Market Participant Comment and Rationale Form AESO AUTHORITATIVE DOCUMENT PROCESS
by user
Comments
Transcript
Market Participant Comment and Rationale Form AESO AUTHORITATIVE DOCUMENT PROCESS
Market Participant Comment and Rationale Form AESO AUTHORITATIVE DOCUMENT PROCESS Market Participant Consultation Draft 2013-12-12 Consultation on Proposed New Critical Infrastructure Protection (“CIP”) Alberta Reliability Standards Terms and Definitions (“proposed CIP ARS Terms and Definitions”) Date of Request for Comment [yyyy/mm/dd]: Period of Consultation [yyyy/mm/dd]: 2014/02/07 2013/12/12 Comments From: Encana Power and Processing ULC Date [yyyy/mm/dd]: 2014/02/04 through 2014/02/07 Contact: Kent Lindholm Phone: 403-901-1081 E-mail: Kent.Lindholm@encana.com Proposed CIP ARS Terms and Definitions Term NERC Definition Proposed Alberta Definition adverse reliability impact The impact of an event that results in frequency-related instability; unplanned tripping of load or generation; or uncontrolled separation or cascading outages that affects a widespread area of the Interconnection. the impact of an event that results in frequency-related instability; unplanned tripping of load or generation; or uncontrolled separation or cascading outages that affects a widespread area of the Interconnection. BES cyber asset A Cyber Asset that if rendered unavailable, degraded, or misused would, within 15 minutes of its required operation, misoperation, or non-operation, adversely impact one or more Facilities, systems, or equipment, which, if destroyed, degraded, or otherwise rendered unavailable when needed, a cyber asset that if rendered unavailable, degraded, or misused would, within 15 minutes of its required operation, misoperation, or non-operation, adversely impact one or more facilities, systems, or equipment, which, if destroyed, degraded, or otherwise rendered unavailable when needed, would affect the reliable operation of the bulk electric system. Redundancy of affected facilities, systems, and Issued for Market Participant Consultation: 2013-12-12 Blackline Comparison of the NERC Definition and the Proposed AESO Definition Thethe impact of an event that results in frequency-related instability; unplanned tripping of load or generation; or uncontrolled separation or cascading outages that affects a widespread area of the Interconnection. Market Participant Comments and/or Alternate Proposal AESO Reply AESO Reply # 1: AESO to provide A Cyber Asseta cyber asset that if rendered unavailable, degraded, or misused would, within 15 minutes of its required operation, misoperation, or nonoperation, adversely impact one or more Facilitiesfacilities, systems, or equipment, which, if destroyed, degraded, or otherwise rendered unavailable when needed, would affect the reliable operation of the Bulk Page 1 of 9 Proposed CIP ARS Terms and Definitions Term NERC Definition Proposed Alberta Definition would affect the reliable operation of the Bulk Electric System. Redundancy of affected Facilities, systems, and equipment shall not be considered when determining adverse impact. Each BES Cyber Asset is included in one or more BES Cyber Systems. (A Cyber Asset is not a BES Cyber Asset if, for 30 consecutive calendar days or less, it is directly connected to a network within an ESP, a Cyber Asset within an ESP, or to a BES Cyber Asset, and it is used for data transfer, vulnerability assessment, maintenance, or troubleshooting purposes.) equipment shall not be considered when determining adverse impact. Each BES cyber asset is included in one or more BES cyber systems. (A cyber asset is not a BES cyber asset if, for 30 consecutive days or less, it is directly connected to a network within an electronic security perimeter, a cyber asset within an electronic security perimeter, or to a BES cyber asset, and it is used for data transfer, vulnerability assessment, maintenance, or troubleshooting purposes.) BES cyber system One or more BES Cyber Assets logically grouped by a responsible entity to perform one or more reliability tasks for a functional entity. one or more BES cyber assets logically grouped to perform one or more reliability tasks for a functional entity. BES cyber system information Information about the BES Cyber System that could be used to gain unauthorized access or pose a security threat to the BES Cyber System. BES Cyber System Information does not include individual pieces of information information about the BES cyber system that could be used to gain unauthorized access or pose a security threat to the BES cyber system. BES cyber system information does not include individual pieces of information that by themselves do not pose a threat or could not be used to allow Issued for Market Participant Consultation: 2013-12-12 Blackline Comparison of the NERC Definition and the Proposed AESO Definition Electric System.bulk electric system. Redundancy of affected Facilitiesfacilities, systems, and equipment shall not be considered when determining adverse impact. Each BES Cyber Assetcyber asset is included in one or more BES Cyber Systems.cyber systems. (A Cyber Assetcyber asset is not a BES Cyber Assetcyber asset if, for 30 consecutive calendar days or less, it is directly connected to a network within an ESPelectronic security perimeter, a Cyber Assetcyber asset within an ESPelectronic security perimeter, or to a BES Cyber Assetcyber asset, and it is used for data transfer, vulnerability