task force examples white paper - home - frcc home documents/task force... · web viewall relays...
TRANSCRIPT
JOINT CIPS & SPCS TASK FORCE
EVALUATING PRC-005 AND BES CYBER ASSET APPLICABILITY
ContentsASSUMPTIONS/LEGEND..........................................................................................................................2
EXAMPLE 1..............................................................................................................................................3
EXAMPLE 2..............................................................................................................................................5
EXAMPLE 3..............................................................................................................................................6
EXAMPLE 4..............................................................................................................................................7
EXAMPLE 5..............................................................................................................................................9
EXAMPLE 6............................................................................................................................................11
EXAMPLE 7............................................................................................................................................13
EXAMPLE 8............................................................................................................................................15
EXAMPLE 9............................................................................................................................................17
EXAMPLE 10..........................................................................................................................................19
Page 1 of 20
ASSUMPTIONS/LEGEND(1) In evaluating BCAs, assume the only other PRC Standard that could apply is PRC-005. Therefore,
ignore any potential applicability to PRC-023, PRC-001, etc.(2) “Blue” colored equipment is BES equipment.(3) “Green” and “Black” colored equipment is non-BES equipment.(4) A “filled-in” rectangle is a “closed” breaker.(5) An “empty” rectangle is an “open” breaker.(6) A “yellow” line or lightning bolt represents a Fault.(7) All relays and power line carriers that are part of a Protection System(s) in the examples are
programmable electronic devices unless prefixed by the term “mechanical”.(8) BKR = breaker.(9) GEN = generator.(10) R = relay.(11) PLC = power line carrier.
Page 2 of 20
EXAMPLE 1
A. Description: Transformer Protection Systems connected to CT’s on a BES-breaker (i.e., ring bus or breaker and a half). This Protection System protects the transformer and the BES-bus and detects Faults on BES Elements (BES-bus).
B. Questions/Findings:
1. PRC-005 Applicable a. Is the identified Protection System a PRC-005 Protection System?
i. Task Force Answer: Yes, the Protection System included in PRC-005.ii. FRCC Answer:
2. BES Cyber Assets present : a. Is the identified Protection System part of a BCS?
i. Task Force Answer: Yes, any components of the Protection System that are programmable electronic devices.
ii. FRCC Answer:
Page 3 of 20
3. Reference(s) : a. Submitted by: Bret Galbraith (SECI).b. Figure 1, page 11, MRO PRC-005-6 Application Guide.
Page 4 of 20
EXAMPLE 2
A. Description: Radial lines directly connected to BES ring bus or breaker and a half bus.
B. Questions/Findings:
1. PRC-005 Applicable a. Is the identified Protection System a PRC-005 Protection System?
i. Task Force Answer: Yes, the Protection System included in PRC-005.ii. FRCC Answer:
2. BES Cyber Assets present : a. Is the identified Protection System part of a BCS?
i. Task Force Answer: Yes, any components of the Protection System that are programmable electronic devices.
ii. FRCC Answer:
3. Reference(s) : a. Submitted by: Bret Galbraith (SECI).b. Figure 2, page 12, MRO PRC-005-6 Application Guide
Page 5 of 20
EXAMPLE 3
A. Description: The protection zone covers only the distribution transformer, a non-BES element.
B. Questions/Findings:
1. PRC-005 Applicable a. Is the identified Protection System a PRC-005 Protection System?
i. Task Force Answer: No, Protection System NOT included in PRC-005, because the protection zone covers only non-BES elements.
ii. FRCC Answer:
2. BES Cyber Assets present : a. Is the identified Protection System part of a BCS?
i. Task Force Answer: No, the identified Protection System is not a BCA because it’s not covered by any other applicable NERC Reliability Standard.
ii. FRCC Answer:
3. Reference(s) : a. Submitted by: Bret Galbraith (SECI).b. Figure 6, page 16, MRO PRC-005-6 Application Guide
Page 6 of 20
EXAMPLE 4
A. Description: This relay detects the failure of a non-BES breaker, breaker C. This relay also detects Faults on the BES bus, but the purpose of the relay is to detect current flowing through the failed non-BES breaker, breaker C. If this relay detects a Fault on breaker C or the portion of the bus between breakers A and B, the relay trips breaker A and B.
