wecc cip-101 cip-002 mockaudit 09242014 final 9/24/14 1 cip*101:&making&the&transi9on&...

Download WECC CIP-101 CIP-002 MockAudit 09242014 FINAL 9/24/14 1 CIP*101:&Making&the&Transi9on& CIP*002*3&to&CIP*002*5.1&Mock&Audit

Post on 07-Jul-2020

0 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • 9/24/14  

    1  

    CIP-­‐101:  Making  the  Transi9on   CIP-­‐002-­‐3  to  CIP-­‐002-­‐5.1  Mock  Audit  

    Henderson,  NV   September  24-­‐25,  2014  

    Joseph  B.  Baugh,  PhD,  PMP,     CISA,  CISSP,  CRISC,  CISM  

    Senior  Compliance  Auditor  –  Cyber  Security   Western  Electricity  Coordina9ng  Council  

       

    Speaker  Intro:  Dr.  Joseph  Baugh   •  40+  years  Electrical  U9lity  Experience  

    –  Senior  Compliance  Auditor,  Cyber  Security   –  IT  Manager  &  Power  Trading/Scheduling  Manager   –  IT  Program  Manager  &  Project  Manager     –  PMP,  CISSP,  CISA,  CRISC,  CISM,  NSA-­‐IAM/IEM  certs   –  NERC  Cer9fied  System  Operator   –  Barehand  Qualified  Transmission  Lineman  

    •  20  years  of  Educa9onal  Experience     –  Degrees  earned:  Ph.D.,  MBA,  BS-­‐Computer  Science   –  Academic  &  Technical  Course  Teaching  Experience  

    •  PMP,  CISA,  CISSP,  CISM,  ITIL,  &  Cisco  exam  prepara9on     •  Business  Strategy,  Leadership,  and  Management     •  Informa9on  Technology  and  IT  Security     •  Project  Management  

    September  24-­‐25,  2014   Western  Electricity  Coordina9ng  Council  

    2  

    WECC  CIP-­‐101  Disclaimer   •  The  WECC  Cyber  Security  team  has  

    created  a  mythical  Registered  En9ty,   Billiam  Power  Company  (BILL)  and   fabricated  evidence  to  illustrate  key   points  in  the  CIP  audit  processes.  

    •  Any  resemblance  of  BILL  to  any  actual   Registered  En9ty  is  purely   coincidental.  

    •  All  evidence  presented,  auditor   comments,  and  findings  made  in   regard  to  BILL  during  this  presenta9on   and  the  mock  audit  are  fic99ous,  but   are  representa9ve  of  audit  team   ac9vi9es  during  an  actual  CIP   Compliance  audit.    

    September  24-­‐25,  2014   Western  Electricity  Coordina9ng  Council  

    3  

  • 9/24/14  

    2  

    Agenda      

    •  Class  Introduc9ons   – Name,  Title,  Organiza9on,  Interest  in  CIP-­‐002  

    •  Review  CIP-­‐002-­‐5.1  Requirements   •  Review  CIPv5  Transi9on  Guidance   •  Review  CIP-­‐002-­‐5.1  Team  audit  approach   •  CIP-­‐002-­‐5.1  Mock  Audit  Overview   •  The  BILL  Mock  Audit   •  Ques9ons   September  24-­‐25,  2014   Western  Electricity  Coordina9ng  Council  

    4  

    CIP-­‐002-­‐5.1  Overview   •  CIP-­‐002-­‐5.1  is  the  first  step  on  CIP  Compliance  trail   •  All  Registered  En99es  who  perform  the  BA,  DP,  GO,  GOP,  IA,  

    RC,  TO,  and/or  TOP  registered  func9ons  are  required  to  be   compliant  with  CIP-­‐002-­‐5.1.  

    •  CIP-­‐002-­‐5.1  replaces  LSE  with  the  DP  func9on,  TSP  func9on   drops  out.    

    •  Some  en99es  may  find  they  are  only  required  to  be  compliant   with  CIP-­‐002-­‐5.1  R1-­‐R2  &  CIP-­‐003-­‐5  R2-­‐R4.   –  Typically  requires  a  reduced  scope  audit  that  will  be  conducted  at   WECC  offices  or  other  loca9ons,  as  necessary.  

    –  True  if  IRC  applica9on  generates  Null  R1.1  &  R1.2.lists.   –  Must  also  provide  a  valid  R1.3  list  of  Low  Impact  BES  Assets.   –  Pending  Low  Impact  BCS  Requirements  discussed  in  CIP-­‐003-­‐6  R2.  

