Identifying BES Cyber Systems

CIP Compliance Workshop June 2, 2015

Kevin B. Perry Director, Critical Infrastructure Protection kperry.re@spp.org 501.614.3251

Topics

• Guidance on Exemption (Section 4.2.3.2)

• HVDC Facilities

• Control Center Criteria

• Criterion 2.1

• Criterion 2.5

• Criteria 2.3 and 2.6

• Audit Considerations

2

Exemption Section 4.2.3.2

• An exemption appears as Section 4.2.3.2 in each of the CIP V5 Standards – “Cyber Assets associated with communication networks

and data communication links between discrete Electronic Security Perimeters.”

• Works well if there are two discrete Electronic Security Perimeters (ESPs)

• Doesn’t work so well if there is only one (or no) ESP

• Also a cart-before-the-horse issue – Must identify BES Cyber Systems before identifying ESP

3

Exemption Section 4.2.3.2

• Communication/networking Cyber Assets are not automatically exempt from the CIP V5 Standards

• How do you know what is “in”, and what is “out?” – You need a proxy for the ESP as you identify BES Cyber

Assets and group them into BES Cyber Systems

• Recently released NERC Guidance Memorandum introduces the concept of a demarcation point – Can also serve as the ESP proxy

4

Exemption Section 4.2.3.2

5

Control Center Substation

ESP ESP

Exempt

Possible Demarcation Points Demarc Demarc Proxy ESP Proxy ESP

Exemption Section 4.2.3.2

6

Control Center Substation

ESP

Possible Demarcation Points

Exempt

Demarc Demarc Proxy ESP

Proxy ESP

ESP

HVDC Facilities

• The Impact Rating Criteria are focused on Facilities operated at AC (alternating current) voltages – The Guidelines and Technical Basis section of CIP-002-

5.1 is silent on the issue of DC (direct current) Facilities

• So, how does a Registered Entity apply the Impact Rating Criteria to HVDC Facilities? – AC Voltage is phase to phase

– HVDC circuits do not have phases, but they have poles

– The pole-to-pole/return voltage differential can be used as a substitute for phase-to-phase AC voltages

7

HVDC Facilities

• For bi-pole circuits, the pole-to-pole current differential is the effective voltage for the purposes of the Criteria – A bi-pole DC circuit operated at +/- 250 kV would be

treated as a 500 kV Facility

• For monopole with earth return circuits or for symmetrical monopole circuits, the circuit voltage rating is the effective voltage

• If a circuit can be operated in monopole or bi-pole mode, the effective voltage is the bi-pole current differential

8

HVDC Facilities

• Back-to-Back converter stations are treated the same as bi-pole HVDC Transmission lines

• Multi-terminal systems (two converter stations linked by HVDC Transmission lines) are treated at the same voltage as the HVDC Transmission line

9

Control Center Criteria

• Control Center Definition: – One or more facilities hosting operating personnel that

monitor and control the Bulk Electric System (BES) in real-time to perform the reliability tasks, including their associated data centers, of: 1) a Reliability Coordinator, 2) a Balancing Authority, 3) a Transmission Operator for transmission Facilities at two or more locations, or 4) a Generator Operator for generation Facilities at two or more locations.

• The facility must meet the definition of Control Center for the Impact Rating Criteria to apply – Look carefully at your generator operations

10

Control Center Criteria

• The Impact Rating Criteria is applicable to Control Centers performing the functional obligations of a Reliability Coordinator, Balancing Authority, Transmission Operator, or Generator Operator – The Registered Entity does not need to be registered as

a RC, BA, TOP, or GOP to have a Control Center performing the functional obligations of one of those registrations

• BES Cyber Systems associated with the Control Center must be used by the Control Center and also must be located at the Control Center

11

Criterion 2.1

• Applies to generating plants, not individual generating units – The plant must have an aggregate highest rated net Real

Power capability of the preceding 12 calendar months equal to or exceeding 1500 MW in a single Interconnection

