This comment form is no longer interactive because the comment period is closed.

2016-02 Modifications to CIP Standards | CIP-012-1

Description:

Start Date: 10/27/2017
End Date: 12/11/2017

Associated Ballots:

Ballot Name Project Standard Pool Open Pool Close Voting Start Voting End
2016-02 Modifications to CIP Standards CIP-012-1 AB 2 ST 2016-02 Modifications to CIP Standards CIP-012-1 07/27/2017 08/25/2017 12/01/2017 12/11/2017

Filter:

Hot Answers

Tacoma Power endorses the draft comments shared with it by Salt River Project (SRP), which follow:

SRP agrees the data should be protected. SRP also agrees the protections for the data in scope must ensure the data has not been modified, and that FERC directed NERC to “specify how the confidentiality, integrity, and availability of each type of bulk electric system data should be protected while it is being transmitted.” However, SRP takes exception to the extent the proposed standard requires the data in scope to be protected. FERC Order 822 states on page 36, “…we recognize that not all communication network components and data pose the same risk to bulk electric system reliability and may not require the same level of protection.” However, the proposed standard applies the same criteria of protection against unauthorized disclosure across all of the data within the defined scope. SRP does not agree viewing of the Real-time Assessment and Real-time monitoring and control data without context will decrease the reliable operation of the BES and asserts confidentiality does not need to be protected for all data under this scope.

Additionally, SRP recognizes the SDT is not specifying the controls used to protect confidentiality and integrity. However, the only method available to achieve the proposed required objective is to implement encryption. FERC Order 822 states on page 39, “it is reasonable to conclude that any lag in communication speed resulting from implementation of protections [encryption technologies] should only be measureable on the order of milliseconds and, therefore, will not adversely impact Control Center communications,” but SRP asserts this statement only refers to a single data stream. It is unknown what encryption will do when dealing with multiple data streams being transmitted at once, from one to many points, not only to the latency added for the reliable operation of the BES, but also to the computing resources.

Rick Applegate, 12/11/2017

- 0 - 0

Southern Company, Segment(s) 1, 3, 5, 6, 6/15/2017

- 0 - 0

Other Answers

Steven Powell, On Behalf of: Trans Bay Cable LLC, WECC, Segments NA - Not Applicable

- 0 - 0

Kara White, On Behalf of: NRG - NRG Energy, Inc., FRCC, MRO, WECC, Texas RE, NPCC, SERC, SPP RE, RF, Segments 3, 4, 5, 6

- 0 - 0

Comments: The standard would be more effective if it more specifically identified the security objective described in FERC Order No. 822 paragraph 54, of “maintaining the integrity and availability of sensitive BES data”.

 

With regard to R1.3, the standard should better reflect FERC Order No. 822 paragraph 55, specifically to address that protections should not adversely affect BES reliability, should account for the risk of CYBER assets, and that the information being protected should be results –based and not zero-defect.

Kristine Ward, On Behalf of: Seminole Electric Cooperative, Inc., FRCC, Segments 1, 3, 4, 5, 6

- 0 - 0

CHPD is generally in agreement with the Draft 2 revision.  However; we request that the newly-introduced terms “monitoring data” and “control data” either be replaced by “BES Data” (a new NERC-defined Glossary term) or themselves be defined in the NERC Glossary.  Additionally, the concept of “demarcation point(s)” should be constrained to the entity’s equipment, for example “1.2 Identification of the Responsible Entity’s demarcation point(s)…”  The current wording implies that each entity should document their local demarcation point and also any demarcation point(s) that exist at each neighboring system.  A change to a demarcation point in one system should not create a paperwork or compliance issue for a neighbor or vice versa.  Alternatively, consider defining the term “demarcation point” in the NERC glossary and identify the scope within the definition of the term.

Chelan PUD, Segment(s) 5, 3, 1, 6, 11/13/2017

- 7 - 0

AEP agrees with the SDT on removal of Operational and Planning data from the scope of the Standard, but feels the data specification remains loose. AEP operates in three markets with three RTOs. Our Balancing Authority has requested market related data as part of the TOP-003-3 implementation data specifications. We feel that this market data is out of scope for CIP-012 and the Standard could be further improved by specifying that market related data does not meet the intent for Real-time Assessment and Real time monitoring and control data. Appropriate exclusion language in the Implementation Guidance and Technical rationale may be satisfactory.

Aaron Austin, 12/5/2017

- 0 - 0

BPA appreciates the revisions that the SDT has made based on industry feedback on the initial draft, such as adding demarcation points.

BPA reiterates its position as documented in BPA’s SAR and initial draft comments that CIP-012-1 is not necessary. We continue to believe that the objectives can be met by coordinating with existing standards such as CIP-003 and CIP-005. However, if the SDT proceeds with CIP-012-1, BPA remains concerned with the technical feasibility of the standard.

Points of discussion:

  • Encryption may not be feasible due to availability concerns. (e.g., failure of encryption keys or latency problems with encryption for availability requirements.)

  • Additionally, entities and common carriers use a variety of media to carry traffic, and will undoubtedly use traffic shaping to maintain service levels: routing becomes unpredictable; each packet could take a different route from point A to B.

  • Even if a single entity owns the entire communication network, this is still a problem. Modern routing protocols will try to deliver packets over a system with inoperable equipment, severed links, etc.  The only remedy is to physically protect the entire communication system in advance of system faults to satisfy CIP-012.  If one packet traverses a link due to a system fault that is not protected – it would be a violation.

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

Tennessee Valley Authority, Segment(s) 1, 3, 5, 6, 9/1/2016

- 0 - 0

The NSRF does not agree with two separate requirements, one for a plan and one to implementation. We recommend following precedent in the other CIP standards, for example, CIP-004-6. The obligation can be accomplished with one requirement, as follows.

R1. “The Responsible Entity shall implement one or more documented process(es) to mitigate the risk of the unauthorized disclosure or modification of Real-time Assessments and Real-time monitoring and control data while being transmitted between any Control Centers, except under CIP Exceptional Circumstances. This excludes oral communications. The process(es) shall identify:

R1.1 security protection used to mitigate risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring and control data while being transmitted between Control Centers,

R1.2 demarcation point(s) where security protection is applied for transmitting Real-time Assessment and Real-time monitoring and control data between Control Centers. Demarcation points identified by the Responsible Entity do not add additional Cyber Assets to the scope of the CIP Reliability Standards; and

           For R1.3, please see our rational in question 6.  R1.3  Identify each Responsible Entity for applying security protection(s) to the transmission of Real-time Assessment and Real-time monitoring and control data between Control Centers, when the Control Centers are owned or operated by different Responsible Entities.” 

This also includes important scoping from the implementation guidance that belongs in the requirement, that demarcation points don’t add additional Cyber Assets to the scope of the CIP standards.

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 6/14/2017

- 0 - 0

We have no technical concerns with the proposed standard, but it is unclear how 3rd party-owned Control Centers that GO/GOPs use through an agency relationship are to be addressed.   CIP-012-1 states in sect. 4.1, “The requirements in this standard apply to the following functional entities, referred to as ‘Responsible Entities,’ that own or operate a Control Center,”… “4.1.2. Generator Operator,”…”4.1.3. Generator Owner.”  GO/GOPs do not operate agency-relationship Control Centers any more than they own them, so CIP-012-1 responsibilities apparently rest with the owners of 3rd-party Control Centers and not with the GO/GOPs that hire them.  It is unclear how these obligations are communicated and administered, however, since 3rd-party Control Center owners are not (and cannot be) NERC-registered entities.

Donald Lock, 12/8/2017

- 0 - 0

FirstEnergy Corporation, Segment(s) 4, 1, 3, 5, 6, 4/11/2017

- 0 - 0

Please refer to NRECA comments.

Paul Huettl, 12/8/2017

- 0 - 0

The California ISO supports the comments of the IRC Security Working Group (SWG)

Richard Vine, 12/8/2017

- 0 - 0

Reclamation disagrees that having a plan adds to the reliability of protecting data used for Operational Planning Analysis, Real-time Assessment, and Real-time monitoring. A plan is an unwarranted layer of compliance that is not needed and the present proposed language is too broad and could be interpreted to apply to data or Control Centers over which an entity has no influence.

Reclamation recommends the SDT implement the following:

  • Clearly specify that each Responsible Entity is required to mitigate the risk of unauthorized disclosure or modification of its own BES Data between its own BES Control Centers.

    Replace the term “plan” with “process,” and specify the requirements pertain to BES Data and Control Centers.

  • Change Requirement R1:

from: The Responsible Entity shall develop one or more documented plan(s) to mitigate the risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring and control data while being transmitted between any Control Centers. This requirement excludes oral communications.

to: Each Responsible Entity shall have one or more documented processes in place to mitigate the risk of unauthorized disclosure or modification of BES Data being transmitted between its own Control Centers. This requirement excludes oral and non-electronic communications.

  • Add the following definitions to the NERC Glossary of Terms:

BES Data: BES reliability operating services information related to the entity’s high and medium impact Control Centers which affects Operational Planning Analysis, Real-time Assessments, and Real-time monitoring and control of the facility, and would affect the operation of the BES if compromised.

Richard Jackson, U.S. Bureau of Reclamation, 1, 12/8/2017

- 0 - 0

PSEG agrees with the revision; however, the SDT should clarify that it is permissible for the demarcation point to be located outside the ESP/PSP.

PSEG REs, Segment(s) 5, 6, 3, 1, 11/2/2017

- 4 - 0

Glen Farmer, Avista - Avista Corporation, 5, 12/8/2017

- 0 - 0

TEC wishes to endorse the comment of the Edison Electric Institute.

Ronald Donahey, TECO - Tampa Electric Co., 3, 12/8/2017

- 0 - 0

Dominion Energy recommends changing Measure M1 to the following:

“Evidence may include, but is not limited to, documented plan(s) that meet the criteria identified in Requirement R1.”

Dominion, Segment(s) 3, 5, 1, 4/6/2017

- 0 - 0

PPL NERC Registered Affiliates, Segment(s) 3, 1, 5, 6, 2/9/2017

- 0 - 0

Vivian Moser, 12/8/2017

- 0 - 0

Austin Energy (AE) agrees the referenced data deserves protection to ensure it has not been modified and  FERC directed NERC to “specify how the confidentiality, integrity, and availability of...data should be protected while...transmitted.” However, AE disagrees with the extent to which the proposed standard requires the data be protected. FERC Order 822 states (on page 36), “…we recognize that not all communication network components and data pose the same risk to bulk electric system reliability and may not require the same level of protection.” The proposed standard applies the same protection criteria across all in-scope data. AE does not agree viewing Real-time Assessment and monitoring/control data without context will adversely affect the reliability of the BES. Confidentiality need not be protected for all in-scope data.

Additionally, AE realizes the SDT does not specifying controls to protect confidentiality and integrity, but the only method available to achieve the proposed  requirement is encryption. FERC Order 822 states (on page 39), “it is reasonable to conclude that any lag in communication speed resulting from implementation of protections [encryption technologies] should only be measureable on the order of milliseconds and, therefore, will not adversely impact Control Center communications,” but AE believes that statement refers only to a single data stream. Encryption of multiple data streams at once - from one to many points, - may add latency require more computing resources.

Andrew Gallo, 12/8/2017

- 0 - 0

PNMR Agrees with the SDT and AEP's comments to remove Operational and Planning data from the scope of the Standard.   However we do not share AEP’s concerns and comments regarding market related data.

Lynn Goldstein, 12/8/2017

- 0 - 0

Eleanor Ewry, 12/8/2017

- 0 - 0

N&ST is concerned with the fact the draft Implementation Guidance for CIP-012 describes a scenario in which BES Control Centers are exchanging data with a “3rd party” (Figure 4, “Network Diagram depicting communications through a 3rd party”). Although the SDT clearly believes that such communications would be in scope for CIP-012 R1, it is N&ST’s opinion that as presently written, R1 would not apply. Figure 4 depicts two Control Centers communicating with a 3rd party, not with each other.

Suggested rewording: REPLACE: “...develop one or more documented plan(s) to mitigate the risk of the unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring and control data while being transmitted between any Control Centers.” 

WITH: “...develop one or more documented plan(s) to mitigate the risk of the unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring and control data while being transmitted between (1) any two Control Centers, or (2) between a Control Center and a third-party that provides Real-time Assessment data.”

Nicholas Lauriat, On Behalf of: Network and Security Technologies, , Segments 1

- 0 - 0

The SPP Standards Review Group appreciates the time and effort expended by the drafting team to further this effort and supports the current standard’s development as an objective based standard, rather than as a prescriptive based standard.

