Version 5 Critical Infrastructure Protection Reliability Standards; Supplemental Notice of Agenda and Discussion Topics for Staff Technical Conference, 22812-22814 [2014-09331]
Download as PDF
<![CDATA[
22812
Federal Register / Vol. 79, No. 79 / Thursday, April 24, 2014 / Notices
standard drafting team ‘‘identified the
portions of the collector system which
consistently provide a reliability benefit
to the interconnected transmission
network and are easily identified within
collector systems.’’ 7 Thus, the
Commission estimates no material
change in information collection
because the engineering time needed to
evaluate the collector system
component included in the bulk electric
system is a simple and straightforward
determination of whether the collector
system aggregates to greater than 75
MVA.
Estimate of Annual Burden: 8 The
Commission estimates the public
reporting burden as follows:
RD14–2–000 (FERC–725J)—REVISION TO THE DEFINITION OF BULK ELECTRIC SYSTEM
Number of
respondents 9
(A)
Number of
responses per
respondent
(B)
Total number
of responses
(A) × (B) = (C)
333
554
1
1
333
554
¥1
¥1
¥333
¥554
........................
........................
........................
........................
¥887
Total ..............................................................................
The total estimated decrease in cost
burden to respondents (year 1 only) is
$53,220; [¥887 hours * $60 10 =
¥$53,220].
Comments: Comments are invited on:
(1) Whether the collection of
information is necessary for the proper
performance of the functions of the
Commission, including whether the
information will have practical utility;
(2) the accuracy of the agency’s estimate
of the burden and cost of the collection
of information, including the validity of
the methodology and assumptions used;
(3) ways to enhance the quality, utility
and clarity of the information collection;
and (4) ways to minimize the burden of
the collection of information on those
who are to respond, including the use
of automated collection techniques or
other forms of information technology.
Dated: April 18, 2014.
Kimberly D. Bose,
Secretary.
[FR Doc. 2014–09342 Filed 4–23–14; 8:45 am]
BILLING CODE 6717–01–P
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
[Docket No. RM13–5–000]
pmangrum on DSK3VPTVN1PROD with NOTICES
Version 5 Critical Infrastructure
Protection Reliability Standards;
Supplemental Notice of Agenda and
Discussion Topics for Staff Technical
Conference
This notice establishes the agenda and
topics for discussion at the technical
7 NERC
Petition at 16.
Commission defines burden as the total
time, effort, or financial resources expended by
persons to generate, maintain, retain, or disclose or
provide information to or for a Federal agency. For
further explanation of what is included in the
information collection burden, reference 5 Code of
Federal Regulations 1320.3.
8 The
VerDate Mar<15>2010
14:19 Apr 23, 2014
Jkt 232001
conference to be held on April 29, 2014
to discuss issues related to Critical
Infrastructure Protection Issues
Identified in Order No. 791. The
technical conference will be held from
10:00 a.m. and ending at approximately
4:30 p.m. (Eastern Time) in the
Commission Meeting Room at the
Commission’s headquarters, 888 First
Street NE., Washington, DC. The
technical conference will be led by
Commission staff. All interested parties
are invited to attend, and registration is
not required.
The topics and related questions to be
discussed during this conference are
attached. The purpose of the technical
conference is to facilitate a structured
dialogue on operational and technical
issues identified by the Commission in
the Critical Infrastructure Protection
(CIP) version 5 Standards Final Rule.
Prepared remarks will be presented by
invited panelists.
There will be no webcast of this
event. However, it will be transcribed.
Transcripts of the meeting/conference
will be immediately available for a fee
from Ace-Federal Reporters, Inc. (202–
347–3700 or 1–800–336–6646).
FERC conferences are accessible
under section 508 of the Rehabilitation
Act of 1973. For accessibility
accommodations please send an email
to accessibility@ferc.gov or call toll free
(866) 208–3372 (voice) or (202) 502–
8659 (TTY), or send a fax to (202) 208–
2106 with the requested
accommodations.
There is no fee for attendance.
