Control Center Communication Networks and CIP-012-1
The NERC Urgent Action (UA) 1200 Standard, a temporary standard developed by the North American Electric Reliability Corp. (NERC) Critical Infrastructure Protection Advisory Group and approved on Aug. 13, 2004, was the first set of standards designed to address critical infrastructure protection (CIP). This standard was created in the wake of the August 2003 Northeast blackout.
Since the standard’s approval, the Federal Energy Regulatory Commission (FERC) has been concerned that, within the electronic security perimeters (ESP), there are no controls required to secure the information between two or more ESPs.
To address the issue of a bad actor using certificate impersonation to obtain access into the ESP, NERC included in CIP-005-5 the stipulation for the standard to require an intermediate system (IS) for interactive remote access, which does not permit direct access to the ESP, instead requiring login through an outside server using multifactor authentication.
In Order 822, FERC indicated concerns regarding control center-to-control center communications, stating that NERC develop an update or entirely new standard for the protection of the confidentiality and integrity of the data transmitted between an entity’s own control centers, or with another entity’s control center. The Project 2016-02 CIP Standard Drafting Team (SDT) determined a new cybersecurity standard was the best approach to address the order, resulting in CIP-012-1.
The proposed standard has two requirements which would apply to low-, medium- and high-impact bulk electric system (BES) cyber systems (BCS). Requirement R1 addresses the development of one or more plan(s) to mitigate the risk of unauthorized disclosure or modification of data use for operational planning analysis, real-time assessments and real-time monitoring. Requirement R2 covers the implementation of these plan(s).
Entities will need to define the data to be protected, which can be accomplished using information from the entity’s operations and planning (O&P) function(s). The proposed standard references the NERC defined terms of “operational planning analysis,” “real-time assessments” and “real-time,” along with standards TOP-003 and IRO-010 to assist the entity in determining what data should be protected.
The methods for protecting this data will be defined by the entity. The methods used can include physical protections on the communication link, logical protection of the data during transmission (encryption), a combination of the two or an equally effective method.
The proposed modification to the control center definition is not being proposed as part of the CIP-012-1 work, but in preparation for a modification to CIP-002-5.1a. The CIP-002-5-1a modification is related to Attachment 1, Criteria 2.12, which will put into place the ability to identify a transmission control center with low-impact BCS. This ability is currently not available in CIP-002-5-1a and has been a source of concern for many registered entities who have the capabilities of a transmission operator (TOP), but the risk to the BES does not merit them having to define their control center as having medium-impact BCS.
Confused yet? This standard has gone through its second ballot and is going back to the SDT 2016-02 for further work. So, the SDT is not entirely sure where it will end up. But now is a great time to start working with someone to develop a plan to define what the applicable data is and what assets will fall under the standard.