assessment, maintenance, or troubleshooting purposes.) Oneone or more BES Cyber Assetscyber assets logically grouped by a responsible entity to perform one or more reliability tasks for a functional entity. Market Participant Comments and/or Alternate Proposal AESO Reply Informationinformation about the BES Cyber Systemcyber system that could be used to gain unauthorized access or pose a security threat to the BES Cyber Systemcyber system. BES Cyber System Informationcyber system information does not include individual pieces of Page 2 of 9 Proposed CIP ARS Terms and Definitions Term blackstart resource NERC Definition Proposed Alberta Definition that by themselves do not pose a threat or could not be used to allow unauthorized access to BES Cyber Systems, such as, but not limited to, device names, individual IP addresses without context, ESP names, or policy statements. Examples of BES Cyber System Information may include, but are not limited to, security procedures or security information about BES Cyber Systems, Physical Access Control Systems, and Electronic Access Control or Monitoring Systems that is not publicly available and could be used to allow unauthorized access or unauthorized distribution; collections of network addresses; and network topology of the BES Cyber System. unauthorized access to BES cyber systems, such as, but not limited to, device names, individual IP addresses without context, electronic security perimeter names, or policy statements. A generating unit(s) and its associated set of equipment which has the ability to be started without support from the System or is designed to remain energized without connection to the remainder of the System, with the ability to energize a bus, meeting the Transmission Operator’s restoration plan needs for real and reactive power capability, frequency and voltage control, a generating unit or aggregated generating facility and its associated set of equipment which has the ability to be started without support from the system or is designed to remain energized without connection to the remainder of the system, with the ability to energize a dead bus, meeting the restoration plan needs for real power and reactive power capability, frequency and voltage control, and that has been included Issued for Market Participant Consultation: 2013-12-12 Blackline Comparison of the NERC Definition and the Proposed AESO Definition information that by themselves do not pose a threat or could not be used to allow unauthorized access to BES Cyber Systemscyber systems, such as, but not limited to, device names, individual IP addresses without context, ESPelectronic security perimeter names, or policy statements. Examples of BES Cyber System Information may include, but are not limited to, security procedures or security information about BES Cyber Systems, Physical Access Control Systems, and Electronic Access Control or Monitoring Systems that is not publicly available and could be used to allow unauthorized access or unauthorized distribution; collections of network addresses; and network topology of the BES Cyber System. Aa generating unit(s) or aggregated generating facility and its associated set of equipment which has the ability to be started without support from the Systemsystem or is designed to remain energized without connection to the remainder of the Systemsystem, with the ability to energize a dead bus, meeting the Transmission Operator’s restoration plan needs for real power and reactive power Market Participant Comments and/or Alternate Proposal AESO Reply Page 3 of 9 Proposed CIP ARS Terms and Definitions Term NERC Definition Proposed Alberta Definition and that has been included in the Transmission Operator’s restoration plan. in the restoration plan. CIP exceptional circumstance A situation that involves or threatens to involve one or more of the following, or similar, conditions that impact safety or BES reliability: a risk of injury or death; a natural disaster; civil unrest; an imminent or existing hardware, software, or equipment failure; a Cyber Security Incident requiring emergency assistance; a response by emergency services; the enactment of a mutual assistance agreement; or an impediment of large scale workforce availability. a situation that involves or threatens to involve one or more of the following, or similar, conditions that impact safety or bulk electric system reliability: a risk of injury or death; a natural disaster; civil unrest; an imminent or existing hardware, software, or equipment failure; a cyber security incident requiring emergency assistance; a response by emergency services; the enactment of a mutual assistance agreement; or an impediment of large scale workforce availability. CIP senior manager A single senior management official with overall authority and responsibility for leading and managing implementation of and continuing adherence to the requirements within the NERC CIP Standards, CIP002 through CIP-011. a single senior management official with overall authority and responsibility for leading and managing implementation of and continuing adherence to the requirements within the CIP reliability standards, CIP-002 through CIP-011. control centre One or more facilities hosting operating personnel that monitor and control the Bulk Electric System (BES) in realtime to perform the reliability tasks, including their one or more facilities hosting operating