Revised Critical Infrastructure Protection Reliability Standards; Supplemental Notice of Agenda and Discussion Topics for Staff Technical Conference, 87-88 [2015-33035]

Download as PDF tkelley on DSK3SPTVN1PROD with NOTICES Federal Register / Vol. 81, No. 1 / Monday, January 4, 2016 / Notices Comments Due: 5 p.m. ET 1/19/16 Docket Numbers: ER16–638–000 Applicants: Golden Spread Electric Cooperative, Inc. Description: § 205(d) Rate Filing: WPC 2016 eTariff Correction Filing to be effective 1/1/2016. Filed Date: 12/28/15 Accession Number: 20151228–5105 Comments Due: 5 p.m. ET 1/19/16 Docket Numbers: ER16–639–000 Applicants: PacifiCorp Description: § 205(d) Rate Filing: VA Salt Lake Non-Conforming SGIA to be effective 12/4/2015. Filed Date: 12/28/15 Accession Number: 20151228–5143 Comments Due: 5 p.m. ET 1/19/16 Docket Numbers: ER16–640–000 Applicants: Otter Tail Power Company Description: § 205(d) Rate Filing: Submission of Operational and Supplemental Services Agreement to be effective 1/1/2016. Filed Date: 12/28/15 Accession Number: 20151228–5186 Comments Due: 5 p.m. ET 1/19/16 Take notice that the Commission received the following electric securities filings: Docket Numbers: ES16–11–000 Applicants: Westar Energy, Inc. Description: Supplement to December 11, 2015 Application under Section 204 of the Federal Power Act of Westar Energy, Inc. Filed Date: 12/23/15 Accession Number: 20151223–5081 Comments Due: 5 p.m. ET 1/13/16 Docket Numbers: ES16–14–000 Applicants: Prairie Wind Transmission, LLC Description: Supplement to December 11, 2015 Application of Prairie Wind Transmission, LLC under Section 204 of the Federal Power Act. Filed Date: 12/23/15 Accession Number: 20151223–5098 Comments Due: 5 p.m. ET 1/13/16 The filings are accessible in the Commission’s eLibrary system by clicking on the links or querying the docket number. Any person desiring to intervene or protest in any of the above proceedings must file in accordance with Rules 211 and 214 of the Commission’s Regulations (18 CFR 385.211 and 385.214) on or before 5:00 p.m. Eastern time on the specified comment date. Protests may be considered, but intervention is necessary to become a party to the proceeding. eFiling is encouraged. More detailed information relating to filing requirements, interventions, protests, VerDate Sep<11>2014 16:43 Dec 31, 2015 Jkt 238001 service, and qualifying facilities filings can be found at: http://www.ferc.gov/ docs-filing/efiling/filing-req.pdf. For other information, call (866) 208–3676 (toll free). For TTY, call (202) 502–8659. Dated: December 28, 2015. Nathaniel J. Davis, Sr., Deputy Secretary. [FR Doc. 2015–33030 Filed 12–31–15; 8:45 am] BILLING CODE 6717–01–P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission [Docket No. RM15–14–000] Revised Critical Infrastructure Protection Reliability Standards; Supplemental Notice of Agenda and Discussion Topics for Staff Technical Conference This notice establishes the agenda and topics for discussion at the technical conference to be held on January 28, 2016, to discuss issues related to supply chain risk management. The technical conference will start at 9:30 a.m. and end at approximately 4:30 p.m. (Eastern Time) in the Commission Meeting Room at the Commission’s Headquarters, 888 First Street NE., Washington, DC. The technical conference will be led by Commission staff, and FERC Commissioners may be in attendance. All interested parties are invited to attend, and registration is not required. The topics and related questions to be discussed during this conference are provided as an attachment to this Notice. The purpose of the technical conference is to facilitate a structured dialogue on supply chain risk management issues identified by the Commission in the Revised Critical Infrastructure Protection Standards Notice of Proposed Rulemaking (NOPR) issued in this proceeding and raised in public comments to the NOPR. Prepared remarks will be presented by invited panelists. This event will be webcast and transcribed. The free webcast allows listening only. Anyone with internet access who desires to listen to this event can do so by navigating to the ‘‘FERC Calendar’’ at www.ferc.gov, and