Critical Infrastructure Protection Committee Strategic Plan

Critical Infrastructure Protection Committee Strategic Plan 2018-2019 CIPC Executive Committee Updated:xxxxxxxx

NERC | Report Title | Report Date I

Table of Contents Preface ...................................................................................................................................................................... iii CIPC Organizational Structure ................................................................................................................................... iv Introduction ............................................................................................................................................................... v Chapter 1: Mission, Vision, and Guiding Principles.................................................................................................... 1 CIPC Mission............................................................................................................................................................ 1 CIPC Vision .............................................................................................................................................................. 1 Guiding Principles ................................................................................................................................................... 1 Advisory Panel to Board .......................................................................................................................................... 1 Cyber and Physical Security Guidelines and Technical Reports............................................................................... 1 NERC Reliability Standards Implementation and Compliance Input ........................................................................ 2 BES Security Metrics ............................................................................................................................................... 2 Public-Private Partnership....................................................................................................................................... 2 Information Sharing ................................................................................................................................................ 3 Risks and Emerging Issues ....................................................................................................................................... 3 CIP Training and Educational Outreach ................................................................................................................... 3 CIPC Member and Industry Observer involvement ................................................................................................. 3 Chapter 2: Areas of Strategic Focus in Support of ERO Goals.................................................................................... 5 Major Activity 1: Advisory Panel to the NERC Board ............................................................................................. 5 Major Activity 2: Cyber Security Risk Management .............................................................................................. 5 Major Activity 3: Physical Security Risk Management .......................................................................................... 5 Major Activity 4: NERC Standards Implementation Input....................................................................................... 6 Major Activity 5: BES Security Metrics ................................................................................................................... 6 Major Activity 6: CIPC Training, Outreach and Industry Communications............................................................ 6 Chapter 3: Strategic Plan Descriptions....................................................................................................................... 8 Alignment with NERC Enterprise Operating Plan ................................................................................................... 8 CIPC Work Plan ................................................................................................................................................... 8 Major Activity #1: Advisory Panel to the NERC Board ........................................................................................... 8 Major Activity #3: Physical Security Risk Management ........................................................................................ 9 Major Activity #4: NERC Standards Implementation Input..................................................................................... 9 Major Activity #5: BES Security Metrics ............................................................................................................... 10 Major Activity #6: CIPC Training, Outreach and Industry Communications ........................................................ 10

NERC | CIPC Strategic Plan 2018-2019 | xxxxxxx ii

Preface The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the reliability and security of the bulk power system (BPS) in North America. NERC develops and enforces Reliability Standards; annually assesses seasonal and long‐term reliability; monitors the BPS through system awareness; and educates, trains, and certifies industry personnel. NERC’s area of responsibility spans the continental United States, Canada, and the northern portion of Baja California, Mexico. NERC is the Electric Reliability Organization (ERO) for North America, subject to oversight by the Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada. NERC’s jurisdiction includes users, owners, and operators of the BPS, which serves more than 334 million people. The North American BPS is divided into eight Regional Entity (RE) boundaries as shown in the map and corresponding table below.

The North American BPS is divided into eight RE boundaries. The highlighted areas denote overlap as some load-serving entities participate in one Region while associated transmission owners/operators participate in another.

FRCC

Florida Reliability Coordinating Council

MRO

Midwest Reliability Organization

NPCC

Northeast Power Coordinating Council

RF

ReliabilityFirst

SERC

SERC Reliability Corporation

SPP RE

Southwest Power Pool Regional Entity

Texas RE

Texas Reliability Entity

WECC

Western Electricity Coordinating Council

NERC | CIPC Strategic Plan 2018-2019 | xxxxxxx iii

CIPC Organizational Structure The Executive Committee members of the Critical Infrastructure Protection Committee (CIPC) developed the CIPC Work Plan and comprehensively reviewed the work activities and deliverables to be produced for each CIPC subcommittee. This level of Executive Committee involvement promotes firsthand knowledge of group activity. CIPC Executive Committee engaged all subgroup leadership in appropriate discussion of deliverables to be produced by each group, and the expectations of the analysis and reports.

