On March 16, 2018, the NERC Standard Drafting Team (SDT) issued three NERC compliance items for review and vote. These included a new version of the definition for control center to be added to the North American Electric Reliability Corp. (NERC) Glossary of Terms, modifications resulting in CIP-002-6 Cyber Security — BES Cyber System Categorization and the development of a new standard, CIP-012-1 Cyber Security – Communications between Control Centers. The ballots for these items were due on April 30, 2018.

Proposed Revision to the Control Center Definition for the NERC Glossary of Terms

The three changes for the control center definition are meant to clarify the definition of what makes up the category of “control center.” The new definition:

  1. Includes associated data centers as a facility that makes up a control center;
  2. Is refined to include the requirement that control centers are performing the real-time reliability tasks of a reliability coordinator, balancing authority or transmission operator for transmission facilities at two or more locations;
  3. Adds in what situations a control center can operate or direct the operation of a transmission owner’s bulk electric system (BES) transmission facilities in real time.

The new definition also clarifies the definition of operating personnel by stating that it does not include generator plant operators, centrally located dispatch center personnel who relay orders without modifications, or transmission owner or operator field switching personnel.

Proposed Modifications to CIP-002

In CIP-002-5.1a, the cybersystem critical infrastructure protection (CIP) categorization standard, Attachment 1 only allowed control centers that performed the functional obligations of the transmission operator to have BES Cyber Systems categorized as either high-impact or medium-impact. This meant that even small transmission-owned control centers had a significant compliance load.

The proposed modification to Attachment 1, Section 2.12, adds the concept of an “aggravated weighted value” based on the BES Transmission Lines the control center monitors and controls. If the aggravated weighted value does not exceed 6000, as determined by summing up the “weight value per line” provided in the new table added to Section 2.12., the control center can now have BES Cyber Systems rated as low-impact. This will significantly reduce the scope of work for these systems under the present standards.

The second proposed modification to CIP-002 modifies the directions for implementation of the requirements that resulted from planned and unplanned changes into the Standard. Planned and unplanned changes alter the categorization of an existing BES Cyber Asset or the addition of a new facility. Similar to how CIP-003-7 moved the Low Impact External Routable Connectivity and Low Impact BES Cyber System Electronic Access Point terms from NERC Glossary of Terms into the requirements, this change to CIP-002 moves the schedule for implementation of requirements for planned and unplanned changes into the Standard. Where the identification of these changes occurs, the need to find the requirements in a different location is eliminated.

New Standard CIP-012-1 Cyber Security: Communications between Control Centers

On Jan. 26, 2018, FERC issued Order 822, which included a direction to NERC to:

“Develop modifications to the CIP Reliability Standards to require responsible entities to implement controls to protect, at a minimum, communication links and sensitive bulk electric system data communicated between bulk electric system Control Centers in a manner that is appropriately tailored to address the risks posed to the bulk electric system by the assets being protected (i.e., high, medium, or low impact).”

A third draft of this standard is on the current ballot. The second draft narrowly passed but there were many questions from voters. This caused the SDT to revisit the document. Main changes from the previous draft of this Standard:

  1. Removed the requirement for protection of real-time control data when transmitted between any control centers. This was driven by a concern about potential data latency and the impact to the BES reliability;
  2. Removed the requirement to define a demarcation point(s) for where security protection is applied, the revised language just requires the responsible entity to identify where security protection is applied;
  3. Removed draft 2, requirement R2, which required implementation of the plan(s) required under R1, except during a CIP Exceptional Circumstances.

When Standards have one requirement for creating a plan, a separate requirement that directs implementation, and sometimes even a third requirement that directs review and approval of the plans, the potential for violations is increased. This latest modification by the SDT in the latest draft of CIP-012-1 will group requirements together into one requirement, simplifying the Standard.

Next Steps

The changes to the definition of a control center and the modifications to CIP-002-6 Attachment 1, Section 2.12 will provide clarity and relief to many responsible entities. CIP-012 provides clarity on how to protect information shared between control centers in a manner that will prevent operational impact.

Stay connected to what’s happening the NERC compliance field by following NERC SDT 2016-02. The next big issue to be tackled the SDT is how to deal with virtualization and other emerging technologies, which will have a major potential to impact the architecture of control and information storage systems.

 

Stay up to date on the latest news from NERC by subscribing to our Critical Infrastructure Security & Compliance Updates.

Visit Our Amplified Perspectives Blog
by
Jerome Farquharson is the regional practice manager for the Burns & McDonnell Compliance & Critical Information Protection Group. The group provides regulatory risk management services, including NERC and FERC compliance, to generation and transmission and distribution entities.