Monday, February 20, 2012

NERC CIP V5 Drafting: Showstoppers and Tune-Ups Addressed
-Honeywell-Matrikon's Team Shares Latest as Key Next Draft Forms Up

Updated 2/24/2012
NERC CIP V5 continues to form up since the first ballot failed to pass even as much of the industry incrementally focuses more on CIP V4. The NERC approved V4 adds up to a rather straightforward application of CIP V3, plus prescriptive bright-line criteria to determine facilities in scope (instead of owner developed risk based assessment methodology permitted prior). NERC CIP V5 is a whole new ball game.

Lastest on NERC CIP V5 - Proposed Changes

Honeywell-Matrikon's [in]Security Culture Blog and webcasts continue offering solid insights for organizations focusing on where CIPs are heading, addressing related compliance challenges. From the Jan 30th posting SDT Meeting updates – Or, an informal open letter, Tom Alrich provides his opinions regarding the direction on a set of key V5 draft issues:
  1. Inventory for Low-Impact Assets
    - First draft would require an inventory of all assets for compliance. This is in conflict with the SDT's intent and should be resolved in the next draft.

  2. Asset Identification
    - First draft has a fatal flaw of requiring review of all assets to identify BES reliability Operation Services supported. Next draft should return back to the approach of starting with facility identification before going deeper to supporting assets- a much more feasible and reasonable methodology.

  3. DPs and LSEs
    - To only be included if they have one or more systems meeting the bright-line criteria.

  4. TO Control Centers
    - Transmission operators (TOPs) already on the hook, no need to also burden transmission owners.

  5. Blackstart Plants
    - First draft's direction of raising all to Medium Impact would be counterproductive to reliability. Generators have a choice on whether or not to participate in regional blackstart plans and the cost of CIP compliance significantly exceeds typical financial benefit. Many anticipate large withdrawal of blackstart units nationwide from plans, some say this is already happening. A compromise proposed would assign blackstart to Low impact if no external routable or dialup connectivity is used.

  6. Power Plant Thresholds - 1500 MW
    - Right now very few plants meet this threshold for cyber assets given multiple industrial control systems, not a single cyber system, typically supports production. Many see it likely FERC will decide to lower this threshold given increasing concerns about having sufficient bulk electric assets addressed.

    2/23 Update - A simple thought experiment:
    "How much of the Bulk Electric System would remain available if all related facilities not in the scope of NERC CIPs or Nuclear (NEI 08-09)
    were taken out of service?

    Honeywell-Matrikon's latest post by Tom Alrich explains more -
    Version 5: About those Large Plants…. (2/23): ".. The main question is whether FERC will be pleased with 7.2 percent of non-blackstart generating units being part of a plant that will be a Medium Impact facility under CIP Version 5 or a Critical Asset under Version 4."