Project 2021-03 CIP-002 Transmission Owner Control Centers

 

​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​Related Files

Status

CIP-002-8 — Cyber Security - BES Cyber System Categorization was Board adopted on December 10, 2024, and filed with FERC on December 20, 2024.

Project 2021-03 CIP-002 will start phase two in the first quarter of 2025.​

Background/Purpose

The Standards Committee (SC) has tasked the Project 2021-03 drafting team (DT) with the following:

Phase One​

1. Transmission Owner Control Centers (TOCCs) – The SC assigned a portion of the Project 2016-02 SAR that relates to TOCCs to the Project 2021-03 DT. That SAR portion is to review CIP-002 and evaluate the categorization of TOCCs performing the functional obligations of a Transmission Operator, specifically those that meet medium impact criteria. In addition, this DT is assisting NERC staff in meeting the directive from the NERC Board of Trustees to conduct further study of the need to readdress the applicability of the Critical Infrastructure Protection Reliability Standards to these Control Centers to support reliability. To help meet this directive and the scope of the SAR, the DT initiated a field test. The SC approved the Project 2021-03 Field Test Plan on November 17, 2021. There were three field tests conducted and the ​DT is working on modifications to the CIP-002 Criterion 2.12 and the Control Center definition.
   

1. ​CIP-002 and CIP-014 – This SAR provides revisions to CIP-002 and CIP-014 to clarify the responsibility of Reliability Coordinators, Planning Coordinators, and Transmission Planners in identifying Facilities that warrant consideration under these Reliability Standards. As it relates to the Transmission Planner and Planning Coordinator functions, the language “critical to the derivation of Interconnection Reliability Operating Limits (IROLs)" should be replaced/updated to appropriately identify Facilities that, if somehow compromised, could significantly impact the reliability of the Bulk Electric System (BES). Additionally, this SAR includes a review of the applicability of Facilities identified by the Reliability Coordinator as critical to the derivation of IROLs to CIP-002 and CIP-014. The SC accepted this SAR on July 21, 2021.
   
   
2. CIP-002 SAR for Requirement R1 Parts 1.1 – 1.3 – This Standard Authorization Request is to consider if such a protocol converter meets the definition of a BES Cyber Asset by having an adverse impact to one or more facilities and the reliable operation on the BES. This includes consideration to the threat of unavailability, degradation, or misuse to a connected BES Cyber System and the aggregation of serial system-to-system communications from substations to Control Center BES Cyber Systems. As such, this project supports reliability by clarifying how these protocol converters should be categorized and if they are to reside within a defined Electronic Security Perimeter.
   
   
3. CIP-002-5.1a Criterion 1.3 Revision - This SAR seeks to require the TOP to categorize its BES Cyber System(s) as high impact that meet Criterion 2.6 as is also required of the BA and GOP in Criterion 1.2 and 1.4, respectively. By including Criterion 2.6 in Criterion 1.3, the TOP's BES Cyber Systems(s) will be properly categorized as high impact for Transmission Facilities at a single station or substation location that is identified as critical to the derivation of Interconnection Reliability Operating Limits (IROLs) and their associated contingencies.

Standard(s) Affected – CIP-002: Cyber Security – BES Cyber System Categorization and CIP-014: Physical Security

​Subscribe to this project's observer mailing list 
Select "NERC Email Distribution Lists" from the "Service" drop-down menu and specify “Project 2021-03 CIP-002​ Observer List" in the Description Box.​​

​

​