|
|
- Sarah Miller
- 8 years ago
- Views:
Transcription
1 NERC CIP Implementation Prepared by David Grubbs City of Garland NERC Critical Infrastructure Protection Committee (CIPC) Municipal Systems are well represented on the NERC CIPC Committee David Grubbs, (Garland) Representing ERCOT David Godfrey, (TMPA) Representing Municipals Nathan Mitchell (APPA) Representing Municipals Rich Powell (JEA) Representing FRCC 1
2 NERC Critical Infrastructure Protection Standards Compliance with version 1 of the NERC CIP Standards were phased in over the period of June 30, 2008 through December 31, 2009 depending on the registration. On April 1, 2010 version 2 of the NERC CIP Standards replaced version 1. On October 1, 2010 version 3 of the CIP standards replaced version 2. NERC CAN on Remote Access effective October 1, 2010 Future CIP Versions There are currently three new versions of the CIP Standards under development. Version 4 is being developed by the CIP Standards drafting team to replace the current Risk Based Assessment Methodology. Expected to be effective October 1, NERC Staff is preparing a version to address remote access known as CIP-005-X. Expected to be effective October 1, The CIP Standards drafting team is developing a complete rewrite of the CIP Standards currently known as CIP-010 and CIP-011 version 1. Identification of assets probably effective in 2012 with an implementation plan of at least 12 months for newly identified assets. 2
3 Implementation of CIP Standards in Garland Began implementation of initial substation security system in 2004 Most work done by utility personnel rather than contractors. Have changed software vendors for both monitoring and video software since initial system. Lessons Learned Start slowly you will probably change your mind what equipment / software you prefer It requires much longer to install than you will estimate As you add equipment you will eventually have to add staff dedicated to monitoring security equipment and investigating alarms The most utilized security equipment is not that required under CIP 3
4 Changes to CIP Version 3 Standards Effective October 1. Three changes to requirements in the version 3 CIP Standards CIP-002 R1 added the word its to clarify which assets should be evaluated CIP-006 R 1.6 added the requirement to have a visitor management program including logging g ingress and egress and continuous escort CIP-008 R removal of what FERC thought was not a requirement but an option Version 4 Standards Version 4 of the CIP Standards removes the Risk Based Assessment Methodology and replaces it with bright line criteria. Vote in early November failed. Drafting Team is rewriting prior to the second ballot in December. 4
5 CIP-005-X NERC is proposing an Urgent Action Standard CIP X. Standard addresses all remote access into Critical Cyber Asset networks or devices. The Urgent Action status bypasses most of the Rules of Procedure applicable to Standards d drafting. Standard failed on the first ballot in October. Is being rewritten to be balloted on again in December. NERC CANs-Compliance Compliance Application Notices Clarify the Compliance Committee s interpretation of how auditors should audit Six currently in effect, CAN-0005 is only current one addressing security issues. Effective October 1, in various stages of drafting. Several address security issues. CAN-0007 draft significantly exceeds existing standards. Read carefully. Many greatly expand beyond the Standards original intent. 5
6 NERC Alerts Stuxnet Facility Ratings Aurora CIP-010 and CIP-011 All BES facilities are Critical Assets Assets classified into High, Medium and Low criticality Still covers protection of cyber assets only Start preparing paperwork now! Communications diagrams will have to be prepared for all locations. 6
7 Audits Audits Audits Like many systems we are in a mode of almost continuous audits. Scheduled full audits average every three years. Some are one year, some three, some six years. Because Municipal Utilities remain integrated utilities we are registered for multiple functions (GPL is registered for 8). Larger utilities expect audits every year Self audits are required twice per year for CIP Standards. Once per year for all other Standards. Be Prepared Be prepared to significantly increase your compliance budgets and staff Be prepared to spend more time on documentation and procedures Be prepared to be assessed penalties for NERC and ERCOT violations 7
8 Questions? 8
CIP v5/v6 Implementation Plan CIP v5 Workshop. Tony Purgar October 2-3, 2014
CIP v5/v6 Implementation Plan CIP v5 Workshop Tony Purgar October 2-3, 2014 Revision History CIP v5/v6 Implementation Plan Change History Date Description Initial Release July 25, 2014 Revision V0.1 August-2014