(open) (open) Ross Johnson, Capital Power (open)

Physical Security Subcommittee (David Grubbs)

Physical Security WG (PSAG) (Ross Johnson)

Physical Security Guidelines TF

(Darrell Klimitchek)

Executive Committee

Marc Child, Chair, Great River Energy David Grubbs, Vice Chair, City of Garland David Revill, Vice Chair, NRECA Tobias Whitney, Secretary, NERC

Cybersecurity Subcommittee (David Revill)

Control Systems Security WG (Mike Mertz) (Carter Manucy)

Security Training WG (David Godfrey) (Amelia Sawyer)

Melanie Seader, EEI (vacant) APPA (vacant) EPSA (vacant) IPC

Operating Security Subcommittee (open)

Grid Exercise WG (Tim Conway)

Planning Committee Joint Project Criticality Reduction (Vacant)

Supply Chain Working Group (Vacant)

NERC | CIPC Strategic Plan 2018-2019 | xxxxxxx iv

Policy Subcommittee (open)

Security Metrics WG (Larry Bugh)

Compliance and Enforcement Input WG (Paul Crist)

Introduction This is a living document, meant to address the current and future CIPC strategic issues. The landscape in which the electric industry operates is dynamic and rapidly changing. Therefore, a regular review of the strategic plan by the CIPC Executive Committee should be conducted to ensure that it remains accurate. The CIPC chair will provide regular strategic plan updates to the CIPC members, and will send status reports to the NERC Board of Trustees (Board). Furthermore, if there are any key changes that emerge, CIPC will revisit the work plan to ensure alignment with the strategic plan of the Electric Reliability Organization (ERO) Enterprise. This work plan addresses activities, interests, and concerns of the ERO Enterprise related to critical infrastructure planning of the interconnected bulk power system (BPS). This document is created to identify strategic activities as well as highlight the alignment of CIPC activities from several perspectives, including: •

Conforming to priorities of the ERO Enterprise, the Reliability Issues Steering Committee (RISC), and Federal, state/provincial regulators;

•

Providing a technical foundation for reliability issues;

•

Matching CIPC resources with priorities; and

•

Efficiently using CIPC resources.

NERC | CIPC Strategic Plan 2018-2019 | xxxxxxx v

Chapter 1: Mission, Vision, and Guiding Principles CIPC Mission

The CIPC will support the objectives of the NERC Board and standing committees by serving as an expert advisory panel on physical and cyber security, focusing on operations, compliance and policy matters. The CIPC will advance the reliability of the critical bulk electricity infrastructure of North America by addressing the technical and organizational dimensions of security; through collaboration and sharing of best practices and by identifying and quantifying emerging risks.

CIPC Vision Foster information sharing, provide industry leadership and a forum for exchanging ideas, and promote dialogue on key issues regarding the critical Infrastructure protection of the BES.

Guiding Principles •

Coordinate with the RISC on priorities and align the CIPC Strategic Plan with the ERO Strategic Plan;

•

Maintain relationships and promote information sharing with other committees;

•

Maintain high levels of expertise;

•

Maintain the structure, processes and relationships with other NERC standing committees, and foster relationships with other forums, to maintain and foster high levels of reliability for the BES;

•

Ensure CIPC resources are used efficiently;

• •

Maintain a focus on identification and mitigation of emerging technology risks; Maintain and enhance reliability through the pursuit of clear Technical Reports, Security Guidelines, and NERC Alerts; Maintain high levels of industry specific expertise to provide sound conclusions and opinions on security issues; Strive for a high level of industry awareness and accountability as related to security risks, mitigation strategies and lessons learned;

• • •

Serve as advocate for voluntary information sharing.

Advisory Panel to Board

CIPC will fulfill this commitment with the following activities: 1. Provide reports of CIPC activities at the Board meeting. 2. Provide a representative to serve on the Reliability Issues Steering Committee (RISC). 3. Coordinate across all NERC committees and working groups to assure the highest degree of collaboration possible. 4. Encourage and solicit CIPC engagement and assist NERC staff as appropriate.

Cyber and Physical Security Guidelines and Technical Reports CIPC will continue to support the NERC Reliability Standards with the following activities:

1. Create and maintain appropriate Task Forces and Working Groups to develop, periodically review, and revise CIPC security guidelines. NERC | CIPC Strategic Plan 2018-2019 | xxxxxxxxx 1

Chapter 1: Mission, Vision, and Guiding Principles

2. Issue guidelines in accordance with the work plan activities. 3. Develop and issue technical reports that contribute to the reliable operation of the BPS.