The SPP Standards Review Group appreciates the time and effort expended by the drafting team to further this effort and supports the current standard’s development as an objective based standard, rather than as a prescriptive based standard. The SPP Standards Review Group would recommend a formal definition for “Demarcation Point” be included in the NERC Glossary of Terms and define the protection, if required. Additionally, the SPP Standards Review Group requests clarification whether Demarcation Points need to be classified as CIP Assets or just identified in the documented plan(s)?

 

SPP Standards Review Group, Segment(s) 0, 12/10/2017

- 0 - 0

Duke Energy agrees with the revision, however, we feel that in order to ensure consistency throughout the industry, the drafting team should consider developing definitions for Real-time Monitoring and Real-time Control Data. Neither of these terms are NERC defined, and could lead to varying interpretations throughout the industry. Does the Real-time Monitoring data only include the data specified in TOP-003 and IRO-010? Does it include SCADA data used specifically to control field assets like generators (AGC) , circuit breakers, relays, etc.? The standard would be improved with additional clarity around these terms.

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

NRECA supports the structure of R1 and we appreciate the removal of “data used for Operational Planning Analysis” language.  However, new language was also added to R1 and we are unsure of what qualifies as “control data” as used in this requirement.  NRECA reviewed the related draft Implementation Guidance and draft Technical Rationale and we did not see any information that explained what “control data” is.  Please provide clarity on what “control data” means.  

Barry Lawson, 12/11/2017

- 0 - 0

I support Andrew Gallo's Comments from Austin Energy.

W. Dwayne Preston, Austin Energy, 3, 12/11/2017

- 0 - 0

We do not agree with two separate requirements, one for a plan and one to implement. We recommend following precedent in the other CIP standards, for example, CIP-004-011. The obligation can be accomplished with one requirement, as follows. “The Responsible Entity shall implement one or more documented process(es) to mitigate the risk of the unauthorized disclosure or modification of Real-time Assessments and Real-time monitoring and control data while being transmitted between any Control Centers, except under CIP Exceptional Circumstances. This excludes oral communications. The process(es) shall identify: 1.1 security protection used to mitigate risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring and control data while being transmitted between Control Centers. 1.2 demarcation point(s) where security protection is applied for transmitting Real-time Assessment and Real-time monitoring and control data between Control Centers. Demarcation points identified by the Responsible Entity do not add additional Cyber Assets to the scope of the CIP Reliability Standards; and 1.3 roles and responsibilities of each Responsible Entity for applying security protection to the transmission of Real-time Assessment and Real-time monitoring and control data between Control Centers, when the Control Centers are owned or operated by different Responsible Entities.”  This also includes important scoping from the implementation guidance that belongs in the requirement, that demarcation points don’t add additional Cyber Assets to the scope of the CIP standards.

Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1, 12/11/2017

- 0 - 0

SRP agrees the data should be protected. SRP also agrees the protections for the data in scope must ensure the data has not been modified, and that FERC directed NERC to “specify how the confidentiality, integrity, and availability of each type of bulk electric system data should be protected while it is being transmitted.” However, SRP takes exception to the extent the proposed standard requires the data in scope to be protected. FERC Order 822 states on page 36, “…we recognize that not all communication network components and data pose the same risk to bulk electric system reliability and may not require the same level of protection.” However, the proposed standard applies the same criteria of protection against unauthorized disclosure across all of the data within the defined scope. SRP does not agree viewing of the Real-time Assessment and Real-time monitoring and control data without context will decrease the reliable operation of the BES and asserts confidentiality does not need to be protected for all data under this scope.

Additionally, SRP recognizes the SDT is not specifying the controls used to protect confidentiality and integrity. However, the only method available to achieve the proposed required objective is to implement encryption. FERC Order 822 states on page 39, “it is reasonable to conclude that any lag in communication speed resulting from implementation of protections [encryption technologies] should only be measureable on the order of milliseconds and, therefore, will not adversely impact Control Center communications,” but SRP asserts this statement only refers to a single data stream. It is unknown what encryption will do when dealing with multiple data streams being transmitted at once, from one to many points, not only to the latency added for the reliable operation of the BES, but also to the computing resources.

Lona Calderon, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

CSU agrees the data should be protected. SRP also agrees the protections for the data in scope must ensure the data has not been modified, and that FERC directed NERC to “specify how the confidentiality, integrity, and availability of each type of bulk electric system data should be protected while it is being transmitted.” However, CSU takes exception to the extent the proposed standard requires the data in scope to be protected. FERC Order 822 states on page 36, “…we recognize that not all communication network components and data pose the same risk to bulk electric system reliability and may not require the same level of protection.” However, the proposed standard applies the same criteria of protection against unauthorized disclosure across all of the data within the defined scope. CSU does not agree viewing of the Real-time Assessment and Real-time monitoring and control data without context will decrease the reliable operation of the BES and asserts confidentiality does not need to be protected for all data under this scope.

Shannon Fair, On Behalf of: Shannon Fair, , Segments 1, 3, 5, 6

- 0 - 0

Support Terry Harbour comments (Berhshire Hathaway - MidAmerican Energy Company)

Annette Johnston, 12/11/2017

- 0 - 0

While Hydro One supports the general intent of the Standard, we request that our suggestions below are incorporated.  We do not agree with the addition of R1.3.  We believe that this wording does not sufficiently address potential disagreements between entities.  The Standard should address a situation in which two entities at each end of a communication link cannot reach an agreement on the level of protection that needs to be applied to the communication link between their Control Centres, or, the situation in which one entity’s plan does not align with another entity’s plan.

 

In addition, it is not clear how the Standard addresses Control Centres that will be built in the future.  The term “plan” and verbiage of Requirement 1 suggests that this may be a one-time plan that will address existing Control Centres only.

 

An alternative approach may be to remove the word “plan” and simply require entities to implement logical/physical controls that both entities agree upon.  If the entities cannot reach an agreement, a third party can be selected to provide a resolution.

 

In addition, the measures (M1) do not sufficiently describe how compliance would be demonstrated.

Oshani Pathirane, 12/11/2017

- 0 - 0

No, CenterPoint Energy Houston Electric, LLC (“CenterPoint Energy”) does not agree with this revision.  CenterPoint Energy recommends the following revisions to proposed Requirement R1:

The Responsible Entity shall develop one or more documented plan(s) to mitigate the risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring data while being transmitted between Control Centers. This requirement excludes oral communications. The plan shall include: [Violation Risk Factor: Medium] [Time Horizon: Operations Planning].

CenterPoint Energy recommends the SDT remove the phrase “and control” from the expanded phrase “Real-time monitoring and control data.” The inclusion of the phrase “and control” may create confusion and does not align with TOP-003 and IRO-010 data specification Requirements.  Additionally, the phrase was not mentioned in FERC Order 822.  The SDT recognizes in the corresponding Technical Rationale document that “in practice Real-time control data is not transmitted separately from Real-time monitoring data.” Given this practice, the introduction of the concept of separately transmitted “Real-time control data” may create confusion on whether there are additional data specification responsibilities besides those detailed in TOP-003 and IRO-010. Additionally, when control signals that result in the physical operation of BES elements are transmitted between Control Centers, such control signals receive the same protection from unauthorized disclosure or modification as the data and information identified as necessary to perform Real-time Assessments and Real-time monitoring. Thus, there is no need for the additional language to the phrase and no additional benefit to the industry or Reliability. 

CenterPoint Energy also recommends removing the word “any” from the phrase “any Control Center” because the word is too broad and does not add value or clarity to the requirement.  

CenterPoint Energy also notes that the definition of Control Center is currently being revised.  CenterPoint Energy recommends that the definition of Control Center be finalized before the final ballot of CIP-012-1.

Lan Nguyen, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments 1

- 0 - 0

Daniel Gacek, Exelon, 1, 12/11/2017

- 0 - 0

Xcel Energy agrees with the removal of language related to Planning Analysis, but continues to have concerns with implementation of this Standards as related to the term and definition of Control Center.  Specifically, Xcel Energy is concerenced with the definition of "associated data centeres" as part of the Control Center.  The Standard does not appear to apply to communication between the control center and a field device (per reference model on page 5 of Technical Rationale).  However, if there is a control center communicating with a device that aggregates multiple field devices, such as a dual ported RTU, is that aggregating device location considered an associated data center?

Amy Casuscelli, On Behalf of: Xcel Energy, Inc. - MRO, WECC, SPP RE - Segments 1, 3, 5, 6

- 0 - 0

Laura Nelson, 12/11/2017

- 0 - 0

While the SDT believes the “integrity and availability of sensitive bulk electric system data”, as noted in FERC Order No. 822, paragraph 54, is addressed in R1, Texas RE notes the use of the term “or”: Identification of security protection used to mitigate the risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring and control data while being transmitted between Control Centers.  In its response, the SDT specifically referenced the Consideration of Issue or Directive document.  In that document, the SDT makes clear that entities may elect, solely at their discretion, to protect communications links, data, or both. 

 

Texas RE believes this directly conflicts with the plain language in FERC Order No. 822, P. 54.  FERC made it clear that protections should apply to both communication links and sensitive data.  However, the SDT has specified such protections could be potentially applied solely to communications links or sensitive data.  That is, the SDT has endorsed permitting responsible entities to simply elect to plan and implement physical protections for communications links.  This would “mitigate” the risk of an unauthorized disclosure or modification of data using one of the delineated methods.  As such, the responsible entity would potentially be compliant with the standard without proposing or implementing any logical protections for sensitive data during its transmission.  This appears counter to FERC’s intent to protect “both the integrity and availability of sensitive bulk electric system data.”  FERC Order No. 822, P. 54.  Texas RE maintains its recommendation to 1) change “or” to “and”; and 2) change the phrase risk of unauthorized disclosure or modification to integrity and availability of sensitive bulk electric system data.

 

Additionally, Since GO does not appear in the definition of Control Center, Texas RE suggests removing GO from the applicability section. 

Rachel Coyne, Texas Reliability Entity, Inc., 10, 12/11/2017

- 0 - 0

We have no technical concerns with the proposed standard, but it is unclear how 3rd party-owned Control Centers that GO/GOPs use through an agency relationship are to be addressed.   CIP-012-1 states in sect. 4.1, “The requirements in this standard apply to the following functional entities, referred to as ‘Responsible Entities,’ that own or operate a Control Center,”… “4.1.2. Generator Operator,”…”4.1.3. Generator Owner.”  GO/GOPs do not operate agency-relationship Control Centers any more than they own them, so CIP-012-1 responsibilities apparently rest with the owners of 3rd-party Control Centers and not with the GO/GOPs that hire them.  It is unclear how these obligations are communicated and administered, however, since 3rd-party Control Center owners are not (and cannot be) NERC-registered entities.

Jennifer Hohenshilt, Talen Energy Marketing, LLC, 6, 12/11/2017

- 0 - 0

Maryanne Darling-Reich, On Behalf of: Black Hills Corporation - WECC - Segments 1, 3, 5, 6

- 0 - 0

The requirement as written does not provide clear threshold on the type of Control Centers that should be in scope for this standard, i.e. does this requirement apply to high/medium impact BES Cyber Systems, or it also applies to low impact BES Cyber System. Please clarify. Please also consider how to incorporate the scoping criteria into CIP-002 standard.

Jeanne Kurzynowski, On Behalf of: Consumers Energy Company - RF - Segments 1, 3, 4, 5

- 0 - 0

We support SRP and Chelan PUD comments.

Seattle City Light Ballot Body, Segment(s) 1, 4, 6, 5, 3, 12/2/2016

- 0 - 0

 

It not clear who will maintain responsibility for compliance with the standard and who will be audited.

 

- 0 - 0

R1 addresses developing a plan and R2 implementing the plan.  In numerous EOP standards involving plans as well as in IRO-014, the terminology used is “develop, maintain and implement”.   Maintenance of a plan i.e. keeping it up to date is essential.  Thus we recommend modifying R1 so that it reads :

R1. The Responsible Entity shall develop and maintain one or more documented plan(s) to mitigate (…)

This comment is more of a comprehension question.  If we take for example the following :  we have two control centers and the distance between the two control centers is approximately 20 miles (32Km) .

One control center has two buildings and the distance between the two buildings is approximately 70 miles (112Km).   One building is for the Operating personnel hosting facility, which has a defined PSP and an ESP. The other building, is the data Center (hosting RAS servers), which has a defined PSP and an ESP.

There is a communication link (70 miles (112Km)) between the Operating personnel hosting building and the data center building. This communication link would not be subject of CIP-012.   The communication link (20 miles (32Km)) between the two control centers would be subject to the CIP-012.

