Subscribe to Email Updates

Notes on CIP-002-5.1a Modifications

notes on CIP-002-5.1a modifications

The Project 2016-02 CIP Standard Drafting Team (SDT) has released for formal comment and balloting modifications to CIP-002-5.1a, with the comment period running from Sept. 14 to Oct. 30, 2017. Balloting will occur from Oct. 14 to Oct. 30, 2017.

The proposed modifications to CIP-002-6 are not a result of Federal Energy Regulatory Commission (FERC) Order 822 approving the CIP Version 6 modification, but rather came about as a result of the CIP Version 5 transition issues with Attachment 1, Criteria 2.12. As currently written, Criteria 2.12 resulted in BES (Bulk Electric System) Cyber System (BCS) at Control Centers performing the functional obligations of the Transmission Operator to be classified as medium-impact, even though it was clear for certain types of facilities that the risk of those BCS to the BES did not warrant application of the medium-impact requirements. The proposed modifications create an “aggregated, weighted value” similar to Criteria 2.5 to determine the impact rating and not the language of “functional obligations.”

The major modification to CIP-002-5.1a (red-line or clean) is a rewrite of Attachment 1, Criteria 2.12 language that introduces a Weighted Value table indicating a set of values for different transmission lines. If the Aggregated Weighted Value of the lines monitored and controlled by a Control Center’s BCS exceeds 6,000, the BCS would be classified as medium-impact. If the Aggregated Weighted Value is 6,000 or less, the BCS could then be classified as low-impact using Criteria 3.1. One item which is not apparent in the Criteria 2.12 language clarifies that generator lead lines to a substation should not be counted in the Aggregated Weighted Value.  

In the U.S., the Implementation Plan indicates the proposed standard would become effective on the day FERC indicates its order will be effective. The plan also indicates that, if the modification results in a higher classification of currently identified BCS (i.e., low- to medium-, or medium- to high-impact), the entity would have 24 months from the time the entity executes its CIP-002 reassessment to be compliant with the higher requirements.

It is highly recommended that entities review the proposed standard, join the ballot pool, provide their comments and then vote. Remember this when voting: If you indicate “no,” you must provide a reason for the vote to be counted. 

Leave a comment

Michael C. Johnson
Written by Michael C. Johnson
Michael C. Johnson is a member of the Compliance & Information Protection Group at Burns & McDonnell. He provides cybersecurity and NERC CIP compliance consulting to generation, transmission and distribution entities.

Related posts

Malware Attacks on Critical Infrastructure Security Are Growing
Malware Attacks on Critical Infrastructure Security Are Growing

Over the past several years, the world has seen an increase in the use of malware to directly and maliciously affect critical...