Revised Critical Infrastructure Protection Reliability Standards; Supplemental Notice of Agenda and Discussion Topics for Staff Technical Conference, 81534-81536 [2015-32833]
Download as PDF
<![CDATA[
81534
Federal Register / Vol. 80, No. 250 / Wednesday, December 30, 2015 / Notices
Ulmer at least seven days in advance of
the meeting at the phone number listed
above. Written statements may be filed
with the Board either before or after the
meeting. Individuals who wish to make
oral presentations pertaining to agenda
items should contact Barbara Ulmer at
the telephone number listed above. The
request must be received five days prior
to the meeting and reasonable provision
will be made to include the presentation
in the agenda. The Deputy Designated
Federal Officer is empowered to
conduct the meeting in a fashion that
will facilitate the orderly conduct of
business. Individuals wishing to make
public comments can do so during the
15 minutes allotted for public
comments.
Minutes: Minutes will be available by
writing to Barbara Ulmer at the address
listed above or at the following Web
site: https://nv.energy.gov/nssab/
MeetingMinutes.aspx
Issued at Washington, DC, on December 23,
2015.
LaTanya R. Butler,
Deputy Committee Management Officer.
[FR Doc. 2015–32882 Filed 12–29–15; 8:45 am]
BILLING CODE 6450–01–P
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
mstockstill on DSK4VPTVN1PROD with NOTICES
Combined Notice of Filings #2
Take notice that the Commission
received the following electric rate
filings:
Docket Numbers: ER14–2884–002.
Applicants: Kansas City Power &
Light Company, KCP&L Greater
Missouri Operations Company.
Description: Compliance filing:
Protocols Compliance Filing to be
effective 3/1/2015.
Filed Date: 12/23/15.
Accession Number: 20151223–5163.
Comments Due: 5 p.m. ET 1/13/16.
Docket Numbers: ER16–631–000.
Applicants: PacifiCorp.
Description: Section 205(d) Rate
Filing: BPA Construction Agmt (USBR
Green Springs Rev 1) to be effective
2/22/2016.
Filed Date: 12/23/15.
Accession Number: 20151223–5151.
Comments Due: 5 p.m. ET 1/13/16.
Docket Numbers: ER16–632–000.
Applicants: Blythe Solar II, LLC.
Description: Baseline eTariff Filing:
Blythe Solar II, LLC Application for
Market-Based Rates to be effective
4/1/2016.
VerDate Sep<11>2014
17:59 Dec 29, 2015
Jkt 238001
Filed Date: 12/23/15.
Accession Number: 20151223–5161.
Comments Due: 5 p.m. ET 1/13/16.
Docket Numbers: ER16–633–000.
Applicants: California Independent
System Operator Corporation.
Description: Section 205(d) Rate
Filing: 2015–12–23 ABAOA with
CENACE–GCRBC, Termination of CFE
ICAOA & Waiver Request to be effective
1/1/2016.
Filed Date: 12/23/15.
Accession Number: 20151223–5207.
Comments Due: 5 p.m. ET 1/13/16.
The filings are accessible in the
Commission’s eLibrary system by
clicking on the links or querying the
docket number.
Any person desiring to intervene or
protest in any of the above proceedings
must file in accordance with Rules 211
and 214 of the Commission’s
Regulations (18 CFR 385.211 and
385.214) on or before 5:00 p.m. Eastern
time on the specified comment date.
Protests may be considered, but
intervention is necessary to become a
party to the proceeding.
eFiling is encouraged. More detailed
information relating to filing
requirements, interventions, protests,
service, and qualifying facilities filings
can be found at: https://www.ferc.gov/
docs-filing/efiling/filing-req.pdf. For
other information, call (866) 208–3676
(toll free). For TTY, call (202) 502–8659.
Dated: December 23, 2015.
Nathaniel J. Davis, Sr.,
Deputy Secretary.
