Market Participant Comment and Rationale Form AESO AUTHORITATIVE DOCUMENT PROCESS
by user
Comments
Transcript
Market Participant Comment and Rationale Form AESO AUTHORITATIVE DOCUMENT PROCESS
Market Participant Comment and Rationale Form AESO AUTHORITATIVE DOCUMENT PROCESS Market Participant Consultation Draft 2013-12-12 Consultation on Proposed New Critical Infrastructure Protection (“CIP”) Alberta Reliability Standard: CIP-005-AB-5 Electronic Security Perimeter(s) (“CIP-005-AB-5”) Date of Request for Comment [yyyy/mm/dd]: Period of Consultation [yyyy/mm/dd]: Comments From: AltaLink Date [yyyy/mm/dd]: 2014/02/07 2014/02/07 2013/12/12 through 2014/02/07 Contact: Rick Spyker Phone: 403-267-3433 E-mail: [email protected] Listed below is the summary description for the proposed new sections of the Alberta reliability standards. Please refer back to the Consultation Letter under the “Attachments” section to view the actual proposed content to the Alberta reliability standards. Please place your comments/reasons for position underneath (if any). 1. CIP-005-AB-5 a) New The AESO is seeking comments from market participants with regard to the following matters: 1. Are there any requirements contained in CIP-005-AB-5 that are not clearly articulated? If yes, please indicate the specific section of CIP-005-AB-5, describe the concern and suggest alternative language. 2. Do market participants have any concerns that CIP-005-AB-5 is not capable of being applied in Alberta? If appropriate, please indicate the specific section of CIP-005-AB-5 and describe the concern. 3. Do market participants disagree with any CIP-005-AB-5 Alberta variances that are contained in CIP-005-AB-5? If appropriate, please indicate the specific section of CIP-005-AB-5, describe the concern and suggest alternative language. Issued for Market Participant Consultation: 2013-12-12 Market Participant Comments and/or Alternative Proposal Comment # 1: AESO Replies AESO Reply # 1: AESO to provide Regarding R1.1 All applicable Cyber Assets connected to a network via a routable protocol shall reside within a defined ESP. We need to define if the ESP is at the substation boundary (at the 7705) which is more applicable to an island entity like a generator or if the boundary in our case is really between the Ops network at the Enterprise / Internet as we have a meshed private telecom / OT network. Please provide clarification of the electronic security perimeter in the context of a power transmission company. Page 1 of 2 Comment # 2: Regarding R2.3 Require multi‐factor authentication for all Interactive Remote Access sessions. Please provide an acceptable standard for meeting multi-factor authentication. Are key fobs, locked doors, on premise, known fixed source IPs, etc. acceptable as nd 2 factor? b) Other [Note to Market Participants: please copy and paste the section of CIP-005-AB-5 being commented on here] Issued for Market Participant Consultation: 2013-12-12 Comment # 1: Insert Comments / Reason for Position (if any) AESO Reply # 1: AESO to provide Page 2 of 2