Stakeholder Comparison Comment Rationale Matrix 2012-12-11 AESO AUTHORITATIVE DOCUMENT PROCESS Alberta Reliability Standard – CIP-002 AB-4A Cyber Security-Critical Cyber Asset Identification Date of Request for Comment [yyyy/mm/dd]: Period of Consultation [yyyy/mm/dd]: Comments From: 2012-12-11 2012-12-11 Company name through 2013-01-25 Contact: Company Contact Phone: Contact Phone Number E-mail: Contact E-mail Date [yyyy/mm/dd]: Draft 2 Issued for Stakeholder Consultation: 2012-12-11 1 NERC 002-4a Purpose NERC Standards CIP-002-4 through CIP-009-4 provide a cyber security framework for the identification and protection of Critical Cyber Assets to support reliable operation of the Bulk Electric System. These standards recognize the differing roles of each entity in the operation of the Bulk Electric System, the criticality and vulnerability of the assets needed to manage Bulk Electric System reliability, and the risks to which they are exposed. Business and operational demands for managing and maintaining a reliable Bulk Electric System increasingly rely on Cyber Assets supporting critical reliability functions and processes to communicate with each other, across functions and organizations, for services and data. This results in increased risks to these Cyber Assets. Standard CIP-002-4 requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System. These Critical Assets are to be identified through the application of the criteria in Attachment 1. COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) Clarified the purpose to align with the Purpose content of proposed CIP-002-AB-4a. The purpose of this reliability standard is to identify and document Removed background and explanatory the critical cyber assets associated information relative to other CIP with the critical assets that support reliability standards. the reliable operation of the interconnected electric system. Draft 2 Issued for Stakeholder Consultation: 2012-12-11 AESO Replies 2 NERC 002-4a Applicability 4.1. Within the text of Standard CIP002-4, “Responsible Entity” shall mean: 4.1.1 Reliability Coordinator. 4.1.2 Balancing Authority. 4.1.3 Interchange Authority. 4.1.4 Transmission Service Provider. 4.1.5 Transmission Owner. 4.1.6 Transmission Operator. 4.1.7 Generator Owner. 4.1.8 Generator Operator. 4.1.9 Load Serving Entity. 4.1.10 NERC. 4.1.11 Regional Entity. 4.2. The following are exempt from Standard CIP-002-4: 4.2.1 Facilities regulated by the Canadian Nuclear Safety Commission. 4.2.2 Cyber Assets associated with communication networks and data communication links between discrete Electronic Security Perimeters. 4.2.3 In nuclear plants, the systems, structures, and components that are regulated by the Nuclear Regulatory Commission under a cyber security plan pursuant to 10 C.F. R. Section 73.54. COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) New Applicability Amended This reliability standard applies to: Deleted (a) the legal owner of a transmission facility that is The terms used to describe applicable part of the bulk electric entities in this reliability standard have system operated at or above been amended from the NERC version one hundred (100) kV; in order to correctly identify the applicable entities in Alberta and to align (b) the operator of a with terms included in the AESO transmission facility that is Consolidated Authoritative Documents part of the bulk electric Glossary. system operated at or above one hundred (100) kV; In addition, clarification regarding what (c) the legal owner of a being “part of the bulk electric system” generating unit that is: means has been provided where necessary. (i) directly connected to the bulk electric system or part of an industrial complex that is directly connected to the bulk electric system and has a maximum authorized real power rating greater than eighteen (18) MW; AESO Replies (ii) within a power plant which: Draft 2 Issued for Stakeholder Consultation: 2012-12-11 (A) is not part of an aggregated generating facility; (B) is directly connected to the bulk electric system; and (C) has a combined 3 COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) maximum authorized real power rating greater than sixty-seven point five (67.5) MW; NERC 002-4a AESO Replies (iii) a black start resource; or (iv) regardless of maximum authorized real power rating, a generating unit the ISO designates in accordance with criterion 1.3 in Appendix 1; (d) the operator of a generating unit that is: (i) directly connected to the bulk electric system or part of an industrial complex that is directly connected to the bulk electric system and has a maximum authorized