Is this comprehension correct?

 

Chantal Mazza, On Behalf of: Hydro-Qu?bec TransEnergie - NPCC - Segments 2

- 0 - 0

Melanie Seader, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

SDG&E is in agreement with Duke Energy's comments

- 0 - 0

PNMR Agrees with the SDT and AEP’s comments to remove Operational and Planning data from the scope of the Standard.   However we do not share AEP’s concerns and comments regarding market related data.

Laurie Williams, 12/11/2017

- 0 - 0

David Ramkalawan, 12/11/2017

- 0 - 0

FMPA, Segment(s) , 10/23/2017

- 0 - 0

We are still unclear on the included data. For R1.2, recommend that the Entities should mutually agree on the demarcation points. For R1.3, we are concerned with resolution of disagreements between different Entities.

Leonard Kula, Independent Electricity System Operator, 2, 12/11/2017

- 0 - 0

Douglas Webb, 12/11/2017

- 0 - 0

larry brusseau, On Behalf of: Corn Belt Power Cooperative, , Segments 1

- 0 - 0

ERCOT signs onto the comments of the SRC/ITC/SWG of the IRC, pasted below.

 

Comments: The SRC & ITC SWG offers the following comment and recommendation. To draw a more clear line to the TOP-003 and IRO-010 standards, the SWG recommends revising Requirement R1 as follows, “For Real-time Assessment and Real-time monitoring and control data, as documented by a Reliability Coordinator, Transmission Operator, or Balancing Authority, the Responsible Entity shall develop one or more documented plan(s) to mitigate the risk of the unauthorized disclosure or modification of the data while it is being transmitted between Control Centers. This excludes oral communications, regardless of transport means.” 

Elizabeth Axson, 12/11/2017

- 0 - 0

It is unnecessary to have 2 Requirements for this Standard, especially with each Requirement currently identified to have the same enforceable date. NV Energy recommends following precedence of other Standards and combining the Requirements into a single requirement that states, "An entity shall implement one or more document processes/plans....". .

Kevin Salsbury, On Behalf of: Berkshire Hathaway - NV Energy, , Segments 5

- 0 - 0

WAPA does not agree with two separate requirements, one for a plan and one for implementation. We recommend following precedent in the other CIP standards, for example, CIP-004-6. The obligation can be accomplished with one requirement, as follows.

R1. “The Responsible Entity shall implement one or more documented process(es) to mitigate the risk of the unauthorized disclosure or modification of Real-time Assessments and Real-time monitoring and control data while being transmitted between any Control Centers, except under CIP Exceptional Circumstances. This excludes oral communications. The process(es) shall identify:

R1.1 security protection used to mitigate risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring and control data while being transmitted and received between Control Centers,

R1.2 demarcation point(s) where security protection is applied for transmitting Real-time Assessment and Real-time monitoring and control data between Control Centers. Demarcation points identified by the Responsible Entity do not add additional Cyber Assets to the scope of the CIP Reliability Standards; and

R1.3. Identification of roles and responsibilities of each Responsible Entity for applying security protection to the transmission of Real-time Assessment and Real-time monitoring and control data between Control Centers, when the Control Centers are owned or operated by different Responsible Entities.

Other changes in this recommended language: 

R1.1 was changed to clarify that data is being protected while being “transmitted and received” between Control Centers. 

R1.2 was changed to include important scoping from the implementation guidance that belongs in the requirement, that demarcation points don’t add additional Cyber Assets to the scope of the CIP standards.

sean erickson, Western Area Power Administration, 1, 12/11/2017

- 0 - 0

We are still unclear on the included data. For R1.2, recommend that the Entities should mutually agree on the demarcation points. For R1.3, we are concerned with resolution of disagreements between different Entities.

RSC no Dominion and ISO-NE, Segment(s) 10, 2, 4, 5, 6, 7, 1, 3, 12/11/2017

- 0 - 0

Scoping to real-time data is appropriate as entities share significant amounts of data between control centers for coordination, safety, and operations that would not have an 15 minute impact on the BES. The requirement should only apply to real-time data that would impact BES operations.

DTE Energy - DTE Electric, Segment(s) 5, 4, 3, 2/27/2017

- 0 - 0

Comments: The SRC & ITC SWG offers the following comment and recommendation. To draw a more clear line to the TOP-003 and IRO-010 standards, the SWG recommends revising Requirement R1 as follows, “For Real-time Assessment and Real-time monitoring and control data, as documented by a Reliability Coordinator, Transmission Operator, or Balancing Authority, the Responsible Entity shall develop one or more documented plan(s) to mitigate the risk of the unauthorized disclosure or modification of the data while it is being transmitted between Control Centers. This excludes oral communications, regardless of transport means.”

 

 

 

SRC + SWG , Segment(s) 2, 3, 1, 0, 10/30/2017

- 0 - 0

RoLynda Shumpert, On Behalf of: SCANA - South Carolina Electric and Gas Co., SERC, Segments 1, 3, 5, 6

- 0 - 0

Sergio Banuelos, On Behalf of: Tri-State G and T Association, Inc., MRO, WECC, Segments 1, 3, 5

- 0 - 0

Hot Answers

Tacoma Power endorses the draft comments shared with it by Salt River Project (SRP), which follow:

SRP agrees scoping CIP-012-1 Requirement R1 in this manner and thanks the SDT for the opportunity to comment on the scope. However, as stated in SRP’s response to question 1, SRP does not agree viewing of the Real-time Assessment and Real-time monitoring and control data without context will decrease the reliable operation of the BES and asserts confidentiality does not need to be protected for all data under this scope.

Rick Applegate, 12/11/2017

- 0 - 0

Southern Company, Segment(s) 1, 3, 5, 6, 6/15/2017

- 0 - 0

Other Answers

Steven Powell, On Behalf of: Trans Bay Cable LLC, WECC, Segments NA - Not Applicable

- 0 - 0

Kara White, On Behalf of: NRG - NRG Energy, Inc., FRCC, MRO, WECC, Texas RE, NPCC, SERC, SPP RE, RF, Segments 3, 4, 5, 6

- 0 - 0

Kristine Ward, On Behalf of: Seminole Electric Cooperative, Inc., FRCC, Segments 1, 3, 4, 5, 6

- 0 - 0

CHPD requests more formal definition of terms that describe the data in question.  Consider a NERC Glossary term of “BES data” (used in this question) to address “monitoring” and “control” data types in a single definition.  A potential, admittedly simple, initial definition to consider:

BES Data – Electronic data used by BES Cyber Systems to perform Supervisory Control and Data Acquisition (SCADA).

If the STD believes that monitoring and control data should be defined separately, then CHPD instead requests new NERC Glossary terms for “monitoring data” and “control data” in place of a combined definition.

Chelan PUD, Segment(s) 5, 3, 1, 6, 11/13/2017

- 5 - 0

AEP believes this aligns with CIP-002 identification processes and narrows the scope appropriately.

Aaron Austin, 12/5/2017

- 0 - 0

While BPA agrees with the exclusion of Operational Planning Analysis from the scope of R1, we still do not agree with the need for CIP-012.

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

TVA agrees that the proposed scoping of sensitive BES data consistent with existing standards is appropriate.  This approach helps clarify what data to protect should the entity choose an application layer protection, and may also aid in identifying the links to which the controls are applied.

Tennessee Valley Authority, Segment(s) 1, 3, 5, 6, 9/1/2016

- 0 - 0

We agree with the removal of “data related to Operational Planning Analysis” from R1.  However, clarification is needed to ensure that the “control data” term is consistently applied and clearly addresses the intent of FERC’s directive.  Additionally, important scoping from the implementation guidance belongs in the requirement, that demarcation points don’t add additional Cyber Assets to the scope of the CIP standards.

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 6/14/2017

- 0 - 0

Donald Lock, 12/8/2017

- 0 - 0

FirstEnergy Corporation, Segment(s) 4, 1, 3, 5, 6, 4/11/2017

- 0 - 0

Please refer to NRECA comments.

Paul Huettl, 12/8/2017

- 0 - 0

The California ISO supports the comments of the IRC Security Working Group (SWG)

Richard Vine, 12/8/2017

- 0 - 0

Reclamation does not agree with the scope of CIP-012-1 Requirement R1.

Reclamation recommends the SDT implement the following:

  • Clearly specify that each Responsible Entity is required to mitigate the risk of unauthorized disclosure or modification of its own BES Data between its own Control Centers.

    Add the following definition to the NERC Glossary of Terms:

BES Data: BES reliability operating services information related to the entity’s high and medium impact Control Centers which affects Operational Planning Analysis, Real-time Assessments, and Real-time monitoring and control of the facility, and would affect the operation of the BES if compromised.

Richard Jackson, U.S. Bureau of Reclamation, 1, 12/8/2017

- 0 - 0

PSEG REs, Segment(s) 5, 6, 3, 1, 11/2/2017

- 2 - 0

Glen Farmer, Avista - Avista Corporation, 5, 12/8/2017

- 0 - 0

TEC wishes to endorse the comment of the Edison Electric Institute.

Ronald Donahey, TECO - Tampa Electric Co., 3, 12/8/2017

- 0 - 0

The term “control data” is not defined.  Dominion Energy recommends either defining the term or providing additional guidance on its meaning in the GTB.

In addition, Part 1.3 is strictly administrative in nature and does not enhance the reliability of the BES.  We recommend that this part be removed in its entirety.

Finally, Dominion Energy is concerned that the demarcation line between Entities is not clearly defined.

Dominion, Segment(s) 3, 5, 1, 4/6/2017

- 0 - 0

PPL NERC Registered Affiliates, Segment(s) 3, 1, 5, 6, 2/9/2017

- 0 - 0

The revised scoping appropriately omits operational planning.

Vivian Moser, 12/8/2017

- 0 - 0

AE does not, however, agree viewing Real-time Assessment and monitoring/control data without context will adversely affect reliable operation of the BES and believes not all in-scope data requires the same level of confidentiality.

Andrew Gallo, 12/8/2017

- 0 - 0

PNMR agrees with the scoping of sensitive BES data to Real-time Assessment and Real-time monitoring and control data.  While others have commented a concern regarding a lack of formal NERC Glossary of Terms definition, PNMR does not share this concern.  If this concept was used beyond this standard then a formal defined term would be appropriate.

Lynn Goldstein, 12/8/2017

- 0 - 0

Eleanor Ewry, 12/8/2017

- 0 - 0

Nicholas Lauriat, On Behalf of: Network and Security Technologies, , Segments 1

- 0 - 0

SPP Standards Review Group, Segment(s) 0, 12/10/2017

- 0 - 0

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

Same comments as question 1 above.

Barry Lawson, 12/11/2017

- 0 - 0

I support Andrew Gallo's Comments from Austin Energy.

W. Dwayne Preston, Austin Energy, 3, 12/11/2017

- 0 - 0

Important scoping from the implementation guidance belongs in the requirement, that demarcation points don’t add additional Cyber Assets to the scope of the CIP standards.

Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1, 12/11/2017

- 0 - 0

SRP agrees scoping CIP-012-1 Requirement R1 in this manner and thanks the SDT for the opportunity to comment on the scope. However, as stated in SRP’s response to question 1, SRP does not agree viewing of the Real-time Assessment and Real-time monitoring and control data without context will decrease the reliable operation of the BES and asserts confidentiality does not need to be protected for all data under this scope.

Lona Calderon, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

CSU agrees scoping CIP-012-1 Requirement R1 in this manner and thanks the SDT for the opportunity to comment on the scope. However, as stated in SRP’s response to question 1, SRP does not agree viewing of the Real-time Assessment and Real-time monitoring and control data without context will decrease the reliable operation of the BES and asserts confidentiality does not need to be protected for all data under this scope.

Shannon Fair, On Behalf of: Shannon Fair, , Segments 1, 3, 5, 6

- 0 - 0

Support Terry Harbour comments (Berhshire Hathaway - MidAmerican Energy Company)

Annette Johnston, 12/11/2017

- 0 - 0

Oshani Pathirane, 12/11/2017

- 0 - 0

As mentioned in the Response to Question No. 1, the phrase “and control” should be removed from the requirement.

Lan Nguyen, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments 1

- 0 - 0

Daniel Gacek, Exelon, 1, 12/11/2017

- 0 - 0

Xcel Energy believes that the types of data to be within scope, as identified by data specification lists orginating from Requirements TOP-003 and IRO-010 are not specific enough to determine or limit the types of data or communciation methods that would need to be protected as Real Time Assessment, Real Time Monitoring, or Control Data.  These lists contain data and methods of communicating data that Xcel Energy would not clasify as Real Time Assessment, Real Time Monitoring, or Control Data.  Xcel Energy's concern is that NERC and/or Regional Entites may.  The inclusion of all data types and methods on these lists could bring systems like corporate email into scope, which Xcel Energy would adamantly oppose.  We suggest adding further clarification as to what types of data are included as Real Time Assessment, Real Time Monitoring and Control Data. 