locating the technical conference in the Calendar of Events. Opening the technical conference in the Calendar of Events will reveal a link to its webcast. The Capitol Connection provides technical support for the webcast and offers the option of listening to the meeting via phone-bridge for a fee. If you have any questions, visit PO 00000 Frm 00027 Fmt 4703 Sfmt 4703 87 www.CapitolConnection.org or call 703– 993–3100. The webcast will be available on the Calendar of Events at www.ferc.gov for three months after the conference. Transcripts of the conference will be immediately available for a fee from Ace-Federal Reporters, Inc. (202–347–3700). FERC conferences are accessible under section 508 of the Rehabilitation Act of 1973. For accessibility accommodations, please send an email to accessibility@ferc.gov or call toll free (866) 208–3372 (voice) or (202) 502– 8659 (TTY), or send a fax to (202) 208– 2106 with the requested accommodations. There is no fee for attendance. However, members of the public are encouraged to preregister online at: https://www.ferc.gov/whats–new/ registration/01–28–16–form.asp. For more information about the technical conference, please contact: Sarah McKinley, Office of External Affairs, 202–502–8368, sarah.mckinley@ferc.gov. Critical Infrastructure Protection Supply Chain Risk Management RM15– 14–000 January 28, 2016 Agenda Welcome and Opening Remarks by Commission Staff 9:30–9:45 a.m. Introduction In a July 16, 2015 Notice of Proposed Rulemaking (NOPR) in the abovecaptioned docket, the Commission proposed to direct the North American Electric Reliability Corporation (NERC) to develop new or modified Critical Infrastructure Protection (CIP) Reliability Standards to provide security controls relating to supply chain risk management for industrial control system hardware, software, and services. The Commission sought and received comments on this proposal, including: (1) The NOPR proposal to direct that NERC develop a Reliability Standard to address supply chain risk management; (2) the anticipated features of, and requirements that should be included in, such a standard; and (3) a reasonable timeframe for development of a standard. The purpose of this conference is to clarify issues, share information, and determine the proper response to address security control and supply chain risk management concerns. Staff Presentation: Supply Chain Efforts by Certain Other Federal Agencies 9:45 a.m.–10:05 a.m. E:\FR\FM\04JAN1.SGM 04JAN1 88 Federal Register / Vol. 81, No. 1 / Monday, January 4, 2016 / Notices Break 10:05 p.m.–10:15 p.m. Panel 1: Need for a New or Modified Reliability Standard 10:15 a.m.–11:45 a.m. The Commission staff seeks information about the need for a new or modified Reliability Standard to manage supply chain risks for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations. Panelists are encouraged to address: • Identify challenges faced in managing supply chain risk. • Describe how the current CIP Standards provide supply chain risk management controls. • Describe how the current CIP Standards incentivize or inhibit the introduction of more secure technology. • Identify possible other approaches that the Commission can take to mitigate supply chain risks. Panelists: 1. Nadya Bartol, Vice President, Industry Affairs and Cybersecurity Strategist, UTC 2. Jon Boyens, Project Manager, Information Communication Technology (ICT) Supply Chain Risk Management, National Institute of Standards & Technology (NIST) 3. John Galloway, Director, Cyber Security, ISO New England 4. John Goode, Chief Information Officer/Senior Vice President, Midcontinent Independent System Operator (MISO) 5. Barry Lawson, Associate Director, Power Delivery & Reliability, National Rural Electric Cooperative Association (NRECA) 6. Helen Nalley, Compliance Director, Southern Company 7. Jacob Olcott, Vice President of Business Development, Bitsight Tech 8. Marcus Sachs, Senior Vice President and Chief Security Officer, North American Electric Reliability Corporation (NERC) tkelley on DSK3SPTVN1PROD with NOTICES Lunch 11:45 a.m.–1:00 p.m. Panel 2: Scope and Implementation of a New or Modified Standard 1:00 p.m.