real power rating greater than eighteen (18) MW; (ii) within a power plant which: (A) is not part of an aggregated generating facility; (B) is directly connected to the bulk electric system; and (C) has a combined Draft 2 Issued for Stakeholder Consultation: 2012-12-11 4 COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) maximum authorized real power rating greater than sixty-seven point five (67.5) MW; NERC 002-4a AESO Replies (iii) a black start resource; or (iv) regardless of maximum authorized real power rating, a generating unit the ISO designates in accordance with criterion 1.3 in Appendix 1; (e) the legal owner of an aggregated generating facility that is: (i) directly connected to the bulk electric system and has a maximum authorized real power rating greater than sixtyseven point five (67.5) MW; (ii) a black start resource; or (iii) regardless of maximum authorized real power rating, an aggregated generating facility the ISO designates in accordance with criterion 1.3 in Appendix 1; (f) the operator of an aggregated Draft 2 Issued for Stakeholder Consultation: 2012-12-11 5 NERC 002-4a COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) generating facility that is: AESO Replies (i) directly connected to the bulk electric system and has a maximum authorized real power rating greater than sixty-seven point five (67.5) MW; (ii) a black start resource; or (iii) regardless of maximum authorized real power rating, an aggregated generating facility the ISO designates in accordance with criterion 1.3 in Appendix 1; (g) the legal owner of an electric distribution system that owns any facilities or systems that are designed, installed and operated for the protection or restoration of the bulk electric system, including: (i) an underfrequency load shedding program; (ii) an under voltage load shed program; and (iii) those facilities in the ISO's restoration plan; (h) the ISO. In this reliability standard, the term “responsible entity” means all those Draft 2 Issued for Stakeholder Consultation: 2012-12-11 6 NERC 002-4a COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) that are listed above. AESO Replies Exemptions: Cyber assets associated with communication networks and with data communication links between discrete electronic security perimeters are exempt from the requirements of CIP002-AB-4a. Effective Date The first day of the eighth calendar quarter after applicable regulatory approvals have been received (or the Reliability Standard otherwise becomes effective the first day of the ninth calendar quarter after BOT adoption in those jurisdictions where regulatory approval is not required) Effective Date The first day of the calendar quarter, (January 1, April 1, July 1 or October 1), that follows four full calendar quarters after approval by the Commission. R1 Critical Asset Identification — The Responsible Entity shall develop a list of its identified Critical Assets determined through an annual application of the criteria contained in CIP-002-4 Attachment 1 – Critical Asset Criteria. The Responsible Entity shall update this list as necessary, and review it at least annually. M1 The Responsible Entity shall make available its list of Critical Assets as specified in Requirement R1. R1 The responsible entity must develop a list of its identified critical assets determined through the application of the criteria contained in Appendix 1, Critical Asset Criteria. R2 The responsible entity must update the list developed pursuant to requirement R1 through the application of the criteria contained in Appendix 1 as necessary, and review the list at least once every calendar year. Draft 2 Issued for Stakeholder Consultation: 2012-12-11 The proposed effective date has been amended to allow a reasonable amount of time for Alberta entities to implement proposed CIP-002-AB-4a. New Amended Deleted NERC requirement R1 contains two requirements that have been divided into Alberta requirements R1 and R2 to separate out specific responsibilities. Alberta requirements R1 and R2 have been drafted in accordance with the AESO’s Alberta reliability standards drafting principles to add clarity to the requirements. 