Related Files
Status
A formal comment period for draft two of CIP-002-Y — Cyber Security — BES Cyber System Categorization is open through 8 p.m. Eastern, Thursday, May 16, 2024. Additional
ballots for the standard and implementation plan, as well as a non-binding poll
of the associated Violation Risk Factors and Violation Severity Levels will be
conducted May 7 – 16, 2024.
The drafting team will integrate changes from Project 2016-02 (approved by the NERC board on May 9, 2024) into the next draft of CIP-002-Y.
Background/Purpose
The Standards Committee (SC) has tasked the Project 2021-03 standard drafting team (SDT) with the following:
- Transmission Owner Control Centers (TOCCs) – The SC assigned a portion of the Project 2016-02 SAR that relates to TOCCs to the Project 2021-03 SDT. That SAR portion is to review CIP-002 and evaluate the categorization of TOCCs performing the functional obligations of a Transmission Operator, specifically those that meet medium impact criteria. In addition, this SDT is assisting NERC staff in meeting the directive from the NERC Board of Trustees to conduct further study of the need to readdress the applicability of the Critical Infrastructure Protection Reliability Standards to these Control Centers to support reliability. To help meet this directive and the scope of the SAR, the SDT initiated a field test. The SC approved the Project 2021-03 Field Test Plan on November 17, 2021. There were three field tests conducted and the SDT is working on modifications to the CIP-002 Criterion 2.12 and the Control Center definition.
- CIP-002 and CIP-014 – This SAR provides revisions to CIP-002 and CIP-014 to clarify the responsibility of Reliability Coordinators, Planning Coordinators, and Transmission Planners in identifying Facilities that warrant consideration under these Reliability Standards. As it relates to the Transmission Planner and Planning Coordinator functions, the language “critical to the derivation of Interconnection Reliability Operating Limits (IROLs)" should be replaced/updated to appropriately identify Facilities that, if somehow compromised, could significantly impact the reliability of the Bulk Electric System (BES). Additionally, this SAR includes a review of the applicability of Facilities identified by the Reliability Coordinator as critical to the derivation of IROLs to CIP-002 and CIP-014. The SC accepted this SAR on July 21, 2021.
- CIP-002 SAR for Requirement R1 Parts 1.1 – 1.3 – This Standard Authorization Request is to consider if such a protocol converter meets the definition of a BES Cyber Asset by having an adverse impact to one or more facilities and the reliable operation on the BES. This includes consideration to the threat of unavailability, degradation, or misuse to a connected BES Cyber System and the aggregation of serial system-to-system communications from substations to Control Center BES Cyber Systems. As such, this project supports reliability by clarifying how these protocol converters should be categorized and if they are to reside within a defined Electronic Security Perimeter .
- CIP-002 – This SAR seeks to revise CIP-002 to include identification and categorization of certain Cyber Assets (Electronic Access Control or Monitoring Systems, Physical Access Control Systems, and Protected Cyber Assets) associated with high and medium impact BES Cyber Systems. The SC accepted this SAR on November 17, 2021.
- CIP-002-5.1a Criterion 1.3 Revision - This SAR seeks to require the TOP to categorize its BES Cyber System(s) as high impact that meet Criterion 2.6 as is also required of the BA and GOP in Criterion 1.2 and 1.4, respectively. By including Criterion 2.6 in Criterion 1.3, the TOP's BES Cyber Systems(s) will be properly categorized as high impact for Transmission Facilities at a single station or substation location that is identified as critical to the derivation of Interconnection Reliability Operating Limits (IROLs) and their associated contingencies.
Standard(s) Affected – CIP-002: Cyber Security – BES Cyber System Categorization and
CIP-014: Physical Security