Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
RELIABILITY | RESILIENCE | SECURITY
Welcome!NERC 2019 Compliance and Standards Workshop Embassy Suites by Hilton Minneapolis
July 24, 2019
RELIABILITY | RESILIENCE | SECURITY2
It is NERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers, or any other activity that unreasonably restrains competition.
NERC Antitrust Compliance Guidelines
RELIABILITY | RESILIENCE | SECURITY3
Participants are reminded that this meeting is public. Notice of the meeting was posted on the NERC website and widely distributed. The notice included the number for dial-in participation. Participants should keep in mind that the audience may include members of the press and representatives of various governmental authorities.
Public Announcement
RELIABILITY | RESILIENCE | SECURITY4
• 8:00 – 8:15 a.m.: Opening Announcements Chris Boyd-Witherspoon
• 8:15 – 9:00 a.m.: Compliance Certification Committee Update Jennifer Flandermeyer Steven Noess
• 9:00 – 10:00 a.m.: Compliance Oversight Program Jeff Hargis Jeff Norman Yvette Landin
• 10:00 – 10:15 a.m.: Updates on 2019 Technology David Calderon
• 10:00 – 10:30 a.m.: Break
Today’s Agenda
RELIABILITY | RESILIENCE | SECURITY5
• 10:30 – 11:00 a.m.: Updates on 2019 Technology Ryan Stewart
• 11:00 – 11:30 a.m.: Coordinated Oversight of Multi Region Registered Entities (MMRE): Fahad Ansari
• 11:30 – 12:00 p.m.: Internal Controls Enforcement Ed Kichline
• 12:00 – 1:00p.m.: Lunch• 1:00 – 1:45 p.m.: CMEP and Compliance Guidance Updates Kiel Lyons Ryan Mauldin
Today’s Agenda
RELIABILITY | RESILIENCE | SECURITY6
• 1:45 – 2:30 p.m.: CIP Update – Supply Chain and CIP Practice Guides Lonnie Ratliff
• 2:30 – 2:45 p.m.: Break• 2:45 – 3:15 p.m.: Standards Under Development Updates Howard Gugel
• 3:15 – 3:45 p.m.: Standards Efficiency Review Chris Larson
• 3:45 – 4:15 p.m.: Registration and Certification Updates Ryan Stewart
• 4:15 – 4:35 p.m.: General Q&A Chris Boyd-Witherspoon
• 4:35 – 5:00 p.m.: Closing Announcements Steve Noess
Today’s Agenda
RELIABILITY | RESILIENCE | SECURITY7
RELIABILITY | RESILIENCE | SECURITY
Compliance Certification Committee UpdateJennifer Flandermeyer, Evergy, Director, Federal Regulatory Policy, Chair NERC CCCSteven Noess, NERC, Director, Regulatory Programs2019 Compliance and Standards WorkshopJuly 24, 2019
RELIABILITY | RESILIENCE | SECURITY2
NERC Standing Committees
Compliance and Certification Committee
Reliability Issues Steering Committee
Critical Infrastructure Protection Committee
Standards Committee
Operating Committee
Planning Committee
Advisory Committees Technical Committees
Compliance and Certification Committee (CCC) Advises NERC Board of Trustees and Senior Staff
RELIABILITY | RESILIENCE | SECURITY3
CCC Background
NERC Board-appointed
stakeholder committee
Engages with, supports, and advises
the NERC Board regarding the Compliance
Monitoring and Enforcement Program (CMEP), Organization
Registration and Certification program
(ORCP)
Monitors NERC’s compliance with the Rules of Procedure for these programs
Monitors NERC’s compliance with the Rules of Procedure
regarding the Reliability Standards
development process
• Exception of appeals
RELIABILITY | RESILIENCE | SECURITY4
Membership
• Investor-Owned Utility• State/Municipal Utility• Cooperative Utility• Federal or Provincial Utility/
Federal Power Marketing Administration• Transmission Dependent• Merchant Electricity Generator• Electricity Marketer• Large End-use Electricity Customer• Small End-use Electricity Customer• Independent System Operator/
Regional Transmission Organization• Regional Entity• Government
RELIABILITY | RESILIENCE | SECURITY5
Industry Partnership
RELIABILITY | RESILIENCE | SECURITY6
• Provide advice and support for CMEP as well as Registration and Certification processes
• Participate in development of ERO Stakeholder Effectiveness Survey
• Partner with ERO Enterprise related to review and comment of draft RSAWs
• Develop NERC criteria for Regional oversight• Provide input on development of
Implementation Guidance process• Provide Stakeholder input on the ERO
Enterprise Program Alignment Process• Participate in discussions to identify
emerging risks to reliability
CCC Work Plan
RELIABILITY | RESILIENCE | SECURITY7
Feedback Loops
Members active involvement in
compliance forums
Barometer for NERC on
compliance and enforcement
initiatives
Liaisons to trade organizations,
membership forums, industry forums,
regional compliance committees
RE
RELIABILITY | RESILIENCE | SECURITY8
Key Support Efforts
• Enterprise Wide Risk Committee participation
• Key partnership in Program Alignment
• Partnership with Standards Committee on Standards
Efficiency Review (SER) – SER Advisory Group member
• Stakeholder Survey (Program Focused)
• Collaboration with NERC on Technology Projects (Align, CORES)
• Stakeholder Feedback Loop on Guidance
• Feedback Loop for CMEP Implementation and Design Resources
RELIABILITY | RESILIENCE | SECURITY9
COLLABORATION IS KEY
Key Collaboration Initiatives
Key Partners – Compliance Assurance, Enforcement and Internal Audit
Industry Outreach
Stakeholder Survey and Feedback
Focus Discussion
Topics
ERO Program
Alignment
Compliance Guidance
RELIABILITY | RESILIENCE | SECURITY10
ERO Program Alignment Working Group
NERC Initial Review
Resolution of Issue and Posting Results
Issue Raised by Registered Entity
Input from CCC and Program Alignment
Working Group
• Aids in the screening of information, as appropriate
• Supports further investigation of a potential issue as requested by NERC
• Providing suggested resolutions, as appropriate
• Works directly with stakeholders to shape issue to be reviewed
RELIABILITY | RESILIENCE | SECURITY11
• Test Testo Test
– Test
Program Alignment Process
•Program Oversight and Monitoring•Survey Responses•Stakeholder Reporting•NERC Central Repository
TrackIdentify & Capture Issues
•NERC Initial Screening•Regional Input and CCC Alignment Working Group Engagement•Materiality and Priority•Responses and Recommendations
TriageClassify, Analyze, &
Prioritize
•Program Alignment – Issues and Recommendations Tracking•Quarterly Reporting•Regional Program Information
Transparent Post & Report
RELIABILITY | RESILIENCE | SECURITY12
Resources
Regional Program Information Resources
Consistency Reporting Tool
Issues & Recommendations
Tracking
RELIABILITY | RESILIENCE | SECURITY13
• Test Testo Test
– Test
Program Alignment Page
RELIABILITY | RESILIENCE | SECURITY14
Regional Program Information Matrix
RELIABILITY | RESILIENCE | SECURITY15
Issues and Recommendations/Resolutions
Issues and Recommendations/Resolutions
RELIABILITY | RESILIENCE | SECURITY16
Issues and Recommendations/Resolutions Tracking
RELIABILITY | RESILIENCE | SECURITY17