–2:30 p.m. The Commission staff seeks information about the scope and implementation of a new or modified Standard to manage supply chain risks for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations. Panelists are encouraged to address: VerDate Sep<11>2014 16:43 Dec 31, 2015 Jkt 238001 • Identify types of assets that could be better protected with a new or modified Standard. • Identify supply chain processes that could be better protected by a Standard. • Identify controls or modifications that could be included in the Standard. • Identify existing mandatory or voluntary standards or security guidelines that could form the basis of the Standard. • Address how the verification of supply chain risk mitigation could be measured, benchmarked and/or audited. • Present and justify a reasonable timeframe for development and implementation of a Standard. • Discuss whether a Standard could be a catalyst for technical innovation and market competition. Panelists: 1. Michael Kuberski, Manager, Grid Protection and Automation, Pepco Holdings Inc. (PHI) 2. Jonathan Appelbaum, Director, NERC Compliance, The United Illuminating Company 3. Brent Castegnetto, Manager, Cyber Security Audits & Investigations, WECC 4. Art Conklin, Ph.D., Associate Professor and Director of the Center for Information Security Research and Education, University of Houston 5. Edna Conway, Chief Security Officer, Value Chain Security, Cisco 6. Bryan Owen, Principal Cyber Security Manager, OSIsoft 7. Albert Ruocco, Vice President and Chief Technology Officer, American Electric Power (AEP) 8. Doug Thomas, Vice President and Chief Information Officer, Ontario Independent Electricity System Operation (IESO) Break 2:30 p.m.–2:45 p.m. Panel 3: Current Supply Chain Risk Management Practices and Collaborative Efforts 2:45 p.m.–4:15 p.m. The Commission staff seeks information about existing supply chain risk management efforts for information and communications technology and industrial control system hardware, software, and services in other critical infrastructure sectors and the government. Panelists are encouraged to address: • Generally describe how registered entities and other organizations currently manage supply chain issues. • Identify standards or guidelines that are used to establish supply chain risk management practices. Specifically, discuss experience under those standards or guidelines. PO 00000 Frm 00028 Fmt 4703 Sfmt 9990 • Identify organizational roles involved in the development and implementation of supply chain risk management practices. • Generally describe approaches for identifying, evaluating, mitigating, and monitoring supply chain risk. • Generally discuss how supply chain risk is addressed in the contracting process with vendors and suppliers. • Generally describe the capabilities that registered entities currently have to inspect third party information security practices. • Generally describe the capabilities that registered entities currently have to negotiate for additional security in their hardware, software, and service contracts. Describe how this may vary based on the potential vendor or supplier and the type of service to be provided. • Generally describe how vendors and suppliers are managing risk in their supply chain. Panelists: 1. Douglas Bauder, Vice President, Operational Services, and Chief Procurement Officer, Southern California Edison 2. Andrew Bochman, Senior Cyber & Energy Security Strategist, INL/DOE 3. Dave Whitehead, Vice President of Research and Development, Schweitzer Engineering 4. Andrew Ginter, Vice President, Industrial Security, Waterfall Security Solutions 5. Steve Griffith, Industry Director, National Electrical Manufacturers Association (NEMA) 6. Maria Jenks, Vice President, Supply Chain, Kansas City Power & Light (KCP&L) 7. Robert McClanahan, Vice President/Chief Information Officer, Arkansas Electric Cooperative Corporation (AECC) 8. Thomas O’Brien, Chief Information Officer, PJM Interconnection, LLC 4:15 p.m.–4:30 p.m. Closing Remarks Dated: December 28, 2015. Nathaniel J. Davis, Sr., Deputy Secretary. [FR Doc. 2015–33035 Filed 12–31–15; 8:45 am] BILLING CODE 6717–01–P E:\FR\FM\04JAN1.SGM 04JAN1

