Entity Name ( Acronym) NCRnnnnn Risk Assessment Questionnaire

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Entity Name ( Acronym) NCRnnnnn Risk Assessment Questionnaire"

Transcription

1 Entity Name ( Acronym) NCRnnnnn Risk Assessment Questionnaire Upcoming Audit Date: March 16, 2015 Upcoming Audit Type: O&P Audit Start of Audit Period: March 16, 2012 Date Submitted:

2 Table of Contents Entity Name Information...2 Entity Name Registered Functions...2 Entity Name Logistical Information (Complete this section for on-site audits only)...3 Audit Location...3 Airport...3 Recommended Hotels...4 Confidentiality and Background Checks...4 Delegated Reliability Standard Requirements...5 Company Profile...6 Entity Name Technical Data...6 Entity Name Control Center Locations...7 Entity Name Reliability Assessment...8 SCADA Network Questionnaire...9 Entity Name Compliance Questionnaire...11 Third Party Questionnaire...13 Subsidiaries and Regional Presence Questionnaire...13 Certification...14 Appendix A. Revision History...15 Entity Name Pre-Audit Questionnaire 1

3 Entity Name Information Name Title Street 1: Street 2: City State Zip Phone Alt. Phone Name Title Street 1: Street 2: City State Zip Phone Alt. Phone Primary Compliance Contact: Alternate Compliance Contact: Entity Name Registered Functions Your company has registered with NERC for the following functions: (please validate) Registration Function Registration Date Deregistration Date Reliability Coordinator: Transmission Operator: Balancing Authority: Transmission Owner: Generator Owner: Generator Operator: Load Serving Entity: Distribution Provider: Entity Name Pre-Audit Questionnaire 2

4 Resource Planner: Transmission Planner Is the list of functions correct for your company s NERC Functional Registration? Yes No If no- please explain the errors in the list. Reliability Coordinator (RC) Balancing Authority (BA) Neighboring BA(s) Transmission Operator (TOP) Neighboring TOP(s) Generation Operator (GOP) Generation Owner (GO) Transmission Service Provider (TSP) Planning Authority/Coordinator (PA/PC) Reserve Sharing Group (RSG) Identify your: In what regions do you perform the listed functions? Do you have any joint registrations or coordinated function registrations with another entity? If yes, provide details including NERC JRO or CFR number. Are you a participant in a MRRE? (Yes/No) If Yes, provide details below Entity Name Logistical Information (Complete this section for on-site audits only) To aid the audit team in making travel arrangements, please provide the following information: Audit Location Please provide the physical (street) address where audit will be held: Airport Please provide the location of the airport that you would recommend the audit team use. Entity Name Pre-Audit Questionnaire 3

5 Please provide the driving directions from the airport to the audit location. Recommended Hotels Include three hotels with the following information: Name: Address: Phone Number Corporate rate: Rate name or code: Directions to the audit location: Name: Address: Phone Number Corporate rate: Rate name or code: Directions to the audit location: Name: Address: Phone Number Corporate rate: Rate name or code: Directions to the audit location: Confidentiality and Background Checks The regional entity delegation agreement and NERC non-disclosure agreement provides the mechanism for compliance audit team members to adhere to confidentiality requirements. Audit team members are not required to sign a separate confidentiality agreement with the registered entity. Please sign and acknowledge that you understand the audit team will not sign additional confidentiality agreements with your company. Acknowledgement: Entity Name Pre-Audit Questionnaire 4

6 Please identify the requirements for visitors prior to being allowed onsite (background checks, photo id, clearances for foreign auditors, etc)? Response: Delegated Reliability Standard Requirements Have you delegated any reliability standard requirements to another entity? NOTE: You will need to have a copy of the formal delegation agreement available for review during the audit. If yes, for each delegated task, please identify the entity, reference the associated delegation agreement, and reference documentation that support the delegated requirements are being properly performed. Delegated Requirement Name of Entity You Delegated To Delegation Agreement Documentation Have any reliability standard requirements been delegated to you from another entity? NOTE: You will need to have a copy of the formal delegation agreement available for review during the audit. If yes, for each delegated requirement, please identify the entity who delegated the task to you and reference the associated delegation agreement. Delegated Requirement Name of entity who delegated the requirement Delegation Agreement Entity Name Pre-Audit Questionnaire 5

7 Company Profile [List entity information regarding usage, ownership, or operational responsibilities pertaining to the BES. In addition, information identifying geographical area, size, organizational roles, etc. should be included.] Entity Name Technical Data Please provide a geographical and electrical description of your system: Peak Load (non-coincident MW) and date: Total Generation- Nameplate Capacity owned (MW): Number of Customers Served (Industrial/Commercial and Residential): Critical Customers (major military bases, communication hubs) Load Shedding Responsibility: (Yes/No) Underfrequency Load Shedding: (Yes/No) MW of load shedding in Planning Coordinator UFLS plan Undervoltage Load Shedding: (Yes/No) List location and MW shed Special Protection System Name and Location: Blackstart Generation: (Own units required per TOP restoration Plan) Yes/No. If Yes, list what TOP, unit names and location Transmission Lines: Voltage 500 kv 345 kv 230 kv 161 kv 138 kv 115 kv Sub-100 kv BES Numbers of Miles Number of Interconnection points and with whom BES Substations: Entity Name Pre-Audit Questionnaire 6