• Program Alignment enables stakeholders to raise perceived alignment issues
• NERC is committed to providing transparency to the submitter and stakeholders
• Industry alone, and through the CCC, participates in the process • ERO Enterprise needs stakeholder input to improve alignment
Closing
RELIABILITY | RESILIENCE | SECURITY18
RELIABILITY | RESILIENCE | SECURITY
Compliance Oversight Plan Process EnhancementsJeff Hargis, Texas RE, Manager of Risk Assessment Jeff Norman, MRO, Director of Compliance Monitoring Yvette Landin, NERC, Compliance Assurance Advisor2019 Compliance and Standards WorkshopJuly 24, 2019
RELIABILITY | RESILIENCE | SECURITY2
Overview
• Maturation of risk-based assessment processes• Compliance Oversight Plan (COP) Process Highlights• Inputs – Qualitative and Quantitative Data• Targeted Oversight Risk Categories
• Oversight Strategies• Performance Impact • Contents of the COP Report• Implementation Timeline• Q&A
RELIABILITY | RESILIENCE | SECURITY3
Maturation of Risk-based Assessment Processes
2016 2018 2019 - 2020
IRA Process Harmonization
COP Process Harmonization
Transition Period
RELIABILITY | RESILIENCE | SECURITY4
Updated COP Process Highlights
Enhanced AnalysisAnalysis of
inherent and performance
data provides an understanding of an entity’s overall inherent risk and
performance profile
Targeted Oversight
Provides considerations for
an entity’s continuous
improvement and a focus to a
Regional Entity for its compliance
monitoring activities
Prioritized MonitoringIdentifies target
interval for oversight, primary
monitoring tools, and informs
annual planning
Single Report
One report to provide both inherent risk assessment
results and the compliance
oversight plan
RELIABILITY | RESILIENCE | SECURITY5
Inputs – Quantitative and Qualitative Data
Inherent risk assessment – quantitative entity data such as what you own or operate
Performance assessment – qualitative entity data such as internal controls, culture of compliance, compliance history, event data
Enhanced Analysis
RELIABILITY | RESILIENCE | SECURITY6
Targeted Oversight
Provides considerations for an entity’s continuous improvement
Provides focus for Regional Entity for its compliance monitoring activities
COPs will communicate the Regional Entity’s current understanding of aRegistered Entity’s inherent risk and performance profile
COPs will include selected Risk Categories for monitoring
Targeted Oversight
RELIABILITY | RESILIENCE | SECURITY7
Risk Categories
Asset/System Identification
Entity Coordination
Identity Management and Access Control
Emergency Operations Planning
Operating During Emergencies/Backup & Recovery
Asset/System Management and Maintenance
Training
Modeling Data
Asset/System Physical Protection
Long-term Studies/Assessments
Operational Studies/Assessments
System Protection
Normal System Operations
RELIABILITY | RESILIENCE | SECURITY8
Prioritized Monitoring
Prioritized Monitoring
Identifies target interval for oversight, primary monitoring tools, and informs annual planning
RELIABILITY | RESILIENCE | SECURITY9
Prioritized Monitoring
1 1 – 3 YearsHigher inherent risk without demonstrated positive performance
2 Higher inherent risk with demonstrated positive performance 2 – 4 Years
3 Moderate inherent risk without demonstrated positive performance 3 – 5 Years
4 Moderate inherent risk with demonstrated positive performance 4 – 6 Years
5 Lower inherent risk without demonstrated positive performance 5 – 7 Years
6 Lower inherent risk with demonstrated positive performance
6 + Years
RELIABILITY | RESILIENCE | SECURITY10
Performance Impact
Category 1
The target monitoring interval for a higher risk entity without demonstrated positive performance is once every 1 – 3 years.
A Regional Entity will use one or a combination of the following CMEP Tools:• Audit (on or off-site)• Self-Certifications• Spot Check
Category 2
The target monitoring interval for a higher risk entity with demonstrated positive performance is once every 2 – 4 years.
A Regional Entity will use one or a combination of the following CMEP Tools:• Audit (on or off-site)• Self-Certifications• Spot Check
COPs establish target intervals for engagements based off of inherent risk and performance profile
RELIABILITY | RESILIENCE | SECURITY11
Contents of the COP Report
1. Purpose
2. Analysis and Results
3. Oversight Strategy
App. A: IRA Results Summary
App. B: Standards and Requirements for Monitoring
Single Report
RELIABILITY | RESILIENCE | SECURITY12
COP Process Implementation Timeline
• Throughout the second half of 2019, Regional Entities will begin implementation of new COP summaries.
• Industry outreach will begin in July 2019 and continue through 2020.
RELIABILITY | RESILIENCE | SECURITY13
RELIABILITY | RESILIENCE | SECURITY
Align Project Update
David Calderon, NERC, Senior Engineer, Grid Planning & Operations Assurance 2019 Compliance and Standards WorkshopJuly 24, 2019
RELIABILITY | RESILIENCE | SECURITY2
What is Align?
• Single, common portal for registered entities, enabling consistency of experience.
• Real-time access to information, eliminating delays and manual communications.
• Improved capability to support the Risk-Based Compliance Oversight Framework.
• Enhanced quality assurance and oversight, enabling consistent application of the CMEP.
RELIABILITY | RESILIENCE | SECURITY3
Align Release 1: What to expect as a registered entity?
Stakeholder Group
Release 1 Functionality
• Create and submit Self-Reports and Self-Logs
• Create and manage mitigating activities (informal) and Mitigation Plans (formal)
• View and track Open Enforcement Actions “EAs” (resulting from all monitoring methods)
• Receive and respond to Requests for Information “RFIs”
• Receive notifications and view dashboards on new/open action items
• Generate report of Standards and Requirements applicable to your entity
• Manage user access for your specific entity
Registered Entities
RELIABILITY | RESILIENCE | SECURITY4
Update on Development
• Development and testing will require a 6-8 week extension.• Revised deployment approach .• Will provide a more manageable go live for NERC and the
Regions.• NERC will go live with two Regions; MRO and Texas RE, by
September 30th.• The remaining regions will onboard by November 1st.
RELIABILITY | RESILIENCE | SECURITY5
Update on Training
• The following roles need training for Release 1: Primary Compliance Contact (PCC), Alternate Compliance Contact (ACC),
Authorizing Officer (AO)
• Regional staff and registered entity trainings will be rescheduled to after September 15 at the earliest; based on the schedule set up by NERC.
• Will be supported with training materials and process documentation.
• Entities should coordinate with their Regional Align contacts for additional training and timing related questions.
