WECC CIIMS Report

1. WECC CIIMS Report Bob Mathews CIIMS Chair June 19, 2009

2. 11 days: 14 hours: 30 min: 20 sec

3. CIIMS Organizational Structure OPERATING COMMITTEE (OC) CRITICAL INFRASTRUCTURE & INFORMATION MANAGEMENT SUBCOMMITTEE (CIIMS) PHYSICAL SECURITY WORK GROUP (PSWG) ENERGY MANAGEMENT SYSTEM WORK GROUP (EMSWG) DATA EXCHANGE WORK GROUP (DEWG)

4. Industry Groups Addressing Critical Infrastructure Issues WECC Critical Infrastructure Protection Users Group(CIPUG) • 2009 CIP workshops • CIP-007 Systems Security Management, January 20, Mesa • Auditable Compliance, February 10-11, Salt Lake City • CIP-008/009 March 18, Boise • CIP-003 Security Management Controls, April 14, Denver • CIP-004 Spot-Check/Audit Approach Workshop, May 5, Albuquerque • Previous workshop materials available on WECC CIPUG webpage: http://wecc1.guidance.com/Application/ContentPageView.aspx?ContentId=305

5. NERC Critical Protection Infrastructure Committee (CIPC) Industry Groups Addressing Critical Infrastructure Issues • CIPC coordinates NERC's security initiatives • WECC Reps on NERC CIPC • Physical Security • Scott Lachasse (SCE) primary (pending) • Darren Nielsen (APS) alternate (pending) • Operations • Tom Glock (APS) Primary (CIPC executive committee) • Tom Botello (SCE) Alternate • Cyber • Bob Mathews (PG&E) Primary • Chris Jager (PSE) alternate (pending)

6. Other Ways To Engage in Critical Infrastructure Protection Issues Industry Groups Addressing Critical Infrastructure Issues • E-Sec Northwest – Renamed Energy Sector Security Consortium (EnergySec) • WECC Critical Infrastructure & Information Management Subcommittee (CIIMS) • Energy Management System Work Group (EMSWG) • Data Exchange Work Group (DEWG) • Physical Security Work Group (PSWG) • Edison Electric Institute (EEI) • Security Committee • Cyber Subcommittee

7. NERC CIP002-9 (Cyber Security) Standards: • Revisions to NERC CIP002-009 (in 2 phases): • Phase 1: (Standards Version 2) • Revisions include modifications to the standards so they conform to the latest approved versions of the ERO Rules of Procedure and addressing the directives issued by FERC, in Order 706 • CIP002-009 Version 2 approved by NERC BOT May 6, 2009. FERC Approval Pending. • Phase 2: (Standards Version 3) • Drafting team proceeding with Version 3 Standards • The latest status and information related to CIP2-9 revisions can be found on the NERC Website: http://www.nerc.com/filez/standards/Project_2008-06_Cyber_Security.html

11. NERC CIP002-9 (Cyber Security) Standards: CIP002-009 Audits • All Regions will be spot checking all Table 1 entities in the AC phase between 7/1/09 and 12/31/10 (WECC schedule 7/1/10) • “Table 2” audits: 26 beginning 7/1/2010 • “Table 3” audits: 45 beginning 1/1/2011 • WECC spot-checks/audits schedule and details posted on WECC Website

12. NERC CIP002-9 (Cyber Security) Standards: Other CIP002-009 Activity • Violation Severity Level voting on-going now (ballot window closes June 22) • NERC Risk Assessment Working Group (RAWG) posted CIP002 Guidelines (identification of “Critical Assets”) for industry comment. Comments currently being reviewed. • NERC CIP 006-01 Interpretation: Progress Energy requested a clarification on CIP006 requirement 1 related to wiring and the physical and electronic security perimeters. The interpretation was voted down by NERC membership. A revised interpretation is being drafted. • Revised Reliability Standards Audit Worksheets (RSAWs) posted for CIP-001-009 See Link: http://www.nerc.com/page.php?cid=3|22 Technical Feasibility Exception Process (TFEs) • NERC to establish a procedure for the submission, review, audit, and approval of Technical Feasibility Exceptions (TFEs). These proposed revisions to NERC’s Rules of Procedure will establish the TFE procedures. They are intended as a complement to the Cyber Security standards CIP-002-2 through CIP-009-2

