CIP-002-6: Updates...Impact to Reliability Ensure entities with Control Centers that monitor and...

CIP-002-6: Updates

Presented by: Zach Trublood, Senior Compliance Auditor, Cyber Security

Author: Dr. Joseph B. Baugh, Senior Compliance Auditor, Cyber Security

Compliance Workshop – March 29, 2018

Boise, Idaho

W E S T E R N E L E C T R I C I T Y C O O R D I N A T I N G C O U N C I L

Impact to Reliability

Ensure entities with Control Centers that monitor and control BES Transmission Lines, regardless of

registration, are aware of upcoming changes to CIP-002-6 and are prepared to apply the revised IRC 2.12

to their inventory of BES Transmission Lines from 100kV to 499kV to classify the BCS associated with

their Control Centers appropriately and apply the full protections of the CIPv5 Standards, as applicable.

2


Agenda

• Primary changes to CIP-002-6

– Special Protection System [SPS] term retired

– Proposed change to Control Center definition

– Proposed changes to Planned/Unplanned Changes

– Proposed changes to IRC 2.12 to establish a new Low impact Transmission Control Center classification

• Examples: Applying IRC 2.12

• Feel free to ask questions at any time during the presentation.

3


Changes in CIP-002-6

• The term Special Protection System [SPS] has been removed from CIP-002-6 [CIP-002-5.1a]:

– Applicability Sections: 4.1.2.2 (p. 1 [1]); 4.2.1.2 (p. 2 [2])

– Requirements: R1.v (p. 7 [6], see also Appendix 1, p. 39 [35])

– Impact Rating Criteria: 2.9 (p. 17 [15]); 3.5 (p. 19 [16])

– BROS Dynamic Response section (p. 22 [19])

– CIP-002-6 Supplemental Material (pp. 28, 31 [G&TB: 26, 29])

• All prior SPS should be referenced as Remedial Action Schemes [RAS], but there are no expected changes to the classifications of the associated BCS

4


What is a Control Center? (Current Definition)

One or more facilities hosting operating personnel that monitor and control the Bulk Electric System (BES) in real-time to perform the reliability tasks, including their associated data centers, of:

1) a Reliability Coordinator,

2) a Balancing Authority,

3) a Transmission Operator for transmission Facilities at two or more locations, or

4) a Generator Operator for generation Facilities at two or more locations. (NERC, 2018 March 16, Control Center Definition Revision)

5


What is a Control Center? (Proposed Definition)

One or more facilities, including their associated data centers, that monitor and control the Bulk Electric System (BES) and also host operating personnel who:

1) perform the Real-time reliability-related tasks of a Reliability Coordinator; or

2) perform the Real-time reliability-related tasks of a Balancing Authority; or

3) perform the Real-time reliability-related tasks of a Transmission Operator for Transmission Facilities at two or more locations; or

4) can act independently as the Generator Operator to develop specific dispatch instructions for generation Facilities at two or more locations; or

5) can operate or direct the operation of a Transmission Owner’s Bulk Electric System transmission Facilities in Real-time. (Ibid, p.

6


Who are NOT Operating Personnel?

• Under the proposed Control Center definition, operating personnel do not include:

1) plant operators located at a generator plant site or personnel at a centrally located dispatch center who relay dispatch instructions without making any modifications; or

2) Transmission Owner or Transmission Operator field switching personnel.

7


Implementation Plan

• The SDT proposed the following effective date for the new Control Center definition:

– “First day of the first calendar quarter that is three (3) calendar months after the effective date” (NERC, Implementation Plan: Control Center Definition, p. 1)

• The existing definition will be retired immediately prior to the effective date of the proposed definition.

8


Planned and Unplanned Changes• The SDT proposed moving the Planned and Unplanned Change

language from the implementation plan to the CIP-002-6 Standard and polled the SDT members:

– Do you agree with the Planned and Unplanned Change language being moved from the Implementation Plan to the standard? (60 Respondents)

• Yes – 97% (58); No – 3% (2)

– Do you agree with the Planned and Unplanned Change language in CIP-002? (73 Respondents)

• Yes – 86% (63); No – 14% (10)

9


Planned Changes*• Changes to the Bulk Electric System or Cyber Asset(s) that were planned

and implemented by the Responsible Entity or with the Responsible Entity’s awareness.