7 NERC 002-4a COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) R3 The responsible entity must update New the list developed pursuant to Amended requirement R1 to include any new Deleted facilities identified pursuant to requirement R8 within twelve (12) Alberta requirement R3 has been added months of the notification that the ISO to identify that the updated list must is required to provide in requirement include new facilities as required R9. pursuant to requirement R8 and to identify the appropriate implementation timeframe. AESO Replies Alberta requirement R3 has been drafted in accordance with the AESO’s Alberta reliability standards drafting principles to add clarity to the requirements. R2. Critical Cyber Asset Identification— Using the list of Critical Assets developed pursuant to Requirement R1, the Responsible Entity shall develop a list of associated Critical Cyber Assets essential to the operation of the Critical Asset. The Responsible Entity shall update this list as necessary, and review it at least annually. For each group of generating units (including nuclear generation) at a single plant location identified in Attachment 1, criterion 1.1, the only Cyber Assets that must be considered are those shared Cyber Assets that could, within 15 minutes, adversely impact the reliable operation of any combination of units that in aggregate R4 The responsible entity must use the list of critical assets developed pursuant to requirement R1 and updated pursuant to requirement R2, to develop a list of associated critical cyber assets essential to the operation of the critical asset and specifically: (a) for each group of generating units at a single plant location identified in Appendix 1, criterion 1.1, the only cyber assets that must be considered are those shared cyber assets that could, within fifteen (15) minutes, adversely impact the reliable operation of any combination of generating units that in aggregate equal or exceed Appendix 1, criterion Draft 2 Issued for Stakeholder Consultation: 2012-12-11 New Amended Deleted NERC requirement R2 contains two requirements that have been divided into Alberta requirements R4 and R5 to separate out specific responsibilities. Alberta requirements R4 and R5 have been drafted in accordance with the AESO’s Alberta reliability standards drafting principles to add clarity to the requirements. Further, reference to nuclear generation has been removed as it does not exist in Alberta at this time. 8 COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) NERC 002-4a equal or exceed Attachment 1, criterion 1.1. For the purpose of Standard CIP-002-4, Critical Cyber Assets are further qualified to be those having at least one of the following characteristics: • The Cyber Asset uses a routable protocol to communicate outside the Electronic Security Perimeter; or, • The Cyber Asset uses a routable protocol within a control center; or, • The Cyber Asset is dial-up accessible AESO Replies 1.1; (b) for criteria 1.2 to 1.18 in Appendix 1, cyber assets that must be considered are those cyber assets that could, within fifteen (15) minutes, adversely impact the operation of the critical asset; and (c) for the purposes of CIP-002AB-4a, critical cyber assets are further qualified to be those having at least one (1) of the following characteristics: (i) the cyber asset uses a routable protocol to communicate outside the electronic security perimeter; (ii) the cyber asset uses a routable protocol within a control center; or (iii) the cyber asset is dial-up accessible. R5 The responsible entity must update the list as necessary in requirement R4 when cyber assets change and review it at least once every calendar year. R3. Annual Approval —The senior manager or delegate(s) shall approve annually the list of Critical Assets and the list of Critical Cyber Assets. Based R6 The responsible entity must have its CIP Senior Manager or delegate approve, at least once every calendar year, the list of critical assets and the list of critical cyber assets and based Draft 2 Issued for Stakeholder Consultation: 2012-12-11 New Amended Deleted NERC requirement R3 contains two 9 NERC 002-4a on Requirements R1 and R2 the Responsible Entity may determine that it has no Critical Assets or Critical Cyber Assets. The Responsible Entity shall keep a signed and dated record of the senior manager or delegate(s)’s approval of the list of Critical Assets and the list of Critical Cyber Assets (even if such lists are null.) COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) on requirements R1, R2, R4 and R5, requirements that have been divided into the responsible entity may determine Alberta requirements R6 and R7 to that it has no critical assets or critical separate out specific responsibilities. cyber assets. Alberta requirements R6 and R7 have R7 The responsible entity must keep a been drafted in accordance with the signed and dated record of its CIP AESO’s Alberta reliability standards Senior Manager or delegate’s drafting principles to add clarity to the approval of the list of critical assets requirements. and the list of critical cyber