Read CIPC_Minutes_27-28Sept07.pdf text version

Critical Infrastructure Protection Committee Meeting September 27­28, 2007 St. Louis, Missouri Minutes

A regular meeting of the Critical Infrastructure Protection Committee (CIPC) was held on September 27­28, 2007 in St. Louis, Missouri. The meeting notice, agenda, and attendance list are affixed as Exhibits A, B and C, respectively. Chairman Stuart Brindley presided. Secretary Johnson announced a quorum of 31 members of the possible number of 33 was present or represented by proxy. 1) 2) 3) 4) 5) David Godfrey for Mike Hyland Joel DeGrande for Juan Quintana Bill McEvoy for Roger Lampila Robin Goatey for Carl Eng Jack Bernhardsen for James Sample

Antitrust Guidelines Secretary Johnson reviewed the prohibited and permitted activities during a NERC meeting. Any questions or concerns can be addressed to Secretary Johnson or NERC counsel David Cook. Introductions of Members, Alternates, Associates, and Guests Everyone present introduced themselves. Logistics The secretary reviewed the meeting arrangements, site requirements, and agenda adjustments. Parliamentary Procedures Secretary Johnson indicated Robert's Rules of Order would be used in the conduct of the meeting, if necessary to provide structure to the debate or decision making process. Approval of Agenda The agenda was approved on a motion by Bob McClanahan, seconded and a vote of 31­0 by CIPC.

116-390 Village Boulevard, Princeton, New Jersey 08540-5721 Phone: 609.452.8060 Fax: 609.452.9550 www.nerc.com

Approval of June 7­8, 2007 CIPC Meeting Minutes It was noted the draft minutes omitted the directive to the cyber security standards education team to send a letter to the regions explaining the role of the regions in conducting "How Training." With the correction, the minutes of the meeting were approved on a motion by Larry Bugh, seconded and a vote of 31­0 by CIPC. Election of Chairman Larry Dolci, chairman of the Nominating Committee, submitted the name of Barry Lawson as the nominee for incoming chairman of CIPC. The secretary asked if there were any nominations from the floor. Upon none being made, Eric Solberg moved the vote be unanimous for Mr. Lawson. A second was received and the vote 31 in favor, none opposed. Election of Two Vice Chairmen Larry Dolci, chairman of the Nominating Committee, submitted the names of Bob Canada and Tom Glock as the nominees for vice chairmen of CIPC. The secretary asked for nominations from the floor. None were received. On a motion by Bob McClanahan and seconded, the CIPC elected the vice chairmen with 31 in favor and none opposed. Information Items Executive Committee Update -- Chairman Brindley updated CIPC on the activities of the executive committee. See power point presentation titled CIPC Executive Committee Update. He reported on the NERC Members Representative Committee and Board of Trustees meetings on July 31 and August 1, respectively. He reviewed the discussions about CIPC-produced security guidelines and the role the NERC board should have in reviewing or approving. Chairman Brindley reported the NERC board approved the Energy Sector Specific Plan (SSP) and thanked CIPC members for their efforts in writing and reviewing the plan. A public version of the SSP is available on the NERC Web site. He also reported on comments presented by the Department of Homeland Security Assistant Secretary Bob Stephan to the NERC board. Mr. Brindley next reported on the NERC board's strategic retreat and the ongoing work to develop NERC's strategic plan for the next five years. Electric Sector Coordinating Council Update Chairman Brindley updated CIPC on the July 16 meeting of the Electric Sector Coordinating Council with the Government Coordinating Council. Topics discussed included sector specific plan metrics, pandemic planning guidelines, chemical regulations, DOE's annual report to DHS and the roadmap to secure control systems. PCIS Update Chairman Brindley updated CIPC on recent PCIS activities. He discussed the July 18 plenary session (first ever) of the PCIS and the Government Cross Sector Coordinating Council. He reviewed a letter to DHS Secretary Chertoff regarding HSIN where displeasure was expressed about numerous problems. He discussed the recently formed Cross Sector Cyber Security Working Group and requested CIPC support in staffing the group. September 26 Work Planning Meeting Chairman Brindley reviewed the meeting with the CIPC Executive Committee and the working group chairs. The working group's business plans, objectives, and resource requirements were discussed.