[FR Doc. 2015–32828 Filed 12–29–15; 8:45 am]
BILLING CODE 6717–01–P
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
[Docket No. RM15–14–000]
Revised Critical Infrastructure
Protection Reliability Standards;
Supplemental Notice of Agenda and
Discussion Topics for Staff Technical
Conference
This notice establishes the agenda and
topics for discussion at the technical
conference to be held on January 28,
2016, to discuss issues related to supply
chain risk management. The technical
conference will start at 10:00 a.m. and
end at approximately 4:30 p.m. (Eastern
Time) in the Commission Meeting Room
at the Commission’s Headquarters, 888
First Street NE., Washington, DC. The
technical conference will be led by
PO 00000
Frm 00028
Fmt 4703
Sfmt 4703
Commission staff, and FERC
Commissioners may be in attendance.
All interested parties are invited to
attend, and registration is not required.
The topics and related questions to be
discussed during this conference are
provided as an attachment to this
Notice. The purpose of the technical
conference is to facilitate a structured
dialogue on supply chain risk
management issues identified by the
Commission in the Revised Critical
Infrastructure Protection Standards
Notice of Proposed Rulemaking (NOPR)
issued in this proceeding and raised in
public comments to the NOPR. Prepared
remarks will be presented by invited
panelists.
This event will be webcast and
transcribed. The free webcast allows
listening only. Anyone with Internet
access who desires to listen to this event
can do so by navigating to the ‘‘FERC
Calendar’’ at www.ferc.gov, and locating
the technical conference in the Calendar
of Events. Opening the technical
conference in the Calendar of Events
will reveal a link to its webcast. The
Capitol Connection provides technical
support for the webcast and offers the
option of listening to the meeting via
phone-bridge for a fee. If you have any
questions, visit
www.CapitolConnection.org or call 703–
993–3100. The webcast will be available
on the Calendar of Events at
www.ferc.gov for three months after the
conference. Transcripts of the
conference will be immediately
available for a fee from Ace-Federal
Reporters, Inc. (202–347–3700).
FERC conferences are accessible
under section 508 of the Rehabilitation
Act of 1973. For accessibility
accommodations, please send an email
to accessibility@ferc.gov or call toll free
(866) 208–3372 (voice) or (202) 502–
8659 (TTY), or send a fax to (202) 208–
2106 with the requested
accommodations.
There is no fee for attendance.
However, members of the public are
encouraged to preregister online at:
https://www.ferc.gov/whats-new/
registration/01-28-16-form.asp.
For more information about the
technical conference, please contact:
Sarah McKinley, Office of External
Affairs, 202–502–8368, sarah.mckinley@
ferc.gov.
Dated: December 23, 2015.
Nathaniel J. Davis, Sr.,
Deputy Secretary.
E:\FR\FM\30DEN1.SGM
30DEN1
Federal Register / Vol. 80, No. 250 / Wednesday, December 30, 2015 / Notices
Critical Infrastructure Protection
Supply Chain Risk Management RM15–
14–000 January 28, 2016
Agenda
Welcome and Opening Remarks by
Commission Staff
9:30–9:45 a.m.
Introduction
In a July 16, 2015 Notice of Proposed
Rulemaking (NOPR) in the abovecaptioned docket, the Commission
proposed to direct the North American
Electric Reliability Corporation (NERC)
to develop new or modified Critical
Infrastructure Protection (CIP)
Reliability Standards to provide security
controls relating to supply chain risk
management for industrial control
system hardware, software, and
services. The Commission sought and
received comments on this proposal,
including: (1) The NOPR proposal to
direct that NERC develop a Reliability
Standard to address supply chain risk
management; (2) the anticipated features
of, and requirements that should be
included in, such a standard; and (3) a
reasonable timeframe for development
of a standard. The purpose of this
conference is to clarify issues, share
information, and determine the proper
response to address security control and
supply chain risk management
concerns.
Staff Presentation: Supply Chain Efforts
by Certain Other Federal Agencies
9:45 a.m.–10:05 a.m.
Break
10:05 p.m.–10:15 p.m.
mstockstill on DSK4VPTVN1PROD with NOTICES
Panel 1: Need for a New or Modified
Reliability Standard
10:15 a.m.–11:45 a.m.
