NERC CIP Standards and NIST Smart Grid Update

Transcription

1 NERC CIP Standards and NIST Smart Grid Update Keith Stouffer Program Manager National Institute of Standards and Technology

2 Topics NERC Critical Infrastructure Protection (CIP) Standards Updates Where the standards are headed NIST Framework and Roadmap for Smart Grid Interoperability Updates Industrial to Grid (I2G) Domain Expert Working Group (DEWG) Cyber Security Coordination Task Group (CSCTG) 2

3 NERC CIP Standards Revision Overview January 18, FERC Order 706 approves CIP-002 CIP-009 with direction to make additional modifications to the Standards. August 7, 2008 Standards Drafting Team appointed to review CIP Cyber Security Standards Address directed d modifications in FERC Order 706 Conform to current ERO Rules of Procedure Consider other cyber security standards and guidelines (e.g., NIST, ISO, ISA, IEC, DOE, CIPC) Consider stakeholder issues identified in the SAR comment process 3

4 NERC CIP Standards, Version 2 22 members in the Standards Drafting Team (SDT) Kick-off meeting held at NIST on October 6-8, additional, 2-3 day, face-to-face meetings of the NERC CIP SDT held over the next 6 months to develop Revision 2 of the cyber security standards and address the 100+ pages of comments received during the comment period. NERC CIP, Version 2 cyber security standards, CIP CIP 009-2, were approved by the NERC Board of Trustees on May 6, 2009 after passage by the electric industry with a quorum of 94.37% and an 88.32% approval rating. Approved by FERC on September 30, Very fast revision of the NERC CIP Standards 4

5 NERC CIP Standards, Version 4 First step was to develop CIP Defines the scope for the CIP standards Cover all(?) Bulk Electric System assets (control centers, substations, plants, etc) Cover all relevant Cyber Systems (EMS, SCADA, protection, automation, plant control, etc) Approach by reliability function More encompassing scope than previous Versions 5

6 NERC CIP Standards, Version 4 Apply multiple levels of security controls based on impact to BES referencing the NIST SP and ISA99 models Low Impact Moderate Impact High Impact Draft CIP was released for informal industry comment on December 29, 2009 comments due by February 12, 2010 SDT currently working on the revisions to CIP CIP security requirements Not a one size fits all solution 6

7 Low Impact System 7

8 Possible ICS Impact Level Definitions Low Impact ICS Product Examples: Non hazardous materials or products, Non-ingested consumer products Industry Examples: Plastic Injection Molding, Warehouse Applications Security Concerns: Protecting gpeople, p Capital investment, Ensuring uptime NERC CIP Standards EXAMPLE ONLY Generation Below Mod threshold but part of BES Transmission Below Mod threshold but part of BES Control Centers Below Mod threshold h but part of BES 8

9 Moderate Impact Systems 9 9

10 Possible ICS Impact Level Definitions Moderate Impact ICS Product Examples: Some hazardous products and/or steps during production, High amount of proprietary information Industry Examples: Automotive Metal Industries, Pulp & Paper, Semi-conductors Security Concerns: Protecting people, Trade secrets, Capital investment, Ensuring uptime NERC CIP Standards EXAMPLE ONLY Generation Aggregate name-plate 1000 MW 2000 MW Transmission 200 kv 300 kv Control Centers Load and generation 1000 MW 2000 MW 10

11 High Impact System 11

12 High Impact System!!! 12

13 Possible ICS Impact Level Definitions High Impact ICS Product Examples: Critical Infrastructure, Hazardous Materials, Ingested Products Industry Examples: Utilities, PetroChemical, Food & Beverage, Pharmaceutical Security Concerns: Protecting human life, Ensuring basic social services, Protecting environment NERC CIP Standards EXAMPLE ONLY Generation Aggregate name-plate > 2000 MW Transmission > 300 kv Control Centers Load and generation > 2000 MW 13

14 World Record High Impact System 14 14

15 Effective Date for Standards Effective Date Language: The first day of the third calendar quarter (i.e., a minimum of two full calendar quarters, and not more than three calendar quarters) after applicable regulatory approvals have been received (or the Reliability Standard otherwise becomes effective the first day of the third calendar quarter after BOT adoption in those jurisdictions where regulatory approval is not required). For example, if regulatory approval is granted in June, the standards would become effective January 1 of the following year. If regulatory approval is granted in July, the standards would become effective April 1 of the following year. FERC approved CIP CIP on September 30, 2009, therefore the effective date is April 1,

16 Penalties and Sanctions Example Violation Risk Factor Violation Severity Level Lower Moderate High Severe Range Limits Range Limits Range Limits Range Limits Low High Low High Low High Low High Lower $1,000 $3,000 $2,000 $7,500 $3,000 $15,000 $5,000 $25,000 Statutory limit: $1,000,000 per violation per day in the U.S. Non-financial sanctions allowed Medium $2,000 $30,000 $4,000 $100,000 $6,000 $200,000 $10,000 $335,000 Penalty funds apply High to marginal cost of $4,000 $125,000 $8,000 $300,000 $12,000 $625,000 $20,000 $1,000,000 enforcement and Other qualitative factors for consideration: reconciled in budget Repeat infractions (-) Prior warnings (-) Deliberate violations (-) (-) Negative influence Self-reporting and self-correction (+) (+) Positive influence Quality of entity compliance program (+/-) (+/-) Positive or Overall performance (+/-) negative 16

17 The NIST Smart Grid Role Energy Independence and Security Act (EISA) of 2007 Title XIII, Section Smart Grid Interoperability Framework In cooperation with the DoE, NEMA, IEEE, GWAC, and other stakeholders, NIST has primary responsibility to coordinate development of a framework that includes protocols and model standards for information management to achieve interoperability of smart grid devices and systems 17

18 NIST Three Phase Plan PHASE 1 Identify an initial set of existing consensus standards and develop a roadmap to fill gaps PHASE 2 Establish public/private Standards Panel to provide ongoing recommendations for new/revised standards PHASE 3 Testing and Certification Framework March September 18

19 Inputs Executives meeting with Secretaries Locke and Chu Workshops with more than 1500 participants November 11-13, 13, 2008 April 28-29, 2009 May 19-20, 2009 SDO Workshop, August 3-4, 2009 EPRI Report Comments through two Federal Register Notices 19

20 Interoperability Framework Elements Testing and Certification Standards Security Architecture and Requirements Conceptual Reference Model Business and Public Policy Requirements 20

21 Smart Grid Domains 21

22 I2G Domain Expert Working Group Scope: Interoperability and interaction between the electric grid and industrial facilities, including electric power generation 22

23 We Need A Standards Roadmap Capabilities Priorities Reference Model Standards Release Plan Responsibilities Governance Testing and Certification I2G Roadmap 23

24 Cyber Security Coordination Task Group Over 300 participants within 7 Working Groups Objective is to assess standards d for applicability and interoperability across the domains of the Smart Grid, rather than develop a single set of cyber security requirements that are applicable to all elements of the Smart Grid. Standards will be assessed within an overall risk management framework that focuses on cyber security within the Smart Grid. 24

25 Cyber Security Requirements Document NISTIR 7628 Smart Grid Cyber Security Strategy and Requirements First draft released September 2009; Second draft released January 2010; Final in spring 2010 Overall cyber security strategy for the Smart Grid Privacy and the Smart Grid Logical interface analysis initial analysis Specification of confidentiality, integrity, and availability impact levels l (low, moderate, high) h) Advanced Metering Infrastructure (AMI) security requirements Crosswalk of cyber security documents 25

26 Thank You. Keith Stouffer National Institute of Standards and Technology