Version 5 Critical Infrastructure Protection Reliability Standards; Supplemental Notice of Agenda and Discussion Topics for Staff Technical Conference, 22812-22814 [2014-09331]

Download as PDF 22812 Federal Register / Vol. 79, No. 79 / Thursday, April 24, 2014 / Notices standard drafting team ‘‘identified the portions of the collector system which consistently provide a reliability benefit to the interconnected transmission network and are easily identified within collector systems.’’ 7 Thus, the Commission estimates no material change in information collection because the engineering time needed to evaluate the collector system component included in the bulk electric system is a simple and straightforward determination of whether the collector system aggregates to greater than 75 MVA. Estimate of Annual Burden: 8 The Commission estimates the public reporting burden as follows: RD14–2–000 (FERC–725J)—REVISION TO THE DEFINITION OF BULK ELECTRIC SYSTEM Number of respondents 9 (A) Number of responses per respondent (B) Total number of responses (A) × (B) = (C) 333 554 1 1 333 554 ¥1 ¥1 ¥333 ¥554 ........................ ........................ ........................ ........................ ¥887 Total .............................................................................. The total estimated decrease in cost burden to respondents (year 1 only) is $53,220; [¥887 hours * $60 10 = ¥$53,220]. Comments: Comments are invited on: (1) Whether the collection of information is necessary for the proper performance of the functions of the Commission, including whether the information will have practical utility; (2) the accuracy of the agency’s estimate of the burden and cost of the collection of information, including the validity of the methodology and assumptions used; (3) ways to enhance the quality, utility and clarity of the information collection; and (4) ways to minimize the burden of the collection of information on those who are to respond, including the use of automated collection techniques or other forms of information technology. Dated: April 18, 2014. Kimberly D. Bose, Secretary. [FR Doc. 2014–09342 Filed 4–23–14; 8:45 am] BILLING CODE 6717–01–P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission [Docket No. RM13–5–000] pmangrum on DSK3VPTVN1PROD with NOTICES Version 5 Critical Infrastructure Protection Reliability Standards; Supplemental Notice of Agenda and Discussion Topics for Staff Technical Conference This notice establishes the agenda and topics for discussion at the technical 7 NERC Petition at 16. Commission defines burden as the total time, effort, or financial resources expended by persons to generate, maintain, retain, or disclose or provide information to or for a Federal agency. For further explanation of what is included in the information collection burden, reference 5 Code of Federal Regulations 1320.3. 8 The VerDate Mar<15>2010 14:19 Apr 23, 2014 Jkt 232001 conference to be held on April 29, 2014 to discuss issues related to Critical Infrastructure Protection Issues Identified in Order No. 791. The technical conference will be held from 10:00 a.m. and ending at approximately 4:30 p.m. (Eastern Time) in the Commission Meeting Room at the Commission’s headquarters, 888 First Street NE., Washington, DC. The technical conference will be led by Commission staff. All interested parties are invited to attend, and registration is not required. The topics and related questions to be discussed during this conference are attached. The purpose of the technical conference is to facilitate a structured dialogue on operational and technical issues identified by the Commission in the Critical Infrastructure Protection (CIP) version 5 Standards Final Rule. Prepared remarks will be presented by invited panelists. There will be no webcast of this event. However, it will be transcribed. Transcripts of the meeting/conference will be immediately available for a fee from Ace-Federal Reporters, Inc. (202– 347–3700 or 1–800–336–6646). FERC conferences are accessible under section 508 of the Rehabilitation Act of 1973. For accessibility accommodations please send an email to accessibility@ferc.gov or call toll free (866) 208–3372 (voice) or (202) 502– 8659 (TTY), or send a fax to (202) 208– 2106 with the requested accommodations. There is no fee for attendance. However, members of the public are encouraged to preregister online at: 9 The number of respondents for transmission owners and distribution providers is based on the NERC Compliance Registry referenced in Order No. 773. 