The Commission staff seeks
information about the need for a new or
modified Reliability Standard to manage
supply chain risks for industrial control
system hardware, software, and
computing and networking services
associated with bulk electric system
operations. Panelists are encouraged to
address:
VerDate Sep<11>2014
17:59 Dec 29, 2015
Jkt 238001
Panelists
1. Nadya Bartol, Vice President,
Industry Affairs and Cybersecurity
Strategist, UTC
2. Jon Boyens, Project Manager,
Information Communication
Technology (ICT) Supply Chain
Risk Management, National
Institute of Standards & Technology
(NIST)
3. John Galloway, Director, Cyber
Security, ISO New England
4. John Goode, Chief Information
Officer/Senior Vice President,
Midcontinent Independent System
Operator (MISO)
5. Barry Lawson, Associate Director,
Power Delivery & Reliability,
National Rural Electric Cooperative
Association (NRECA)
6. Helen Nalley, Compliance Director,
Southern Company
7. Jacob Olcott, Vice President of
Business Development, Bitsight
Tech
8. Marcus Sachs, Senior Vice President
and Chief Security Officer, North
American Electric Reliability
Corporation (NERC)
Lunch
11:45 a.m.–1:00 p.m.
Panel 2: Scope and Implementation of
a New or Modified Standard
1:00 p.m.–2:30 p.m.
The Commission staff seeks
information about the scope and
implementation of a new or modified
Standard to manage supply chain risks
for industrial control system hardware,
software, and computing and
networking services associated with
bulk electric system operations.
Panelists are encouraged to address:
• Identify types of assets that could
be better protected with a new or
modified Standard.
• Identify supply chain processes that
could be better protected by a Standard.
• Identify controls or modifications
that could be included in the Standard.
• Identify existing mandatory or
voluntary standards or security
guidelines that could form the basis of
the Standard.
PO 00000
Frm 00029
Fmt 4703
Sfmt 4703
• Address how the verification of
supply chain risk mitigation could be
measured, benchmarked and/or audited.
• Present and justify a reasonable
timeframe for development and
implementation of a Standard.
• Discuss whether a Standard could
be a catalyst for technical innovation
and market competition.
Panelists
1. Mike Ahmadi, Global Director—
Critical Systems Security, Synopsys
2. Jonathan Appelbaum, Director, NERC
Compliance, The United
Illuminating Company
3. Brent Castegnetto, Manager, Cyber
Security Audits & Investigations,
WECC
4. Art Conklin, Ph.D., Associate
Professor and Director of the Center
for Information Security Research
and Education, University of
Houston
5. Edna Conway, Chief Security Officer,
Value Chain Security, Cisco
6. Bryan Owen, Principal Cyber Security
Manager, OSIsoft
7. Albert Ruocco, Vice President and
Chief Technology Officer, American
Electric Power (AEP)
8. Doug Thomas, Vice President and
Chief Information Officer, Ontario
Independent Electricity System
Operation (IESO)
Break
2:30 p.m.–2:45 p.m.
Panel 3: Current Supply Chain Risk
Management Practices and
Collaborative Efforts
2:45 p.m.–4:15 p.m.
The Commission staff seeks
information about existing supply chain
risk management efforts for information
and communications technology and
industrial control system hardware,
software, and services in other critical
infrastructure sectors and the
government. Panelists are encouraged to
address:
• Generally describe how registered
entities and other organizations
currently manage supply chain issues.
• Identify standards or guidelines that
are used to establish supply chain risk
management practices. Specifically,
discuss experience under those
standards or guidelines.
• Identify organizational roles
involved in the development and
implementation of supply chain risk
management practices.
• Generally describe approaches for
identifying, evaluating, mitigating, and
monitoring supply chain risk.
• Generally discuss how supply chain
risk is addressed in the contracting
process with vendors and suppliers.
E:\FR\FM\30DEN1.SGM
30DEN1
EN30DE15.000</GPH>
• Identify challenges faced in
managing supply chain risk.
• Describe how the current CIP
Standards provide supply chain risk
management controls.