Amy Casuscelli, On Behalf of: Xcel Energy, Inc. - MRO, WECC, SPP RE - Segments 1, 3, 5, 6

- 0 - 0

Laura Nelson, 12/11/2017

- 0 - 0

Texas RE notes the SDT modified R1 to apply to Real-time Assessment (RTA) and Real-time monitoring to be consistent with the definition of Control Center, however, Texas RE recommends including Operational Planning Analysis (OPA). The SDT’s position is that OPA data for the next day, if rendered unavailable, would not adversely impact the reliable operation of the BES within 15 minutes.  However, impact to the reliable operation of the BES within 15 minutes should not be the only consideration for protection of OPA data. Texas RE notes that OPA and RTA data are distinguishable only by the period that data is actually used. Most important, OPA’s data risk of unauthorized disclosure should be mitigated consistent with other similar sensitive data. For example, if a registered entity’s communications between Control Centers were compromised, OPA data may be useful in the planning of future attacks on the BES. The OPA data includes information such an evaluation of projected system conditions to assess anticipated (pre-Contingency) and potential (post-Contingency) conditions for next-day operations. The evaluation also reflects load forecasts; generation output levels; Interchange; known Protection System and Special Protection System status or degradation. It is not difficult to think of a scenario whereby unauthorized disclosure of OPA data, may adversely impact the reliable operation of the BES within 15 minutes.

 

Since the SDT is electing not to directly reference other standards, the SDT could change the language of R1 to say: The Responsible Entity shall develop one or more documented plan(s) to mitigate the risk of unauthorized disclosure or modification of data as defined by the data specification required to fulfill operational and planning responsibilities while being transmitted between any Control Centers.  This would make CIP-012-1 consistent with the IRO-010 and TOP-003 Standards, as well as include the OPA data.

 

Since the terms “Real-time monitoring” and “control data”, used in part 1.3, is not defined, Texas RE requests the SDT provide examples of this type of data.  This could be done as part of the Implementation Guidance document.

 

Texas RE requests the SDT describe the types of controls it expects to see that are not covered by IRO-010 and TOP-003.

Rachel Coyne, Texas Reliability Entity, Inc., 10, 12/11/2017

- 0 - 0

Jennifer Hohenshilt, Talen Energy Marketing, LLC, 6, 12/11/2017

- 0 - 0

Sensitive BES data required Real-time Assessments, Real-time Monitoring and Control data is the appropriate scope in CIP-012-1 Requirement R1

Maryanne Darling-Reich, On Behalf of: Black Hills Corporation - WECC - Segments 1, 3, 5, 6

- 0 - 0

Please clarify the scope of the standard and requirement.

Jeanne Kurzynowski, On Behalf of: Consumers Energy Company - RF - Segments 1, 3, 4, 5

- 0 - 0

We support SRP and Chelan PUD comments.

Seattle City Light Ballot Body, Segment(s) 1, 4, 6, 5, 3, 12/2/2016

- 0 - 0

 

We have a concern regarding real time assessment, the real time assessment is a study about the system condition and is not going to change the status of the power system.  The data does not need to be protected to this level because knowledge of the data would not lead to scenario that would impact the BES within 15 minutes.  Additionally, the operators validate the data through reasonable tests before they make operational actions.

 

- 0 - 0

Chantal Mazza, On Behalf of: Hydro-Qu?bec TransEnergie - NPCC - Segments 2

- 0 - 0

Melanie Seader, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

SDG&E is in agreement with Xcel Energy's comments

- 0 - 0

PNMR agrees with the scoping of sensitive BES data to Real-time Assessment and Real-time monitoring and control data.  While others have commented a concern regarding a lack of formal NERC Glossary of Terms definition, PNMR does not share this concern.  If this concept was used beyond this standard then a formal defined term would be appropriate.

Laurie Williams, 12/11/2017

- 0 - 0

David Ramkalawan, 12/11/2017

- 0 - 0

FMPA agrees with the removal of data used for Operational Planning Analysis

FMPA, Segment(s) , 10/23/2017

- 0 - 0

We conceptually agree with the scoping but need more details on “monitoring and control data.” We agree with the removal of “Operational Planning Analysis.”

Leonard Kula, Independent Electricity System Operator, 2, 12/11/2017

- 0 - 0

Douglas Webb, 12/11/2017

- 0 - 0

larry brusseau, On Behalf of: Corn Belt Power Cooperative, , Segments 1

- 0 - 0

Elizabeth Axson, 12/11/2017

- 0 - 0

Kevin Salsbury, On Behalf of: Berkshire Hathaway - NV Energy, , Segments 5

- 0 - 0

WAPA agrees with the removal of “data related to Operational Planning Analysis” from R1.  However, clarification is needed to ensure that the “control data” term is consistently applied and clearly addresses the intent of FERC’s directive.  Additionally, important scoping from the implementation guidance belongs in the requirement, that demarcation points don’t add additional Cyber Assets to the scope of the CIP standards.

sean erickson, Western Area Power Administration, 1, 12/11/2017

- 0 - 0

We conceptually agree with the scoping but need more details on “monitoring and control data.” We agree with the removal of “Operational Planning Analysis.”

RSC no Dominion and ISO-NE, Segment(s) 10, 2, 4, 5, 6, 7, 1, 3, 12/11/2017

- 0 - 0

DTE Energy - DTE Electric, Segment(s) 5, 4, 3, 2/27/2017

- 0 - 0

None

SRC + SWG , Segment(s) 2, 3, 1, 0, 10/30/2017

- 0 - 0

RoLynda Shumpert, On Behalf of: SCANA - South Carolina Electric and Gas Co., SERC, Segments 1, 3, 5, 6

- 0 - 0

Sergio Banuelos, On Behalf of: Tri-State G and T Association, Inc., MRO, WECC, Segments 1, 3, 5

- 0 - 0

Hot Answers

Rick Applegate, 12/11/2017

- 0 - 0

Southern Company, Segment(s) 1, 3, 5, 6, 6/15/2017

- 0 - 0

Other Answers

Steven Powell, On Behalf of: Trans Bay Cable LLC, WECC, Segments NA - Not Applicable

- 0 - 0

Kara White, On Behalf of: NRG - NRG Energy, Inc., FRCC, MRO, WECC, Texas RE, NPCC, SERC, SPP RE, RF, Segments 3, 4, 5, 6

- 0 - 0

Kristine Ward, On Behalf of: Seminole Electric Cooperative, Inc., FRCC, Segments 1, 3, 4, 5, 6

- 0 - 0

Chelan PUD, Segment(s) 5, 3, 1, 6, 11/13/2017

- 5 - 0

Aaron Austin, 12/5/2017

- 0 - 0

While BPA agrees with the language of R2, we still do not agree with the need for CIP-012, or with the standard as currently drafted.

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

Tennessee Valley Authority, Segment(s) 1, 3, 5, 6, 9/1/2016

- 0 - 0

The NSRF does not agree with two separate requirements, one for a plan and one to implementation. We recommend following precedent in the other CIP standards, for example, CIP-004-6. The obligation can be accomplished with one requirement, as follows.

R1. “The Responsible Entity shall implement one or more documented process(es) to mitigate the risk of the unauthorized disclosure or modification of Real-time Assessments and Real-time monitoring and control data while being transmitted between any Control Centers, except under CIP Exceptional Circumstances. This excludes oral communications. The process(es) shall identify:

R1.1 security protection used to mitigate risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring and control data while being transmitted between Control Centers,

R1.2 demarcation point(s) where security protection is applied for transmitting Real-time Assessment and Real-time monitoring and control data between Control Centers. Demarcation points identified by the Responsible Entity do not add additional Cyber Assets to the scope of the CIP Reliability Standards; and

           For R1.3, please see our rational in question 6.  R1.3  Identify each Responsible Entity for applying security protection(s) to the transmission of Real-time Assessment and Real-time monitoring and control data between Control Centers, when the Control Centers are owned or operated by different Responsible Entities.” 

This also includes important scoping from the implementation guidance that belongs in the requirement, that demarcation points don’t add additional Cyber Assets to the scope of the CIP standards.

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 6/14/2017

- 0 - 0

Donald Lock, 12/8/2017

- 0 - 0

FirstEnergy Corporation, Segment(s) 4, 1, 3, 5, 6, 4/11/2017

- 0 - 0

Please refer to NRECA comments.

Paul Huettl, 12/8/2017

- 0 - 0

The California ISO supports the comments of the IRC Security Working Group (SWG)

Richard Vine, 12/8/2017

- 0 - 0

Reclamation recommends the SDT implement the following:

  • Replace the term “plan” with “process” for consistency with other CIP standards.

  • Change Requirement R2:

from: The Responsible Entity shall implement the plan(s) specified in Requirement R1, except under CIP Exceptional Circumstances

to: The Responsible Entity shall implement the process(s) specified in Requirement R1, except under CIP Exceptional Circumstances

Richard Jackson, U.S. Bureau of Reclamation, 1, 12/8/2017

- 0 - 0

PSEG REs, Segment(s) 5, 6, 3, 1, 11/2/2017

- 2 - 0

A plan would be created to outline protections and classify BES data moving between control centers.

Glen Farmer, Avista - Avista Corporation, 5, 12/8/2017

- 0 - 0

TEC wishes to endorse the comment of the Edison Electric Institute.

Ronald Donahey, TECO - Tampa Electric Co., 3, 12/8/2017

- 0 - 0

Dominion, Segment(s) 3, 5, 1, 4/6/2017

- 0 - 0

PPL NERC Registered Affiliates, Segment(s) 3, 1, 5, 6, 2/9/2017

- 0 - 0

Vivian Moser, 12/8/2017

- 0 - 0

Andrew Gallo, 12/8/2017

- 0 - 0

Lynn Goldstein, 12/8/2017

- 0 - 0

Eleanor Ewry, 12/8/2017

- 0 - 0

Nicholas Lauriat, On Behalf of: Network and Security Technologies, , Segments 1

- 0 - 0

SPP Standards Review Group, Segment(s) 0, 12/10/2017

- 0 - 0

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

Barry Lawson, 12/11/2017

- 0 - 0

I support Andrew Gallo's Comments from Austin Energy.

W. Dwayne Preston, Austin Energy, 3, 12/11/2017

- 0 - 0

We do not agree with two separate requirements, one for a plan and one to implement. We recommend following precedent in the other CIP standards, for example, CIP-004-011. The obligation can be accomplished with one requirement, as follows. “The Responsible Entity shall implement one or more documented process(es) to mitigate the risk of the unauthorized disclosure or modification of Real-time Assessments and Real-time monitoring and control data while being transmitted between any Control Centers, except under CIP Exceptional Circumstances. This excludes oral communications. The process(es) shall identify: 1.1 security protection used to mitigate risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring and control data while being transmitted between Control Centers. 1.2 demarcation point(s) where security protection is applied for transmitting Real-time Assessment and Real-time monitoring and control data between Control Centers. Demarcation points identified by the Responsible Entity do not add additional Cyber Assets to the scope of the CIP Reliability Standards; and 1.3 roles and responsibilities of each Responsible Entity for applying security protection to the transmission of Real-time Assessment and Real-time monitoring and control data between Control Centers, when the Control Centers are owned or operated by different Responsible Entities.”  This also includes important scoping from the implementation guidance that belongs in the requirement, that demarcation points don’t add additional Cyber Assets to the scope of the CIP standards.

Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1, 12/11/2017

- 0 - 0

SRP agrees on implementing a plan and agrees a CIP Exceptional Circumstance is in order.

Lona Calderon, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

CSU agrees on implementing a plan and agrees a CIP Exceptional Circumstance is in order.

Shannon Fair, On Behalf of: Shannon Fair, , Segments 1, 3, 5, 6

- 0 - 0

Support Terry Harbour comments (Berhshire Hathaway - MidAmerican Energy Company)

Annette Johnston, 12/11/2017

- 0 - 0

We require clarity on how the implementation plan will address Control Centres that will be built in the future.