However, members of the public are
encouraged to preregister online at:
9 The number of respondents for transmission
owners and distribution providers is based on the
NERC Compliance Registry referenced in Order No.
773.
10 The estimate for cost per hour for an electrical
engineer is $60 (the average salary plus benefits)
according to the Bureau of Labor Statistics at
https://bls.gov/oes/current/naics2_22.htm.
PO 00000
Frm 00025
Fmt 4703
Sfmt 4703
Estimated total
year 1 burden
reduction
(C) × (D)
https://www.ferc.gov/whats-new/
registration/04-29-14-form.asp.
For more information about the
technical conference, please contact:
Sarah McKinley, Office of External
Affairs, 202–502–8368, sarah.mckinley@
ferc.gov.
Dated: April 17, 2014.
Kimberly D. Bose,
Secretary.
Critical Infrastructure Protection Issues
Identified in Order No. 791
RM13–5–000
April 29, 2014
Agenda
10:00–10:15 a.m. Welcome and Opening
Remarks by Commission Staff
Introduction
In Order No. 791, the Commission
approved the Version 5 Critical
Infrastructure Protection (CIP)
Reliability Standards, CIP–002–5
through CIP–011–1 (CIP version 5
Standards), submitted by the North
American Electric Reliability
Corporation (NERC).1 Order No. 791
directed Commission staff to convene a
staff-led technical conference, within
1 Version 5 Critical Infrastructure Protection
Reliability Standards, Order No. 791, 78 FR 72,755
(Dec. 3, 2013), 145 FERC ¶ 61,160 (2013), order on
reh’g, Order No. 791–A, 146 FERC ¶ 61,188 (2014).
E:\FR\FM\24APN1.SGM
24APN1
EN24AP14.000</GPH>
Transmission Owners (System Review and List Creation)
Distribution Providers (System Review and List Creation)
Average
burden hours
per response
(D)
Federal Register / Vol. 79, No. 79 / Thursday, April 24, 2014 / Notices
180 days from the issuance date of the
Final Rule, to examine several of the
technical issues identified therein.2 The
purpose of this conference is to obtain
further information as to: (1) The
adequacy of the approved CIP version 5
Standards’ protections for Bulk-Power
System data being transmitted over data
networks; (2) whether additional
definitions and/or security controls are
needed to protect Bulk-Power System
(BPS) communications networks,
including remote systems access; and
(3) the functional differences between
the respective methods utilized for
identification, categorization, and
specification of appropriate levels of
protection for cyber assets using CIP
version 5 Standards as compared with
those employed within the National
Institute of Standards and Technology
(NIST) Security Risk Management
Framework.
pmangrum on DSK3VPTVN1PROD with NOTICES
Panel 1
10:15–11:45 a.m. The Adequacy of the
CIP version 5 Standards for
Protection of BPS Communication
Networks
The Commission seeks information
about the adequacy of the approved CIP
version 5 Standards for protecting data
being transmitted over BPS
communication networks. Panelists are
encouraged to address:
• The vulnerabilities that BPS
communication networks may be facing
and how effectively they are being
protected against these risks by the
currently enforced CIP Reliability
Standards.
• The adequacy of the approved CIP
version 5 Standards security controls to
protect BPS communication networks
against current and projected
vulnerabilities.
• The types of physical or logical
controls that are currently being applied
to protect BPS communication networks
and the adequacy of these controls to
address the protection of: (1) nonroutable protocols, (2) serial
communication links, (3) nonprogrammable components, (4) remote
access processes and devices, and (5)
data in motion.
• For each of the topics above, the
panelists should address whether there
are gaps in the current CIP version 5
Standards that could be addressed, and
suggest recommendations for
adjustment of the CIP version 5
Standards to address any gaps.
Panelists:
• Dan Skaar, President and CEO,
Midwest Reliability Organization
2 Id.
at PP 7, 150, and 225.
