Related Files
Status
A formal comment period for draft two of CIP-002-Y — Cyber Security — BES Cyber System Categorization is open through 8 p.m. Eastern, Thursday, May 16, 2024. Additional
ballots for the standard and implementation plan, as well as a non-binding poll
of the associated Violation Risk Factors and Violation Severity Levels will be
conducted May 7 – 16, 2024.
Background/Purpose
The Standards Committee (SC) has tasked the Project 2021-03 standard drafting team (SDT) with the following:
- Transmission Owner Control Centers (TOCCs) – The SC assigned a portion of the Project 2016-02 SAR that relates to TOCCs to the Project 2021-03 SDT. That SAR portion is to review CIP-002 and evaluate the categorization of TOCCs performing the functional obligations of a Transmission Operator, specifically those that meet medium impact criteria. In addition, this SDT is assisting NERC staff in meeting the directive from the NERC Board of Trustees to conduct further study of the need to readdress the applicability of the Critical Infrastructure Protection Reliability Standards to these Control Centers to support reliability. To help meet this directive and the scope of the SAR, the SDT initiated a field test. The SC approved the Project 2021-03 Field Test Plan on November 17, 2021. There
were three field tests conducted and the SDT is working on modifications to the
CIP-002 Criterion 2.12 and the Control Center definition.
- CIP-002 and CIP-014 – This SAR provides revisions to CIP-002 and CIP-014 to clarify the responsibility of Reliability Coordinators, Planning Coordinators, and Transmission Planners in identifying Facilities that warrant consideration under these Reliability Standards. As it relates to the Transmission Planner and Planning Coordinator functions, the language “critical to the derivation of Interconnection Reliability Operating Limits (IROLs)" should be replaced/updated to appropriately identify Facilities that, if somehow compromised, could significantly impact the reliability of the Bulk Electric System (BES). Additionally, this SAR includes a review of the applicability of Facilities identified by the Reliability Coordinator as critical to the derivation of IROLs to CIP-002 and CIP-014. The SC accepted this SAR on July 21, 2021.
- CIP-002
SAR for Requirement R1 Parts 1.1 – 1.3 – This Standard Authorization Request is
to consider if such a protocol converter meets the definition of a BES Cyber
Asset by having an adverse impact to one or more facilities and the reliable
operation on the BES. This includes consideration to the threat of
unavailability, degradation, or misuse to a connected BES Cyber System and the
aggregation of serial system-to-system communications from substations to
Control Center BES Cyber Systems. As such, this project supports reliability by
clarifying how these protocol converters should be categorized and if they are
to reside within a defined Electronic Security Perimeter.
- CIP-002 – This SAR seeks to revise CIP-002 to include identification and categorization of certain Cyber Assets (Electronic Access Control or Monitoring Systems, Physical Access Control Systems, and Protected Cyber Assets) associated with high and medium impact BES Cyber Systems. The SC accepted this SAR on November 17, 2021. The Project 2021-03 SDT originally included nine members, but now the team is down to five SDT members. The three supplemental SDT members would assist project 2021-03 in completing the remaining three SARs assigned to this project.
Standard(s) Affected – CIP-002: Cyber Security – BES Cyber System Categorization and
CIP-014: Physical Security