Oshani Pathirane, 12/11/2017

- 0 - 0

Lan Nguyen, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments 1

- 0 - 0

Daniel Gacek, Exelon, 1, 12/11/2017

- 0 - 0

Amy Casuscelli, On Behalf of: Xcel Energy, Inc. - MRO, WECC, SPP RE - Segments 1, 3, 5, 6

- 0 - 0

Laura Nelson, 12/11/2017

- 0 - 0

Texas RE appreciates the SDT’s response.  As Texas RE previously noted, it does not necessarily oppose a CIP Exceptional Circumstances exception from the implementation requirements set forth in CIP-012-1 R2.  However, despite the SDT’s response, it remains unclear why certain CIP exception conditions, such as an imminent hardware failure, should necessarily trigger a relaxation of physical security protections for communications links transmitted sensitive data in all circumstances.

Rachel Coyne, Texas Reliability Entity, Inc., 10, 12/11/2017

- 0 - 0

Jennifer Hohenshilt, Talen Energy Marketing, LLC, 6, 12/11/2017

- 0 - 0

Maryanne Darling-Reich, On Behalf of: Black Hills Corporation - WECC - Segments 1, 3, 5, 6

- 0 - 0

Requirement R2 can be combined with Requirement R1 so that it is written in a consistent approach with other FERC approved CIP requirements.

Jeanne Kurzynowski, On Behalf of: Consumers Energy Company - RF - Segments 1, 3, 4, 5

- 0 - 0

We support SRP and Chelan PUD comments.

Seattle City Light Ballot Body, Segment(s) 1, 4, 6, 5, 3, 12/2/2016

- 0 - 0

- 0 - 0

Chantal Mazza, On Behalf of: Hydro-Qu?bec TransEnergie - NPCC - Segments 2

- 0 - 0

Melanie Seader, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

- 0 - 0

Laurie Williams, 12/11/2017

- 0 - 0

David Ramkalawan, 12/11/2017

- 0 - 0

FMPA, Segment(s) , 10/23/2017

- 0 - 0

Leonard Kula, Independent Electricity System Operator, 2, 12/11/2017

- 0 - 0

Douglas Webb, 12/11/2017

- 0 - 0

larry brusseau, On Behalf of: Corn Belt Power Cooperative, , Segments 1

- 0 - 0

Elizabeth Axson, 12/11/2017

- 0 - 0

It is unnecessary to have 2 Requirements for this Standard, especially with each Requirement currently identified to have the same enforceable date. NV Energy recommends following precedence of other Standards and combining the Requirements into a single requirement that states, "An entity shall implement one or more document processes/plans....". .

Kevin Salsbury, On Behalf of: Berkshire Hathaway - NV Energy, , Segments 5

- 0 - 0

WAPA does not agree with two separate requirements, one for a plan and one for implementation. We recommend following precedent in the other CIP standards, for example, CIP-004-6. The obligation can be accomplished with one requirement.  See response to question 1.

sean erickson, Western Area Power Administration, 1, 12/11/2017

- 0 - 0

RSC no Dominion and ISO-NE, Segment(s) 10, 2, 4, 5, 6, 7, 1, 3, 12/11/2017

- 0 - 0

DTE Energy - DTE Electric, Segment(s) 5, 4, 3, 2/27/2017

- 0 - 0

None

SRC + SWG , Segment(s) 2, 3, 1, 0, 10/30/2017

- 0 - 0

RoLynda Shumpert, On Behalf of: SCANA - South Carolina Electric and Gas Co., SERC, Segments 1, 3, 5, 6

- 0 - 0

Sergio Banuelos, On Behalf of: Tri-State G and T Association, Inc., MRO, WECC, Segments 1, 3, 5

- 0 - 0

Hot Answers

Tacoma Power endorses the draft comments shared with it by Salt River Project (SRP), which follow:

Overall, SRP does not agree with twenty-four (24) calendar months for the implementation of Requirements R1 and R2. Although SRP recognizes the SDT is not specifying the controls to be used to protect confidentiality and integrity, the only examples provided in the implementation guidance includes encryption. If there are other methods available to achieve the security objective, SRP asks the SDT to provide them. However, the only method available to achieve the proposed required objective, on the ICCP network, is to implement encryption. As FERC order 822 states on page 37, “if several registered entities have joint responsibility for a cryptographic key management system used between their respective Control Centers, they should have the prerogative to come to a consensus on which organization administers that particular key management system.” Furthermore, the FERC order states on page 38, “While responsible entities are required to exchange real-time and operational planning data necessary to operate the bulk electric system using mutually agreeable security protocols, there is no technical specification for how this transfer of information should incorporate mandatory security controls.” These are activities and specifications that must be created and agreed upon by all registered entities involved in the data transfer. As such the timeline is reliant on registered entities working together on a common solution and would not be achievable within 24 calendar months.

Additionally, if encryption fails, SRP would lose Real-time Assessment and Real-time monitoring and control data. There are many opportunities for encryption to fail that must be addressed. The implementation of encryption requires a pilot to truly understand and address the mechanisms of failure, the impacts encryption would cause on the exchange of the data, and the computing resources required. A pilot also requires a great amount of coordination to execute, not only within the industry, but may also include carriers, vendors, and possibly third-party encryption key program managers.

Because of the aforementioned reasons and concerns, SRP is recommending a phased implementation for CIP-012-1. A 24 month implementation is appropriate, but only for Requirement R1. The 24 months for R1 would provide time to coordinate and create an industry-wide solution. SRP is proposing the SDT include an additional 12 months for Requirement R2. The additional 12 months would be used for a pilot and course correction if needed, in addition to understanding, formulating, and executing maintenance strategies.

Rick Applegate, 12/11/2017

- 0 - 0

Southern Company, Segment(s) 1, 3, 5, 6, 6/15/2017

- 0 - 0

Other Answers

Steven Powell, On Behalf of: Trans Bay Cable LLC, WECC, Segments NA - Not Applicable

- 0 - 0

Kara White, On Behalf of: NRG - NRG Energy, Inc., FRCC, MRO, WECC, Texas RE, NPCC, SERC, SPP RE, RF, Segments 3, 4, 5, 6

- 0 - 0

Kristine Ward, On Behalf of: Seminole Electric Cooperative, Inc., FRCC, Segments 1, 3, 4, 5, 6

- 0 - 0

Chelan PUD, Segment(s) 5, 3, 1, 6, 11/13/2017

- 5 - 0

AEP believes a 24 month Implementation Plan is adequate provided the TOP-003 and IRO-010 Real-time data and the mutually agreeable security protocols are defined prior to the beginning of the CIP-012 implementation period.

Aaron Austin, 12/5/2017

- 0 - 0

BPA appreciates the increase to 24 months but recommends 36 months due to BPA’s large amount of applicable data, access to funds and resources to perform work required.

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

The proposed time period allows entities sufficient time to develop internal plans to implement the enhanced security requirements, negotiate the necessary security changes between entities, and to make appropriate contract adjustments with service providers.

Tennessee Valley Authority, Segment(s) 1, 3, 5, 6, 9/1/2016

- 0 - 0

The NRSF recommends an increase to at least three years in order to coordinate with other entities, including specification, design, budgeting, implementation and testing.

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 6/14/2017

- 0 - 0

Donald Lock, 12/8/2017

- 0 - 0

FirstEnergy Corporation, Segment(s) 4, 1, 3, 5, 6, 4/11/2017

- 0 - 0

Please refer to NRECA comments.

Paul Huettl, 12/8/2017

- 0 - 0

The California ISO supports the comments of the IRC Security Working Group (SWG)

Richard Vine, 12/8/2017

- 0 - 0

Richard Jackson, U.S. Bureau of Reclamation, 1, 12/8/2017

- 0 - 0

PSEG REs, Segment(s) 5, 6, 3, 1, 11/2/2017

- 2 - 0

Glen Farmer, Avista - Avista Corporation, 5, 12/8/2017

- 0 - 0

TEC wishes to endorse the comment of the Edison Electric Institute.

Ronald Donahey, TECO - Tampa Electric Co., 3, 12/8/2017

- 0 - 0

Dominion, Segment(s) 3, 5, 1, 4/6/2017

- 0 - 0

PPL NERC Registered Affiliates, Segment(s) 3, 1, 5, 6, 2/9/2017

- 0 - 0

The period of 24 months will likely be reasonable; however, agreement with neighboring entities poses an unpredictable step in terms of time for completion.

Vivian Moser, 12/8/2017

- 0 - 0

Overall, AE does not agree with twenty-four (24) calendar months for R1 and R2. Although AE recognizes the SDT does not specify the controls to protect confidentiality and integrity, the only examples provided in the implementation guidance include encryption. If other methods exist, AE believes the SDT should provide them.

The only way to achieve the proposed requirement on the ICCP network is encryption. As FERC Order 822 states (on page 37), “if several registered entities have joint responsibility for a cryptographic key management system used between their respective Control Centers, they should have the prerogative to come to a consensus on which organization administers that particular key management system.” The FERC order also states (on page 38), “While responsible entities are required to exchange real-time and operational planning data necessary to operate the bulk electric system using mutually agreeable security protocols, there is no technical specification for how this transfer of information should incorporate mandatory security controls.” These specifications must be created and agreed upon by all registered entities involved in the data transfer. Consequently, the time to comply depends on registered entities working together on a common solution and will likely take more than 24 months.

Additionally, if encryption fails, AE would lose Real-time monitoring and control data. Encryption may fail for many reasons. Implementing encryption should involve a pilot period to assess and address the mechanisms of failure, impacts on data exchange and the requisite computing resources. A pilot also requires coordination, not only for the industry, but also carriers, vendors, and, possibly, third-party encryption key program managers.

Consequently, AE recommends a phased implementation for CIP-012-1. A 24 month implementation is appropriate for R1 because it would provide time to coordinate and create an industry-wide solution. AE proposes the SDT grant an extra 12 months for R2 to allow for a pilot and adjustments, if needed.

Andrew Gallo, 12/8/2017

- 0 - 0

Lynn Goldstein, 12/8/2017

- 0 - 0

Eleanor Ewry, 12/8/2017

- 0 - 0

Nicholas Lauriat, On Behalf of: Network and Security Technologies, , Segments 1

- 0 - 0

SPP Standards Review Group, Segment(s) 0, 12/10/2017

- 0 - 0

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

NRECA appreciates the change from 12 months to 24 months in the Implementation Plan.

Barry Lawson, 12/11/2017

- 0 - 0

I support Andrew Gallo's Comments from Austin Energy.

W. Dwayne Preston, Austin Energy, 3, 12/11/2017

- 0 - 0

At least three years are needed to coordinate with other entities, including specification, design, budgeting, implementation and testing.

Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1, 12/11/2017

- 0 - 0

Overall, SRP does not agree with twenty-four (24) calendar months for the implementation of Requirements R1 and R2. Although SRP recognizes the SDT is not specifying the controls to be used to protect confidentiality and integrity, the only examples provided in the implementation guidance includes encryption. If there are other methods available to achieve the security objective, SRP asks the SDT to provide them. However, the only method available to achieve the proposed required objective, on the ICCP network, is to implement encryption. As FERC order 822 states on page 37, “if several registered entities have joint responsibility for a cryptographic key management system used between their respective Control Centers, they should have the prerogative to come to a consensus on which organization administers that particular key management system.” Furthermore, the FERC order states on page 38, “While responsible entities are required to exchange real-time and operational planning data necessary to operate the bulk electric system using mutually agreeable security protocols, there is no technical specification for how this transfer of information should incorporate mandatory security controls.” These are activities and specifications that must be created and agreed upon by all registered entities involved in the data transfer. As such the timeline is reliant on registered entities working together on a common solution and would not be achievable within 24 calendar months.

Additionally, if encryption fails, SRP would lose Real-time Assessment and Real-time monitoring and control data. There are many opportunities for encryption to fail that must be addressed. The implementation of encryption requires a pilot to truly understand and address the mechanisms of failure, the impacts encryption would cause on the exchange of the data, and the computing resources required. A pilot also requires a great amount of coordination to execute, not only within the industry, but may also include carriers, vendors, and possibly third-party encryption key program managers.

Because of the aforementioned reasons and concerns, SRP is recommending a phased implementation for CIP-012-1. A 24 month implementation is appropriate, but only for Requirement R1. The 24 months for R1 would provide time to coordinate and create an industry-wide solution. SRP is proposing the SDT include an additional 12 months for Requirement R2. The additional 12 months would be used for a pilot and course correction if needed, in addition to understanding, formulating, and executing maintenance strategies.