– The only BES Cyber Systems that meet this criterion are those shared BES Cyber Systems that could, within 15 minutes, adversely impact the reliable operation of any combination of units that in aggregate equal or exceed 1500 MW in a single Interconnection

12

Criterion 2.1

• It is possible to have a plant exceeding the 1500 MW threshold yet have only Low Impact BES Cyber Systems – Plant control systems can be segregated in such a

manner that there are no shared systems exceeding the 1500 MW threshold Many BES Cyber Systems can be configured to stay below the

1500 MW threshold

– At audit, be prepared to demonstrate how the plant systems and networks are configured to assure the segregation

13

Criterion 2.5

• Applies to Transmission stations and substations operated between 200 and 499 kV

• Additional qualifiers : – The station or substation must be connected at 200 kV,

or higher voltages to three or more other Transmission stations or substations

– The combination of Transmission lines yields an "aggregate weighted value" exceeding 3000

• BES Cyber Systems associated with any Facility (high or low side) operated at 200 to 499 kV are Medium impacting

14

Criterion 2.5

• For a Transmission line to be considered a Transmission Facility and included in the Impact Rating Criterion 2.5 calculation, the line must be used for network flow of the Bulk Electric System and connected to another Transmission station or substation – A radial line is not a Transmission line

– A generator lead line is the line at any voltage between the generator and the first connected substation where Transmission lines are present - it is not a Transmission line

15

Criterion 2.5

• The Criterion applies even if the high side of the station or substation is operated at 500 kV or above – Applies to the 345 kV side of a 500/345 kV substation,

but only if the substation meets the Criteria 2.5 qualifying characteristics

– It is possible to have a 500/345 kV substation where BES Cyber Systems associated with the 500 kV Facilities are Medium impacting but the BES Cyber Systems associated with the 345 kV Facilities are Low impacting

16

Criteria 2.3 and 2.6

• The Reliability Coordinator, Planning Coordinator, or Transmission Planner designates the generation or Transmission facility with impact

• The registered entity is responsible for identifying BES Cyber Systems associated with the identified Facility

• All associated BES Cyber Systems are Medium Impact – Segregation of control systems in a generating plant will

not reduce the impact categorization

– BES Transmission Facilities operated below 200 kV are not exempt

17

Audit Considerations

• Explicit requirements in CIP-002-5.1: – List of High and Medium Impact BES Cyber Systems

– List of assets containing a Low Impact BES Cyber System

• Additional requirement: – Every Cyber Asset satisfying the definition of BES Cyber

Asset must be a member of at least one BES Cyber System

• And while we are on the subject… – You can group BES Cyber Assets into BES Cyber Systems

differently on a requirement by requirement basis

18

Audit Considerations

• You will need to show your work – Demonstrate that every BES Cyber Asset has been

identified

– Be prepared to demonstrate why a Cyber Asset is not a BES Cyber Asset

– Demonstrate that every BES Cyber Asset is a member of at least one BES Cyber System

– If you regroup based on requirement, demonstrate that every BES Cyber Asset is accounted for in each regrouping

• Compliance means more than just producing two lists 19

Helpful Resources

• NERC Website Links: – CIP V5 Transition Home Page

CIP V5 Standards and Implementation Plan

CIP V5 Transition Guidance

CIP V5 Transition Study Lessons Learned

– Project 2014-04 (Physical Security) CIP-014-1

CIP-014-1 Implementation Plan

CIP-014 Revisions SAR

• SPP RE CIP V5 Transition Page

20

SPP RE CIP Team

• Kevin Perry, Director of Critical Infrastructure Protection (501) 614-3251

• Shon Austin, Lead Compliance Specialist-CIP (501) 614-3273

• Steven Keller, Lead Compliance Specialist-CIP (501) 688-1633

• Jeremy Withers, Senior Compliance Specialist-CIP (501) 688-1676

• Robert Vaughn, Compliance Specialist II-CIP (501) 482-2301

21