• Describe how the current CIP
Standards incentivize or inhibit the
introduction of more secure technology.
• Identify possible other approaches
that the Commission can take to
mitigate supply chain risks.
81535
81536
Federal Register / Vol. 80, No. 250 / Wednesday, December 30, 2015 / Notices
• Generally describe the capabilities
that registered entities currently have to
inspect third party information security
practices.
• Generally describe the capabilities
that registered entities currently have to
negotiate for additional security in their
hardware, software, and service
contracts. Describe how this may vary
based on the potential vendor or
supplier and the type of service to be
provided.
• Generally describe how vendors
and suppliers are managing risk in their
supply chain.
Panelists
1. Douglas Bauder, Vice President,
Operational Services, and Chief
Procurement Officer, Southern
California Edison
2. Andrew Bochman, Senior Cyber &
Energy Security Strategist, INL/DOE
3. Dennis Gammel, Director, Security
Technology, Schweitzer
Engineering
4. Andrew Ginter, Vice President,
Industrial Security, Waterfall
Security Solutions
5. Steve Griffith, Industry Director,
National Electrical Manufacturers
Association (NEMA)
6. Maria Jenks, Vice President, Supply
Chain, Kansas City Power & Light
(KCP&L)
7. Robert McClanahan, Vice President/
Chief Information Officer, Arkansas
Electric Cooperative Corporation
(AECC)
8. Thomas O’Brien, Chief Information
Officer, PJM Interconnection, LLC
4:15 p.m.–4:30 p.m. Closing Remarks
[FR Doc. 2015–32833 Filed 12–29–15; 8:45 am]
BILLING CODE 6717–01–P
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
[Project No. 12690–015]
mstockstill on DSK4VPTVN1PROD with NOTICES
Public Utility District No. 1 of
Snohomish County, Washington;
Notice of Application Accepted for
Filing, Soliciting Comments, Motions
To Intervene, and Protests
Take notice that the following
hydroelectric application has been filed
with the Commission and is available
for public inspection:
a. Type of Application: Surrender of
License.
b. Project No.: 12690–015.
c. Date Filed: December 4, 2015.
d. Applicant: Public Utility District
No. 1 of Snohomish County,
Washington.
VerDate Sep<11>2014
17:59 Dec 29, 2015
Jkt 238001
e. Name of Project: Admiralty Inlet
Pilot Tidal Project.
f. Location: On the east side of
Admiralty Inlet in Puget Sound,
Washington, about 0.6 mile west of
Whidbey Island, within Island County,
Washington.
g. Filed Pursuant to: Federal Power
Act, 16 U.S.C. 791a–825r.
h. Applicant Contact: Mr. Craig W.
Collar, CEO/General Manager of
Snohomish County PUD #1, 2320
California Street, Everett, WA 98201,
Phone: (425) 783–8473.
i. FERC Contact: Mr. Ashish Desai,
(202) 502–8370, Ashish.Desai@ferc.gov.
j. Deadline for filing comments,
motions to intervene and protests, is 30
days from the issuance date of this
notice. The Commission strongly
encourages electronic filing. Please file
motions to intervene, protests,
comments, and recommendations, using
the Commission’s eFiling system at
https://www.ferc.gov/docs-filing/
efiling.asp. Commenters can submit
brief comments up to 6,000 characters,
without prior registration, using the
eComment system at https://
www.ferc.gov/docs-filing/
ecomment.asp. You must include your
name and contact information at the end
of your comments. For assistance,
please contact FERC Online Support at
FERCOnlineSupport@ferc.gov, (866)
208–3676 (toll free), or (202) 502–8659
(TTY). In lieu of electronic filing, please
send a paper copy to: Secretary, Federal
Energy Regulatory Commission, 888
First Street NE., Washington, DC 20426.