assets, even if such lists contain no entries. R8 The ISO must, at least once every calendar year, review the facilities that meet criteria 1.3, 1.4, 1.5, 1.8, 1.9 or 1.11 in Appendix 1 and identify any new facilities and any facilities that no longer meet the criteria. AESO Replies New Amended Deleted New Alberta requirement R8 has been added in proposed CIP-002-AB-4a to set out the responsibilities of the AESO that must be met in Appendix 1. Alberta requirement R8 has been drafted in accordance with the AESO’s Alberta reliability standards drafting principles to add clarity to the requirements. R9 The ISO must, within ninety (90) days of completing the review, notify legal owners of those facilities that are affected by the result of the review and of those facilities that are newly identified by the review as required in requirement R8. Draft 2 Issued for Stakeholder Consultation: 2012-12-11 New Amended Deleted New Alberta requirement R9 has been added in proposed CIP-002-AB-4a to set out the timeline and responsibilities of the AESO that must be met in Appendix 1. 10 NERC 002-4a COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) AESO Replies Alberta requirement R9 has been drafted in accordance with the AESO’s Alberta reliability standards drafting principles to add clarity to the requirements. Draft 2 Issued for Stakeholder Consultation: 2012-12-11 11 NERC 002-4a M1. The Responsible Entity shall make available its list of Critical Assets as specified in Requirement R1. COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) M1 Evidence of developing a list of its All proposed CIP-002-AB-4a measures identified critical assets as required in have been drafted in accordance with requirement R1 exists. Evidence may the AESO’s Alberta reliability standards include a list of critical assets showing drafting principles. the identifier of each critical asset and the date when each critical asset was Amended NERC measurement M1 to improve clarity, and provide examples updated to the list. of what evidence may include, and to M2 Evidence of updating the list align with Alberta requirements R1, R2 developed pursuant to requirement R1 and R3. as required in requirement R2 exists. Evidence may include: AESO Replies (a) documentation showing the date and result of each review and the identification of personnel who conducted the review; and (b) the updated list of critical assets showing that changes based on the result of the review, if any, were made. M3 Evidence of updating the list developed pursuant to requirement R1 as required in requirement R3 exists. Evidence may include the updated list of critical assets showing the identifier of new facilities, if any, and the date of updating these new facilities to the list. Draft 2 Issued for Stakeholder Consultation: 2012-12-11 12 NERC 002-4a M2. The Responsible Entity shall make available its list of Critical Cyber Assets as specified in Requirement R2. COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) M4 Evidence of using the list of critical Amended NERC measurement M2. assets developed pursuant to to improve clarity, provide examples of requirement R1 and updated pursuant what evidence may include, and to align to requirement R2 to develop a list of with Alberta requirement R4 and R5. associated critical cyber assets as required in R4 exists. Evidence may include a list of critical cyber assets showing the identifier of each critical cyber asset, the identifier of critical asset it associates with, its communication protocol and the date when it was updated to the list. AESO Replies M5 Evidence of updating the list and reviewing it as required in requirement R5 exists. Evidence may include: (a) documentation showing the date and results of each review and the identification of personnel who conducted the review; and (b) the updated list of critical cyber assets showing that changes based on the result of the review, if any, were made. Draft 2 Issued for Stakeholder Consultation: 2012-12-11 13 NERC 002-4a M3. The Responsible Entity shall make available its records of approvals as specified in Requirement R3. COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) M6 Evidence of having its CIP Senior Amended NERC measurement M3 to Manager or delegate approve the list improve clarity, provide examples of of critical assets and the list of critical what evidence may include, and to align cyber assets as required in with Alberta requirements R6 and R7. requirement R6 exists. Evidence may include a signed and dated record of the CIP Senior Manager or delegate’s approval of the lists. AESO Replies M7 Evidence of keeping a signed