8 Highest Voltage Present 500 kv 345 kv 230 kv 161 kv 138 kv 115 kv Sub-100 kv BES Numbers of Subs System Network Information: SCADA/EMS Vendor: Firewall Vendor(s): Network device Vendor(s): Workstation OS(s): Database Management Software(s): Historian Vendor(s): Number of ICCP Associations: Number of Electronic Security Perimeter (ESP) Access Point(s): Number of people with Physical Access to one (1) or more Physical Security Perimeter PSP(s): Number of people with Electronic Access to one (1) or more ESP(s): Number of each: BES Cyber Asset(s) (BCA)/ Protected Cyber Asset(s) (PCA)/ Electronic Access Control or Monitoring System(s) (EACMS)/ Physical Access Control System (PACS) Cyber Assets(s): Please provide a list of your transmission facilities, generation facilities and flowgates in the attached Entity s Pre-Audit Spreadsheet. Entity Name Control Center Locations Street 1 Primary Control Center: Entity Name Pre-Audit Questionnaire 7

9 Street 2 City State Zip Functions Performed MW Generation Controlled Street 1 Street 2 City State Zip Functions Performed MW Generation Controlled Street 1 Street 2 City State Zip Functions Performed MW Generation Controlled Backup Control Center: Additional Control Center: Entity Name Reliability Assessment (Report only those events that occurred during the audit period) Vegetation Contacts* Directives Received Directives Issued Energy Emergency Alert (include EEA Levels): Events Reported (EOP-004-2) Number of events Date(s) of events Entity Name Pre-Audit Questionnaire 8

10 Loss of firm load Load shedding events* Equipment failure* System Separation (islanding) Generation loss* Transmission loss* Complete loss of off-site power to a nuclear plant* SCADA and EMS System failures*: Evacuation of Primary Control Center (Non-Training)* Complete loss of voice communication capability* Complete loss of monitoring capability* *List events that were reportable. SCADA Network Questionnaire Systems, Protocols and Architecture 1. What operating system(s) do you use for your primary SCADA/EMS? 2. What are your primary communication protocols used between your RTUs and SCADA/EMS? 3. What communications transport mechanism do you use for RTU communications to the SCADA/EMS (please indicate approximate percentage by type)? RTU Communication Private copper/fiber Phone company leased line Phone company frame relay / MPLS Cell Power Line Carrier Microwave Other (please write-in) Percentage 4. What are your primary communication protocols used between IEDs at BES facilities? Primary Communication Protocols Entity Name Pre-Audit Questionnaire 9

11 Serial (please write in names) DNP (serial or TCP or both) Modbus Other (please write-in) 5. Please identify all SCADA networks and the connections to those networks: a. Identify all discrete SCADA networks: b. For each SCADA network listed above, identify all connections of/or access to the following types: Internal local area and wide area networks, including business networks Internet Wireless network devices, including satellite uplinks Modem or dial-up connections Connections to business partners, vendors, support companies or regulatory agencies Connections to other utilities and RTOs Remote SCADA/EMS access 6. Please provide documentation of your network architecture related to SCADA including a single-line network architecture diagram and single-line network logic diagram. List and/or describe the documentation provided below. 7. Does your company utilize any of the following systems in its BES facilities? Systems Substation Automation Systems with localized workstations Control logic or Plant Control Systems originating from the SCADA/EMS Meter Interrogation System Synchro-Phasor Measurement Unit s (PMU s) Relay event retrieval system (such as a workstation with dialup connection to multiple protective relays used to retrieve targets, alarms, etc ) Yes or No Entity Name Pre-Audit Questionnaire 10

12 Entity Name Compliance Questionnaire 1. Does your organization have a formalized (i.e. written) internal compliance program with regard to Reliability Standards? If yes, please explain the scope of the internal compliance program which addresses the NERC Reliability Standards. 2. Please state the extent to which the internal compliance program is distributed within your organization (please include information on training, workshops, newsletters, mailings, and other relevant information which demonstrate effective communications and/or measurements of compliance). For example, does you internal compliance program include a whistle blowing procedure? 3. Please identify the person(s) and title(s) of who is responsible for compliance with Reliability Standards (e.g. Compliance Manager, Corporate Compliance Officer or other position). Compliance Contact Name: Compliance Contact Title: 4. Please provide an organization chart which includes supervision levels (i.e. chain of command ) and responsibilities, and provide a detailed explanation of the supervision and decision-making structure related to internal compliance program. 5. Please explain the relative independence of the compliance responsibilities within the organization from operations. For example, do those with compliance responsibilities have direct access to senior-level executives (e.g. including the Chief Executive Officer, President) and/or Board of Directors? Please provide sufficient details in your response. 6. Please state whether the internal compliance program is operated and managed in a manner that is independent from departments responsible for performance to the Reliability Standards. Please explain your response. 7. Please state the resources (in terms of full time equivalents, positions, or budgets), dedicated to the internal compliance program. Are there unfilled positions related to Entity Name Pre-Audit Questionnaire 11

