cipc workplan update - nerc highlights... · •may 2015 – mrc and bot formed “compliance...
TRANSCRIPT
![Page 1: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/1.jpg)
CIPC Workplan Update
Marc A. Child, Great River Energy, CIPC ChairCritical Infrastructure Protection CommitteeJune 5-6, 2018
![Page 2: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/2.jpg)
RELIABILITY | ACCOUNTABILITY2
Executive CommitteeRoss Johnson, Phys SME, Capital Power Marc Child, Chair, Great River Energy Andrea Koch, EEIBrenda Davis, Cyber SME, CPS Energy David Grubbs, Vice Chair, City of Garland (vacant) APPAChuck Abell, Ops SME, Ameren David Revill, Vice Chair, NRECA (vacant) EPSAJeff Fuller, Policy SME, AES Ken McIntyre, Secretary, NERC (vacant) IPC
Physical Security Subcommittee(Ross Johnson)
Cybersecurity Subcommittee(Brenda Davis)
Operating Security Subcommittee
(Chuck Abell)
Policy Subcommittee
(Jeff Fuller)
Physical SecurityWG (PSAG)
(Ross Johnson)
Control Systems Security WG(Mike Mertz)
(Carter Manucy)
Grid Exercise WG
(Tim Conway)
Security Metrics WG
(Larry Bugh)
Compliance Input WG(Paul Crist)
Physical Security Guidelines TF
(Darrell Klimitchek)
Security Training WG(David Godfrey)(Amelia Sawyer)
Supply Chain Working Group
(Mike Meason)
Planning Committee Joint Projects
Operating Committee Joint Projects
CIPC Organizational Chart
![Page 3: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/3.jpg)
RELIABILITY | ACCOUNTABILITY3
# CIPC Deliverable (non-ongoing projects) EstimatedCompletion Date
1 Implications of Voice-over-IP and the CIP Standards Q1 2018
2 Develop CIPC Collaboration Site on NERC.com Q2 2018
3 CIP Implications of Shared Transmission Facilities Q2 2018
4 Key management security guideline Q2 2018
5 Vendor Essential Security Practices Model Q3 2018
6 Security implications of UAVs Q3 2018
7 Update CIPC Website on NERC.com Q3 2018
8 Implications of Cloud Services for CIP Assets Q4 2018
9 Assess the cyber security risk of Fuel Handling SCADA systems for Generation Q1 2019
10 Address Remote Access Security Findings #1-#18 Q3 2019
11 Identification and Reduction of Cyber and Physical Security Risks Q4 2019
12 Legacy system testing coordination with National Labs Q4 2019
13 Annual Security Assessment of the BES Q4 2019
Timeline of Activities
![Page 4: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/4.jpg)
RELIABILITY | ACCOUNTABILITY4
• Budget NERC budget / E-ISAC budget – little discussion or debate NERC down 5 FTE’s – E-ISAC hiring 3 FTE’s
• SERC-RF-WECC ‘CIP Themes & Lessons Learned’ Board of Trustees Compliance Committee briefing by Ken McIntyre ‘Disassociation’ (compliance vs security) ‘Organizational Silos’ CIPC may be asked to help with guidance
• E-ISAC briefing Status of long-term strategic plan Observation: Board members are very pleased with progress
Notes from the Board of Trustees (Board) Meeting
![Page 5: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/5.jpg)
RELIABILITY | ACCOUNTABILITY5
• Commissioner LaFleur (Member Representatives Committee meeting) Large number of Federal Energy Regulatory Commission staff in
attendance Recognized new President & CEO Jim Robb NERC efforts on defining/measuring resiliency are job #1 Standards Efficiency Review is a very worthwhile exercise
• Commissioner Glick Concerned about pipeline security & security jurisdiction
• NERC CEO Jim Robb Security is the ‘number one’ personal area of focus, as well as supporting
the E-ISAC
Notes from the Board of Trustees (Board) Meeting
![Page 6: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/6.jpg)
RELIABILITY | ACCOUNTABILITY6
Roster changes and opportunities
![Page 7: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/7.jpg)
RELIABILITY | ACCOUNTABILITY7
![Page 8: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/8.jpg)
Legislative Update
Kaitlin Brennan, Manager – Cyber and Infrastructure Security, EEICritical Infrastructure Protection Committee Meeting June 5-6, 2018
![Page 9: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/9.jpg)
RELIABILITY | ACCOUNTABILITY2