Agencies

[Federal Register Volume 81, Number 1 (Monday, January 4, 2016)]
[Notices]
[Pages 87-88]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-33035]


-----------------------------------------------------------------------

DEPARTMENT OF ENERGY

Federal Energy Regulatory Commission

[Docket No. RM15-14-000]


Revised Critical Infrastructure Protection Reliability Standards; 
Supplemental Notice of Agenda and Discussion Topics for Staff Technical 
Conference

    This notice establishes the agenda and topics for discussion at the 
technical conference to be held on January 28, 2016, to discuss issues 
related to supply chain risk management. The technical conference will 
start at 9:30 a.m. and end at approximately 4:30 p.m. (Eastern Time) in 
the Commission Meeting Room at the Commission's Headquarters, 888 First 
Street NE., Washington, DC. The technical conference will be led by 
Commission staff, and FERC Commissioners may be in attendance. All 
interested parties are invited to attend, and registration is not 
required.
    The topics and related questions to be discussed during this 
conference are provided as an attachment to this Notice. The purpose of 
the technical conference is to facilitate a structured dialogue on 
supply chain risk management issues identified by the Commission in the 
Revised Critical Infrastructure Protection Standards Notice of Proposed 
Rulemaking (NOPR) issued in this proceeding and raised in public 
comments to the NOPR. Prepared remarks will be presented by invited 
panelists.
    This event will be webcast and transcribed. The free webcast allows 
listening only. Anyone with internet access who desires to listen to 
this event can do so by navigating to the ``FERC Calendar'' at 
www.ferc.gov, and locating the technical conference in the Calendar of 
Events. Opening the technical conference in the Calendar of Events will 
reveal a link to its webcast. The Capitol Connection provides technical 
support for the webcast and offers the option of listening to the 
meeting via phone-bridge for a fee. If you have any questions, visit 
www.CapitolConnection.org or call 703-993-3100. The webcast will be 
available on the Calendar of Events at www.ferc.gov for three months 
after the conference. Transcripts of the conference will be immediately 
available for a fee from Ace-Federal Reporters, Inc. (202-347-3700).
    FERC conferences are accessible under section 508 of the 
Rehabilitation Act of 1973. For accessibility accommodations, please 
send an email to accessibility@ferc.gov or call toll free (866) 208-
3372 (voice) or (202) 502-8659 (TTY), or send a fax to (202) 208-2106 
with the requested accommodations.
    There is no fee for attendance. However, members of the public are 
encouraged to preregister online at: https://www.ferc.gov/whats-new/registration/01-28-16-form.asp.
    For more information about the technical conference, please 
contact: Sarah McKinley, Office of External Affairs, 202-502-8368, 
sarah.mckinley@ferc.gov.

Critical Infrastructure Protection Supply Chain Risk Management RM15-
14-000

January 28, 2016

Agenda
Welcome and Opening Remarks by Commission Staff
9:30-9:45 a.m.
Introduction
    In a July 16, 2015 Notice of Proposed Rulemaking (NOPR) in the 
above-captioned docket, the Commission proposed to direct the North 
American Electric Reliability Corporation (NERC) to develop new or 
modified Critical Infrastructure Protection (CIP) Reliability Standards 
to provide security controls relating to supply chain risk management 
for industrial control system hardware, software, and services. The 
Commission sought and received comments on this proposal, including: 
(1) The NOPR proposal to direct that NERC develop a Reliability 
Standard to address supply chain risk management; (2) the anticipated 
features of, and requirements that should be included in, such a 
standard; and (3) a reasonable timeframe for development of a standard. 
The purpose of this conference is to clarify issues, share information, 
and determine the proper response to address security control and 
supply chain risk management concerns.
Staff Presentation: Supply Chain Efforts by Certain Other Federal 
Agencies
9:45 a.m.-10:05 a.m.

[[Page 88]]