VerDate Mar<15>2010
14:19 Apr 23, 2014
Jkt 232001
• Kevin Perry, Director, CIP, Southwest
Power Pool Regional Entity
• Richard Dewey, Senior Vice President
& CIO, NYISO
• Steven Parker, President, EnergySec
• Mikhail Falkovich, Manager NERC/
CIP Compliance, PSEG; Speaking
on behalf of Electric Power Supply
Association (EPSA)
• Tobias Whitney, Manager, CIP
Compliance, North America Electric
Reliability Corporation (NERC)
11:45–1:00 p.m. Lunch
Panel 2
1:00–2:30 p.m. Need for Additional
Definitions or Controls for CIP
Reliability Standards
The Commission seeks information on
whether additional definitions and/or
security controls are needed to protect
BPS communications networks,
including remote systems access.
Panelists are encouraged to address:
• Whether the NERC Glossary of
Terms needs either new definitions, or
modifications of current definitions, to
ensure adequate protection of BPS
communication networks.
• The types of physical or logical
controls that may be needed to protect
BPS communication network
components communicating via nonroutable protocols, or through serial
communication links.
• The types of physical or logical
controls that may be needed to protect
non-programmable components of data
communications networks (e.g.,
cabling).
• The types of physical or logical
controls that may be needed to address
the cybersecurity needs of remote access
processes and devices.
• How the confidentiality, integrity,
and availability of data in motion (i.e.,
being transmitted) over BPS
communication networks can be
ensured physically and/or
electronically.
• To what extent different types of
encryption technology can be effectively
employed on BPS communication
networks without adversely affecting
BPS operations.
• For each of the topics above, the
panelists should address whether there
are gaps in the current CIP version 5
Standards that could be addressed, and
suggest recommendations for
adjustment of the CIP version 5
Standards to address any gaps.
Panelists:
• Kevin Perry, Director, CIP, Southwest
Power Pool Regional Entity
• Richard Kinas, Mgr. Standards
Compliance, Orlando Utilities
Commission
PO 00000
Frm 00026
Fmt 4703
Sfmt 4703
22813
• David Dekker, Cyber Security
Standards Manager, Pepco Holdings
Inc.
• Dr. Andrew Wright, N-Dimension
Solutions
• Andrew Ginter—VP Industrial
Security, Waterfall Security
Solutions
• David Batz, Director, Cyber &
Infrastructure Security, Edison
Electric Institute
2:30–2:45 p.m. Break
Panel 3
2:45–4:15 p.m. NIST Frameworks
Discussion
The Commission seeks information on
functional differences between the
respective methods used for
identification, categorization, and
specification of appropriate levels of
protection for cyber assets using CIP
version 5 Standards as compared with
those employed within other cyber
security frameworks, including the
NIST Security Risk Management
Framework (RMF) and the recentlyreleased Framework for Improving
Critical Infrastructure Cybersecurity
(NIST Cyber Security Framework).
Panelists are encouraged to address:
• The functional differences on how
each framework approaches asset
identification to address emerging
threats, risks, and vulnerabilities.
Panelists may suggest how the CIP
version 5 Standards could be adjusted to
address any concern or weakness, or
explain whether or not the approaches
identified in the NIST Security Risk
Management Framework and the NIST
Cyber Security Framework are more
appropriate for protecting BPS critical
infrastructure.
• Whether it is prudent to use only
facility ratings, (e.g., power, voltage,
operating conditions), to identify and
categorize BES cyber assets that are
subject to CIP Standards in CIP–002–5.
Panelists may suggest the inclusion of
additional attributes, (e.g., data
sensitivity) or recommend adjustments
to the bright-line criteria for ensuring
accurate identification and
categorization of BES cyber assets.
Panelists are encouraged to identify
potential issues in Reliability Standard
CIP–002–5 that could hinder the
implementation of the CIP version 5
Standards (e.g. any issues relating to
NERC Glossary of Terms definitions,
CIP–002–5 criteria or impact levels).
• Comparisons between the CIP
version 5 Standards security controls
and the security controls of the two
NIST Frameworks and the identification
of specific security controls or control
objectives that should be considered in
future revisions of CIP standards.
