Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC...
Transcript of Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC...
![Page 1: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/1.jpg)
Summary of 2016 Board of Trustees Standards Oversight and Technology Committee Survey
![Page 2: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/2.jpg)
RELIABILITY | ACCOUNTABILITY2
Overview
• NERC engaged TalentQuest to conduct its annual Board of Trustees Standards Oversight and Technology Committee Survey through an online methodology.
• The Standards Oversight and Technology Committee survey was administered from November 8 to December 20, 2016, to a total of six (6) Committee members.
• 6 Committee members responded to the survey. 100% response rate.
![Page 3: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/3.jpg)
RELIABILITY | ACCOUNTABILITY3
Rating Scale
• Respondents were asked to rate items on a 1 to 5 point scale to indicate their evaluation for each rated item: 1 = Needs Prompt Attention (“unacceptable performance”) 2 = Below Expectations (“performance area with opportunity for
improvement”) 3 = Meets Expectations (“meets the required standard of performance”) 4 = Exceeds Expectations (“exceeds the required standard of performance”) 5 = Outstanding (“far exceeds the required standard of performance”)
• Additional items were evaluated by selection of “Yes” or “No” to indicate agreement or disagreement.
• For any item rated “1” (Needs Prompt Attention), “2” (Below Expectations), or “No”, mandatory comments were required to explain the rationale for the rating or selection.
![Page 4: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/4.jpg)
RELIABILITY | ACCOUNTABILITY4
Results Summary
• The overall Standards Oversight and Technology Committee survey average was 3.94, with item averages ranging from 3.50 to 4.33.
• Given the lowest item averages are well above 3.00, the Standards Oversight and Technology Committee is seen to be operating at expectations or higher.
![Page 5: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/5.jpg)
RELIABILITY | ACCOUNTABILITY5
SOTC Highest Rated Items
4.33
4.17
4.17
4.00
4.00
1 2 3 4 5
As part of the annual business plan and budgeting process, theCommittee reviews annually the resource requirements and funding for
IT-related investments and costs.
The Committee monitors overall results of the standards developmentprocess, and makes recommendations to the NERC Standards
Committee, Board and management regarding potentialimprovements.
The Committee provides advice and recommendations to the Board onany technology-related issues referred to it by the Board.
In collaboration with the Reliability Issues Steering Committee, theCommittee assesses emerging reliability risks affecting standards,
making recommendations as appropriate.
The Committee monitors progress in addressing regulatory mandatesand directives related to standards.
![Page 6: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/6.jpg)
RELIABILITY | ACCOUNTABILITY6
SOTC Lowest Rated Items
3.83
3.83
3.67
3.50
1 2 3 4 5
The Committee provides advice and recommendations to the Boardon any standards-related issues referred to it by the Board.
The Committee reviews with management company computersystems environment, security procedures, and contingency plans.
The Committee serves as the Level 2 Appeals Panel as set forth in theNERC Standard Processes Manual, Appendix 3A to the NERC Rules of
Procedure.
The Committee reviews periodically NERC’s status with the American National Standards Institute.
![Page 7: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/7.jpg)
RELIABILITY | ACCOUNTABILITY7
Committee Functioning
• Across all Committee surveys, 4 “Yes/No” items were asked in regard to committee functioning. Each committee, including the Standards Oversight and Technology Committee, rated these items with a 100% response of “Yes”: The number of Committee meetings is appropriate. The size of the Committee is appropriate. The information provided in support of the agenda is appropriate and
available in a timely manner in advance of Committee meetings. The Committee Chair manages meetings efficiently to allow for open,
equal, and sufficient discussion and construction input on important issues.