• H.R. 5174 Energy Emergency Leadership Act • H.R. 5239 The “CyberSense” Act• H.R. 5240 Enhancing Grid Security through Public-Private Partnerships Act• H.R. 5175 Pipeline and LNG Facility Cybersecurity Act• S. 79 Securing Energy Infrastructure Act • S. 2392 Cyber SAFETY Act of 2018• Other possibilities: Expanding background investigations of critical utility personnel S. 1460 - The Energy and Natural Resources Act H.R. 4036 - Active Cyber Defense Certainty Act S. 536 - Cybersecurity Disclosure Act of 2017 Data breach legislation
Legislative Update
![Page 10: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/10.jpg)
RELIABILITY | ACCOUNTABILITY3
![Page 11: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/11.jpg)
Electricity Subsector Coordinating Council Update
Kaitlin Brennan, Manager – Cyber and Infrastructure Security, EEICritical Infrastructure Protection Committee MeetingJune 5-6, 2018
![Page 12: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/12.jpg)
RELIABILITY | ACCOUNTABILITY2
•2018 Schedule: May 7, in Washington, DC July 11-12, at Idaho National Laboratories October 9-10 in the Washington, DC / Baltimore, MD area
•Puerto Rico Response•ESCC-Government Engagement•Research & Development Strategic Committee•Cross-Sector Coordination
ESCC Update
![Page 13: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/13.jpg)
RELIABILITY | ACCOUNTABILITY3
![Page 14: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/14.jpg)
CIPC RISC Update
Marc A. Child, Great River Energy, CIPC ChairCritical Infrastructure Protection CommitteeJune 5-6,
![Page 15: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/15.jpg)
RELIABILITY | ACCOUNTABILITY2
Executive CommitteeRoss Johnson, Phys SME, Capital Power Marc Child, Chair, Great River Energy Andrea Koch, EEIBrenda Davis, Cyber SME, CPS Energy David Grubbs, Vice Chair, City of Garland (vacant) APPAChuck Abell, Ops SME, Ameren David Revill, Vice Chair, NRECA (vacant) EPSAJeff Fuller, Policy SME, AES Ken McIntyre, Secretary, NERC (vacant) IPC
Physical Security Subcommittee(Ross Johnson)
Cybersecurity Subcommittee(Brenda Davis)
Operating Security Subcommittee
(Chuck Abell)
Policy Subcommittee
(Jeff Fuller)
Physical SecurityWG (PSAG)
(Ross Johnson)
Control Systems Security WG(Mike Mertz)
(Carter Manucy)
Grid Exercise WG
(Tim Conway)
Security Metrics WG
(Larry Bugh)
Compliance Input WG(Paul Crist)
Physical Security Guidelines TF
(Darrell Klimitchek)
Security Training WG(David Godfrey)(Amelia Sawyer)
Supply Chain Working Group
(Mike Meason)
Planning Committee Joint Projects
Operating Committee Joint Projects
CIPC Organizational Chart
![Page 16: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/16.jpg)
RELIABILITY | ACCOUNTABILITY3
•Resiliency Primary area of focus Framework nearing completion CIPC added ‘detect’ to the definition of Resourcefulness
•CIPC Representation Chuck Abell will provide updates on future actions/activities
Reliability Issues Steering Committee
![Page 17: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/17.jpg)
RELIABILITY | ACCOUNTABILITY4
![Page 18: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/18.jpg)
Supply Chain Activities
Howard Gugel, Senior Director of Standards and Education, NERCCritical Infrastructure Protection Committee MeetingJune 5-6, 2018
![Page 19: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/19.jpg)
RELIABILITY | ACCOUNTABILITY2
• Support effective and efficient implementation (e.g. CIP V5 transition)
• Supply chain risk study• Communicate supply chain risks to industry • Forum and Association white papers• Plan to evaluate effectiveness of supply chain standards
Board Resolution
![Page 20: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/20.jpg)
RELIABILITY | ACCOUNTABILITY3
• NERC created a supply chain standard webpage• Critical Infrastructure Protection Committee (CIPC) to establish
advisory task force Advise on activities to support standard implementation Develop schedule for webinars, workshops, and technical conferences in
coordination with NERC and the Regional Entities Document existing risks and develop security guidelines
• NERC and Regions to conduct small group advisory sessions• NERC and Regions to offer outreach and readiness evaluations
