Physical Security Reliability Standard Implementation

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Physical Security Reliability Standard Implementation"

Transcription

1 Physical Security Reliability Standard Implementation Tobias Whitney, Manager of CIP Compliance (NERC) Carl Herron, Physical Security Leader (NERC) NERC Sub-Committee Meeting New Orleans, Louisiana

2 CIP-014 Implementation Program Implementation Readiness Clarify Compliance Expectations Increased Industry Awareness Understanding scoping and 3 rd party reliance Consistent Enforcement Support all entities in the timely, effective, and efficient implementation of CIP-014 2

3 Key Dates CIP Implementation Timeline Activity Implementation Not Later Than Days after 10/1/15 R1 Assessment Effective Date 10/1/ days R2 Verification Effective /30/ days R2.3 Address Discrepancies R /28/ days R3 Notify Control Center R2 +7 1/6/ days R4 Threat & Vulnerability Evaluation R /27/ days R5 Security Plan R /27/ days 3

4 Risk Assessment Guidance Industry must assess the loss of certain substations (R1) To start, entities must identify in-scope substations. Assess: o Transmission Facilities at 500 kv or higher o Substations exceeding the aggregate weighted value of 3000 o Substations identified by RCs, PCs or TP that are critical to IROL derivations o Essential to meeting Nuclear Plant Interface Requirements From there, various processes can be used to determine the list: o Entities may reference the NATF R1 approach o Entities may reference the method in the Guidelines and Technical Basis o Entities may use the process described in TPL R4 and R6 To be compliant, the industry must demonstrate: A transparent process that can be validated by their CEA The resulting list is commensurate with their process and BES risks 4

5 NATF Guidance February guidance memo references the North American Transmission Forum Guidance as a means to perform R1: 1. Identify stations to analyzed based on TO identifies cases/system conditions to be analyzed o summer peak vs. winter peak load levels o shoulder peak load levels with system transfers o alternative generation dispatch assumptions o alternative load models (i.e., different penetration of inductive load) 3. Define the nature of initiating event and how it will be modeled in assessment. o Event over several minutes o Instantaneous event (such as an explosion) 4. TO is responsible for documenting the criteria for instability, uncontrolled separation or Cascading, based on engineering knowledge or judgment. 5. TO performs steady-state power flow or stability analysis. 5

6 R2 3 rd Party Verification Requirement R2 mandates that an unaffiliated third-party verify the result of the risk assessment performed under Requirement R1. The third-party for Requirement R2 must be either: A registered Planning Coordinator, Transmission Planner, or Reliability Coordinator; or An entity that has transmission planning or analysis experience. Pages of the Guidelines and Technical Basis section (Section 4) of the standard provides additional guidance on selecting a third-party verifier, stating that entities should consider the following characteristics: 6

7 R2 3 rd Party Verifier Characteristics Registered entity with applicable planning and reliability functions. Experience in power system studies and planning. The third-party s understanding of the MOD standards, TPL standards, and facility ratings as they pertain to planning studies. The third-party s familiarity with the Interconnection within which the Transmission Owner is located. 7

8 Compliance Expectations TO s must demonstrate the appropriate rigor and analysis when performing R1 and R2. Consider how the following questions can be answered: Why certain stations or substations are identified to meet the criteria in Requirement R1 Similarly, why certain stations or substations were not identified by Requirement R1 What are defining characteristics of stations and substations identified by Requirement R1 How the third party verifying the risk assessment meets the qualifications in Requirement R2 and the means the third party used to ensure effective verification 8

9 R4 Threat and Vulnerabilities Assessment Each TO that identified a Transmission station(s), Transmission substation(s), or a primary control center(s) in R1 and verified according to R2, and each Transmission Operator notified by a TO according to R3. Shall conduct an evaluation of the potential threats and vulnerabilities of a physical attack to each of their respective Transmission station(s), Transmission substation(s), and primary control center(s) identified in R1 and verified according to R2. Unique characteristics History of security events Intelligence or Threat Warnings 9

10 NATF R4 Guidance Memo June 2015 R4 practices containing an approach, common practices and understanding evaluations of the potential vulnerabilities and threats of a physical attack of facilities. Site Specific vulnerability considerations No protection of facility (fencing, locks, or monitoring) Gaps in or lack of security mitigation(physical and human) Gaps in or lack of physical security policies and procedures, failure to enforce controls for vehicle and security equipment testing. Access control how is it granted, what is the process. 10

11 NATF - R4 Guidance memo June 2015 Physical Security evaluation checklist. (The physical security evaluation checklist is a format that can be used to provide self assessment of security program). Facility Information: address, contact numbers Executive Management, Security Management, Maintenance and First Responders Perimeter: Fence(type, height, anchored and enhancements)crash gate, lighting, surrounding area and landscape Security Systems(CCTV, Intrusion detection, fire alarms and locks & doors) Information Technology Systems and Sensitive Information storage Security and Response Plans 11