The first page of any filing should
include docket number P–12690–015.
k. Description of Project Facilities:
The unconstructed Admiralty Inlet Pilot
Tidal Project works would consist of
two 300-kW OpenHydro tidal turbines
each mounted on a triangular subsea
base, two approximately 7,000-foot-long
connecting cables extending onshore,
and onshore supporting facilities.
l. Description of Request: The
applicant has determined the
unconstructed project is no longer
economically feasible and proposes to
surrender the license.
m. Locations of the Application: A
copy of the application is available for
inspection and reproduction at the
Commission’s Public Reference Room,
located at 888 First Street NE., Room
2A, Washington, DC 20426, or by calling
(202) 502–8371. This filing may also be
viewed on the Commission’s Web site at
https://www.ferc.gov/docs-filing/
elibrary.asp. Enter the docket number
excluding the last three digits in the
docket number field to access the
document. You may also register online
at https://www.ferc.gov/docs-filing/
PO 00000
Frm 00030
Fmt 4703
Sfmt 4703
esubscription.asp to be notified via
email of new filings and issuances
related to this or other pending projects.
For assistance, call 1–866–208- 3676 or
email FERCOnlineSupport@ferc.gov, for
TTY, call (202) 502–8659. A copy is also
available for inspection and
reproduction at the address in item (h)
above.
n. Individuals desiring to be included
on the Commission’s mailing list should
so indicate by writing to the Secretary
of the Commission.
o. Comments, Protests, or Motions to
Intervene: Anyone may submit
comments, a protest, or a motion to
intervene in accordance with the
requirements of Rules of Practice and
Procedure, 18 CFR 385.210, .211, .214.
In determining the appropriate action to
take, the Commission will consider all
protests or other comments filed, but
only those who file a motion to
intervene in accordance with the
Commission’s Rules may become a
party to the proceeding. Any comments,
protests, or motions to intervene must
be received on or before the specified
comment date for the particular
application.
p. Filing and Service of Responsive
Documents: Any filing must (1) bear in
all capital letters the title
‘‘COMMENTS’’, ‘‘PROTEST’’, or
‘‘MOTION TO INTERVENE’’ as
applicable; (2) set forth in the heading
the name of the applicant and the
project number of the application to
which the filing responds; (3) furnish
the name, address, and telephone
number of the person protesting or
intervening; and (4) otherwise comply
with the requirements of 18 CFR
385.2001 through 385.2005. All
comments, motions to intervene, or
protests must set forth their evidentiary
basis and otherwise comply with the
requirements of 18 CFR 4.34(b). All
comments, motions to intervene, or
protests should relate to project works
which are the subject of the license
surrender. Agencies may obtain copies
of the application directly from the
applicant. A copy of any protest or
motion to intervene must be served
upon each representative of the
applicant specified in the particular
application. If an intervener files
comments or documents with the
Commission relating to the merits of an
issue that may affect the responsibilities
of a particular resource agency, they
must also serve a copy of the document
on that resource agency. A copy of all
other filings in reference to this
application must be accompanied by
proof of service on all persons listed in
the service list prepared by the
Commission in this proceeding, in
E:\FR\FM\30DEN1.SGM
30DEN1
]]>Agencies
[Federal Register Volume 80, Number 250 (Wednesday, December 30, 2015)]
[Notices]
[Pages 81534-81536]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-32833]
-----------------------------------------------------------------------
DEPARTMENT OF ENERGY
Federal Energy Regulatory Commission
[Docket No. RM15-14-000]
Revised Critical Infrastructure Protection Reliability Standards;
Supplemental Notice of Agenda and Discussion Topics for Staff Technical
Conference
This notice establishes the agenda and topics for discussion at the
technical conference to be held on January 28, 2016, to discuss issues
related to supply chain risk management. The technical conference will
start at 10:00 a.m. and end at approximately 4:30 p.m. (Eastern Time)
in the Commission Meeting Room at the Commission's Headquarters, 888
First Street NE., Washington, DC. The technical conference will be led
by Commission staff, and FERC Commissioners may be in attendance. All
interested parties are invited to attend, and registration is not
required.
