Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

CIP Version 5 Transition Program – Lessons Learned & FAQs

advertisement 
CIP Version 5 Transition Program –
Lessons Learned & FAQs
Tom Hofstetter, CIP Auditor
June 2, 2015
Disclaimer
• Not speaking for the Commission, for NERC, for SPPRE, etc.
• These are dynamic issues, so content, descriptions,
and musings may be an educated guess about who’s
responsible, what it is, where it’s going, when it’s likely,
why it’s needed, or how it’s done
• Any perceived “guidance” on specific approaches for
implementing the CIP V5 Standards is unintentional
o compliance is dependent on how it is implemented
o there may be other ways to comply with the
Standards that are not discussed
• I focus on system-wide TFE issues; details typically can
be addressed by the Region
2
RELIABILITY | ACCOUNTABILITY
Lessons Learned and FAQs
Topic
Generation Segmentation
Lesson Learned
Date Posted for
Stakeholder Comment
October 23, 2014
Far-End Relay
BES Impact of Transmission
Scheduling Systems
Lesson Learned
FAQ
October 23, 2014
April 24, 2015
•
Grouping of BES Cyber Systems
Lesson Learned
March 2, 2015
Shared Equipment at a
Substation
Virtualization
Intrusion Detection Systems
FAQ
April 1, 2015
Lesson Learned
FAQ
April 17, 2015
April 30, 2015
•
•
•
Interactive Remote Access
Lesson Learned
January 8, 2015
Mixed Trust EACMS
Multiple Physical Access
Controls
Protecting Physical Ports
Lesson Learned
FAQ
January 8, 2015
April 1, 2015
FAQ
April 1, 2015
Identifying Sources of Patch
Management
Mitigating Threat of Detected
Malicious Code
FAQ
April 30, 2015
FAQ
November 25, 2014
FAQ
April 1, 2015
Vulnerability Testing of Physical
Access Controls
3
Lesson Learned or FAQ
At a glance:
•
23 original
topics
50 FAQs
7 LLs
57 topics via
Section 11
5 issues
addressed by
NERC
RELIABILITY | ACCOUNTABILITY
Lessons Learned & FAQ
• Document effective approaches to implementation or
compliance
 Suggestions on “how” to comply
 Somewhat prescriptive but not binding
 Uses industry comment and vetting approach
4
RELIABILITY | ACCOUNTABILITY
Guidance: Effective Approaches to
Comply
Section 11 Guidance Development Process
5
RELIABILITY | ACCOUNTABILITY
NERC Communications
•
Used when question is not about approaches to
implementation nor compliance
• Rather, used to address questions regarding the meaning of a
particular requirement or term
• Defers to Standard Drafting Team portions of “the record”:
• Guidelines and Technical Basis
• Comment responses
• Issued April 21, 2015
6
RELIABILITY | ACCOUNTABILITY
Status
•
•
•
•
•
•
•
•
•
•
•
•
•
Far-end Relay
Generation Segmentation
Mixed Trust EACMs
Interactive Remote Access
Grouping of BES Cyber Systems
Virtualization (Networks and Servers)
3rd Party Notifications of medium impact assets*
Generation Interconnection *
Programmable Electronic Devices *
Serial Devices that are accessed remotely *
Network devices as BES Cyber Systems *
Control Centers operated by TOs and non-registered BAs *
General FAQs
* - Not Issued as Lessons Learned or FAQ
7
RELIABILITY | ACCOUNTABILITY
What’s Trending with CIP V5
Transition
•
8
Far-end Relay (AKA Transfer-Trip)
–
Status: Approved by Standards Committee and Posted as
Final.
–
The far-end relay does not automatically inherit a Medium
impact categorization if the near-end substation satisfies
the qualifications of Criterion 2.5.
RELIABILITY | ACCOUNTABILITY
What’s Trending with CIP V5
Transition
•
9
Generation Segmentation
–
Status: Approved by Standards Committee and Posted as
Final.
–
BES Cyber Systems associated with a generating plant in
excess of 1500 MW Net Real Power Capability can be
segmented such that there are no Medium impacting BES
Cyber Systems.
–
Includes a discussion of evidence required to demonstrate
sufficient segregation.
RELIABILITY | ACCOUNTABILITY
What’s Trending with CIP V5
Transition
•
10
Mixed Trust Electronic Access Control or Monitoring
Systems
–
Status: Addressing industry comments
–
The issue is whether corporate resources (Active Directory
servers, remote access authentication servers, log servers,
Intrusion Detection Systems, etc.) supporting both
corporate and Electronic Security Perimeter access
control are Electronic Access Control or Monitoring
Systems.
–
Current position is that if the Cyber Asset is providing
electronic access control or monitoring support to the CIP
environment, the Cyber Asset is an EACMS for the
purposes of CIP compliance.
RELIABILITY | ACCOUNTABILITY
What’s Trending with CIP V5
Transition
•
11
Interactive Remote Access (Scripts and Management
Consoles)
–
Status: Addressing industry comments
–
provide guidance on implementing security controls for
the use of Interactive Remote Access.
–
Open question is whether scripts under programmatic
control and actions performed by management consoles
constitute Interactive Remote Access.
RELIABILITY | ACCOUNTABILITY
What’s Trending with CIP V5
Transition
•
12
Grouping of BES Cyber Systems
–
Status: Addressing industry comments
–
Purpose is to describe useful methods to group BES Cyber
Assets into BES Cyber Systems (BCS).