NERC Reliability Standards Implementation and Compliance Input CIPC will continue to support the NERC Reliability Standards with the following activities: 1. Assist in the development of guidance and implementation of NERC Reliability Standards. 2. Assist the standards development process by providing expertise in support of the development of critical infrastructure protection standard authorization requests and standards. 3. Assist the standards development process by providing a forum for education, sharing of views, and informed debate of critical infrastructure protection standards. 4. Facilitate the implementation of critical infrastructure protection standards by developing reference documents and performing other activities. 5. Contribute to the Compliance Operations and Enforcement initiatives at NERC through the Compliance and Enforcement Input Working Group (CEIWG) by providing timely topical expertise on matters related to cyber and physical security.

BES Security Metrics

The CIPC will provide technical insight and advice into the development and improvement of BES security metrics, and identify a set of security performance measures to benchmark BES security. CIPC will utilize the expertise of its members, NERC staff and others to provide direction, technical oversight, feedback on the collection of industry metrics, and reporting of BES security performance metrics. The CIPC will continue to deliver recommendations with the following actions: 1. The BES Security Metrics Working Group (BESSMWG) will develop measureable security metrics of cyber and physical security threats to the BES and industry responses. 2. The BESSMWG will provide BES security metrics to the NERC annual State of Reliability report. 3. The BESSMWG will continue to develop additional context to existing metrics to assist asset owners and NERC to understand and react to dramatic changes in trends. 4. The BESSMWG will develop and implement one new metric for the 2018 NERC State of Reliability Report.

Public-Private Partnership The protection of the BPS requires the prompt dissemination of security‐related information between public and private stakeholders and across international boundaries. The CIPC will deliver recommendations by the following actions: 1. Contribute expertise to government initiatives. 2. Act as a coordinating body for dissemination of information from government to CIPC members. 3. Develop and test logistics for holding closed-session meetings when needed. 4. Foster relations with the DOE National Labs to identify collaboration opportunities.

NERC | CIPC Strategic Plan 2018-2019 | xxxxxxxx 2

Chapter 1: Mission, Vision, and Guiding Principles

Information Sharing

Common information‐sharing protocols will enhance passage of information, ensuring that vital actionable information is disseminated quickly and accurately. 1. CIPC will study present protocols existing between industry and government. The Committee will continue to identify and research the information sharing structures, methods and requirements, and search for efficiencies and alternatives to improve or recommend changes in protocols. 2. CIPC will present recommendations to E‐ISAC and NERC staff for consideration and improvement of the Public‐Private Partnership, streamlining of the event reporting process for the industry with the E‐ISAC, and the sharing of actionable information between government and industry. 3. Propose solutions that will build on practices and tools already in place. 4. CIPC quarterly meetings will be enhanced by the inclusion of regional information-sharing briefings. Once every two-years, voting members from each of the eight regions will deliver a briefing to CIPC (closed session if necessary) with the stated purpose of sharing security successes and challenges faced by each region.

Risks and Emerging Issues CIPC, utilizing the expertise of its members and NERC staff, will stay abreast of new and emerging issues related to Critical Infrastructure Protection of the BPS and take action where appropriate to address these issues, and provide expertise, and direction to NERC and the electric industry. 1. CIPC will respond to the issues raised from the biennial GridEx by developing CIPC actions to address lessons learned by tasking CIPC Task Force and Work Group to develop recommendations. 2. CIPC will modify its work plan to directly address emerging technology, cyber security and physical security recommendations.

CIP Training and Educational Outreach The CIPC will deliver with the following actions: 1. CIPC will conduct exercises, forums, and workshops related to the scope of CIPC and in cooperation with NERC. 2. CIPC will collaborate with the E-ISAC to: a. Identify and prioritize current topics related to the scope of CIPC. b. Coordinate by requesting NERC resources, if necessary, to support its activities for the forums and workshops. c. Schedule security training and education.