and dated record of its CIP Senior Manager or delegate’s approval as required in requirement R7 exists. Evidence may include a signed and dated record of the CIP Senior manager or delegate’s approval of the lists. M8 Evidence of reviewing and identifying facilities as required in R8 exists. Evidence may include documentation identifying the date of the result of each review. Added to align with Alberta requirement R8. M9 Evidence of notifying legal owners as required in requirement R9 exists. Evidence may include email or mail to appropriate recipients that identifies contents submitted. Added to align with Alberta requirement R9. Compliance To view the compliance section D of Draft 2 Issued for Stakeholder Consultation: 2012-12-11 The Alberta reliability standards do not contain a compliance section. 14 the NERC reliability standard follow this link: http://www.nerc.com/files/CIP-0024a.pdf Compliance with all Alberta reliability standards is completed in accordance with the Alberta Reliability Standards Compliance Monitoring Program, available on the AESO website at: http://www.aeso.ca/loadsettlement/1 7189.html Regional Differences Regional Differences None identified. None identified. Draft 2 Issued for Stakeholder Consultation: 2012-12-11 15 Appendix 1: Critical Asset Criteria NERC 002-4a 1.1. Each group of generating units (including nuclear generation) at a single plant location with an aggregate highest rated net Real Power capability of the preceding 12 months equal to or exceeding 1500 MW in a single Interconnection. COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) New 1.1. Each group of generating Amended units at a single plant location with Deleted an aggregate highest rated net real power capability of the preceding Amended NERC criterion 1.1 when twelve (12) months equal to or drafting Alberta criterion 1.1 in exceeding fifteen hundred (1500) accordance with the reliability standard MW. drafting principles to add clarity to the criteria. AESO Replies Alberta Variance1: Removed reference to nuclear generation as it does not exist in Alberta at this time. 1 1.2. Each reactive resource or group of resources at a single location (excluding generation Facilities) having aggregate net Reactive Power nameplate rating of 1000 MVAR or greater. 1.2. Each reactive power resource or group of resources at a single location, excluding generating units or aggregated generating facilities, having an aggregate net reactive power nameplate rating of one thousand (1000) MVAR or greater. 1.3. Each generation Facility that the Planning Coordinator or Transmission Planner designates and informs the Generator Owner or Generator Operator as necessary to avoid BES 1.3. Each generating unit or aggregated generating facility that the ISO designates as necessary to avoid adverse reliability impacts in the long-term planning horizon and New Amended Deleted Amended NERC criterion 1.2 when drafting Alberta criterion 1.2 in accordance with the reliability standard drafting principles to add clarity to the criteria. New Amended Deleted Amended NERC criterion 1.3 when An Alberta variance is a change from the US Reliability Standard that the AESO has determined is material. Draft 2 Issued for Stakeholder Consultation: 2012-12-11 16 NERC 002-4a Adverse Reliability Impacts in the long-term planning horizon. 1.4. Each Blackstart Resource identified in the Transmission Operator's restoration plan. COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) informs the legal owner of a drafting Alberta criterion 1.3 in generating unit or the legal owner accordance with the reliability standard of an aggregated generating facility drafting principles to add clarity to the of such designation. criteria. 1.4. Each blackstart resource identified in the ISO’s restoration plan. AESO Replies New Amended Deleted Amended NERC criterion 1.4 when drafting Alberta criterion 1.4 in accordance with the reliability standard drafting principles to add clarity to the criteria. 1.5. The Facilities comprising the Cranking Paths and meeting the initial switching requirements from the Blackstart Resource to the first interconnection point of the generation unit(s) to be started, or up to the point on the Cranking Path where two or more path options exist, as identified in the Transmission Operator's restoration plan. 1.5. The facilities comprising the cranking paths and meeting the initial switching requirements from the blackstart resource to the first connection point of the generating unit to be started, or up to the point on the cranking path where two (2) or more cranking path options exist, as identified in the ISO's restoration plan. 1.6. Transmission Facilities operated at 500 kV or higher. 