cip-002-5.1 asset identification methodology - frcc 2 this presentation presents a suggested...
TRANSCRIPT
CIP-002-5.1 Asset Identification Methodology
Greg SurlaFebruary 24-25, 2015
Overview
2
This presentation presents a suggested methodology to meet the requirements of the NERC CIP-002-5.1 Standard.
Each entity should evaluate their individual needs to determine if the methodologies presented here is valid for their environment.
Approaches to Applying CIP-002-5.1
• Two Approaches:Facilities or Top-Down Approach (Recommended)
• Inventory and categorize facilities, then identify and classify Cyber Systems (facility-centric, or top-down)
Cyber Systems or Bottom-Up Approach • The second approach is the opposite, beginning
with a BES Cyber Systems inventory, then a cross-reference to facilities (cyber systems centric, or bottom-up)
3
Facilities vs. facilities
• Facility is defined by NERC as “A set of electrical equipment that operates as a single Bulk Electric System Element”
• facility in the lower case is a “facility containing one or more of the six types of assets listed in CIP-002-5.1 R1” That is, a facility acting as a container for one or more assets.I. Control Centers and backup Control Centers;II. Transmission stations and substations;III. Generation resources;IV. Systems and facilities critical to system restoration, including
BlackstartV. Resources and Cranking Paths and initial switching
requirements;VI. Special Protection Systems that support the reliable operation
of the Bulk Electric System; andVII. For Distribution Providers, Protection Systems specified in
Applicability section 4.2.1.
4
Methodology for Applying CIP-002-5.1
• In comparing the two approaches (facilities vs cyber systems), each is comprised of two necessary components that could be performed independently. 1. A methodology to determine qualifying BES
assets and BES Facilities (Top Down)2. A methodology to determine applicable BES
Cyber Assets and Systems (Bottom Up)
5
Methodology for Applying CIP-002-5.1
6
A. - Applicability Section
7
• Determine which Functional Entities and Facilities to consider– Develop your list of candidates– Review Section 4 of the CIP-002-5.1 standard
document. Ask yourself:• Is my organization a functional entity under 4.1?• Does my organization own Facilities under 4.2?• If either of the above are “Yes”, continue• If “No”, CIP V5 is not applicable
B. – Requirements Section
8
• Prepare a list of the following:– Control Centers
• Remove Control Centers and Backups that do not meet the NERC definition of Control Center
– Transmission stations and substations• Remove any Transmission station and substation
based on the NERC Glossary• Note: UVLS and UFLS are subject to CIP-002-5.1 and
may be located at assets containing Facilities under 100 kV.
– Generation resources• Remove Generation resources not based on NERC
Glossary definition
B. – Requirements Section (cont.)
9
• Prepare a list of the following:– System restoration facilities and systems
• Remove system restoration systems or facilities that do not meet the definition of Blackstart Resources or Cranking Paths under the Glossary
– Special Protection Systems• Remove any SPS that do not support the reliable
operation of the BES– Protection Systems for Distribution Providers
• Remove any DP Protection Systems that do not meet the criteria of CIP-002-5.1 Applicability Section 4.2.1 –Distribution Provider
C. – Attachment 1 Criteria Section
10
• Taking the output of the previous section categorize the identified BES Facilities– Medium
• Generation and Transmission facilities under criteria 2.1 – 2.10
• Control Centers under criteria 2.11 – 2.13– High
• Control Centers under criteria 1.1 – 1.4– Low
• The remaining BES Facilities
C. – Identify BES Cyber Assets
11
• Identify and inventory the candidate Cyber Assets located in:– High and Medium Impact-Rated BES Facilities
• Using the BES Facilities identified under section B in the previous step, inventory the Cyber Asset candidates at the asset with the High Impact BES Facility
• Identify which Cyber Assets meet the criteria for BES Cyber Assets, include the BROS criteria when using that option.
– Medium Impact-Rated BES Facilities• Evaluate the inventory of BES Cyber Assets to
determine which are associated specifically with each Medium Impact BES Facility
C. – Associated Cyber Assets
12
• Associated Cyber Assets• Mechanism used to focus the list of BES Cyber
Assets that are capable of, and purposed for, the performance of one or more BES reliability operating services
• Registered Entities should give consideration to those geographically dispersed components when determining the associated Cyber Assets that are pertinent to the qualifying Facility
C. – 15 Minute Scoping
13
BES Cyber AssetA Cyber Asset that if rendered unavailable, degraded, or misused would, within 15 minutes of its required operation, misoperation, or non-operation, adversely impact one or more Facilities, systems, or equipment, which, if destroyed, degraded, or otherwise rendered unavailable when needed, would affect the reliable operation of the Bulk Electric System. Redundancy of affected Facilities, systems, and equipment shall not be considered when determining adverse impact.Each BES Cyber Asset is included in one or more BES Cyber Systems. (A Cyber Asset is not a BES Cyber Asset if, for 30 consecutive calendar days or less, it is directly connected to a network within an ESP, a Cyber Asset within an ESP, or to a BES Cyber Asset, and it is used for data transfer, vulnerability assessment, maintenance, or troubleshooting purposes.)