CIPC Member and Industry Observer involvement The CIPC will deliver on this strategy by:

1. Encouraging and engaging CIPC voting member active participation. 2. Encouraging and engaging CIPC alternate members as active participants. 3. Encouraging and engaging industry observers as active participants. 4. CIPC Executive Committee will identify potential leadership candidates for subgroups. NERC | CIPC Strategic Plan 2018-2019 | xxxxxxxx 3

Chapter 1: Mission, Vision, and Guiding Principles

5. CIPC subcommittees will review Task Force and Work Group rosters to identify gaps in expertise. 6. CIPC subcommittees will review Task Force and Work Group deliverables. 7. CIPC Executive Committee will encourage and recognize excellence.

NERC | CIPC Strategic Plan 2018-2019 | xxxxxxxx 4

Chapter 2: Areas of Strategic Focus in Support of ERO Goals The majority of the strategic areas of focus that support ERO goals are derived from the ERO Reliability Risk Priorities, the ERO Enterprise Long-term Strategy and the E-ISAC Long Term Strategic Plan. In addition, other ERO activities are considered as input to the CIPC’s Strategic Plan. The activities listed below are driven from initiatives in association with Supply Chain Risk Management Program, NERC’s Remote Access Study, CIP-014- High Impact Control Center Report and other CIPC priority topics that warrant inclusion in the Strategic Plan. The resulting activities from these program documents address information sharing, security vulnerability risk management, and risk reduction methods to improve the reliability of the BES. This section summarizes the major activities the CIPC will pursue in support of the strategic program documents.

Major Activity 1: Advisory Panel to the NERC Board

CIPC serves as an expert advisory panel to the NERC Board, E-ISAC, RISC, and standing committees in the areas of physical and cyber security. The CIPC Chair or the designee will brief the NERC Board with regard to Strategic Plan progress, areas of risk that may impact the BES any significant updates to the CIPC program documents. Strategic Input Quarterly Board of Trustees Update

Activity Board package, update and presentation materials.

Major Activity 2: Cyber Security Risk Management

CIPC has identified guidelines and technical reports to reduce the reliability risk due to system compromise from malicious threat actors. The CIPC will develop implementation guides or security guidelines depending on the best method to address the topic. CIPC will utilize the expertise of its members and collaborate with NERC staff to identify risks and emerging issues and to recommend timely and appropriate action. A CIPC representative will be nominated to the RISC to assist in the analysis and prioritization of risks and emerging issues for Board consideration. Additionally, CIPC will act on the lessons learned from the biennial NERC grid security exercise (GridEx) to improve industry’s security posture. A list of the proposed cyber security guidelines and technical reports are listed below. Strategic Input ERO Enterprise Long-term Strategy Focus Area #5 ERO Reliability Risk Priority - Risk Profile #8 & #9 FERC-Led Audits Compliance Report Remote Access Study Report GridEx Planning & Preparation Supply Chain Risk Management Supply Chain Risk Management

Activity Identification and reduction of cyber and physical security Risks while improving resilience. Assess the cyber security risk of Fuel Handling SCADA systems for Generation. Address Remote Access Security Findings #1-#18 Collaborate with E-ISAC and industry stakeholders to plan for next GridEx and share lessons learned. Vendor Essential Security Practices Model. Legacy system testing coordination with National Labs.

Major Activity 3: Physical Security Risk Management

CIPC has identified guidelines and technical reports to reduce the reliability risk due to physical damage initiated by malicious threat actors. The CIPC will develop implementation guides or security guidelines depending on the best method to address the topic. CIPC will utilize the expertise of its members and collaborate with NERC staff to identify risks and emerging issues and to recommend timely and appropriate action. A CIPC representative will be nominated to the RISC to assist in the analysis and prioritization of risks and emerging issues for Board consideration. Additionally, NERC | CIPC Strategic Plan 2018-2019 | xxxxxxxxx 5

Chapter 2: Areas of Strategic Focus in Support of ERO Goals

CIPC will act on the lessons learned from the biennial NERC grid security exercise (GridEx) to improve industry’s security posture. Strategic Input CIP-014 High Impact Control Center Report CIPC Priority Topic in coordination with PC CIPC Priority Topic CIPC Priority Topic GridEx Planning & Preparation

Activity Security practices for High Impact Control Centers. Reduction in asset criticality by developing design standards. Security implications of UAVs and clarifying the rights of stakeholders. Key management security guideline. Collaborate with E-ISAC and industry stakeholders to plan for next GridEx and share lessons learned.