personnel that monitor and control the bulk electric system in real-time to perform the reliability tasks, including their associated data centers, of: 1) the ISO, 2) an operator of a Issued for Market Participant Consultation: 2013-12-12 Blackline Comparison of the NERC Definition and the Proposed AESO Definition capability, frequency and voltage control, and that has been included in the Transmission Operator’s restoration plan. Aa situation that involves or threatens to involve one or more of the following, or similar, conditions that impact safety or BESbulk electric system reliability: a risk of injury or death; a natural disaster; civil unrest; an imminent or existing hardware, software, or equipment failure; a Cyber Security Incidentcyber security incident requiring emergency assistance; a response by emergency services; the enactment of a mutual assistance agreement; or an impediment of large scale workforce availability. Aa single senior management official with overall authority and responsibility for leading and managing implementation of and continuing adherence to the requirements within the NERC CIP Standardsreliability standards, CIP-002 through CIP011. Oneone or more facilities hosting operating personnel that monitor and control the Bulk Electric System (BES)bulk electric system in real-time to perform the reliability tasks, including their associated data centers, of: 1) a Market Participant Comments and/or Alternate Proposal AESO Reply Comment # 1 : It is Encana’s understanding that the ‘control center’ definition would not apply to a control room of a transmission facility that radially connects a single generating facility to the Page 4 of 9 Proposed CIP ARS Terms and Definitions Term NERC Definition Proposed Alberta Definition associated data centers, of: 1) a Reliability Coordinator, 2) a Balancing Authority, 3) a Transmission Operator for transmission Facilities at two or more locations, or 4) a Generator Operator for generation Facilities at two or more locations. transmission facility for transmission facilities at two or more locations, or 3) an operator of a generating unit or an operator of an aggregated generating facility for generating units or aggregated generating facilities at two or more locations. cranking path A portion of the electric system that can be isolated and then energized to deliver electric power from a generation source to enable the startup of one or more other generating units. a portion of the electric system that can be isolated and then energized to deliver electric power from a generation source to enable the startup of one or more other generating units or aggregated generating facilities. cyber asset Programmable electronic devices, including the hardware, software, and data in those devices. programmable electronic devices, including the hardware, software, and data in those devices. cyber security incident A malicious act or suspicious event that: • Compromises, or was an attempt to compromise, the Electronic Security Perimeter or Physical Security Perimeter or, • Disrupts, or was an attempt to disrupt, the operation of a BES Cyber System. a malicious act or suspicious event that: • compromises, or was an attempt to compromise, the electronic security perimeter or physical security perimeter or, • disrupts, or was an attempt to disrupt, the operation of a BES cyber system. Issued for Market Participant Consultation: 2013-12-12 Blackline Comparison of the NERC Definition and the Proposed AESO Definition Reliability Coordinatorthe ISO, 2) a Balancing Authority, 3) a Transmission Operatoran operator of a transmission facility for transmission Facilitiesfacilities at two or more locations, or 4) a Generator Operator3) an operator of a generating unit or an operator of an aggregated generating facility for generation Facilitiesgenerating units or aggregated generating facilities at two or more locations. Aa portion of the electric system that can be isolated and then energized to deliver electric power from a generation source to enable the startup of one or more other generating units. or aggregated generating facilities. Programmableprogrammable electronic devices, including the hardware, software, and data in those devices. Market Participant Comments and/or Alternate Proposal AESO Reply BES. Likewise, it is Encana’s understanding that the ‘control center’ definition would not apply to the control room of a single generating facility. Please clarify that this is the intent of the ‘control center’ definition. Comment # 2 : Please clarify the requirements for establishing ‘cranking paths’ within the Alberta BES. Aa malicious act or suspicious event that: • Compromisescompromises, or was an attempt to compromise, the Electronic Security Perimeterelectronic security perimeter or Physical Security Perimeterphysical security perimeter or, • Disruptsdisrupts, or was an Page 5 of 9 Proposed CIP ARS Terms and Definitions Term NERC Definition Proposed Alberta Definition dial-up connectivity A data communication link that is established when the communication equipment dials a phone number and negotiates a connection with the equipment on the other end of the link. a data communication link that is established when the communication equipment dials a phone number and negotiates a connection with the equipment on the other end of the link. electronic access control or monitoring systems Cyber Assets that perform