    September  24-­‐25,  2014   Western  Electricity  Coordina9ng  Council  

    5  

    Inputs

    R1.1 - R1-2 Process: Identify

    BCS

    O utputs

    List of High & Medium Assets

    R1.1, R1.2, Lists

    List of Low Impact

    Assets

    Input

    R1.3 List

    CIP-­‐002-­‐5.1:  R1   •  Each  Responsible   En9ty  shall   implement  a   process  that   considers  each  of   the  following   assets  for   purposes  of  parts   1.1  through  1.3:  

    September  24-­‐25,  2014   Western  Electricity  Coordina9ng  Council  

    6  

    Inputs

    R1 Process

    O utputs

    Inventory of

    BES Assets

    List of High, Medium,

    & Low Assets

  • 9/24/14  

    3  

    CIP-­‐002-­‐5.1:  R1   •  Each  Responsible  En9ty  shall  implement  a  process  that  

    considers  each  of  the  following  assets  for  purposes  of  parts   1.1  through  1.3:  [Viola'on  Risk  Factor:  High][Time  Horizon:   Opera'ons  Planning]   –  i.  Control  Centers  and  backup  Control  Centers;     –  ii.  Transmission  sta9ons  and  substa9ons;     –  iii.  Genera9on  resources;     –  iv.  Systems  and  facili9es  cri9cal  to  system  restora9on,  including   Blackstart  Resources  and  Cranking  Paths  and  ini9al  switching   requirements;    

    –  v.  Special  Protec9on  Systems  that  support  the  reliable  opera9on   of  the  Bulk  Electric  System;  and    

    –  vi.  For  Distribu9on  Providers,  Protec9on  Systems  specified  in   Applicability  sec9on  4.2.1  above.    

    •  Generates  Low  impact  BES  assets  for  R1.3  list    

    September  24-­‐25,  2014   Western  Electricity  Coordina9ng  Council  

    7  

    CIP-­‐002-­‐5.1:  R1.1  -­‐  R1.3     •  Each  Responsible  En9ty  shall  implement  a  process   that  considers  each  of  the  following  assets  for   purposes  of  parts  1.1  through  1.3:   –  1.1.  Iden9fy  each  of  the  high  impact  BES  Cyber  Systems   according  to  Aiachment  1,  Sec9on  1,  if  any,  at  each   asset;    

    –  1.2.  Iden9fy  each  of  the  medium  impact  BES  Cyber   Systems  according  to  Aiachment  1,  Sec9on  2,  if  any,  at   each  asset;  and    

    –  1.3.  Iden9fy  each  asset  that  contains  a  low  impact  BES   Cyber  System  according  to  Aiachment  1,  Sec9on  3,  if  any   (a  discrete  list  of  low  impact  BES  Cyber  Systems  is  not   required).    

    September  24-­‐25,  2014   Western  Electricity  Coordina9ng  Council  

    8  

    CIP-­‐002-­‐5.1  Requirements:  R2     •  En9ty  must  review  iden9fica9ons  made  in  R1   (and  update  them,  if  necessary)  at  least  every   15  months  [R2.1]  

    •  The  CIP  Senior  Manager  or  delegate  (as   defined  in  CIP-­‐003-­‐3  R2  or  CIP-­‐003-­‐6  R3,  R4)   must  approve  the  ini9al  lists  [R2.2]    and  at   least  once  every  15  months,  thereamer:   –  The  R1.1,  R1.2,  and  R1.3  lists   –  Include  signed  and  dated  null  lists,  if  applicable  

    •  The  en9ty  must  maintain  signed  and  dated   records  of  the  approvals  listed  above.   –  Electronic  or  physical  approvals  accepted  

    September  24-­‐25,  2014   Western  Electricity  Coordina9ng  Council  

    9  

    Inputs

    R2 Review & Approval

    Process

    R1.1, R1.2, R1.3 Lists

    O utputs

    Signed and Dated

    Records

  • 9/24/14  

    4  

    CIP-­‐002-­‐5.1:  Direc9on   •  CIP-­‐002-­‐5  R1.1  -­‐  R1.3  are  applicable  for  the   transi9on  period  in  lieu  of  the  CIP-­‐002-­‐3  R2  list  of   Cri9cal  Assets  (Op9on  3).    

    •  Focus  on  High  BCS  (R1.1)  and  Medium  BCS  (R1.2)  for   immediate  CIPv5  compliance  efforts  (Op9on

Recommended

View more >