10 The estimate for cost per hour for an electrical engineer is $60 (the average salary plus benefits) according to the Bureau of Labor Statistics at http://bls.gov/oes/current/naics2_22.htm. PO 00000 Frm 00025 Fmt 4703 Sfmt 4703 Estimated total year 1 burden reduction (C) × (D) https://www.ferc.gov/whats-new/ registration/04-29-14-form.asp. For more information about the technical conference, please contact: Sarah McKinley, Office of External Affairs, 202–502–8368, sarah.mckinley@ ferc.gov. Dated: April 17, 2014. Kimberly D. Bose, Secretary. Critical Infrastructure Protection Issues Identified in Order No. 791 RM13–5–000 April 29, 2014 Agenda 10:00–10:15 a.m. Welcome and Opening Remarks by Commission Staff Introduction In Order No. 791, the Commission approved the Version 5 Critical Infrastructure Protection (CIP) Reliability Standards, CIP–002–5 through CIP–011–1 (CIP version 5 Standards), submitted by the North American Electric Reliability Corporation (NERC).1 Order No. 791 directed Commission staff to convene a staff-led technical conference, within 1 Version 5 Critical Infrastructure Protection Reliability Standards, Order No. 791, 78 FR 72,755 (Dec. 3, 2013), 145 FERC ¶ 61,160 (2013), order on reh’g, Order No. 791–A, 146 FERC ¶ 61,188 (2014). E:\FR\FM\24APN1.SGM 24APN1 EN24AP14.000</GPH> Transmission Owners (System Review and List Creation) Distribution Providers (System Review and List Creation) Average burden hours per response (D) Federal Register / Vol. 79, No. 79 / Thursday, April 24, 2014 / Notices 180 days from the issuance date of the Final Rule, to examine several of the technical issues identified therein.2 The purpose of this conference is to obtain further information as to: (1) The adequacy of the approved CIP version 5 Standards’ protections for Bulk-Power System data being transmitted over data networks; (2) whether additional definitions and/or security controls are needed to protect Bulk-Power System (BPS) communications networks, including remote systems access; and (3) the functional differences between the respective methods utilized for identification, categorization, and specification of appropriate levels of protection for cyber assets using CIP version 5 Standards as compared with those employed within the National Institute of Standards and Technology (NIST) Security Risk Management Framework. pmangrum on DSK3VPTVN1PROD with NOTICES Panel 1 10:15–11:45 a.m. The Adequacy of the CIP version 5 Standards for Protection of BPS Communication Networks The Commission seeks information about the adequacy of the approved CIP version 5 Standards for protecting data being transmitted over BPS communication networks. Panelists are encouraged to address: • The vulnerabilities that BPS communication networks may be facing and how effectively they are being protected against these risks by the currently enforced CIP Reliability Standards. • The adequacy of the approved CIP version 5 Standards security controls to protect BPS communication networks against current and projected vulnerabilities. • The types of physical or logical controls that are currently being applied to protect BPS communication networks and the adequacy of these controls to address the protection of: (1) nonroutable protocols, (2) serial communication links, (3) nonprogrammable components, (4) remote access processes and devices, and (5) data in motion. • For each of the topics above, the panelists should address whether there are gaps in the current CIP version 5 Standards that could be addressed, and suggest recommendations for adjustment of the CIP version 5 Standards to address any gaps. Panelists: • Dan Skaar, President and CEO, Midwest Reliability Organization 2 Id. at PP 7, 150, and 225. VerDate Mar<15>2010 14:19 Apr 23, 2014 Jkt 232001 • Kevin Perry, Director, CIP, Southwest Power Pool Regional Entity • Richard Dewey, Senior Vice President & CIO, NYISO • Steven Parker, President, EnergySec • Mikhail Falkovich, Manager NERC/ CIP Compliance, PSEG; Speaking on behalf of Electric Power Supply Association (EPSA) • Tobias Whitney, Manager, CIP Compliance, North America Electric Reliability Corporation (NERC) 11:45–1:00 p.m. Lunch Panel 2 1:00–2:30 p.m. Need for Additional Definitions or Controls for CIP Reliability Standards The Commission seeks information on whether additional definitions and/or security controls are needed to protect BPS communications networks, including remote systems access. Panelists are encouraged to address: • Whether the NERC Glossary of Terms needs either new definitions, or modifications of current definitions, to ensure adequate protection of BPS communication networks. • The types of