1 / 14

WECC COMPLIANCE OUTREACH OPEN WEBINAR

WECC COMPLIANCE OUTREACH OPEN WEBINAR. Thursday, July 18, 2013 2:00 pm MT. AGENDA. Cyber Security Procedures Nick Weber WECC Bifurcation Update Laura Scholl Questions and Answers . Nick Weber Compliance Auditor – Cyber Security. Procedures 07/18/2013 Salt Lake City, UT. Disclaimer.

avital
Download Presentation

WECC COMPLIANCE OUTREACH OPEN WEBINAR

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WECC COMPLIANCE OUTREACH OPEN WEBINAR Thursday, July 18, 2013 2:00 pm MT

  2. AGENDA • Cyber Security Procedures Nick Weber • WECC Bifurcation Update Laura Scholl • Questions and Answers

  3. Nick WeberCompliance Auditor – Cyber Security Procedures 07/18/2013 Salt Lake City, UT

  4. Disclaimer The Western Electricity Coordinating Council (WECC) makes no representation as to the accuracy or completeness of the information contained herein or otherwise provided by WECC, their affiliates or third parties, and accept no responsibility or liability, in contract, in tort, in negligence, or otherwise, should the information be found to be inaccurate or incomplete in any respect. WECC is not acting as an advisor to the recipient of this information, and the ultimate decision to proceed with any action rests solely with the recipient of this information. Therefore, prior to entering into any action, the recipient of this information should determine, without reliance upon WECC, the economic risks and merits, as well as the legal, and accounting characterizations and consequences, of the transaction and that it is able to assume these risks.

  5. Applicability • The CIP Audit team has identified a trend of entities relying on tribal knowledge for compliance-related tasks. • Over a dozen CIP requirements use the term procedure or procedural controls. • Even more requirements cascade off a previous requirement that calls out a procedure.

  6. Definitions • Process: a series of actions or operations conducing to an end • Procedure: a series of steps followed in a regular definite order • http://www.merriam-webster.com/dictionary

  7. NERC Definitions • Process: A document that identifies general steps for achieving a generic operating goal. An Operating Process includes steps with options that may be selected depending upon Real-time conditions. A guideline for controlling high voltage is an example of an Operating Process. • Procedure: A document that identifies specific steps or tasks that should be taken by one or more specific operating positions to achieve specific operating goal(s). The steps in an Operating Procedure should be followed in the order in which they are presented, and should be performed by the position(s) identified. A document that lists the specific steps for a system operator to take in removing a specific transmission line from service is an example of an Operating Procedure. • NERC Glossary of Terms Dated 3/15/2011

  8. Audit Approach • The WECC CIP Audit team evaluates procedures from the perspective of a person with reasonable knowledge of information systems but no knowledge of the registered entity’s internal processes. • Steps should be clear and repeatable • Every step must be documented • Completion of all steps will consistently produce the desired end state

  9. Napoleon’s Corporal Napoleon recognized how vital it was to have an enlisted soldier in the planning process. During every Battle Plans briefing Napoleon would have a Corporal shine his boots knowing that the Corporal was listening. Once the General Staff finished the brief, Napoleon would look down at the Corporal and asked if he understood the plan. If the Corporal answered, Yes Sir! The General would have his Staff execute the plan. If the Corporal answered, No Sir! The General would have the General Staff rewrite the plan.

  10. Procedure Review Techniques • Reviewed by someone with a reasonable knowledge of information systems, but does not regularly carry out the procedure • Take advantage of a new employee’s unfamiliarity with your systems and processes by having them use the procedure to carry out the action

  11. Procedure Requirements • Document every step • Can be carried out by someone with no knowledge of the registered entity’s processes • Connects all the dots

  12. Additional Resources • Procedure Writing By Dr. John Robert Dew http://bama.ua.edu/~st497/pdf/procedurewriting.pdf • DOE Standard Writer’s Guide for Technical Procedures http://www.hss.doe.gov/nuclearsafety/techstds/docs/standard/s1029cn.pdf

  13. Nick Weber Compliance Auditor – Cyber Security 801-386-6288 nweber@wecc.biz Questions?

  14. WECC STRATEGIC PLANNING INITIATIVEFREQUENTLY ASKED QUESTIONS Thursday, July 18, 2013 2:00 pm MT

More Related