More informationNERC Cyber Security Standards
SANS January, 2008 Stan Johnson Manager of Situation Awareness and Infrastructure Security Stan.johnson@NERC.net 609-452-8060 Agenda History and Status of Applicable Entities Definitions High Level of
More informationCIP-003-6 R2 BES Assets Containing Low Impact BCS. Lisa Wood, CISA, CBRA, CBRM Compliance Auditor Cyber Security
CIP-003-6 R2 BES Assets Containing Low Impact BCS Lisa Wood, CISA, CBRA, CBRM Compliance Auditor Cyber Security Slide 2 About Me Been with WECC for 5 years 1 ½ years as a Compliance Program Coordinator
More informationSummary of CIP Version 5 Standards
Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have
More informationImplementation Plan for Version 5 CIP Cyber Security Standards
Implementation Plan for Version 5 CIP Cyber Security Standards April 10September 11, 2012 Prerequisite Approvals All Version 5 CIP Cyber Security Standards and the proposed additions, modifications, and
More informationCIP-003-5 Cyber Security Security Management Controls
A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-5 3. Purpose: To specify consistent and sustainable security management controls that establish responsibility and
More informationThe first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.
CIPS Overview Introduction The reliability of the energy grid depends not only on physical assets, but cyber assets. The North American Electric Reliability Corporation (NERC) realized that, along with
More informationCyber Security Compliance (NERC CIP V5)
Cyber Security Compliance (NERC CIP V5) Ray Wright NovaTech, LLC Abstract: In December 2013, the Federal Energy Regulatory Commission (FERC) issued Order No. 791 which approved the Version 5 CIP Reliability
More informationAutomating NERC CIP Compliance for EMS. Walter Sikora 2010 EMS Users Conference
Automating NERC CIP Compliance for EMS Walter Sikora 2010 EMS Users Conference What do we fear? Thieves / Extortionists Enemies/Terrorists Stuxnet Malware Hacker 2025 Accidents / Mistakes 9/21/2010 # 2
More informationNorth American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)
Whitepaper North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5) NERC-CIP Overview The North American Electric Reliability Corporation (NERC) is a
More informationLessons Learned CIP Reliability Standards
Evidence for a requirement was not usable due to a lack of identifying information on the document. An entity should set and enforce a "quality of evidence" standard for its compliance documentation. A
More informationCyber Security Standards Update: Version 5
Cyber Security Standards Update: Version 5 January 17, 2013 Scott Mix, CISSP CIP Technical Manager Agenda Version 5 Impact Levels Format Features 2 RELIABILITY ACCOUNTABILITY CIP Standards Version 5 CIP
More informationStandard CIP 004 3a Cyber Security Personnel and Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-3a 3. Purpose: Standard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access
More informationCompleted. Document Name. NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method
NERC CIP Requirements CIP-002 Critical Cyber Asset Identification R1 Critical Asset Identifaction Method R2 Critical Asset Identification R3 Critical Cyber Asset Identification Procedures and Evaluation
More informationNotable Changes to NERC Reliability Standard CIP-005-5
MIDWEST RELIABILITY ORGANIZATION Notable Changes to NERC Reliability Standard CIP-005-5 Electronic Security Perimeter(s) Bill Steiner MRO Principal Risk Assessment and Mitigation Engineer MRO CIP Version
More informationERCOT Design and Implementation of Internal Controls and benefits for NERC CMEP/RAI
ERCOT Design and Implementation of Internal Controls and benefits for NERC CMEP/RAI Matt Mereness, ERCOT Compliance Director August 2015 Anfield Summit Outline of discussion ERCOT Background Business Case
More informationEntity Name ( Acronym) NCRnnnnn Risk Assessment Questionnaire
Entity Name ( Acronym) NCRnnnnn Risk Assessment Questionnaire Upcoming Audit Date: March 16, 2015 Upcoming Audit Type: O&P Audit Start of Audit Period: March 16, 2012 Date Submitted: Table of Contents
More informationAlberta Reliability Standard Cyber Security Implementation Plan for Version 5 CIP Security Standards CIP-PLAN-AB-1
External Consultation Draft Version 1.0 December 12, 2013 1. Purpose The purpose of this reliability standard is to set the effective dates for the Version 5 CIP Cyber Security reliability standards and
More informationDigital Infrastructure - A Model For Success
Organizer: BRIDGING BARRIERS: LEGAL AND TECHNICAL OF CYBERCRIME CASES Session 6 : Securing Your Fortress Best practices, standards, techniques and technologies secure your organization from cyber criminals.