Lona Calderon, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

Overall, CSU does not agree with twenty-four (24) calendar months for the implementation of Requirements R1 and R2. Although CSU recognizes the SDT is not specifying the controls to be used to protect confidentiality and integrity, the only examples provided in the implementation guidance includes encryption. If there are other methods available to achieve the security objective, we ask the SDT to provide them. However, the only method available to achieve the proposed required objective, on the ICCP network, is to implement encryption. As FERC order 822 states on page 37, “if several registered entities have joint responsibility for a cryptographic key management system used between their respective Control Centers, they should have the prerogative to come to a consensus on which organization administers that particular key management system.” Furthermore, the FERC order states on page 38, “While responsible entities are required to exchange real-time and operational planning data necessary to operate the bulk electric system using mutually agreeable security protocols, there is no technical specification for how this transfer of information should incorporate mandatory security controls.” These are activities and specifications that must be created and agreed upon by all registered entities involved in the data transfer. As such the timeline is reliant on registered entities working together on a common solution and would not be achievable within 24 calendar months.

Because of the aforementioned reasons and concerns, CSU is recommending a phased implementation for CIP-012-1. A 24 month implementation is appropriate, but only for Requirement R1. The 24 months for R1 would provide time to coordinate and create an industry-wide solution. SRP is proposing the SDT include an additional 12 months for Requirement R2. The additional 12 months would be used for a pilot and course correction if needed, in addition to understanding, formulating, and executing maintenance strategies.

Shannon Fair, On Behalf of: Shannon Fair, , Segments 1, 3, 5, 6

- 0 - 0

Support Terry Harbour comments (Berhshire Hathaway - MidAmerican Energy Company)

Annette Johnston, 12/11/2017

- 0 - 0

Oshani Pathirane, 12/11/2017

- 0 - 0

Lan Nguyen, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments 1

- 0 - 0

Daniel Gacek, Exelon, 1, 12/11/2017

- 0 - 0

Xcel Energy does not agree with the proposed Implementation timeline.  We share real time data with Registed Entities (REs) such as the Reliability Coordinators (RCs) including MISO, SPP and PEAK.  Additionally, we share data with many utilties with Control Centers across our service territory.  Finding a common technological solution to implement the proposed mitigating activities in the Requirements will take a substantial effort of the part of all REs.  Once a common technology and all legal agreements between REs are in place, Xcel Energy may still have to purchanse and implement those technology solutions.

We suggest that NERC should advise and collaborate with all RCs to agree upon a common technology first and then drive those solutions from the RC down to each utility in scope. 

Amy Casuscelli, On Behalf of: Xcel Energy, Inc. - MRO, WECC, SPP RE - Segments 1, 3, 5, 6

- 0 - 0

Laura Nelson, 12/11/2017

- 0 - 0

Rachel Coyne, Texas Reliability Entity, Inc., 10, 12/11/2017

- 0 - 0

Jennifer Hohenshilt, Talen Energy Marketing, LLC, 6, 12/11/2017

- 0 - 0

Maryanne Darling-Reich, On Behalf of: Black Hills Corporation - WECC - Segments 1, 3, 5, 6

- 0 - 0

Jeanne Kurzynowski, On Behalf of: Consumers Energy Company - RF - Segments 1, 3, 4, 5

- 0 - 0

We support SRP and Chelan PUD comments.

Seattle City Light Ballot Body, Segment(s) 1, 4, 6, 5, 3, 12/2/2016

- 0 - 0

 

:Agreements between entities takes time and is it is dependent on items an entity  cannot control.  We recommend at least 36 months.

 

- 0 - 0

Chantal Mazza, On Behalf of: Hydro-Qu?bec TransEnergie - NPCC - Segments 2

- 0 - 0

Melanie Seader, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

SDG&E is in agreement with BPA's comments

- 0 - 0

A quick internal review by PNMR SMEs indicates that this implementation plan is reasonable for the proposed standard.

Laurie Williams, 12/11/2017

- 0 - 0

David Ramkalawan, 12/11/2017

- 0 - 0

FMPA supports the additional time this implementation plan provides.

FMPA, Segment(s) , 10/23/2017

- 0 - 0

We are concerned about equipment under existing contracts. We suggest a solution similar to CIP-013.

Leonard Kula, Independent Electricity System Operator, 2, 12/11/2017

- 0 - 0

Douglas Webb, 12/11/2017

- 0 - 0

larry brusseau, On Behalf of: Corn Belt Power Cooperative, , Segments 1

- 0 - 0

Elizabeth Axson, 12/11/2017

- 0 - 0

Kevin Salsbury, On Behalf of: Berkshire Hathaway - NV Energy, , Segments 5

- 0 - 0

WAPA recommends an increase to at least three years in order to coordinate with other entities, including specification, design, budgeting,  implementation and testing.

sean erickson, Western Area Power Administration, 1, 12/11/2017

- 0 - 0

We are concerned about equipment under existing contracts. We suggest a solution similar to CIP-013.

RSC no Dominion and ISO-NE, Segment(s) 10, 2, 4, 5, 6, 7, 1, 3, 12/11/2017

- 0 - 0

This seems to be an excessively long period of time to implement this proposed standard. The security of real-time data is important and should be prioritized. Yes, entities must communicate and develop joint plans to implement, but allowing a long horizon for implementation will not enable this communication to occur faster.

DTE Energy - DTE Electric, Segment(s) 5, 4, 3, 2/27/2017

- 0 - 0

None

SRC + SWG , Segment(s) 2, 3, 1, 0, 10/30/2017

- 0 - 0

RoLynda Shumpert, On Behalf of: SCANA - South Carolina Electric and Gas Co., SERC, Segments 1, 3, 5, 6

- 0 - 0

Sergio Banuelos, On Behalf of: Tri-State G and T Association, Inc., MRO, WECC, Segments 1, 3, 5

- 0 - 0

Hot Answers

Tacoma Power endorses the draft comments shared with it by Salt River Project (SRP), which follow:

SRP does not agree the current standard and implementation plan can be executed in a cost effective manner. Encryption is the only solution available to protect both confidentiality and integrity for the data within this scope. If the implementation timeframe remains at 24 months, more resources and capital will be required versus a phased implementation. A phased implementation provides the ability to not only ensure the most effective plan, but also provides the ability to plan more accurately within budget cycles. More importantly, if encryption fails, SRP would lose Real-time Assessment and Real-time monitoring and control data.  SRP is concerned a 24 month implementation timeline would impact reliability as there are many opportunities for encryption to fail that must be addressed. This has a direct correlation on cost when addressing those opportunities during this timeframe.

Rick Applegate, 12/11/2017

- 0 - 0

Southern Company, Segment(s) 1, 3, 5, 6, 6/15/2017

- 0 - 0

Other Answers

Steven Powell, On Behalf of: Trans Bay Cable LLC, WECC, Segments NA - Not Applicable

- 0 - 0

Kara White, On Behalf of: NRG - NRG Energy, Inc., FRCC, MRO, WECC, Texas RE, NPCC, SERC, SPP RE, RF, Segments 3, 4, 5, 6

- 0 - 0

Kristine Ward, On Behalf of: Seminole Electric Cooperative, Inc., FRCC, Segments 1, 3, 4, 5, 6

- 0 - 0

CHPD cannot determine if the objectives may be accomplished in a cost-effective manner until further clarification is provided for the terms “monitoring data” and “control data” (separate definitions) or “BES data” (combined definition).  CHPD also has concerns with vendor availability, with respect to the system software implementation that will be required for all entities industry-wide.  The comments provided by other entities to develop an industry-wide encryption specification is appealing and CHPD believes that would provide a better method for achieving the desired intra-entity security.

Chelan PUD, Segment(s) 5, 3, 1, 6, 11/13/2017

- 5 - 0

AEP believes communication network security requires “mutually agreed upon: formats, processes for resolving conflicts and security protocols” between entities.  However in practice, there is little that is mutually agreed upon in the data specification documents as they relate to IRO-010 and TOP-003.  The Balancing Authority, Transmission Operator and Reliability Coordinator specify the data they want to receive in the manner they want to receive it.  Others receiving the requests are obligated to comply. Without additional specificity, most entities will be at the mercy of what their BAs, TOPs and RCs require.  AEP believes this dependency creates only the presumption that solutions will be cost effective.  

Aaron Austin, 12/5/2017

- 0 - 0

BPA’s believes that if the data must be protected throughout the transmission, it would seem that could only be accomplished with encryption. For cases where the existing equipment is not capable of encryption, replacement will be costly and implementation lengthy.

Due to BPA’s large amount of applicable data, access to funds and resources to perform work required, the solution will be costly.

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

Tennessee Valley Authority, Segment(s) 1, 3, 5, 6, 9/1/2016

- 0 - 0

As noted in earlier comments, clarification of the “control data” term is needed to fully assess our ability to address the standard in a cost effective manner.  The flexibility built in to the current revision of R1 should support consideration of cost effective alternatives.

 

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 6/14/2017

- 0 - 0

See our response to question #1

Donald Lock, 12/8/2017

- 0 - 0

FirstEnergy Corporation, Segment(s) 4, 1, 3, 5, 6, 4/11/2017

- 0 - 0

Paul Huettl, 12/8/2017

- 0 - 0

The California ISO supports the comments of the IRC Security Working Group (SWG)

Richard Vine, 12/8/2017

- 0 - 0

Richard Jackson, U.S. Bureau of Reclamation, 1, 12/8/2017

- 0 - 0

PSEG REs, Segment(s) 5, 6, 3, 1, 11/2/2017

- 2 - 0

Glen Farmer, Avista - Avista Corporation, 5, 12/8/2017

- 0 - 0

TEC wishes to endorse the comment of the Edison Electric Institute.

Ronald Donahey, TECO - Tampa Electric Co., 3, 12/8/2017

- 0 - 0

At this time Dominion Energy has no information to assess the cost of a plan that has yet to be developed.

Dominion, Segment(s) 3, 5, 1, 4/6/2017

- 0 - 0

PPL NERC Registered Affiliates, Segment(s) 3, 1, 5, 6, 2/9/2017

- 0 - 0

Vivian Moser, 12/8/2017

- 0 - 0

AE does not agree the proposal can be implemented in a cost-effective manner. Encryption is the only available solution to protect in-scope data confidentiality and integrity. If the implementation period remains 24 months, entities will expend more resources and capital than using a phased implementation. A phased implementation provides the ability to ensure the most effective plan and plan more accurately within budget cycles. Also, if encryption fails, AE would lose Real-time monitoring and control data.  AE believes a 24 month implementation timeline will impact reliability because many opportunities exist for encryption to fail and those challenges must be addressed, which has a direct affect on cost.

Andrew Gallo, 12/8/2017

- 0 - 0

PNMR believes the reliability objectives can be met in a cost effective manner for any internal links.  However it is difficult to determine if links to external Entities can be met in a cost effective manner.  PNMR agrees with AEP’s concern of “mutually agreed upon: formats, processes for resolving conflicts and security protocols” can affect the cost of implementation.  Yet PNMR currently does not see an instance where this would greatly impact the cost of implementation.

Lynn Goldstein, 12/8/2017

- 0 - 0

Eleanor Ewry, 12/8/2017

- 0 - 0

Nicholas Lauriat, On Behalf of: Network and Security Technologies, , Segments 1

- 0 - 0

SPP Standards Review Group, Segment(s) 0, 12/10/2017

- 0 - 0

We are unable to answer this question in full at this time. The cost of implementation cannot be adequately assessed until discussion and coordination with our neighboring entities (control centers) has taken place. We do not know what additional protections or updates may need to be put in place until said discussions occur.

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

Barry Lawson, 12/11/2017

- 0 - 0

I support Andrew Gallo's Comments from Austin Energy.

W. Dwayne Preston, Austin Energy, 3, 12/11/2017

- 0 - 0

Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1, 12/11/2017

- 0 - 0

SRP does not agree the current standard and implementation plan can be executed in a cost effective manner. Encryption is the only solution available to protect both confidentiality and integrity for the data within this scope. If the implementation timeframe remains at 24 months, more resources and capital will be required versus a phased implementation. A phased implementation provides the ability to not only ensure the most effective plan, but also provides the ability to plan more accurately within budget cycles. More importantly, if encryption fails, SRP would lose Real-time Assessment and Real-time monitoring and control data.  SRP is concerned a 24 month implementation timeline would impact reliability as there are many opportunities for encryption to fail that must be addressed. This has a direct correlation on cost when addressing those opportunities during this timeframe.

Lona Calderon, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

CSU does not agree the current standard and implementation plan can be executed in a cost effective manner. Encryption is the only solution available to protect both confidentiality and integrity for the data within this scope. If the implementation timeframe remains at 24 months, more resources and capital will be required versus a phased implementation. A phased implementation provides the ability to not only ensure the most effective plan, but also provides the ability to plan more accurately within budget cycles. More importantly, if encryption fails, CSU would lose Real-time Assessment and Real-time monitoring and control data.  CSU is concerned a 24 month implementation timeline would impact reliability as there are many opportunities for encryption to fail that must be addressed. This has a direct correlation on cost when addressing those opportunities during this timeframe.

