Project 2021-03 CIP-002 Transmission Owner Control Centers

 

​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​Related Files

Status
Final ballots are open through 8 p.m. Eastern, Friday, November 22, 2024 for the following standard and implementation plan:

​•     CIP-002-8 — Cyber Security - BES Cyber System Categorization

​•     Implementation Plan 

Based on recent board adopted standard CIP-002-7, the posted version for 2021-03 CIP-002 reflects CIP-002-8. The Standards Balloting and Commenting System (SBS) does not allow edits once a ballot is created and/or opened. Even though the standard versioning within the SBS states CIP-002-Y, the version number within this posting is correct and entities will be voting on CIP-002-8.  

Background/Purpose

The Standards Committee (SC) has tasked the Project 2021-03 standard drafting team (SDT) with the following:

1. Transmission Owner Control Centers (TOCCs) – The SC assigned a portion of the Project 2016-02 SAR that relates to TOCCs to the Project 2021-03 SDT. That SAR portion is to review CIP-002 and evaluate the categorization of TOCCs performing the functional obligations of a Transmission Operator, specifically those that meet medium impact criteria. In addition, this SDT is assisting NERC staff in meeting the directive from the NERC Board of Trustees to conduct further study of the need to readdress the applicability of the Critical Infrastructure Protection Reliability Standards to these Control Centers to support reliability. To help meet this directive and the scope of the SAR, the SDT initiated a field test. The SC approved the Project 2021-03 Field Test Plan on November 17, 2021. There were three field tests conducted and the SDT is working on modifications to the CIP-002 Criterion 2.12 and the Control Center definition.
   
   
2. CIP-002 and CIP-014 – This SAR provides revisions to CIP-002 and CIP-014 to clarify the responsibility of Reliability Coordinators, Planning Coordinators, and Transmission Planners in identifying Facilities that warrant consideration under these Reliability Standards. As it relates to the Transmission Planner and Planning Coordinator functions, the language “critical to the derivation of Interconnection Reliability Operating Limits (IROLs)" should be replaced/updated to appropriately identify Facilities that, if somehow compromised, could significantly impact the reliability of the Bulk Electric System (BES). Additionally, this SAR includes a review of the applicability of Facilities identified by the Reliability Coordinator as critical to the derivation of IROLs to CIP-002 and CIP-014. The SC accepted this SAR on July 21, 2021.
   
   
3. CIP-002 SAR for Requirement R1 Parts 1.1 – 1.3 – This Standard Authorization Request is to consider if such a protocol converter meets the definition of a BES Cyber Asset by having an adverse impact to one or more facilities and the reliable operation on the BES. This includes consideration to the threat of unavailability, degradation, or misuse to a connected BES Cyber System and the aggregation of serial system-to-system communications from substations to Control Center BES Cyber Systems. As such, this project supports reliability by clarifying how these protocol converters should be categorized and if they are to reside within a defined Electronic Security Perimeter.
   
   
4. CIP-002-5.1a Criterion 1.3 Revision - This SAR seeks to require the TOP to categorize its BES Cyber System(s) as high impact that meet Criterion 2.6 as is also required of the BA and GOP in Criterion 1.2 and 1.4, respectively. By including Criterion 2.6 in Criterion 1.3, the TOP's BES Cyber Systems(s) will be properly categorized as high impact for Transmission Facilities at a single station or substation location that is identified as critical to the derivation of Interconnection Reliability Operating Limits (IROLs) and their associated contingencies.

Standard(s) Affected – CIP-002: Cyber Security – BES Cyber System Categorization and CIP-014: Physical Security​

​