1 Critical Infrastructure Protection Committee Minutes Phoenix Convention Center March 7-8, 2012 Phoenix, AZ The Critical Infrastructure Protection Co...
1 Critical Infrastructure Protection Committee Meeting September 15-16, 2015 New Orleans, LA *All presentations are posted with the written consent of...
1 Critical Infrastructure Protection Committee Draft Minutes March 4-5, 2014 Hyatt Regency at the Arch 315 Chestnut Street St. Louis, MO The Critical ...
1 Critical Infrastructure Protection Committee Draft Minutes September 16-17, 2014 Hyatt Regency Vancouver 655 Burrard Street Vancouver, BC, Canada V6...
1 Critical Infrastructure Protection Committee Strategic Plan CIPC Executive Committee Updated:xxxxxxxx NERC Report Title Report Date I2 Table of Cont...
1 Critical Infrastructure Protection Committee Meeting Presentations Atlanta, GA December 9-10, 2014 *All presentations are posted with the consent of...
1 NERC Critical Infrastructure Protection Committee (CIPC) Highlights Mike Kraft, Basin Electric Power Cooperative MRO Board of Directors Meeting Marc...
1 Joint Session Operating/Planning/Critical Infrastructure Protection Committee Conference Call and Webinar June 4, 20132 New NERC Website Mike Moon, ...
1 CRITICAL INFRASTRUCTURE PROTECTION2 Cosmos Business Systems COSMOS BUSINESS SYSTEMS SA established in Greek & Cypriot market for more than 25 ye...
1 Spatial Information Technologies in Critical Infrastructure Protection A Research Agenda In CIP U.S. DEPARTMENT OF TRANSPORTATION Research and Speci...
Critical Infrastructure Protection Committee Minutes June 11-12, 2013 Westin Buckhead Atlanta, Georgia The Critical Infrastructure Protection Committee (CIPC) Chair Chuck Abell called the meeting to order and being duly noticed the regular meeting of the CIPC on June 11, 2013 at 1:02 p.m. EDT. CIPC Secretary, Mr. Bob Canada declared a quorum to conduct business with 29 members present. The meeting announcement, agenda, and a list of attendees are attached as Exhibits A, B, and C respectively. Secretary Canada announced a quorum of 29 members present which includes the following proxies: 1. NPCC – Mr. Brian Hogue proxy for Mr. Mike Puscas 2. SPP – Mr. Eric Ervin proxy for Mr. Allen Klassen 3. NRECA – Mr. Brad Hyland proxy for Mr. Robert Richhart 4. FRCC – Mr. Joe Garmon proxy for Mr. Darren Myers 5. APPA – Mr. Scott Smith proxy for Mr. David Godfrey 6. RFC – Mr. Frank Dessuit proxy for Mr. Larry Bugh 7. TRE – Mr. Scott Rosenberger proxy for Mr. Darrel Klimitchek (June 12th only) NERC Antitrust Compliance Guidelines
Secretary Canada called attention to the NERC Antitrust Compliance Guidelines distributed with the agenda and read the statement concerning publicly announced meetings. Secretary Canada also stated that the meeting would follow Robert’s Rules of Order. CIPC Meeting Safety Briefing
Westin hotel security staff briefed CIPC and attendees on evacuation procedures and rally points outside the hotel. Introductions of Members, Proxies, Alternates, Associates, and Others
Chair Abell called for introductions of members of the CIPC and other attendees, and requested all present to sign the attendance sheets for the meeting. Review of Agenda
Chair Abell reviewed the meeting agenda with the CIPC members and asked if there were any additions or changes. He noted the agenda items and presentations might need to be presented or discussed out of
the stated sequence, due to the speakers’ commitments and travel arrangements. Note: Presentation slides from this meeting are available at: Meeting Presentations Consent Agenda
Chair Abell made a motion to approve the consent agenda which included the posted agenda and minutes for the meeting on March 5-6, 2013. Upon motion by Mr. Carl Eng, the consent agenda was approved by CIPC without any changes. Chair’s Report
