NERC Critical Infrastructure Protection Committee (CIPC) - - PowerPoint PPT Presentation

NERC Critical Infrastructure Protection Committee (CIPC) Highlights

John Hochevar, ATC

MRO Board of Directors Meeting October 4, 2018

NERC CIPC MRO Representatives Encompass Four Industry Sectors and Cyber, Physical, and Operations Security

Voting Members:

• Cyber: Marc Child, Great River Energy
• Physical: Paul Crist, Lincoln Electric System
• Operations: Damon Ounsworth, Saskatchewan Power

Alternate Voting Members:

• Cyber: John Hochevar, American Transmission Company
• Physical: Mike Kraft, Basin Electric Power Cooperative
• Operations: Armin Boschmann, Manitoba Hydro

At Large Security Members:

• Steen Fjalstad, Midwest Reliability Organization

2

NERC CIPC Organizational Chart

• 1. Meeting Agenda – 9/2018 Minneapolis

Charter update approved

• SPP seats removed
• 28 voting members remain
• Executive Committee considering new voting seat for IRO/RTO Council

Supply Chain

• EPRI Supply Chain Risk Report submitted to NERC & FERC
• “Open Letter to Vendors” – work is progressing
• Liaison established with Idaho National Lab for legacy systems testing
• Potential for six new guidelines, new shortened format

─ Cloud services, secure hardware delivery, provenance, threat-informed procurement,

risk mgmt lifecycles, open-source technology

• 2. Meeting Agenda – 9/2018 Minneapolis

Cloud security

• FedRAMP & encryption as access control
• Tabletop exercise under development

Workplan items

• Physical – key management guideline
• Cyber/physical – fuel handling SCADA systems for Generation
• Cyber – FERC remote access study findings
• Compliance – Voice over IP
• New whitepaper being debated

─ “Applying core CIP controls to non-BES technologies” ─ Scope might include: Customer information systems, distribution management systems, asset

management systems, outage management systems, synchrophasers, inverters, voice-over-IP phone systems, natural gas fuel-handling SCADA systems & associated HMIs