Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber...
Transcript of Identifying BES Cyber Systems - Southwest Power Pool · List of High and Medium Impact BES Cyber...
Identifying BES Cyber Systems
CIP Compliance Workshop June 2, 2015
Kevin B. Perry Director, Critical Infrastructure Protection [email protected] 501.614.3251
Topics
• Guidance on Exemption (Section 4.2.3.2)
• HVDC Facilities
• Control Center Criteria
• Criterion 2.1
• Criterion 2.5
• Criteria 2.3 and 2.6
• Audit Considerations
2
Exemption Section 4.2.3.2
• An exemption appears as Section 4.2.3.2 in each of the CIP V5 Standards – “Cyber Assets associated with communication networks
and data communication links between discrete Electronic Security Perimeters.”
• Works well if there are two discrete Electronic Security Perimeters (ESPs)
• Doesn’t work so well if there is only one (or no) ESP
• Also a cart-before-the-horse issue – Must identify BES Cyber Systems before identifying ESP
3
Exemption Section 4.2.3.2
• Communication/networking Cyber Assets are not automatically exempt from the CIP V5 Standards
• How do you know what is “in”, and what is “out?” – You need a proxy for the ESP as you identify BES Cyber
Assets and group them into BES Cyber Systems
• Recently released NERC Guidance Memorandum introduces the concept of a demarcation point – Can also serve as the ESP proxy
4
Exemption Section 4.2.3.2
5
Control Center Substation
ESP ESP
Exempt
Possible Demarcation Points Demarc Demarc Proxy ESP Proxy ESP
Exemption Section 4.2.3.2
6
Control Center Substation
ESP
Possible Demarcation Points
Exempt
Demarc Demarc Proxy ESP
Proxy ESP
ESP
HVDC Facilities
• The Impact Rating Criteria are focused on Facilities operated at AC (alternating current) voltages – The Guidelines and Technical Basis section of CIP-002-
5.1 is silent on the issue of DC (direct current) Facilities
• So, how does a Registered Entity apply the Impact Rating Criteria to HVDC Facilities? – AC Voltage is phase to phase
– HVDC circuits do not have phases, but they have poles
– The pole-to-pole/return voltage differential can be used as a substitute for phase-to-phase AC voltages
7
HVDC Facilities
• For bi-pole circuits, the pole-to-pole current differential is the effective voltage for the purposes of the Criteria – A bi-pole DC circuit operated at +/- 250 kV would be
treated as a 500 kV Facility
• For monopole with earth return circuits or for symmetrical monopole circuits, the circuit voltage rating is the effective voltage
• If a circuit can be operated in monopole or bi-pole mode, the effective voltage is the bi-pole current differential
8
HVDC Facilities
• Back-to-Back converter stations are treated the same as bi-pole HVDC Transmission lines
• Multi-terminal systems (two converter stations linked by HVDC Transmission lines) are treated at the same voltage as the HVDC Transmission line
9
Control Center Criteria
• Control Center Definition: – One or more facilities hosting operating personnel that
monitor and control the Bulk Electric System (BES) in real-time to perform the reliability tasks, including their associated data centers, of: 1) a Reliability Coordinator, 2) a Balancing Authority, 3) a Transmission Operator for transmission Facilities at two or more locations, or 4) a Generator Operator for generation Facilities at two or more locations.