1.6 Transmission facilities operated at five hundred (500) kV or higher. New Amended Deleted Amended NERC criterion 1.5 when drafting Alberta criterion 1.5 in accordance with the reliability standard drafting principles to add clarity to the criteria. New Amended Deleted Amended NERC criterion 1.6 when drafting Alberta criterion 1.6 in accordance with the reliability standard Draft 2 Issued for Stakeholder Consultation: 2012-12-11 17 COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) drafting principles. NERC 002-4a 1.7. Transmission Facilities operated at 300 kV or higher at stations or substations interconnected at 300 kV or higher with three or more other transmission stations or substations. 1.7. Transmission facilities operated at three hundred (300) kV or higher at stations or substations connected at three hundred (300) kV or higher with three (3) or more other transmission stations or substations. 1.8. Transmission Facilities at a single station or substation location that are identified by the Reliability Coordinator, Planning Authority or Transmission Planner as critical to the derivation of Interconnection Reliability Operating Limits (IROLs) and their associated contingencies. 1.8 Transmission facilities that the ISO identifies as related to the derivation of interconnection reliability operating limits and their contingencies for transmission paths listed in the most current Table titled Major WECC Transfer Paths in the Bulk Electric System. 1.9. Flexible AC Transmission Systems (FACTS), at a single station or substation location, that are identified by the Reliability Coordinator, Planning Authority or Transmission Planner as critical to the derivation of Interconnection Reliability Operating Limits (IROLs) and their associated contingencies. 1.9. Flexible alternating current transmission systems, at a single station or substation location, that the ISO identifies as critical to the derivation of interconnection reliability operating limits and their contingencies for transmission paths listed in the most current Table titled Major WECC Transfer Paths in the Bulk Electric System. Draft 2 Issued for Stakeholder Consultation: 2012-12-11 AESO Replies New Amended Deleted Amended NERC criterion 1.7 when drafting Alberta criterion 1.7 in accordance with the reliability standard drafting principles. New Amended Deleted Clarified Alberta criterion 1.8 by removing “at a single station or substation location”. Clarified Alberta criterion 1.8 by adding, “and their contingencies for transmission paths listed in the most current Table titled “Major WECC Transfer Paths in the Bulk Electric System”.. New Amended Deleted Clarified Alberta criterion 1.9 by adding “and their contingencies for transmission paths listed in the most current Table titled “Major WECC Transfer Paths in the Bulk Electric System”. 18 COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) NERC 002-4a 1.10. Transmission Facilities providing the generation interconnection required to connect generator output to the transmission system that, if destroyed, degraded, misused, or otherwise rendered unavailable, would result in the loss of the assets identified by any Generator Owner as a result of its application of Attachment 1, criterion 1.1 or 1.3. 1.10 Transmission facilities providing the generation connection required to connect generating unit or aggregated generating facility output to the transmission system which, if destroyed, degraded, misused, or otherwise rendered unavailable, would result in the loss of the critical assets the legal owner of a generating unit or the legal owner of an aggregated generating facility identifies as a result of its application of Appendix 1, criterion 1.1 or 1.3. 1.11. Transmission Facilities identified as essential to meeting Nuclear Plant Interface Requirements. AESO Replies New Amended Deleted Amended NERC criterion 1.10 when drafting Alberta criterion 1.10 in accordance with the reliability standard drafting principles to add clarity to the criteria. New Amended Deleted Alberta Variance2: No Nuclear facilities exist in Alberta. 