Major Activity 4: NERC Standards Implementation Input

CIPC will support NERC standards and compliance initiatives, including implementation guidance, by providing timely topical expertise on matters related to cyber and physical security in association with the NERC CIP Standards. The Compliance and Enforcement Input Working Group (CEIWG) is established to solicit industry stakeholders for input to NERC staff to assist and clarify compliance monitoring or enforcement documents. CIPC will utilize the expertise of its members and collaborate with NERC staff to identify risks and emerging issues and to recommend timely and appropriate action. Strategic Input Emerging Technology Roundtable CIPC Priority Topic CIPC Priority Topic

Activity Implications of Cloud Services for CIP Assets (Pilot Study). Implications of Voice-over-IP and the CIP Standards. CIP Implications of Shared Transmission Facilities.

Major Activity 5: BES Security Metrics

CIPC will utilize the expertise of its members, NERC staff, and others to provide direction, technical oversight, feedback on the collection of industry metrics, and reporting of BES security performance metrics. The BES Security Metrics Working Group (BESSMWG) is established to develop measureable security metrics of cyber and physical security threats to the BES. The BESSMWG will collaborate with NERC to produce an annual security assessment of the BES. Strategic Input Activity ERO Enterprise Long-term Strategy Focus Area Security Metrics derived from E-ISAC or Compliance data. #5 CIPC Priority Topic

Annual Security Assessment of the BES.

Major Activity 6: CIPC Training, Outreach and Industry Communications CIPC, through its Outreach and Training Working Group (OTWG), will coordinate and communicate with those responsible for both physical and cyber security in all industry segments, including, among others E-ISAC, American Public Power Association (APPA), Canadian Electric Association (CEA), Edison Electric Institute (EEI), Electric Power Research Institute (EPRI) , Electric Power Supply Association (EPSA), ISO/RTO Council (IRC), National Rural Electric Cooperative Association (NRECA), North American Standards Board (NAESB), the Nuclear Energy Institute (NEI), and NERC | CIPC Strategic Plan 2018-2019 | xxxxxxxx 6

Chapter 2: Areas of Strategic Focus in Support of ERO Goals

the NERC Regional Entities (REs). In addition, the CIPC will liaise with government, including the Department of Energy (DOE) national labs, about critical infrastructure protection matters. CIPC will provide to industry the opportunity to participate in physical, cyber and operational security training, and educational outreach activities. •

CIPC will support the training development through workshops and webinars.

•

CIPC will develop or support outreach and training efforts related to NERC standards implementation.

•

CIPC will ensure security related deliverables are accessible to CIPC members and industry.

Strategic Input CIPC Priority Topic CIPC Priority Topic E-ISAC Long-term Strategic Plan ERO Enterprise Long-term Strategy Focus Area #3

Activity Update CIPC Website on NERC.com. Develop CIPC Collaboration Site on NERC.com. Develop Information Sharing, Outreach and Training Plan.

NERC | CIPC Strategic Plan 2018-2019 | xxxxxxxx 7

Chapter 3: Strategic Plan Descriptions Alignment with NERC Enterprise Operating Plan

As a NERC Board committee, CIPC is dedicated to the success of the ERO mission and works to ensure the goals of the committee maps directly to the goals of the enterprise. CIPC Work Plan The CIPC Executive Committee will annually assess its work plan and strategic imperatives in order to ensure that the work being performed by the committee will align to the areas of strategic focus.

Major Activity #1: Advisory Panel to the NERC Board Activity Description of Deliverable Timing Board package, update and The quarterly presentation made by the CIPC Chair or his/her On-going presentation materials designee to provide on the CIPC progress on strategy and work plan items.