RELIABILITY | ACCOUNTABILITY
What’s Trending with CIP V5
Transition
•
13
3rd Party Notifications of medium impact assets
–
Status: Issued as a NERC “Communication” and not a
Lessons Learned
–
For IRC 2.3 and 2.6 Reliability Coordinator, Planning
Coordinator, or Transmission Planner addresses the
Facility (generation or transmission)
–
The asset owning registered entity must then determine
which BES Cyber Assets or BES Cyber Systems support the
identified Facility
RELIABILITY | ACCOUNTABILITY
What’s Trending with CIP V5
Transition
•
14
Generation Interconnection (IRC 2.5)
–
Status: Issued as a NERC “Communication” and not a
Lessons Learned
–
The question is whether the line (sometimes referred to as
the generator lead line) operated at transmission voltages
between a generating plant and a transmission substation
is a Transmission Facility for the purposes of the CIP-002-5
Impact Rating Criteria.
–
Position is for transmission line to be considered a
Transmission Facility and included in the Criterion 2.5
calculation, the line must be used for network flow of the
Bulk Electric System and connected to another
Transmission station or substation.
RELIABILITY | ACCOUNTABILITY
What’s Trending with CIP V5
Transition
• Programmable Electronic Devices (PED)
15
–
Status: Issued as a NERC “Communication” and not a
Lessons Learned
–
Went back to the official record of the Standard Drafting
Team and determined that questions raised were already
addressed
–
Programmable electronic device (PED) “Is an electronic
device which can execute a sequence of instructions
loaded to it through software or firmware, and
configuration of an electronic device is included in
programmable.” - SDT Considerations of for V5 Posting
RELIABILITY | ACCOUNTABILITY
What’s Trending with CIP V5
Transition
•
16
Virtualization (Networks and Servers)
–
Status: To be issued as a Lessons Learned
–
The concern with virtualization is when there is a mixed
trust environment
–
The standards do not do a good job of addressing the
technology
–
For virtual servers where a mixed trust environment is
being used there will be a lot of scrutiny of security
controls in place
–
For networks using mixed trust will need to see that the
appropriate Electronic Access Point Controls are in place
for the device
RELIABILITY | ACCOUNTABILITY
What’s Trending with CIP V5
Transition
•
17
Serial Devices that are accessed remotely
–
Status: Issued as a NERC “Communication” and not a
Lessons Learned
–
ERC definition – “…ability to access …”
–
The position is that terminal server/gateways that are
connected using external routable connectivity with
serial devices on the back end, and that perform no
application-level processing are external routable
connectivity all the way to the serial device. They must
be within an ESP and have protection of an Electronic
Access Point.
RELIABILITY | ACCOUNTABILITY
What’s Trending with CIP V5
Transition
•
18
Serial devices with ERC:
• Use a “dumb” converter (e.g., a “terminal server”
• No application-level processing or proxying of traffic
• Data passed from routable connection to serial connection
with no application-level processing
• Require an EACMS
RELIABILITY | ACCOUNTABILITY
What’s Trending with CIP V5
Transition
•
19
Serial devices without ERC:
• Use application proxy converter (e.g., a “data concentrator”
or “application gateway”)
• Application or protocol break between routable network and
serial device
• Data passes through application-level filtering or conversion
RELIABILITY | ACCOUNTABILITY
What’s Trending with CIP V5
Transition
•
20
Network Devices and BES Cyber Systems
–
Status: Issued as a NERC “Communication” and not a
Lessons Learned
–
Exclusion: Cyber Assets associated with communication
networks and data communication links between
discrete Electronic Security Perimeters.
–
Network devices can be considered BCAs based on the
BCA definition, especially if inside ESPs
–
ERO will use discretion to exempt any Cyber Assets
associated with non-routable communication
networks/links that would be exempt if they were
routable communication between discrete ESPs
RELIABILITY | ACCOUNTABILITY
What’s Trending with CIP V5
Transition
•
Control Centers operated by TOs and non-registered
BAs
– Status: Issued as a NERC “Communication” and not a
Lessons Learned
– High Impact Rating (H)
o
–
Medium Impact Rating (M)
o
21
1.3 Each Control Center or backup Control Center
used to perform the functional obligations of the
Transmission Operator for one or more of the assets
that meet criterion 2.2, 2.4, 2.5, 2.7, 2.8, 2.9, or 2.10.
2.12. Each Control Center or backup Control Center
used to perform the functional obligations of the
Transmission Operator not included in High Impact
Rating (H), above.
RELIABILITY | ACCOUNTABILITY
What’s Trending with CIP V5
Transition
•
22
Control Centers operated by TOs and non-registered Bas
– Went back to the official record of the Standard Drafting
Team and determined it was clearly addressed that the
SDT intent was the functions you are performing and not
how you are registered.
RELIABILITY | ACCOUNTABILITY
What’s Trending with CIP V5
Transition
•
23
General Frequently Asked Questions (FAQs)
–
3 are already posted on the V5 Transition Program page
on the NERC web site as “Technical FAQs”
–
34 FAQs were posted for industry comment April 2 with
comments due by May 15.
–
More FAQs posted May 1; comments due June 15
RELIABILITY | ACCOUNTABILITY
References
•
24
CIP Version 5 Transition page:
 http://www.nerc.com/pa/CI/Pages/Transition-Program.aspx
RELIABILITY | ACCOUNTABILITY
Questions
Tom Hofstetter, CISA, CISSP
CIP Compliance Auditor
tom.hofstetter@nerc.net
Related documents
Solution Summary template
Solution Summary template
Crisis-Intervention-Program-year-one-is-a
Crisis-Intervention-Program-year-one-is-a
DOC - Europa
DOC - Europa
This form is to check the qualifications of the native teacher who
This form is to check the qualifications of the native teacher who
November - City of San Diego Capital Improvement Program Update
November - City of San Diego Capital Improvement Program Update
Action Items For Accountability 2015
Action Items For Accountability 2015
Download
advertisement