risks and systematically characterize and assess the security requirements of the nation's electrical transmission system facilities to deter, prevent, and mitigate malevolent attacks. The methodology and training has been made available to owners, operators, managers, and others responsible for transmitting electrical power. gcpud

  19. Attend one of the NERC regional workshops on cyber security standards ftp://www.nerc.com/pub/sys/all_updl/cip/CSS_Workshop_Announcement.pdf Get involved in NERC standards process Registered Ballot Body Standards drafting teams Comment of proposed standards Get involved in your regions standards process Find out about compliance assurance within your organization Some companies building formal internal compliance programs What to do next? gcpud

  20. How to make an Asset Inventory Set up Change Management Physical and Electronic Access Control and Monitoring Governance Incident Response Documentation, Classification & Control Network Management Personnel Risk Assessment Physical Security Recovery Operations Systems Management Testing procedures Employee Training Performing Vulnerability Assessments Prepare for a Compliance Audit. NERC WORKSHOP gcpud

  21. 1-1/2 days Help entity identify steps needed to determine if it has critical assets and critical cyber assets under CIP standards. To be held in 9 remaining cities through January 2007 For information and registration go to: NERC CIP Workshops ftp://www.nerc.com/pub/sys/all_updl/cip/CSS_Workshop_Announcement.pdf gcpud

  22. Marty Sidor – NERC Director of Education Mark Kuras – NERC – Standards Education Team Dave Dworzak – Edison Electric Institute Acknowledgements gcpud

  23. gcpud

More Related