More informationAlberta Reliability Standard Cyber Security Physical Security of BES Cyber Systems CIP-006-AB-5
Alberta Reliability Stard Final Proposed Draft Version 2.0 September 9, 2014 A. Introduction 1. Title: 2. Number: 3. Purpose: To manage physical access to BES cyber systems by specifying a physical security
More information2016 Business Plan and Budget. Texas Reliability Entity, Inc. Approved by Texas RE Board of Directors. Date: May 21, 2015
2016 Business Plan and Texas Reliability Entity, Inc. Approved by Texas RE Board of Directors Date: May 21, 2015 1 Table of Contents Table of Contents... 2 Introduction... 3 Section A 2016 Business Plan
More informationAURORA Vulnerability Background
AURORA Vulnerability Background Southern California Edison (SCE) September 2011-1- Outline What is AURORA? Your Responsibility as a Customer Sectors Impacted by AURORA Review of Regulatory Agencies History
More informationHow to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework
How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework Jacques Benoit, Cooper Power Systems Inc., Energy Automations Solutions - Cybectec Robert O Reilly, Cooper
More informationCyber Security Standards: Version 5 Revisions. Security Reliability Program 2015
Cyber Security Standards: Version 5 Revisions Security Reliability Program 2015 Overview of Development Activities The Team Standard Drafting Team (SDT) appointed to address these revisions in Project
More informationStandard CIP 007 3a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for
More informationNERC CIP Tools and Techniques
NERC CIP Tools and Techniques Supplemental Project - Introduction Webcast Scott Sternfeld, Project Manager Smart Grid Substation & Cyber Security Research Labs ssternfeld@epri.com (843) 619-0050 October
More informationSecure Remote Substation Access Interest Group Part 3: Review of Top Challenges, CIPv5 mapping, and looking forward to 2014!
Secure Remote Substation Access Interest Group Part 3: Review of Top Challenges, CIPv5 mapping, and looking forward to 2014! October 3, 2013 Scott Sternfeld, Project Manager Smart Grid Substation & Cyber
More informationReliabilityFirst CIP Evidence List CIP-002 through CIP-009 are applicable to RC, BA, IA, TSP, TO, TOP, GO, GOP, LSE, NERC, & RE
R1 Provide Risk Based Assessment Methodology (RBAM) R1.1 Provide evidence that the RBAM includes both procedures and evaluation criteria, and that the evaluation criteria are riskbased R1.2 Provide evidence
More informationNERC Audit Definition
Utilities & Energy Compliance & Ethics Conference NERC Audit Definition An engagement that provides assurance or conclusions on an evaluation of sufficient, appropriate evidence against stated criteria,
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationSafety Share Who is Cleco? CIP-005-3, R5 How What
1 Safety Share Who is Cleco? CIP-005-3, R5 How What AGENDA 2 SAFETY SHARE 3 Statistics: General Customers: approx. 279,000 retail customers across Louisiana Non-contiguous transmission and service area
More informationJob Descriptions. Job Title Reports To Job Description TRANSMISSION SERVICES Manager, Transmission Services. VP Compliance & Standards
Updated July 11, 2013 Job Descriptions Job Title Reports To Job Description TRANSMISSION SERVICES VP Compliance & Standards Develops strategy and business plans for efficient, safe, reliable, regulatorycompliant
More informationOpen Enterprise Architectures for a Substation Password Management System
CIGRÉ Canada 21, rue d Artois, F-75008 PARIS (154) Conference on Power Systems http : //www.cigre.org Toronto, October 4-6, 2009 Open Enterprise Architectures for a Substation Password Management System
More informationProtect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies
Protect Your Assets Cyber Security Engineering Control Systems. Power Plants. Hurst Technologies Cyber Security The hackers are out there and the cyber security threats to your power plant are real. That
More informationTop Ten Compliance Issues for Implementing the NERC CIP Reliability Standard
Top Ten Compliance Issues for Implementing the NERC CIP Reliability Standard The North American Electric Reliability Corporation 1 s (NERC) CIP Reliability Standard is the most comprehensive and pervasive
More informationSecure Remote Substation Access Solutions