CIPC Meeting Minutes September 27­28, 2007

2

Nominating Committee Larry Dolci reported on the progress being made to assemble a full slate of nominees to fill out the Executive Committee. CIPC members were encouraged to submit any other nominations to Larry before October 15, 2007. After a discussion about the possibility of CIPC alternates being on the Executive Committee, Mr. Brindley suggested the topic would be reviewed during the September 27 evening Executive Committee meeting and further discussion held in the morning on September 28. The discussion on September 28 resulted in a decision that alternates can be nominated and can serve on the Executive committee. The CIPC charter does not exclude alternate members from being nominated to serve on the Executive Committee. August 16, 2007 DHS Classified Briefing Barry Lawson discussed the August 16, 2007 DHS classified briefing he attended. He indicated the information was similar to what has been received at previous briefings attended by CIPC members. Adequate Level of Reliability Stan Johnson presented a power point presentation prepared by Don Benjamin about the work of the Operating Committee and Planning Committee in defining "Adequate Level of Reliability." See PowerPoint presentation titled Defining "Adequate Level of Reliability." This work was initiated in response to a request from FERC to define the term. Work has been continuing and the plan is to bring it to the OC and PC for their approval in December and NERC board approval in February. The definition will not be filed with FERC but will be used by the standard drafting teams as they develop the standards. NERC Update Stan Johnson presented the NERC update to CIPC. See power point presentation titled Critical Infrastructure Protection Committee. He discussed the recent developments including the announced resignation of the CFO and the latest staffing numbers. Situation Awareness Tool Scott Mix and Stephanie Monzon of PJM presented CIPC with a report about the NERC Situation Awareness tool. See PowerPoint presentation titled NERC­PJM Situation Awareness Proof of Concept. The tool has been under development since April 2007 as a joint effort for PJM and NERC. The tool will gather information from the reliability coordinators for seven key metrics and will display it geographically. The tool is at the proof of concept stage, and with continued success will be expanded to five additional reliability coordinators in 2008 and the remaining in 2009. See PowerPoint presentation titled Overview of NERC Situation Awareness Tool (SAT). NERC Response to FERC NOPR ­ CIP 002­009 Scott Mix reviewed NERC's response to the FERC NOPR on CIP 002­009. This presentation, NERC Response to FERC NOPR on CIP Standards, generated lively discussion and all participants were encouraged to file their comments with FERC. The comment period closed in early October and FERC will be issuing the decision in the future. June 21 ES-ISAC Advisory Update Stan Johnson lead a multi-part discussion about the June 21 ES-ISAC Advisory. Interest level was high due to the CNN broadcast about the Aurora vulnerability during the previous evening. See PowerPoint presentation titled ES-ISAC Advisory Update. Survey Discussion ­ After extensive discussion, CIPC recommended the follow-up survey should be distributed using the NERC compliance registry as this is currently NERC's best mechanism to reach all affected entities. Advantages and disadvantages of this approach were fully discussed.