RELIABILITY | RESILIENCE | SECURITY6
Regional Contacts
Region Contact Name Contact EmailMRO Desiree Sawyer
Marissa [email protected]@mro.net
NPCC Jason Wang [email protected] Ray Sefchick [email protected] Todd Curl [email protected] RE Rochelle Brown [email protected] Michael Dalebout [email protected]
RELIABILITY | RESILIENCE | SECURITY7
RELIABILITY | RESILIENCE | SECURITY
BreakWebinar participants: We will return at 10:30 a.m. Central
RELIABILITY | RESILIENCE | SECURITY
Centralized Organization Registration ERO System (CORES) UpdateRyan Stewart, NERC, Senior Manager of Registration and Certification2019 Compliance and Standards WorkshopJuly 24, 2019
RELIABILITY | RESILIENCE | SECURITY2
• CORES Concept Video Demonstration https://vimeopro.com/nerclearning/cores-video-library/video/337820719
• Overview of CORES• Registered Entity Pilot Sessions and Outreach Engagements• Training and Outreach Events• Rollout Strategy
Agenda
RELIABILITY | RESILIENCE | SECURITY3
• The objective of the Centralized Organization Registration ERO System (CORES) project is to create a centralized registration system for the Electric Reliability Organization (ERO). This project will address: Processing of registration requests Granting of a NERC Compliance Registry (NCR) identification number The information collected in CORES will be based upon the existing
Common Registration Form that each Regional Entity currently uses for processing registration requests
Link to CORES project page – FAQs, timeline, opportunities for engagement (https://www.nerc.com/pa/comp/Pages/CORESTechnologyProject.aspx)
CORES Overview
RELIABILITY | RESILIENCE | SECURITY4
• The CORES application is hosted on the ERO Portal Each entity user that will register or modify registration with NERC will
need an ERO Portal account https://eroportal.nerc.net/
• Registered entities will not need to register again• The process for collecting data is different – the data is virtually
the same• Initial training videos developed – more in the works
Key Points About CORES Transition
RELIABILITY | RESILIENCE | SECURITY5
ERO Portal Access
RELIABILITY | RESILIENCE | SECURITY6
• CORES will expand current functionality, align regional registration processes, and provide an improved system-based approach to processing registration requests.
• Central repository for collecting registered entity data• New functionality for entities in multiple regions Coordinated Oversight now captured
• Easily update information in a central location
Benefits
RELIABILITY | RESILIENCE | SECURITY7
• CORES is not currently planned to be used for: Compliance Monitoring and Enforcement Functions – see the Align project.o https://www.nerc.com/ResourceCenter/Pages/CMEPTechnologyProject.aspx
Certification or Certification Reviewso No system in place for Certification or Certification reviews at this time
BES Exceptionso BES Exceptions will continue to utilize the BESnet application for processing
Key Points About CORES Transition
RELIABILITY | RESILIENCE | SECURITY8
• Focus Group• AWG• ORCS• CCC• Bulletins• Regional Workshops• Registered Entity Pilots – Testing• Training
Outreach and Engagements
RELIABILITY | RESILIENCE | SECURITY9
• Registered Entity Pilot Sessions May 14 | RF Hosted Reg. Entity Pilot Roadshow May 16 | Texas RE Hosted Reg. Entity Pilot Roadshow May 21 | NPCC Hosted Reg. Entity Pilot Roadshow May 23 | NERC/Slalom Hosted Reg. Entity Pilot Roadshow
Registered Entity Pilot Sessions
RELIABILITY | RESILIENCE | SECURITY10
• Planned Training Dates (subject to change) June 6/7 | Begin to Post Training Materials July 10| NERC hosted ERO WebEx (pre-release)* July 15-19 | Expected CORES System Release* End of July| NERC hosted ATL ERO In-person & WebEx, open Q&A, (post-
release)* End of July| NERC hosted ERO WebEx (*in-person), open Q&A, (post-
release)*
*Expected based on when this material was developed
Training and Outreach Events
RELIABILITY | RESILIENCE | SECURITY11
• ERO is currently developing the rollout strategy• Initial group will include pilot session and focus group
participants• Each Regional Entity will work with their unique registered
entities on certain milestones ERO Portal accounts created Contact information verified Data validation from the migration of existing data Entering of other information
• NERC will work with all Regional Entities for those registered in multiple Regions
Rollout Strategy
RELIABILITY | RESILIENCE | SECURITY12
Website
RELIABILITY | RESILIENCE | SECURITY13
RELIABILITY | RESILIENCE | SECURITY
Multi-Region Registered EntityCoordinated Oversight Program
Fahad Ansari, NERC, Senior Compliance Auditor 2019 Compliance and Standard WorkshopJuly 24, 2019
RELIABILITY | RESILIENCE | SECURITY2
Terminology
RELIABILITY | RESILIENCE | SECURITY3
• Streamline ERO Enterprise activities for the registered entities by eliminating unnecessary duplication of administrative tasks
• Focus on risk to reliability, while improving efficiency and consistency of Compliance Monitoring and Enforcement Program (CMEP) Activities
• Coordinate Lead Regional Entity (LRE) and Affected Regional Entity (ARE) oversight responsibilities to work collectively and collaboratively to support risk-based compliance monitoring and effective implementation of the Program
Program Objectives
RELIABILITY | RESILIENCE | SECURITY4
• Self-Reports• Compliance Audits and Spot Checks• Self-Certifications• Periodic Data Submittals• Complaints• Technical Feasibility Exceptions (TFEs)• Mitigation Plan Review and Verification• Enforcement Coordination• System Events• Organization Registration• NERC Alerts
Activities Under Coordinated Oversight
RELIABILITY | RESILIENCE | SECURITY5
Current MRRE Program Breakdown
• 50 MRRE Groups in Coordinated Oversight (210 registered entities)
Distribution of 47 MRRE Groups by LRE
MRO, 17
NPCC, 1
RF, 11
SERC, 6
Texas RE, 9
WECC, 6
RELIABILITY | RESILIENCE | SECURITY6
• Registered Entity Inclusion Criteria Operates in or owns assets in two or more Regional Entity jurisdictions Verifies its Primary Compliance Contact (PCC), Authorizing Officer (AO) or
Primary Compliance Officer (PCO) contact information is accurate prior to submitting request for inclusion
Designates a PCC Common (integrated) Compliance Program across all NCRs and programs
Program Criteria
RELIABILITY | RESILIENCE | SECURITY7
• LRE Selection Criteria Bulk power supply (BPS)/Bulk Electric System (BES) reliability
considerations Registered entity operational characteristics Resource considerations
Program Criteria
RELIABILITY | RESILIENCE | SECURITY8
• Focus on Key Program Initiatives Clearly defined roles/responsibilities Timing of conducting Inherent Risk Assessment (IRA) and Compliance
Oversight Plan (COP) CMEP Technology Project
• Onboarding meeting for new participants• Post-audit feedback survey• Publicly posted FAQs and MRRE Coordinated Oversight guide
Stakeholder Communication
RELIABILITY | RESILIENCE | SECURITY9
• Am I an MRRE?• I am registered in multiple regions under different NCRIDs, can I
participate in the Coordinated Oversight Program?• Upstream owner is not a registered entity, what now?• After participating in the Program, does the number of Regional
Entities reduce to one?• Do I have to respond to NERC Alerts for all NCRIDs in my MRRE
Group?• Why do I have to submit MiDAS reporting in ARE footprint?
