critical i nfrastructure protection ci p version 5
play

Critical I nfrastructure Protection (CI P) Version 5 Revisions - PowerPoint PPT Presentation

Nov 30, 2023 •213 likes •579 views

Critical I nfrastructure Protection (CI P) Version 5 Revisions Standard Drafting Team Update Industry Webinar September 19, 2014 Administrative I tems NERC Antitrust Guidelines It is NERCs policy and practice to obey the antitrust

  1. Critical I nfrastructure Protection (CI P) Version 5 Revisions Standard Drafting Team Update Industry Webinar September 19, 2014

  2. Administrative I tems • NERC Antitrust Guidelines  It is NERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that unreasonably restrains competition. • Notice of Open Meeting  Participants are reminded that this webinar is public. The access number was widely distributed. Speakers on the call should keep in mind that the listening audience may include members of the press and representatives of various governmental authorities, in addition to the expected participation by industry stakeholders. 2 RELI ABI LI TY | ACCOUNTABI LI TY

  3. FERC Order 791 Highlights • Directed changes to four main areas:  Identify, Assess, and Correct (IAC) – Filing deadline Feb. 3, 2015 o Remove or modify the IAC language, retain the substantive provisions, and clarify the obligations for compliance  Communication Networks – Filing deadline Feb. 3, 2015 o Define communication networks and create new or modified Reliability Standards to protect the nonprogrammable components of communication networks (e.g. cables and wires)  Low Impact Assets – No filing deadline o Add objective criteria from which to judge the sufficiency of controls  Transient Devices – No filing deadline o Develop new or modified Reliability Standards for transient devices (e.g. thumb drives and laptops) 3 RELI ABI LI TY | ACCOUNTABI LI TY

  4. Discussion Topics • Development Steps • CIP-003-6 Revisions  Attachments 1 and 2  Two New Definitions • CIP-010-2 Revisions  Attachments 1 and 2  Revised Definitions • -X Posting • Implementation Plan 4 RELI ABI LI TY | ACCOUNTABI LI TY

  5. Development Steps • Initial comment period and Weighted ballot ended July 16, 2014 Directive Area Standard Segment Vote CIP-006-6 76.20% • Standard drafting team (SDT) Communication Networks received over 200 pages of CIP-007-6 78.35% comments Identify, Assess, Correct CIP-009-6 85.29% • SDT met July 29-31, 2014 and August 19-21, 2014 to revise the standards based on Lows Impact Assets CIP-003-6 35.72% stakeholder comments • Latest revisions and CIP-004-6 80.71% consideration of comments CIP-010-2 49.48% posted for additional comment Transient Devices CIP-011-2 82.51% and ballot period Sept 3-Oct Definitions 78.52% 17, 2014 5 RELI ABI LI TY | ACCOUNTABI LI TY

  6. CI P-003-6 Comment Themes • Define external routable protocol path • Security awareness timeframes • More guidance • Inventory implications • Requirement placement 6 RELI ABI LI TY | ACCOUNTABI LI TY

  7. CI P-003-6, Requirement R1 • Requirement R1 addresses policies for all impact levels • Part 1.1 includes high and medium 7 RELI ABI LI TY | ACCOUNTABI LI TY

  8. CI P-003-6, Requirement R1 ( c ( con ont inued) • Requirement R1, Part 1.2 now includes lows topics in policies 8 RELI ABI LI TY | ACCOUNTABI LI TY

  9. CI P-003-6, Requirement R2 ( c ( con ont inued) • Attachment 1 – Required Elements for Cyber Security Plan(s) for Assets Containing Low Impact BES Cyber Systems • Attachment 2 – Examples of Evidence for Cyber Security Plan(s) for Assets Containing Low Impact BES Cyber Systems 9 RELI ABI LI TY | ACCOUNTABI LI TY