CIPC Meeting Minutes September 27­28, 2007

3

Lessons Learned ­ The following comments were received during the lessons learned discussion. · Communication mechanisms from the ES-ISAC to the industry need to be improved · Advisory should be clear and concise about what should be done, why, and by when · Verbiage in the advisory read like compliance requirements · A technical conference should have been held · A drill should be conducted · Generation owners are in a tough spot · Message authenticity was hard to verify · ES-ISAC should use one sending e-mail address · NERC should have issued some press releases to explain what it was doing, especially after CNN got the story. · Better communication required · Why was CIPC notified so late about the release of the video to CNN? ES-ISAC Participation in TOP OFF 4 Stan Johnson reviewed plans for the ES-ISAC to participate in the upcoming top officials #4 exercise. Security Operating ES-ISAC Working Group Larry Bugh presented an update on the progress on the Incident Reporting Guideline. He requested comments be sent to any member of the working group by October 19. Risk Assessment Working Group Greg Fraser presented a brief update on the reformation of the Risk Assessment Working Group. See PowerPoint presentation titled Risk Assessment Working Group Status Report. The working group is being reformed and restaffed and will be having its reorganization meeting as soon as it can be arranged. Security Planning Security Guides Working Group Scott Weber led a discussion about the "Guideline Issue" and CIPC eventually agreed on the following. CIPC members discussed the merits of the NERC Board of Trustees approving Security Guidelines, and the chairman summarized the discussion as follows. CIPC members feel it may no longer be necessary to seek Board of Trustees approval for Security Guidelines, but would be pleased to offer them to the board as information items. Since CIPC was established as a full committee of NERC almost four years ago, CIPC members feel confident they have the capability and expertise to continue to develop and approve quality security guidelines that are helpful to the industry. Cyber Security Standards Education Team Larry Bugh briefly discussed the possibility of a NERC-led "How" workshop and reminded CIPC that there were no volunteers to present at the workshop. It was agreed that this issue will be best resolved at the regional level.

CIPC Meeting Minutes September 27­28, 2007

4

Control Systems Security Working Group Robin Goatey reviewed the activity of the working group and discussed the upcoming effort to develop a guideline for use of wireless technology in the bulk power system. See PowerPoint presentation titled CSSWG Update And Work Plans 2007/2008. Results of September 27 Evening Executive Committee Meeting Stuart Brindley provided a summary of decisions made by the Executive Committee. See PowerPoint presentation. · Robin Goatey will work with the CSS Working Group to review and consider DHS's cyber security vulnerability assessment tool · There is no limit to the number of alternate members that a region or industry association may assign. However, proxies will continue to be limited to voting members · DHS's pandemic planning guideline has been reviewed and edited by several CIPC members involved in pandemic planning and will be posted on the NERC Web site · To address a concern that Google provides easy access to information that may be used to compromise physical security at electricity facilities, NERC will seek DHS HITRAC opinion · The Executive Committee encouraged the Nominating Committee to continue with its efforts to seek a capable slate of candidates; first form amongst CIPC members and alternates. CIPC Work Planning Each of the five working group chairs presented their work plans, objectives, and resource needs for 2008. All CIPC members were asked to review this work and decide how they will contribute to these efforts. Agency Reports U.S. Department of Homeland Security Cathy Eade reviewed the following topics: · · · · Pandemic Guide DHS will be issuing an electricity sector pandemic guide to assist the industry in developing pandemic response plans. Chemical Guidelines DHS will be issuing Appendix A to the chemical guidelines in the fall. Security Clearance Reminded everyone in attendance about the changes in the process to obtain a clearance and encouraged everyone to call her or Ron Niebo with questions. FOUO Language She reviewed the meaning of DHS's FOUO terminology and the constraints it places on DHS's distributing information: Warning: This document is UNCLASSIFIED/ / FOR OFFICIAL USE ONLY (U/ /FOUO). It contains information that may be exempt from public release under the Freedom of Information Act (5 U.S.C. 552). It is to be controlled, stored, handled, transmitted, distributed, and disposed of in accordance with DHS policy relating to FOUO information and is not to be released to the public, the media, or other personnel who do not have a valid "need-to-know" without prior approval of an authorized DHS official. State and local Homeland security officials may share this document with authorized security personnel without further approval from DHS.

U.S. Department of Energy Jim McGlone reported the redacted version of the Energy Sector Specific Plan would be available soon (it was posted on the CIPC Web site). He also announced the Metrics Working Group would be initiating its work soon. Public Safety Canada No report.

