NERC CIP Standards and NIST Smart Grid Update
advertisement
NERC CIP Standards and NIST Smart Grid Update Keith Stouffer Program Manager gy National Institute of Standards and Technology Keith.stouffer@nist.gov Topics NERC Critical Infrastructure Protection (CIP) Standards • Updates • Where the standards are headed NIST Framework and Roadmap for Smart Grid Interoperability • Updates • Industrial to Grid (I2G) Domain Expert Working G Group (DEWG) • Cyber Security Coordination Task Group (CSCTG) 2 © ARC Advisory Group NERC CIP Standards Revision Overview January 18, 2008 - FERC Order 706 approves CIP 002 – CIP-009 CIP-002 CIP 009 with direction to make additional modifications to the Standards. August g 7,, 2008 – Standards Drafting g Team appointed to review CIP Cyber Security Standards • Address Add directed di t d modifications difi ti iin FERC O Order d 706 • Conform to current ERO Rules of Procedure • Consider other cyber security standards and guidelines (e.g., NIST, ISO, ISA, IEC, DOE, CIPC) • Consider stakeholder issues identified in the SAR comment process 3 © ARC Advisory Group NERC CIP Standards, Version 2 22 members in the Standards Drafting Team (SDT) Kick off meeting held at NIST on October 6 Kick-off 6-8, 8 2008 7 additional, 2-3 day, face-to-face meetings of the NERC CIP SDT held over the next 6 months to develop Revision 2 of the cyber security standards and address the 100+ pages of comments received during the comment period. NERC CIP, Version 2 cyber security standards, CIP 002-2 – CIP 009-2, were approved by the NERC Board of Trustees on May 6, 2009 after passage by the electric industry with a quorum of 94.37% and an 88.32% approval rating. Approved by FERC on September 30 30, 2009 2009. Very fast revision of the NERC CIP Standards 4 © ARC Advisory Group NERC CIP Standards, Version 4 First step was to develop CIP 002-4 • Defines the scope for the CIP standards Cover all(?) Bulk Electric System assets (control centers, centers substations, substations plants, plants etc) Cover all relevant Cyber Systems (EMS, SCADA, protection, automation, plant control, etc) Approach by reliability function More encompassing scope than previous Versions 5 © ARC Advisory Group NERC CIP Standards, Version 4 Apply multiple levels of security controls based on impact to BES – referencing the NIST SP 800-53 and ISA99 models • Low Impact p • Moderate Impact • High Impact Draft CIP 002-4 was released for informal industry comment on December 29, 2009 – comments due by February 12 12, 2010 SDT currently working on the revisions to CIP 002-4 – CIP 009-4 security requirements Not a one size fits all solution 6 © ARC Advisory Group Low Impact System 7 © ARC Advisory Group Possible ICS Impact Level Definitions Low Impact ICS • Product Examples: Non hazardous materials or products, Non-ingested consumer products • Industry Examples: Plastic Injection Molding, Molding Warehouse Applications • Security y Concerns: Protecting gp people, p , Capital p investment, Ensuring uptime • NERC CIP Standards – EXAMPLE ONLY • Generation – Below Mod threshold but part of BES • Transmission – Below Mod threshold but part of BES • Control C t lC Centers t – Below B l M Mod d threshold th h ld but b t partt off BES 8 © ARC Advisory Group Moderate Impact Systems 99 © ARC Advisory Group Possible ICS Impact Level Definitions Moderate Impact ICS • Product Examples: Some hazardous products and/or steps during production, High amount of proprietary information • Industry Examples: Automotive Metal Industries, Pulp & Paper, Semi-conductors • Security Concerns: Protecting people, Trade secrets, Capital investment, Ensuring uptime • NERC CIP Standards – EXAMPLE ONLY • Generation – Aggregate name-plate 1000 MW – 2000 MW • Transmission – 200 kV – 300 kV • Control Centers – Load and generation 1000 MW – 2000 MW 10 © ARC Advisory Group High Impact System 11 © ARC Advisory Group High Impact System !!! 12 © ARC Advisory Group Possible ICS Impact Level Definitions High Impact ICS • Product Examples: Critical Infrastructure, Hazardous Materials, Ingested Products • Industry Examples: Utilities, Utilities PetroChemical PetroChemical, Food & Beverage, Pharmaceutical • Security y Concerns: Protecting g human life,, Ensuring basic social services, Protecting environment • NERC CIP Standards – EXAMPLE ONLY • Generation – Aggregate name-plate > 2000 MW • Transmission – > 300 kV • Control Centers – Load and generation > 2000 MW 13 © ARC Advisory Group World Record High Impact System ☺ 14 14 © ARC Advisory Group Effective Date for Standards Effective Date Language: “The The first day of the third calendar quarter (i.e., (i e a minimum of two full calendar quarters, and not more than three calendar quarters) after applicable regulatory approvals have been received (or the Reliability Standard otherwise becomes effective the first day of the third calendar quarter after BOT adoption in those jurisdictions where regulatory approval is not required). q ) For example, if regulatory approval is granted in June, the standards would become effective January 1 of the following year. If regulatory approval is granted in July, the standards would become effective April 1 of the following year.” FERC approved d CIP 002-2 002 2 - CIP 009-2 009 2 on September S t b 30 30, 2009, therefore the effective date is April 1, 2010. 