2 An Alberta variance is a change from the US Reliability Standard that the AESO has determined is material. Draft 2 Issued for Stakeholder Consultation: 2012-12-11 19 NERC 002-4a 1.12. Each Special Protection System (SPS), Remedial Action Scheme (RAS) or automated switching system that operates BES Elements that, if destroyed, degraded, misused or otherwise rendered unavailable, would cause one or more Interconnection Reliability Operating Limits (IROLs) violations for failure to operate as designed. COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) New 1.11. Each remedial action scheme Amended or automated switching system the Deleted ISO identifies that operate bulk electric system elements which, if Amended NERC criterion 1.12 when destroyed, degraded, misused or drafting Alberta criterion 1.11 in otherwise rendered unavailable, accordance with the reliability standard would cause one (1) or more drafting principles to add clarity to the interconnection reliability criteria. operating limits violations for failure to operate as designed. Clarified Alberta criterion 1.11 by removing “Special Protection System (SPS)”, used “remedial action scheme”. 1.13. Each system or Facility that performs automatic load shedding, without human operator initiation, of 300 MW or more implementing Under Voltage Load Shedding (UVLS) or Under Frequency Load Shedding (UFLS) as required by the regional load shedding program. 1.12 Each system or facility that performs automatic load shedding, without human operator initiation, of three hundred (300) MW or more implementing under voltage load shed or underfrequency load shedding as required by the regional load shedding program. 1.14. Each control center or backup control center used to perform the functional obligations of the Reliability Coordinator. 1.13 Each control center or backup control center used to perform the functional obligations of the Reliability Coordinator. 1.15. Each control center or backup control center used to control generation at multiple plant locations, for any generation Facility or group of 1.14 Each control center or backup control center used to control generation at multiple plant locations, for any generating unit or Draft 2 Issued for Stakeholder Consultation: 2012-12-11 AESO Replies New Amended Deleted Amended NERC criterion 1.13 when drafting Alberta criterion 1.12 in accordance with the reliability standard drafting principles to add clarity to the criteria. New Amended Deleted NERC criterion 1.14 has been renumbered to Alberta criteria 1.13. New Amended Deleted NERC criterion 1.15 contains two criteria 20 NERC 002-4a generation Facilities identified in criteria 1.1, 1.3, or 1.4. Each control center or backup control center used to control generation equal to or exceeding 1500 MW in a single Interconnection. 3 COMPARISON BETWEEN NERC CIP-002-4A AND ALBERTA CIP-002-AB-4A CYBER SECURITY-CRITICAL CYBER ASSET IDENTIFICATION Stakeholder Comments CIP-002-AB-4a Reason for Differences (Insert comments here) aggregated generating facility that have been divided into Alberta 1.14 identified in criteria 1.1, 1.3 or 1.4. and 1.15. AESO Replies 1.15 Each control center or backup control center used to control generation equal to or exceeding fifteen hundred (1500) MW. 1.16. Each control center or backup control center used to perform the functional obligations of the Transmission Operator that includes control of at least one asset identified in criteria 1.2, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11 or 1.12. 1.16 Each control center or backup control center used to perform the functional obligations of an operator of a transmission facility that includes control of at least one (1) critical asset identified in criteria 1.2, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10 or 1.11. 1.17. Each control center or backup control center used to perform the functional obligations of the Balancing Authority that includes at least one asset identified in criteria 1.1, 1.3, 1.4, or 1.13. Each control center or backup control center used to perform the functional obligations of the Balancing Authority for generation equal to or greater than an aggregate of 1500 MW in a single Interconnection. 1.17 Each control center or backup control center used to perform the functional obligations of the balancing authority that includes at least one (1) critical asset identified in criteria 1.1, 1.3, 1.4 or 1.12. New Amended Deleted Alberta Variance3: Changed reference numbering to reflect that NERC 1.11 was removed since it referred to Nuclear Plants. New Amended Deleted NERC criterion 1.17 contains two criteria that have been divided into Alberta 1.17 and 1.18. 1.18 Each control center or backup control center used to perform the functional obligations of the balancing authority for generation equal to or greater than an aggregate of fifteen hundred (1500) MW. An Alberta variance is a change from the US Reliability Standard that the AESO has determined is material. Draft 2 Issued for Stakeholder Consultation: 2012-12-11 21 Draft 2 Issued for Stakeholder Consultation: 2012-12-11 22