12 NATF - R4 Guidance memo June 2015 CIP-014 Questionnaire Threat Assessment List all of facility history of sabotage, vandalism, physical attack and Law Enforcement response List all historical criminal incidents to similar sites within the U. S. Threat Assessment, Intelligence Bulletins or Threat Warnings prepared by State Fusion Centers, Local Law Enforcement, DHS or FBI 12

13 NATF - R4 Guidance memo June 2015 Resiliency Measures measures already existing to prevent a physical attack Existing physical security measures to deter such as: Perimeter signage, fencing, gates, lighting, locks and security officers/roving patrols Existing physical security measures to detect such as: CCTV, Intrusion Detection and alarms Existing physical security measures to delay such as: Vehicle barriers, crash gates, fencing and security officers Existing physical security measures to assess such as: Video surveillance, video analytics and security command centers 13

14 NATF - R4 Guidance memo June 2015 Resiliency Measures continued Existing physical security measures to communicate such as: Security Operations Center(SOC) initiates response, protection of communication transmission to the SOC, alarm systems and Intercom system. Existing physical security measures to respond such as: Documented procedures, responses to alarms, State or local Law Enforcement and armed security officers deployment. 14

15 R5 Security Plan Each TO that identified a Transmission station(s), Transmission substation(s), or a primary control center(s) in R1 and verified according to R2, and each Transmission Operator notified by a TO according to R3. Shall develop and implement a documented physical security plan(s) that cover their Transmission station(s), Transmission substation(s), and primary control center(s). The physical security plan(s) shall be developed within 120 calendar days following the completion of R2 and executed according to the timeline specified in the physical security plans. The security plan should address the mitigation and response to the threats and vulnerabilities identified. A measureable timeline of executing the physical security enhancements and modifications should be included in the security plan. The timeline should include a project plan on how security enhancements and modifications will be implemented. 15

16 NATF - R5 Guidance memo June 2015 R5 provides an approach for development and implementation of Physical Security Plans. Areas for consideration: Deterrence Measures Visible physical security measures installed to persuade individuals to seek other, less secure targets. Detection Measures Physical security measures installed to detect unauthorized intrusion and provide local and/ or remote intruder notification. Delay Measures Physical security measures installed to delay an intruder s access to a physical asset and provide time for incident assessment and response. 16

17 NATF - R5 Guidance memo June 2015 Assessment Measures The process of evaluating the legitimacy of an alarm and determining the procedural steps required to respond. Communicate Systems used to send and receive alarm/video signals, audio, and data. Respond The immediate measures taken to assess, deploy, interrupt, to an incident. Physical Security Plan Template. 17

18 R6 R6 - Each Transmission Owner and Transmission Operator shall select an unaffiliated third party reviewer from the following: An entity or organization with electric industry physical security experience and whose review staff has at least one member who holds either a Certified Protection Professional(CPP) or Physical Security Professional(PSP) certification. An entity or organization approved by the ERO. A government agency with physical security expertise. An entity or organization with demonstrated law enforcement, government, or military physical security expertise. 18

19 Critical Infrastructure Protection Committee (CIPC) R6 CIPC has developed guidance to support industry s implementation of Requirement R6. Provides examples of experience/documentation for third party reviewer with electric industry o Proof of past or current employment as an employee(s) or contractor(s) in the electric industry; o Proof of past or current employment as an employee(s) or contractor(s) as an ERO regional entity auditor; or o Documented experience in threat vulnerability assessments or development of security plans in the electric industry. 19

20 CIPC R6 Guidance Provides examples of government agencies that might be selected Provides skill sets/activities for demonstrated law enforcement, government, or military physical security expertise. 20

21 CIPC R6 Guidance Provides skill sets/activities for demonstrated law enforcement, government, or military physical security expertise. Conducting and/or evaluating threat and vulnerability analysis of physical attack Designing and/or evaluating physical security plans Third party review of threat and vulnerability analyses or physical security plans Designing, implementing, or evaluating asset protection plans, specifically those related to facilities with special emphasis on industrial complexes 21

22 R6 Guidance ERO approval process guidance (September 2015) This process will be applied when registered entity has a third party that does not meet one of the other three criteria. Candidate 3 rd parties shall work through their Registered Entity to obtain certification. The ERO will review the qualifications against industry-vetted criteria, which is included in the Appendix A. Appendix A - request third party reviewer must have at least one criteria from the physical security experience plus one from electric sector experience. 22

23 ERO approval process guidance (September 2015) Appendix A Physical Security experience(at least one): Certified Critical Infrastructure Protection Specialist (CCIPS) and ten (10) years. Certified Homeland Protection Professional (CHPP) and ten (10) years Professional in Critical Infrastructure Protection (PCIP) and ten (10) years Certified Security Consultant (CSC) and ten (10) years experience as a physical security professional. Ten (10) years employment in a physical security department with responsibilities in facility protection. Physical security subject matter expert. Ten (10) years of experience in physical security program development, risk assessments, and threat assessment. Twenty (20) engagements as a security consultant for facility physical security assessments or security program design. 23