• Planned changes typically involve a change to a Bulk Electric System asset (e.g., substation, generating resource, Control Center) or a change to a Cyber Asset that was foreseen by the Responsible Entity.

• Examples of planned changes include:– New or upgraded transmission Facilities (e.g., lines or substations, including

substation automation &/or digital relay projects)– New BES generation resource(s); new units &/or control system upgrades at

existing BES generation locations– New Control Centers and their associated data centers– New or replacement EMS/SCADA BCS

10


*Source: (NERC, 2018 March 16, CIP-002-6 [SDT Version], footnote 1, p. 4)

Compliance Dates for Planned Changes

• Formerly stated planned changes should be, “Compliant upon commissioning,” the proposed language states (CIP-002-6, p. 6):– Planned Changes resulting in a new BES Cyber System or a change in

categorization for an existing BES Cyber System, the Responsible Entity shall comply with all newly applicable requirements in this Reliability Standard upon the commissioned date of the Planned Change.

– For this provision, the commissioned date is the date a new or modified Bulk Electric System asset or Cyber Asset is capable of impacting the BES. [Emphasis Added].

– For requirements that contain periodic obligations, initial performance of those obligations following a Planned Change shall occur within the first period following the commissioned date of the Planned Change.

11


Unplanned Changes**(i) Any changes to the Bulk Electric System or a Cyber Asset that occur without the entity’s awareness or (ii) Changes to the categorization of a Cyber Asset caused by a notification from another entity or the output of a planning study, e.g. • Examples of Unplanned Changes include:

(1) when a Responsible Entity is notified (internally or externally) that a generation Facility has been designated as necessary to avoid an Adverse Reliability Impact in the planning horizon of more than one year (CIP-002, Attachment 1, Criterion 2.3); (2) when a Responsible Entity is notified (internally or externally) that a generation or Transmission Facility has been identified as critical to the derivation of an IROL and their associated contingencies (CIP-002, Attachment 1, Criterion 2.6); (3) when a generating resource that is connected at less than 100kV is designated as a new Blackstart Resource along with its Cranking Path (CIP-002, Attachment 1, Criterion 3.4); or(4) when a system study that shows changes in customer load have resulted in crossing the 300 MW threshold of a load shedding system as described in Criterion 2.10 of CIP-002, Attachment 1.

12


**Source: (NERC, 2018 March 16, CIP-002-6 [SDT Version], footnote 2, p. 4)

Compliance Dates for Unplanned Changes

• For Unplanned Changes, the Responsible Entity shall comply with all newly applicable requirements in this Reliability Standard according to the timelines in the table below.

– As used in the table, the phrase “BES asset type” refers to the BES asset types listed in R1.i – R1.vi of CIP-002:

13


14

Compliance Dates for Unplanned

Changes (CIP-002-6, p. 5)

Periodic and Existing Obligations (Ibid, p. 5)• For requirements that contain periodic obligations, initial performance of

those obligations following an Unplanned Change shall occur within the first period following the date that the Implementation Period ends, as defined in the table above,

• Except that the Responsible Entity shall initially perform Part 2.2 of Requirement R2 by the date the Implementation Period ends where the Unplanned Change results in a high or medium impact BES Cyber System and the Responsible Entity previously had neither a high nor a medium impact BES Cyber System.

• For Unplanned Changes resulting in a higher categorization for an existing BES Cyber System, the Responsible Entity shall continue to comply with the applicable requirements of the prior categorization during the Implementation Period defined above.