physical or logical controls that may be needed to protect BPS communication network components communicating via nonroutable protocols, or through serial communication links. • The types of physical or logical controls that may be needed to protect non-programmable components of data communications networks (e.g., cabling). • The types of physical or logical controls that may be needed to address the cybersecurity needs of remote access processes and devices. • How the confidentiality, integrity, and availability of data in motion (i.e., being transmitted) over BPS communication networks can be ensured physically and/or electronically. • To what extent different types of encryption technology can be effectively employed on BPS communication networks without adversely affecting BPS operations. • For each of the topics above, the panelists should address whether there are gaps in the current CIP version 5 Standards that could be addressed, and suggest recommendations for adjustment of the CIP version 5 Standards to address any gaps. Panelists: • Kevin Perry, Director, CIP, Southwest Power Pool Regional Entity • Richard Kinas, Mgr. Standards Compliance, Orlando Utilities Commission PO 00000 Frm 00026 Fmt 4703 Sfmt 4703 22813 • David Dekker, Cyber Security Standards Manager, Pepco Holdings Inc. • Dr. Andrew Wright, N-Dimension Solutions • Andrew Ginter—VP Industrial Security, Waterfall Security Solutions • David Batz, Director, Cyber & Infrastructure Security, Edison Electric Institute 2:30–2:45 p.m. Break Panel 3 2:45–4:15 p.m. NIST Frameworks Discussion The Commission seeks information on functional differences between the respective methods used for identification, categorization, and specification of appropriate levels of protection for cyber assets using CIP version 5 Standards as compared with those employed within other cyber security frameworks, including the NIST Security Risk Management Framework (RMF) and the recentlyreleased Framework for Improving Critical Infrastructure Cybersecurity (NIST Cyber Security Framework). Panelists are encouraged to address: • The functional differences on how each framework approaches asset identification to address emerging threats, risks, and vulnerabilities. Panelists may suggest how the CIP version 5 Standards could be adjusted to address any concern or weakness, or explain whether or not the approaches identified in the NIST Security Risk Management Framework and the NIST Cyber Security Framework are more appropriate for protecting BPS critical infrastructure. • Whether it is prudent to use only facility ratings, (e.g., power, voltage, operating conditions), to identify and categorize BES cyber assets that are subject to CIP Standards in CIP–002–5. Panelists may suggest the inclusion of additional attributes, (e.g., data sensitivity) or recommend adjustments to the bright-line criteria for ensuring accurate identification and categorization of BES cyber assets. Panelists are encouraged to identify potential issues in Reliability Standard CIP–002–5 that could hinder the implementation of the CIP version 5 Standards (e.g. any issues relating to NERC Glossary of Terms definitions, CIP–002–5 criteria or impact levels). • Comparisons between the CIP version 5 Standards security controls and the security controls of the two NIST Frameworks and the identification of specific security controls or control objectives that should be considered in future revisions of CIP standards. E:\FR\FM\24APN1.SGM 24APN1 22814 Federal Register / Vol. 79, No. 79 / Thursday, April 24, 2014 / Notices Panelists: • Patrick Miller, Managing Partner, The Anfield Group • Brent Castagnetto, Manager, Cyber Security Audits & Investigations, WECC • Gerald Mannarino, Director, Computer System Engineering, New York Power Authority • Melanie Seader, Senior Cyber & Infrastructure Security Analyst, Edison Electric Institute • Jason Christopher, Technical Lead, Cyber Security Capabilities & Risk Management, U.S. Department of Energy 4:15–4:30 p.m. Wrap-Up [FR Doc. 2014–09331 Filed 4–23–14; 8:45 am] BILLING CODE 6717–01–P Commission conferences are accessible under section 508 of the Rehabilitation Act of 1973. For accessibility accommodations, please send an email to accessibility@ferc.gov or call toll free 1–866–208–3372 (voice) or 202–502–8659 (TTY), or send a FAX to 202–208–2106 with the required accommodations. For more information about this conference, please contact: Sarah McKinley, Office of External Affairs, Federal Energy Regulatory Commission, 888 First Street NE., Washington, DC 20426, (202) 502–8368, sarah.mckinley@ferc.gov. Dated: