Low Impact Focus Group Monthly Meeting November 14, 2017
Opening Comments This meeting is being recorded All lines will be muted. In order to comment, you may: • Use the WebEx “Raise Hand” feature. • Send a message to the presenter via WebEx chat. • On the “Participants” window, manually unmute your line by clicking on the red microphone. When commenting, be mindful that this is an open call. RF cannot pre-screen the attendees. 2 Forward Together • ReliabilityFirst
Announcements NERC’s Antitrust Guidelines are available at: • http://www.nerc.com/pa/Stand/Resources/Documents/NER C_Antitrust_Compliances_Guidelines.pdf This is a public call. RF cannot pre-screen the attendees. 3 Forward Together • ReliabilityFirst
Mailing List ciplifg@lists.rfirst.org This list is intended as a discussion forum. List changes, such as additions or removals, should be sent to: lew.folkerth@rfirst.org 4 Forward Together • ReliabilityFirst
Standards Update – CIP-012-1 Draft 2 CIP-012-1 Draft 1 was posted for comments and initial ballot through 9/11/2017. CIP-012-1 Draft 2 is posted for comment through 12/11/2017. CIP-012-1 Draft 2 will have an “additional ballot” window open from 12/1/2017 through 12/11/2017. The draft RSAW for CIP-012-1 Draft 2 should be posted during the week of 11/6/2017. The proposed Standard is posted here: http://www.nerc.com/pa/Stand/Pages/Project%202016-02%20Modifications%20to%20CIP%20Standards.aspx 5 Forward Together • ReliabilityFirst
Standards Update – CIP-012-1 Draft 2 Changes from Draft 1 • Title changed • Purpose statement modified and clarified • Revised definition of “Control Center” dropped • Applicability consolidated – all applicability criteria are now in the Applicability section • Rationale section dropped • R1 has more specifics regarding protections • R2 is unchanged • Implementation window increased from 12 months to 24 months after approval 6 Forward Together • ReliabilityFirst
Standards Update – CIP-012-1 Draft 2 Applicability • Functional registration: ‒ Reliability Coordinator (RC) ‒ Balancing Authority (BA) ‒ Generator Owner or Operator (GO/GOP) ‒ Transmission Owner or Operator (TO/TOP) • Why are GO and TO included in Applicability when the definition of Control Center doesn’t include them? • Because some entities (such as PJM entities) are registered only as a TO but also perform “the functions of” a TOP as delegated by the registered TOP. There may be similar considerations for the GO/GOP relationship. 7 Forward Together • ReliabilityFirst
Standards Update – CIP-012-1 Draft 2 Applicability • Own or operate a Control Center: ‒ “One or more facilities hosting operating personnel that monitor and control the Bulk Electric System (BES) in realtime to perform the reliability tasks, including their associated data centers, of: 1) a Reliability Coordinator, 2) a Balancing Authority, 3) a Transmission Operator for transmission Facilities at two or more locations, or 4) a Generator Operator for generation Facilities at two or more locations.” • Note that there is no size limit to the Control Center. Any BES facility that meets the definition of Control Center will be in scope for this Requirement. 8 Forward Together • ReliabilityFirst
Standards Update – CIP-012-1 Draft 2 R1 – Develop a plan • Mitigate the risk of loss of confidentiality or integrity of data transmitted between Control Centers ‒ Real-time Assessment data • “An evaluation of system conditions using Real-time data to assess existing (pre-Contingency) and potential (post-Contingency) operating conditions. The assessment shall reflect applicable inputs including, but not limited to: load, generation output levels, known Protection System and Special Protection System status or degradation, Transmission outages, generator outages, Interchange, Facility Ratings, and identified phase angle and equipment limitations. (Real-time Assessment may be provided through internal systems or through third-party services.)” ‒ Real-time monitoring and control data ‒ Excludes verbal communications 9 Forward Together • ReliabilityFirst
Standards Update – CIP-012-1 Draft 2 R1 – Develop a plan • Identify data communications paths to be protected (implied requirement) ‒ Real-time Assessment data ‒ Real-time monitoring and control data • Identify security protection for each path • Identify demarcation (demarc) point for each path • If path is to another entity, identify roles and responsibilities for each path 10 Forward Together • ReliabilityFirst
Standards Update – CIP-012-1 Draft 2 R2 – Implement the plan • 24 months from the Effective Date of CIP-012-1 ‒ This is not as much time as it sounds like! • Provision for CIP Exceptional Circumstances ‒ Intended for emergency operations only. • Watch out for problems introduced by latency in encryption devices ‒ Encryption is not explicitly required, but there is not much else that will meet these requirements. ‒ There are no provisions for Technical Feasibility Exceptions. ‒ Test! Test! Test! 11 Forward Together • ReliabilityFirst
Standards Update – CIP-012-1 Draft 2 Possible Compliance Evidence (suggestions only!) • R1 - One or more documented plans ‒ If more than one plan, make sure there are no gaps between the plans ‒ Make sure all the Parts of R1 are covered: • How to identify data paths to be protected • For each identified path, how it will be protected • For each identified path, where the protections will be applied • For each identified path, define the roles of responsibility Implementation Monitoring Maintenance Key management Etc. • For each identified path, define who is responsible for each role 12 Forward Together • ReliabilityFirst
Standards Update – CIP-012-1 Draft 2 Possible Compliance Evidence (suggestions only!) • R2 – Implementation ‒ Show how the applicable data paths were identified ‒ List of identified data paths ‒ Evidence of the application of security protection to each identified data path ‒ Evidence identifying the demarc for each identified data path ‒ Evidence showing performance of the applicable roles ‒ Evidence of the effectiveness of the security protections • Logs showing state of encrypted channel • Alerts, or the ability to generate alerts, if the encryption is bypassed Trigger CIP Exceptional Circumstance • Etc. 13 Forward Together • ReliabilityFirst
Future Meetings Next conference call (WebEx): • Tuesday, December 19, 2017 at 11:00AM EST ‒ Is this call needed? No, next call in January. • Tuesday, January 16, 2018 at 11:00AM EST 14 Forward Together • ReliabilityFirst
Questions & Answers Forward Together ReliabilityFirst 15 Forward Together • ReliabilityFirst
Recommend
More recommend