B. Questions/Findings:
1. PRC-005 Applicable a. Is the identified Protection System a PRC-005 Protection System?
i. Task Force Answer: No, Protection System NOT included in PRC-005, because the purpose of the protection zone is to detect Faults on non-BES elements. It doesn’t matter that Faults can be detected on the BES bus as that’s not the purpose of the Protection System.
ii. FRCC Answer:
2. BES Cyber Assets present : a. Is the identified Protection System part of a BCS?
Page 7 of 20
i. Task Force Answer: No, the identified Protection System is not a BCA because it’s not covered by any other applicable NERC Reliability Standard.
ii. FRCC Answer:
3. Reference(s) : a. Submitted by: Bret Galbraith (SECI).b. Figure 8, page 18, MRO PRC-005-6 Application Guide
Page 8 of 20
EXAMPLE 5
A. Description: Substation C is equipped with generation backfeed protection. This protection system’s primary purpose is to detect current through the non-BES breaker C after it has detected a Fault on the BES line or non-BES radial line to Substation C. If the protection system located at Substation C detects a Fault (as described above) and detects current through breaker C, a breaker failure relay initiates a transfer trip to Substations A and B.
There is also line protection located in Substation A and B that detects Faults on the BES line between Substations A and B. If a Fault is detected on this line, the line protection trips the breakers located in Substations A and B.
B. Questions/Findings:
1. PRC-005 Applicable a. Is the Protection System located in Substation C a PRC-005 Protection System?
i. Task Force Answer: No, the Protection System located in Substation C is NOT included in PRC-005, because the primary purpose of the protection system is to detect Faults on non-BES elements. It does not matter that protection system can detect Faults on the BES bus as that’s not the purpose of the Protection System.
ii. FRCC Answer:b. Is the line Protection System located in Substations A and B part of PRC-005 Protection
System?
Page 9 of 20
i. Task Force Answer: Yes, the line Protection Systems located in Substations A and B however are included in PRC-005 as their purpose is to detect Faults on the BES and operate BES breakers.
ii. FRCC Answer:
2. BES Cyber Assets present : a. Is the Protection System located in Substation C part of a BCS?
i. Task Force Answer: No, the identified Protection System is not a BCA because it’s not covered by any other applicable NERC Reliability Standard.
ii. FRCC Answer:
3. BES Cyber Assets present : a. Is the line Protection System located in Substations A and B part of a BCS?
i. Task Force Answer: Yes, any Cyber Assets associated with the line protection in Substations A and B.
ii. FRCC Answer:
4. Reference(s) : a. Submitted by: Bret Galbraith (SECI).b. Figure 9, page 19, MRO PRC-005-6 Application Guide
Page 10 of 20
EXAMPLE 6
A. Description: Distribution transformer protection connected to high-side bushing CTs on the Non-BES transformer (green). The purpose of the protection is to detect faults only on the non-BES transformer (zone of protection is within the green circle below). If a Fault is detected on the non-BES transformer, the transformer protection system opens BES breakers A and B.
B. Questions/Findings:
1. PRC-005 Applicable a. Is the identified Protection System part of a PRC-005 Protection System?
i. Task Force Answer: No. Protection System NOT included in PRC-005, because the purpose of the protection zone is to detect Faults on non-BES elements. It does not matter that the protection system can operate BES breakers.
ii. FRCC Answer:
2. BES Cyber Assets present : a. Is the identified Protection System part of a BCS?
i. Task Force Answer: No, the Protection System is not part of a BCS because it’s not covered by any other applicable NERC Reliability Standard.
ii. FRCC Answer:
Page 11 of 20
3. Reference(s) : a. Submitted by: Bret Galbraith (SECI).b. Figure 10, page 20, MRO PRC-005-6 Application Guide
Page 12 of 20
EXAMPLE 7
A. Description: A Fault occurs on the high-side of the distribution transformer (in green) and a relay detects too much fault current for non-BES breaker C to clear, so the protection system operates BES breakers A and B.
A transfer trip communication to Substation B from Substation A is initiated upon the tripping of BES breakers A and B.
B. Questions/Findings:
1. PRC-005 Applicable a. Are the relays that operated BES breakers A and B part of a PRC-005 Protection
System?i. Task Force Answer: The Protection System that operated BES breakers A and B
is NOT included in PRC-005, because the purpose of this Protection System is to detect Faults on non-BES elements.
ii. FRCC Answer:
b. Is the transfer trip communication Protection System that communicates a trip to the BES breakers in Substation B part of a PRC-005 Protection System?