Effective and Efficient Implementation
![Page 21: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/21.jpg)
RELIABILITY | ACCOUNTABILITY4
• NERC to use EPRI to conduct risk study Assessment of product/manufacturer types used on the BES Analysis & applicability to BES Cyber Assets Analysis of best practices and standards in other industries to mitigate
supply chain risks Analysis of generalized vendor practices and approaches used to mitigate
supply chain risks
• NERC to recruit industry experts and vendors to participate in supply chain risk study
• E-ISAC to engage Department of Energy and Department of Homeland Security to explore information sharing opportunities and future supply chain risk assessment activities
Supply chain risk study
![Page 22: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/22.jpg)
RELIABILITY | ACCOUNTABILITY5
• NERC and E-ISAC to continue utilizing NERC Alerts to communicate supply chain risks
• E-ISAC included supply chain risk topic in GridEx IV• NERC to capture supply chain standard resources on webpage• NERC and Regions to include supply chain topic at planned
workshops and seminars in 2018 NERC to conduct additional webinars and technical conferences
• CIPC to develop supply chain security guidelines• NERC and CIPC to partner with National Laboratory group to
conduct current equipment supply chain risk evaluation
Communicate supply chain risks
![Page 23: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/23.jpg)
RELIABILITY | ACCOUNTABILITY6
• Forums and Associations developing white papers First drafts completed Final review and publish Q3 2018
• NERC to post white papers on supply chain standard webpage• NERC, Forums and Associations to jointly present papers to
industry
Forums and Associations
![Page 24: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/24.jpg)
RELIABILITY | ACCOUNTABILITY7
• NERC and Regions to develop effectiveness evaluation plan in Q4 2018 Evaluation plan dependent on FERC approval Plan to consider standard effective date and associated implementation
plan
• CIPC advisory task force to provide feedback to ERO Enterprise and industry on supply chain standard effectiveness
• NERC and Regions to continue small group advisory sessions throughout supply chain implementation to obtain feedback on outcomes and standard effectiveness
• ERO Enterprise auditor observations and feedback on standard effectiveness
Plan to evaluate standard effectiveness
![Page 25: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/25.jpg)
RELIABILITY | ACCOUNTABILITY8
![Page 26: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/26.jpg)
NATF UpdateNERC CIPC Meeting
June 5-6, 2018
Ken KeelsNATF Director, Practices and Initiatives
[email protected]; 704-945-1950
Open DistributionCopyright © 2018 North American Transmission Forum. Not for sale or commercial use. All rights reserved.
Community Confidentiality Candor Commitment
![Page 27: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/27.jpg)
Topics
• Update on NATF Compliance Implementation Guidance• NATF Work on Supply Chain Cybersecurity Risk Management• NATF Member Security Practices Sharing and Development• NATF Member Security Practices Workshop
Open Distribution 2
![Page 28: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/28.jpg)
Endorsed Compliance Implementation Guidance
• CIP-010-3, R1.6 (Software Integrity & Authenticity)• Cyber security supply chain risk management
• CIP-014-2, R4 Practices Document (Threat and Vulnerability Evaluations)
• CIP-014-2, R5 Practices Document (Physical Security Plans)
Open Distribution 3
![Page 29: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/29.jpg)
Non-Endorsed Compliance Implementation Guidance
NATF projects teams working on revisions to these two guidance documents:
• CIP-010-2, R4 Implementation and Use of Transient Cyber Assets (TCA)
• CIP-005-6, R2.4 and R2.5 (Vendor Remote Access)• Cyber security supply chain risk management
Open Distribution 4
![Page 30: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/30.jpg)
Supply chain risk management
Completed NATF Activities/Products• Compliance Implementation Guidance – available to public!