13. NERC CIP002-9 (Cyber Security) Standards: Other CIP002-009 Activity • Technical Feasibility Exception Process (TFEs): • NERC to establish a procedure for the submission, review, audit, and approval of Technical Feasibility Exceptions (TFEs). • Proposed revisions to NERC’s Rules of Procedure will establish the TFE procedures. • Intended as a complement to the Cyber Security standards CIP 002-009 Version through CIP-009-2 • NERC Staff currently reviewing comments • Exception not exemption (i.e. alternate means of compliance) • NERC CIP & Nuclear Facilities: • FERC issued order 706 B, March 19, which directs CIP002-009 be applicable to nuclear facilities “balance of plant”. • Order 706 B directs NERC to develop an implementation schedule 180 days from issuance of 706-B.

14. What Can You Do? • Engage in various industry groups & forums • Review and comment on various items • NERC Standards • NERC Guidelines • NERC Interpretations • FERC NOPRs • Proposed Legislation • Etc.

15. ?? Questions ??Comments

16. Goals 1) Provide quality information to the Operating Committee members on implementation issues related to the NERC Critical Infrastructure Protection (CIP) Standards (aka Cyber Security). 2) Support the Western Interchange Tool (WIT), West-wide System Model (WSM), the Reliability Coordinator Initiative, and Wide Area Measurement Task Force (WAMTF). 3) Represent and coordinate regional security concerns and positions with the NERC Critical Infrastructure Protection Committee (CIPC). Critical Infrastructure & Information Management Subcommittee (CIIMS)

17. No approval items for OC 2009 Actions Include: Re-Draft CIIMS Charter into new WECC format Convert CIIMS Documents into new WECC categories/format Provide Comment/Voting Guidance on NERC Standards, etc. Critical Infrastructure & Information Management Subcommittee

18. Agreed in May 1, 2008 meeting to designate CIIMS as the WECC Critical Infrastructure Protection organization to: Represent and coordinate regional security concerns and positions with the NERC Critical Infrastructure Protection Committee (CIPC) Serve as an security related advisory group to all WECC Committees, Subcommittees and Working Groups Provide a communication path for sharing security related details, developments, and security best practices within the WECC As appropriate, develop, periodically review, and revise security related documents/guidelines for WECC Conduct forums and workshops related to security matters within the WECC Critical Infrastructure & Information Management Subcommittee

19. Energy Management System Work GroupChair – Gray Wright • EMSWG Meeting held February 18-19 in San Francisco • Joint Meeting w/DEWG July 9-10 in Salt Lake City • EMSWG addressing RC EMS Issues such as WSM Updates • EMSWG is continuing to address WIT, WSM and NERC CIP Issues

20. Data Exchange Work GroupChair – Vern Kissner • DEWG Meeting held March 12-13 in Vancouver. • Joint Meeting w/EMSWG July 9-10 in Salt Lake City • DEWG is drafting new regional criteria on WON Security. • Secure ICCP Deployment • Secure ICCP up and running at WAPA Loveland between EHV data pool and RMRC. Full implementation at RCs delayed due to transfer to new WECC RCs. • WAMS (Phasor) data is available as 10 sec. ICCP data (voltage and angle pairs) from BPA. DEWG. • WECC Messaging System • Management of the WECCnet Messaging system transitioning to WECC EMS Staff in 2009.

21. PSWG meetings held February 26-27 in San Diego, and May 21-22 in San Francisco. Future Meetings: September 21 in Seattle; November 12-13 in Boulder City, Nevada PSWG is addressing items including: Dams Sector Coordinating Council Issues NERC Standards Drafting Teams – concern that Physical Security is not appropriately represented in standards drafting. Compliance Status Best Practices Pandemic experiences Physical Security Work GroupChair - Roger SerraVice Chair – Darren Nielsen

22. NERC Critical Protection Infrastructure Committee (CIPC) • Working Groups • Control Systems Security Working Group (CSSWG) • Risk Assessment Working Group (RAWG) • Security Guidelines Working Group (SGWG)