C. – 15 Minute Scoping (cont.)
14
• The 15-minute consideration could be related to actions that could be taken by an applicable entity:– Automatic relay operation– Operating procedures that do not require the collection,
processing, and assessment of system data– Supervisory control switching of reactive resources– System reconfiguration using supervisory control– Fast generation re-dispatch– Load shedding using supervisory controls
• Redundancy cannot be used under a 15-minute impact consideration.
• Be prepared to demonstrate how you evaluated the 15 minute impact to each BES Cyber Asset as it relates to the NERC definition.
C. – 15 Minute Scoping (cont.)
15
• If a high, medium, or low impact-rated Facility was to be called upon to perform its reliability function, and the successful performance of that function was dependent on a Cyber Asset, and the Cyber Asset experienced loss, compromise, or misuse resulting in: – an inability of performing its BROS,– an inability of performing its control function, or– compromise and misoperation/malicious operation
• Would that condition adversely affect reliability within 15 minutes?
C. – BES Reliability Operating Services (BROS)
16
• Useful in providing Responsible Entities with the option of a defined process for scoping those Systems that would be subject to CIP‐002‐5.1. The concept includes a number of named BES reliability operating services:– Dynamic Response to BES conditions– Balancing Load and Generation– Controlling Frequency (Real Power)– Controlling Voltage (Reactive Power)– Managing Constraints– Monitoring & Control– Restoration of BES– Situational Awareness– Inter‐Entity Real‐Time Coordination and Communication
BROS Functional Responsibilities
17
• The following provides guidance for Responsible Entities to determine applicable reliability operations services according to their Function Registration type.
C. – BES Reliability Operating Services (BROS)
18
CIP
-002-5.1 Facility
BES Operating Reliability Service
Dynamic Response to
BES Conditions
Balancing Load and
Generation
Controlling Frequency
(Real Power)
Controlling Voltage
(ReactivePower)
Managing Constraints
Monitoring & Control
Restoration of the BES
Situational Awareness
Inter-Entity Real Time
Coordination and
CommunicationControl Centers and Backup
Control Centers X X X X X X X X XTransmission stations and
substations X X X X X XGeneration resources X X X X X X X X X
Systems and facilities critical to system restoration, including Blackstart
Resources and Cranking Paths and initial switching
requirements
X
Special Protection Systems that support the reliable
operation of the Bulk Electric System
X
Distribution Providers with Protection Systems specified in Applicability section 4.2.1
X X X
C. – Grouping Based on BROS
19
• List the reliability tasks for each Registered Entity function using the criteria under BES reliability operating services
• Associate each listed task to each identified BES Cyber Asset at the identified asset with High Impact Facilities or Medium Impact Facilities
C. – BES Cyber Systems
20
• Identifying BES Cyber Systems is accomplished by evaluating the output of the previous steps
• Determine and document the groupings of BES Cyber Assets– High and Medium BES Cyber Systems
• Evaluate the identified BROS for each identified BES Cyber Asset and determine how to group them into one or more BES Cyber Systems
• Identify connectivity characteristics of each identified BES Cyber Asset and each BES Cyber System
• Evaluate how connectivity characteristics impact the cyber security risk and reliability impact to each BES Cyber System
• Evaluate the topological redesign options to reduce the impact that cyber connectivity factors may have on each BES Cyber System
C. – BES Cyber Systems
21
– High and Medium BES Cyber Systems (cont.)• Evaluate the remaining Cyber Assets to determine if
they meet the criteria for protection as another classification of Cyber Assets:
– Electronic Access Points (EAPs)– Electronic Access Control and Monitoring System (EACMs)– Physical Access Control Systems (PACS)– Protected Cyber Asset (PCA)
• Determine final inventory of in-scope BES Cyber Assets
• Determine the placement of Electronic Access Points• Document final BES Cyber Systems, impact rating, and
associated BES Cyber Asset inventory and connectivity
C. – BES Cyber Systems
22
Low Impact BES Cyber Systems• Low Impact BES Cyber Systems are not required
under CIP V5, therefore a you should develop a list of Low Impact BES Assets that include the list of remaining BES Facilities from the Applicability Section 4.2 after the High and Medium BES Cyber Systems
23
Questions?