• CIP-010-3, R1.6 (Software Integrity & Authenticity) – ERO Endorsed• CIP-005-6, R2.4 and R2.5 (Vendor Remote Access) – Not Endorsed
Under Development NATF Activities/Products• White Paper – future public availability!
• Cyber Security Supply Chain Risk Management Guidance• Compliance Implementation Guidance – future public
availability!• CIP-013 (Reliance on Independent Assessments of Vendors)
Open Distribution
![Page 31: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/31.jpg)
NATF Supply Chain Cyber Security Risk Management Approach
Procurement Specifications Vendor Requirements
Existing Equipment
Open Distribution
![Page 32: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/32.jpg)
Supply Chain Cyber Security Risk Management Plan
• Recommends establishment of cross-functional team within company to develop and implement plan
• Describes approach for assessing risk• Identifies supply chain cyber security criteria, drawn from
existing security frameworks (e.g., NIST, SOC2, ISO)• Suggests defining process/responsibility within company to
approve “exceptions”
Open Distribution
![Page 33: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/33.jpg)
Common Approach and Criteria
Open Distribution
Established Cyber Security Criteria and Frameworks
8
Cyber Security Criteria for BES Entities
![Page 34: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/34.jpg)
Open Distribution
Draft NATF Paper
Partner Sharing
NERC Sharing
Fine Tune/Finalize Documents and
Additional Socialization
Industry Publication
Circulate draft with EEI, APPA, NRECA, ISO/RTO, NAGF, EPRI, NERC, NERC CIPC, UTC
NERC BOT –Overview/Update
NATF board approval for open distribution
Feb/Mar
Apr
May
June/July
August
NERC BOT –Whitepaper Presentation
Further industry collaboration
Public Posting
NATF Timeline
FUTURE:Additional practices; white papers; industry alignment on approach and criteria
![Page 35: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/35.jpg)
NATF Member Security Practices Sharing and Development
• Future Practice:• Managing data and applications in a “cloud” environment
• Topic Specific Webinars:• Cyber Kill Chain• Defense in Depth
• Focus Groups:• Emerging Issues White Papers Working Group
• Creating a Security Benchmarking Program• Phishing - How not to get caught by the Social Engineering Fisherman
• Configuration Management Users Group (New)• Tools Working Group
Open Distribution 10
![Page 36: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/36.jpg)
NATF Member Security Practices WorkshopCyber Security Break Out Focus• Audit experience - CIP-007 patching • Patch evaluation • Tracking security patch mitigation
plans • Tools for automated patching • Security patch authenticity • How to build an effective and
efficient patch management program
Open Distribution 11
Physical Security Break Out Focus• Physical Security Maturity Model • Social Engineering & Investigative
Stories • Red Teaming / Penetration Testing • Situation Awareness / Security
Analysis • Crisis Communications• Low Impact Physical Security • Incident Command
![Page 37: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/37.jpg)
Questions?