• The facility must meet the definition of Control Center for the Impact Rating Criteria to apply – Look carefully at your generator operations
10
Control Center Criteria
• The Impact Rating Criteria is applicable to Control Centers performing the functional obligations of a Reliability Coordinator, Balancing Authority, Transmission Operator, or Generator Operator – The Registered Entity does not need to be registered as
a RC, BA, TOP, or GOP to have a Control Center performing the functional obligations of one of those registrations
• BES Cyber Systems associated with the Control Center must be used by the Control Center and also must be located at the Control Center
11
Criterion 2.1
• Applies to generating plants, not individual generating units – The plant must have an aggregate highest rated net Real
Power capability of the preceding 12 calendar months equal to or exceeding 1500 MW in a single Interconnection
– The only BES Cyber Systems that meet this criterion are those shared BES Cyber Systems that could, within 15 minutes, adversely impact the reliable operation of any combination of units that in aggregate equal or exceed 1500 MW in a single Interconnection
12
Criterion 2.1
• It is possible to have a plant exceeding the 1500 MW threshold yet have only Low Impact BES Cyber Systems – Plant control systems can be segregated in such a
manner that there are no shared systems exceeding the 1500 MW threshold Many BES Cyber Systems can be configured to stay below the
1500 MW threshold
– At audit, be prepared to demonstrate how the plant systems and networks are configured to assure the segregation
13
Criterion 2.5
• Applies to Transmission stations and substations operated between 200 and 499 kV
• Additional qualifiers : – The station or substation must be connected at 200 kV,
or higher voltages to three or more other Transmission stations or substations
– The combination of Transmission lines yields an "aggregate weighted value" exceeding 3000
• BES Cyber Systems associated with any Facility (high or low side) operated at 200 to 499 kV are Medium impacting
14
Criterion 2.5
• For a Transmission line to be considered a Transmission Facility and included in the Impact Rating Criterion 2.5 calculation, the line must be used for network flow of the Bulk Electric System and connected to another Transmission station or substation – A radial line is not a Transmission line
– A generator lead line is the line at any voltage between the generator and the first connected substation where Transmission lines are present - it is not a Transmission line
15
Criterion 2.5
• The Criterion applies even if the high side of the station or substation is operated at 500 kV or above – Applies to the 345 kV side of a 500/345 kV substation,
but only if the substation meets the Criteria 2.5 qualifying characteristics
– It is possible to have a 500/345 kV substation where BES Cyber Systems associated with the 500 kV Facilities are Medium impacting but the BES Cyber Systems associated with the 345 kV Facilities are Low impacting
16
Criteria 2.3 and 2.6
• The Reliability Coordinator, Planning Coordinator, or Transmission Planner designates the generation or Transmission facility with impact
• The registered entity is responsible for identifying BES Cyber Systems associated with the identified Facility
• All associated BES Cyber Systems are Medium Impact – Segregation of control systems in a generating plant will
not reduce the impact categorization
– BES Transmission Facilities operated below 200 kV are not exempt
17
Audit Considerations
• Explicit requirements in CIP-002-5.1: – List of High and Medium Impact BES Cyber Systems
– List of assets containing a Low Impact BES Cyber System
• Additional requirement: – Every Cyber Asset satisfying the definition of BES Cyber
Asset must be a member of at least one BES Cyber System
• And while we are on the subject… – You can group BES Cyber Assets into BES Cyber Systems
differently on a requirement by requirement basis
18
Audit Considerations
• You will need to show your work – Demonstrate that every BES Cyber Asset has been
identified
– Be prepared to demonstrate why a Cyber Asset is not a BES Cyber Asset
– Demonstrate that every BES Cyber Asset is a member of at least one BES Cyber System
– If you regroup based on requirement, demonstrate that every BES Cyber Asset is accounted for in each regrouping
• Compliance means more than just producing two lists 19
Helpful Resources
• NERC Website Links: – CIP V5 Transition Home Page
CIP V5 Standards and Implementation Plan
CIP V5 Transition Guidance
CIP V5 Transition Study Lessons Learned
– Project 2014-04 (Physical Security) CIP-014-1
CIP-014-1 Implementation Plan
CIP-014 Revisions SAR
• SPP RE CIP V5 Transition Page
20
SPP RE CIP Team
• Kevin Perry, Director of Critical Infrastructure Protection (501) 614-3251
• Shon Austin, Lead Compliance Specialist-CIP (501) 614-3273
• Steven Keller, Lead Compliance Specialist-CIP (501) 688-1633
• Jeremy Withers, Senior Compliance Specialist-CIP (501) 688-1676
• Robert Vaughn, Compliance Specialist II-CIP (501) 482-2301
21