15


IRC 2.12 Changes

• IRC 2.12 was changed significantly and introduces a new aggregated weighted value [AWV] calculation to create a threshold value that will allow smaller TO/TOP entities to classify their Transmission Control Centers as Low impact BES Assets under IRC 3.1

• Does not impact any TOP Control Centers with High BCS identified under IRC 1.3 (by virtue of IRC 2.2, 2.4, 2.5, and/or 2.7-2.10)

16


IRC 2.12 Changes

• May also affect some TO Control Centers:– The Project 2016-02 Standard Drafting Team (SDT) revised Reliability

Standard CIP-002-6, Attachment 1, Criterion 2.12 to address all Control Centers and backup Control Centers of Transmission, regardless of registration [emphasis added]. The revision provides a bright line threshold that categorizes BES Cyber Systems associated with Control Centers of Transmission as medium impact. (NERC, n. d., Project 2016-2, p. 1)

– The revised Reliability Standard CIP-002-6, Attachment 1, Criterion 2.12 provides a bright line threshold that categorizes BES Cyber Systems associated with Control Centers of Transmission as medium impact. All other BES Cyber Systems associated with Control Centers of Transmission that do not exceed the bright line threshold will be categorized as low impact. (NERC, n. d., Project 2016-2, p. 2)

17


IRC 2.12 Changes• Now requires an AWV calculation based on the number of BES

transmission lines monitored and controlled by the Transmission Control Center(s)

• The IRC 2.12 AWV calculation is not the same as the IRC 2.5 calculation, as IRC 2.12:– Does not consider number of connected substations or exclude generation

interconnection Facilities

– Adds BES transmission lines operated at 100kV to 199kV to higher voltage lines up to 499kV

– Threshold AWV is 6000 between Transmission Control Centers with Medium BCS and those Control Centers that can be classified as Low impact BES Assets

18


What is a BES Transmission Line? (p. 34)• In the terms of applicable BES Transmission Lines, the following

should be considered for IRC 2.12:– All BES Transmission Lines that are energized at voltages between 100 kV

and 499 kV and are monitored and controlled by a Control Center, including any associated data center(s)

– All BES Transmission Lines, including those that connect to neighboring entities, that are monitored and controlled by the Responsible Entity’s Control Center(s)

– Multiple-point (or multiple-tap) lines are considered to contribute a single weight value per line

– May exclude transmission lines removed from BES by application of Exclusion E1 (NERC, 2014, BES Guidance Document, pp. 4, 27-50)

19


Rationale for IRC 2.12 (CIP-002-6, p. 18)20


IRC 2.12 - AWV Table (CIP-002-6, p. 19)21


IRC 2.12 – AWV: Example 1

• <TOP A> monitors and controls 19 BES transmission lines: twelve 115kV lines, five 230kV lines, and two 345kV lines

▪ 12(250) + 5(700) + 2(1300) = ?

▪ 3000 + 3500 + 2600 = 9100

• <TOP A>’s AWV calculation of 9100 exceeds the AWV threshold of 6000.

– Therefore, the BCS associated with its TOP Control Centers must be protected as Medium BCS.

22



• <TOP B> monitors and controls 20 BES transmission lines: nineteen 115kV lines, one 230kV line, and no 345kV lines

▪ 19(250) + 1(700) + 0(1300) = ?

▪ 4750 + 700 + 0 = 5450

• <TOP B>’s AWV calculation of 5450 does not exceed the AWV threshold of 6000.

– Therefore, its TOP Control Centers may be protected as Low impact BES Assets (under IRC 3.1)

23



• <TOP C> monitors and controls 24 BES transmission lines: 24 115kV lines, no 230kV lines, and no 345kV lines

▪ 24(250) + 0(700) + 0(1300) = ?

▪ 6000 + 0 + 0 = 6000

• <TOP C>’s AWV calculation of 6000 does not exceed the AWV threshold of 6000.

– Therefore, its TOP Control Centers may be protected as Low impact BES Assets (under IRC 3.1)

24



• <TOP D> monitors and controls 15 BES transmission lines: ten 115kV lines, three 230kV lines, one 345kV line, and one end of a 500kV tie-line with an adjacent TOP.▪ 10(250) + 3(700) + 1(1300) + 1(0) = ?

