190 likes | 442 Views
Cyber Security. 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst. STANDARD 1200. Cyber Security Standard. Standard 1200 Background. Urgent Action Cyber Security SAR initiated April, 2003 to identify & protect critical cyber assets WHY? Documented cases of cyber attacks
E N D
Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst
STANDARD 1200 Cyber Security Standard
Standard 1200 Background • Urgent Action Cyber Security SAR initiated April, 2003 to identify & protect critical cyber assets • WHY? • Documented cases of cyber attacks • Several SCADA systems disabled due to virus attacks • EMS & SCADA systems moving toward more standard architectures with known vulnerabilities • Higher risk of cyber incidents due to insider activities
Standard 1200 Background (cont) • Aug 14, 2003 Northeast Blackout • Several entities violated NERC policies and standards • Existing compliance process did not identify and resolve violations • Differing policy and responsibility interpretations • Previous blackout problems repeated • No evidence of terrorist activities, but recognition that the grid is vulnerable.
NERC 1200 Standard • The NERC Board of Trustees has adopted this Standard into the NERC Compliance Enforcement Program (Aug 2003) • All Control Areas and Reliability Coordinators (ERCOT) within North America are expected to self-certify their compliance in the 1st quarter of 2005.
√ √ √ √ √ √ √
NERC Cyber Security Standard 1200 • 1201 – Cyber Security Policy • 1202 – Critical Cyber Assets • 1203 – Electronic Security Perimeter • 1204 – Electronic Access Controls • 1205 – Physical Security Perimeter • 1206 – Physical Access Controls • 1207 – Personnel • 1208 – Monitoring Physical Access
Standard 1200 (cont.) • 1209 – Monitoring Electronic Access • 1210 – Information Protection • 1211 – Training • 1212 – Systems Management • 1213 – Test Procedures • 1214 – Electronic Incident Response Actions • 1215 – Physical Incident Response Actions • 1216 – Recovery Plans
Standard 1200 Requirements Document Document Document
Standard 1200 Guidelines • In most cases the NERC 1200 Standard does not specify the actual required solution. Those decisions have been left up to the asset owners and operators.
Standard 1200 Expectations • ERCOT as the Control Area & Reliability Coordinator self-certified in Q1’05 • Annual self-certification is required of Control Areas and Reliability Coordinators • All owner/operators of SCADA and EMS are expected to be in compliance, but are not required to self-certify! • There are no sanctions that can be imposed at this time
Cyber Security 1300 Standard • Standard 1200 is set to expire in Aug, 2005 but will be replaced by Standard 1300 • The 16 areas of the 1200 Standard have been combined into 8 areas in the 1300 Standard • 1300 encompasses all of 1200 and includes additional items
NERC Conventions • NERC is re-organizing it’s Standards naming and numbering conventions • Standard 1300 is now part of the CIP (Critical Infrastructure Protection) policy. • CIP-002 thru CIP-009 will replace 1301 thru 1308
Summary • ERCOT is required to self-certify to the 1200 Standard and has done so • FERC is pressing very hard for the industry through NERC to insure there is full compliance with Standard 1200 • All entities with SCADA & EMS are expected to comply but are not required to self-certify at this time
What Should I Do? • It is very likely that ERCOT Compliance will be asked to audit and enforce CIP policies either through NERC or through ERCOT developed Protocols & Guides • 2005 – not likely • 2006 – possible • 2007 – very likely but……. • Don’t wait – be proactive rather than reactive!
NERC Cyber Security Resources • Cyber Security Workshop Presentations • www.esisac.com/library-CSS-WS.htm • NERC Cyber Security 1200 Standard • www.nerc.com/~filez/standards-cyber.html • NERC Cyber Security 1300 Standard • www.nerc.com/~filez/standards/Cyber-Security-Permanent.html • NERC Cyber Security Cross-Reference • www.nerc.com/~filez/standards/Cyber-Security-Permanent.html
CYBER SECURITY STANDARDS Questions???????? 1300 1200 CIP-002 – CIP-009