Chair Abell provided CIPC with his report, covering CIPC’s past, present, and future actions. Chair Abell placed special emphasis upon the reports made on behalf of CIPC to the NERC Board of Trustees, Electricity Sub-Sector Coordinating Council (ESCC) meeting, and the Standing Committee Coordination Group (SCCG). (Presentation 1) CIPC 2013-2016 Strategic Plan and Work Plan – Chair Abell offered the document for discussion and CIPC approval. Upon motion by Mr. Eng, the document was approved by CIPC. CIPC Charter – Chair Abell advised the charter is still under review by NERC’s legal department, since December 2012, for a review alongside the Operating and Planning Committee charters to seek more consistency across the committees. CIPC Nomination Subcommittee – Chair Abell, per CIPC charter, appointed Mr. Eng to chair this subcommittee. The subcommittee is charged with developing and recommending a slate of officers to CIPC. Critical Infrastructure Protection Director’s Remarks
Mr. Matt Blizard, Director of Critical Infrastructure Protection discussed the following topics: Electricity Sub-sector Coordination Council (ESCC), Electricity Sector Information Sharing and Analysis Center (ESISAC), Critical Infrastructure Protection (CIP) Business Plan and Budget, GridEx II, 2013 Grid Security Conference (GridSecCon), CIP Reliability Issues Steering Committee (RISC), Cybersecurity Executive Order Update, Critical Infrastructure Protection Transition Guidance, Upcoming August Board of Trustees meeting reports from Working Groups (WGs) and Task Forces (TFs), CIPC Strategic Plan, and finally the significant progress of CIPC. (Presentation 2) PG&E Substation Shooting Briefing
Mr. Michael Peterson, PG&E Corporate Security briefed on the incident response and investigative details of the incident on April 16, 2013. (Presentation not to be shared at this time due to ongoing investigation) Overview of Cybersecurity Executive Order
Ms. Laura Brown, NERC Staff briefed on the ongoing efforts to meet the challenges of information sharing with private sector and government as well as the National Institute of Standards and
Technology (NIST) with the task of creating a cybersecurity practice framework, in collaboration with industry that will be used to reduce threats. Washington D.C. Update
Ms. Melanie Seador, Edison Electric Institute briefed CIPC on current legislative initiatives and status of their process through U.S. House or Senate procedures. She also briefed on the Markey/Waxman Report. (Presentation 3) Reliability Issues Steering Committee (RISC) Update
Mr. Jim Brenton, CIPC designee to the RISC briefed on the mission, and purpose, benefits to the standards program progress and an update of the nominated issues of strategic importance to the bulk power system reliability. (Presentation 4) Subcommittee Chairs, Subgroups, and Remarks
Chair Abell reminded the CIPC of the new subcommittees, WGs and TFs, the deliverables of the CIPC Strategic Plan, expectations of progress and solicited members for all subgroups. (No presentation) Operating Security Subcommittee – Chair Mr. Carl Eng
Electricity Sector Information Sharing Task Force (ESISTF) Mr. Eng briefed CIPC on behalf of Chair, Stephen Diebold. The presentation centered on the procedures, protocols, and requirements which can be quite confusing and duplicative in some instances. A diagram was shown depicting the present reporting structure in place and a preliminary alternative proposal structure utilizing the ES-ISAC as the gatekeeper to receive all information and then pushing it out to government and industry. Specific mention was made of the ES-ISAC to develop a central reporting of the DOE 417 through the ES-ISAC portal. Upon motion of Mr. Eng, the ESISTF report was approved by CIPC. (Presentation 5) Grid Exercise Working Group (GEWG) Mr. Bill Lawrence, NERC Staff briefed CIPC on the progress of planning the conference, timelines, objectives, distributed play and executive tabletop, play scenario, as well the number of entities participating in the exercise. (Presentation 6) The CIPC Meeting on June 11th was concluded for the day at 5:02 p.m. (EDT) and was reconvened on June 12th at 8:02 a.m. (EDT) Policy Subcommittee – Chair Mr. Nathan Mitchell (No Presentation)
