NERC Critical Infrastructure Protection Committee (CIPC) Highlights
Mike Kraft, Basin Electric Power Cooperative MRO Board of Directors Meeting March 17, 2016 Midwest Reliability Organization
Standards Committee
NOTICE The MRO Standards Committee is an industry stakeholder committee which includes subject matter experts from MRO member organizations in various technical areas. Any materials, guidance, and views from stakeholder committees are meant to be helpful to industry participants; but should not be considered approved or endorsed by MRO staff or its board of directors unless specified.
MRO Standards Committee
NERC CIPC MRO Representatives
Voting Members:
▪ Marc Child, Great River Energy - Cyber Security SME:
[email protected] ▪ Paul Crist, Lincoln Electric System - Physical Security SME:
[email protected] ▪ Damon Ounsworth, Saskatchewan Power - Operations Security SME:
[email protected] (pending)
Alternate Voting Members:
▪ John Hochevar, ATC – Cyber Security SME:
[email protected] ▪ Mike Kraft, Basin Electric – Physical Security SME:
[email protected] ▪ Tony Rowan, MISO North – Operations Security SME:
[email protected] (pending) ▪ Steen Fjalstad, MRO – At Large Security SME:
[email protected] MRO Standards Committee
3
1.
Administrative Marc Child of Great River Energy assumed the NERC CIPC Chair position as of January 1, 2016 The MRO Operations alternate Damon Ounsworth of Saskatchewan Power represented the region for the vacant MRO Operations representative at the December CIPC meeting Pending confirmation ▪ Damon Ounsworth - Primary Operations Security SME ▪ Tony Rowan, MISO North – Alternate Operations Security SME
MRO Standards Committee
2. Electricity Information Sharing and Analysis Center (EISAC) Update
Strategic direction is being driven by the Electricity Sector Coordinating Council (ESCC) Marc Sachs of the E-ISAC gave a 2015 year in review presentation and overview of the 2016 strategic direction. Some key items highlighted included: ▪ portal enhancements ▪ additional summary reporting
Infrastructure improvements Additional analysis activities.
Staffing
Bob Canada of the E-ISAC gave an update on the activities of the physical security advisory group. Two major projects: ▪ Design Basis Threat (DBT) tools - released via E-ISAC Portal ▪ Enhanced background checks for critical employees
Regulatory avoidance strategies for reporting do not help entities become more secure MRO Standards Committee
3.
GridEx III Post-Exercise Observations Bill Lawrence of E-ISAC reported there were approximately ▪ ▪ ▪ ▪
208 active organizations 161 observing organizations Approximately 369 organizations involved Approximately 4,227 registered participants
Lessons learned and after action reports are being developed
GridEx IV - November 15-16, 2017 ▪ IPC - Initial Planning Conference - September 2016 ▪ MPC - Mid-term Planning Conference - March 2017 ▪ FPC - Final Planning Conference - June 2017 MRO Standards Committee
4.
CIP-014-2 Physical Security Self-certifications will be sent to entities for response by May 2, 2016 ▪ March 17, 2016 Webinar
Discussion of FERC assisted audits in 2016 with a focus on R1.
MRO Standards Committee
5.
CIP V5 Transition and CIP V5 Revisions
Tobias Whitney of NERC provided an update on the CIP V5 Transition - CIP Version 5 Transition Advisory Group (V5TAG)
NERC driven CIP-002-5.1 self-certifications sent to entities - updated return date of July 15, 2016.
Entities can expect more outreach on low impact requirements in 2016.
Project 2016-02 Modifications to CIP Standards
▪ http://www.nerc.com/pa/Stand/Pages/Project%20201602%20Modifications%20to%20CIP%20Standards.aspx ▪ April 19, 2016 CIP Standards Technical Conference
Protection of transient electronic devices used at low-impact bulk electric system cyber systems Protections for communication network components between control centers Refinement of the definition for Low Impact External Routable Connectivity (LERC) Cyber Asset and BES Cyber Asset Definitions Network and Externally Accessible Devices Transmission Owner (TO) Control Centers Performing Transmission Operator (TOP) Obligations Virtualization
MRO Standards Committee
6.