13 the internal compliance program or, in your opinion, are there sufficient resources dedicated to the internal compliance program? Please explain. 8. Please explain senior management s role in the internal compliance program. Is there active, regular participation? Is there senior executive sponsorship of the internal compliance program? Please explain. 9. Please explain the review frequency of your internal compliance program. Who initiates the review of the internal compliance program? Please explain. 10. How does your internal compliance program ensure that employees understand the appropriate Reliability Standards that apply to their jobs? Please explain. 11. Please explain the frequency of self audits and self assessments within your internal compliance program. Who performs self audits and self assessments related to the internal compliance program? 12. Please provide details on corrective action plans when a potential violation of a Reliability Standard(s) is discovered, including disciplinary procedures for applicable employees. 13. Please explain the controls in place to prevent the re-occurrence of the violation in your internal compliance program. 14. Please provide any additional information which may demonstrate the effectiveness of your internal compliance program which was not addressed in this survey. Entity Name Pre-Audit Questionnaire 12

14 Third Party Obligations Third Party Questionnaire 1. Are you using any Third Party contractors for any of the 693 or CIP requirements? 2. Are any of those third party obligations working as Subject Matter Experts? Subsidiaries and Regional Presence Questionnaire Subsidiaries 1. Are there any subsidiaries associated with the Registered Entity? 2. If yes, will any of these subsidiaries be included in the audit? 3. Please provide ownership of processes, policies, procedures, activities, programs, operational locations (e.g. data center locations and management, GOP/GO.) Entity Name Pre-Audit Questionnaire 13

15 Certification I have completed this survey and to the best of my knowledge, the responses to this survey are true and correct. Survey was completed by: Title: Date: Signature: I have reviewed the survey responses, and to the best of my knowledge, the responses to this survey are true and correct. Authorized Company Officer: Title: Date: Signature: Entity Name Pre-Audit Questionnaire 14

16 Appendix A. Revision History Rev Date By Whom What Keller, Williams Initial version and Perry Jim Williams Updated to align with SPP RE Assessment Template Jim Williams and Steven Keller Updated to align with SPP RE Assessment Template Ron Ciesiel Approved Entity Name Pre-Audit Questionnaire 15

Summary of CIP Version 5 Standards

Summary of CIP Version 5 Standards Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have

More information

When this standard has received ballot approval, the text boxes will be moved to the Guidelines and Technical Basis section of the Standard.

When this standard has received ballot approval, the text boxes will be moved to the Guidelines and Technical Basis section of the Standard. CIP-002-5 Cyber Security BES Cyber System Categorization When this standard has received ballot approval, the text boxes will be moved to the Guidelines and Technical Basis section of the Standard. A.

More information

CIP-003-5 Cyber Security Security Management Controls

CIP-003-5 Cyber Security Security Management Controls A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-5 3. Purpose: To specify consistent and sustainable security management controls that establish responsibility and

More information

ReliabilityFirst CIP Evidence List CIP-002 through CIP-009 are applicable to RC, BA, IA, TSP, TO, TOP, GO, GOP, LSE, NERC, & RE

ReliabilityFirst CIP Evidence List CIP-002 through CIP-009 are applicable to RC, BA, IA, TSP, TO, TOP, GO, GOP, LSE, NERC, & RE R1 Provide Risk Based Assessment Methodology (RBAM) R1.1 Provide evidence that the RBAM includes both procedures and evaluation criteria, and that the evaluation criteria are riskbased R1.2 Provide evidence

More information

CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments

CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments CIP 010 1 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:

More information

CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments

CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:

More information

Critical Infrastructure Protection 101

Critical Infrastructure Protection 101 C L AR I T Y AS S U R AN C E R E S U LT S M I D W E S T R E LIAB I L I T Y ORGAN I Z AT I ON Critical Infrastructure Protection 101 An Introduction to CIP Version 5 Richard Burt MRO Principal Risk Assessment

More information

Alberta Reliability Standard Cyber Security Security Management Controls CIP-003-AB-5

Alberta Reliability Standard Cyber Security Security Management Controls CIP-003-AB-5 A. Introduction 1. Title: 2. Number: 3. Purpose: To specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES cyber systems against

More information

Alberta Reliability Standard Cyber Security Physical Security of BES Cyber Systems CIP-006-AB-5

Alberta Reliability Standard Cyber Security Physical Security of BES Cyber Systems CIP-006-AB-5 Alberta Reliability Stard Final Proposed Draft Version 2.0 September 9, 2014 A. Introduction 1. Title: 2. Number: 3. Purpose: To manage physical access to BES cyber systems by specifying a physical security

More information

Impact of NERC CIP Version 5 on Synchrophasor Systems

Impact of NERC CIP Version 5 on Synchrophasor Systems Impact of NERC CIP Version 5 on Synchrophasor Systems What the heck do we do NOW? or What are the CIP implications for a substation if we install synchrophasor infrastructure? Disclaimer While I have worked

More information

Alberta Reliability Standard Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-AB-1

Alberta Reliability Standard Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-AB-1 A. Introduction 1. Title: 2. Number: 3. Purpose: To prevent and detect unauthorized changes to BES cyber systems by specifying configuration change management and vulnerability assessment requirements