Page 13 of 20
i. Task Force Answer: The Protection System the transfer trip communication Protection System that trips the breaker in Substation B upon detecting breakers A and B open is part of a BES Protection System.
ii. FRCC Answer:
2. BES Cyber Assets present : a. Are the Cyber Assets associated with the transfer trip communication Protection
System from Substation A to Substation B part of a BES Cyber System?i. Task Force Answer: Yes, any Cyber Assets associated with the transfer trip
communication Protection System from Substation A to Substation B.ii. FRCC Answer:
3. Reference(s) : a. Submitted by: Bret Galbraith (SECI).b. Figure 11, page 21, MRO PRC-005-6 Application Guide
Page 14 of 20
EXAMPLE 8
A. Description: A Fault occurs on the high-side of the distribution transformer (TX A in green) and a Protection System located at Substation A (with a primary purpose to detect Faults on TX A) operates to open up non-BES breaker A, however breaker A does not open. The Protection System then initiates a breaker failure scheme, also located Substation A, which operates and opens BES breakers B and C and non-BES breaker D.
B. Questions/Findings:
1. PRC-005 Applicable a. Is the breaker failure relay part of a PRC-005 Protection System?
i. Task Force Answer: The breaker failure relay is not part of a BES Protection System as its purpose is to detect Faults on non-BES elements even though it operates BES breakers.
ii. FRCC Answer:
Page 15 of 20
2. BES Cyber Assets present : a. Is the breaker failure relay a BCA?
i. Task Force Answer: The breaker failure relay is not a BCA because it’s not covered by any other applicable NERC Reliability Standard.
ii. FRCC Answer:
3. Reference(s) : a. Submitted by: Bret Galbraith (SECI).
Page 16 of 20
EXAMPLE 9
A. Description: A Fault occurs between Generator A (“GEN A”) and Breaker A (“BKR A”). BKR A is supposed to operate for the Fault, but it fails to operate. Relay “R” sees the detects that BKR A did not operate and sends a breaker failure initiate command to BKR L, C, BKR D, BKR F, BKR G, and BKR I to open.
GEN A, GEN B, and GEN C all share a common switchyard (purple highlighted area) that is medium impact under CIP-002. GEN A and GEN B are owned by Entity Blue. GEN C is owned by Entity Orange. GEN A, GEN B, and GEN C do not have shared systems, e.g., cooling water. If Relay R can operate BES breakers in the medium impact switchyard via a breaker failure scheme, is Relay R, which is located in the plant site for GEN A, a medium impact BCA? Assume pulses can be sent via manual commands from Relay R to mechanical breaker failure relays near BKR A that operate the breakers in the yard.
Page 17 of 20
B. Questions/Finding:
1. PRC-005 Applicable a. Is Relay R part of a BES Protection System?
i. Task Force Answer: Yes, Relay R operates a BES Breaker and looks for Fault on the BES.
ii. FRCC Answer:
2. BES Cyber Assets present : a. Relay R part of BES Cyber System?
i. Task Force Answer: Yes, this relay can affect the BES in less than fifteen minutes. ii. FRCC Answer:
3. Medium Impact BCS: a. Is Relay R part of a Medium Impact BCS?
i. Task Force Answer: Yes, this relay can affect BES Facilities associated with an asset identified under Section 2 of Attachment 1 of CIP-002.
ii. FRCC Answer:
4. Reference(s) : a. Submitted by: Bret Galbraith (SECI).
Page 18 of 20
EXAMPLE 10
A. Description: A Fault occurs on the high-side of the distribution transformer (TX A in green) and a Protection System located at Substation A (with a primary purpose to detect Faults on TX A) operates to open up non-BES breaker A, however breaker A does not open. The Protection System then attempts to initiate a breaker failure scheme, also located Substation A, which also fails to open BES Breaker B (it does however open BKR C and BKR D). However, there is also a power line carrier at Substation A that sends a blocking signal to Substation C relays waiting for Breaker B to operate. If Breaker B does not operate in the time allotted, relays at Substation C will open the BES breakers at Substation C as shown in the illustration.
Page 19 of 20
B. Questions/Findings:
1. PRC-005 Applicable a. Is the power line carrier located at Substation A part of a PRC-005 Protection System?
i. Task Force Answer: ii. FRCC Answer:
2. BES Cyber Assets present : a. Is the power line carrier located at Substation A part of a BES Cyber System?
i. Task Force Answer: ii. FRCC Answer:
3. Reference(s) : a. Submitted by: Bret Galbraith (SECI).b. NERC Lesson Learned CIP Version 5 Transition Protection: Impact Rating of Relays (Far-
End Relay)
Page 20 of 20