Other Questions
RELIABILITY | RESILIENCE | SECURITY10
RELIABILITY | RESILIENCE | SECURITY
Internal Controls in Enforcement
Ed Kichline, NERC, Senior Counsel and Director of Enforcement Oversight2019 Compliance and Standards WorkshopJuly 24, 2019
RELIABILITY | RESILIENCE | SECURITY2
• Enforcement’s role in the risk-based Compliance Monitoring and Enforcement Program
• Identification and reporting of noncompliance• Risk assessment of noncompliance• Mitigation of noncompliance
Overview
RELIABILITY | RESILIENCE | SECURITY3
• Outcomes for noncompliance are based on risk• Risk is based on specific facts and circumstances• Mitigation required for all noncompliance• Continuous evaluation and communication of risks Analysis and lessons learned shared publicly Input to risk identification
Risk-Based Enforcement
RELIABILITY | RESILIENCE | SECURITY4
• Overarching goal of sustainable compliance Focus on robust mitigation to reduce risks and likelihood of recurrence Establishing cultures of continuous learning Meaningful engagements and interactions between Regional Entities and
registered entities throughout resolution of noncompliance
• Value of internal controls to foster lasting solutions
Goals and Principles of Enforcement Activities
RELIABILITY | RESILIENCE | SECURITY5
• Describe the internal control that led to discovery of the noncompliance Effect on extent of condition review
• Determine whether a preventive control did not work as designed Opportunity for mitigation
Internal Controls in Identifying and Reporting Noncompliance
RELIABILITY | RESILIENCE | SECURITY6
• Preventive controls that reduce incident probability Reduce the likelihood of something occurring
• Detective internal controls Periodic reviews to identify possible issues
• Corrective internal controls that reduce the length of the noncompliance
Internal Controls in Risk Assessment
RELIABILITY | RESILIENCE | SECURITY7
• Redundancy in processes that have been drilled and practiced• Walkdowns for additional visibility of facilities and equipment• Automated tools CIP-004-6 R3 CIP-007-6 R5
• Alarms• Checks to ensure the controls are functioning as designed
Controlling risks
RELIABILITY | RESILIENCE | SECURITY8
• Strengthen the preventive controls that may have failed• Opportunities for improved detective controls• Value of details on your internal controls What will be done Who will do it How often will it be done
Internal Controls in Mitigation
RELIABILITY | RESILIENCE | SECURITY9
• Report the results of your completed mitigation Any adjustments to ratings or settings? Any applicable patches missed? Any events in unreviewed logs?
Results of Mitigation
RELIABILITY | RESILIENCE | SECURITY10
• Tasks with checklists Requirements to be kept on hand during performance of tasks Checkbox to confirm use of checklists
• Administrative barriers that cannot be avoided in completion ofactivities CIP-010
• Physical barriers vs. Written policies and warning signs• Requiring sign-off on results of testing, inspection, or
maintenance activity• Revise procedures to include explicit process steps addressing
the missed activity
Effectiveness of internal controls
RELIABILITY | RESILIENCE | SECURITY11
• Training Recurring mandatory training For new employees soon after onboarding Demonstrating comprehension of training
• Change management Mergers and restructuring Additions of assets and facilities
Effectiveness of internal controls
RELIABILITY | RESILIENCE | SECURITY12
• PRC and MOD Biannual review of new facilities to identify new equipment to add to the
Protective System Maintenance Program GRC tracking tool with notifications to internal personnel and outside
consultant Preventive Maintenance work orders to ensure completion of periodic
activities
• FAC-008-3 R6 Require two planners to enter and verify data for new facilities and
equipment
• Tracking new or revised Standards to ensure more effective implementation
Examples of internal controls in mitigation
RELIABILITY | RESILIENCE | SECURITY13
• Greater reliance on what you report• Protection against harm from the noncompliance• Reduced likelihood of recurrence of the noncompliance• Sustainable compliance Enhanced reliability and security
The Benefits of Internal Controls
RELIABILITY | RESILIENCE | SECURITY14
RELIABILITY | RESILIENCE | SECURITY
LunchWebinar participants: We will return at 1:00 p.m. Central
RELIABILITY | RESILIENCE | SECURITY
Compliance Guidance
Kiel Lyons, NERC, Senior Manager, Grid Planning and Operations Assurance2019 Compliance & Standards Workshop July 24, 2019
RELIABILITY | RESILIENCE | SECURITY2
• Background• Compliance Guidance Policy• Types of Guidance• Prequalified Organizations• Endorsement Process• Implementation Guidance Development Aid• Current Guidance• Compliance Guidance Web Page• Resources• Key Take-Aways• Questions and Answers
Overview
RELIABILITY | RESILIENCE | SECURITY3
Transformation of Guidance Documents• FERC Interpretations• Implementation Guidance• CMEP Practice Guides• Compliance Process Bulletins (being retired)• Directives and Bulletins for Regional Entities (being retired)• Compliance Application Notices (CAN) (being retired)• Compliance Analysis Report (CAR) (being retired)
Background
RELIABILITY | RESILIENCE | SECURITY4
• Purpose of policy Industry implement Reliability Standards ERO CMEP staff execute duties
• Compliance Guidance team Reviewed role, purpose, development, use, and maintenance Recommended use of examples
• NERC Board or Trustees approved Compliance Guidance Policy
Compliance Guidance Policy
RELIABILITY | RESILIENCE | SECURITY5
Principles• Cannot change scope of Reliability Standard• May be developed concurrently with Reliability Standard,• Should not conflict• Should be developed collaboratively• Not only way to comply• Additional Considerations: Finite and limited set Related guidance in one location Consider revising standard Apply professional judgment Feedback loops
Compliance Guidance Policy
RELIABILITY | RESILIENCE | SECURITY6
Compliance Guidance
Implementation Guidance
CMEP Practice Guides
Types of Guidance
RELIABILITY | RESILIENCE | SECURITY7
• Developed by industry, for industry• Endorsed by the ERO Enterprise• Given deference during monitoring by the ERO Enterprise• Examples or approaches One of several possible approaches
• Developed by: Standard Drafting Team (SDT) Pre-Qualified Organization
Implementation Guidance
RELIABILITY | RESILIENCE | SECURITY8
• Developed by ERO Enterprise, for ERO Enterprise May be initiated through industry discussions Publically posted
• ERO Enterprise CMEP staff approach Fosters consistency
• All guidance reviewed by NERC Vice President, Deputy General Counsel, and Director of Enforcement
CMEP Practice Guides
RELIABILITY | RESILIENCE | SECURITY9
Approved by Compliance and Certification Committee (CCC) • The organization must: Be actively involved in NERC operations Have methods to assure technical rigor Possess ability to vet content
Pre-Qualified Organizations
RELIABILITY | RESILIENCE | SECURITY10
Applicant applies with
the CCC
CCC Reviews Application
CCC notifies the applicant of approval
Applicant is added to Pre-
Qualified Organization
List
Pre-Qualified Organizations
Pre-Qualified Organization Application Process
RELIABILITY | RESILIENCE | SECURITY11
• Standard Drafting Teams (SDTs) Identifies examples Reviews existing guidance
• Examples vetted by industry through comment/ballot process• Decision to submit for ERO Enterprise endorsement made by Project Management and Oversight Subcommittee (PMOS) liaison NERC standards developer
• May not submit guidance after standard is approved Must be submitted by Pre-Qualified Organization
Standard Drafting Teams
RELIABILITY | RESILIENCE | SECURITY12
Endorsement of Implementation Guidance• Pre-Qualified Organization or SDT submit proposed guidance Email to [email protected] Include Implementation Guidance Submittal Form
• NERC: Acknowledges receipt Posts proposed guidance Distributes to ERO Enterprise SMEs
• ERO Enterprise endorses or declines to endorse• Publicly posted Non-endorsed noted in spreadsheet
Endorsement Process
RELIABILITY | RESILIENCE | SECURITY13
Development Aid
RELIABILITY | RESILIENCE | SECURITY14
• Ensure guidance provides specific examples or approaches to compliance.
• Ensure guidance provides specific examples or approaches to compliance.
• Ensure guidance does not conflict with, or contradict, previously approved documents
• Ensure guidance capitalizes terms defined in the NERC Glossary of Terms when the term is intended to have the same meaning as defined in the Glossary.
• Ensure guidance does not add compliance obligations to an entity that is not specifically required by the subject Reliability Standard and Requirement.
Development Aid
RELIABILITY | RESILIENCE | SECURITY15
• Ensure guidance does not make the subject Reliability Standard and Requirement less restrictive.
