NERC CIP-C Highlights Dec-2018 Meeting Jodi A. Jensen Senior SCADA Advisor WECC SASMS, February 7, 2019 1
New CIP-C Initiatives for 2019 Utility Essential Security Practices Whitepaper Cyber-Physical Resiliency Task Force Supply Chain Risk Mitigation guidelines 2
NERC Board Meeting Highlights • Jim Robb’s Top 4 • Reliability Coordination in the West • Inverter-based resources • Changing resource mix • Cyber security • Possible Reorganization of Committees: • Task-based teams 3
FERC and NERC Updates • FERC • CIP-012 - Commission is Deliberating • Supply Chain – Approved • NERC • Looking for Input on the following: • Virtualization - RSAWS • Cyber Security Incident Reporting – CIP-008 • CIP Evidence Tool, Version 2 • Writing Implementation Guidance • Encrypting BCSI 4
Supply Chain Update • FERC Order 850 • Supply Chain Standards Approved with a directive to address EACMS, PACS, and PCAs • NERC Activities: • CIPC Advisory Task Force • EPRI supply chain risk study – Final report due Feb 2019 • Communication of supply chain risks: • NERC Alerts • E-ISAC - Incorporate into GridEx IV • Include in Workshops • CIPC development of guidelines • Supply Chain Webpage - Forum and Association whitepapers • Presentations of whitepapers to industry 5
National Labs Updates • Argonne • RC and ISO – Restoration Training Activity Scenarios • Idaho Labs – Andrew Bochman • DOE is going to bring back the National SCADA Test Bed • CyTRICS – Cyber Testing for Resilience of Industrial Control Systems • Reverse Engineering of OT devices – different brands may be more alike than they seem • Collections of common subcomponents for similar functions could introduce common vulnerability vectors 6
Legislative Update • Sept 20 – Trump signed national Cyber Strategy • DOE Cybersecurity, Energy Security and Emergency Response (CESER) • DHS Cybersecurity and Infrastructure Security Agency (CISA) • Infrastructure Bill • Background Investigation • Data Breach Notification • Resiliency • Securing the supply chain Electricity Subsector Coordinating Council Update • Cyber Mutual Assistance • Liberty Eclipse Exercise – Oct 11 • Focus on coordinated cyber security incident response. 7
EPRI Update • DER – Distributed Energy Resources • Smart Inverters – Risk • Two way communication to inverters. • 3 rd party aggregator example: over 1 million inverters connected to solar resources. Directly control energy. Impact could be greater than many utilities. • GPS Time Clock Impacts – Relay Misoperation • Cloud Security • Whitepaper in February • Risk Analysis • Data Storage of BES Cyber System Information • EACMS • Managed Security Services 8
North American Transmission Forum - Update • Compliance Implementation Guidance: • Endorsed: • CIP-010 R1.6 (Software Integrity and Authenticity) • CIP-014 R4 Practices Document (Threat and Vulnerability Evaluations) • CIP-014 R5 Practices Document (Physical Security Plans) • Not Endorsed: • CIP-010 R4 Transient Cyber Assets • CIP-005 R2.4 and R2.5 Vendor Remote Access • Being Revised. Target posting in January 2019. • Pending Compliance Implementation Guidance • CIP-013 (Supply Chain) • Publicly available CIP-Related documents • BES Operations absent EMS and SCADA Capabilities – a Spare Tire Approach • Cyber Security Supply Chain Risk Management Guidance • Guidance for CIP-005 Vendor Remote Access • Transmission System Resiliency – An Overview 9
CIP Standards Development Update • Modifications to CIP-008: • Two New Definitions • Cyber Security Incident • Reportable Cyber Security Incident • EACMS added • Reporting timeframe is 1 hour • Attempts to compromise – report by end of next calendar day • Allows entity to define “attempts” • Reporting to E-ISAC and NCCIC • Virtualization: • ESP transition to Logical Isolation Zone • Accommodate advances in network security • Retaining backward compatibility • Management plane isolation • BES cyber systems with a 15 minute impact share infrastructure with systems that do not share that time constraint (e.g. a control system and its historian) 10
Subcommittee Updates • Security Metrics Working Group • CRISP data not yet suitable as a source for BPS-impactive cyber metrics • CIP-008 will provide opportunities to enhance Metric #1 • Compliance Input Working Group • Cloud Computing Pilot Plan • Microsoft presentation on complying with CIP and FEDRAMP • Encryption Team Formed – Alice Ireland – How does encryption of BCSI in the cloud impact compliance • Reliability Issues Steering Committee • Resilience Framework • Robustness, Resourcefulness, Rapid Recovery, Adaptability • Physical Security Subcommittee • Physical Security Guideline for the Electricity Sector: Extreme Events • Physical Security Guideline for the Electricity Sector: Security Considerations, High Impact Control Centers (this is for new control centers) 11
Other Items of Interest • University of Arkansas Survey • Vulnerability and Patch Management • Objectives • Workforce Management Problem • How to reduce workload – Optimize to focus on the few patches when vulnerabilities have a true significant impact • Initial results • 2 Annual FTE savings in small Control Center through machine learning and risk-based work optimization • Mostly by reducing patching frequency • Future Research • Decision support tool implementation for two utilities next month. • Develop automated mitigation plan support • Publish survey results in Q1 of 2019 • Contact them if we have interest in the decision support tool 12
Recommend
More recommend