The topics and related questions to be discussed during this
conference are provided as an attachment to this Notice. The purpose of
the technical conference is to facilitate a structured dialogue on
supply chain risk management issues identified by the Commission in the
Revised Critical Infrastructure Protection Standards Notice of Proposed
Rulemaking (NOPR) issued in this proceeding and raised in public
comments to the NOPR. Prepared remarks will be presented by invited
panelists.
This event will be webcast and transcribed. The free webcast allows
listening only. Anyone with Internet access who desires to listen to
this event can do so by navigating to the ``FERC Calendar'' at
www.ferc.gov, and locating the technical conference in the Calendar of
Events. Opening the technical conference in the Calendar of Events will
reveal a link to its webcast. The Capitol Connection provides technical
support for the webcast and offers the option of listening to the
meeting via phone-bridge for a fee. If you have any questions, visit
www.CapitolConnection.org or call 703-993-3100. The webcast will be
available on the Calendar of Events at www.ferc.gov for three months
after the conference. Transcripts of the conference will be immediately
available for a fee from Ace-Federal Reporters, Inc. (202-347-3700).
FERC conferences are accessible under section 508 of the
Rehabilitation Act of 1973. For accessibility accommodations, please
send an email to accessibility@ferc.gov or call toll free (866) 208-
3372 (voice) or (202) 502-8659 (TTY), or send a fax to (202) 208-2106
with the requested accommodations.
There is no fee for attendance. However, members of the public are
encouraged to preregister online at: https://www.ferc.gov/whats-new/registration/01-28-16-form.asp.
For more information about the technical conference, please
contact: Sarah McKinley, Office of External Affairs, 202-502-8368,
sarah.mckinley@ferc.gov.
Dated: December 23, 2015.
Nathaniel J. Davis, Sr.,
Deputy Secretary.
[[Page 81535]]
[GRAPHIC] [TIFF OMITTED] TN30DE15.000
Critical Infrastructure Protection Supply Chain Risk Management RM15-
14-000 January 28, 2016
Agenda
Welcome and Opening Remarks by Commission Staff
9:30-9:45 a.m.
Introduction
In a July 16, 2015 Notice of Proposed Rulemaking (NOPR) in the
above-captioned docket, the Commission proposed to direct the North
American Electric Reliability Corporation (NERC) to develop new or
modified Critical Infrastructure Protection (CIP) Reliability Standards
to provide security controls relating to supply chain risk management
for industrial control system hardware, software, and services. The
Commission sought and received comments on this proposal, including:
(1) The NOPR proposal to direct that NERC develop a Reliability
Standard to address supply chain risk management; (2) the anticipated
features of, and requirements that should be included in, such a
standard; and (3) a reasonable timeframe for development of a standard.
The purpose of this conference is to clarify issues, share information,
and determine the proper response to address security control and
supply chain risk management concerns.
Staff Presentation: Supply Chain Efforts by Certain Other Federal
Agencies
9:45 a.m.-10:05 a.m.
Break
10:05 p.m.-10:15 p.m.
Panel 1: Need for a New or Modified Reliability Standard
10:15 a.m.-11:45 a.m.
The Commission staff seeks information about the need for a new or
modified Reliability Standard to manage supply chain risks for
industrial control system hardware, software, and computing and
networking services associated with bulk electric system operations.
Panelists are encouraged to address:
Identify challenges faced in managing supply chain risk.
Describe how the current CIP Standards provide supply
chain risk management controls.
Describe how the current CIP Standards incentivize or
inhibit the introduction of more secure technology.
Identify possible other approaches that the Commission can
take to mitigate supply chain risks.
Panelists
1. Nadya Bartol, Vice President, Industry Affairs and Cybersecurity
Strategist, UTC
2. Jon Boyens, Project Manager, Information Communication Technology
(ICT) Supply Chain Risk Management, National Institute of Standards &
Technology (NIST)
3. John Galloway, Director, Cyber Security, ISO New England
4. John Goode, Chief Information Officer/Senior Vice President,
Midcontinent Independent System Operator (MISO)
5. Barry Lawson, Associate Director, Power Delivery & Reliability,
National Rural Electric Cooperative Association (NRECA)
6. Helen Nalley, Compliance Director, Southern Company
7. Jacob Olcott, Vice President of Business Development, Bitsight Tech
8. Marcus Sachs, Senior Vice President and Chief Security Officer,
North American Electric Reliability Corporation (NERC)
Lunch
11:45 a.m.-1:00 p.m.