Shannon Fair, On Behalf of: Shannon Fair, , Segments 1, 3, 5, 6

- 0 - 0

no comments

Annette Johnston, 12/11/2017

- 0 - 0

Oshani Pathirane, 12/11/2017

- 0 - 0

The proposed Standard, as written, provides entities flexibility on implementation.

Lan Nguyen, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments 1

- 0 - 0

Daniel Gacek, Exelon, 1, 12/11/2017

- 0 - 0

We believe that the cost effectiveness of implementation would depend on the technology that would need to be deployed.  Similar to response to question 4, NERC should advise and work with all RCs to agree upon a common technology and drive those solutions from the RC down to each utility in order to ensure cost effectiveness.  The implementation of several different technologies to communicate with several different RCs and utilities would be overly burdensome and at a cost that would not be effective.

Amy Casuscelli, On Behalf of: Xcel Energy, Inc. - MRO, WECC, SPP RE - Segments 1, 3, 5, 6

- 0 - 0

Infrastructure will have to be added, and the standard allows for flexibility. There are some concerts that data exchange with other entities may become difficult, and it may become costly to support that infrastructure.

Laura Nelson, 12/11/2017

- 0 - 0

Texas RE does not have comments on this question.

Rachel Coyne, Texas Reliability Entity, Inc., 10, 12/11/2017

- 0 - 0

See response to Q1

Jennifer Hohenshilt, Talen Energy Marketing, LLC, 6, 12/11/2017

- 0 - 0

Maryanne Darling-Reich, On Behalf of: Black Hills Corporation - WECC - Segments 1, 3, 5, 6

- 0 - 0

More flexibility and less guidance could lead to inconsistency on requirement implementation among different entities.

Jeanne Kurzynowski, On Behalf of: Consumers Energy Company - RF - Segments 1, 3, 4, 5

- 0 - 0

We support SRP and Chelan PUD comments.

Seattle City Light Ballot Body, Segment(s) 1, 4, 6, 5, 3, 12/2/2016

- 0 - 0

 

We recommend that an encryption standard is published to guide entities.  Developing protocols between entities is time consuming and costly.  An exception process can be defined if needed to offer flexibility.

 

- 0 - 0

Chantal Mazza, On Behalf of: Hydro-Qu?bec TransEnergie - NPCC - Segments 2

- 0 - 0

Melanie Seader, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

SDG&E is in agreement with BPA's comments

- 0 - 0

PNMR believes the reliability objectives can be met in a cost effective manner for any internal links.  However it is difficult to determine if links to external Entities can be met in a cost effective manner.  PNMR agrees with AEP’s concern of “mutually agreed upon: formats, processes for resolving conflicts and security protocols” can affect the cost of implementation.  Yet PNMR currently does not see an instance where this would greatly impact the cost of implementation.

Laurie Williams, 12/11/2017

- 0 - 0

David Ramkalawan, 12/11/2017

- 0 - 0

FMPA, Segment(s) , 10/23/2017

- 0 - 0

Cost effectiveness will be determined by the Entity’s implementation and existing contracts.

Leonard Kula, Independent Electricity System Operator, 2, 12/11/2017

- 0 - 0

Douglas Webb, 12/11/2017

- 0 - 0

larry brusseau, On Behalf of: Corn Belt Power Cooperative, , Segments 1

- 0 - 0

Elizabeth Axson, 12/11/2017

- 0 - 0

Kevin Salsbury, On Behalf of: Berkshire Hathaway - NV Energy, , Segments 5

- 0 - 0

As noted in earlier comments, clarification of the “control data” term is needed to fully assess our ability to address the standard in a cost effective manner.  The flexibility built in to the current revision of R1 should support consideration of cost effective alternatives. 

sean erickson, Western Area Power Administration, 1, 12/11/2017

- 0 - 0

Cost effectiveness will be determined by the Entity’s implementation and existing contracts.

RSC no Dominion and ISO-NE, Segment(s) 10, 2, 4, 5, 6, 7, 1, 3, 12/11/2017

- 0 - 0

DTE Energy - DTE Electric, Segment(s) 5, 4, 3, 2/27/2017

- 0 - 0

None

SRC + SWG , Segment(s) 2, 3, 1, 0, 10/30/2017

- 0 - 0

     SCE&G has already implemented the controls to protect sensitive Bulk Electric System (BES) data while being transmitted over communications links between BES Control Centers. 

RoLynda Shumpert, On Behalf of: SCANA - South Carolina Electric and Gas Co., SERC, Segments 1, 3, 5, 6

- 0 - 0

Sergio Banuelos, On Behalf of: Tri-State G and T Association, Inc., MRO, WECC, Segments 1, 3, 5

- 0 - 0

Hot Answers

Thank you for your consideration.

Rick Applegate, 12/11/2017

- 0 - 0

Overall, Southern Company is concerned that the scope of data is too broad and subject to interpretation during audits without direct ties to the IRO and TOP standards requiring identification of the subject data.  The nature of the data in Control Center environments is such that its criticality often changes based on the current situation.  Entities performing TOP and BA functions, in particular, receive data from a variety of entities, each with its own data provision capabilities.  A variety of data formats and delivery mechanisms are accommodated, and not all data received is needed at all times.  Groupings of data and how those groupings are defined is important.  Without endorsed Technical Rationale and Implementation Guidance, development of an appropriate technical plan to address this requirement and support successful audits of it remain a concern. 

Southern Company feels that 12 months is appropriate to develop a plan, but an additional 24 months beyond planning may be needed to implement a reliable technical solution.  Given the need to perform a proper engineering study on network infrastructure to assess current state and adapt it to meet the new requirements, additional time is needed to assess how changes may impact system and network response (loading, latency, etc).  It will also be necessary to review and / or establish contracts and memorandums of understanding to ensure that we continue to reliably receive the data we need and to deliver the data that others may need from us.  Inherent in these studies and implementations are additional costs that may be impacted by budget cycles, as well as the costs attributable to resource constraints given the constant environment of standards changes currently.  These factors prevent any realistic analysis at this time of the cost-effectiveness of such implementations.

Apart from those noted above, Southern Company does not have any additional specific objections to the CIP-012-1 requirements, the draft Technical Rationale, or the draft Implementation Guidance.  It is important to note that the Proposed Reliability Standard currently does not have endorsed Technical Rationale and Implementation Guidance.  Due to this, Southern Company currently supports (with comments) the Proposed Reliability Standard with the understanding that NERC’s endorsement of the Implementation Guidance may impact our support for a final ballot of the standard.  

Southern Company, Segment(s) 1, 3, 5, 6, 6/15/2017

- 0 - 0

Other Answers

Steven Powell, On Behalf of: Trans Bay Cable LLC, WECC, Segments NA - Not Applicable

- 0 - 0

N/A

Kara White, On Behalf of: NRG - NRG Energy, Inc., FRCC, MRO, WECC, Texas RE, NPCC, SERC, SPP RE, RF, Segments 3, 4, 5, 6

- 0 - 0

Kristine Ward, On Behalf of: Seminole Electric Cooperative, Inc., FRCC, Segments 1, 3, 4, 5, 6

- 0 - 0

Implementing industry-wide secure communication is a significant coordination challenge for entities and their associated vendors.  The increase in security also brings increased complexity, maintenance, and failure potential that may negatively impact the reliable operation of the BES.  As a result, coordination for encryption key management will become an essential activity and CHPD would, similar to other entity comments, appreciate guidance for these activities.

CHPD also has general concerns that implementing encryption results in the loss of existing application-level protocol security.  For example, current security protections allow for the enforcement of specific ICCP protocol functions at the firewall perimeter.  With end-to-end encryption in use (e.g., Secure ICCP) the firewall will no longer be able to inspect ICCP packets and will lose the ability to reject unauthorized commands (e.g., control, write, etc.).

Chelan PUD, Segment(s) 5, 3, 1, 6, 11/13/2017

- 5 - 0

Aaron Austin, 12/5/2017

- 0 - 0

None

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

Tennessee Valley Authority, Segment(s) 1, 3, 5, 6, 9/1/2016

- 0 - 0

Per R1.3, may create a level of difficulty where “each Responsible Entity” will need to know each other’s “roles and responsibilities … for applying security protection(s)”. The intent should be to assure that protections are in place and not create an administrative burden just to audit this.  The use of the wording of “roles and responsibilities” does not support the cyber security protections that this Standard is trying to accomplish.  Different responsible Entities may not be willing to share their “security protections” with other Entities as this may create a security gap or at the least, letting others know what protections are in place.  When each Entity becomes compliant with this Standard, their plans will assure that protections are in place on “their end” of the data stream.  This will assure that protections, which is the intent of this Standard.

The NSRF recommends R1.3 to read:

“Identify each Responsible Entity for applying security protection to the transmission of Real-time Assessment and Real-time monitoring and control data between Control Centers, when the Control Centers are owned or operated by different Responsible Entities”.

This recommendation will assure that each Responsible Entity will know who is on “the other end” of their data stream, which supports data security and intent of this Standard.

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 6/14/2017

- 0 - 0

Donald Lock, 12/8/2017

- 0 - 0

FirstEnergy Corporation, Segment(s) 4, 1, 3, 5, 6, 4/11/2017

- 0 - 0

Please refer to NRECA comments.

Paul Huettl, 12/8/2017

- 0 - 0

The California ISO supports the comments of the IRC Security Working Group (SWG)

Richard Vine, 12/8/2017

- 0 - 0

Richard Jackson, U.S. Bureau of Reclamation, 1, 12/8/2017

- 0 - 0

PSEG REs, Segment(s) 5, 6, 3, 1, 11/2/2017

- 2 - 0

Glen Farmer, Avista - Avista Corporation, 5, 12/8/2017

- 0 - 0

TEC wishes to endorse the comment of the Edison Electric Institute.

Ronald Donahey, TECO - Tampa Electric Co., 3, 12/8/2017

- 0 - 0

The R1 VSL language does not accurately align with R1.  Dominion Energy recommends adding the “develop” portion of R1 to the VSL language as shown in the following example.

“The Responsible Entity failed to develop and document plan(s) for Requirement R1.”

In addition, the rationale developed by the SDT does not appear to have been included in the document or moved to any type of reference document.  The lack of any contextual documents creates a gap in understanding the intent of the SDT.  Coupled with the lack of approved Implementation Guidance, it is difficult to support the Requirements as written.

Dominion, Segment(s) 3, 5, 1, 4/6/2017

- 0 - 0

PPL NERC Registered Affiliates supports EEI’s comments regarding CIP-012-1 – Cyber Security – Communications between Control Centers: “While EEI does not have any specific objections to CIP-012-1 Requirements, Implementation Plan or the flexibility to meet the reliability objectives in a cost effective manner, we do note that the Proposed Reliability Standard lacks sufficient specificity (i.e., sufficient to stand on its own), without an endorsed Technical Rationale and Implementation Guidance.  Relative to the draft Implementation Guidance document, EEI notes that Industry will likely find it difficult to make any final judgements on the proposed Reliability Standard without the ERO Enterprise’s endorsement of the draft Implementation Guidance.  We trust that once the Proposed Reliability Standard gets closer to a final ballot, the ERO Enterprise will endorse the final draft of the Implementation Guidance in accordance with the Compliance Guidance Policy.  In the event that doesn’t occur, we fear the approval of this standard may be at risk.”

PPL NERC Registered Affiliates, Segment(s) 3, 1, 5, 6, 2/9/2017

- 0 - 0

The application of any security controls requires bilateral consent.  The first priority of Requirement 1 should be to identify the methods through with the Responsible Entity determines and identifies these security controls and documentation the Responsible Entity intends to utilize throughout this identification/determination process.  AZPS respectfully submits, for the SDT’s consideration, the following revision of Requirement 1 to address the above-referenced comments. 

Proposed Revision to CIP-012-1 R1: 

R1.1 Identification of methods and documentation through which the Responsible Entity will determine and identify security controls used to mitigate the risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring and control data while being transmitted between Control Centers, and roles and responsibilities for implementation when the Control Centers are owned or operated by different Responsible Entities; 

R1.2 Identification of security controls used to mitigate the risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring and control data while being transmitted between Control Centers; and

R1.3 Identification of demarcation point(s) where security controls is applied for transmitting Real-time Assessment and Real-time monitoring and control data between Control Centers. 

Vivian Moser, 12/8/2017

- 0 - 0

AE thanks the SDT for their hard work on a difficult topic and appreciates the SDT's outreach efforts.