▪ 2500 + 2100 + 1300 + 0 = 5900

• <TOP D>’s AWV calculation of 5900 does not exceed the AWV threshold of 6000 – However, IRC 2.12 does not apply to <TOP D>, due to the 500kV line (the

Control Center comes into scope under IRC 1.3, by virtue of IRC 2.4).

– Therefore, the BCS located at and used by its TOP Control Centers must be protected as High BCS (IRC 1.3).

25


Applying the IRC 2.12 - AWV• IRC 2.12 applies if BCS at the Transmission Control Center(s) are not

already classified as High BCS under Section 1 IRC 1.3• Does not impact BA or GOP Control Centers

26

Next Steps• First comment period ended on October 30, 2017

• First round ballot rejection (66.78%)

• SDT addressed industry comments and posted CIP-002-6 along with the new Control Center definition for a 45-day industry comment period followed by a 10-day ballot period

– Comment Period: March 16 – April 30, 2018

– Ballot Period: April 20-30, 2018

• Be sure to review and comment on the CIP-002-6 revision and the new Control Center definition, the future of CIP-002-6 is in your hands

27


Speaker Contact Information28


Zach Trublood, EIT, CISSP, CISASenior Compliance Auditor – Cyber Security

Western Electricity Coordinating Council (WECC)ztrublood (at) wecc (dot) biz

(C) 385.232.6347

Joseph B. Baugh, Ph.D., MBA,PMP, CISA, CISSP, CRISC, CISM, PSP

Senior Compliance Auditor - Cyber SecurityWestern Electricity Coordinating Council (WECC)

jbaugh (at) wecc (dot) biz(C) 520.331.6351 (O) 360.600.6631

References• NERC. (2014 April). Bulk Electric System Definition Guidance Document [Version 2].

Retrieved from http://www.nerc.com/pa/RAPA/BES%20DL/bes_phase2_reference_document_20140325_final_clean.pdf

• NERC. (2017 September 14). Project 2016-2 Consideration of Issues and Directives: CIP V5 Issues for Standard Drafting Team Consideration. Retrieved from http://www.nerc.com/pa/stand/project%20201602%20modifications%20to%20cip%20standards%20dl/2016-02_cip-002-6_consideration_of_issues_and_directives_09142017.pdf

• NERC. (2018 March 16). CIP-002-6 — Cyber Security — BES Cyber System Categorization [SDT Version]. Retrieved from https://www.nerc.com/pa/Stand/Project%20201602%20Modifications%20to%20CIP%20Standards%20DL/CIP-002-6_Standard_Clean_03162018.pdf

29


http://www.nerc.com/pa/RAPA/BES DL/bes_phase2_reference_document_20140325_final_clean.pdf

http://www.nerc.com/pa/stand/project 201602 modifications to cip standards dl/2016-02_cip-002-6_consideration_of_issues_and_directives_09142017.pdf

https://www.nerc.com/pa/Stand/Project 201602 Modifications to CIP Standards DL/CIP-002-6_Standard_Clean_03162018.pdf

References

• NERC. (2018 March 16). Implementation Plan: Control Center Definition. Retrieved from https://www.nerc.com/pa/Stand/Project%20201602%20Modifications%20to%20CIP%20Standards%20DL/2016-02_Control_Center_Definition_Implementation_Plan_03162018.pdf

• NERC. (2018 March 16). Proposed Revision to the Control Center Definition for the NERC Glossary of Terms. Retrieved from https://www.nerc.com/pa/Stand/Project%20201602%20Modifications%20to%20CIP%20Standards%20DL/2016-02_Control_Center_Modified_Definition_03162018.pdf

30


https://www.nerc.com/pa/Stand/Project 201602 Modifications to CIP Standards DL/2016-02_Control_Center_Definition_Implementation_Plan_03162018.pdf

https://www.nerc.com/pa/Stand/Project 201602 Modifications to CIP Standards DL/2016-02_Control_Center_Modified_Definition_03162018.pdf

CIP-002-6: Updates...Impact to Reliability Ensure entities with Control Centers that monitor and...

Documents

Transcript of CIP-002-6: Updates...Impact to Reliability Ensure entities with Control Centers that monitor and...