CIPC Meeting Minutes September 27­28, 2007

5

Federal Energy Regulatory Commission Regis Binder briefly reviewed the status of the FERC NOPR on CIP 002­009. Future Meetings December 13­14, 2007 -- Orlando, Florida March 13­14, 2008 -- Dallas, Texas

Submitted by

Stanley Johnson Secretary

CIPC Meeting Minutes September 27­28, 2007

6

Page 1 of 1 Angie Nicastro

From: Sent: To: Subject: Rocio Wong Thursday, September 27, 2007 10:57 AM Angie Nicastro FW: ANNOUNCEMENT: North American Electric Reliability Corporation - CIPC September 27 - 28, 2007 Meeting

Exhibit A

Attachments: 0709 CIPC Committee Meeting Announcement.pdf;

From: Rocio Wong [mailto:[email protected]] Sent: Tuesday, August 07, 2007 11:20 AM To: [email protected]; [email protected] Subject: ANNOUNCEMENT: North American Electric Reliability Corporation - CIPC September 27 - 28, 2007 Meeting

TO: CRITICAL INFRASTRUCTURE PROTECTION COMMITTEE NERC ROSTER Dear Members: I have attached the September 27-28, 2007 Critical Infrastructure Protection Committee meeting announcement and Web site registration link. You can register online at the following Web sites: http://www.nerc.com/committees/ http://www.nerc.net/meetings/ You MUST respond by SEPTEMBER 12, 2007. Only online registrations will be accepted. Please let me know if you have any questions regarding the registration process. Sincerely,

Rocio Wong Meeting Planner North American Electric Reliability Corporation (NERC) 116-390 Village Blvd. Princeton, NJ 08540 Phone: 609-452-8060 Fax: 609-452-9550

[email protected]

9/27/2007

Rocio E. Wong Meeting Planner

August 7, 2007

TO:

CRITICAL INFRASTRUCTURE PROTECTION COMMITTEE NERC ROSTER

Ladies and Gentlemen:

I have listed the September 27­ 28, 2007 Critical Infrastructure Protection Committee meeting logistics and registration link below. The meeting will be held at the Cervantes Convention Center at America's Center, 701 Convention Plaza, St. Louis, MO. Hotel accommodations have been set at the Drury Inn & Suites Convention Center (not at Union St.), 711 North Broadway, St. Louis MO (phone: 314-231-8100). You can click on the "registration" link to register for the meetings or you can register online at the following Web sites: http://www.nerc.com/committees/ or http://www.nerc.net/meetings/

You MUST respond by September 12, 2006. EVERYONE must register online.

Date & Time 9/27/2007: 8:00 AM - 5:00 PM 9/28/2007: 8:00 AM - 12:00 PM Group CIPC Staff Stan Johnson City St. Louis Registration Link Register

Accommodation logistics: · Room rate: $85.99 single/double occupancy. · Room block: Nights of September 26 ­ 27, 2007. · Hotel cut-off date: September 12, 2007 -- NOTE: After the cut-off date, the hotel will release this block of rooms and only accept reservations on a space available basis at the prevailing room rate. · Check-in: 4 p.m., Check-out: noon · Lambert International Airport: Is about 20 to 30 minutes from the hotel. · Trans-express shuttle service to the hotel is about $16 one way and approximately $26 round trip. · Dress code: Business casual. When making your hotel reservation, please be sure to mention the "NERC/North American Electric Reliability Corporation" meeting to get the preferred rate and to ensure your reservation is credited to the NERC room block. The hotel may charge NERC a penalty if the total rooms blocked for this event are not picked up. Also, if you use a travel agency for your travel plans, please make sure the agency mentions NERC. Please let me know if you have any questions regarding the registration process. Sincerely,

Rocio Wong

Rocio Wong Meeting Planner

Exhibit B

Critical Infrastructure Protection Committee

Thursday, September 27, 2007 -- 8 a.m. to 5:00 p.m. Friday, September 28, 2007 -- 8 a.m. to 12 noon Cervantes Convention Center 701 Convention Center Plaza St Louis, Missouri

(PLEASE BE PREPARED TO STAY FOR THE ENTIRE MEETING.)