electronic access control or electronic access monitoring of the Electronic Security Perimeter(s) or BES Cyber Systems. This includes Intermediate Devices. cyber assets that perform electronic access control or electronic access monitoring of the electronic security perimeter(s) or BES cyber systems. This includes intermediate systems. electronic access point A Cyber Asset interface on an Electronic Security Perimeter that allows routable communication between Cyber Assets outside an Electronic Security Perimeter and Cyber Assets inside an Electronic Security Perimeter. a cyber asset interface on an electronic security perimeter that allows routable communication between cyber assets outside an electronic security perimeter and cyber assets inside an electronic security perimeter. electronic security perimeter The logical border surrounding a network to which BES Cyber Systems are connected using a routable protocol. the logical border surrounding a network to which BES cyber systems are connected using a routable protocol. Issued for Market Participant Consultation: 2013-12-12 Blackline Comparison of the NERC Definition and the Proposed AESO Definition attempt to disrupt, the operation of a BES Cyber Systemcyber system. Aa data communication link that is established when the communication equipment dials a phone number and negotiates a connection with the equipment on the other end of the link. Market Participant Comments and/or Alternate Proposal AESO Reply Cyber Assetscyber assets that perform electronic access control or electronic access monitoring of the Electronic Security Perimeterelectronic security perimeter(s) or BES Cyber Systems.cyber systems. This includes Intermediate Devicesintermediate systems. A Cyber Asseta cyber asset interface on an Electronic Security Perimeterelectronic security perimeter that allows routable communication between Cyber Assetscyber assets outside an Electronic Security Perimeterelectronic security perimeter and Cyber Assetscyber assets inside an Electronic Security Perimeterelectronic security perimeter. Thethe logical border surrounding a network to which BES Cyber Systemscyber systems are connected using a routable protocol. Page 6 of 9 Proposed CIP ARS Terms and Definitions Term NERC Definition Proposed Alberta Definition external routable connectivity The ability to access a BES Cyber System from a Cyber Asset that is outside of its associated Electronic Security Perimeter via a bi-directional routable protocol connection. the ability to access a BES cyber system from a cyber asset that is outside of its associated electronic security perimeter via a bidirectional routable protocol connection. interactive remote access User-initiated access by a person employing a remote access client or other remote access technology using a routable protocol. Remote access originates from a Cyber Asset that is not an Intermediate Device and not located within any of the Responsible Entity’s Electronic Security Perimeter(s) or at a defined Electronic Access Point (EAP). Remote access may be initiated from: 1) Cyber Assets used or owned by the Responsible Entity, 2) Cyber Assets used or owned by employees, and 3) Cyber Assets used or owned by vendors, contractors, or consultants. Interactive remote access does not include system-to-system process communications. user-initiated access by a person employing a remote access client or other remote access technology using a routable protocol. Remote access originates from a cyber asset that is not an intermediate system and not located within any of the Responsible Entity’s electronic security perimeter(s) or at a defined electronic access point. Remote access may be initiated from: 1) cyber assets used or owned by the Responsible Entity, 2) cyber assets used or owned by employees, and 3) cyber assets used or owned by vendors, contractors, or consultants. Interactive remote access does not include system-to-system process communications. Issued for Market Participant Consultation: 2013-12-12 Note: the “Responsible Entity” referred to in this definition is identified in the applicability section of each Version 5 CIP Cyber Security reliability standard. Blackline Comparison of the NERC Definition and the Proposed AESO Definition Thethe ability to access a BES Cyber Systemcyber system from a Cyber Assetcyber asset that is outside of its associated Electronic Security Perimeterelectronic security perimeter via a bi-directional routable protocol connection. Market Participant Comments and/or Alternate Proposal AESO Reply Useruser-initiated access by a person employing a remote access client or other remote access technology using a routable protocol. Remote access originates from a Cyber Assetcyber asset that is not an Intermediate Deviceintermediate system and not located within any of the Responsible Entity’s Electronic Security Perimeterelectronic security perimeter(s) or at a defined Electronic Access Point (EAP).electronic access point. Remote access may be initiated from: 1) Cyber Assetscyber assets used or owned by the Responsible Entity, 2) Cyber Assetscyber assets used or owned by employees, and 3) Cyber Assetscyber assets used or owned by vendors, contractors, or consultants. Interactive remote access does not include system-to-system process communications. Page 7 of 9 Proposed CIP ARS Terms and Definitions Term NERC Definition Proposed Alberta Definition intermediate system A Cyber