15 © ARC Advisory Group Penalties and Sanctions – Example Violation Severity Level Violation Risk Factor Lower Range Limits Low High Moderate Range Limits Low High High Range Limits Low High Severe Range Limits Low High L Lower $1,000 $3,000 $2,000 $7,500 $3,000 $15,000 $5,000 $25,000 Medium $2,000 $30,000 $4,000 $100,000 $6,000 $200,000 $10,000 $335,000 Hi h High $4 000 $4,000 $12 000 $125,000 $8 000 $8,000 $300 000 $300,000 $12 000 $12,000 $62 000 $625,000 $20 000 $1,000,000 $20,000 $1 000 000 Other qualitative factors for consideration: Repeat infractions (-) Prior warnings ( (-) ) Deliberate violations (-) Self-reporting and self-correction (+) Quality of entity compliance program (+/-) Overall performance (+/-) Statutory limit: $1,000,000 per violation per day in the U.S. Non-financial Non financial sanctions allowed Penalty funds apply to marginal cost of enforcement and reconciled in budget (-) Negative influence (+) Positive influence (+/-) Positive or negative ti http://www.nerc.com/files/Appendix4B_Sanctions_Guidelines_Effective_20080115.pdf 16 © ARC Advisory Group The NIST Smart Grid Role Energy Independence and Security Act (EISA) of 2007 Title XIII, Section 1305. Smart Grid Interoperability Framework In cooperation with the DoE, NEMA, IEEE, GWAC, and other stakeholders, NIST has “primary primary responsibility to coordinate development of a framework that includes protocols and model standards for information management to achieve interoperability of smart grid devices and systems…” http://www.nist.gov/smartgrid/ 17 © ARC Advisory Group NIST Three Phase Plan PHASE 1 Identify an initial set of existing consensus standards and develop p a roadmap p to fill gaps PHASE 2 Establish public/private Standards Panel to provide ongoing recommendations for new/revised standards PHASE 3 Testing and Certification Framework 2009 March 2010 September 18 © ARC Advisory Group Inputs Executives meeting with Secretaries Locke and Chu Workshops with more than 1500 participants 11-13, 13, 2008 • November 11 • April 28-29, 2009 • May y 19-20,, 2009 • SDO Workshop, August 3-4, 2009 EPRI Report Comments through two Federal Register Notices 19 © ARC Advisory Group Interoperability Framework Elements Testing and Certification Standards Security Architecture and Requirements Conceptual Reference Model Business and Public Policy Requirements 20 © ARC Advisory Group Smart Grid Domains 21 © ARC Advisory Group I2G Domain Expert Working Group i2g_interop@nist.gov Scope: Interoperability and interaction between the electric grid and industrial facilities including electric power facilities, generation http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/I2G 22 © ARC Advisory Group We Need A Standards Roadmap Capabilities Priorities Reference Model Standards Release Plan Responsibilities Governance Testing and Certification I2G Roadmap http://collaborate.nist.gov/twiki-sggrid/pub/SmartGrid/I2GRoadmap/ 23 © ARC Advisory Group Cyber Security Coordination Task Group Over 300 participants within 7 Working Groups Obj ti Objective is i to t assess standards t d d for f applicability and interoperability across the domains of the Smart Grid, rather than develop a single set of cyber security requirements that are applicable to all elements of the Smart Grid Grid. Standards will be assessed within an overall risk management framework that focuses on cyber security within the Smart Grid. http://collaborate nist gov/twiki-sggrid/bin/view/SmartGrid/CyberSecurityCTG http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CyberSecurityCTG 24 © ARC Advisory Group Cyber Security Requirements Document NISTIR 7628 Smart Grid Cyber Security Strategy and Requirements • First draft released September 2009; Second draft released January y 2010; Final in spring p g 2010 • Overall cyber security strategy for the Smart Grid • Privacy and the Smart Grid • Logical interface analysis – initial analysis • Specification of confidentiality, integrity, and availability il bilit iimpactt llevels l (l (low, moderate, d t hi high) h) • Advanced Metering Infrastructure (AMI) security requirements • Crosswalk of cyber security documents 25 © ARC Advisory Group Thank You. Keith Stouffer National Institute of Standards and Technology Keith stouffer@nist gov Keith.stouffer@nist.gov