Open Distribution 12
![Page 38: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/38.jpg)
Technical Rationale
Howard Gugel, Senior Director of Standards and EducationCIPC MeetingJune 5-6, 2018
![Page 39: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/39.jpg)
RELIABILITY | ACCOUNTABILITY2
• Reliability Standards template has included Guidelines and Technical Basis (GTB) section
Provides SDT mechanism to: (i) explain technical basis for Standard/Requirements; and
Provides technical guidance to apply Standard
• May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards and develop policy for the purpose, development, use and maintenance of guidance
• Team identified two purposes for guidance:
Assist registered entities w/ implementing standards; and
To provide direction to ERO Enterprise CMEP staff
• Team Established principles for developing guidance and recommended
Implementation Guidance (IG)
CMEP Practice Guides
“One-stop shop” on website for guidance info on a Standard
Background
![Page 40: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/40.jpg)
RELIABILITY | ACCOUNTABILITY3
Principles for Developing Guidance:
• Guidance documents cannot change scope or purpose of Standard
• Contents not only way to comply
• Compliance expectations made clear through Standards development process, minimizing the need for guidance after final approval of standard
• Forms of guidance should not conflict
• Guidance developed collaboratively and posted on NERC website
• Finite/limited set of guidance tools; Well understood; Organized to facilitate use and implementation
• All guidance related to same standard coordinated and collected in one location
BOT Compliance Guidance Policy – Nov. 2015
![Page 41: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/41.jpg)
RELIABILITY | ACCOUNTABILITY4
• Standards template currently has GTB section to: Explain technical basis for Standard/ Requirements; and Provide technical guidance to help support effective application of Standard
• In response to BOT Compliance Guidance Policy, NERC Standards personnel and SC leadership drafted Technical Rationale for Reliability Standards document Goal: clarify difference between IG and Technical Rationale Presented to SC in June 2017
What about Guidelines & Technical Basis?
![Page 42: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/42.jpg)
RELIABILITY | ACCOUNTABILITY5
• June 2017 – SC endorsed Technical Rationale for Reliability Standards document
Standards template no longer will include GTB section
Existing GTB replaced by Technical Rationale or Implementation Guidance (IG) (as appropriate)
Technical Rationale should:
o Create a separate document clearly marked Technical Rationale for Reliability Standard XXX-XXX-X;
o Provide stakeholders & ERO Enterprise an understanding of technical Requirements
o Avoid compliance approach(es) to implement a Reliability Standard
• SC created and charged Technical Rationale Advisory Group (TRAG) w/ developing an plan to implement Technical Rationale for Reliability Standards
Background: Technical Rationale Documents
![Page 43: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/43.jpg)
RELIABILITY | ACCOUNTABILITY6
• TRAG members Chris Gowder – FMPA, Sean Bodkin – Dominion Energy, Andrew Gallo – Austin Energy, Howard Gugel
– NERC, Chris Larson – NERC, Steve Noess – NERC, Nasheema Santos – NERC, Shamai Elstein - NERC
• Conducted meetings to address questions & issues• Primary Goals & Considerations
o Communication with stakeholders on reasons for projecto Effective & efficient transition to Technical Rationaleo Identification of compliance approaches for evaluation as Implementation Guidance (IG)o Transparencyo Stakeholder involvement
TRAG Work
![Page 44: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/44.jpg)
RELIABILITY | ACCOUNTABILITY7
Frequently Asked Questions on Technical Rationale Project Page• Examples of FAQs: Why do we need to change the current approach? What are some of the benefits of this project? What are some considerations or risks associated with this project? How will you ensure Registered Entities know a Technical Rationale document is associated with a
particular Standard? How will you ensure Technical Rationale documents get updated as needed when a Standard is
revised? Will Registered Entities be able to provide input on Technical Rationale documents? Will new Technical Rationale content or future changes be balloted?
Frequently Asked Questions
![Page 45: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/45.jpg)
RELIABILITY | ACCOUNTABILITY8
• Additional examples of FAQs: Will the information contained in the Technical Rationale document be available during the
development of the associated standard? What consideration or weight will be afforded to the Technical Rationale documents during
monitoring and enforcement activities? How are Technical Rationale and Implementation Guidance related to SPM Section 11 documents, if
at all? Can you clarify the difference between “SAR technical rationale” and Reliability Standard Technical
Rationale? How will GTB that is considered neither Technical Rationale nor Implementation Guidance be
handled? Is there a third option such as submitting a SAR?