E:\FR\FM\24APN1.SGM
24APN1
22814
Federal Register / Vol. 79, No. 79 / Thursday, April 24, 2014 / Notices
Panelists:
• Patrick Miller, Managing Partner, The
Anfield Group
• Brent Castagnetto, Manager, Cyber
Security Audits & Investigations,
WECC
• Gerald Mannarino, Director,
Computer System Engineering, New
York Power Authority
• Melanie Seader, Senior Cyber &
Infrastructure Security Analyst,
Edison Electric Institute
• Jason Christopher, Technical Lead,
Cyber Security Capabilities & Risk
Management, U.S. Department of
Energy
4:15–4:30 p.m. Wrap-Up
[FR Doc. 2014–09331 Filed 4–23–14; 8:45 am]
BILLING CODE 6717–01–P
Commission conferences are
accessible under section 508 of the
Rehabilitation Act of 1973. For
accessibility accommodations, please
send an email to accessibility@ferc.gov
or call toll free 1–866–208–3372 (voice)
or 202–502–8659 (TTY), or send a FAX
to 202–208–2106 with the required
accommodations.
For more information about this
conference, please contact: Sarah
McKinley, Office of External Affairs,
Federal Energy Regulatory Commission,
888 First Street NE., Washington, DC
20426, (202) 502–8368,
sarah.mckinley@ferc.gov.
Dated: April 16, 2014.
Kimberly D. Bose,
Secretary.
[FR Doc. 2014–09339 Filed 4–23–14; 8:45 am]
BILLING CODE 6717–01–P
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
DEPARTMENT OF ENERGY
[Reliability Technical Conference; Docket
No. AD14–9–000]
pmangrum on DSK3VPTVN1PROD with NOTICES
Notice of Technical Conference
Take notice that the Federal Energy
Regulatory Commission (Commission)
will hold a Technical Conference on
Tuesday, June 10, 2014 from 8:45 a.m.
to 5:00 p.m. This Commissioner-led
conference will be held in the
Commission Meeting Room at the
Federal Energy Regulatory Commission,
888 First Street NE., Washington, DC
20426. The conference will be open for
the public to attend. Advance
registration is not required, but is
encouraged. Attendees may register at
the following Web page: https://
www.ferc.gov/whats-new/registration/
06-20-14-form.asp.
The purpose of the conference is to
discuss policy issues related to the
reliability of the Bulk-Power System. A
more formal agenda will be issued at a
later date.
Information on this event will be
posted on the Calendar of Events on the
Commission’s Web site, www.ferc.gov,
prior to the event. The conference will
also be Webcast. Anyone with Internet
access who desires to listen to this event
can do so by navigating to
www.ferc.gov’s Calendar of Events and
locating this event in the Calendar. The
event will contain a link to the webcast.
The Capitol Connection provides
technical support for webcasts and
offers the option of listening to the
meeting via phone-bridge for a fee. If
you have any questions, visit
www.CapitolConnection.org or call 703–
993–3100.
VerDate Mar<15>2010
14:19 Apr 23, 2014
Jkt 232001
Federal Energy Regulatory
Commission
Notice of FERC Staff Attendance at the
Entergy Regional State Committee
Meeting
The Federal Energy Regulatory
Commission (Commission) hereby gives
notice that members of its staff may
attend the meeting noted below. Their
attendance is part of the Commission’s
ongoing outreach efforts.
Entergy Regional State Committee
April 25, 2014 (9:30 A.M.–1:30 P.M.)
This meeting will be held at the
Capital Hotel, 111 West Markham
Street, Little Rock, AR 72201.
The discussions may address matters
at issue in the following proceedings:
Docket No. EL01–88: Louisiana Public
Service Commission v. Entergy
Services, Inc.
Docket No. EL09–50: Louisiana Public
Service Commission v. Entergy
Services, Inc.
Docket No. EL09–61: Louisiana Public
Service Commission v. Entergy
Services, Inc.
Docket No. EL10–55: Louisiana Public
Service Commission v. Entergy
Services, Inc.