April 16, 2014. Kimberly D. Bose, Secretary. [FR Doc. 2014–09339 Filed 4–23–14; 8:45 am] BILLING CODE 6717–01–P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission DEPARTMENT OF ENERGY [Reliability Technical Conference; Docket No. AD14–9–000] pmangrum on DSK3VPTVN1PROD with NOTICES Notice of Technical Conference Take notice that the Federal Energy Regulatory Commission (Commission) will hold a Technical Conference on Tuesday, June 10, 2014 from 8:45 a.m. to 5:00 p.m. This Commissioner-led conference will be held in the Commission Meeting Room at the Federal Energy Regulatory Commission, 888 First Street NE., Washington, DC 20426. The conference will be open for the public to attend. Advance registration is not required, but is encouraged. Attendees may register at the following Web page: https:// www.ferc.gov/whats-new/registration/ 06-20-14-form.asp. The purpose of the conference is to discuss policy issues related to the reliability of the Bulk-Power System. A more formal agenda will be issued at a later date. Information on this event will be posted on the Calendar of Events on the Commission’s Web site, www.ferc.gov, prior to the event. The conference will also be Webcast. Anyone with Internet access who desires to listen to this event can do so by navigating to www.ferc.gov’s Calendar of Events and locating this event in the Calendar. The event will contain a link to the webcast. The Capitol Connection provides technical support for webcasts and offers the option of listening to the meeting via phone-bridge for a fee. If you have any questions, visit www.CapitolConnection.org or call 703– 993–3100. VerDate Mar<15>2010 14:19 Apr 23, 2014 Jkt 232001 Federal Energy Regulatory Commission Notice of FERC Staff Attendance at the Entergy Regional State Committee Meeting The Federal Energy Regulatory Commission (Commission) hereby gives notice that members of its staff may attend the meeting noted below. Their attendance is part of the Commission’s ongoing outreach efforts. Entergy Regional State Committee April 25, 2014 (9:30 A.M.–1:30 P.M.) This meeting will be held at the Capital Hotel, 111 West Markham Street, Little Rock, AR 72201. The discussions may address matters at issue in the following proceedings: Docket No. EL01–88: Louisiana Public Service Commission v. Entergy Services, Inc. Docket No. EL09–50: Louisiana Public Service Commission v. Entergy Services, Inc. Docket No. EL09–61: Louisiana Public Service Commission v. Entergy Services, Inc. Docket No. EL10–55: Louisiana Public Service Commission v. Entergy Services, Inc. Docket No. EL10–65: Louisiana Public Service Commission v. Entergy Services, Inc. Docket No. EL11–57: Louisiana Public Service Commission v. Entergy Services, Inc., et al. Docket No. EL11–34: Midwest Independent Transmission System Operator, Inc. v. Southwest Power Pool, Inc. PO 00000 Frm 00027 Fmt 4703 Sfmt 4703 Docket No. EL11–63: Louisiana Public Service Commission v. Entergy Services, Inc. Docket No. EL11–65: Louisiana Public Service Commission v. Entergy Services, Inc. Docket No. EL13–41: Occidental Chemical Company v. Midwest Independent System Transmission Operator, Inc. Docket No. EL13–43: Council of the City of New Orleans, Mississippi Public Service Commission, Arkansas Public Service Commission, Public Utility Commission of Texas, Louisiana Public Service Commission Docket No. EL14–21: Southwest Power Pool, Inc. v. Midcontinent Independent System Operator, Inc. Docket No. EL11–30: Midcontinent Independent System Operator, Inc. v. Southwest Power Pool, Inc. Docket No. ER05–1065: Entergy Services, Inc. Docket No. ER07–682 Entergy Services, Inc. Docket No. ER07–956: Entergy Services, Inc. Docket No. ER08–1056: Entergy Services, Inc. Docket No. ER09–1224: Entergy Services, Inc. Docket No. ER10–794: Entergy Services, Inc. Docket No. ER10–1350: Entergy Services, Inc. Docket No. ER10–2001: Entergy Arkansas, Inc. Docket No. ER10–3357: Entergy Arkansas, Inc. Docket No. ER11–2161: Entergy Texas, Inc. Docket No. ER12–480: Midwest Independent Transmission System Operator, Inc. Docket No. ER12–1384: Entergy Arkansas, Inc. Docket No. ER12–1385: Entergy Gulf States Louisiana, L.L.C. Docket No. ER12–1386: Entergy Louisiana, LLC Docket No. ER12–1387: Entergy Mississippi, Inc. Docket No. ER12–1388: Entergy New Orleans, Inc. Docket No. ER12–1390: Entergy Texas, Inc. Docket No. ER12–1428: Entergy Arkansas, Inc. Docket No. ER13–432: Entergy Services, Inc. Docket No. ER13–769: Entergy Arkansas, Inc. and Entergy Mississippi, Inc. Docket No. ER13–770: Entergy Arkansas, Inc. and Entergy Louisiana, LLC. E:\FR\FM\24APN1.SGM 24APN1