Secure Remote Substation Access Solutions Supplemental Project - Introduction Webcast October 16, 2013 Scott Sternfeld, Project Manager Smart Grid Substation & Cyber Security Research Labs ssternfeld@epri.com
More informationCIP-005-3 Electronic Security Perimeter (ESP) - Dan Mishra FRCC Compliance Workshop May 09-13, 2011
CIP-005-3 Electronic Security Perimeter (ESP) - Dan Mishra FRCC Compliance Workshop May 09-13, 2011 1 Purpose Specific NERC CIP-005 Requirements Underlying fundamentals of the ESP architecture Building
More informationInformation Shield Solution Matrix for CIP Security Standards
Information Shield Solution Matrix for CIP Security Standards The following table illustrates how specific topic categories within ISO 27002 map to the cyber security requirements of the Mandatory Reliability
More informationStrong Security in NERC CIP Version 5: Unidirectional Security Gateways
Strong Security in NERC CIP Version 5: Unidirectional Security Gateways Chris Humphreys CEO The Anfield Group Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information
More informationISACA North Dallas Chapter
ISACA rth Dallas Chapter Business Continuity Planning Observations of Critical Infrastructure Environments Ron Blume, P.E. Ron.blume@dyonyx.com 214-280-8925 Focus of Discussion Business Impact Analysis
More informationThe North American Electric Reliability Corporation ( NERC ) hereby submits
December 8, 2009 VIA ELECTRONIC FILING Kirsten Walli, Board Secretary Ontario Energy Board P.O Box 2319 2300 Yonge Street Toronto, Ontario, Canada M4P 1E4 Re: North American Electric Reliability Corporation
More informationPhysical Security Reliability Standard Implementation
Physical Security Reliability Standard Implementation Tobias Whitney, Manager of CIP Compliance (NERC) Carl Herron, Physical Security Leader (NERC) NERC Sub-Committee Meeting New Orleans, Louisiana CIP-014
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationBuilding Insecurity Lisa Kaiser
Building Insecurity Lisa Kaiser Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Insecurity How do I Specify it Buy it Test it Deploy it Regret it Apologize for it Specifying Insecurity
More informationSecFlow Security Appliance Review
Solution Paper. SecFlow Security Appliance Review NERC CIP version 5 Compliance Enabler July 2014 Abstract The alarming increase in cyber attacks on critical infrastructure poses new risk management challenges
More informationStandard CIP 007 3 Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for securing
More informationWhat Risk Managers need to know about ICS Cyber Security
What Risk Managers need to know about ICS Cyber Security EIM Risk Managers Conference February 18, 2014 Joe Weiss PE, CISM, CRISC, ISA Fellow (408) 253-7934 joe.weiss@realtimeacs.com ICSs What are they
More informationNERC CIP Compliance. Dave Powell Plant Engineering and Environmental Performance. Presentation to 2009 BRO Forum
NERC CIP Compliance Dave Powell Plant Engineering and Environmental Performance Presentation to 2009 BRO Forum August 12, 2009 1 NERC CIP 101 What is NERC CIP? CIP Terminology CIP compliance overview CIP
More informationNB Appendix CIP-004-5.1-NB-1 - Cyber Security Personnel & Training
This appendix establishes modifications to the FERC approved NERC standard CIP-004-5.1 for its specific application in New Brunswick. This appendix must be read with CIP-004-5.1 to determine a full understanding
More informationNorth American Electric Reliability Corporation. Compliance Monitoring and Enforcement Program. December 19, 2008
116-390 Village Boulevard Princeton, New Jersey 08540-5721 North American Electric Reliability Corporation Compliance Monitoring and Enforcement Program December 19, 2008 APPENDIX 4C TO THE RULES OF PROCEDURE
More informationKeshav Sarin CIP Enforcement Analyst. BURP (Best User Reporting Practices) February 11, 2011 Marina del Rey, California
Keshav Sarin CIP Enforcement Analyst BURP (Best User Reporting Practices) February 11, 2011 Marina del Rey, California Quiz How to review CIP items in the most effective manner? o Get the necessary information
More informationTop 10 Compliance Issues for Implementing Security Programs
www.dyonyx.com Top 10 Compliance Issues for Implementing Security Programs This White Paper articulates the top ten issues that we have encountered in the design and implementation of comprehensive Security
More informationTRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More informationGRADUATE RELIABILITY TRAINING PROGRAM. Initiation Date: September 2012
GRADUATE RELIABILITY TRAINING PROGRAM Initiation Date: September 2012 Board Approved Date: May 2012 GRADUATE RELIABILITY TRAINING PROGRAM Program Description This program is intended for recent college
More information149 FERC 61,140 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. 18 CFR Part 40. [Docket No. RM14-15-000; Order No.
149 FERC 61,140 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION 18 CFR Part 40 [Docket No. RM14-15-000; Order No. 802] Physical Security Reliability Standard (Issued November 20, 2014) AGENCY:
More informationDan T. Stathos, CPA* Associate Director
Dan T. Stathos, CPA* dstathos@navigant.com Austin, Texas Direct: 512.493.5415 Professional Summary Dan Stathos, an in NCI s Austin, Texas office, has been involved with electric, gas, water and telephone
More informationNERC-CIP S MOST WANTED
WHITE PAPER NERC-CIP S MOST WANTED The Top Three Most Violated NERC-CIP Standards What you need to know to stay off the list. www.alertenterprise.com NERC-CIP s Most Wanted AlertEnterprise, Inc. White
More informationAudit-Ready SharePoint Applications
Audit-Ready SharePoint Applications Page 1 of 16 July 7, 2015 Table of Contents 1 Overview... 3 2 Company Background... 4 3 Audit-Ready SharePoint Applications... 4 3.1 Audit-Ready Compliance Dashboard...
More informationCyber Security Standards Update: Version 5 with Revisions
Cyber Security Standards Update: Version 5 with Revisions Security Reliability Program 2015 Agenda CIP Standards History Version 5 Format Impact Levels NOPR Final Rule References 2 RELIABILITY ACCOUNTABILITY
More informationTRANSMISSION MAINTENANCE COORDINATION COMMITTEE (TMCC) MINUTES January 16, 2014 Meeting from ISO Headquarters Folsom, California
TRANSMISSION MAINTENANCE COORDINATION COMMITTEE (TMCC) MINUTES January 16, 2014 Meeting from ISO Headquarters Folsom, California Steve Rutty, Acting Chairperson of the Transmission Maintenance Coordination
More informationApril 28, 2009. Dear Mr. Chairman:
April 28, 2009 The Honorable Edward J. Markey Chairman Subcommittee on Energy and Environment Committee on Energy and Commerce U.S. House of Representatives Washington, D.C. 20515 Dear Mr. Chairman: I
More informationCONCEPTS IN CYBER SECURITY
CONCEPTS IN CYBER SECURITY GARY KNEELAND, CISSP SENIOR CONSULTANT CRITICAL INFRASTRUCTURE & SECURITY PRACTICE 1 OBJECTIVES FRAMEWORK FOR CYBERSECURITY CYBERSECURITY FUNCTIONS CYBERSECURITY CONTROLS COMPARATIVE
More informationTechnology Solutions for NERC CIP Compliance June 25, 2015
Technology Solutions for NERC CIP Compliance June 25, 2015 2 Encari s Focus is providing NERC CIP Compliance Products and Services for Generation and Transmission Utilities, Municipalities and Cooperatives
More informationLogRhythm and NERC CIP Compliance
LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate
More informationNERC CIP Compliance with Security Professional Services
NERC CIP Compliance with Professional Services The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is
More informationSecurity Regulations and Standards for SCADA and Industrial Controls
Security Regulations and Standards for SCADA and Industrial Controls Overview of NERC CIP and other Security Frameworks 1 65 th Annual Instrumentation Symposium for the Process Industry Topics Covered
More informationGE Measurement & Control. Cyber Security for NERC CIP Compliance
GE Measurement & Control Cyber Security for NERC CIP Compliance GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used for purposes
More informationFinancing government infrastructure projects : the UK experience. David Finlay
Financing government infrastructure projects : the UK experience David Finlay Director, National Audit Office Topics to be covered The different methods of funding infrastructure investment in the
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationCybersecurity Continuous Monitoring at Fermilab. Irwin Gaines NLIT 4 May 2015
Cybersecurity Continuous Monitoring at Fermilab Irwin Gaines NLIT 4 May 2015 Outline Why Continuous Monitoring Fermilab and its cyber challenge and strategy Fermilab cyber defenses: what needs to be monitored