![Page 8: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/8.jpg)
NERC and ERO Enterprise IT Projects UpdateStan Hoptroff, Vice President and Chief Technology OfficerStandards Oversight and Technology Committee MeetingFebruary 8, 2017
![Page 9: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/9.jpg)
RELIABILITY | ACCOUNTABILITY2
Today’s Topics
• ERO Enterprise IT Projects Update• E-ISAC IT Projects Update• NERC Corporate IT Projects• IT Projects Cost/Benefits• ERO Enterprise IT Strategy Timeline
![Page 10: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/10.jpg)
RELIABILITY | ACCOUNTABILITY3
Today’s Topics
• E-ISAC IT Strategy Timeline• 2016 Applications and Sources• 2017 Applications and Sources• 2018–2020 Applications and Sources• Priorities Looking Ahead
![Page 11: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/11.jpg)
RELIABILITY | ACCOUNTABILITY4
ERO Enterprise IT Projects Update
• User Management and Resources (ERO Applications) Improve client experience, reduce complexity, and reduce support risk
• Enterprise Reporting – Generation Data Enable ERO data access and analysis
• GADS – Wind Turbine Generation 1600 Data Request
• Compliance Monitoring and Enforcement Program (CMEP) Steering Committee active, vendor education and professional services
interviews completed
![Page 12: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/12.jpg)
RELIABILITY | ACCOUNTABILITY5
E-ISAC IT Projects Update
• E-ISAC Portal Enhancements and Support Members Executive Committee requested features and improvements
completed
• Cybersecurity Risk Information Sharing Program (CRISP) Data Management Tools Evaluation & Support Data Repository in progress
• E-ISAC Cyber Automated Information Sharing System (CAISS) Implementation of Machine-to-Machine communications pilot underway
(STIX/TAXII)
![Page 13: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/13.jpg)
RELIABILITY | ACCOUNTABILITY6
NERC Corporate IT Projects
• Document Management Program 2016 – IT, HR, Finance, Policy and External Affairs, Legal and Board
(Governance), and Executives/ERO Operations/MRC 2017 - Compliance, Enforcement, Standards and Training, Reliability
Assessment and System Analysis, Reliability Risk Management, Internal Audit, and Facilities
2018 – Continued focus on training and adoption
• Audio/Visual Solution Ease of use, security, reliability, and reduced travel
• Information Security Email Encryption Network Architecture update
![Page 14: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/14.jpg)
RELIABILITY | ACCOUNTABILITY7
IT Projects Cost/Benefits
• Reduce Reliability Risk to the Bulk Power System• Increase Capability• Reduce Corporate Risk• Increase Work Quality• Increase Efficiency• Reduce or Avoid Cost
![Page 15: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/15.jpg)
RELIABILITY | ACCOUNTABILITY8
ERO Enterprise IT Strategy Timeline
2017 2018 2019 2020
Entity Information and Communication
Information Sharing
Data and Analytics
Standards and Compliance
Entity Registration NERC Announcements NERC Alerts
Document Management
NERC.com Improvements
GADS Wind, Wind Portal, GAR Wind GADS Solar GADS Releases
DADS Releases
Ongoing Data Integrations TADS Releases
Planning and RFP Structured Incremental Implementation
Extranet Document Collaboration
Extranet Discussion Groups
TEAMS Major Release
Q1 Q4Q3Q2 Q1 Q4Q3Q2Q1 Q4Q3Q2 Q1 Q4Q3Q2
![Page 16: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/16.jpg)
RELIABILITY | ACCOUNTABILITY9
E-ISAC IT Strategy Timeline
Collaboration
Information Sharing
Data Analysis
2017 2018 2019
CRISP Data Analysis with E-L-K
Event Viewing Tool
Visualization
Malware Submission Forensics Tools
Data Warehouse
Communications Tools
GridEx Preparation and SupportGridEx
Preparation and Support
Disaster Recovery HF
Communications
User Management and Records integration
Secure Communications
Portal Platform Selection and Development
CAISS Pilot CAISS Production
Portal Platform Selection and Development
Portal Platform Go-Live
Q1 Q4Q3Q2 Q1 Q4Q3Q2 Q1 Q2
![Page 17: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/17.jpg)
RELIABILITY | ACCOUNTABILITY10
2016 Applications and Sources
RADS
NONE
CRATSStandards
CRATS Registration
TEAMSPMU
SAFNR
CRATSTFE
SBS
CRATSEnforcement
E-ISACPortal
xRM Platform
Integration with xRM
Qualified Events
GADS
DADS
CITS
CDMSBESnet
TADS
MISOPS
UMP
![Page 18: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/18.jpg)
RELIABILITY | ACCOUNTABILITY11
2017 Applications and Sources
TADS
MISOPS
CITS
RADS
NONE
CDMS
TEAMSPMU
SAFNR
BESnet
SBS
E-ISACPortal
UMR
GADS-Wind
EntityRegistration
xRM Platform
Integration with xRM
Qualified Events
CRATSStandards
CRATSTFE
CRATSEnforcement
GADS
DADS
OSI PI
![Page 19: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/19.jpg)
RELIABILITY | ACCOUNTABILITY12