Agencies

[Federal Register Volume 79, Number 79 (Thursday, April 24, 2014)]
[Notices]
[Pages 22812-22814]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-09331]


-----------------------------------------------------------------------

DEPARTMENT OF ENERGY

Federal Energy Regulatory Commission

[Docket No. RM13-5-000]


Version 5 Critical Infrastructure Protection Reliability 
Standards; Supplemental Notice of Agenda and Discussion Topics for 
Staff Technical Conference

    This notice establishes the agenda and topics for discussion at the 
technical conference to be held on April 29, 2014 to discuss issues 
related to Critical Infrastructure Protection Issues Identified in 
Order No. 791. The technical conference will be held from 10:00 a.m. 
and ending at approximately 4:30 p.m. (Eastern Time) in the Commission 
Meeting Room at the Commission's headquarters, 888 First Street NE., 
Washington, DC. The technical conference will be led by Commission 
staff. All interested parties are invited to attend, and registration 
is not required.
    The topics and related questions to be discussed during this 
conference are attached. The purpose of the technical conference is to 
facilitate a structured dialogue on operational and technical issues 
identified by the Commission in the Critical Infrastructure Protection 
(CIP) version 5 Standards Final Rule. Prepared remarks will be 
presented by invited panelists.
    There will be no webcast of this event. However, it will be 
transcribed. Transcripts of the meeting/conference will be immediately 
available for a fee from Ace-Federal Reporters, Inc. (202-347-3700 or 
1-800-336-6646).
    FERC conferences are accessible under section 508 of the 
Rehabilitation Act of 1973. For accessibility accommodations please 
send an email to accessibility@ferc.gov or call toll free (866) 208-
3372 (voice) or (202) 502-8659 (TTY), or send a fax to (202) 208-2106 
with the requested accommodations.
    There is no fee for attendance. However, members of the public are 
encouraged to preregister online at: https://www.ferc.gov/whats-new/registration/04-29-14-form.asp.
    For more information about the technical conference, please 
contact: Sarah McKinley, Office of External Affairs, 202-502-8368, 
sarah.mckinley@ferc.gov.

