Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber...

of 21 /21
Identifying BES Cyber Systems CIP Compliance Workshop June 2, 2015 Kevin B. Perry Director, Critical Infrastructure Protection [email protected] 501.614.3251

Transcript of Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber...

Page 1: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

Identifying BES Cyber Systems

CIP Compliance Workshop June 2, 2015

Kevin B. Perry Director, Critical Infrastructure Protection [email protected] 501.614.3251

Page 2: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

Topics

• Guidance on Exemption (Section 4.2.3.2)

• HVDC Facilities

• Control Center Criteria

• Criterion 2.1

• Criterion 2.5

• Criteria 2.3 and 2.6

• Audit Considerations

2

Page 3: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

Exemption Section 4.2.3.2

• An exemption appears as Section 4.2.3.2 in each of the CIP V5 Standards – “Cyber Assets associated with communication networks

and data communication links between discrete Electronic Security Perimeters.”

• Works well if there are two discrete Electronic Security Perimeters (ESPs)

• Doesn’t work so well if there is only one (or no) ESP

• Also a cart-before-the-horse issue – Must identify BES Cyber Systems before identifying ESP

3

Page 4: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

Exemption Section 4.2.3.2

• Communication/networking Cyber Assets are not automatically exempt from the CIP V5 Standards

• How do you know what is “in”, and what is “out?” – You need a proxy for the ESP as you identify BES Cyber

Assets and group them into BES Cyber Systems

• Recently released NERC Guidance Memorandum introduces the concept of a demarcation point – Can also serve as the ESP proxy

4

Page 5: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

Exemption Section 4.2.3.2

5

Control Center Substation

ESP ESP

Exempt

Possible Demarcation Points Demarc Demarc Proxy ESP Proxy ESP

Page 6: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

Exemption Section 4.2.3.2

6

Control Center Substation

ESP

Possible Demarcation Points

Exempt

Demarc Demarc Proxy ESP

Proxy ESP

ESP

Page 7: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

HVDC Facilities

• The Impact Rating Criteria are focused on Facilities operated at AC (alternating current) voltages – The Guidelines and Technical Basis section of CIP-002-

5.1 is silent on the issue of DC (direct current) Facilities

• So, how does a Registered Entity apply the Impact Rating Criteria to HVDC Facilities? – AC Voltage is phase to phase

– HVDC circuits do not have phases, but they have poles

– The pole-to-pole/return voltage differential can be used as a substitute for phase-to-phase AC voltages

7

Page 8: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

HVDC Facilities

• For bi-pole circuits, the pole-to-pole current differential is the effective voltage for the purposes of the Criteria – A bi-pole DC circuit operated at +/- 250 kV would be

treated as a 500 kV Facility

• For monopole with earth return circuits or for symmetrical monopole circuits, the circuit voltage rating is the effective voltage

• If a circuit can be operated in monopole or bi-pole mode, the effective voltage is the bi-pole current differential

8

Page 9: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

HVDC Facilities

• Back-to-Back converter stations are treated the same as bi-pole HVDC Transmission lines

• Multi-terminal systems (two converter stations linked by HVDC Transmission lines) are treated at the same voltage as the HVDC Transmission line

9

Page 10: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

Control Center Criteria

• Control Center Definition: – One or more facilities hosting operating personnel that

monitor and control the Bulk Electric System (BES) in real-time to perform the reliability tasks, including their associated data centers, of: 1) a Reliability Coordinator, 2) a Balancing Authority, 3) a Transmission Operator for transmission Facilities at two or more locations, or 4) a Generator Operator for generation Facilities at two or more locations.

