Yesterday’s post on the CIPC meeting in St. Louis got a little long, thanks to exposition from me regarding the ES-ISAC. If you find yourself wondering what I’m talking about, take a look at the post. Onward…
NERC staff also discussed the kickoff of the CIPV-Whatever standards development team, which is responsible for addressing changes in CIPv5 that FERC is requiring (see Order 791 for the nitty gritty). For those of you who have been sleeping, get some coffee, because all the development efforts will be going down over the next 6-8 months to meet the FERC required filing data of February 5, 2015. The major changes are for 4 specific areas, which NERC has created 4 subgroups to address the varying areas.
The major point about the CIPV-Whatever development at CIPC is that NERC is calling for participation by owners and observers in each of the subgroups. They want technical and policy experts to weigh in, I assume swiftly, on how things should be addressed. This is *especially* important for owners that have assets that were previously not under consideration as Critical Assets. The decisions made in the Low Impact Assets subgroup will affect what requirements your Low Impact asset must comply with, so you should weigh in on the sanity/insanity of those rules. And fair warning, there will be no discussion of “no controls” for Low Impact, that question was decided well over a year ago. Participate, and prosper, or ignore and take what comes.
It’s my opinion (and I heard this voiced during the NERC Atlanta conference as well) that the interests Low Impact assets may not be represented fully during the subgroup deliberations. It is imperative that future Low Impact asset owners work with their industry groups, those who understand their interests, to provide guidance and information so that the development team can write objective controls that are appropriate for your operating environment. As with all standards efforts, you get back what you put in.
One of the more interesting presentations at CIPC was regarding the use of Attack Trees to help evaluate the risk to the bulk electric system from High Impact, Low Frequency events. I first came upon Attack Trees being used to evaluate critical infrastructure in a 2012 ICSJWG presentation by Mark Fabro, but the concept itself is much older. To summarize, the basic idea is to represent how a given system could fail (in this case, failure is through cyber security means, but it certainly isn’t restricted to it). I learned a similar, but far less subjective, method to calculate overall system failure timeframe from the individual component failure timeframe.
Now, the term “Attack Trees” is a really sensational one, it evokes images of paratroopers, tanks, and trees-carrying-guns, so I caution readers that this is a formal risk assessment process, not a Michael Bay movie.