Andrew Gallo, 12/8/2017

- 0 - 0

While some entities have raised a concern that encryption or other security efforts could impact availability and thus nullify the FERC mandate regarding availability, PNMR does not believe that such security measure can have a significant detrimental effect on availability if such measures are properly designed and implemented.  PNMR believes that this standard really addresses the Confidentiality and Integrity of sensitive BES data while TOP-001-4 addresses the Availability of such data between primary Control Centers.  Thus the standards are better ensuring all aspects of the Confidentiality-Integrity-Availability triad are addresses in some way.  All three aspects can be maintained in unison.  Implementing processes and procedures to address one aspect does not implicitly result in the absence or detriment of the other two.

Lynn Goldstein, 12/8/2017

- 0 - 0

Please refer to EEI's comments regarding the Proposed Reliability Standard currently lacking sufficient specificity (i.e. sufficient to stand on its own) without an endorsed Technical Rationale and Implementation Guidance.

Eleanor Ewry, 12/8/2017

- 0 - 0

(No additional comments)

Nicholas Lauriat, On Behalf of: Network and Security Technologies, , Segments 1

- 0 - 0

The SPP Standards Review Group proposes a few minor non-substantive edits to CIP-012-1 at Requirement R1 and Measurement M2. The edits will reference the term “plan(s)” and ensures consistent use of vernacular is used throughout the standard (see below for proposed language- in bold).

R1. The Responsible Entity shall develop one or more documented plan(s) to mitigate the risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring and control data while being transmitted between any Control Centers. This requirement excludes oral communications. The plan(s) shall include: [Violation Risk Factor: Medium] [Time Horizon: Operations Planning]

M2. Evidence may include, but is not limited to, documentation demonstrating implementation of the plan(s) developed pursuant to Requirement R1.

SPP Standards Review Group, Segment(s) 0, 12/10/2017

- 0 - 0

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

NRECA requests additional information on how the draft revised Control Center definition and the draft new CIP-12-1 will move forward after this comment period.  We believe they should move forward together in any next steps in the standard development process.  Currently, when reviewing the draft new CIP-12-1 it is unclear if the current approved Control Center definition or the draft revised Control Center definition is what the drafting team intends the reader to use. 

 

NRECA appreciates the efforts of the drafting team.

Barry Lawson, 12/11/2017

- 0 - 0

I support Andrew Gallo's Comments from Austin Energy.

W. Dwayne Preston, Austin Energy, 3, 12/11/2017

- 0 - 0

The Proposed Reliability Standard lacks sufficient specificity (i.e., sufficient to stand on its own), without an endorsed Technical Rationale and Implementation Guidance.  Relative to the draft Implementation Guidance document, MEC agrees with EEI that Industry will likely find it difficult to make any final judgments on the proposed Reliability Standard without NERC's endorsement of the draft Implementation Guidance.  We trust that once the Proposed Reliability Standard gets closer to a final ballot NERC will endorse the final draft of the Implementation Guidance.  In the event, that doesn't occur, we fear the approval of this standard may be at risk.

Terry Harbour, Berkshire Hathaway Energy - MidAmerican Energy Co., 1, 12/11/2017

- 0 - 0

SRP would like to thank the SDT for their efforts. This is an extremely difficult topic to handle and SRP appreciates all of the outreach the SDT has done.

Lona Calderon, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

N/A

Shannon Fair, On Behalf of: Shannon Fair, , Segments 1, 3, 5, 6

- 0 - 0

Support Terry Harbour comments (Berhshire Hathaway - MidAmerican Energy Company)

We don't see the reason for two requirements.

Implementation Guidance with approved ERO deference is essential for an affirmative ballot.

Annette Johnston, 12/11/2017

- 0 - 0

Oshani Pathirane, 12/11/2017

- 0 - 0

The VRF/VSL for proposed Requirement R2 should be revised to include a moderate and high VSL, similar to the proposed Requirement R1.  Implementation of the plan, but failure to implement one of the applicable parts of the plan should be Moderate VSL.  Implementation of the plan, but failure to implement two of the applicable parts should be High VSL.

As stated in Response to Question No. 1, the proposed Standard should not move into final ballot until the definition of Control Center has been finalized.

Lan Nguyen, On Behalf of: CenterPoint Energy Houston Electric, LLC, Texas RE, Segments 1

- 0 - 0

While Exelon does not have any specific objections to CIP-012-1 Requirements, Implementation Plan or the flexibility to meet the reliability objectives in a cost-effective manner, we do note that the Proposed Reliability Standard lacks sufficient specificity (i.e., sufficient to stand on its own), without an endorsed Technical Rationale and Implementation Guidance.  Relative to the draft Implementation Guidance document, Exelon notes that Industry will likely find it difficult to make any final judgments on the proposed Reliability Standard without NERC's endorsement of the draft Implementation Guidance.  We trust that once the Proposed Reliability Standard gets closer to a final ballot NERC will endorse the final draft of the Implementation Guidance. 

Daniel Gacek, Exelon, 1, 12/11/2017

- 0 - 0

Amy Casuscelli, On Behalf of: Xcel Energy, Inc. - MRO, WECC, SPP RE - Segments 1, 3, 5, 6

- 0 - 0

Laura Nelson, 12/11/2017

- 0 - 0

Texas RE appreciates the SDT’s efforts to better clarify the data protection obligations by establishing a requirement to create “demarcation points” between Control Centers.  In particular, Texas RE applauds the SDT’s amendment to recognize that communications between “any” Control Center should be protected.  However, while this injects clarity into the standard, it does not completely address Texas RE’s fundamental concerns with the proposed CIP-012 Standard language. 

 

As Texas RE noted previously, Texas RE remains concerned that the proposed CIP-012-1 Standard may result in confusion, particularly among Generation Operators with Control Centers subject to the standard regarding the scope of their compliance obligations or, alternatively, may inadvertently result in a significant reliability gap given the structure of the ERCOT market.  In ERCOT, generators do not communicate directly with the regional Reliability Coordinator (ERCOT).  Instead, generators are required to communicate through designated entities known as Qualified Scheduling Entities (QSEs).  In many instances, these QSEs are third-party entities.  Within the NERC regulatory construct, Generator Operators have delegated certain NERC compliance functions to these entities, including providing data used for Operational Planning Analysis, Real-time Assessments, and Real-time monitoring.  Critically, Generator Operators remain responsible for all compliance obligations associated with QSE activities in the ERCOT region. 

 

Texas RE continues to believe that CIP-012-1 must require Generator Operators possessing Control Centers to take steps to mitigate the risk of unauthorized data disclosures at every step along the communication chain between its Control Center and the ERCOT Control Center, including steps to protect this data at third-party intermediary QSEs.  Otherwise, the proposed draft of CIP-012-1 would result in a significant reliability gap as QSE communications links and data passing from the QSE to ERCOT could be potentially unsecure.  Given this fact, Generator Operators will likely need to take steps to ensure that their third-party QSEs have accorded designated sensitive data appropriate protections, which could in turn require incorporating such requirements into QSE agreements or other steps. 

 

Permitting Generator Operators to merely designate a demarcation point potentially permits such entities to unduly restrict their compliance obligations.  Generator Operators could set the demarcation point at their Control Center and the QSE.  As a result, data and communication links between the QSE and the ERCOT Control Center could potentially be excluded from CIP-012 protections, resulting in a fundamental reliability gap. 

 

Texas RE continues to recommend that the SDT clarify that communications between QSEs (or equivalent in other Regions) and the RC are subject to CIP-012-1 requirements and that Responsible Entities must take steps to address mitigate the risk of unauthorized data disclosures for these communications as well in order to ensure that Responsible Entities have sufficient notice of these compliance obligations.

Rachel Coyne, Texas Reliability Entity, Inc., 10, 12/11/2017

- 0 - 0

Jennifer Hohenshilt, Talen Energy Marketing, LLC, 6, 12/11/2017

- 0 - 0

Maryanne Darling-Reich, On Behalf of: Black Hills Corporation - WECC - Segments 1, 3, 5, 6

- 0 - 0

Jeanne Kurzynowski, On Behalf of: Consumers Energy Company - RF - Segments 1, 3, 4, 5

- 0 - 0

City Light would like to thank everyone for their efforts towards making this viable.

Seattle City Light Ballot Body, Segment(s) 1, 4, 6, 5, 3, 12/2/2016

- 0 - 0

- 0 - 0

Chantal Mazza, On Behalf of: Hydro-Qu?bec TransEnergie - NPCC - Segments 2

- 0 - 0

While EEI does not currently have any specific objections to CIP-012-1 Requirements, Implementation Plan or the flexibility to meet the reliability objectives in a cost-effective manner, we do note that the Proposed Reliability Standard lacks sufficient specificity (i.e., sufficient to stand on its own), without endorsed Technical Rationale and Implementation Guidance. 

Relative to the draft Implementation Guidance document, EEI notes that Industry will likely find it difficult to make any final judgements on the proposed Reliability Standard without the ERO Enterprise’s endorsement of the draft Implementation Guidance.  We trust that once the Proposed Reliability Standard gets closer to a final ballot, the ERO Enterprise will endorse the final draft of the Implementation Guidance in accordance with the Compliance Guidance Policy.  In the event, that doesn’t occur, the approval of this standard may be at risk.

Melanie Seader, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

- 0 - 0

While some entities have raised a concern that encryption or other security efforts could impact availability and thus nullify the FERC mandate regarding availability, PNMR does not believe that such security measure can have a significant detrimental effect on availability if such measures are properly designed and implemented.  PNMR believes that this standard really addresses the Confidentiality and Integrity of sensitive BES data while TOP-001-4 addresses the Availability of such data between primary Control Centers.  Thus the standards are better ensuring all aspects of the Confidentiality-Integrity-Availability triad are addresses in some way.  All three aspects can be maintained in unison.  Implementing processes and procedures to address one aspect does not implicitly result in the absence or detriment of the other two.

Laurie Williams, 12/11/2017

- 0 - 0

In the case of Medium and High Control Centers, if it is intended that communication be protected up to an EAP on the ESP and/or the PSP, then it is suggested that this demarcation point requirement should be clearly stated, possibly in an additional (sub-)requirement.

David Ramkalawan, 12/11/2017

- 0 - 0

FMPA, Segment(s) , 10/23/2017

- 0 - 0

Removal of the SDT’s Guidance and Technical Basis (GTB) from the Standard makes it difficult to 1) understand the intent and 2) evaluate this version. If the GTB is not restored, we recommend posting the GTB information simultaneous with the Standard.

Leonard Kula, Independent Electricity System Operator, 2, 12/11/2017

- 0 - 0

None.

Douglas Webb, 12/11/2017

- 0 - 0

larry brusseau, On Behalf of: Corn Belt Power Cooperative, , Segments 1

- 0 - 0

Comments: The SWG supports the objective-based requirements as written. The objective-based approach allows for Responsible Entities to select and implement the controls appropriate to their organization. 

Elizabeth Axson, 12/11/2017

- 0 - 0

If the demarcation point for communication is a CIP Cyber Asset, communication of this information and responsibilities between entities for R1.2 may require NDAs between entities.

Kevin Salsbury, On Behalf of: Berkshire Hathaway - NV Energy, , Segments 5

- 0 - 0

sean erickson, Western Area Power Administration, 1, 12/11/2017

- 0 - 0

Removal of the SDT’s Guidance and Technical Basis (GTB) from the Standard makes it difficult to 1) understand the intent and 2) evaluate this version. If the GTB is not restored, we recommend posting the GTB information simultaneous with the Standard.

RSC no Dominion and ISO-NE, Segment(s) 10, 2, 4, 5, 6, 7, 1, 3, 12/11/2017

- 0 - 0

None at this time.

DTE Energy - DTE Electric, Segment(s) 5, 4, 3, 2/27/2017

- 0 - 0

Comments: The SWG supports the objective-based requirements as written. The objective-based approach allows for Responsible Entities to select and implement the controls appropriate to their organization.

SRC + SWG , Segment(s) 2, 3, 1, 0, 10/30/2017

- 0 - 0

RoLynda Shumpert, On Behalf of: SCANA - South Carolina Electric and Gas Co., SERC, Segments 1, 3, 5, 6

- 0 - 0

There was a proposed revision to the definition of Control Center that was posted concurrently with the 1st posting of CIP-012-1. What is the status of that definition? Will both of these be Petitioned to FERC on the same filing? Could one get approved before the other?

Sergio Banuelos, On Behalf of: Tri-State G and T Association, Inc., MRO, WECC, Segments 1, 3, 5

- 0 - 0