task force examples white paper - home - frcc home documents/task force... · web viewall relays...

JOINT CIPS & SPCS TASK FORCE

EVALUATING PRC-005 AND BES CYBER ASSET APPLICABILITY

ContentsASSUMPTIONS/LEGEND..........................................................................................................................2

EXAMPLE 1..............................................................................................................................................3

EXAMPLE 2..............................................................................................................................................5

EXAMPLE 3..............................................................................................................................................6

EXAMPLE 4..............................................................................................................................................7

EXAMPLE 5..............................................................................................................................................9

EXAMPLE 6............................................................................................................................................11

EXAMPLE 7............................................................................................................................................13

EXAMPLE 8............................................................................................................................................15

EXAMPLE 9............................................................................................................................................17

EXAMPLE 10..........................................................................................................................................19

of 20

ASSUMPTIONS/LEGEND(1) In evaluating BCAs, assume the only other PRC Standard that could apply is PRC-005. Therefore,

ignore any potential applicability to PRC-023, PRC-001, etc.(2) “Blue” colored equipment is BES equipment.(3) “Green” and “Black” colored equipment is non-BES equipment.(4) A “filled-in” rectangle is a “closed” breaker.(5) An “empty” rectangle is an “open” breaker.(6) A “yellow” line or lightning bolt represents a Fault.(7) All relays and power line carriers that are part of a Protection System(s) in the examples are

programmable electronic devices unless prefixed by the term “mechanical”.(8) BKR = breaker.(9) GEN = generator.(10) R = relay.(11) PLC = power line carrier.

of 20

EXAMPLE 1

A. Description: Transformer Protection Systems connected to CT’s on a BES-breaker (i.e., ring bus or breaker and a half). This Protection System protects the transformer and the BES-bus and detects Faults on BES Elements (BES-bus).

B. Questions/Findings:

1. PRC-005 Applicable a. Is the identified Protection System a PRC-005 Protection System?

i. Task Force Answer: Yes, the Protection System included in PRC-005.ii. FRCC Answer:

2. BES Cyber Assets present : a. Is the identified Protection System part of a BCS?

i. Task Force Answer: Yes, any components of the Protection System that are programmable electronic devices.

ii. FRCC Answer:

of 20

3. Reference(s) : a. Submitted by: Bret Galbraith (SECI).b. Figure 1, page 11, MRO PRC-005-6 Application Guide.

of 20

EXAMPLE 2

A. Description: Radial lines directly connected to BES ring bus or breaker and a half bus.



i. Task Force Answer: Yes, the Protection System included in PRC-005.ii. FRCC Answer:


i. Task Force Answer: Yes, any components of the Protection System that are programmable electronic devices.

ii. FRCC Answer:

3. Reference(s) : a. Submitted by: Bret Galbraith (SECI).b. Figure 2, page 12, MRO PRC-005-6 Application Guide

of 20

EXAMPLE 3

A. Description: The protection zone covers only the distribution transformer, a non-BES element.



i. Task Force Answer: No, Protection System NOT included in PRC-005, because the protection zone covers only non-BES elements.

ii. FRCC Answer:


i. Task Force Answer: No, the identified Protection System is not a BCA because it’s not covered by any other applicable NERC Reliability Standard.

ii. FRCC Answer:


of 20

EXAMPLE 4

A. Description: This relay detects the failure of a non-BES breaker, breaker C. This relay also detects Faults on the BES bus, but the purpose of the relay is to detect current flowing through the failed non-BES breaker, breaker C. If this relay detects a Fault on breaker C or the portion of the bus between breakers A and B, the relay trips breaker A and B.



i. Task Force Answer: No, Protection System NOT included in PRC-005, because the purpose of the protection zone is to detect Faults on non-BES elements. It doesn’t matter that Faults can be detected on the BES bus as that’s not the purpose of the Protection System.

ii. FRCC Answer:


of 20


ii. FRCC Answer:


of 20

EXAMPLE 5

A. Description: Substation C is equipped with generation backfeed protection. This protection system’s primary purpose is to detect current through the non-BES breaker C after it has detected a Fault on the BES line or non-BES radial line to Substation C. If the protection system located at Substation C detects a Fault (as described above) and detects current through breaker C, a breaker failure relay initiates a transfer trip to Substations A and B.

There is also line protection located in Substation A and B that detects Faults on the BES line between Substations A and B. If a Fault is detected on this line, the line protection trips the breakers located in Substations A and B.


1. PRC-005 Applicable a. Is the Protection System located in Substation C a PRC-005 Protection System?

i. Task Force Answer: No, the Protection System located in Substation C is NOT included in PRC-005, because the primary purpose of the protection system is to detect Faults on non-BES elements. It does not matter that protection system can detect Faults on the BES bus as that’s not the purpose of the Protection System.

ii. FRCC Answer:b. Is the line Protection System located in Substations A and B part of PRC-005 Protection

System?

of 20

i. Task Force Answer: Yes, the line Protection Systems located in Substations A and B however are included in PRC-005 as their purpose is to detect Faults on the BES and operate BES breakers.

ii. FRCC Answer:

2. BES Cyber Assets present : a. Is the Protection System located in Substation C part of a BCS?


ii. FRCC Answer:

3. BES Cyber Assets present : a. Is the line Protection System located in Substations A and B part of a BCS?

i. Task Force Answer: Yes, any Cyber Assets associated with the line protection in Substations A and B.

ii. FRCC Answer:


of 20

EXAMPLE 6

A. Description: Distribution transformer protection connected to high-side bushing CTs on the Non-BES transformer (green). The purpose of the protection is to detect faults only on the non-BES transformer (zone of protection is within the green circle below). If a Fault is detected on the non-BES transformer, the transformer protection system opens BES breakers A and B.