More information

NERC Cyber Security Standards

NERC Cyber Security Standards SANS January, 2008 Stan Johnson Manager of Situation Awareness and Infrastructure Security Stan.johnson@NERC.net 609-452-8060 Agenda History and Status of Applicable Entities Definitions High Level of

More information

CIP-005-5 Cyber Security Electronic Security Perimeter(s)

CIP-005-5 Cyber Security Electronic Security Perimeter(s) A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-5 3. Purpose: To manage electronic access to BES Cyber Systems by specifying a controlled Electronic Security

More information

Alberta Reliability Standard Cyber Security Personnel & Training CIP-004-AB-5.1

Alberta Reliability Standard Cyber Security Personnel & Training CIP-004-AB-5.1 Alberta Reliability Stard A. Introduction 1. Title: 2. Number: 3. Purpose: To minimize the risk against compromise that could lead to misoperation or instability in the bulk electric system from individuals

More information

Federal Energy Regulatory Commission. Small Entity Compliance Guide Mandatory Reliability Standards (Order No. 693)

Federal Energy Regulatory Commission. Small Entity Compliance Guide Mandatory Reliability Standards (Order No. 693) Federal Energy Regulatory Commission Small Entity Compliance Guide Mandatory Reliability Standards (Order No. 693) This Guide is prepared in accordance with the requirements of section 212 of the Small

More information

Safety Share Who is Cleco? CIP-005-3, R5 How What

Safety Share Who is Cleco? CIP-005-3, R5 How What 1 Safety Share Who is Cleco? CIP-005-3, R5 How What AGENDA 2 SAFETY SHARE 3 Statistics: General Customers: approx. 279,000 retail customers across Louisiana Non-contiguous transmission and service area

More information

Cyber Security Compliance (NERC CIP V5)

Cyber Security Compliance (NERC CIP V5) Cyber Security Compliance (NERC CIP V5) Ray Wright NovaTech, LLC Abstract: In December 2013, the Federal Energy Regulatory Commission (FERC) issued Order No. 791 which approved the Version 5 CIP Reliability

More information

Open Enterprise Architectures for a Substation Password Management System

Open Enterprise Architectures for a Substation Password Management System CIGRÉ Canada 21, rue d Artois, F-75008 PARIS (154) Conference on Power Systems http : //www.cigre.org Toronto, October 4-6, 2009 Open Enterprise Architectures for a Substation Password Management System

More information

Alberta Reliability Standard Cyber Security System Security Management CIP-007-AB-5

Alberta Reliability Standard Cyber Security System Security Management CIP-007-AB-5 A. Introduction 1. Title: 2. Number: 3. Purpose: To manage system security by specifying select technical, operational, and procedural requirements in support of protecting BES cyber systems against compromise

More information

CIP v5/v6 Implementation Plan CIP v5 Workshop. Tony Purgar October 2-3, 2014

CIP v5/v6 Implementation Plan CIP v5 Workshop. Tony Purgar October 2-3, 2014 CIP v5/v6 Implementation Plan CIP v5 Workshop Tony Purgar October 2-3, 2014 Revision History CIP v5/v6 Implementation Plan Change History Date Description Initial Release July 25, 2014 Revision V0.1 August-2014

More information

Standard CIP 003 1 Cyber Security Security Management Controls

Standard CIP 003 1 Cyber Security Security Management Controls A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-1 3. Purpose: Standard CIP-003 requires that Responsible Entities have minimum security management controls in place

More information

How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework

How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework Jacques Benoit, Cooper Power Systems Inc., Energy Automations Solutions - Cybectec Robert O Reilly, Cooper

More information

Reclamation Manual Directives and Standards

Reclamation Manual Directives and Standards Electronic Security Perimeter (ESP) Identification and Access Control Process 1. Introduction. A. This document outlines a multi-step process for identifying and protecting ESPs pursuant to the North American

More information

Notable Changes to NERC Reliability Standard CIP-005-5

Notable Changes to NERC Reliability Standard CIP-005-5 MIDWEST RELIABILITY ORGANIZATION Notable Changes to NERC Reliability Standard CIP-005-5 Electronic Security Perimeter(s) Bill Steiner MRO Principal Risk Assessment and Mitigation Engineer MRO CIP Version

More information

Secure Substation Automation for Operations & Maintenance

Secure Substation Automation for Operations & Maintenance Secure Substation Automation for Operations & Maintenance Byron Flynn GE Energy 1. Abstract Today s Cyber Security requirements have created a need to redesign the Station Automation Architectures to provide

More information

SCADA. The Heart of an Energy Management System. Presented by: Doug Van Slyke SCADA Specialist

SCADA. The Heart of an Energy Management System. Presented by: Doug Van Slyke SCADA Specialist SCADA The Heart of an Energy Management System Presented by: Doug Van Slyke SCADA Specialist What is SCADA/EMS? SCADA: Supervisory Control and Data Acquisition Retrieves data and alarms from remote sites

More information

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT Utilities WHITE PAPER May 2013 INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT Table of Contents Introduction...3 Problem Statement...4 Solution Requirements...5 Components of an Integrated