Major Activity #2: Cyber Security Risk Management Activities Identification and Reduction of Cyber and Physical Security Risks Assess the cyber security risk of Fuel Handling SCADA systems for Generation

Address Remote Access Security Findings #1-#18 GridEx Preparation and Planning Vendor Essential Security Practices Model

Legacy system testing coordination with National Labs

Description of Deliverable Timing The CIPC in coordination with the OC and PC will define Q4 2019 measures to reduce cyber and physical security risks. The CIPC, in coordination with the Operating Committee, will coordinate with stakeholders and perform a study on the risks associated with fuel handling systems that supply generation facilities. An emphasis will be place on natural gas-sourced facilities. The CIPC will coordinate with stakeholders and will either develop security guidelines or offer training (as necessary) on the topics identified in the Remote Access Study. The CIPC, in coordination with industry stakeholders, develop lessons learned from the completed GridEx activities and begin preparing for the upcoming GridEx. In support of the Supply Chain Risk Management Program, the CIPC will work with vendors and industry stakeholders to develop a controls matrix that can be used to help industry work with vendors to address supply chain risks. In support of the Supply Chain Risk Management Program, the CIPC will work with vendors and industry stakeholders to test legacy systems and supply chain share lessons learned with industry.

NERC | CIPC Strategic Plan 2018-2019 | xxxxxxxxx 8

Q1 2019

Q3 2019

On-going

Q3 2018

Q4 2019

Chapter 3: Strategic Plan Descriptions

Major Activity #3: Physical Security Risk Management Activities Security practices for high impact Control Centers

Description of Deliverable Timing The CIPC will perform a study to determine the types of Q1 2019 operational control comprised by high impact controls centers and identify effective measures to mitigate risks.

Reduction in Asset Criticality (in coordination with PC)

A security guideline will be developed to address effective practices to reduce the criticality or the risk of loss of any critical substation as a means to improve resiliency and reduce applicability to CIP-014-2. The CIPC will research and communicate current practices and considerations for drones and other unmanned aerial vehicles. The CIPC, in coordination with industry stakeholders, develop lessons learned from the completed GridEx activities and begin preparing for the upcoming GridEx. Identify and describe security best practices associated with the management of physical keys BES assets. Specific examples for low impact CIP assets will be considered.

Security implications of UAVs GridEx Preparation and Planning Key management security guideline

Q4 2019

Q3 2018 On-going

Q2 2018

Major Activity #4: NERC Standards Implementation Input Activity Implications of Cloud Services for CIP Assets

Implications of Voice-over-IP and the CIP Standards

CIP Implications of Shared Transmission Facilities

Description of Deliverable The CIPC, in coordination with NERC and industry stakeholders will conduct a pilot to determine the CIP Standards implication of cloud services on the BES. The study may result in implementation guides, security guidelines or other deliverables to industry. Provide implementation recommendations for the categorization of voice communications under Reliability Standard CIP-002-5.1. Provide suggested guidance for the use and protection of Cyber Assets used for voice communications, particularly within Control Center environments, including issues surrounding authenticity and integrity. Provide a common understanding of the challenges surrounding shared facilities relating to CIP Reliability Standards and compliance. In addition, provide suggested solutions to some of the issues related to these challenges, specifically focused on ways to meet compliance obligations through joint agreements between entities.

NERC | CIPC Strategic Plan 2018-2019 | xxxxxxxx 9

Timing Q4 2018

Q1 2018

Q2 2018

Chapter 3: Strategic Plan Descriptions

Major Activity #5: BES Security Metrics Activity Security Metrics derived from E-ISAC or Compliance data

Annual Security Assessment of the BES

Description of Deliverable Timing The CIPC, in coordination with NERC and industry stakeholders On-going will develop additional metrics to improve security metrics used as part of NERC’s State of Reliability Report. The metrics can be derived from E-ISAC, compliance performance or 3rd party data sources. The CIPC, in coordination with NERC and industry stakeholders Q4 2019 will evaluate the process and approach for developing an assessment of Security of the Bulk Electric System.

Major Activity #6: CIPC Training, Outreach and Industry Communications Activity Update CIPC Website on NERC.com Develop CIPC Collaboration Site on NERC.com

Develop Information Sharing, Outreach and Training Plan

Description of Deliverable Consolidate all CIPC deliverables and content and post the content NERC.com website. The content should include guides, CIPC meeting materials or training documentation. The CIPC will work with NERC to create and maintain a collaboration site used to facilitate the coordination and development of CIPC subcommittees deliverables and draft content. The CIPC will develop a plan to manage training and outreach to CIPC members and industry stakeholders that will outline the timing, resources and topics for upcoming CIPC engagements.

NERC | CIPC Strategic Plan 2018-2019 | xxxxxxxx 10

Timing Q3 2018

Q2 2018

Q1 2018