Frequently Asked Questions
![Page 46: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/46.jpg)
RELIABILITY | ACCOUNTABILITY9
• Guidelines and Technical Basis: A tool for a SDT to provide technical information or explain development
Rationales developed to explain SDT basis for Requirements
Created during the standards development process
• Technical Rationale: Provide SDT a way to explain technical rationale/justification for Standard and provide other relevant technical info
Not compliance approaches; Not endorsed/approved by ERO; Not mandatory/enforceable
• (Compliance) Implementation Guidance: Provide stakeholders a tool to provide compliance approaches
Developed and vetted by industry
Endorsed by ERO Enterprise; CMEP staff gives deference to approved IG approaches
Only an example for achieving compliance; Not the only approach to implementing Standard
Entities may choose alternative approaches
Technical Rationale Terms
![Page 47: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/47.jpg)
RELIABILITY | ACCOUNTABILITY10
Track 1: GTB w/ no: (1) modification of technical info or (2) compliance examples/approaches
Step 1: Identify Standards (not under current SAR) w/ GTB or other info considered technical rationale
Step 2: Form GTB Review Teams (RT)
• RTs identify GTB w/ only technical guidance/rationale and no compliance examples
• RTs divided by:
o CIP
o Ops/Data Exchange – BAL, INT, IRO, TOP
o Personnel/Emergency Planning – COM, EOP, PER
o Modeling/Long-term Planning – FAC, MOD, NUC, TPL
o System Performance – PRC, VAR
• SC solicits nominations and appoints RTs
GTB w/ No Compliance Examples/Approaches
![Page 48: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/48.jpg)
RELIABILITY | ACCOUNTABILITY11
Track 1: (continued)
Step 3: RT ensures GTB has no compliance examples/approaches and no technical modification needed
Else goes to Track 2
Step 4: GTB language removed/moved verbatim to TR named “Technical Rationale for Reliability Standard XXX-XXX-X” per following process:
• TR posted for comment/non-binding poll to confirm suitable for TR as is
• All comment forms ask: “Are you aware of any reason GTB should not transition to TR document?”
• If passes non-binding poll (using criteria from Sec. 4 of SPM), SC endorses TR
If comments indicate GTB should go to Track 2, SC may seek input from Technical Committee(s) or other resources re: whether to endorse TR
GTB w/ No Compliance Examples/Approaches
![Page 49: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/49.jpg)
RELIABILITY | ACCOUNTABILITY12
Track 1: (continued)
Step 4 (cont’d)
• If SC endorses TR:
Posted to NERC website on “Related Information” page for Standard
Link TR to one-stop shop
BOT and FERC approval not required
• If SC does not endorse TR, SC decides whether to address comments and re-post or send to Track 2
• If TR fails non-binding poll, goes to Track 2
GTB w/ No Compliance Examples/Approaches
![Page 50: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/50.jpg)
RELIABILITY | ACCOUNTABILITY13
Track 2: Three Scenarios1. GTB not eligible for Track 1; 2. TR fails non-binding poll; or3. TR not endorsed by SC• If any above, change goes through Standards Development Process• Info in GTB will transition to TR or IG (where appropriate) next time Standard goes
through standards development project or Periodic Review
Transition to TR through Development
![Page 51: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/51.jpg)
RELIABILITY | ACCOUNTABILITY14
• SDT may develop TR w/ Standard per SPM•Existing TR revised only when associated Standard under review/revisionHelps ensure version numbers match
•Because TR stands separate from Standard, it will continue to contain technical info developed w/ previous versions and still accurate/relevant (per SDT)
•During development, NERC staff will post proposed TR on project page w/ Standard
• Following approval of Standard, TR posted to NERC website on “Related Information” page + link to TR in one-stop-shop
Future TR Development
![Page 52: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/52.jpg)
RELIABILITY | ACCOUNTABILITY15
Next steps
• Webinar recording made available• GTB Review Team Nominations in progress• GTB Review Team(s) formed
![Page 53: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/53.jpg)
RELIABILITY | ACCOUNTABILITY16
• Technical Rationale Project Page Technical Rational Transition Plan GTB Review Team Nominations Frequently Asked Questions Technical Rationale for Reliability Standards, June 14 SC Meeting, agenda item 12
• BOT Compliance Guidance Policy, November 5, 2015• Implementation Guidance Website• Questions? [email protected]
Resources
![Page 54: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/54.jpg)
RELIABILITY | ACCOUNTABILITY17
![Page 55: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/55.jpg)
Security Training Working Group
June 2018New Orleans, LA
![Page 56: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/56.jpg)
2 RELIABILITY | ACCOUNTABILITY
Security Training WG
1. CharterCIPC will provide meeting attendees with an opportunity to participate in physical, cyber, and operational security training, as well as, educational outreach opportunities.