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationCIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationThe Importance of Cybersecurity Monitoring for Utilities
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More informationNERC CIP Version 5 webinar series Change management
10/8/2014 NERC CIP Version 5 webinar series Change management Slide 1 Housekeeping All attendees are automatically in Mute. If you have any questions, please type them into the questions panel. This webinar
More informationNovaTech NERC CIP Compliance Document and Product Description Updated June 2015
NovaTech NERC CIP Compliance Document and Product Description Updated June 2015 This document describes the NovaTech Products for NERC CIP compliance and how they address the latest requirements of NERC
More informationFLORIDA DEPARTMENT OF TRANSPORTATION
FLORIDA DEPARTMENT OF TRANSPORTATION 6-month Follow-up Response to the Auditor General s Financial Management (FM) System Information Technology Operational Audit August 2010 through November 2010 Report
More informationCyber Security. Smart Grid
Cyber Security for the Smart Grid Peter David Vickery Executive Vice President N-Dimension Solutions Inc. APPA National Conference June 21, 2010 Cyber Security Solutions For Cyber Security
More informationCIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments
CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationProperty of NBC Universal
Property of NBC Universal NERC CIP 5 milestones. Source: EnergySec Standard CIP-002-5.1 CIP-003-5 CIP-004-5.1 CIP-005-5 CIP-006-5 CIP-007-5 CIP-008-5 CIP-009-5 CIP-010-1 CIP-011-1 CIP-014-1 Title
More informationMeeting NERC CIP Access Control Standards. Presented on February 12, 2014
Meeting NERC CIP Access Control Standards Presented on February 12, 2014 Presented By: CyberLock The leading supplier of key-centric access control systems Based in Corvallis, Oregon James T. McGowan Technology
More informationAlberta Reliability Standard Cyber Security Personnel & Training CIP-004-AB-5.1
Alberta Reliability Stard A. Introduction 1. Title: 2. Number: 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the bulk electric system from individuals
More informationCyber Security and Privacy - Program 183
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
More informationCIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System
CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System Purpose CIP-005-5 R2 is focused on ensuring that the security of the Bulk Energy System is not compromised
More informationPAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI) Affordable ~ Clean ~ Safe ~ Simple ~ Flexible
PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI) Affordable ~ Clean ~ Safe ~ Simple ~ Flexible 2 PCI Compliance What does PCI stand for? Payment Card Industry Data Security Standard Data Security Standards
More informationABB Power Generation Cyber Security Users Group
August 28, 2014 ABB Power Generation Cyber Security Users Group ABB Group August 28, 2014 Slide 1 Registration Peer Group Survey ABB Group August 28, 2014 Slide 2 ABB Group August 28, 2014 Slide 3 Registration
More informationDraft Information Technology Policy
Draft Information Technology Policy Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction... 6 Background... 6 Purpose... 6 Scope... 6 Legal Framework... 6 2.0 Software
More informationTRANSMISSION OPERATIONS (August 5, 2010)
TRANSMISSION OPERATIONS (August 5, 2010) Managing Director Transmission Operations: Paul B. Johnson The Managing Director - Transmission Operations is responsible for the safe, reliable, costeffective,
More informationThree Simple Steps to SCADA Systems Security
Three Simple Steps to SCADA Systems Security Presented by: Gabe Shones, PE / Gilbert Kwan, PE Insert Photo Here Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL
More informationStandard CIP 003 1 Cyber Security Security Management Controls
A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-1 3. Purpose: Standard CIP-003 requires that Responsible Entities have minimum security management controls in place
More informationWhen this standard has received ballot approval, the text boxes will be moved to the Guidelines and Technical Basis section of the Standard.