Docket No. EL10–65: Louisiana Public
Service Commission v. Entergy
Services, Inc.
Docket No. EL11–57: Louisiana Public
Service Commission v. Entergy
Services, Inc., et al.
Docket No. EL11–34: Midwest
Independent Transmission System
Operator, Inc. v. Southwest Power
Pool, Inc.
PO 00000
Frm 00027
Fmt 4703
Sfmt 4703
Docket No. EL11–63: Louisiana Public
Service Commission v. Entergy
Services, Inc.
Docket No. EL11–65: Louisiana Public
Service Commission v. Entergy
Services, Inc.
Docket No. EL13–41: Occidental
Chemical Company v. Midwest
Independent System Transmission
Operator, Inc.
Docket No. EL13–43: Council of the City
of New Orleans, Mississippi Public
Service Commission, Arkansas
Public Service Commission, Public
Utility Commission of Texas,
Louisiana Public Service
Commission
Docket No. EL14–21: Southwest Power
Pool, Inc. v. Midcontinent
Independent System Operator, Inc.
Docket No. EL11–30: Midcontinent
Independent System Operator, Inc.
v. Southwest Power Pool, Inc.
Docket No. ER05–1065: Entergy
Services, Inc.
Docket No. ER07–682 Entergy Services,
Inc.
Docket No. ER07–956: Entergy Services,
Inc.
Docket No. ER08–1056: Entergy
Services, Inc.
Docket No. ER09–1224: Entergy
Services, Inc.
Docket No. ER10–794: Entergy Services,
Inc.
Docket No. ER10–1350: Entergy
Services, Inc.
Docket No. ER10–2001: Entergy
Arkansas, Inc.
Docket No. ER10–3357: Entergy
Arkansas, Inc.
Docket No. ER11–2161: Entergy Texas,
Inc.
Docket No. ER12–480: Midwest
Independent Transmission System
Operator, Inc.
Docket No. ER12–1384: Entergy
Arkansas, Inc.
Docket No. ER12–1385: Entergy Gulf
States Louisiana, L.L.C.
Docket No. ER12–1386: Entergy
Louisiana, LLC
Docket No. ER12–1387: Entergy
Mississippi, Inc.
Docket No. ER12–1388: Entergy New
Orleans, Inc.
Docket No. ER12–1390: Entergy Texas,
Inc.
Docket No. ER12–1428: Entergy
Arkansas, Inc.
Docket No. ER13–432: Entergy Services,
Inc.
Docket No. ER13–769: Entergy
Arkansas, Inc. and Entergy
Mississippi, Inc.
Docket No. ER13–770: Entergy
Arkansas, Inc. and Entergy
Louisiana, LLC.
E:\FR\FM\24APN1.SGM
24APN1
]]>Agencies
[Federal Register Volume 79, Number 79 (Thursday, April 24, 2014)]
[Notices]
[Pages 22812-22814]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-09331]
-----------------------------------------------------------------------
DEPARTMENT OF ENERGY
Federal Energy Regulatory Commission
[Docket No. RM13-5-000]
Version 5 Critical Infrastructure Protection Reliability
Standards; Supplemental Notice of Agenda and Discussion Topics for
Staff Technical Conference
This notice establishes the agenda and topics for discussion at the
technical conference to be held on April 29, 2014 to discuss issues
related to Critical Infrastructure Protection Issues Identified in
Order No. 791. The technical conference will be held from 10:00 a.m.
and ending at approximately 4:30 p.m. (Eastern Time) in the Commission
Meeting Room at the Commission's headquarters, 888 First Street NE.,
Washington, DC. The technical conference will be led by Commission
staff. All interested parties are invited to attend, and registration
is not required.
The topics and related questions to be discussed during this
conference are attached. The purpose of the technical conference is to
facilitate a structured dialogue on operational and technical issues
identified by the Commission in the Critical Infrastructure Protection
(CIP) version 5 Standards Final Rule. Prepared remarks will be
presented by invited panelists.