Meeting Agenda 1. Administrative Matters a) Arrangements Stan Johnson b) Announcement of quorum Stan Johnson c) Procedures Stan Johnson *d) NERC Antitrust Compliance Guidelines Stan Johnson e) Parliamentary procedures Stan Johnson f) Introduction of members, alternates, and associates Stan Johnson g) Approval of agenda Stuart Brindley *h) Approval of June 7-8, 2007 CIPC meeting minutes Stuart Brindley i) Election of Chairman and two Vice-Chairmen -- Larry Dolci 2. Information Items a) CIPC Executive Committee report Stuart Brindley 1. Board of Trustees report Stuart Brindley 2. ESCC and PCIS Update -- Stuart Brindley 3. Summary of September 26 Work Planning Meeting with WG/TF leaders 4. Nominating Committee report -- Larry Dolci 5. Report from August 16, 2007 Classified DHS Briefing -- Barry Lawson 6. Standing Committee Coordination Group -- Stan Johnson a. "Adequate Level of Reliability" b) NERC report Stan Johnson 1. NERC update 2. Situation Awareness -- Infrastructure Security Update 3. Situation Awareness Tool -- Scott Mix & PJM Representative 4. NERC Response to FERC NOPR on CIP 002-009 -- Scott Mix 60 min

60 min

120 min

116-390 Village Boulevard, Princeton, New Jersey 08540-5721 Phone: 609.452.8060 Fax: 609.452.9550 www.nerc.com

c) ESISAC report Stan Johnson 1. June 21, 2007 DPCD Advisory update -- Stan Johnson a. Survey Results b. Status Update c. Lessons Learned-Discussion and Recommendation d. ES-ISAC Participation in TOPOFF 4 3. Security Operating a) ESISAC Working Group Larry Bugh 1. Incident Reporting Guideline Review 2. HSIN Update b) Risk Assessment Working Group -- Greg Fraser 4. Security Planning a) Security Guidelines Working Group -- Scott Webber 1. Review status of revised and new guidelines 2. Review guideline process b) Cyber Security Standards Education Team -- Larry Bugh 1. "How" Workshops Update c) Update of Control Systems Security Working Group -- Robin Goatey 1. Roadmap initiative update -- Hank Kenchington 5. Work Planning for CIPC and the Working Groups a) ES-ISAC Working Group -- Larry Bugh b) Control Systems Security Working Group -- Robin Goatey c) Security Guidelines Working Group -- Scott Webber d) Outreach Working Group --Wally Johnson e) Risk Assessment Working Group -- Greg Fraser 6. Agency Reports a) Department of Homeland Security b) Department of Energy c) Public Safety Canada d) Federal Energy Regulatory Commission 7. Closing a) Follow-up items and future actions Stuart Brindley b) Future meetings Stan Johnson 2007 December 13­14 Orlando, FL 2008 March 13­14 San Antonio or Dallas, TX June 5­6 Toronto, Canada September 11­12 Boulder or Denver, CO December 4­5 Orlando, FL

60 min

60 min

15 min

10 min 15min

120 min

45 min

10 min 5 min

* Indicates attachment is included in agenda packet

Bolded Approval indicates a vote will be taken.

Exhibit C

Critical Infrastructure Protection Committee Meeting September 27­28, 2007 Attendees

SECTOR APPA CEA POSITION Member Alternate Member Chairman Member Alternate Member Vice Chairman Member Alternate Member: Phys Member: Cybr Member: Oper Alternate: Cybr Member: Phys Member: Cybr Member: Oper Member: Phys Member: Cybr Member: Oper Alternate: All Member: Phys Member: Cybr Alternate: Cybr Alternate: Phys Alternate: Opers Member: Phys Member: Cybr Alternate: Cyber Member: Cybr Member: Oper NAME James (Sandy) Brewer David Godfrey Stuart Brindley Dave Baumken Francis Bradley Barry R. Lawson Bob Richhart Brad Hyland Bill Bojorquez Jim Brenton Carlos Gonzalez-Perez Bill Muston Joel De Granda (proxy for Juan Quintana) Brian Malfant Tim Rigg Greg Fraser David Batz Marc Child Clark Liu Jean-Guy Ouimet Chuck Noble Brian Hogue Bill McEvoy John Lim Michael Lynch Larry Bugh Jerry Freese Todd Thompson Walter A. Johnson 1 ORGANIZATION Conway Corp Texas Municipal Power Agency IESO Hydro One CEA NRECA Hoosier Energy Hoosier Energy ERCOT ERCOT ERCOT TXU Florida Power & Light FRCC Progress Energy Manitoba Hydro Alliant Energy Great River Energy MRO Hydro Québec ISO New England NPCC Northeast Utilities ConEd Detroit Edison RFC AEP PJM PEPCO