24 ERO approval process guidance (September 2015) Appendix A Electric Sector Experience(at least one): Ten (10) years employment with an electric utility transmission organization. Three (3) years employment as an ERO regional entity auditor Ten (10) assignments as a physical security consultant for a North American electric utility transmission organization Five (5) years military service with training in critical infrastructure interdiction. 24

25 ERO to Monitor Implementation Number of assets critical under the standard Per Region Q Q Defining characteristics of the assets identified as critical Per Region Q Q Scope of security plans By Q Information obtained Guided Self-Certs, Off-site Audits, Audits Consider compliance monitoring schedule 25

26 ERO to Monitor Implementation Timelines for implementing security and resiliency measures Regions: Periodic Guided Self-Certs, Off-site Audits, Audits to determine implementation schedule and progress NERC will aggregate results Industry s progress in implementing the standard Beginning in Q4, Quarterly NERC Board Updates Reliability Standard Audit Worksheet for CIP-014-2, will be sent to drafting team(september 2015). 26

27 27

CIP-014-1 Physical Security. Nate Roberts CIP Security Auditor I

CIP-014-1 Physical Security. Nate Roberts CIP Security Auditor I CIP-014-1 Physical Security Nate Roberts CIP Security Auditor I Notes Critical Infrastructure Protection (CIP) Standard CIP-014-1 is currently pending approval by the Federal Energy Regulatory Commission

More information

Summary of CIP Version 5 Standards

Summary of CIP Version 5 Standards Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have

More information

Standard CIP-006-3c Cyber Security Physical Security

Standard CIP-006-3c Cyber Security Physical Security A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3c 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security

More information

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which

More information

NERC Cyber Security Standards

NERC Cyber Security Standards SANS January, 2008 Stan Johnson Manager of Situation Awareness and Infrastructure Security Stan.johnson@NERC.net 609-452-8060 Agenda History and Status of Applicable Entities Definitions High Level of

More information

Standard CIP 004 3a Cyber Security Personnel and Training

Standard CIP 004 3a Cyber Security Personnel and Training A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-3a 3. Purpose: Standard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access

More information

Introduction. Industry Changes

Introduction. Industry Changes Introduction The Electronic Safety and Security Design Reference Manual (ESSDRM) is designed to educate and inform professionals in the safety and security arena. The ESSDRM discusses trends and expertise

More information

Physical Security for Drinking Water Facilities

Physical Security for Drinking Water Facilities Physical Security for Drinking Water Facilities December, 2009 State of Oregon Oregon Health Authority Drinking Water Program In Association with The City of Gresham Water Utilities The City of Portland

More information

Remote Guarding. The traditional guarding functions that you depend on can now be performed remotely.

Remote Guarding. The traditional guarding functions that you depend on can now be performed remotely. Remote Guarding Remote Guarding The traditional guarding functions that you depend on can now be performed remotely. When you have Remote Guarding managed by Securitas USA, we act on incidents in real-time

More information

146 FERC 61,166 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION

146 FERC 61,166 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION 146 FERC 61,166 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Before Commissioners: Cheryl A. LaFleur, Acting Chairman; Philip D. Moeller, John R. Norris, and Tony Clark. Reliability Standards

More information

Security Barriers in the Physical Protection Concept of Nuclear Facilities In Switzerland

Security Barriers in the Physical Protection Concept of Nuclear Facilities In Switzerland Security Barriers in the Physical Protection Concept of Nuclear Facilities In Switzerland B. Wieland Swiss Federal Office of Energy, CH 3003 Berne, Switzerland ABSTRACT: The presentation describes the

More information

MAJOR PROJECTS CONSTRUCTION SAFETY STANDARD HS-09 Revision 0

MAJOR PROJECTS CONSTRUCTION SAFETY STANDARD HS-09 Revision 0 MAJOR PROJECTS CONSTRUCTION SAFETY SECURITY MANAGEMENT PROGRAM STANDARD HS-09 Document Owner(s) Tom Munro Project/Organization Role Supervisor, Major Projects Safety & Security (Canada) Version Control:

More information

U.S. Department of Energy Office of Inspector General Office of Audit Services

U.S. Department of Energy Office of Inspector General Office of Audit Services U.S. Department of Energy Office of Inspector General Office of Audit Services Audit Report Report on Critical Asset Vulnerability and Risk Assessments at the Power Marketing Administrations--Followup

More information

Security at San Onofre

Security at San Onofre Security at San Onofre April 16, 2015 Ross Quam Security Manager Overview 1. Mission 2. Adversary Characteristics 3. Plans and Procedures 4. Insider Mitigation 5. Local Law Enforcement Agency Support 2

More information

Standard CIP 007 3a Cyber Security Systems Security Management

Standard CIP 007 3a Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for

More information

ABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport

ABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport ABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport Commercial Nuclear Power Plants Stan Blanton Nuclear Power Subcommittee The Regulatory Landscape NRC

More information

CIP-003-5 Cyber Security Security Management Controls

CIP-003-5 Cyber Security Security Management Controls A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-5 3. Purpose: To specify consistent and sustainable security management controls that establish responsibility and

More information

Business Protection Online Activity Store Self Assessment

Business Protection Online Activity Store Self Assessment Business Protection Online Activity Store Self Assessment Complete each question in the Business Protection Online Activity Store Self Assessment. The selfassessment covers potential areas of vulnerability,

More information

Chapter 1 Introduction

Chapter 1 Introduction Chapter 1 Introduction Chapter 1 provides background information on electronic safety and secuirty (ESS), including the definition and areas of knowledge required for an ESS designer. Information contained

More information

The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.