  10. CI P-003-6 Attachments, Element 1 • Cyber Security Awareness 10 RELI ABI LI TY | ACCOUNTABI LI TY

  11. CI P-003-6 New Definitions • Low Impact BES Cyber System Electronic Access Point (LEAP)  A Cyber Asset interface that allows Low Impact External Routable Connectivity. The Cyber Asset may reside at a location external to the asset or assets containing low impact BES Cyber Systems. The Low Impact BES Cyber System Electronic Access Point is not an Electronic Access Control or Monitoring System. • Low Impact External Routable Connectivity (LERC)  Bi-directional routable communications between low impact BES Cyber System(s) and Cyber Assets outside the asset containing those low impact BES Cyber System(s). Communication protocols created for Intelligent Electronic Device (IED) to IED communication for protection and/or control functions from assets containing low impact BES Cyber Systems are excluded (examples of this communication include, but are not limited to, IEC 61850 GOOSE or vendor proprietary protocols). 11 RELI ABI LI TY | ACCOUNTABI LI TY

  12. CI P-003-6 Attachments, Element 2 • Physical Access Controls 12 RELI ABI LI TY | ACCOUNTABI LI TY

  13. CI P-003-6 Attachments, Element 3 • Electronic Access Controls 13 RELI ABI LI TY | ACCOUNTABI LI TY

  14. Use Case 1 14 RELI ABI LI TY | ACCOUNTABI LI TY

  15. Use Case 2 15 RELI ABI LI TY | ACCOUNTABI LI TY

  16. CI P-003-6 Attachments, Element 4 • Cyber Security Incident Response 16 RELI ABI LI TY | ACCOUNTABI LI TY

  17. CI P-003-6 Attachments, Element 4 ( c ( con ont inued) • Cyber Security Incident Response 17 RELI ABI LI TY | ACCOUNTABI LI TY

  18. CI P-003-6 I mplementation Plan • Registered Entities shall not be required to comply with Reliability Standard CIP-003-6, Attachment 1, element 1 until the later of April 1, 2017 or nine calendar months after the effective date of Reliability Standard CIP-003-6. • Registered Entities shall not be required to comply with Reliability Standard CIP-003-6, Attachment 1, element 2 until the later of April 1, 2018 or nine calendar months after the effective date of Reliability Standard CIP-003-6. 18 RELI ABI LI TY | ACCOUNTABI LI TY

  19. CI P-003-6 I mplementation Plan • Registered Entities shall not be required to comply with Reliability Standard CIP-003-6, Attachment 1, element 3 until the later of September 1, 2018 or nine calendar months after the effective date of Reliability Standard CIP-003-6. • Registered Entities shall not be required to comply with Reliability Standard CIP-003-6, Attachment 1, element 4 until the later of April 1, 2017 or nine calendar months after the effective date of Reliability Standard CIP-003-6. 19 RELI ABI LI TY | ACCOUNTABI LI TY

  20. CI P-003-6 I mplementation Plan Standard/Req. Revision Compliance Date CIP-003-6 1-Apr-16 CIP-003-6, R1, P1.2 Policy 1-Apr-17 CIP-003-6, R2 Plan 1-Apr-17 CIP-003-6, A1, E1 Sec Awareness 1-Apr-17 CIP-003-6, A1, E2 Phys Access 1-Apr-18 CIP-003-6, A1, E3 Elec. Access 1-Sep-18 CIP-003-6, A1, E4 Incident Resp 1-Apr-17 20 RELI ABI LI TY | ACCOUNTABI LI TY

  21. CI P-010-2 Comment Themes • Authorization • Inspection • Vendor-managed devices • “Prior to use” • More guidance 21 RELI ABI LI TY | ACCOUNTABI LI TY

  22. CI P-010-2 Revised Definitions • BES Cyber Asset (BCA): A Cyber Asset that if rendered unavailable, degraded, or misused would, within 15 minutes of its required operation, misoperation, or non-operation, adversely impact one or more Facilities, systems, or equipment, which, if destroyed, degraded, or otherwise rendered unavailable when needed, would affect the reliable operation of the Bulk Electric System. Redundancy of affected Facilities, systems, and equipment shall not be considered when determining adverse impact. Each BES Cyber Asset is included in one or more BES Cyber Systems. A Transient Cyber Asset is not a BES Cyber Asset. 22 RELI ABI LI TY | ACCOUNTABI LI TY

  23. CI P-010-2 Revised Definitions ( c ( con ont inued) • Protected Cyber Assets (PCA): One or more Cyber Assets connected using a routable protocol within or on an Electronic Security Perimeter that is not part of the highest impact BES Cyber System within the same Electronic Security Perimeter. The impact rating of Protected Cyber Assets is equal to the highest rated BES Cyber System in the same ESP. A Transient Cyber Asset is not a Protected Cyber Asset. 23 RELI ABI LI TY | ACCOUNTABI LI TY