    Dated: April 17, 2014.
Kimberly D. Bose,
Secretary.
[GRAPHIC] [TIFF OMITTED] TN24AP14.000

Critical Infrastructure Protection Issues Identified in Order No. 791

RM13-5-000

April 29, 2014

Agenda

10:00-10:15 a.m. Welcome and Opening Remarks by Commission Staff

Introduction

    In Order No. 791, the Commission approved the Version 5 Critical 
Infrastructure Protection (CIP) Reliability Standards, CIP-002-5 
through CIP-011-1 (CIP version 5 Standards), submitted by the North 
American Electric Reliability Corporation (NERC).\1\ Order No. 791 
directed Commission staff to convene a staff-led technical conference, 
within

[[Page 22813]]

180 days from the issuance date of the Final Rule, to examine several 
of the technical issues identified therein.\2\ The purpose of this 
conference is to obtain further information as to: (1) The adequacy of 
the approved CIP version 5 Standards' protections for Bulk-Power System 
data being transmitted over data networks; (2) whether additional 
definitions and/or security controls are needed to protect Bulk-Power 
System (BPS) communications networks, including remote systems access; 
and (3) the functional differences between the respective methods 
utilized for identification, categorization, and specification of 
appropriate levels of protection for cyber assets using CIP version 5 
Standards as compared with those employed within the National Institute 
of Standards and Technology (NIST) Security Risk Management Framework.
---------------------------------------------------------------------------

    \1\ Version 5 Critical Infrastructure Protection Reliability 
Standards, Order No. 791, 78 FR 72,755 (Dec. 3, 2013), 145 FERC ] 
61,160 (2013), order on reh'g, Order No. 791-A, 146 FERC ] 61,188 
(2014).
    \2\ Id. at PP 7, 150, and 225.
---------------------------------------------------------------------------

Panel 1

10:15-11:45 a.m. The Adequacy of the CIP version 5 Standards for 
Protection of BPS Communication Networks

    The Commission seeks information about the adequacy of the approved 
CIP version 5 Standards for protecting data being transmitted over BPS 
communication networks. Panelists are encouraged to address:
     The vulnerabilities that BPS communication networks may be 
facing and how effectively they are being protected against these risks 
by the currently enforced CIP Reliability Standards.
     The adequacy of the approved CIP version 5 Standards 
security controls to protect BPS communication networks against current 
and projected vulnerabilities.
     The types of physical or logical controls that are 
currently being applied to protect BPS communication networks and the 
adequacy of these controls to address the protection of: (1) non-
routable protocols, (2) serial communication links, (3) non-
programmable components, (4) remote access processes and devices, and 
(5) data in motion.
     For each of the topics above, the panelists should address 
whether there are gaps in the current CIP version 5 Standards that 
could be addressed, and suggest recommendations for adjustment of the 
CIP version 5 Standards to address any gaps.
    Panelists:

 Dan Skaar, President and CEO, Midwest Reliability Organization
 Kevin Perry, Director, CIP, Southwest Power Pool Regional 
Entity
 Richard Dewey, Senior Vice President & CIO, NYISO
 Steven Parker, President, EnergySec
 Mikhail Falkovich, Manager NERC/CIP Compliance, PSEG; Speaking 
on behalf of Electric Power Supply Association (EPSA)
 Tobias Whitney, Manager, CIP Compliance, North America 
Electric Reliability Corporation (NERC)

    11:45-1:00 p.m. Lunch

Panel 2

1:00-2:30 p.m. Need for Additional Definitions or Controls for CIP 
Reliability Standards