The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process. CIPS Overview Introduction The reliability of the energy grid depends not only on physical assets, but cyber assets. The North American Electric Reliability Corporation (NERC) realized that, along with

More information

Enhanced Security Monitoring Primer For Water Quality Surveillance and Response Systems

Enhanced Security Monitoring Primer For Water Quality Surveillance and Response Systems United States Environmental Protection Agency Enhanced Security Monitoring Primer For Water Quality Surveillance and Response Systems Office of Water (M 140) EPA 817-B-15-002B May 2015 Introduction A Water

More information

Cyber Security Response to Physical Security Breaches

Cyber Security Response to Physical Security Breaches Cyber Security Response to Physical Security Breaches INTRODUCTION Physical break-ins and other unauthorized entries into critical infrastructure locations, such as electrical power substations, have historically

More information

3. Purpose: To improve the reliability of the Bulk Electric System by requiring the reporting of events by Responsible Entities.

3. Purpose: To improve the reliability of the Bulk Electric System by requiring the reporting of events by Responsible Entities. A. Introduction 1. Title: Event Reporting 2. Number: EOP-004-2 3. Purpose: To improve the reliability of the Bulk Electric System by requiring the reporting of events by Responsible Entities. 4. Applicability:

More information

Securitas CCTV Surveillance Vehicle

Securitas CCTV Surveillance Vehicle Securitas CCTV Surveillance Vehicle 1 2 3 What is the Service? The Securitas CCTV Van is deployed either proactively to deter crime, or reactively to prevent reccurrence of incidents. It can also be used

More information

Think Remote Monitoring Think Concept Pro Think VXM4B

Think Remote Monitoring Think Concept Pro Think VXM4B The VXM4B Range Digital Video Recorder and Remote Monitoring System Think Remote Monitoring Think Concept Pro Think VXM4B Not much more left to Think about Who watches over your business when you re not

More information

NATF Practices Document for NERC Reliability Standard CIP Requirement R5

NATF Practices Document for NERC Reliability Standard CIP Requirement R5 NATF Practices Document for NERC Reliability Standard CIP-014-1 Requirement R5 Disclaimer This document was created by the North American Transmission Forum (NATF) to facilitate industry work to improve

More information

Remote Monitoring offers a comprehensive range of services, which are continually

Remote Monitoring offers a comprehensive range of services, which are continually Remote Monitoring Since the early 1990 s commercial remote monitoring has provided security solutions across a broad spectrum of industries. As the threat of crime and the cost of manned guarding have

More information

SECURITY VULNERABILITY CHECKLIST FOR ACADEMIC AND SMALL CHEMICAL LABORATORY FACILITIES

SECURITY VULNERABILITY CHECKLIST FOR ACADEMIC AND SMALL CHEMICAL LABORATORY FACILITIES SECURITY VULNERABILITY CHECKLIST FOR ACADEMIC AND SMALL CHEMICAL LABORATORY FACILITIES by the American Chemical Society, Committee on Chemical Safety, Safe Practices Subcommittee Introduction Terrorism

More information

Alarm Systems. The purpose of an intruder alarm system is: Commonly utilised detection devices include:

Alarm Systems. The purpose of an intruder alarm system is: Commonly utilised detection devices include: Alarm Systems An intruder alarm system is designed to detect intruder presence at your premises. When detected, a siren will activate and communicate an alarm signal to one of our highly sophisticated

More information

Ten Tips for Completing a Site Security Plan

Ten Tips for Completing a Site Security Plan TRANSPORTATION LOGISTICS PETROCHEMICal Commercial Industrial Retail Federal Systems Banking Ten Tips for Completing a Site Security Plan Introduction The Chemical Facility Anti-Terrorism Standards (CFATS)

More information

Standard CIP 007 3 Cyber Security Systems Security Management

Standard CIP 007 3 Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for securing

More information

149 FERC 61,140 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. 18 CFR Part 40. [Docket No. RM14-15-000; Order No.