• Ensure guidance does not include language that attempts to describe an audit approach.
• Ensure guidance does not introduce new terminology, attempt to define a term, interpret a term, or clarify an ambiguity in the subject Reliability Standard and Requirement.
• Ensure guidance correctly references footnotes, citations, active links, illustrations, table numbers, attachments, addendums, appendices, etc.
• Ensure guidance does not skip steps or stop short of complying with the subject Reliability Standard and Requirement by addressing the entire Requirement in sufficient detail.
Development Aid
RELIABILITY | RESILIENCE | SECURITY16
• Consider using the specific language of the subject Reliability Standard and Requirement when possible.
• Consider avoiding terms that were used in previous versions of a Reliability Standard, but are no longer in use in the current version of the subject Reliability Standard and Requirement.
• Consider using illustrations such as diagrams, sample records, flowcharts, templates, etc.
• Consider using softer words such as “should consider”, “may want to”, “recommended”, etc. when the processes, procedures, or approaches described are examples and are not prescriptive and mandatory.
Development Aid
RELIABILITY | RESILIENCE | SECURITY17
Website
RELIABILITY | RESILIENCE | SECURITY18
Website
RELIABILITY | RESILIENCE | SECURITY19
Website
RELIABILITY | RESILIENCE | SECURITY20
Website
RELIABILITY | RESILIENCE | SECURITY21
• Compliance Guidance web page http://www.nerc.com/pa/comp/guidance/Pages/default.aspx
• Compliance Guidance Policy http://www.nerc.com/pa/comp/Resources/ResourcesDL/Compliance_Guidance_Policy_FINAL_Board_Accepted_Nov_5_201
5.pdf
• Implementation Guidance Under Consideration http://www.nerc.com/pa/comp/guidance/Pending%20Implementation%20Guidance/Implementation%20Guidance%20Und
er%20Consideration%20or%20Development.pdf
• Pre-Qualified Organization list http://www.nerc.com/pa/comp/guidance/Documents/Pre-qualified%20organizations.pdf
• Procedure to Become a Pre-qualified Organization http://www.nerc.com/comm/CCC/Related%20Files%202013/Final%20CCCPP-011_May_BOTCC_updated.pdf
• Pre-Qualified Organization Application http://www.nerc.com/pa/comp/guidance/Documents/Application_Pre-Qualified_Organization.pdf
• How to Submit Proposed Guidance http://www.nerc.com/pa/comp/guidance/Documents/Pre-qualified_org_submittal_with_form.pdf
• U.S. Standards One-Stop Shop http://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xls
Resources
RELIABILITY | RESILIENCE | SECURITY22
• Implementation Guidance Developed by industry for industry, and vetted by industry Endorsed by the ERO Enterprise
• CMEP Practices Guides Developed by ERO Enterprise for ERO Enterprise
• During development of guidance reference the Implementation Guidance Development Aid
• Review the Compliance Guidance Policy document for more details
• Check Compliance Guidance webpage regularly for changes
Key Takeaways
RELIABILITY | RESILIENCE | SECURITY23
RELIABILITY | RESILIENCE | SECURITY
ERO Enterprise CMEP IP Updates
Ryan Mauldin, NERC, Compliance Assurance Advisor2019 Compliance and Standards WorkshopJuly 24, 2019
RELIABILITY | RESILIENCE | SECURITY2
• Purpose of the Compliance Monitoring and Enforcement Program (CMEP) Implementation Plan (IP) Annual CMEP-related operating plan for NERC and Regional Entities Implementation of risk-based approach for CMEP activities
• Timeline NERC posts on or about September 1 of preceding year Regional Entities submit Regional IPs on or about October 1 NERC reviews and posts combined IP in November Updates may occur throughout year
Implementation Plan Background
RELIABILITY | RESILIENCE | SECURITY3
• Roles Highlight risks that merit increased focus for CMEP activities Used in prioritizing and evaluating monitoring scopes Not exclusive list of all risks to reliability of the bulk power system (BPS)
• Enhancements Reflects maturing risk-based program Better articulated as discrete issues Clearer focus in the plan on specific Reliability Standard requirements
• Enables feedback mechanism for future plans Evaluates how risks are being prevented or mitigated Results used to shape and impact future monitoring focus
Risk Element Overview
RELIABILITY | RESILIENCE | SECURITY4
• Several inputs Compliance findings and Enforcement data Event Analysis experience Prioritized or emerging risks Critical Infrastructure Protection themes Reliability Issues Steering Committee’s ERO Reliability Risk Priorities
• Risk elements written to consider potential impact or emerging risk Does not mean all risks Provides actionable information to shape areas of focus
• Risk Elements and areas of focus inform entity-specific COPs and monitoring activities When needed, Regional Risk Elements are used to identify region wide
risks
Establishing Risk Elements
RELIABILITY | RESILIENCE | SECURITY5
2019 Risk Elements Comparison
RELIABILITY | RESILIENCE | SECURITY6
• Improper Management of Employee and Insider Access This risk element focuses on the human element of security, one of the
descriptors of cybersecurity vulnerabilities identified in the 2018 Reliability Issues Steering Committee (RISC) report. Regardless of the sophistication of a security system, there is potential for human error.
2019 Risk Elements
Standard Requirements
CIP-004-6 R1, R2, R3, R4
CIP-005-5 R2
CIP-006-6 R1, R2, R3
CIP-007-6 R2, R3, R5
CIP-010-2 R1, R2, R3, R4
CIP-011-2 R1, R2
RELIABILITY | RESILIENCE | SECURITY7
• Insufficient Long-Term Planning Due to Inadequate Models Adequately modeled planning cases become increasingly critical as a
changing resource mix, deployment of new technologies, etc., affect the risk to BPS reliability.
2019 Risk Elements
Standard Requirements
FAC-002-2 R1, R2, R3, R4, R5
MOD-032-1 R2
MOD-033-1 R1, R2
TPL-001-4 R1, R2, R3, R4
RELIABILITY | RESILIENCE | SECURITY8
• Insufficient Operational Planning Due to Inadequate Models More comprehensive dynamic load models will be needed to sufficiently
incorporate behind-the-meter generation and distributed load resources such as demand-side management programs. Also, with the recent and expected increases of both utility-scale solar resources and distributed generation, the causes of a sudden reduction in power output from utility-scale power inverters need to be widely communicated and addressed by the industry.
2019 Risk Elements
Standards Requirements
MOD-032-1 R2
MOD-033-1 R1, R2
TOP-003-3 R1, R2
TPL-001-4 R1, R2, R3, R4
RELIABILITY | RESILIENCE | SECURITY9
• Spare Equipment with Extended Lead Time Spare equipment strategy is an important aspect of restoration and
recovery. The RISC report identifies that the failure to maintain equipment is a reliability risk exacerbated when an entity either does not have replacement components available or cannot procure needed parts in a timely fashion. The failure to properly commission, operate, maintain, prudently replace, and upgrade BPS assets generally could result in more frequent and wider-spread outages, and these could be initiated or exacerbated by equipment failures.
2019 Risk Elements
Standards Requirements
CIP-014-2 R1, R5
TPL-001-4 R2.1.5
RELIABILITY | RESILIENCE | SECURITY10
• Inadequate Real-time Analysis During Tool and Data Outages Entities are to be encouraged to have realistic plans to continue real-time
analysis during outages of tools, loss of data, or both. This risk element is made more important in situations where planning models may not keep pace with increasing BPS complexity and accurately reflect area specific dependencies on inverters, natural gas, or other items.
