170 likes | 419 Views
WECC Critical Infrastructure & Information Management Subcommittee (CIIMS) Report. Bob Mathews CIIMS Chair October 31, 2008. CIP What’s New: FERC. NERC CIP & Nuclear Facilities:
E N D
WECC Critical Infrastructure & Information Management Subcommittee (CIIMS)Report Bob Mathews CIIMS Chair October 31, 2008
CIP What’s New: FERC NERC CIP & Nuclear Facilities: • FERC issued a proposed order September 18, proposing that the current CIP standards (CIP002 - 009) be applicable to nuclear facilities • Docket No. RM06-22-000 • Comments due 11/3 • EEI & NEI Addressing
CIP What’s New: FERC House Bill • House Subcommittee on Energy and Air Quality drafted bill that would give emergency powers to federal regulators to protect the nation's power grid against cyber-attacks • Bill left to next session • The draft measure would allow FERC to: • Order emergency measures to protect the bulk power system if the president or the Energy Department secretary issued a written directive or determination of an imminent cybersecurity threat • Within 120 days to require utilities to guard facilities against the "Aurora" threat
CIP What’s New: NERC New NERC Position – Chief Security Officer • NERC named Michael J. Assante as its new Chief Security Officer Aug 18 • To improve its response to cyber security and critical infrastructure protection concerns • Will formally establish Critical Infrastructure Protection as one of NERC’s program functions • Assante will serve as the single point of contact for the industry, NERC’s Electric Sector Steering Group, and government stakeholders seeking to communicate with NERC on cyber and infrastructure security matters
CIP What’s New: NERC • Critical Infrastructure Protection Committee (CIPC) • CIPC coordinates NERC's security initiatives • Outreach Working Group Regional CIPC Liaison Task Force (RCLTF) • Addressing NERC alert distribution process in an effort to improve ES-ISAC/NERC communications • Communications will go to compliance contacts & new “generic” contact email (e.g. NERCAlerts@pge.com) • Not Intended for Urgent Operational Items
CIP What’s New: NERC Alert Categories: • Industry Advisory- purely informational, intended to alert registered entities to issues or potential problems. A response to NERC is not necessary. • Industry Recommendation - recommend specific action be taken by registered entities. Require a response from recipients as defined in the alert. • Essential Action - require specific action by registered entities and require NERC Board of Trustees approval prior to issuance. Require a response from recipients as defined in the alert. Recent NERC Alerts • Boreas – ES-ISAC issued an advisory 8/27/08 dubbed Boreas regarding an issue w/firmware on IEDs. NERC forum to provide additional info. • ABB Stack Overflow, RealWin Buffer Overflow Vulnerability,Citect SCADA Buffer Overflow Vulnerability, Wonderware SuiteLink Denial of Service Vulnerability, ICONIX Dialog Wrapper Module ActiveX Control
CIP What’s New: NERC • Revisions to NERC CIP002-9 (Cyber Security) Standards: • Standards Authorization Request (SAR): • SAR completed in August. • Most proposed changes based on FERC order 706 ( the FERC action that adopted the CIP2-9 standards early this year). • A few additional items issues: clarification of timeline for newly identified facilities, CIP002 guidance, etc.
CIP What’s New: NERC Revisions to NERC CIP002-9 (Cyber Security) Standards: Standards Drafting: • Team formed in August. First meeting October 6. • Revisions in 2 Phases: • Phase 1 • Low hanging fruit (change revision time from 90 days to 30 days, etc) • Remove Phrases – Reasonable Business Judgment by & Acceptance of Risk • Implementation plan changes – e.g. how soon newly identified facilities need to be in compliance (likely 1 year) • Phase 2 • Address entire set of standards • Going forward – more of a systems approach (i.e. focusing on the data security rather than physical – encrypt rather than protect wires)
CIP What’s New: NERC • NERC CIP002 Guideline • NERC Risk Assessment Working Group (RAWG) drafting CIP002 Guidelines (identification of “Critical Assets”) • Currently posted for NERC CIPC comment • Expect public posting soon • CIIMS to coordinate WECC member review & comment
CIP What’s New: WECC • Critical Infrastructure Protection Users Group (CIPUG) • Workshops on CIP Compliance • CIP 002 April 29-30, 2008 • CIP 003 & 4 June 12-13, 2008 • Future workshops planned • CIP 005 Electronic Security Perimeter Workshop November 12, 2008 Portland, WA • CIP 006 Physical Security of Critical Cyber Assets December 17, 2008 San Diego (tentative) • CIP 007 Systems Security Management January 15, 2009 Tempe (tentative) ` http://www.wecc.biz/wrap.php?file=/wrap/Compliance/Cyber.html
What Can You Do? • Engage in various industry groups & forums • Review and comment on various items • NERC Standards • NERC Guidelines • NERC Interpretations • FERC NOPRs • Etc.
Agreed in May 1 meeting to designate CIIMS as the WECC Critical Infrastructure Protection organization to: Represent and coordinate regional security concerns and positions with the NERC Critical Infrastructure Protection Committee (CIPC) Serve as an security related advisory group to all WECC Committees, Subcommittees and Working Groups Provide a communication path for sharing security related details, developments, and security best practices within the WECC As appropriate, develop, periodically review, and revise security related documents/guidelines for WECC Conduct forums and workshops related to security matters within the WECC Critical Infrastructure & Information Management Subcommittee
NERC Critical Protection Infrastructure Committee (CIPC) • CIPC coordinates NERC's security initiatives • WECC Reps on NERC CIPC • Physical Security • Dick Robert (Chelan PUD) primary • Mary Robinson (PSE) alternate • Operations • Tom Glock (APS) primary • Jack Bernhardsen (PNSC) 1st alternate • Tom Botello (SCE) 2nd alternate • Cyber • Vacant primary • Robert Mathews (PG&E) alternate
NERC Critical Protection Infrastructure Committee (CIPC) • Working Groups • Control Systems Security Working Group (CSSWG) • Outreach Working Group (OWG) • Risk Assessment Working Group (RAWG) • Security Guidelines Working Group (SGWG)
Electricity Sector – Information Sharing and Analysis Center (ES-ISAC) • ES-ISAC • Facilitate communications between electricity sector participants, government (e.g. DHS, DOE) and other critical infrastructures • Operated by NERC • NERC CIPC executive Board is the ES-ISAC
Other Ways To Engage in Cyber Security/Critical Infrastructure Issues • WECC Critical Infrastructure & Information Management Subcommittee (CIIMS) • Energy Management System Work Group (EMSWG) • Data Exchange Work Group (DEWG) • Physical Security Work Group (PSWG) • E-Sec Northwest CIP • Edison Electric Institute (EEI) • Security Committee • Cyber Subcommittee