149 FERC 61,140 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. 18 CFR Part 40. [Docket No. RM14-15-000; Order No. 149 FERC 61,140 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION 18 CFR Part 40 [Docket No. RM14-15-000; Order No. 802] Physical Security Reliability Standard (Issued November 20, 2014) AGENCY:

More information

LogRhythm and NERC CIP Compliance

LogRhythm and NERC CIP Compliance LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate

More information

Executive Director for Operations AUDIT OF NRC S CYBER SECURITY INSPECTION PROGRAM FOR NUCLEAR POWER PLANTS (OIG-14-A-15)

Executive Director for Operations AUDIT OF NRC S CYBER SECURITY INSPECTION PROGRAM FOR NUCLEAR POWER PLANTS (OIG-14-A-15) UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 OFFICE OF THE INSPECTOR GENERAL May 7, 2014 MEMORANDUM TO: Mark A. Satorius Executive Director for Operations FROM: Stephen D. Dingbaum

More information

Rx-360 Supply Chain Security White Paper: Audits and Assessments of Third Party Warehousing and Distribution Facilities

Rx-360 Supply Chain Security White Paper: Audits and Assessments of Third Party Warehousing and Distribution Facilities Rx-360 Supply Chain Security White Paper: Audits and Assessments of Third Party Warehousing and Distribution Facilities 6 June 2012 INTRODUCTION Today s global corporations frequently outsource various

More information

Protecting your Home Business Future

Protecting your Home Business Future Eurotech Security Systems plc Protecting your Home Business Future Eurotech has been providing quality security systems and high levels of service for more than 25 years Our business customers vary from

More information

Impact of NERC CIP Version 5 on Synchrophasor Systems

Impact of NERC CIP Version 5 on Synchrophasor Systems Impact of NERC CIP Version 5 on Synchrophasor Systems What the heck do we do NOW? or What are the CIP implications for a substation if we install synchrophasor infrastructure? Disclaimer While I have worked

More information

North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)

North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5) Whitepaper North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5) NERC-CIP Overview The North American Electric Reliability Corporation (NERC) is a

More information

CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments

CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:

More information

File 6: Appendix A, 36 CFR 1234 (formally numbered as 36 CFR 1228 subpart K) Federal Facility Security Standards (version 2.0 issued May 15, 2014)

File 6: Appendix A, 36 CFR 1234 (formally numbered as 36 CFR 1228 subpart K) Federal Facility Security Standards (version 2.0 issued May 15, 2014) File 6: Appendix A, 36 CFR 1234 (formally numbered as 36 CFR 1228 subpart K) Federal Facility Security Standards (version 2.0 issued May 15, 2014) Appendix A -- Minimum Security Standards for Level Federal

More information

Security Guidelines for Premises Storing/Handling Security Sensitive Materials (SSMs) A-1

Security Guidelines for Premises Storing/Handling Security Sensitive Materials (SSMs) A-1 Security Guidelines for Premises Storing/Handling Security Sensitive Materials (SSMs) S/N Area of Interest Description Recommended Measures 1 Perimeter Security Perimeter barriers Perimeter barriers are

More information

When this standard has received ballot approval, the text boxes will be moved to the Guidelines and Technical Basis section of the Standard.

When this standard has received ballot approval, the text boxes will be moved to the Guidelines and Technical Basis section of the Standard. CIP-002-5 Cyber Security BES Cyber System Categorization When this standard has received ballot approval, the text boxes will be moved to the Guidelines and Technical Basis section of the Standard. A.

More information

Comprehensive Video Solutions & Services. Industry-leading video solutions for your business

Comprehensive Video Solutions & Services. Industry-leading video solutions for your business Comprehensive Video Solutions & Services Industry-leading video solutions for your business STANLEY VIDEO SURVEILLANCE & SERVICES Gaining visibility and insight into your business can be a challenge. Whether

More information

The remote CCTV monitoring specialists CCTV Monitoring

The remote CCTV monitoring specialists CCTV Monitoring The remote CCTV monitoring specialists CCTV Monitoring Providing security and total peace of mind 24 hours a day, 365 days a year! Welcome to Valleywatch Valleywatch is a specialist CCTV monitoring station

More information

IOWA LABORATORIES FACILITIES PHYSICAL SECURITY PLAN

IOWA LABORATORIES FACILITIES PHYSICAL SECURITY PLAN IOWA LABORATORIES FACILITIES PHYSICAL SECURITY PLAN Submitted pursuant to SF 439, Section 14 Iowa Department of Public Safety Senate File 439 of the 80 th General Assembly, Section 14(1) directed the Department

More information

Effective Solutions for Increased Security in NH Public Schools. State of New Hampshire Division of Homeland Security and Emergency Management

Effective Solutions for Increased Security in NH Public Schools. State of New Hampshire Division of Homeland Security and Emergency Management State of New Hampshire Division of Homeland Security and Emergency Management Effective Solutions for Increased Security in NH Public Schools 33 Hazen Drive Concord, NH 03305 Effective Date: June 25, 2014

More information

Site Security Standards and Strategy

Site Security Standards and Strategy Site Security Standards and Strategy I. Background and Overview A. The City s Program Standards and Procedures (PSP) are intended to be used in conjunction with the data contained in related standards

More information

Implementation Plan for Version 5 CIP Cyber Security Standards

Implementation Plan for Version 5 CIP Cyber Security Standards Implementation Plan for Version 5 CIP Cyber Security Standards April 10September 11, 2012 Prerequisite Approvals All Version 5 CIP Cyber Security Standards and the proposed additions, modifications, and