CIP-002-5 Cyber Security BES Cyber System Categorization When this standard has received ballot approval, the text boxes will be moved to the Guidelines and Technical Basis section of the Standard. A.
More informationSupporting our customers with NERC CIP compliance. James McQuiggan, CISSP
Supporting our customers with NERC CIP compliance James, CISSP Siemens Energy Sector Energy products and solutions - in 6 Divisions Oil & Gas Fossil Power Generation Renewable Energy Service Rotating Equipment
More informationUNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION
UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Technical Conference on Critical Infrastructure Protection Issues Identified in Order No. 791 Prepared Statement of Melanie Seader, Senior
More informationCYBER SECURITY POLICY For Managers of Drinking Water Systems
CYBER SECURITY POLICY For Managers of Drinking Water Systems Excerpt from Cyber Security Assessment and Recommended Approach, Final Report STATE OF DELAWARE DRINKING WATER SYSTEMS February 206 Kash Srinivasan
More informationOFFICE FOR TECHNOLOGY ADMINISTRATION OF CONTRACT CM00664 UNISYS - ENTERPRISE HELP DESK. Report 2005-R-7 OFFICE OF THE NEW YORK STATE COMPTROLLER
Alan G. Hevesi COMPTROLLER OFFICE OF THE NEW YORK STATE COMPTROLLER DIVISION OF STATE SERVICES Audit Objective... 2 Audit Results - Summary... 2 Background... 3 Audit Findings and Recommendations... 3
More informationIRA Risk Factors Update for CIP. Ben Christensen Senior Compliance Risk Analyst, Cyber Security October 14, 2015
IRA Risk Factors Update for CIP Ben Christensen Senior Compliance Risk Analyst, Cyber Security October 14, 2015 2 Agenda Why the changes? What s new? Example of a Risk Factor How does this effect CIP V5?
More information152 FERC 61,198 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. 18 CFR Part 40. [Docket No. RM15-4-000; Order No.
152 FERC 61,198 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION 18 CFR Part 40 [Docket No. RM15-4-000; Order No. 814] Disturbance Monitoring and Reporting Requirements Reliability Standard
More informationItem 3: ERCOT Strategic Goals
: ERCOT Strategic Goals Betty Day Vice President, Governance Risk & Compliance Human Resources and Governance Committee ERCOT Public October 12, 2015 Update on 2015 Strategic Goals ERCOT Public 2 Operational
More informationMuscle to Protect Your Grid July 2009. Sustainable and Cost-effective Muscle to Protect Your Grid
July 2009 Sustainable and Cost-effective Muscle to Protect Your Grid Page 2 Ensuring the reliability of the North American power grid is no small task and one that continues to grow in complexity on a
More informationCritical Infrastructure Security: The Emerging Smart Grid. Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn
Critical Infrastructure Security: The Emerging Smart Grid Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn Overview Assurance & Evaluation Security Testing Approaches
More informationThird Party Security Guidelines. e-governance
for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type of Information Document
More information