More information

CIP-003-6 R2 BES Assets Containing Low Impact BCS. Lisa Wood, CISA, CBRA, CBRM Compliance Auditor Cyber Security

CIP-003-6 R2 BES Assets Containing Low Impact BCS. Lisa Wood, CISA, CBRA, CBRM Compliance Auditor Cyber Security CIP-003-6 R2 BES Assets Containing Low Impact BCS Lisa Wood, CISA, CBRA, CBRM Compliance Auditor Cyber Security Slide 2 About Me Been with WECC for 5 years 1 ½ years as a Compliance Program Coordinator

More information

San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions August 10, 2015. Electric Grid Operations

San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions August 10, 2015. Electric Grid Operations San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions August 10, 2015 Electric Grid Operations Director Electric Grid Operations: Responsible for overall transmission

More information

Standard CIP 007 3a Cyber Security Systems Security Management

Standard CIP 007 3a Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for

More information

CrossBow NERC CIP Compliance Matrix

CrossBow NERC CIP Compliance Matrix Section Requirement CIP-002-1 Cyber Security Critical Cyber Asset Identification R3, M3 the Responsible Entity shall develop a list of associated Critical Cyber Assets essential to the operation of the

More information

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security

More information

CIP-005-3 Electronic Security Perimeter (ESP) - Dan Mishra FRCC Compliance Workshop May 09-13, 2011

CIP-005-3 Electronic Security Perimeter (ESP) - Dan Mishra FRCC Compliance Workshop May 09-13, 2011 CIP-005-3 Electronic Security Perimeter (ESP) - Dan Mishra FRCC Compliance Workshop May 09-13, 2011 1 Purpose Specific NERC CIP-005 Requirements Underlying fundamentals of the ESP architecture Building

More information

North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)

North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5) Whitepaper North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5) NERC-CIP Overview The North American Electric Reliability Corporation (NERC) is a

More information

San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions June 4, 2015. Electric Grid Operations

San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions June 4, 2015. Electric Grid Operations San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions June 4, 2015 Electric Grid Operations Director Electric Grid Operations: Responsible for overall transmission

More information

Utility Telecom Forum. Robert Sill, CEO & President Aegis Technologies February 4, 2008

Utility Telecom Forum. Robert Sill, CEO & President Aegis Technologies February 4, 2008 Utility Telecom Forum Robert Sill, CEO & President Aegis Technologies February 4, 2008 1 Agenda Asked to describe his job, Mike Selves, director of Emergency Management and Homeland Security in Johnson

More information

Cyber Security Standards Update: Version 5

Cyber Security Standards Update: Version 5 Cyber Security Standards Update: Version 5 January 17, 2013 Scott Mix, CISSP CIP Technical Manager Agenda Version 5 Impact Levels Format Features 2 RELIABILITY ACCOUNTABILITY CIP Standards Version 5 CIP

More information

Keeping the Lights On

Keeping the Lights On Keeping the Lights On Fundamentals of Industrial Control Risks, Vulnerabilities, Mitigating Controls, and Regulatory Compliance Learning Goals o Understanding definition of industrial controls o Understanding

More information

Welcome to the CIP Workshop!

Welcome to the CIP Workshop! Welcome to the CIP Workshop! Download Materials @ SPP.org ->Regional Entity ->2015 CIP Workshop: Questions or Comments? Email reworkshop@spp.org Please wait for a microphone Submit via online form on workshop

More information

Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity)

Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity) Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity) Abstract Strong identity management enforced with digital authentication mechanisms

More information

Job Descriptions. Job Title Reports To Job Description TRANSMISSION SERVICES Manager, Transmission Services. VP Compliance & Standards

Job Descriptions. Job Title Reports To Job Description TRANSMISSION SERVICES Manager, Transmission Services. VP Compliance & Standards Updated July 11, 2013 Job Descriptions Job Title Reports To Job Description TRANSMISSION SERVICES VP Compliance & Standards Develops strategy and business plans for efficient, safe, reliable, regulatorycompliant

More information

ERCOT Design and Implementation of Internal Controls and benefits for NERC CMEP/RAI

ERCOT Design and Implementation of Internal Controls and benefits for NERC CMEP/RAI ERCOT Design and Implementation of Internal Controls and benefits for NERC CMEP/RAI Matt Mereness, ERCOT Compliance Director August 2015 Anfield Summit Outline of discussion ERCOT Background Business Case

More information

North American Electric Reliability Corporation. Compliance Monitoring and Enforcement Program. December 19, 2008

North American Electric Reliability Corporation. Compliance Monitoring and Enforcement Program. December 19, 2008 116-390 Village Boulevard Princeton, New Jersey 08540-5721 North American Electric Reliability Corporation Compliance Monitoring and Enforcement Program December 19, 2008 APPENDIX 4C TO THE RULES OF PROCEDURE

More information

Lessons Learned CIP Reliability Standards

Lessons Learned CIP Reliability Standards Evidence for a requirement was not usable due to a lack of identifying information on the document. An entity should set and enforce a "quality of evidence" standard for its compliance documentation. A