1. PRC-005 Applicable a. Is the identified Protection System part of a PRC-005 Protection System?

i. Task Force Answer: No. Protection System NOT included in PRC-005, because the purpose of the protection zone is to detect Faults on non-BES elements. It does not matter that the protection system can operate BES breakers.

ii. FRCC Answer:


i. Task Force Answer: No, the Protection System is not part of a BCS because it’s not covered by any other applicable NERC Reliability Standard.

ii. FRCC Answer:

of 20


of 20

EXAMPLE 7

A. Description: A Fault occurs on the high-side of the distribution transformer (in green) and a relay detects too much fault current for non-BES breaker C to clear, so the protection system operates BES breakers A and B.

A transfer trip communication to Substation B from Substation A is initiated upon the tripping of BES breakers A and B.


1. PRC-005 Applicable a. Are the relays that operated BES breakers A and B part of a PRC-005 Protection

System?i. Task Force Answer: The Protection System that operated BES breakers A and B

is NOT included in PRC-005, because the purpose of this Protection System is to detect Faults on non-BES elements.

ii. FRCC Answer:

b. Is the transfer trip communication Protection System that communicates a trip to the BES breakers in Substation B part of a PRC-005 Protection System?

of 20

i. Task Force Answer: The Protection System the transfer trip communication Protection System that trips the breaker in Substation B upon detecting breakers A and B open is part of a BES Protection System.

ii. FRCC Answer:

2. BES Cyber Assets present : a. Are the Cyber Assets associated with the transfer trip communication Protection

System from Substation A to Substation B part of a BES Cyber System?i. Task Force Answer: Yes, any Cyber Assets associated with the transfer trip

communication Protection System from Substation A to Substation B.ii. FRCC Answer:


of 20

EXAMPLE 8

A. Description: A Fault occurs on the high-side of the distribution transformer (TX A in green) and a Protection System located at Substation A (with a primary purpose to detect Faults on TX A) operates to open up non-BES breaker A, however breaker A does not open. The Protection System then initiates a breaker failure scheme, also located Substation A, which operates and opens BES breakers B and C and non-BES breaker D.


1. PRC-005 Applicable a. Is the breaker failure relay part of a PRC-005 Protection System?

i. Task Force Answer: The breaker failure relay is not part of a BES Protection System as its purpose is to detect Faults on non-BES elements even though it operates BES breakers.

ii. FRCC Answer:

of 20

2. BES Cyber Assets present : a. Is the breaker failure relay a BCA?

i. Task Force Answer: The breaker failure relay is not a BCA because it’s not covered by any other applicable NERC Reliability Standard.

ii. FRCC Answer:

3. Reference(s) : a. Submitted by: Bret Galbraith (SECI).

of 20

EXAMPLE 9

A. Description: A Fault occurs between Generator A (“GEN A”) and Breaker A (“BKR A”). BKR A is supposed to operate for the Fault, but it fails to operate. Relay “R” sees the detects that BKR A did not operate and sends a breaker failure initiate command to BKR L, C, BKR D, BKR F, BKR G, and BKR I to open.

GEN A, GEN B, and GEN C all share a common switchyard (purple highlighted area) that is medium impact under CIP-002. GEN A and GEN B are owned by Entity Blue. GEN C is owned by Entity Orange. GEN A, GEN B, and GEN C do not have shared systems, e.g., cooling water. If Relay R can operate BES breakers in the medium impact switchyard via a breaker failure scheme, is Relay R, which is located in the plant site for GEN A, a medium impact BCA? Assume pulses can be sent via manual commands from Relay R to mechanical breaker failure relays near BKR A that operate the breakers in the yard.

of 20

B. Questions/Finding:

1. PRC-005 Applicable a. Is Relay R part of a BES Protection System?

i. Task Force Answer: Yes, Relay R operates a BES Breaker and looks for Fault on the BES.

ii. FRCC Answer:

2. BES Cyber Assets present : a. Relay R part of BES Cyber System?

i. Task Force Answer: Yes, this relay can affect the BES in less than fifteen minutes. ii. FRCC Answer:

3. Medium Impact BCS: a. Is Relay R part of a Medium Impact BCS?

i. Task Force Answer: Yes, this relay can affect BES Facilities associated with an asset identified under Section 2 of Attachment 1 of CIP-002.

ii. FRCC Answer:

4. Reference(s) : a. Submitted by: Bret Galbraith (SECI).

of 20

EXAMPLE 10

A. Description: A Fault occurs on the high-side of the distribution transformer (TX A in green) and a Protection System located at Substation A (with a primary purpose to detect Faults on TX A) operates to open up non-BES breaker A, however breaker A does not open. The Protection System then attempts to initiate a breaker failure scheme, also located Substation A, which also fails to open BES Breaker B (it does however open BKR C and BKR D). However, there is also a power line carrier at Substation A that sends a blocking signal to Substation C relays waiting for Breaker B to operate. If Breaker B does not operate in the time allotted, relays at Substation C will open the BES breakers at Substation C as shown in the illustration.

of 20


1. PRC-005 Applicable a. Is the power line carrier located at Substation A part of a PRC-005 Protection System?

i. Task Force Answer: ii. FRCC Answer:

2. BES Cyber Assets present : a. Is the power line carrier located at Substation A part of a BES Cyber System?

i. Task Force Answer: ii. FRCC Answer:

3. Reference(s) : a. Submitted by: Bret Galbraith (SECI).b. NERC Lesson Learned CIP Version 5 Transition Protection: Impact Rating of Relays (Far-

End Relay)

of 20

task force examples white paper - home - frcc home documents/task force... · web viewall relays...

Documents