TEAMSPMU
SAFNR
E-ISACPortal
UMR
CMEP Tools
xRM Platform
Integration with xRM
Qualified Events
TADS
MISOPS
RADSBESnetGADS-
Wind
GADS
DADS
EntityRegistration
SBS
OSI PI
2018–2020 Applications and Sources
![Page 20: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/20.jpg)
RELIABILITY | ACCOUNTABILITY13
Priorities Looking Ahead
• Registered Entities Public Website Enhancements Registration Application Access for Misoperations and GADS-Wind
• E-ISAC E-ISAC Portal Platform E-ISAC Cyber Security Automation CRISP Analytical Capabilities
• ERO Enterprise CMEP Technology Program Enterprise Reporting – TADS and events data to be extracted and loaded Geo-Magnetic Disturbance IT Requirements
![Page 21: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/21.jpg)
RELIABILITY | ACCOUNTABILITY14
![Page 22: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/22.jpg)
RELIABILITY | ACCOUNTABILITY15
Additional Information
![Page 23: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/23.jpg)
RELIABILITY | ACCOUNTABILITY16
IT Projects Cost/Benefits
Benefit AreaPotential Beneficiaries
Measurement OptionsNERC REGIONS REGISTERED
ENTITIES
Reduce Reliability Risk x x xDeliverable Confirmation
Metric Based
Surveys
Increase Capability x xDeliverable Confirmation
Surveys
Reduce Corporate Risk x xDeliverable Confirmation
Metric Based
Auditable Records
Increase Work Quality x x x
Time/Labor Comparisons
Delivery Confirmation
Metric Based
Surveys
Increase Efficiency x x xTime/Labor Comparisons
Surveys
Anecdotal Evidence
Reduce Cost x x x Financial Reporting
![Page 24: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/24.jpg)
RELIABILITY | ACCOUNTABILITY17
IT Projects Cost/Benefits
Solution Status Primary Benefits
ER
O P
roje
cts RADS
Reliability Assessment Data System
In ProductionIncrease Efficiency Increase Capability Increase Work Quality
MIDASMisoperations Information Data Analysis System
In Production
Increase Efficiency Increase Capability Reduce Reliability Risk TBD
Increase Work Quality
NE
RC
Pro
ject
s
CRATS EnhancementsCompliance Reporting and Tracking System
In Production Increase Efficiency Increase Work Quality
UMRUser Management and Records
In Production Increase EfficiencyReduce Cost
InfoHubDocument Management
Ongoing Deployment Increase Efficiency
Reduce Corporate Risk
![Page 25: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/25.jpg)
Functional Model Update
Howard Gugel, Senior Director of Standards and EducationStandards Oversight and Technology CommitteeFebruary 8, 2017
![Page 26: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/26.jpg)
RELIABILITY | ACCOUNTABILITY2
• Evolution of the Industry Generation and transmission decoupled from distribution Independent generation Vertical disintegration of some utilities
• Functional Model accommodated those changes Accounted for different types of operations Did not cause or recommend organizational changes
Functional Model Purpose
![Page 27: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/27.jpg)
RELIABILITY | ACCOUNTABILITY3
• Initially created to describe Control Area operations • Expanded to include planning and reliability functions • Approved by NERC Board of Trustees in 2007 • Currently on Version 5• Functional Model Advisory Group (FMAG) began work in
November 2015• Solicited industry comments September 2016
History
![Page 28: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/28.jpg)
RELIABILITY | ACCOUNTABILITY4
• Provides guidance for Reliability Standards Development• Does not depend on market structure (or whether a market
even exists)• Defines functions as sets of tasks
Functional Model Overview
![Page 29: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/29.jpg)
RELIABILITY | ACCOUNTABILITY5
Functional Model
StandardsDeveloper
Compliance Enforcement
Authority
Reliability Assurer
Standards and Compliance Functions
TransmissionService
Provider
ReliabilityCoordinator
PlanningCoordinator
BalancingAuthority
InterchangeCoordinator
Reliability Service Functions
TransmissionOperator
TransmissionPlanner
ResourcePlanner
GeneratorOwner
Load-Serving Entity
Purchasing-Selling Entity
Distribution Provider
Planning andOperating Functions
Market Operator
![Page 30: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/30.jpg)
RELIABILITY | ACCOUNTABILITY6
• Each function is described by: The function (for example, “Transmission Operations”) The entity performing the function (for example, “Transmission Operator”)
• Each function and entity description includes: List of reliability tasks List of relationships and responsibilities
• Entities may perform tasks in multiple functions
Functional Model Overview
![Page 31: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/31.jpg)
RELIABILITY | ACCOUNTABILITY7