Personnel Security Clearance Task Force (PSCTF) – Chair Mr. Mitchell briefed on the draft report offered to CIPC discussion and approval. A summary of the report was briefed which included key points of the report such as the report supporting NERC’s CEO Top Priority Issue - Goal 7 and CIPC Charter Section 3, findings that the industry could provide timely and subject matter expertise to
government in a collaborative classified space and a framework to provide a consistent process to select nominees for clearances. Upon motion by Mr. Mitchell, the report was approved by CIPC. (Presentation 7) Bulk Electric System Security Metrics Working Group (BESSMWG) – Chair Mr. James Sample briefed on the progress of the draft report. The development of the Security Metric Framework (SMF) for measures and trends for lagging and leading indicators were included in the draft report. The collaboration with Department of Energy, NERC Event Analysis, and ES-ISAC; it will be important to understand the mandatory, voluntary reporting by the industry, and develop a vision for soliciting industry reporting of voluntary leading indicators. A CIPC discussion included questions on leading and lagging indicators. Support for the BESSMWG was voiced by several CIPC members. Upon motion by Chair Abell, there was a request for CIPC endorsement of the BESSMWG direction (Presentation 8) and the Draft BESSMWG report; both were endorsed by CIPC vote. (Presentation 9) Compliance and Enforcement Input Working Group (CEIWG) – Chair Mr. Paul Crist gave a progress report on the working group, covered new volunteers, future work including; guidelines and process for Compliance Analysis Report (CAR) development, Reliability Assurance Initiative Support, and virtualization whitepaper review. (Presentation 10) Cyber Security Subcommittee – Chair Mr. Marc Child (No presentation)
Mr. Child gave an overview of the Cyber Security Subcommittee activities to include: latest activities, next steps, and CIPC actions. Cyber Attack Tree Task Force (CATTF) – Chair Mr. Mark Engels gave an update on the activities which included Amenza SecurIT Attack Tree training conducted, location of the attack trees, documentation of roles and responsibilities, continuing to update the trees, standing up sub-teams. (Presentation 11) Cyber Security Analysis Working Group (CSAWG) – Chair Mr. Eric Warakomski gave an update on the latest activities, existing liaisons with the ES-ISAC, CSTWG, and Events Analysis Subcommittee. (Presentation 12) ES-ISAC Update – Mr. Ben Miller, ES-ISAC Staff briefed CIPC on the importance of information sharing
and endorsed the reports by the PSCTF report and the ESITF report presented to CIPC. (No presentation) Physical Security Subcommittee – Chair Mr. David Grubbs (No Presentation)
Electricity Sub-Sector Physical Response Guideline Task Force Chair Mr. John Breckenridge briefed on the draft of the Security Guideline for the Electric Sub-Sector: Physical Response and explained the background information and usefulness of the draft document which will go out to CIPC for a 30-day comment period. (Presentation 13)