• The facility must meet the definition of Control Center for the Impact Rating Criteria to apply – Look carefully at your generator operations

10

Page 11: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

Control Center Criteria

• The Impact Rating Criteria is applicable to Control Centers performing the functional obligations of a Reliability Coordinator, Balancing Authority, Transmission Operator, or Generator Operator – The Registered Entity does not need to be registered as

a RC, BA, TOP, or GOP to have a Control Center performing the functional obligations of one of those registrations

• BES Cyber Systems associated with the Control Center must be used by the Control Center and also must be located at the Control Center

11

Page 12: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

Criterion 2.1

• Applies to generating plants, not individual generating units – The plant must have an aggregate highest rated net Real

Power capability of the preceding 12 calendar months equal to or exceeding 1500 MW in a single Interconnection

– The only BES Cyber Systems that meet this criterion are those shared BES Cyber Systems that could, within 15 minutes, adversely impact the reliable operation of any combination of units that in aggregate equal or exceed 1500 MW in a single Interconnection

12

Page 13: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

Criterion 2.1

• It is possible to have a plant exceeding the 1500 MW threshold yet have only Low Impact BES Cyber Systems – Plant control systems can be segregated in such a

manner that there are no shared systems exceeding the 1500 MW threshold Many BES Cyber Systems can be configured to stay below the

1500 MW threshold

– At audit, be prepared to demonstrate how the plant systems and networks are configured to assure the segregation

13

Page 14: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

Criterion 2.5

• Applies to Transmission stations and substations operated between 200 and 499 kV

• Additional qualifiers : – The station or substation must be connected at 200 kV,

or higher voltages to three or more other Transmission stations or substations

– The combination of Transmission lines yields an "aggregate weighted value" exceeding 3000

• BES Cyber Systems associated with any Facility (high or low side) operated at 200 to 499 kV are Medium impacting

14

Page 15: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

Criterion 2.5

• For a Transmission line to be considered a Transmission Facility and included in the Impact Rating Criterion 2.5 calculation, the line must be used for network flow of the Bulk Electric System and connected to another Transmission station or substation – A radial line is not a Transmission line

– A generator lead line is the line at any voltage between the generator and the first connected substation where Transmission lines are present - it is not a Transmission line

15

Page 16: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

Criterion 2.5

• The Criterion applies even if the high side of the station or substation is operated at 500 kV or above – Applies to the 345 kV side of a 500/345 kV substation,

but only if the substation meets the Criteria 2.5 qualifying characteristics

– It is possible to have a 500/345 kV substation where BES Cyber Systems associated with the 500 kV Facilities are Medium impacting but the BES Cyber Systems associated with the 345 kV Facilities are Low impacting

16

Page 17: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

Criteria 2.3 and 2.6

• The Reliability Coordinator, Planning Coordinator, or Transmission Planner designates the generation or Transmission facility with impact

• The registered entity is responsible for identifying BES Cyber Systems associated with the identified Facility

• All associated BES Cyber Systems are Medium Impact – Segregation of control systems in a generating plant will

not reduce the impact categorization

– BES Transmission Facilities operated below 200 kV are not exempt

17

Page 18: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

Audit Considerations

• Explicit requirements in CIP-002-5.1: – List of High and Medium Impact BES Cyber Systems

– List of assets containing a Low Impact BES Cyber System

• Additional requirement: – Every Cyber Asset satisfying the definition of BES Cyber

Asset must be a member of at least one BES Cyber System

• And while we are on the subject… – You can group BES Cyber Assets into BES Cyber Systems

differently on a requirement by requirement basis

18

Page 19: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

Audit Considerations

• You will need to show your work – Demonstrate that every BES Cyber Asset has been

identified

– Be prepared to demonstrate why a Cyber Asset is not a BES Cyber Asset

– Demonstrate that every BES Cyber Asset is a member of at least one BES Cyber System

– If you regroup based on requirement, demonstrate that every BES Cyber Asset is accounted for in each regrouping

• Compliance means more than just producing two lists 19

Page 21: Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber Systems – List of assets containing a Low Impact BES Cyber System • Additional

SPP RE CIP Team

• Kevin Perry, Director of Critical Infrastructure Protection (501) 614-3251

• Shon Austin, Lead Compliance Specialist-CIP (501) 614-3273

• Steven Keller, Lead Compliance Specialist-CIP (501) 688-1633

• Jeremy Withers, Senior Compliance Specialist-CIP (501) 688-1676

• Robert Vaughn, Compliance Specialist II-CIP (501) 482-2301

21