  24. CI P-010-2 Revised Definitions ( c ( con ont inued) • Removable Media: Portable mediaMedia, directly connected for 30 consecutive calendar days or less, capable of transmitting executable code to: (1) a BES Cyber Asset, (2) a network within an ESP, or (3) a Protected Cyber Asset that can be used to store, copy, move, and/or access data. Removable Media are not Cyber Assets. Examples include, but are not limited to, floppy disks, compact disks, USB flash drives, external hard drives, and other flash memory cards/drives that contain nonvolatile memory. A Cyber Asset is not Removable Media. 24 RELI ABI LI TY | ACCOUNTABI LI TY

  25. CI P-010-2 Revised Definitions ( c ( con ont inued) • Transient Cyber Asset: A Cyber Asset, (e.g., using Ethernet, serial, Universal Serial Bus, and wireless including near field and Bluetooth communication) directly connected for 30 consecutive calendar days or less, capable of transmitting executable code to: (1) a BES Cyber Asset, (2) a network within an ESP, or (3) a Protected Cyber Asset. Examples include, but are not limited to, Cyber Assets used for data transfer, vulnerability assessment, maintenance, or troubleshooting purposes. 25 RELI ABI LI TY | ACCOUNTABI LI TY

Recommend

Critical I nfrastructure Protection (CI P) Version 5 Revisions Standard Drafting Team Update

Critical I nfrastructure Protection (CI P) Version 5 Revisions Standard Drafting Team Update

Critical I nfrastructure Protection (CI P) Version 5 Revisions Standard Drafting Team Update Industry Webinar December 11, 2014 Administrative I tems NERC Antitrust Guidelines It is NERCs policy and practice to obey the antitrust

381 views • 22 slides
Critical I nfrastructure Needs Governors Transportation 2020 Citizen Advisory Commission June

Critical I nfrastructure Needs Governors Transportation 2020 Citizen Advisory Commission June

Critical I nfrastructure Needs Governors Transportation 2020 Citizen Advisory Commission June 27, 2011 Stuart Anderson Iowa Department of Transportation I ow as Public Roadw ay System 2 60 percent to DOT: For use on access- Iowa

183 views • 14 slides
GE Critical Power Critical Power Distribution Products for the Datacenter UL Listed Version GE

GE Critical Power Critical Power Distribution Products for the Datacenter UL Listed Version GE

GE Critical Power Critical Power Distribution Products for the Datacenter UL Listed Version GE Series MDU, Monitored Distribution Unit Series MDU Model MDU-CL, Classic Design ELECTRICAL SPECS KVA: 50, 75, 100, 125, 150, 200, 225, 300

457 views • 10 slides
Critical Information Infrastructure Protection (CIIP) National Knowledge Network (NKN) Annual

Critical Information Infrastructure Protection (CIIP) National Knowledge Network (NKN) Annual

Critical Information Infrastructure Protection (CIIP) National Knowledge Network (NKN) Annual workshop 17 - 19 Oct 2013, IISc, Bangalore Presentation Outline Government Cyber Security Architecture CII Overview & Definitions Critical

517 views • 20 slides
ICITI ICITI I t I ntegrated C ommunication & t d C i ti & IT I nfrastructure for the

ICITI ICITI I t I ntegrated C ommunication & t d C i ti & IT I nfrastructure for the

ICITI ICITI I t I ntegrated C ommunication & t d C i ti & IT I nfrastructure for the Socio-Economic IT I nfrastructure for the Socio Economic Development of Auroville Bioregion C Capt JV Avadhanulu VSM Indian Navy (Retd.) t JV A dh

722 views • 34 slides
I nfrastructure I nvestm ent and Econom ic Grow th (September 19 Session) Professor Karen R.

I nfrastructure I nvestm ent and Econom ic Grow th (September 19 Session) Professor Karen R.

