Wecc critical infrastructure information management subcommittee ciims report
Sponsored Links
This presentation is the property of its rightful owner.
1 / 17

WECC Critical Infrastructure & Information Management Subcommittee (CIIMS) Report PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

WECC Critical Infrastructure & Information Management Subcommittee (CIIMS) Report. Bob Mathews CIIMS Chair October 31, 2008. CIP What’s New: FERC. NERC CIP & Nuclear Facilities:

Download Presentation

WECC Critical Infrastructure & Information Management Subcommittee (CIIMS) Report

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

WECC Critical Infrastructure & Information Management Subcommittee (CIIMS)Report

Bob Mathews


October 31, 2008

CIP What’s New: FERC

NERC CIP & Nuclear Facilities:

  • FERC issued a proposed order September 18, proposing that the current CIP standards (CIP002 - 009) be applicable to nuclear facilities

    • Docket No. RM06-22-000

    • Comments due 11/3

    • EEI & NEI Addressing

CIP What’s New: FERC

House Bill

  • House Subcommittee on Energy and Air Quality drafted bill that would give emergency powers to federal regulators to protect the nation's power grid against cyber-attacks

    • Bill left to next session

    • The draft measure would allow FERC to:

      • Order emergency measures to protect the bulk power system if the president or the Energy Department secretary issued a written directive or determination of an imminent cybersecurity threat

      • Within 120 days to require utilities to guard facilities against the "Aurora" threat

CIP What’s New: NERC

New NERC Position – Chief Security Officer

  • NERC named Michael J. Assante as its new Chief Security Officer Aug 18

    • To improve its response to cyber security and critical infrastructure protection concerns

    • Will formally establish Critical Infrastructure Protection as one of NERC’s program functions

    • Assante will serve as the single point of contact for the industry, NERC’s Electric Sector Steering Group, and government stakeholders seeking to communicate with NERC on cyber and infrastructure security matters

CIP What’s New: NERC

  • Critical Infrastructure Protection Committee (CIPC)

    • CIPC coordinates NERC's security initiatives

  • Outreach Working Group Regional CIPC Liaison Task Force (RCLTF)

    • Addressing NERC alert distribution process in an effort to improve ES-ISAC/NERC communications

    • Communications will go to compliance contacts & new “generic” contact email (e.g. NERCAlerts@pge.com)

    • Not Intended for Urgent Operational Items

CIP What’s New: NERC

Alert Categories:

  • Industry Advisory- purely informational, intended to alert registered entities to issues or potential problems. A response to NERC is not necessary.

  • Industry Recommendation - recommend specific action be taken by registered entities. Require a response from recipients as defined in the alert.

  • Essential Action - require specific action by registered entities and require NERC Board of Trustees approval prior to issuance. Require a response from recipients as defined in the alert.

    Recent NERC Alerts

  • Boreas – ES-ISAC issued an advisory 8/27/08 dubbed Boreas regarding an issue w/firmware on IEDs. NERC forum to provide additional info.

  • ABB Stack Overflow, RealWin Buffer Overflow Vulnerability,Citect SCADA Buffer Overflow Vulnerability, Wonderware SuiteLink Denial of Service Vulnerability, ICONIX Dialog Wrapper Module ActiveX Control

CIP What’s New: NERC

  • Revisions to NERC CIP002-9 (Cyber Security) Standards:

    • Standards Authorization Request (SAR):

      • SAR completed in August.

      • Most proposed changes based on FERC order 706 ( the FERC action that adopted the CIP2-9 standards early this year).

      • A few additional items issues: clarification of timeline for newly identified facilities, CIP002 guidance, etc.

CIP What’s New: NERC

Revisions to NERC CIP002-9 (Cyber Security) Standards:

Standards Drafting:

  • Team formed in August. First meeting October 6.

  • Revisions in 2 Phases:

    • Phase 1

      • Low hanging fruit (change revision time from 90 days to 30 days, etc)

      • Remove Phrases – Reasonable Business Judgment by & Acceptance of Risk

      • Implementation plan changes – e.g. how soon newly identified facilities need to be in compliance (likely 1 year)

    • Phase 2

      • Address entire set of standards

      • Going forward – more of a systems approach (i.e. focusing on the data security rather than physical – encrypt rather than protect wires)

CIP What’s New: NERC

  • NERC CIP002 Guideline

    • NERC Risk Assessment Working Group (RAWG) drafting CIP002 Guidelines (identification of “Critical Assets”)

    • Currently posted for NERC CIPC comment

    • Expect public posting soon

    • CIIMS to coordinate WECC member review & comment

CIP What’s New: WECC

  • Critical Infrastructure Protection Users Group (CIPUG)

    • Workshops on CIP Compliance

      • CIP 002 April 29-30, 2008

      • CIP 003 & 4 June 12-13, 2008

    • Future workshops planned

      • CIP 005 Electronic Security Perimeter Workshop

        November 12, 2008 Portland, WA

      • CIP 006 Physical Security of Critical Cyber Assets

        December 17, 2008 San Diego (tentative)

      • CIP 007 Systems Security Management

        January 15, 2009 Tempe (tentative)



What Can You Do?

  • Engage in various industry groups & forums

  • Review and comment on various items

    • NERC Standards

    • NERC Guidelines

    • NERC Interpretations

    • FERC NOPRs

    • Etc.

?? Questions ??Comments

Agreed in May 1 meeting to designate CIIMS as the WECC Critical Infrastructure Protection organization to:

Represent and coordinate regional security concerns and positions with the NERC Critical Infrastructure Protection Committee (CIPC)

Serve as an security related advisory group to all WECC Committees, Subcommittees and Working Groups

Provide a communication path for sharing security related details, developments, and security best practices within the WECC

As appropriate, develop, periodically review, and revise security related documents/guidelines for WECC

Conduct forums and workshops related to security matters within the WECC

Critical Infrastructure & Information Management Subcommittee

NERC Critical Protection Infrastructure Committee (CIPC)

  • CIPC coordinates NERC's security initiatives

  • WECC Reps on NERC CIPC

    • Physical Security

      • Dick Robert (Chelan PUD) primary

      • Mary Robinson (PSE) alternate

    • Operations

      • Tom Glock (APS) primary

      • Jack Bernhardsen (PNSC) 1st alternate

      • Tom Botello (SCE) 2nd alternate

    • Cyber

      • Vacant primary

      • Robert Mathews (PG&E) alternate

NERC Critical Protection Infrastructure Committee (CIPC)

  • Working Groups

    • Control Systems Security Working Group (CSSWG)

    • Outreach Working Group (OWG)

    • Risk Assessment Working Group (RAWG)

    • Security Guidelines Working Group (SGWG)

Electricity Sector – Information Sharing and Analysis Center (ES-ISAC)


    • Facilitate communications between electricity sector participants, government (e.g. DHS, DOE) and other critical infrastructures

  • Operated by NERC

  • NERC CIPC executive Board is the ES-ISAC

Other Ways To Engage in Cyber Security/Critical Infrastructure Issues

  • WECC Critical Infrastructure & Information Management Subcommittee (CIIMS)

    • Energy Management System Work Group (EMSWG)

    • Data Exchange Work Group (DEWG)

    • Physical Security Work Group (PSWG)

  • E-Sec Northwest CIP

  • Edison Electric Institute (EEI)

    • Security Committee

    • Cyber Subcommittee

  • Login