More information

WAREHOUSE SECURITY BEST PRACTICE GUIDELINES CUSTOMS-TRADE PARTNERSHIP AGAINST TERRORISM

WAREHOUSE SECURITY BEST PRACTICE GUIDELINES CUSTOMS-TRADE PARTNERSHIP AGAINST TERRORISM BACKGROUND WAREHOUSE SECURITY BEST PRACTICE GUIDELINES CUSTOMS-TRADE PARTNERSHIP AGAINST TERRORISM In the aftermath of September 11, U.S. Customs and Border Protection (CBP) in cooperation with its trade

More information

Meeting NERC CIP Access Control Standards. Presented on February 12, 2014

Meeting NERC CIP Access Control Standards. Presented on February 12, 2014 Meeting NERC CIP Access Control Standards Presented on February 12, 2014 Presented By: CyberLock The leading supplier of key-centric access control systems Based in Corvallis, Oregon James T. McGowan Technology

More information

UK SBS Physical Security Policy

UK SBS Physical Security Policy UK SBS Physical Security Policy Version Date Author Owner Comments 1.0 16 June 14 Head of Risk, Information and Security Compliance (Mel Nash) Senior Information Risk Owner (Andy Layton) Ist Issue following

More information

Select Agent Program Workshop November 16, 2012. Agricultural Select Agent Program (USDA/APHIS) CDC Select Agent Program (HHS/CDC)

Select Agent Program Workshop November 16, 2012. Agricultural Select Agent Program (USDA/APHIS) CDC Select Agent Program (HHS/CDC) Select Agent Program Workshop November 16, 2012 Agricultural Select Agent Program (USDA/APHIS) CDC Select Agent Program (HHS/CDC) Revisions to Regulations 11 (a) through 11 (c)(7): (b) and (c)(2) changed

More information

Security-in-Depth 4/26/2013. Physical Security Webinar. DCO Meeting Room Navigation. Host: Danny Jennings

Security-in-Depth 4/26/2013. Physical Security Webinar. DCO Meeting Room Navigation. Host: Danny Jennings Security-in-Depth Physical Security Webinar Host: Danny Jennings Physical Security Curriculum Manager responsible for: Curriculum development Course instruction Curriculum review Retired military; over

More information

Data Security Concerns for the Electric Grid

Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid The U.S. power grid infrastructure is a vital component of modern society and commerce, and represents a critical

More information

SECURITY OF BUILDINGS, GROUNDS AND OTHER ASSETS

SECURITY OF BUILDINGS, GROUNDS AND OTHER ASSETS 500-54 Administrative Procedure 542 SECURITY OF BUILDINGS, GROUNDS AND OTHER ASSETS Background Recognizing the significant investment in buildings, grounds, supplies and equipment, the District has a responsibility

More information

RECURRENT FLIGHT SCHOOL SECURITY AWARENESS (FSSA) TRAINING

RECURRENT FLIGHT SCHOOL SECURITY AWARENESS (FSSA) TRAINING U.S. Department of Homeland Security Arlington, VA 22202 RECURRENT FLIGHT SCHOOL SECURITY AWARENESS (FSSA) TRAINING Recurrent FSSA Training for Flight School Employees and independent Certified Flight

More information

Write up on PSIM PHYSICAL SECURITY INFORMATION MANAGEMENT

Write up on PSIM PHYSICAL SECURITY INFORMATION MANAGEMENT Write up on PSIM PHYSICAL SECURITY INFORMATION MANAGEMENT Physical security information management (PSIM) is a technology solution that provides a platform and applications created to integrate multiple

More information

White Paper on Financial Institution Vendor Management

White Paper on Financial Institution Vendor Management White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety

More information

Conducting Security System Site Surveys

Conducting Security System Site Surveys Conducting Security System Site Surveys Written By: Harold C. Gillens, PSP, CFC, CHS-III Quintech Security Consultants, Inc. 102 Sangaree Park Court Suite 4 Summerville, SC 29483 CONDUCTING SECURITY SYSTEM

More information

Elements of Physical Security Systems II: Intrusion Detection, Alarm Communication and Assessment, Delay, and Response

Elements of Physical Security Systems II: Intrusion Detection, Alarm Communication and Assessment, Delay, and Response Elements of Physical Security Systems II: Intrusion Detection, Alarm Communication and Assessment, Delay, and Response International Biological Threat Reduction Department Sandia National Laboratories

More information

Science/Safeguards and Security. Funding Profile by Subprogram

Science/Safeguards and Security. Funding Profile by Subprogram Safeguards and Security Safeguards and Security Funding Profile by Subprogram (dollars in thousands) Protective Forces 35,059 37,147 Security Systems 11,896 10,435 Information Security 4,655 4,595 Cyber

More information

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active

More information

CCTV Monitoring - Terms and conditions, scope of work

CCTV Monitoring - Terms and conditions, scope of work 1. Where specified in a Contract for Monitoring Services, and provided that the Customer complies with it obligations under our terms and conditions for CCTV monitored services. Paramount SG shall use