2019 Risk Elements
Standards Requirements
IRO-008-2 R4
TOP-001-4 R13
RELIABILITY | RESILIENCE | SECURITY11
• Improper Determination of Misoperations The 2018 RISC report includes a key point that the ERO Enterprise, the
impacted organizations, and the respective forums and trade organizations should perform post-event reviews to capture lessons learned and how to reduce the impact of future events. These reviews will be incomplete if not every event is noticed because the relay operations were not reviewed by qualified personnel. The report also identifies the risk posed by the increasing complexity in protection and control systems, further emphasizing the importance of a skilled workforce analyzing events and relay operations.
2019 Risk Elements
Standards Requirements
PRC-004-5(i) R1, R3
RELIABILITY | RESILIENCE | SECURITY12
• Inhibited Ability to Ride Through Events Generating plant protection schemes and their settings should be
coordinated with transmission protection, control systems, and system conditions to minimize unnecessary trips of generation during system disturbances. Increased implementation of inverter-based resources has brought a focus on this issue.
2019 Risk Elements
Standards Requirements
PRC-019-2 R1
PRC-023-4 R1, R2, R6
PRC-024-2 R1, R2
PRC-025-2 R1
RELIABILITY | RESILIENCE | SECURITY13
• Gaps in Program Execution Where records are not kept up to date, inaccurate models and damaged
equipment can result. Failing to keep accurate inventories of responsibilities and equipment following asset transfers, addition of new equipment, or mergers and acquisitions, is causing incomplete entity programs in Facility Ratings and vegetation management.
2019 Risk Elements
Standards Requirements
FAC-003-4 R1, R2, R3, R5, R6, R7
FAC-008-3 R6
PRC-005-6 R3
RELIABILITY | RESILIENCE | SECURITY14
Looking Ahead to 2019
RELIABILITY | RESILIENCE | SECURITY15
• 2019 ERO Enterprise CMEP IP V2 https://www.nerc.com/pa/comp/Reliability%20Assurance%20Initiative/2019_ERO_CMEP_Implementation%20Plan_V2%20November%202018.pdf
Resources
RELIABILITY | RESILIENCE | SECURITY16
RELIABILITY | RESILIENCE | SECURITY
BCSI / Cloud Update
Lonnie Ratliff, NERC, Senior Manager Cyber and Physical Assurance2019 Industry Compliance and Standards WorkshopJuly 23, 2019
RELIABILITY | RESILIENCE | SECURITY2
• Awareness / Meetings ERO Enterprise / FedRAMP
• CIWG Tabletops Microsoft Azure TBD
• Moving Forward BCSI Practice Guide Project 2019-02
Overview
RELIABILITY | RESILIENCE | SECURITY3
• The Federal Risk and Authorization Management Program (FedRAMP) Government-wide program Standardized approach to security assessment, authorization,
and continuous monitoring for cloud products and services• Enables Agencies to rapidly adapt from old, insecure legacy IT to
mission-enabling, secure, and cost effective cloud-based IT• Established a mature marketplace to increase utilization and
familiarity with cloud services • Facilitating collaboration across government through open
exchanges of lessons learned, use cases, and tactical solutions.
FedRAMP
RELIABILITY | RESILIENCE | SECURITY4
• FedRAMP Project Management Office onsite Evidence Review Third party assessment organization (3PAO) reports
• Coalfire (3PAO)• Microsoft (Cloud Service Provider) Azure Implementation Guide
April ERO Enterprise Meeting
RELIABILITY | RESILIENCE | SECURITY5
• Examine existing Azure FedRAMP Moderate / High evidence. • Assist the ERO Enterprise in determining the suitability of
FedRAMP evidence to demonstrate compliance to the NERC CIP standards
Microsoft Azure Visit Objectives
RELIABILITY | RESILIENCE | SECURITY6
• ERO Enterprise All Regions and NERC represented
• CIWG Representation• Reviewing Evidence Offsite review of Security Analysis
Report Detailed review of evidence provided Reviewing Microsoft created RSAWs
• Azure Cloud Options Azure Moderate / High Azure Government
Microsoft Azure Visit
RELIABILITY | RESILIENCE | SECURITY7
• Objectives Consistent application of controls Consistent evidentiary requirements Reasonable assurance across multiple CSP’s
• Who / What / How Possible same ERO Enterprise Team Different Cloud Service Provider Different 3PAO Similar type of review
Additional Tabletop(s)
RELIABILITY | RESILIENCE | SECURITY8
• Purpose Provide direction to ERO Enterprise CMEP staff around BCSI
• Released – April 26, 2019• Focus Access and Authorization (the ability to both obtain and use) Securely handling in storage, transit, and use
• Considerations Encryption, with key management Data could be on premise or off premise
• Possibly retire when Project 2019-02 is complete
ERO BCSI Practice Guide
RELIABILITY | RESILIENCE | SECURITY9
• BackgroundCreating increased choice, greater flexibility, higher availability, and reduced-cost options for entities to manage their BES Cyber System Information, by providing a secure path towards utilization of modern third-party data storage and analysis systems. In addition, the proposed project would clarify the protections expected when utilizing third-party solutions.
• History Submitted by Tri-State Generation Discussed through CIWG
• Standards Authorization Request Drafting Team June 18 – 19, 2019 face-to-face meeting Standards / Requirements need clarification or modification
Project 2019-02 BCSI Access Mgt
RELIABILITY | RESILIENCE | SECURITY10
RELIABILITY | RESILIENCE | SECURITY
BreakWebinar participants: We will return at 2:45 p.m. Central
RELIABILITY | RESILIENCE | SECURITY
Standards Update
Howard Gugel, NERC, Vice President of Engineering and StandardsCompliance and Standards Workshop July 24, 2019
RELIABILITY | RESILIENCE | SECURITY2
• Revisions to FAC-011 Working to clarify System Operating Limit(SOL) Exceedances (Requirement
R6) Conducting a data analysis to understand the impact of proposed revisions
to industry
• Revisions to FAC-015 Working to make revisions based on industry comment regarding
Coordination of Planning Assessments with the Reliability Coordinator’s SOL Methodology
• Next 45-day formal comment period and additional ballot scheduled for late August 2019.
Project 2015-09 Establish and Communicate SOLs
RELIABILITY | RESILIENCE | SECURITY3
• Phase I: Proposed Standard BAL-003-2 modifies the currently-effective standard
and process documents to address: o The inconsistencies in calculation of Interconnection Frequency Response
Obligation(IFRO)s due to Interconnection Frequency Response performance changes of Point C and/or Value B;
o The Eastern Interconnection Resource Loss Protection Criteria (RLPC); o The frequency of nadir point limitations (currently limited to t0 to t+12); o Clarification of language in Attachment A, i.e. related to Frequency Response
Reserve Sharing Groups (FRSG) and the timeline for Frequency Response and Frequency Bias Setting activities; and
o The BAL-003-1.1 FRS Forms enhancements that include the ability to collect and submit FRSG performance data.
Initial Posting - 45-day comment and ballot period December 4, 2018-January 17, 2019, with 96.41% approval and 92.02% quorum.
NERC Board Adoption November 2019
Project 2017-01Phase I Modifications to BAL-003
RELIABILITY | RESILIENCE | SECURITY4
• Phase II will consider: Revisions to the Reliability Standard to address the Real-time aspects of
Frequency Response necessary to maintain reliability; Ensuring comparability of and applicability to the appropriate responsible
entities; Developing measurements to incorporate Real-time and resource and load
characteristics; and Ensuring equitability of performance.