Break
10:05 p.m.-10:15 p.m.
Panel 1: Need for a New or Modified Reliability Standard
10:15 a.m.-11:45 a.m.
    The Commission staff seeks information about the need for a new or 
modified Reliability Standard to manage supply chain risks for 
industrial control system hardware, software, and computing and 
networking services associated with bulk electric system operations. 
Panelists are encouraged to address:
     Identify challenges faced in managing supply chain risk.
     Describe how the current CIP Standards provide supply 
chain risk management controls.
     Describe how the current CIP Standards incentivize or 
inhibit the introduction of more secure technology.
     Identify possible other approaches that the Commission can 
take to mitigate supply chain risks.
Panelists:
    1. Nadya Bartol, Vice President, Industry Affairs and Cybersecurity 
Strategist, UTC
    2. Jon Boyens, Project Manager, Information Communication 
Technology (ICT) Supply Chain Risk Management, National Institute of 
Standards & Technology (NIST)
    3. John Galloway, Director, Cyber Security, ISO New England
    4. John Goode, Chief Information Officer/Senior Vice President, 
Midcontinent Independent System Operator (MISO)
    5. Barry Lawson, Associate Director, Power Delivery & Reliability, 
National Rural Electric Cooperative Association (NRECA)
    6. Helen Nalley, Compliance Director, Southern Company
    7. Jacob Olcott, Vice President of Business Development, Bitsight 
Tech
    8. Marcus Sachs, Senior Vice President and Chief Security Officer, 
North American Electric Reliability Corporation (NERC)
Lunch
11:45 a.m.-1:00 p.m.
Panel 2: Scope and Implementation of a New or Modified Standard
1:00 p.m.-2:30 p.m.
    The Commission staff seeks information about the scope and 
implementation of a new or modified Standard to manage supply chain 
risks for industrial control system hardware, software, and computing 
and networking services associated with bulk electric system 
operations. Panelists are encouraged to address:
     Identify types of assets that could be better protected 
with a new or modified Standard.
     Identify supply chain processes that could be better 
protected by a Standard.
     Identify controls or modifications that could be included 
in the Standard.
     Identify existing mandatory or voluntary standards or 
security guidelines that could form the basis of the Standard.
     Address how the verification of supply chain risk 
mitigation could be measured, benchmarked and/or audited.
     Present and justify a reasonable timeframe for development 
and implementation of a Standard.
     Discuss whether a Standard could be a catalyst for 
technical innovation and market competition.
Panelists:
    1. Michael Kuberski, Manager, Grid Protection and Automation, Pepco 
Holdings Inc. (PHI)
    2. Jonathan Appelbaum, Director, NERC Compliance, The United 
Illuminating Company
    3. Brent Castegnetto, Manager, Cyber Security Audits & 
Investigations, WECC
    4. Art Conklin, Ph.D., Associate Professor and Director of the 
Center for Information Security Research and Education, University of 
Houston
    5. Edna Conway, Chief Security Officer, Value Chain Security, Cisco
    6. Bryan Owen, Principal Cyber Security Manager, OSIsoft
    7. Albert Ruocco, Vice President and Chief Technology Officer, 
American Electric Power (AEP)
    8. Doug Thomas, Vice President and Chief Information Officer, 
Ontario Independent Electricity System Operation (IESO)
Break
2:30 p.m.-2:45 p.m.
Panel 3: Current Supply Chain Risk Management Practices and 
Collaborative Efforts
2:45 p.m.-4:15 p.m.
    The Commission staff seeks information about existing supply chain 
risk management efforts for information and communications technology 
and industrial control system hardware, software, and services in other 
critical infrastructure sectors and the government. Panelists are 
encouraged to address:
     Generally describe how registered entities and other 
organizations currently manage supply chain issues.
     Identify standards or guidelines that are used to 
establish supply chain risk management practices. Specifically, discuss 
experience under those standards or guidelines.
     Identify organizational roles involved in the development 
and implementation of supply chain risk management practices.
     Generally describe approaches for identifying, evaluating, 
mitigating, and monitoring supply chain risk.
     Generally discuss how supply chain risk is addressed in 
the contracting process with vendors and suppliers.
     Generally describe the capabilities that registered 
entities currently have to inspect third party information security 
practices.
     Generally describe the capabilities that registered 
entities currently have to negotiate for additional security in their 
hardware, software, and service contracts. Describe how this may vary 
based on the potential vendor or supplier and the type of service to be 
provided.
     Generally describe how vendors and suppliers are managing 
risk in their supply chain.
Panelists:
    1. Douglas Bauder, Vice President, Operational Services, and Chief 
Procurement Officer, Southern California Edison
    2. Andrew Bochman, Senior Cyber & Energy Security Strategist, INL/
DOE
    3. Dave Whitehead, Vice President of Research and Development, 
Schweitzer Engineering
    4. Andrew Ginter, Vice President, Industrial Security, Waterfall 
Security Solutions
    5. Steve Griffith, Industry Director, National Electrical 
Manufacturers Association (NEMA)
    6. Maria Jenks, Vice President, Supply Chain, Kansas City Power & 
Light (KCP&L)
    7. Robert McClanahan, Vice President/Chief Information Officer, 
Arkansas Electric Cooperative Corporation (AECC)
    8. Thomas O'Brien, Chief Information Officer, PJM Interconnection, 
LLC
4:15 p.m.-4:30 p.m. Closing Remarks

    Dated: December 28, 2015.
Nathaniel J. Davis, Sr.,
Deputy Secretary.
[FR Doc. 2015-33035 Filed 12-31-15; 8:45 am]
 BILLING CODE 6717-01-P