More information

WaterCress - Critical Infrastructure Protection

WaterCress - Critical Infrastructure Protection What is? - Critical Infrastructure Protection is a range of water protection technology protecting 80% of the UK s potable drinking water. Our portfolio uses a range of sophisticated sensors to protect

More information

PCI DSS Reporting WHITEPAPER

PCI DSS Reporting WHITEPAPER WHITEPAPER PCI DSS Reporting CONTENTS Executive Summary 2 Latest Patches not Installed 3 Vulnerability Dashboard 4 Web Application Protection 5 Users Logging into Sensitive Servers 6 Failed Login Attempts

More information

North American Electric Reliability Corporation (NERC) Cyber Security Standard

North American Electric Reliability Corporation (NERC) Cyber Security Standard North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation

More information

ARRA HITECH Stimulus HIPAA Security Compliance Reporter. White Paper

ARRA HITECH Stimulus HIPAA Security Compliance Reporter. White Paper ARRA HITECH Stimulus HIPAA Security Compliance Reporter White Paper ARRA HITECH AND ACR2 HIPAA SECURITY The healthcare industry is in a time of great transition, with a government mandate for EHR/EMR systems,

More information

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security

More information

POLICY TEMPLATE. Date initially approved: November 5, 2013 Date of last revision: same

POLICY TEMPLATE. Date initially approved: November 5, 2013 Date of last revision: same POLICY TEMPLATE Video Surveillance Category: Approval: Responsibility: Date: Operations PVP VP Finance and Administration Date initially approved: November 5, 2013 Date of last revision: same Definitions:

More information

CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments

CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:

More information

SRA International Managed Information Systems Internal Audit Report

SRA International Managed Information Systems Internal Audit Report SRA International Managed Information Systems Internal Audit Report Report #2014-03 June 18, 2014 Table of Contents Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives...

More information

www.lgrmg.ca Setting the Standard in Risk Management Consulting and Investigation Services

www.lgrmg.ca Setting the Standard in Risk Management Consulting and Investigation Services www.lgrmg.ca Setting the Standard in Risk Management Consulting and Investigation Services Setting the Standard in Risk Management Consulting and Investigation Services AN INTRODUCTION Lions Gate Risk

More information

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the

More information

SECOND EDITION THE SECURITY RISK ASSESSMENT HANDBOOK. A Complete Guide for Performing Security Risk Assessments DOUGLAS J. LANDOLL

SECOND EDITION THE SECURITY RISK ASSESSMENT HANDBOOK. A Complete Guide for Performing Security Risk Assessments DOUGLAS J. LANDOLL SECOND EDITION THE SECURITY RISK ASSESSMENT HANDBOOK A Complete Guide for Performing Security Risk Assessments DOUGLAS J. LANDOLL CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is

More information

Security Management Plan

Security Management Plan Effective Date: 03/2015 1 of 10 I. Table of Contents: I Table of Contents II Authority III Purpose & Scope IV Policy Statement V The Joint Commission Standards VI Performance Standards VII DUPD Services

More information

Vindicator Security Solutions. Security for Mission-Critical Applications

Vindicator Security Solutions. Security for Mission-Critical Applications Vindicator Security Solutions Security for Mission-Critical Applications About Vindicator Security Solutions Photo courtesy of U.S. Department of Defense. Military, Federal and State Governments Ports

More information

ISO IEC 27002 2005 (17799 2005) INFORMATION SECURITY AUDIT TOOL

ISO IEC 27002 2005 (17799 2005) INFORMATION SECURITY AUDIT TOOL 9.1 USE SECURITY AREAS TO PROTECT FACILITIES 1 GOAL Do you use physical methods to prevent unauthorized access to your organization s information and premises? 2 GOAL Do you use physical methods to prevent

More information

PII Compliance Guidelines

PII Compliance Guidelines Personally Identifiable Information (PII): Individually identifiable information from or about an individual customer including, but not limited to: (a) a first and last name or first initial and last

More information

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY IT FIREWALL POLICY TABLE OF CONTENT 1. INTRODUCTION... 3 2. TERMS AND DEFINITION... 3 3. PURPOSE... 5 4. SCOPE... 5 5. POLICY STATEMENT... 5 6. REQUIREMENTS... 5 7. OPERATIONS... 6 8. CONFIGURATION...