• The FMAG considered revisions to the Functional Model in 2016 Updating tasks and relationships Clarifying some of the planning functions
• Outreach and input on proposed revisions Reviewed by NERC Standing Committees Comments from the industry
Functional Model Review
![Page 32: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/32.jpg)
RELIABILITY | ACCOUNTABILITY8
• General confusion/disagreement over Functional Model’s purpose
• Uncertainty on role of Functional Model Registry criteria in Rules of Procedure is separate No impact on Compliance and Enforcement
• Standards Committee directed FMAG to pause work
Feedback and Themes from Input
![Page 33: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/33.jpg)
RELIABILITY | ACCOUNTABILITY9
• Limit changes to alignment of terms• Require industry input before future work, if needed
Direction
![Page 34: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/34.jpg)
RELIABILITY | ACCOUNTABILITY10
![Page 35: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/35.jpg)
Supply Chain Management Standard Update
Howard Gugel, Senior Director of Standards and EducationStandards Oversight and Technology CommitteeFebruary 8, 2017
![Page 36: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/36.jpg)
RELIABILITY | ACCOUNTABILITY2
• Background FERC issued Order No. 829 on July 21, 2016 Standard must be filed by September 2017
• Status Draft standard posted for comment and initial ballot Proposed standard will be presented by August 2017
Cyber Security Supply Chain Standard
![Page 37: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/37.jpg)
RELIABILITY | ACCOUNTABILITY3
![Page 38: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/38.jpg)
Guidance and Technical BasisUpdate
Howard Gugel, Senior Director of Standards and EducationStandards Oversight and Technology CommitteeFebruary 8, 2017
![Page 39: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/39.jpg)
RELIABILITY | ACCOUNTABILITY2
• Initially designed to support results based standards• First used in FAC-003-2 • Contained an “information only” disclaimer• Incorporated into standard development template• Disclaimer paragraph was omitted
History
![Page 40: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/40.jpg)
RELIABILITY | ACCOUNTABILITY3
• Provides drafting teams a mechanism to: Explain the technical basis for Reliability Standard Provide technical guidance to help support effective application
• To further clarify Guidance and Technical Basis (GTB): NERC staff and Standards Committee leadership to coordinate Captured in Task 3 in Standards Committee Strategic Plan
Purpose
![Page 41: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/41.jpg)
RELIABILITY | ACCOUNTABILITY4
• The GTB is a mechanism to explain technical basis• The GTB reflects standard drafting team’s intent in
understanding technology and the technical requirements• The GTB should provide a sound technical basis to help
understand the Requirements• The GTB does not prescribe compliance approaches or
compliance guidance
Guidance
![Page 42: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/42.jpg)
RELIABILITY | ACCOUNTABILITY5
![Page 43: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/43.jpg)
Reliability StandardsQuarterly Status Report
Howard Gugel, Senior Director of Standards and EducationStandards Oversight and Technology Committee MeetingFebruary 8, 2017
![Page 44: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/44.jpg)
RELIABILITY | ACCOUNTABILITY2
Projects with FERC directives
• 11 standards related directives in progress
![Page 45: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/45.jpg)
RELIABILITY | ACCOUNTABILITY3
• February 2017 (3 planned)• May 2017 (0 planned)• August 2017 (2 planned)• November 2017 (3 planned)
Standard Projections
![Page 46: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/46.jpg)
RELIABILITY | ACCOUNTABILITY4
Trend for Number of Requirements
0
100
200
300
400
500
600
2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2027
Num
ber o
f Req
uire
men
ts
Years and PendingContinent-wide Requirements by Enforcement DateNovember 2014Continent-wide Requirements by Enforcement DateSeptember 2015Regional Reliability Requirements by Board AdoptionNovember 2014Regional Reliability Requirements by Enforcement Date April2015
408
510
![Page 47: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/47.jpg)
RELIABILITY | ACCOUNTABILITY5
• 2017-2019 Standards Committee Strategic Plan
Standards Committee Report
![Page 48: Summary of 2016 Board of Trustees Standards Oversight and ... of Trustees Standard… · E-ISAC Cyber Security Automation CRISP Analytical Capabilities ... •Does not depend on market](https://reader036.fdocuments.in/reader036/viewer/2022071007/5fc4fdb6b2a1ec07e957c356/html5/thumbnails/48.jpg)
RELIABILITY | ACCOUNTABILITY6