Physical Security Analysis Working Group (PSAWG) Chair Mr. Ross Johnson briefed CIPC on the proposed changes to the PSAWG charter to form the Physical Security Working Group (PSWG). Mr. Johnson contemplated activities such as: conducting research, recommending activities to improve the security of the Bulk Electric System facilities, establish a forum for industry to share physical security challenges, threat management techniques through a collaborative process using teleconferences, and the ES-ISAC developing a portal for the sharing of timely information that is mindful of regulatory implications for entities. Upon motion, Mr. David Grubbs accepted the changes to the PSAWG charter which changed it to the PSWG; and CIPC approved. (Presentation 14) Security Training Working Group (STWG) Chair Mr. William Whitney briefed CIPC on the newly combined working groups to include both physical and cyber security training. The latest activities include: conferences every 2nd Friday of the month, setting up a ES-ISAC portal for collaboration, compiling a list of free on-demand training from agencies and vendors, assisting in developing training subject matter for CIPC Workshops, and solicited new members. (Presentation 15) Cybersecurity Procurement Language Update for Energy Delivery Systems
Mr. Ed Goff, Duke Energy briefed CIPC on promoting cybersecurity by design through procurement language, tailored to the specific needs of the energy sector; why it is necessary, phases for development, timeline, and meeting the Department of Energy roadmap mission. (Presentation 16) 2013 Grid Security Conference (GridSecCon)
Mr. Lawrence briefed on the planning stages, trainings being offered, and schedule of the conference. (Presentation 17) Cyber Security Standards Update
Mr. Scott Mix, NERC Staff briefed on Version 5 Notice of Proposed Rulemaking (NOPR) response from NERC and the Interpretation Drafting Team activities. (No Presentation) Sufficiency Review Program (SRP)
Mr. Mix briefed on SRP 2012 overview, general Risk Based Assessment Methodology (RBAM) observations, criteria-specific observations, critical cyber asset observations, and discussed possible program activities for 2014. (Presentation 18) CIP Compliance Update
Mr. Tobias Whitney, NERC Staff briefed on the CIP Standards Transition Process. Agency Updates
Federal Energy Regulatory Commission – Mr. David Norton
2013-2014 Future Meetings 2013 Meeting Dates
7:30 a.m.–Noon (MDT)
CIPC Physical Security Workshop
September 17 September 18 October 15-17 November 13-14
June 11, 2013 | 1:00–5:00 p.m. (EDT) June 12, 2013 | 8:00 a.m.–Noon (EDT) Westin Buckhead Atlanta Hotel 3391 Peachtree Road N.E. Atlanta, GA 30326 404-365-0065
Cyber Security Training Workshop June 11, 2013 | 7:30 a.m.–Noon (EDT) NERC Headquarters Office 3353 Peachtree Road, 6th Floor Suite 600, North Tower Atlanta, GA 30326 Room: Multi-Purpose Room Critical Infrastructure Protection Committee Meeting Westin Buckhead Atlanta Hotel CIPC Working Lunch: Pre-function Area A/B | June 11, 2013 | Noon–1:00 p.m. (EDT) June 11, 2013 | 1:00–5:00 p.m. (EDT) June 12, 2013 | 8:00 a.m.–Noon (EDT) Room: Ballroom B Welcome and Introductions – CIPC Chair, Chuck Abell NERC Antitrust Compliance Guidelines and Public Meeting Announcement* Agenda
1. Administrative – CIPC Secretary, Bob Canada a. Arrangement – Safety Briefing and Emergency Precautions b. Announcement of Quorum of Voting Members c. CIPC Roster – Page 13 d. Parliamentary Procedures – In the absence of specific provisions in this manual, all committee meetings shall be conducted in accordance with the most recent edition of Robert’s Rules of Order in all cases to which they are applicable. 2. Consent Agenda – Chair Abell
a. Draft Minutes for Approval - CIPC March 5-6, 2013 b. Committee Membership Appointments and Changes: TRE Jim Brenton TRE David Grubbs TRE Darrell Klimitcheck FRCC Paul McClay FRCC Carter Manucy FRCC Darren Myers MRO Marc Child MRO Paul Crist MRO Rick Liljegren NPCC Mike Puscas NPCC Greg Goodrich NPCC Benoit Tardif RFC Larry Bugh RFC Kent Kujala RFC Jeff Fuller SERC Chuck Abell SERC Carl Eng SERC Tommy Clark SPP John Breckenridge SPP Allen Klassen SPP Robert McClanahan WECC Scott Bordenkircher WECC Mike Mertz WECC Jamey Sample APPA David Godfrey APPA Nathan Mitchell CEA Chris McColm CEA Ross Johnson CEA David Dunn* NRECA Robert Richhart NRECA David Revill *Designates new appointment