• Informal comment period August 2019• NERC Board Adoption May 2020
Project 2017-01Phase II Modifications to BAL-003
RELIABILITY | RESILIENCE | SECURITY5
Project Scope:
• Update the PRC-024 ride-through curves to clarify that the area outside the “No Trip” zone is not a “Must Trip” zone
• Clarify inconsistencies to ensure that instantaneously calculated frequency is not permissible to define the trip parameters
• Clarify the Curve Details section of the “Voltage Ride-Through Curve Clarifications”
• Consider whether the to reinforce that the requirements pertain to the point of interconnection
Project 2018-04 Modifications to PRC-024
RELIABILITY | RESILIENCE | SECURITY6
• Clarify if the voltage and frequency protective functions within an inverter control system that trip the inverter are subject to of PRC-024
• Clarify that plant auxiliary equipment protection systems are not subject to the requirements of PRC-024.
• Clarify whether the use of momentary cessation within the “No Trip” zone of PRC-024 does not comply with the standard.
• Consider whether Interconnection-specific modification(s) or Regional Variance(s) are necessary for the voltage ride-through time duration curve(s) in Attachment 2.
Project Scope
RELIABILITY | RESILIENCE | SECURITY7
• The Supplemental Standards Authorization Request (SAR) expands the scope of the project to eliminate identified reliability issues by: Requiring all voltage and frequency protection up to the point of
interconnection (the high voltage side of the generator step-up (GSU) or collector transformer) to adhere to PRC-024;
Requiring those Transmission Owners that own the GSU or collector transformers and the associated voltage and frequency protective relays to be compliant with the standard.
Project Scope – Supplemental SAR
RELIABILITY | RESILIENCE | SECURITY8
• The SDT is still considering comment from the initial posting that closed on May 31, 2019
• Supplemental SAR comment period closes – July 26, 2019• SDT Meeting to review SAR comments and modify SAR, if
necessary – July 31, 2019• Updated SAR submitted to SC – August 21, 2019• Next in-person SDT meeting – September 4–6, 2019 ERCOT offices (Austin, TX)
• 45-day additional ballot scheduled – September 13 – October 28, 2019
• SDT Meeting (in-person or remotely) – November 5–6, 2019
Project Timeline
RELIABILITY | RESILIENCE | SECURITY9
• FERC Order No. 851 directs NERC to develop and submit modifications to Reliability Standard TPL-007-2: to require the development and implementation of corrective action plans
to mitigate assessed supplemental Geomagnetic Disturbance (GMD) event vulnerabilities; and
to authorize extensions of time to implement corrective action plans on a case-by-case basis.
• Initial Ballot and Comment Period scheduled July 26, 2019 through September 8, 2019
• NERC Board Adoption May 2020• Regulatory Filing deadline July 2020
Project 2019-01 Modifications to TPL-007-3
RELIABILITY | RESILIENCE | SECURITY10
• Bulk Electric System (BES) Cyber System Information Access Management To clarify the CIP requirements and measures related to both managing
access and securing BES Cyber System Information.
• SAR Drafting Team (DT) met on June 18-19, 2019 to make revisions to the SAR and respond to industry comments.
• SAR will be presented to the Standards Committee for Authorization on July 24, 2019 NERC
• Standard Drafting Team’s first meeting is tentatively scheduled for August 6-7, 2019.
Project 2019-02 BCSI Access Management
RELIABILITY | RESILIENCE | SECURITY11
• FERC Order No. 850 directs NERC modify the Supply Chain Standards to address EACMSs, specifically those systems that provide electronic access control to high and medium impact BES Cyber Systems.
• NERC Supply chain report also recommends addressing Physical Access Control Systems (PACS) that provide physical access control (excluding alarming and logging) to high and medium impact BES Cyber Systems.
• SAR Comment Period July 2, 2019 – August 1, 2019• NERC Board Adoption November 2020• Regulatory Filing deadline December 2020
Project 2019-03 Cyber Security Supply Chain Risks
RELIABILITY | RESILIENCE | SECURITY12
• CIP-002-6 Ballot Passed with 87.39% approval
• Virtualization Updates What we heard… Definitions CIP-005-7
Project 2016-02 Modifications to CIP
RELIABILITY | RESILIENCE | SECURITY13
• Initial Ballot September 14 – October 30, 2017 TO Control Center (TOCC)
• Additional Ballot March 16 – April 30, 2018 (TOCC)• Additional Ballot – Added IROL SAR | August 23 – October 9,
2018• Additional Ballot CIP-002-6 w/TOCC & Planned / Unplanned
Change & Removed IROL Modifications | July 17, 2019
CIP-002-6 Timeline
RELIABILITY | RESILIENCE | SECURITY14
• What we heard • Virtualization Case for Change White Paper Overwhelmingly positive response (85%+) Discussion of current configurations…
Virtualization Updates
RELIABILITY | RESILIENCE | SECURITY15
• Cyber Asset (CA)• Electronic Security Perimeter (ESP)• BES Cyber System (BCS)• External Routable Connectivity (ERC)
Definitions - Unchanged
RELIABILITY | RESILIENCE | SECURITY16
• Virtual Cyber Asset (VCA):A logical instance of an operating system, firmware, or self-contained application hosted on SCI.
• Shared Cyber Infrastructure (SCI):Programmable electronic devices whose compute, storage, or network resources are shared with one or more Virtual Cyber Assets or that perform logical isolation for an ESZ. This includes its management systems.
• Electronic Security Zone (ESZ):A security zone is a segmented section of a network that contains systems and components to create logical isolation.
New Definitions
RELIABILITY | RESILIENCE | SECURITY17
• BES Cyber Asset (BCA) – to include Virtual Cyber Asset and exclude Shared Cyber Infrastructure.
• Transient Cyber Asset (TCA) - to include Virtual Cyber Asset & SCI connectivity
• EACMS -> EACS + EAMS - to include Virtual Cyber Asset • PACS -> PACS + PAMS - to include Virtual Cyber Asset • Protected Cyber Asset (PCA) - to include Virtual Cyber Asset &
those VCAs that share memory and CPU with a BCS• Removable Media (RM) – to include SCI connectivity
Updated Definitions
RELIABILITY | RESILIENCE | SECURITY18
• Allow old style to remain: ESP, BCS, ERC scoping, etc.
• Create virtualization specific controls alongside for: ESZ, SCI, Virtualized BCAs, EACMS, PACS, PCAs etc.
• Test with many samples (Pinecone Power)
Requirements Approach
RELIABILITY | RESILIENCE | SECURITY19
• Move toward technology agnostic requirements. • New terms to help describe the virtual environment. Clarify new requirements for the virtual environment.
• Preserve Cyber Asset term for backwards compatibility.