Legislative Update
Nathan Mitchell of APPA gave an update on federal legislation
Cybersecurity Information Sharing Act of 2015 (CISA)
▪ DHS Automated Indicator Sharing (AIS) by March 17, 2016 - STIX and TAXII ▪ Sharing of cyber threat indicators and defensive measures by the federal government ▪ Guidance to share cyber threat indicators and defensive measures with federal entities.
Section 215A addition to the Federal Power Act
▪ DOE Plan for Strategic Transformer Reserve ▪ Resolves conflict between environmental and grid reliability - “Must run” ▪ Secretary of Energy has broader authority to address grid security emergencies
Energy Policy Act Revisited MRO Standards Committee
7.
Electricity Sector Coordinating Council (ESCC)
Nathan Mitchell of APPA gave an update on ESCC activities
ESCC Playbook v5.0 was released
Cybersecurity Risk Information Sharing Program (CRISP)
Subgroups ▪ ▪ ▪ ▪ ▪
Cyber Mutual Assistance Enhanced Background Investigation Screening (EBIS) WG E-ISAC Member Executive Committee (MEC) EMP Task Force ESCC Metrics Working Group MRO Standards Committee
8.
Federal Update Dave Norton of FERC reported FERC items
▪ FERC led CIP audits, less than 10, which should feel like a regular audit ▪ Regions will be involved and house the data ▪ Rehearing requested for Order 822
Jim McGlone of DOE
▪ pre-CIPC classified briefing ▪ DOE Design Basis Threat (DBT) will be classified
Ben Mayo of DHS
▪ Regional Cyber Security Advisors (CSAs) to augment Protective Security Advisors (PSAs) ▪ Updated Active Shooter Preparedness materials available MRO Standards Committee
NERC Alert R-2016-02-09-01 Manipulation of ICS
NERC Alert R-2016-02-09-01 Manipulation of ICS ▪ ▪ ▪ ▪
Reclassified to TLP:Amber Cooperatives should reach out to NERC for further guidance Information on E-ISAC Portal Response due April 9, 2016
MRO Standards Committee
Ukraine event
December 23, 2015 Wire Article http://www.wired.com/2016/03/inside-cunningunprecedented-hack-ukraines-power-grid/ Mitigations ▪ ▪ ▪ ▪ ▪
Council on Cybersecurity - Top 20 Critical Security Controls Application Whitelisting Contingency plans for safe shutdown Isolate ICS and SCADA networks Audit and monitor trusted external connections
MRO Standards Committee
Next Meetings
June 6-8, 2016 in St. Louis ▪ June 6-7 CIPC Workshops ▪ June 7-8 CIPC Meeting
September 20-21, 2016 with Location TBD
December 13-14, 2016 in Atlanta, GA
MRO Standards Committee
Critical Infrastructure Protection Committee Executive Committee Joe Garmon, FMPA David Grubbs, City of Garland Ross Johnson, CEA John Galloway, ISO-NE
Marc Child, Chair, Great River Energy Nathan Mitchell, Vice Chair, APPA David Revill, Vice Chair, NRECA Sam Chanoski, Secretary, NERC
Melanie Seader, EEI Jack Cashin, EPSA Chuck Abell, Ameren
Physical Security Subcommittee
Cybersecurity Subcommittee
Operating Security Subcommittee
Policy Subcommittee
(David Grubbs)
(David Revill)
(Joe Garmon)
(John Galloway)
Physical Security WG (Ross Johnson)
Control Systems Security WG (Mikhail Falkovich)
Grid Exercise WG
BES Security Metrics WG
(Tim Conway)
(VACANT)
Physical Security Guidelines WG
Security Training WG
Business Continuity Guideline TF
Physical Security Standard WG
(John Breckenridge)
(William Whitney)
(Darren Myers)
(Allan Wick)
Compliance and Enforcement Input WG (Paul Crist)
January 2016
15
RELIABILITY | ACCOUNTABILITY
MRO Security Conference 2016
Scheduled for September 22, 2016
Draft motto: “Going beyond theory to explain the 'how'”
Draft theme: “The definition of genius is taking the complex and making it simple.” - Einstein Agenda includes keynotes and industry leading experts in physical and cyber security
MRO Standards Committee
MRO Standards Committee