ERCOT City of Garland STEC TECO Fla Municipal Progress Great River LES MN Power NU NYISO HQ RFC Detroit DPL Ameren Dominion SMEPA KCPL Westar AECC APS PNM PGE TMPA APPA Manitoba Capital Power IESO Hoosier Georgia Trans
3. Chair’s Remarks – CIPC Chair Abell a. Reports – Recent NERC Meetings b. CIPC 2013-2016 Strategic Plan and Work Plan Status – *Draft for Discussion and Approval by CIPC c. CIPC Charter Update – Under Review by NERC Legal Counsel 4. Remarks – Matt Blizard, NERC Director of Critical Infrastructure Protection 5. Overview of Cybersecurity Executive Order – Laura Brown, NERC Staff 6. Washington, D.C. Update – Melanie Seader, Edison Electric Institute a. Legislative Update * Items for CIPC Vote Critical Infrastructure Protection Committee Agenda June 11-12, 2013
b. Markey / Waxman Report 7. Reliability Issues Steering Committee Update – Jim Brenton, Reliability Issues Steering Committee (RISC) member 8. Subcommittee Chairs, Subgroups, Progress, and Remarks – Chair Abell 9. Operating Security Subcommittee – Subcommittee Chair Carl Eng Electricity Sector Information Sharing Task Force – Carl Eng on behalf of Chair, Stephen Diebold ESISTF Charter *Draft Report – Offered for CIPC Discussion and Approval Grid Exercise Working Group – Chair Tim Conway GEWG Charter *Report on Progress and Work Completed and Contemplated *Report of GridEx II Activities – Bill Lawrence, NERC Staff 10. Policy Subcommittee – Subcommittee Chair Nathan Mitchell Personnel Security Clearance Task Force – Chair Mitchell PSCTF Charter *Draft Report – Offered for CIPC Discussion and Approval Bulk Electric System Security Metrics Working Group – Chair James Sample BESSMWG Charter *Draft Report – Offered for CIPC Discussion and Approval *Report on Progress and CIPC Endorsement of WG Direction Compliance Enforcement and Input Working Group – Chair Paul Crist CEIWG Charter *Report on Progress of Work Completed and Contemplated 11. Cybersecurity Subcommittee – Subcommittee Chair Marc Child Cyber Attack Task Force – Chair Mark Engels CATF Charter *Report on Progress of Work Completed and Contemplated Cyber Security Analysis Working Group – Chair Eric Warakomski CSAWG Charter – *Report on Progress of Work Completed and Contemplated * Items for CIPC Vote Critical Infrastructure Protection Committee Agenda June 11-12, 2013
12. Physical Security Subcommittee – Subcommittee Chair David Grubbs Electricity Sector: Physical Response Guideline Task Force – Chair John Breckenridge PSGTF Charter *Draft Security Guideline for the Electricity Sub-Sector: Physical Security Response – *Request for CIPC Endorsement and CIPC Comments Physical Security Analysis Working Group – Chair Ross Johnson PSAWG Charter *Report on Progress of Work Completed and Contemplated Physical Security Working Group Charter – *New WG and Charter for CIPC Approval Security Training Working Group – Chair William Whitney III STWG Charter – *New Charter Offered for CIPC Approval *Report on Progress of Work Completed and Contemplated 13. Cybersecurity Procurement Language Update for Energy Delivery Systems – Ed Goff, Duke 14. 2013 Grid Security Conference Update – Bill Lawrence, NERC Staff 15. ES-ISAC Update – Ben Miller, NERC Staff 16. Cyber Security Standards Update – Steve Noess, NERC Staff a. Version 5 Update b. Interpretation Team 17. CIP Compliance Update – Tobias Whitney, NERC Staff a. Transition Update b. FERC Notice of Proposed Rulemaking (NOPR) c. FERC Remands and Impact on Compliance Monitoring 18. Sufficiency Review Program – Scott Mix, NERC Staff 19. Agency Updates a. Federal Energy Regulatory Commission b. Department of Homeland Security c. Department of Energy
* Items for CIPC Vote Critical Infrastructure Protection Committee Agenda June 11-12, 2013
20. CIPC Meetings, Workshops, and Training Schedule for 2013: 2013 Meeting Dates