11.165/11.477 Infrastructure and Energy Technology Challenges I nfrastructure I nvestm ent and Econom ic Grow th (September 19 Session) Professor Karen R. Polenske Multiregional Planning Team, MIT 1 I NFRASTRUCTURE Bundle of Property Rights

260 views • 8 slides
Mathematics (Brief version) Fundamental and critical aspects of this research were completed by

Mathematics (Brief version) Fundamental and critical aspects of this research were completed by

Placement, Performance, and Progress in Basic Skills and Transfer Level Courses in English and Mathematics (Brief version) Fundamental and critical aspects of this research were completed by our two research analysts, Andrew Fuenmayor, in

129 views • 12 slides
Critical Infrastructure Protection and S E N T A I N V U Y High Confidence Adaptive

Critical Infrastructure Protection and S E N T A I N V U Y High Confidence Adaptive

S T A T D E Critical Infrastructure Protection and S E N T A I N V U Y High Confidence Adaptive Software O H F C F R I A C E E S University Research Initiative Program O E F R N L A A V Welcome to the 3 rd

318 views • 14 slides
System I nfrastructure Rehabilitation Follow up Presentation I nformation for the Board of

System I nfrastructure Rehabilitation Follow up Presentation I nformation for the Board of

System I nfrastructure Rehabilitation Follow up Presentation I nformation for the Board of Directors: August 1, 2008 Presented to the Riders Advisory Council September 3, 2008 1 System I nfrastructure Rehabilitation I ssues Provide

470 views • 11 slides
Comprehensive I ntegrated Comprehensive I ntegrated I nfrastructure Program (CI I P) I

Comprehensive I ntegrated Comprehensive I ntegrated I nfrastructure Program (CI I P) I

Comprehensive I ntegrated Comprehensive I ntegrated I nfrastructure Program (CI I P) I nfrastructure Program (CI I P) 2006- -2010 2010 2006 18 August 2006 I nterim Meeting of the Philippines Development Forum Makati Shangri-La Hotel

648 views • 15 slides
PROTECTION FOR CRITICAL INFRASTRUCTURES BY SERGIO BELLARDO Founder of Eurocontrolli 25 years

PROTECTION FOR CRITICAL INFRASTRUCTURES BY SERGIO BELLARDO Founder of Eurocontrolli 25 years

RADAR-BASED PERIMETER PROTECTION FOR CRITICAL INFRASTRUCTURES BY SERGIO BELLARDO Founder of Eurocontrolli 25 years ago A quarter of life spent providing security systems Vast experience in Security , T elecom and Fire Established

706 views • 26 slides
Healthcare Reform The Patient Protection and Affordable Care Act Version 2.0 Imitation or

Healthcare Reform The Patient Protection and Affordable Care Act Version 2.0 Imitation or

Healthcare Reform The Patient Protection and Affordable Care Act Version 2.0 Imitation or Innovation? March 8, 2017 1 CPA for Ernst & Young Nashville, TN MBA Vanderbilt University CFO for Public and Private Healthcare

653 views • 26 slides
Linking Science and Policy: Use of Critical Deposition Loads to Inform Environmental Protection

Linking Science and Policy: Use of Critical Deposition Loads to Inform Environmental Protection

Linking Science and Policy: Use of Critical Deposition Loads to Inform Environmental Protection Strategies Collaborating Scientists: T.J. Sullivan 1 , B.J. Cosby 2 , C.T. Driscoll 3 , T.C. McDonnell 1 , Q. Zhou 3 , D.A. Burns 4 NYSERDA

363 views • 21 slides
Scenario A (version 2) Iurii Bonchuk Radiation Protection Institute Kiev, Ukraine

Scenario A (version 2) Iurii Bonchuk Radiation Protection Institute Kiev, Ukraine

EMRAS II - Reference Methodologies for Controlling Discharges Scenario A (version 2) Iurii Bonchuk Radiation Protection Institute Kiev, Ukraine bonchuk@rpi.kiev.ua 21-23 September 2010, Kyiv, Ukrainian Radiation Protection Institute EMRAS II

721 views • 6 slides
Fonctionnalits de la version 11 Nouveauts de la version 12 Version 11 and version 12 in a

Fonctionnalits de la version 11 Nouveauts de la version 12 Version 11 and version 12 in a

Fonctionnalits de la version 11 Nouveauts de la version 12 Version 11 and version 12 in a nutshell Fracture mechanics Non-linear constitutive laws Linear and non-linear dynamics Numerical methods Architecture, ergonomics, performances

