Related Files
Status
The formal comment period, ballots, and non-binding poll for Project 2023-03 Internal Network Security concluded at 8 p.m. Eastern, Monday, March 18, 2024 for the following standard and implementation plan:
• CIP-015-1 – Internal Network Security Monitoring
• Implementation Plan
The drafting team will review all responses received during the comment period and determine the next steps of the project.
Following the January 2024 initial ballot and comments received, the DT decided to create a new CIP Reliability Standard. The new CIP Reliability Standard will be reflected in NERC’s system as an initial ballot, as it is the first ballot for Reliability Standard CIP-015. Although NERC’s system will reflect the posting as an initial ballot, this posting is an additional ballot for Project 2023-03. The existing CIP-007-X ballot pool is being used for all of the ballots associated with this project.
The Standards Committee approved waivers to the Standard Processes Manual at their August 2023 meetings. These waivers were sought by NERC Standards for reduced formal comment and ballot periods to assist the drafting teams in expediting the standards development process due to firm timeline expectations set by FERC Order 887.
BackgroundOn January 19, 2023, the Federal Energy Regulatory Commission (FERC) issued Order No. 8871 directing NERC to develop requirements within the Critical Infrastructure Protection (CIP) Reliability Standards for internal network security monitoring (INSM) of all high impact BES Cyber Systems and medium impact BES Cyber Systems with External Routable Connectivity (ERC). INSM permits entities to monitor traffic once it is within a trusted zone, such as the Electronic Security Perimeter, to detect intrusions or malicious activity. Specifically, Order No. 887 directs NERC to develop Reliability Standards requirements that are “forward-looking, objective-based"2 and address three security objectives outlined in Order No. 887. FERC directed NERC to submit these revisions for approval by July 9, 2024.
Order No. 887 also directed NERC to conduct a study on the risks of lack of INSM for medium impact BES Cyber Systems without ERC, all low impact BES Cyber Systems, and on the challenges and solutions for implementing INSM for those BES Cyber Systems. NERC is conducting the study, which is to be filed with FERC by January 18, 2024.
Standard(s) Affected: CIP-015-1
Purpose/Industry Need
While the CIP Reliability Standards require monitoring of the Electronic Security Perimeter and associated systems for high and medium impact Bulk Electric System (BES) Cyber Systems, the CIP networked environment remains vulnerable to attacks that bypass network perimeter-based security controls traditionally used to identify the early phases of an attack. This presents a gap in the currently effective CIP Reliability Standards. To address this gap, CIP Reliability Standards should be created or modified to require INSM for all high impact BES Cyber Systems and medium impact BES Cyber Systems with External Routable Connectivity (ERC) to ensure the detection of anomalous network activity indicative of an attack in progress. These provisions will increase the probability of early detection and allow for quicker mitigation and recovery from an attack. Current CIP Reliability Standards are insufficient to protect against insider threats or vulnerabilities that are exploited through supply chain attacks such as SolarWinds.
Subscribe to this project's observer mailing list
Select "NERC Email Distribution Lists" from the "Service" drop-down menu and specify “Project 2023-03 Internal Network Security Monitoring Observer List" in the Description Box.
1 Internal Network Security Monitoring for High and Medium Impact Bulk electric System Cyber Systems, Order No. 887, 182 FERC ¶ 61,021 (Jan. 19, 2023).
2 Order No. 87 at P 5.
Draft | Actions | Dates | Results | Consideration of
Comments |
Additional Ballot, Draft 1 of
CIP-015-1
CIP-007-X Based on comments received, the DT has created a new proposed Reliability Standard, CIP-015-1, rather than continue to propose revisions to CIP-007. As a result, there will be no changes to CIP-007 and it will revert to the currently-enforced version. The files above reflect the new CIP-015-1 and removal of Requirement R6 and its parts from CIP-007-X. EACMS and PACS outside of the ESP have been excluded from Draft 1 of CIP-015-1. Implementation Plan
Supporting Materials
VRF/VSL Justifications
| Initial Ballot of CIP-015 (additional ballot for the Project 2023-03) Ballots Open Reminder
Info
Vote
|
03/12/24- 03/18/24
| Ballot Results
Non-Binding Poll Result
| |
Comment Period Info Submit Comments |
02/27/24- 03/18/24
|
Comments Received
|
Ballot Pools The existing CIP-007-X
ballot pool is being used for all of the ballots associated with this project.
|
Waiver
| Standards Committee accepted the waiver on February 21, 2024.
| | | |
Draft 1 CIP-007-X Clean | Redline Implementation Plan Supporting Materials Unofficial Comment Form VRF/VSL Justifications Technical Rationale
|
|
01/08/24- 01/17/24 | Ballot Results
Non-Binding Poll Result
|
|
Join Ballot Pools Ballot Pools Forming Reminder | 12/14/23 - 01/02/24
|
Comments Received
|
Consideration of Comments
|
Comment Period
|
12/14/23 - 01/17/24
|
Waiver Waiver l Meeting Minutes | Standards Committee accepted the waiver on August 23, 2023. | | | |
Standard Authorization Request (SAR) Clean | Redline
| The Standards Committee accepted the SAR on August 23, 2023
| | | |
Drafting Team Nominations
Supporting Materials
Unofficial Nomination Form (Word)
| Nomination Period
|
04/06/2023
– 05/05/2023
|
|
|