Transmission and distribution: ABB has announced details for an upcoming NERC CIP education webinar series this fall. This free, eight-part series provides specific guidance for utility personnel in the US and Canada faced with the daunting task of identifying their bulk power systems and executing compliance programs to meet the North American Reliability Corporation (NERC)’s Critical Infrastructure Protection (CIP) Version 5 (CIP Version 5) mandatory standards by April 1, 2016.
NERC is an international regulatory authority, with a mission to ensure the reliability of the Bulk Electric System across North America. Drafted by teams from within the electrical industry, the new version of the CIP Standards significantly effects not only entities with on-going CIP Version 3 compliance programs, but also many entities completely new to Cyber Security Compliance. Version 5 adopts new cybersecurity controls and vastly extends the scope of the systems that the CIP standards protect. Only those entities with an adequate understanding of the changes may implement a CIP Version 5 program to meet these enhanced Standards in an effective manner.
The webinar series addresses today’s utility challenges with CIP Version 5 compliance in both physical and cyber security, and discusses the new requirements for CIP-014 Physical Risk Assessments added recently after the Metcalf transmission sniper attack. Participants will gain an understanding that will help classify their BES Cyber System Impact levels as subject to CIP Version 5, understand risk assessment for substations, and learn best practices in cyber security and malicious software controls. The series will provide answers pressing questions, including discussions of the audit approach expected from the regulators, concepts in use throughout other sectors, useful documents and published studies, and the importance of concepts such as Change Management.
Eight one-hour webinars make up the series (all times are Eastern Time):
• Cyber system categorization (power generation specific) Thurs., Sept. 25, 12:00 p.m.
A workshop for in-depth examination of process approaches to CIP-002-5.1, R1 for BES Cyber System categorization for generation owners and operators (GO/GOP).
• NERC CIP Version 5 transition Wed., Oct. 8 at 2:00 p.m.
The basics of NERC CIP Version 5 and the differences between Version 3 and Version 5 with special emphasis on CIP-002-5 Impact Levels.
• Change management Wed., Oct. 15 at 2:00 p.m.
A discussion of Change Management to highlight an area of perhaps the greatest recurring effort required by the CIP Standards.
• Baseline management Wed., Oct. 22 at 2:00 p.m.
Dealing directly with the concepts of Baseline and Security Controls Testing, automation and workflow become key to meeting Version 5 compliance.
• Cyber asset grouping (power generation specific) Thurs., Oct. 23 at 12:00 p.m.
Process approaches to CIP-002-5.1 R1, pertaining to BES cyber asset categorization, for generation owners and operators (GO/GOP)
Access management and malicious software controls Wed., Oct. 29 at 2 p.m.
• Malicious Software Prevention control requirement changes for Version 5 and the intricacies of account and Access Management.
• Low assets and future CIP versions (power generation specific) Wed., Nov. 5 at 2:00 p.m.
Compliance requirements for entities with Low Impact assets, Reliability Standard Audit Worksheets, and future Standard activities.
• Identification and review of critical transmission assets Wed., Nov. 12 at 2:00 p.m.
Approaches to the guidelines and criteria highlighted by NERC to fulfill the risk assessment goal of the new CIP-014-1 Physical Security Standard.
“We realize that understanding, assessing and meeting the NERC CIP Version 5 mandatory standards by early 2016 represents an overwhelming challenge to many utilities throughout North America,” said Mike Radigan, Senior Advisor, Cyber Risk Management for ABB, and one of the webinar presenters. “So we are pleased to offer our utility partners the appropriate guidance, collaboration and specific resources to assist with their NERC CIP preparation, planning and submissions to meet the April, 2016 deadline.”
In addition to Mike Radigan, other webinar presenters will include: Joseph Baxter, NERC CIP Lead, ABB (and former NERC CIP auditor); Joe Doetzl, Head of Cyber Security, Ventyx (FERC Order 706 Drafting Team & former NERC compliance consultant); Tim Conway, Chair of NERC CIP Interpretation Drafting Team; Martin Shalhoub, Manager, Business Development, ABB Power Consulting; and Dr. Seshadri Subramanian, Senior Principal Consultant, ABB Power Consulting.
To view course descriptions, webinar calendar and registration information, visit: http://new.abb.com/us/about/nerc-cip-education.