2. Current MembersTim Conway, Tom Hofstetter, Ross Johnson, Carl Herron, Jake Schmitter, Bill Lawrence, John Gasstrom, Michele Wright, Amelia S. Anderson and David Godfrey.
![Page 57: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/57.jpg)
3 RELIABILITY | ACCOUNTABILITY
Security Training WG
3. Latest Activitiesa. Continue to have monthly conference calls.
4. June 2018 Training Reviewa. June 2018 – Supply Chain Security - What are suppliers doing address the
issue/standards, and what do suppliers expect from Asset Owners when the standards are in effect?
Speakers: Mike Meason – WFEC, Supply Chain WG (Chair) Jim Waters – Black and Veatch Dennis Gammel - Schweitzer Engineering Laboratories Brenda Truhe – PPL, North American Transmission Forum
![Page 58: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/58.jpg)
4 RELIABILITY | ACCOUNTABILITY
Security Training WG
4. June 2018 Training Review – (continued)
Panel Discussion: Jim Waters - Black and Veatch Dennis Gammel - Schweitzer Engineering Laboratories Brenda Truhe – PPL (represting NATF) Paul Ackerman - Exelon Corporation (representing EEI) Lonnie Ratliff – NERC (Small Group Advisory Session) Mike Meason from Western Farmers Electric Cooperative, SCWG Chair (Moderator)
![Page 59: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/59.jpg)
5 RELIABILITY | ACCOUNTABILITY
Security Training WG
5. 2018 Training Schedulea. September 2018 – Supply Chain Security (Part – 2) or Transient Cyber Asset(s) -
(Panel Discussion)
6. Next Stepsa. The SWTG is looking for training topic recommendations for 2019 CIPC Meetings,
please contact a STWG Member with your ideas.b. We continue to seek and secure volunteer speakers.
7. CIPC Actionsa. Questions and/or suggestions for today’s discussion
![Page 60: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/60.jpg)
Supply Chain WG Update
Michael Meason, Western Farmers Electric CooperativeCritical Infrastructure Protection Committee Meeting June 5-6, 2018
![Page 61: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/61.jpg)
RELIABILITY | ACCOUNTABILITY2
CIPC Organizational Chart
![Page 62: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/62.jpg)
RELIABILITY | ACCOUNTABILITY3
• High Level Objectives Identify known supply chain risks and address through guidance and input Partner with National Labs to identify vulnerabilities in legacy systems and
develop mitigation strategies Assist where possible with the E-ISAC and DOE, to explore information
sharing and supply chain risk assessments Provide input and feedback associated with development and execution of
supply chain risk study Coordinate with NATF to ensure requirements are clearly articulated
Supply Chain Working Group
![Page 63: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/63.jpg)
RELIABILITY | ACCOUNTABILITY4
• Work Items Work item #1: Inclusion into the CIPC Strategic Plano Possible start June 2018
Work item #2: Conference Calls and Face-to-Face Meetingo First conference call May 14, 2018o Seeking time slot at next CIPC
Work item #3: Trainingo First training hosted by STWG prior to today’s meetingo Perhaps a second round of training
Supply Chain Working Group
![Page 64: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/64.jpg)
RELIABILITY | ACCOUNTABILITY5
• Work Items II Work item #4: NATF Collaborationo Coordinated a conference call with NATF to discuss their guidance document
April 2018 Work item #5: Open letter to vendorso Possible start June 2018
Work item #6: Develop a process for requestso Possible start August 2018
Supply Chain Workgroup
![Page 65: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/65.jpg)
RELIABILITY | ACCOUNTABILITY6
• Look Forward Todayo Approve charter
Next 30 dayso Begin drafting open letter to supplierso Integration into CIPC strategic plano Conference calls
Next 90 dayso Support NATF guidanceo More training (if needed)o Develop a process for requests
Supply Chain Working Group
![Page 66: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/66.jpg)
RELIABILITY | ACCOUNTABILITY7
![Page 67: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/67.jpg)
Physical Security Advisory Group“Skating to where the puck is going – Wayne Gretzsky
John Breckinridge, KCPL, PSAG ChairCritical Information Protection Committee Meeting June 5-6, 2018
![Page 68: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/68.jpg)
RELIABILITY | ACCOUNTABILITY2
PSAG - Mission
• From the charter; The PSAG will assist the E-ISAC on the analysis of physical security threats.