How We Can Move Forward
RELIABILITY | RESILIENCE | SECURITY20
• Continue Virtualization Standard Drafting Efforts: Thursday Conference Calls (noon – 2:00 p.m. Eastern) July 16-19, 2019 in-person CIP SDT Meeting – NERC, D.C. August 27-29, 2019 in-person CIP SDT Meeting – NERC, Atlanta September 24-26, 2019 in-person CIP SDT Meeting – NPCC NYNY
• Upcoming postings Informal posting of CIP-005-7, July 23, 2019* Informal posting of CIP-007 & CIP-010, November
Next Steps
RELIABILITY | RESILIENCE | SECURITY21
RELIABILITY | RESILIENCE | SECURITY
Standards Efficiency Review
Chris Larson, NERC, Manager of Standards Information 2019 Compliance & Standards WorkshopJuly 24, 2019
RELIABILITY | RESILIENCE | SECURITY2
Overall: Evaluate NERC Reliability Standards using a risk-based approach to identify potential efficiencies through retirement or modification of Reliability Standard Requirements. This project seeks to identify potential candidate requirements that are not essential for reliability, could be simplified or consolidated, and could thereby reduce regulatory obligations and/or compliance burden.
SER Project Scopes
Phase 2: Evaluate NERC Reliability Standards (O&P and CIP), as informed by implementation experiences and compliance practices, to develop and recommend standards-based solutions intended to reduce inefficiencies and unnecessary regulatory burdens for the purpose of supporting continued safe, secure and reliable operations.
RELIABILITY | RESILIENCE | SECURITY3
Phase 1
SER Working Teams & Timeline
RTOP
LT
2018-03 SDT
P2
1
23
4
2018-03 SDT
P2
CIPSER
2017 2018 2019 2020
CIPSDT
New scope
Phase 2 Concepts
Modifications
RELIABILITY | RESILIENCE | SECURITY4
Multi-phase Approach
Project 2018-03 SER Retirements (Phase 1)• Focused primarily on retirements• Three working teams consisted of 50+ industry participants• Initial SAR proposed 107 Requirements, list trimmed to ~84 after
further discussions with NERC and FERC• Final ballot: April 23-May 2Phase 2:• Six efficiency concepts presented in February 2019 webinar • Industry survey 75 participants of ended March 22• Evaluate & prioritize concepts• Modifications of and dependencies with requirement(s) Sub-team of Phase 1 and Phase 2 members
CIP SER: define scope, approach, and timeline; form working team
RELIABILITY | RESILIENCE | SECURITY5
Phase 1 Deliverables
• Focused primarily on retirements• Revised SAR submitted to Standards Committee (Summer 2018)• Appointed Project 2018-03 SER Drafting Team (October 2018)• Initial comment and ballot period closed (April 2019) Ballot pools of 300+ voters with ~97% approval average
• Final ballot ended (May 2019)• Presented to NERC Board of Trustees (May 2019)• NERC staff submitted two petitions to FERC (June 2019)
RELIABILITY | RESILIENCE | SECURITY6
Phase 2 Deliverables
• Form SER Phase 2 team by supplementing with new CCC & SC members (complete)
• Clarify and adjust scope of work for Phase 2 (complete)• Identify key issues to address with Advisory Group (complete)• Review alternatives and concepts proposed by Phase 1
(complete)• Develop new efficiency concepts (complete)• Evaluate and identify best efficiency concepts (complete)• Draft recommendations for prioritized concepts (2019 Q4 - 2020)
RELIABILITY | RESILIENCE | SECURITY7
Phase 2 Industry Survey
• Gauged level of support (1-10) of each concept from 75 participants, equally weighted Concept 1: Evidence Retention (8.12) Concept 5: Consolidate Information/Data Exchange Requirements (8.11) Concept 3: Move Requirements to Guidance (7.85) Concept 2: Prototype Standard (7.78) . Concept 6: Relocate Competency-based Requirements to the Certification
Program/Controls Review process (6.85) Concept 4: Consolidate & Simplify Training Requirements (6.19)
• Reviewed industry survey responses, comments, and concerns• Evaluated and prioritized concepts based on potential benefit,
feasibility and effort of implementation
RELIABILITY | RESILIENCE | SECURITY8
CIP SER
• CIP SER: using a risk-based approach, evaluate NERC CIP Reliability Standards in order to identify potential efficiencies through retirement or modification of Reliability Standard Requirements
• Approach is very similar to SER Phase 1• Key considerations: Focus first on retirements, then on modifications Relationship & communications with active drafting teams Industry input in parallel with working team formation CIP has less history of mandatory and enforceable
• Working team nominations ends August 16• Industry input using SER Matrix ends August 26• Analysis of industry feedback (August - September)
RELIABILITY | RESILIENCE | SECURITY9
Resources
• Project 2018-03 SER Retirements• Standards Efficiency Review Phase 2 • CIP Standards Efficiency Review
RELIABILITY | RESILIENCE | SECURITY10
RELIABILITY | RESILIENCE | SECURITY
NERC Registration and Certification Updates
Ryan Stewart, NERC Sr. Mgr. of Registration and Certification2019 Compliance and Standards WorkshopJuly 24, 2019
RELIABILITY | RESILIENCE | SECURITY2
• Overview of Certification and Registration Programs• The Organization Registration and Certification Subcommittee
(ORCS) and Organization Registration and Certification Group (ORCG)
• Project and Focus Areas
Agenda
RELIABILITY | RESILIENCE | SECURITY3
NERC ORCP Team
RELIABILITY | RESILIENCE | SECURITY4
• Overview of Registration Program NERC Rules of Procedure (ROP) Section 500 and Appendices 5A and 5B Program put in place to clearly identify those entities that are responsible
for compliance with the FERC approved Reliability Standards NERC established and maintains a NERC Compliance Registry (NCR) Various registration options Daily Registration Processingo Common Registration Formo Information Technology (IT) System Work Flows
Regional Entity Oversight NERC-led Review Panels
Overview of Certification and Registration Programs
RELIABILITY | RESILIENCE | SECURITY5
• Overview of Certification Program NERC Rules of Procedure (ROP) Section 500 and Appendix 5A Program put in place to certify a new Reliability Coordinator (RC),
Balancing Authority (BA), and/or Transmission Operator (TOP) has the tools, processes, procedures, and capabilities to reliably operate for that function
Program includes process for entities to maintain Certification Regional Entity Oversight
Overview of Certification and Registration Programs
RELIABILITY | RESILIENCE | SECURITY6
• Electric Reliability Organization (ERO) group for managers, engineers, analysts, etc. Work pertaining to Registration, Certification, BES Exceptions, IT efforts,
NERC-led Review Panels, etc.
• NERC co-chairs the ORCG with a Regional member• Group has an annual Work Plan• ORCG conducts bi-weekly calls and meets on a periodic basis in-
person
Organization Registration and Certification Group (ORCG)
RELIABILITY | RESILIENCE | SECURITY7
• Industry group, reporting to the Compliance and Certification Committee (CCC)
• NERC acts as secretary• Purpose: Advise and provide support to NERC and the Regional Entities with
development and implementation of organization registration and certification processes (i.e., ROP 500 & Appendix 5), and
Advise and provide ongoing support to NERC and the Regional Entities relating to approved organization registration and certification processes.
Organization Registration and Certification Subcommittee (ORCS)
RELIABILITY | RESILIENCE | SECURITY8
• NERC Registration team managed the SPP RE transition process• Supported FRCC RE transition• Western Interconnection RC transition• IT applications CFR Tool CORES
• Possible NERC Rules of Procedure changes Certification review “trigger” language Coordinated Functional Registration (CFR) and Joint Registration
Organization (JRO) language clarity RBR implementation
Projects and Focus Areas
RELIABILITY | RESILIENCE | SECURITY9
RELIABILITY | RESILIENCE | SECURITY1
RELIABILITY | RESILIENCE | SECURITY
Closing Announcements
Steven Noess, NERC, Director of Regulatory Programs 2019 Compliance and Standards WorkshopJuly 24, 2019