There will be no webcast of this event. However, it will be
transcribed. Transcripts of the meeting/conference will be immediately
available for a fee from Ace-Federal Reporters, Inc. (202-347-3700 or
1-800-336-6646).
FERC conferences are accessible under section 508 of the
Rehabilitation Act of 1973. For accessibility accommodations please
send an email to accessibility@ferc.gov or call toll free (866) 208-
3372 (voice) or (202) 502-8659 (TTY), or send a fax to (202) 208-2106
with the requested accommodations.
There is no fee for attendance. However, members of the public are
encouraged to preregister online at: https://www.ferc.gov/whats-new/registration/04-29-14-form.asp.
For more information about the technical conference, please
contact: Sarah McKinley, Office of External Affairs, 202-502-8368,
sarah.mckinley@ferc.gov.
Dated: April 17, 2014.
Kimberly D. Bose,
Secretary.
[GRAPHIC] [TIFF OMITTED] TN24AP14.000
Critical Infrastructure Protection Issues Identified in Order No. 791
RM13-5-000
April 29, 2014
Agenda
10:00-10:15 a.m. Welcome and Opening Remarks by Commission Staff
Introduction
In Order No. 791, the Commission approved the Version 5 Critical
Infrastructure Protection (CIP) Reliability Standards, CIP-002-5
through CIP-011-1 (CIP version 5 Standards), submitted by the North
American Electric Reliability Corporation (NERC).\1\ Order No. 791
directed Commission staff to convene a staff-led technical conference,
within
[[Page 22813]]
180 days from the issuance date of the Final Rule, to examine several
of the technical issues identified therein.\2\ The purpose of this
conference is to obtain further information as to: (1) The adequacy of
the approved CIP version 5 Standards' protections for Bulk-Power System
data being transmitted over data networks; (2) whether additional
definitions and/or security controls are needed to protect Bulk-Power
System (BPS) communications networks, including remote systems access;
and (3) the functional differences between the respective methods
utilized for identification, categorization, and specification of
appropriate levels of protection for cyber assets using CIP version 5
Standards as compared with those employed within the National Institute
of Standards and Technology (NIST) Security Risk Management Framework.
---------------------------------------------------------------------------
\1\ Version 5 Critical Infrastructure Protection Reliability
Standards, Order No. 791, 78 FR 72,755 (Dec. 3, 2013), 145 FERC ]
61,160 (2013), order on reh'g, Order No. 791-A, 146 FERC ] 61,188
(2014).
\2\ Id. at PP 7, 150, and 225.
---------------------------------------------------------------------------
Panel 1
10:15-11:45 a.m. The Adequacy of the CIP version 5 Standards for
Protection of BPS Communication Networks
The Commission seeks information about the adequacy of the approved
CIP version 5 Standards for protecting data being transmitted over BPS
communication networks. Panelists are encouraged to address:
The vulnerabilities that BPS communication networks may be
facing and how effectively they are being protected against these risks
by the currently enforced CIP Reliability Standards.
The adequacy of the approved CIP version 5 Standards
security controls to protect BPS communication networks against current
and projected vulnerabilities.
The types of physical or logical controls that are
currently being applied to protect BPS communication networks and the
adequacy of these controls to address the protection of: (1) non-
routable protocols, (2) serial communication links, (3) non-
programmable components, (4) remote access processes and devices, and
(5) data in motion.
For each of the topics above, the panelists should address
whether there are gaps in the current CIP version 5 Standards that
could be addressed, and suggest recommendations for adjustment of the
CIP version 5 Standards to address any gaps.
Panelists:
Dan Skaar, President and CEO, Midwest Reliability Organization
Kevin Perry, Director, CIP, Southwest Power Pool Regional
Entity
Richard Dewey, Senior Vice President & CIO, NYISO
Steven Parker, President, EnergySec
Mikhail Falkovich, Manager NERC/CIP Compliance, PSEG; Speaking
on behalf of Electric Power Supply Association (EPSA)
Tobias Whitney, Manager, CIP Compliance, North America
Electric Reliability Corporation (NERC)
11:45-1:00 p.m. Lunch
Panel 2
1:00-2:30 p.m. Need for Additional Definitions or Controls for CIP
Reliability Standards
The Commission seeks information on whether additional definitions
and/or security controls are needed to protect BPS communications
networks, including remote systems access. Panelists are encouraged to
address:
Whether the NERC Glossary of Terms needs either new
definitions, or modifications of current definitions, to ensure
adequate protection of BPS communication networks.