More information

Standard CIP 004 3a Cyber Security Personnel and Training

Standard CIP 004 3a Cyber Security Personnel and Training A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-3a 3. Purpose: Standard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access

More information

This report was prepared by the staff of the Federal Energy Regulatory Commission in consultation with staff from the North American Electric

This report was prepared by the staff of the Federal Energy Regulatory Commission in consultation with staff from the North American Electric This report was prepared by the staff of the Federal Energy Regulatory Commission in consultation with staff from the North American Electric Reliability Corporation and its Regional Entities. This report

More information

Transmission Owner Reliability Related Task List

Transmission Owner Reliability Related Task List Transmission Owner Reliability Related Task List 1 Terminal Task Given the daily load and weather forecast, evaluate your operating strategy in 1.1 Enabling Objective Identify impacts to the load forecast

More information

NERC CIP Implementation Prepared by David Grubbs City of Garland NERC Critical Infrastructure Protection Committee (CIPC) Municipal Systems are well represented on the NERC CIPC Committee David Grubbs,

More information

IT Security and OT Security. Understanding the Challenges

IT Security and OT Security. Understanding the Challenges IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control

More information

John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)

More information

Standard CIP-006-3c Cyber Security Physical Security

Standard CIP-006-3c Cyber Security Physical Security A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3c 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security

More information

Cyber Security Standards Update: Version 5 with Revisions

Cyber Security Standards Update: Version 5 with Revisions Cyber Security Standards Update: Version 5 with Revisions Security Reliability Program 2015 Agenda CIP Standards History Version 5 Format Impact Levels NOPR Final Rule References 2 RELIABILITY ACCOUNTABILITY

More information

SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT

SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT Issued By: Clifford Gorman Date Issued: July 6, 2015 BID NO.: 15-15060 FORMAL INVITATION FOR BEST VALUE BID (BVB) FOR THE ONE TIME PURCHASE OF SCADA NETWORK

More information

Three Simple Steps to SCADA Systems Security

Three Simple Steps to SCADA Systems Security Three Simple Steps to SCADA Systems Security Presented by: Gabe Shones, PE / Gilbert Kwan, PE Insert Photo Here Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL

More information

Job Descriptions POSITION SUMMARY

Job Descriptions POSITION SUMMARY Job Descriptions POSITION TITLE: Lonnie N. Carter, President and Chief Executive Officer BUSINESS UNIT: President's Office DEPARTMENT: President's Office REPORTS TO: Board of Directors Responsible for

More information

San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions. Electric Grid Operations

San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions. Electric Grid Operations San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions Electric Grid Operations Director Electric Grid Operations: Responsible for overall transmission system operations

More information

Compliance Open Webinar. Thursday, August 20th, 2015

Compliance Open Webinar. Thursday, August 20th, 2015 Compliance Open Webinar Thursday, August 20th, 2015 2 Upcoming Events CIP Advanced Concepts September 9-10, 2015 Compliance Open Webinar September 17, 2015 WECC CIPUG/CUG October 13-15, 2015 Compliance

More information

Network Security in Power Systems. Maja Knezev and Zarko Djekic

Network Security in Power Systems. Maja Knezev and Zarko Djekic Network Security in Power Systems Maja Knezev and Zarko Djekic Introduction Protection control Outline EMS, SCADA, RTU, PLC Attacks using power system Vulnerabilities Solution Conclusion Introduction Generator

More information

Reclamation Manual Directives and Standards

Reclamation Manual Directives and Standards Critical Cyber Asset (CCA) Identification Methodology 1. Introduction. A. The Bureau of Reclamation will employ a multi-step methodology to identify CCAs associated with its inventory of critical assets

More information

Electric Field Operations Organization

Electric Field Operations Organization NSTAR Electric Transmission Function Job Summaries Electric Field Operations Organization Vice President, Electric Field Operations (Transmission) This position has primary responsibility for the planning,

More information

TRANSMISSION OPERATIONS (August 5, 2010)

TRANSMISSION OPERATIONS (August 5, 2010) TRANSMISSION OPERATIONS (August 5, 2010) Managing Director Transmission Operations: Paul B. Johnson The Managing Director - Transmission Operations is responsible for the safe, reliable, costeffective,

More information

Alberta Reliability Standard Cyber Security Incident Reporting and Response Planning CIP-008-AB-5

Alberta Reliability Standard Cyber Security Incident Reporting and Response Planning CIP-008-AB-5 Final Forwarding Draft September 29, 2014 A. Introduction 1. Title: 2. Number: 3. Purpose: To mitigate the risk to the reliable operation of the bulk electric system as the result of a cyber security incident

More information

ISACA rudens konference

ISACA rudens konference ISACA rudens konference 8 Novembris 2012 Procesa kontroles sistēmu drošība Andris Lauciņš Ievads Kāpēc tēma par procesa kontroles sistēmām? Statistics on incidents Reality of the environment of industrial

More information

NB Appendix CIP-004-5.1-NB-1 - Cyber Security Personnel & Training

NB Appendix CIP-004-5.1-NB-1 - Cyber Security Personnel & Training This appendix establishes modifications to the FERC approved NERC standard CIP-004-5.1 for its specific application in New Brunswick. This appendix must be read with CIP-004-5.1 to determine a full understanding