    The Commission seeks information on whether additional definitions 
and/or security controls are needed to protect BPS communications 
networks, including remote systems access. Panelists are encouraged to 
address:
     Whether the NERC Glossary of Terms needs either new 
definitions, or modifications of current definitions, to ensure 
adequate protection of BPS communication networks.
     The types of physical or logical controls that may be 
needed to protect BPS communication network components communicating 
via non-routable protocols, or through serial communication links.
     The types of physical or logical controls that may be 
needed to protect non-programmable components of data communications 
networks (e.g., cabling).
     The types of physical or logical controls that may be 
needed to address the cybersecurity needs of remote access processes 
and devices.
     How the confidentiality, integrity, and availability of 
data in motion (i.e., being transmitted) over BPS communication 
networks can be ensured physically and/or electronically.
     To what extent different types of encryption technology 
can be effectively employed on BPS communication networks without 
adversely affecting BPS operations.
     For each of the topics above, the panelists should address 
whether there are gaps in the current CIP version 5 Standards that 
could be addressed, and suggest recommendations for adjustment of the 
CIP version 5 Standards to address any gaps.
    Panelists:

 Kevin Perry, Director, CIP, Southwest Power Pool Regional 
Entity
 Richard Kinas, Mgr. Standards Compliance, Orlando Utilities 
Commission
 David Dekker, Cyber Security Standards Manager, Pepco Holdings 
Inc.
 Dr. Andrew Wright, N-Dimension Solutions
 Andrew Ginter--VP Industrial Security, Waterfall Security 
Solutions
 David Batz, Director, Cyber & Infrastructure Security, Edison 
Electric Institute
2:30-2:45 p.m. Break

Panel 3

2:45-4:15 p.m. NIST Frameworks Discussion
    The Commission seeks information on functional differences between 
the respective methods used for identification, categorization, and 
specification of appropriate levels of protection for cyber assets 
using CIP version 5 Standards as compared with those employed within 
other cyber security frameworks, including the NIST Security Risk 
Management Framework (RMF) and the recently-released Framework for 
Improving Critical Infrastructure Cybersecurity (NIST Cyber Security 
Framework). Panelists are encouraged to address:
     The functional differences on how each framework 
approaches asset identification to address emerging threats, risks, and 
vulnerabilities. Panelists may suggest how the CIP version 5 Standards 
could be adjusted to address any concern or weakness, or explain 
whether or not the approaches identified in the NIST Security Risk 
Management Framework and the NIST Cyber Security Framework are more 
appropriate for protecting BPS critical infrastructure.
     Whether it is prudent to use only facility ratings, (e.g., 
power, voltage, operating conditions), to identify and categorize BES 
cyber assets that are subject to CIP Standards in CIP-002-5. Panelists 
may suggest the inclusion of additional attributes, (e.g., data 
sensitivity) or recommend adjustments to the bright-line criteria for 
ensuring accurate identification and categorization of BES cyber 
assets. Panelists are encouraged to identify potential issues in 
Reliability Standard CIP-002-5 that could hinder the implementation of 
the CIP version 5 Standards (e.g. any issues relating to NERC Glossary 
of Terms definitions, CIP-002-5 criteria or impact levels).
     Comparisons between the CIP version 5 Standards security 
controls and the security controls of the two NIST Frameworks and the 
identification of specific security controls or control objectives that 
should be considered in future revisions of CIP standards.

[[Page 22814]]

    Panelists:

 Patrick Miller, Managing Partner, The Anfield Group
 Brent Castagnetto, Manager, Cyber Security Audits & 
Investigations, WECC
 Gerald Mannarino, Director, Computer System Engineering, New 
York Power Authority
 Melanie Seader, Senior Cyber & Infrastructure Security 
Analyst, Edison Electric Institute
 Jason Christopher, Technical Lead, Cyber Security Capabilities 
& Risk Management, U.S. Department of Energy

4:15-4:30 p.m. Wrap-Up

[FR Doc. 2014-09331 Filed 4-23-14; 8:45 am]
BILLING CODE 6717-01-P