The types of physical or logical controls that may be
needed to protect BPS communication network components communicating
via non-routable protocols, or through serial communication links.
The types of physical or logical controls that may be
needed to protect non-programmable components of data communications
networks (e.g., cabling).
The types of physical or logical controls that may be
needed to address the cybersecurity needs of remote access processes
and devices.
How the confidentiality, integrity, and availability of
data in motion (i.e., being transmitted) over BPS communication
networks can be ensured physically and/or electronically.
To what extent different types of encryption technology
can be effectively employed on BPS communication networks without
adversely affecting BPS operations.
For each of the topics above, the panelists should address
whether there are gaps in the current CIP version 5 Standards that
could be addressed, and suggest recommendations for adjustment of the
CIP version 5 Standards to address any gaps.
Panelists:
Kevin Perry, Director, CIP, Southwest Power Pool Regional
Entity
Richard Kinas, Mgr. Standards Compliance, Orlando Utilities
Commission
David Dekker, Cyber Security Standards Manager, Pepco Holdings
Inc.
Dr. Andrew Wright, N-Dimension Solutions
Andrew Ginter--VP Industrial Security, Waterfall Security
Solutions
David Batz, Director, Cyber & Infrastructure Security, Edison
Electric Institute
2:30-2:45 p.m. Break
Panel 3
2:45-4:15 p.m. NIST Frameworks Discussion
The Commission seeks information on functional differences between
the respective methods used for identification, categorization, and
specification of appropriate levels of protection for cyber assets
using CIP version 5 Standards as compared with those employed within
other cyber security frameworks, including the NIST Security Risk
Management Framework (RMF) and the recently-released Framework for
Improving Critical Infrastructure Cybersecurity (NIST Cyber Security
Framework). Panelists are encouraged to address:
The functional differences on how each framework
approaches asset identification to address emerging threats, risks, and
vulnerabilities. Panelists may suggest how the CIP version 5 Standards
could be adjusted to address any concern or weakness, or explain
whether or not the approaches identified in the NIST Security Risk
Management Framework and the NIST Cyber Security Framework are more
appropriate for protecting BPS critical infrastructure.
Whether it is prudent to use only facility ratings, (e.g.,
power, voltage, operating conditions), to identify and categorize BES
cyber assets that are subject to CIP Standards in CIP-002-5. Panelists
may suggest the inclusion of additional attributes, (e.g., data
sensitivity) or recommend adjustments to the bright-line criteria for
ensuring accurate identification and categorization of BES cyber
assets. Panelists are encouraged to identify potential issues in
Reliability Standard CIP-002-5 that could hinder the implementation of
the CIP version 5 Standards (e.g. any issues relating to NERC Glossary
of Terms definitions, CIP-002-5 criteria or impact levels).
Comparisons between the CIP version 5 Standards security
controls and the security controls of the two NIST Frameworks and the
identification of specific security controls or control objectives that
should be considered in future revisions of CIP standards.
[[Page 22814]]
Panelists:
Patrick Miller, Managing Partner, The Anfield Group
Brent Castagnetto, Manager, Cyber Security Audits &
Investigations, WECC
Gerald Mannarino, Director, Computer System Engineering, New
York Power Authority
Melanie Seader, Senior Cyber & Infrastructure Security
Analyst, Edison Electric Institute
Jason Christopher, Technical Lead, Cyber Security Capabilities
& Risk Management, U.S. Department of Energy
4:15-4:30 p.m. Wrap-Up
[FR Doc. 2014-09331 Filed 4-23-14; 8:45 am]
BILLING CODE 6717-01-P