More information

Redesigning automation network security

Redesigning automation network security White Paper WP152006EN Redesigning automation network security Presented at Power and Energy Automation Conference (PEAC), Spokane, WA, March 2014 Jacques Benoit Eaton s Cooper Power Systems Abstract The

More information

TRIPWIRE NERC SOLUTION SUITE

TRIPWIRE NERC SOLUTION SUITE CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering

More information

Data Management Issues associated with the August 14, 2003 Blackout Investigation

Data Management Issues associated with the August 14, 2003 Blackout Investigation Material derived from PNNL-SA-40401 Originally presented June 8, 2004 Data Management Issues associated with the August 14, 2003 Blackout Investigation Jeff Dagle, PE Chief Electrical Engineer and Team

More information

KEY CONSIDERATIONS FOR MIGRATING TO THE VERSION 5 NERC CIP CYBER SECURITY STANDARDS

KEY CONSIDERATIONS FOR MIGRATING TO THE VERSION 5 NERC CIP CYBER SECURITY STANDARDS KEY CONSIDERATIONS FOR MIGRATING TO THE VERSION 5 NERC CIP CYBER SECURITY STANDARDS Lenny Mansell Director, Consulting Services 1 January 29, 2014 AGENDA Introduction Multiple paradigm shifts ahead How

More information

GENe Software Suite. GENe-at-a-glance. GE Energy Digital Energy

GENe Software Suite. GENe-at-a-glance. GE Energy Digital Energy GE Energy Digital Energy GENe Software Suite Today s utilities have complex requirements that need sophisticated solutions. GE Energy s GENe provides these solutions. Using the latest advances in technology,

More information

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies

More information

RuggedCom Solutions for

RuggedCom Solutions for RuggedCom Solutions for NERC CIP Compliance Rev 20080401 Copyright RuggedCom Inc. 1 RuggedCom Solutions Hardware Ethernet Switches Routers Serial Server Media Converters Wireless Embedded Software Application

More information

Last revised: September 1, 2014 TRANSMISSION FUNCTION TITLES AND JOB DESCRIPTIONS

Last revised: September 1, 2014 TRANSMISSION FUNCTION TITLES AND JOB DESCRIPTIONS Last revised: September 1, 2014 TRANSMISSION FUNCTION TITLES AND JOB DESCRIPTIONS EVP, Chief Operations Officer, has primary responsibility for the overall planning, operations and control of the transmission

More information

Joe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security

Joe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security Joe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security CIP-005-3 Audit Approach, ESP Diagrams, Industry Best Practices September 24 25, 2013 SALT LAKE CITY, UTAH

More information

NERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

NERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)

More information

Secure Remote Substation Access Interest Group Part 3: Review of Top Challenges, CIPv5 mapping, and looking forward to 2014!

Secure Remote Substation Access Interest Group Part 3: Review of Top Challenges, CIPv5 mapping, and looking forward to 2014! Secure Remote Substation Access Interest Group Part 3: Review of Top Challenges, CIPv5 mapping, and looking forward to 2014! October 3, 2013 Scott Sternfeld, Project Manager Smart Grid Substation & Cyber

More information

Plans for CIP Compliance

Plans for CIP Compliance Testing Procedures & Recovery Plans for CIP Compliance DECEMBER 16, 2009 Developed with: Presenters Bart Thielbar, CISA Senior Research hanalyst Sierra Energy Group, a Division of Energy Central Primer

More information

NovaTech NERC CIP Compliance Document and Product Description Updated June 2015

NovaTech NERC CIP Compliance Document and Product Description Updated June 2015 NovaTech NERC CIP Compliance Document and Product Description Updated June 2015 This document describes the NovaTech Products for NERC CIP compliance and how they address the latest requirements of NERC

More information

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org. 2014 Utilities Telecom Council

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org. 2014 Utilities Telecom Council Voluntary Cybersecurity Initiatives in Critical Infrastructure Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org 2014 Utilities Telecom Council Utility cybersecurity environment is full of collaborations

More information

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

Information Technology General Controls Review (ITGC) Audit Program Prepared by: Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the

More information

CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT

CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT Energy Research and Development Division FINAL PROJECT REPORT CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT Prepared for: Prepared by: California Energy Commission KEMA, Inc. MAY 2014 CEC

More information

Standard CIP 007 3 Cyber Security Systems Security Management

Standard CIP 007 3 Cyber Security Systems Security Management A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for securing

More information

NERC CIP Compliance 10/11/2011

NERC CIP Compliance 10/11/2011 NERC CIP Compliance 10/11/2011 Authored by Dan Barker, American Transmission Co. Ron Bender, Nebraska Public Power District Richard Burt, Minnkota Power Cooperative, Inc. Marc Child, Great River Energy

More information

Implementation Plan for Version 5 CIP Cyber Security Standards

Implementation Plan for Version 5 CIP Cyber Security Standards Implementation Plan for Version 5 CIP Cyber Security Standards April 10September 11, 2012 Prerequisite Approvals All Version 5 CIP Cyber Security Standards and the proposed additions, modifications, and