More information

Southwest Power Pool SPP REGIONAL COMPLIANCE WORKING GROUP (RCWG) CONFERENCE CALL. August 7, 2015 MINUTES

Southwest Power Pool SPP REGIONAL COMPLIANCE WORKING GROUP (RCWG) CONFERENCE CALL. August 7, 2015 MINUTES Southwest Power Pool SPP REGIONAL COMPLIANCE WORKING GROUP (RCWG) CONFERENCE CALL Agenda Item 1 Administrative Items August 7, 2015 MINUTES Chair Jennifer Flandermeyer called the meeting to order at 2:00

More information

NERC CIP VERSION 5 COMPLIANCE

NERC CIP VERSION 5 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining

More information

Facility XXXX Site Security Survey Date: 10/9-10/10/02. (A) Perimeter Security Feature Yes No Comments

Facility XXXX Site Security Survey Date: 10/9-10/10/02. (A) Perimeter Security Feature Yes No Comments Facility XXXX Site Security Survey Date: 10/9-10/10/02 (A) Perimeter Security DELAY/DETER Site Boundary None of the critical facilities have protective Fence (Height and Construction) fences. Outriggers

More information

How to Solve the Most Persistent Problem in Perimeter Security Systems

How to Solve the Most Persistent Problem in Perimeter Security Systems How to Solve the Most Persistent Problem in Perimeter Security Systems Duane Thompson General Manager of Fiber SenSys Carrondo, Antonio Commercial Manager, Teleprinta Perimeter Security Challenging!! More

More information

View. Select View Managed Video Services ADT

View. Select View Managed Video Services ADT monitoring Access Control Video Surveillance Intrusion Detection Fire & life safety Commercial Solutions ADT SM Select View Managed Video Services Leverage your existing investment in video surveillance

More information

City of Phoenix Water Services Department Security Enhancement Program

City of Phoenix Water Services Department Security Enhancement Program City of Phoenix Water Services Department Security Enhancement Program 2004 OSC Readiness Water System Response November 18, 2004 Agenda Description of Phoenix System Approach to Security Emergency Response

More information

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Best Practices in ICS Security for System Operators. A Wurldtech White Paper Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security

More information

CIP R3 Vulnerability Assessments Compliance Workshop October 27, Carl Bench Compliance Auditor, Cyber Security

CIP R3 Vulnerability Assessments Compliance Workshop October 27, Carl Bench Compliance Auditor, Cyber Security CIP 010 2 R3 Vulnerability Assessments Compliance Workshop October 27, 2016 Carl Bench Compliance Auditor, Cyber Security 2 CIP 010 2 Purpose To prevent and detect unauthorized changes to BES Cyber Systems,

More information

WEBFIL LIMITED. Your Security Partner

WEBFIL LIMITED. Your Security Partner WEBFIL LIMITED Your Security Partner ABOUT THE COMPANY WEBFIL is a state based company under the Andrew Yule Group. Andrew Yule & Co. Ltd. a Government of India Enterprise is multi product, multi unit

More information

AURORA Vulnerability Background

AURORA Vulnerability Background AURORA Vulnerability Background Southern California Edison (SCE) September 2011-1- Outline What is AURORA? Your Responsibility as a Customer Sectors Impacted by AURORA Review of Regulatory Agencies History

More information

NERC-CIP S MOST WANTED

NERC-CIP S MOST WANTED WHITE PAPER NERC-CIP S MOST WANTED The Top Three Most Violated NERC-CIP Standards What you need to know to stay off the list. www.alertenterprise.com NERC-CIP s Most Wanted AlertEnterprise, Inc. White

More information

Requirements. for. CCTV Installation

Requirements. for. CCTV Installation PSA 2006_12 Requirements for CCTV Installation Table of Contents Page No. 1. Introduction...3 2. Normative References...3 3. Definitions...4 4. Overview...6 5. Location Survey...6 6. System Design...6

More information

visit us on the web at: www.strategicsecuritycorp.com

visit us on the web at: www.strategicsecuritycorp.com CAMERAS & ALARMS Closed Circuit Television (CCTV) / SMART Home Structured Wiring & Systems Commercial and Residential Alarm Systems / Central Monitoring Integrated Access Control Systems (Proximity Cards,

More information

Document ID. Cyber security for substation automation products and systems

Document ID. Cyber security for substation automation products and systems Document ID Cyber security for substation automation products and systems 2 Cyber security for substation automation systems by ABB ABB addresses all aspects of cyber security The electric power grid has

More information

TRIPWIRE NERC SOLUTION SUITE

TRIPWIRE NERC SOLUTION SUITE CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering

More information

Supply Chain Security Audit Tool - Warehousing/Distribution

Supply Chain Security Audit Tool - Warehousing/Distribution Supply Chain Security Audit Tool - Warehousing/Distribution This audit tool was developed to assist manufacturer clients with the application of the concepts in the Rx-360 Supply Chain Security White Paper:

More information

About the Port Authority

About the Port Authority Thomas Belfiore, Chief Security Officer The Port Authority of New York and New Jersey Testimony for the House Emergency Preparedness, Response and Communications Subcommittee on Protecting our Passengers:

More information

STANDARD OPERATING PROCEDURE FOR DEALING WITH ANY TERRORIST ATTACK ON SCHOOLS.

STANDARD OPERATING PROCEDURE FOR DEALING WITH ANY TERRORIST ATTACK ON SCHOOLS. STANDARD OPERATING PROCEDURE FOR DEALING WITH ANY TERRORIST ATTACK ON SCHOOLS. 1. Background: Experience gained in handing terrorism in recent years has shown that with a view to gain widespread media

More information

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security

More information

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,

More information