Panel 2: Scope and Implementation of a New or Modified Standard
1:00 p.m.-2:30 p.m.
The Commission staff seeks information about the scope and
implementation of a new or modified Standard to manage supply chain
risks for industrial control system hardware, software, and computing
and networking services associated with bulk electric system
operations. Panelists are encouraged to address:
Identify types of assets that could be better protected
with a new or modified Standard.
Identify supply chain processes that could be better
protected by a Standard.
Identify controls or modifications that could be included
in the Standard.
Identify existing mandatory or voluntary standards or
security guidelines that could form the basis of the Standard.
Address how the verification of supply chain risk
mitigation could be measured, benchmarked and/or audited.
Present and justify a reasonable timeframe for development
and implementation of a Standard.
Discuss whether a Standard could be a catalyst for
technical innovation and market competition.
Panelists
1. Mike Ahmadi, Global Director--Critical Systems Security, Synopsys
2. Jonathan Appelbaum, Director, NERC Compliance, The United
Illuminating Company
3. Brent Castegnetto, Manager, Cyber Security Audits & Investigations,
WECC
4. Art Conklin, Ph.D., Associate Professor and Director of the Center
for Information Security Research and Education, University of Houston
5. Edna Conway, Chief Security Officer, Value Chain Security, Cisco
6. Bryan Owen, Principal Cyber Security Manager, OSIsoft
7. Albert Ruocco, Vice President and Chief Technology Officer, American
Electric Power (AEP)
8. Doug Thomas, Vice President and Chief Information Officer, Ontario
Independent Electricity System Operation (IESO)
Break
2:30 p.m.-2:45 p.m.
Panel 3: Current Supply Chain Risk Management Practices and
Collaborative Efforts
2:45 p.m.-4:15 p.m.
The Commission staff seeks information about existing supply chain
risk management efforts for information and communications technology
and industrial control system hardware, software, and services in other
critical infrastructure sectors and the government. Panelists are
encouraged to address:
Generally describe how registered entities and other
organizations currently manage supply chain issues.
Identify standards or guidelines that are used to
establish supply chain risk management practices. Specifically, discuss
experience under those standards or guidelines.
Identify organizational roles involved in the development
and implementation of supply chain risk management practices.
Generally describe approaches for identifying, evaluating,
mitigating, and monitoring supply chain risk.
Generally discuss how supply chain risk is addressed in
the contracting process with vendors and suppliers.
[[Page 81536]]
Generally describe the capabilities that registered
entities currently have to inspect third party information security
practices.
Generally describe the capabilities that registered
entities currently have to negotiate for additional security in their
hardware, software, and service contracts. Describe how this may vary
based on the potential vendor or supplier and the type of service to be
provided.
Generally describe how vendors and suppliers are managing
risk in their supply chain.
Panelists
1. Douglas Bauder, Vice President, Operational Services, and Chief
Procurement Officer, Southern California Edison
2. Andrew Bochman, Senior Cyber & Energy Security Strategist, INL/DOE
3. Dennis Gammel, Director, Security Technology, Schweitzer Engineering
4. Andrew Ginter, Vice President, Industrial Security, Waterfall
Security Solutions
5. Steve Griffith, Industry Director, National Electrical Manufacturers
Association (NEMA)
6. Maria Jenks, Vice President, Supply Chain, Kansas City Power & Light
(KCP&L)
7. Robert McClanahan, Vice President/Chief Information Officer,
Arkansas Electric Cooperative Corporation (AECC)
8. Thomas O'Brien, Chief Information Officer, PJM Interconnection, LLC
4:15 p.m.-4:30 p.m. Closing Remarks
[FR Doc. 2015-32833 Filed 12-29-15; 8:45 am]
BILLING CODE 6717-01-P