The industry will benefit from advice on operational plans, policy and procedure, evolving and “state of the art” security technology, training, incident response and management. Provide seasoned expertise to advise the industry on threat mitigation strategies to enhance bulk power system (BPS) physical security and reliability.
![Page 69: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/69.jpg)
RELIABILITY | ACCOUNTABILITY3
PSAG - Objectives
• Advise the E-ISAC, CIPC and industry on physical security incidents with the potential of impacting the security and reliability of the Bulk Power System of North America
• Advise the E-ISAC on a physical security portal build out and suggest information content to share timely threat or suspicious incidents to enhance information sharing within the industry;
• Assist the Department of Energy (DOE) in development of the Physical Security Capability Maturity Model (PSCM2);
• Advise the CIPC Executive Committee and CIPC Physical Security Subcommittee with advice on initiatives, projects and on physical security guidelines, roundtable topics and training needed by the industry;
• Liaison with physical security technology providers and government to enhance their understanding of evolving and “state of art” technologies;
• Create and publish whitepapers and opinions through the E-ISAC to the Electricity Sub-sector, as needed, related to physical security programs, incident response, technology reviews, training and periodic exercises and/or testing;
• Volunteer physical security expertise to liaise, advise and coordinate with the industry to conduct, upon request, on-site peer to peer confidential reviews and provide feedback on observations for improving security at the entity.
![Page 70: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/70.jpg)
RELIABILITY | ACCOUNTABILITY4
PSAG - Members and Structure
• The PSAG will report to the E-ISAC Director, E-ISAC Operations and will be the executive sponsor. The staff support will be delegated to the Manager of Physical Security Members of the PSAG will be selected by the E-ISAC and are recognized
expertise from the following:Subject matter experts in physical security operationsSubject matter experts in physical security technologySubject matter experts in security training, drills and testingSubject matter experts in security programs and developmentSubject matter experts in vulnerability assessmentSubject matter experts in threat assessmentSubject matter experts in intelligence gatheringNERC staff
![Page 71: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/71.jpg)
RELIABILITY | ACCOUNTABILITY5
PSAG - Activities
• Past activities/products: Design Basis Threat (DBT) and DBT Implementation Guide Transmission Line Corridor security issues White Paper Insider Threat template Drone threat/mitigation research and concepts Security Management in the Electricity Sector guideline SERC Physical Security Professional (PSP) Prep Course
• Current/Future activities/products: Eco-terrorism/Protests workshop and products Threat intelligence/open source media scraping tools analysis Mass Notification tools analysis
• And we will continue to……
![Page 72: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/72.jpg)
RELIABILITY | ACCOUNTABILITY6
PSAG
• Liaison with other Physical Security groups-Government Partners, Law Enforcement, Other Critical Infrastructure, Industry Organizations, Trade Organizations, etc.
• Produce White Papers re; PS Issues, P&P, Methods, Technologies, that can lead to…….
• Quick, simple Guidelines• Continue to work with the E-ISAC and CIPC.
![Page 73: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/73.jpg)
RELIABILITY | ACCOUNTABILITY7
• Test Testo Test
– Test
![Page 74: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/74.jpg)
RELIABILITY | ACCOUNTABILITY8
![Page 75: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/75.jpg)
RELIABILITY | ACCOUNTABILITY9
![Page 76: CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards](https://reader036.vdocument.in/reader036/viewer/2022070721/5ee1392fad6a402d666c2ddd/html5/thumbnails/76.jpg)
RELIABILITY | ACCOUNTABILITY10