NRECA

ERCOT

FRCC

MRO

NPCC

RFC

RFC

SECTOR RFC SERC

SPP

WECC

POSITION Member: Oper Alternate: Phys Member: Phys Member: Cybr Alternate: Cybr Alternate: Cybr Alternate: Cybr Member: Phys Member: Cybr Member: Oper Member: Cybr Member: Oper Alternate: Phys Alternate: Oper Secretary Staff Support Staff Support Staff Support Staff Support

NAME Eric Solberg Tom Eells Bob Canada Boyd National Robin Goatey Jay S. Cribb Marshall Bissonnette Larry Dolci Robert McClanahan Allen Klassen James Sample Thomas Glock Robert L. Sypult Jack Bernhardsen Stanley Johnson Larry Kezele Lynn Costantini Scott Mix Ron Niebo Laura Hussey Rodney O'Bryant Marc Butts Don Roberts Edmond Rogers Linda Nappier (member) Barbara Bouvalte Gene Weber Cathy Eade (member) Regis Binder Stan Partlow Kambiz Molkara Pete Scussel Bob Blickensdort Juan Villar 2

ORGANIZATION ATC WE Energies Southern Company Svcs Southern Company Ameren Southern Company Svcs Big Rivers Electric Kansas City P&L Arkansas El Coop Westar Energy California Independent System Operator Arizona Public Service Southern California Edison Company PNSC NERC NERC NERC NERC NERC EEI Southern Company Southern Company Southern Company Ameren Services Ameren Services Ameren Services Ameren Services Dept. of Homeland Security FERC AEP PHI ITC Transmission ITC Transmission FPL Energy L.L.C.

NERC

Ex-Officio GUESTS

SECTOR

POSITION

NAME Benjamin Church Danny Ingram Ed Goff Mike Dubchy Brad Marrow Noland Suddeth Lew Folkerth Roger Balderia, Jr. Kent Kujala Matt Rosenbaum Jim McGlone Joe Douthitt Ron Johnson Gary Fuerst Dave Norton John Pavek George Miserendino Garill Coles Jeff Dagle Tom Flowers Dale Zahn Scott Wise Nick Lavriat Peter Nelson Ron Blume Tobias Whitney Dan Dzwilewski Christina Gepner Chris Underwood Chris Klemm Phil Sobol Dwayne Roberts Elissa Rhee-Lee Adam Mummert Glenn Reierson Eric Scott Richard Field 3

ORGANIZATION FPL Energy L.L.C. Progress Energy Progress Energy (SERC) Tampa Electric Tampa Electric Duke Energy Consumers Energy Schweitzer Engineering Labs DTE Energy DOE DOE E ON US Alliant Energy SERC Entergy USDA-RD-RUS Triton Security Pacific Northwest National Lab Pacific Northwest National Lab Center Point Energy Intellibind Intellibind N&ST N&ST DYONYX Burns & McDonnell Sempra Energy Burns & McDonnell Burns & McDonnell PSEG Corporate Risk Solutions Owensboro Municipal Utilities Exelon Burns & McDonnell TransCanada Corp. AECI Hoosier Energy

SECTOR

POSITION Philip Huff Joe Garmon Mike Mertz Chris Holmquest Oather Taylor Mike Ketchens Sherri Palmer Robert Sill Thomas Kropp

NAME

ORGANIZATION Arkansas Electric Coop. FPL SCE NIPSCO Alliant Energy Consumers Energy Complyant Solutions Aegis Tech. EPRI

4

Information

14 pages

Find more like this

Report File (DMCA)

Our content is added by our users. We aim to remove reported files within 1 working day. Please use this link to notify us:

Report this file as copyright or inappropriate

349896