Asset or collection of Cyber Assets performing access control to restrict Interactive Remote Access to only authorized users. The Intermediate System must not be located inside the Electronic Security Perimeter. a cyber asset or collection of cyber assets performing access control to restrict interactive remote access to only authorized users. The intermediate system must not be located inside the electronic security perimeter. physical access control systems Cyber Assets that control, alert, or log access to the Physical Security Perimeter(s), exclusive of locally mounted hardware or devices at the Physical Security Perimeter such as motion sensors, electronic lock control mechanisms, and badge readers. cyber assets that control, alert, or log access to the physical security perimeter(s), exclusive of locally mounted hardware or devices at the physical security perimeter such as motion sensors, electronic lock control mechanisms, and badge readers. physical security perimeter The physical border surrounding locations in which BES Cyber Assets, BES Cyber Systems, or Electronic Access Control or Monitoring Systems reside, and for which access is controlled. the physical border surrounding locations in which BES cyber assets, BES cyber systems, or electronic access control or monitoring systems reside, and for which access is controlled. Issued for Market Participant Consultation: 2013-12-12 Blackline Comparison of the NERC Definition and the Proposed AESO Definition Note: the “Responsible Entity” referred to in this definition is identified in the applicability section of each Version 5 CIP Cyber Security reliability standard. A Cyber Asseta cyber asset or collection of Cyber Assetscyber assets performing access control to restrict Interactive Remote Accessinteractive remote access to only authorized users. The Intermediate Systemintermediate system must not be located inside the Electronic Security Perimeterelectronic security perimeter. Cyber Assetscyber assets that control, alert, or log access to the Physical Security Perimeterphysical security perimeter(s), exclusive of locally mounted hardware or devices at the Physical Security Perimeterphysical security perimeter such as motion sensors, electronic lock control mechanisms, and badge readers. Thethe physical border surrounding locations in which BES Cyber Assetscyber assets, BES Cyber Systemscyber systems, or Electronic Access Controlelectronic access control or Monitoring Systemsmonitoring systems Market Participant Comments and/or Alternate Proposal AESO Reply Page 8 of 9 Proposed CIP ARS Terms and Definitions Term NERC Definition Proposed Alberta Definition protected cyber assets One or more Cyber Assets connected using a routable protocol within or on an Electronic Security Perimeter that is not part of the highest impact BES Cyber System within the same Electronic Security Perimeter. The impact rating of Protected Cyber Assets is equal to the highest rated BES Cyber System in the same ESP. A Cyber Asset is not a Protected Cyber Asset if, for 30 consecutive calendar days or less, it is connected either to a Cyber Asset within the ESP or to the network within the ESP, and it is used for data transfer, vulnerability assessment, maintenance, or troubleshooting purposes. one or more cyber assets connected using a routable protocol within or on an electronic security perimeter that is not part of the highest impact BES cyber system within the same electronic security perimeter. The impact rating of protected cyber assets is equal to the highest rated BES cyber system in the same electronic security perimeter. A cyber asset is not a protected cyber asset if, for 30 consecutive days or less, it is connected either to a cyber asset within the electronic security perimeter or to the network within the electronic security perimeter, and it is used for data transfer, vulnerability assessment, maintenance, or troubleshooting purposes. reportable cyber security incident A Cyber Security Incident that has compromised or disrupted one or more reliability tasks of a functional entity. a cyber security incident that has compromised or disrupted one or more reliability tasks of a functional entity. Issued for Market Participant Consultation: 2013-12-12 Blackline Comparison of the NERC Definition and the Proposed AESO Definition reside, and for which access is controlled. Oneone or more Cyber Assetscyber assets connected using a routable protocol within or on an Electronic Security Perimeterelectronic security perimeter that is not part of the highest impact BES Cyber Systemcyber system within the same Electronic Security Perimeter.electronic security perimeter. The impact rating of Protected Cyber Assetsprotected cyber assets is equal to the highest rated BES Cyber Systemcyber system in the same ESP.electronic security perimeter. A Cyber Assetcyber asset is not a Protected Cyber Assetprotected cyber asset if, for 30 consecutive calendar days or less, it is connected either to a Cyber Assetcyber asset within the ESPelectronic security perimeter or to the network within the ESPelectronic security perimeter, and it is used for data transfer, vulnerability assessment, maintenance, or troubleshooting purposes. A Cyber Security Incidenta cyber security incident that has compromised or disrupted one or more reliability tasks of a functional entity. Market Participant Comments and/or Alternate Proposal AESO Reply Page 9 of 9