More information

Resource Monitoring and Deliverability Tool Paper

Resource Monitoring and Deliverability Tool Paper Resource Monitoring and Deliverability Tool Paper NWPP MC Phase 3 Operations Integration Work Group 11/30/2014 Page 1 of 16 Table of Contents Executive Summary... 3 1. Purpose... 5 2. Existent Methods

More information

Generation Interconnection Feasibility Study Report-Web Version. PJM Generation Interconnection Request Queue Position Z1-055

Generation Interconnection Feasibility Study Report-Web Version. PJM Generation Interconnection Request Queue Position Z1-055 Generation Interconnection Feasibility Study Report-Web Version For PJM Generation Interconnection Request Queue Position Z1-055 South Bend Generation Project March 2014 PJM Interconnection 2014. All rights

More information

Manage Utility IEDs Remotely while Complying with NERC CIP

Manage Utility IEDs Remotely while Complying with NERC CIP Manage Utility IEDs Remotely while Complying with NERC CIP Disclaimer and Copyright The information regarding the products and solutions in this document are subject to change without notice. All statements,

More information

121 FERC 61,143 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION

121 FERC 61,143 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION 121 FERC 61,143 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Before Commissioners: Joseph T. Kelliher, Chairman; Suedeen G. Kelly, Marc Spitzer, Philip D. Moeller, and Jon Wellinghoff.

More information

When Should the NERC CIP be Applied to Smart Grid Projects?

When Should the NERC CIP be Applied to Smart Grid Projects? When Should the NERC CIP be Applied to Smart Grid Projects? Tobias Whitney The Structure Group tobias.whitney@thestructuregroup.com 314 422 7050 Introductions The Structure Group The Structure Group is

More information

Innovative Defense Strategies for Securing SCADA & Control Systems

Innovative Defense Strategies for Securing SCADA & Control Systems 1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet

More information

The Advantages of an Integrated Factory Acceptance Test in an ICS Environment

The Advantages of an Integrated Factory Acceptance Test in an ICS Environment The Advantages of an Integrated Factory Acceptance Test in an ICS Environment By Jerome Farquharson, Critical Infrastructure and Compliance Practice Manager, and Alexandra Wiesehan, Cyber Security Analyst,

More information

On the Road to. Duke takes the road less traveled and arrives at a new level of distribution automation.

On the Road to. Duke takes the road less traveled and arrives at a new level of distribution automation. On the Road to Intelligent CONTINUOUS REMOTE MONITORING INTEGRATED VOLT/VAR CONTROL Duke takes the road less traveled and arrives at a new level of distribution automation. LAYING A SOLID FOUNDATION In

More information

Radiological Assessment Display and Control System

Radiological Assessment Display and Control System Features Fast, real-time data acquisition and control Highly reliable communication with remote terminal units Collecting, converting, integrating and analyzing data from all monitors Detecting, annunciating

More information

RIG Acceptance Test (RAT) Procedures

RIG Acceptance Test (RAT) Procedures RIG Acceptance Test (RAT) Procedures RIG Acceptance Test (RAT) Procedure 0 Print Date 2 /20/2007 REVISION HISTORY REVISON NO. DATE DESCRIPTION 1.0 Initial Release 0 Update Logo and Links i RIG Acceptance

More information

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc. Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources

More information

Information Technology Cyber Security Policy

Information Technology Cyber Security Policy Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please

More information

The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.

The first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process. CIPS Overview Introduction The reliability of the energy grid depends not only on physical assets, but cyber assets. The North American Electric Reliability Corporation (NERC) realized that, along with

More information

APPENDIX G-Emergency Response Plan Template

APPENDIX G-Emergency Response Plan Template APPENDIX G-Emergency Response Plan Template BSDW-ERP Template 10/04 EMERGENCY RESPONSE PLAN WATER SECTOR Public Water System Name: PWSID No: Physical Address: City: State: Zip Code: General Phone Number:

More information

Meeting IED Integration Cyber Security Challenges. Jacques Benoit Manager Cybectec Product and Technology Training Cooper Power Systems

Meeting IED Integration Cyber Security Challenges. Jacques Benoit Manager Cybectec Product and Technology Training Cooper Power Systems Meeting IED Integration Cyber Security Challenges Jacques Benoit Manager Cybectec Product and Technology Training Cooper Power Systems Jacques.Benoit@cybectec.com INTRODUCTION The Nature of the Risk Utilities

More information

References... 4. Appendices... 5. I. INTRODUCTION... 6 A. Background... 6 B. Standards... 6

References... 4. Appendices... 5. I. INTRODUCTION... 6 A. Background... 6 B. Standards... 6 ISO New England Operating Procedure No. 14 - Technical Requirements for Generators, Demand Resources, Asset Related Demands and Alternative Technology Regulation Resources Effective Date: January 29, 2015

More information

Top Ten Compliance Issues for Implementing the NERC CIP Reliability Standard

Top Ten Compliance Issues for Implementing the NERC CIP Reliability Standard Top Ten Compliance Issues for Implementing the NERC CIP Reliability Standard The North American Electric Reliability Corporation 1 s (NERC) CIP Reliability Standard is the most comprehensive and pervasive

More information