407 views • 36 slides
NERC Critical Infrastructure Protection Committee (CIPC) Highlights John Hochevar, ATC MRO

NERC Critical Infrastructure Protection Committee (CIPC) Highlights John Hochevar, ATC MRO

NERC Critical Infrastructure Protection Committee (CIPC) Highlights John Hochevar, ATC MRO Board of Directors Meeting October 4, 2018 NERC CIPC MRO Representatives Encompass Four Industry Sectors and Cyber, Physical, and Operations Security

816 views • 5 slides
Critical Infrastructure Protection and Suspicious Activity Reporting Texas Department of Public

Critical Infrastructure Protection and Suspicious Activity Reporting Texas Department of Public

Critical Infrastructure Protection and Suspicious Activity Reporting Texas Department of Public Safety Intelligence & Counterterrorism Division GOAL: Prevent terrorist attacks in Texas and prevent criminal enterprises from operating

421 views • 27 slides
THE IMPORTANCE OF BUSINESS PROTECTION THE IMPORTANCE OF BUSINESS PROTECTION TODAYS LEARNING

THE IMPORTANCE OF BUSINESS PROTECTION THE IMPORTANCE OF BUSINESS PROTECTION TODAYS LEARNING

THE IMPORTANCE OF BUSINESS PROTECTION THE IMPORTANCE OF BUSINESS PROTECTION TODAYS LEARNING OUTCOMES How to keep control of a business should a partner or shareholder suffer a critical illness or die. How to protect a business

380 views • 18 slides
2018 Update to Critical Areas Protection Ordinance Planning Commission Introductory Workshop

2018 Update to Critical Areas Protection Ordinance Planning Commission Introductory Workshop

2018 Update to Critical Areas Protection Ordinance Planning Commission Introductory Workshop December 7, 2017 Tonights Purpose Review regulatory requirement to update Highlights of proposed 2018 draft Goals for this update cycle

409 views • 11 slides
Will Help End this National Nightmare Empowering communities to do what Washington and the private

Will Help End this National Nightmare Empowering communities to do what Washington and the private

~ . ) 5 ) , I) 0 L Homeownership Protection Program A Solution to a Critical Problem rvtortgage Resolution P A I l M E R S Page 16 of 267 Homeownership Protection Program This presentation has been prepared for discussion purposes only

358 views • 13 slides
W SI S Action Lines C2 , C5 & C6 : Com m unication I nfrastructure, Security & Enabling

W SI S Action Lines C2 , C5 & C6 : Com m unication I nfrastructure, Security & Enabling

W SI S Action Lines C2 , C5 & C6 : Com m unication I nfrastructure, Security & Enabling Environm ent Presented at the Expert Group Meeting on Regional Cooperation Tow ards Building an I nform ation Society in Asia and the Pacific

498 views • 25 slides
"CYBER SECURITY AND SPACE CRITICAL INFRASTRUCTURE PROTECTION. STUDY CASE: SATCOM" - 67

"CYBER SECURITY AND SPACE CRITICAL INFRASTRUCTURE PROTECTION. STUDY CASE: SATCOM" - 67

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/308780834 "CYBER SECURITY AND SPACE CRITICAL INFRASTRUCTURE PROTECTION. STUDY CASE: SATCOM" - 67 slides Conference Paper

1.17k views • 68 slides
1 2 3 State R&D Graphic, Version 1 Version 1 4 State R&D Graphic, Version 1,

1 2 3 State R&D Graphic, Version 1 Version 1 4 State R&D Graphic, Version 1,

1 2 3 State R&D Graphic, Version 1 Version 1 4 State R&D Graphic, Version 1, Version 1, markup 5 Framework for Monetary Flow for R&D State R&D Graphic, Version 3 Version 3 Other Funding Sources (local governments,

428 views • 15 slides
GE Critical Power Static Transfer Switches for source redundancy UL Listed Version GE Series

GE Critical Power Static Transfer Switches for source redundancy UL Listed Version GE Series

GE Critical Power Static Transfer Switches for source redundancy UL Listed Version GE Series STS-3 Three Phase GE Product Portfolio for the Datacenter . now enhanced with Static Transfer Switches .thus providing end-to-end

784 views • 19 slides

More recommend