This comment form is no longer interactive because the comment period is closed.

2016-02 Modifications to CIP Standards | CIP-012-1 Draft 4

Description:

Start Date: 05/18/2018
End Date: 07/03/2018

Associated Ballots:

Ballot Name Project Standard Pool Open Pool Close Voting Start Voting End
2016-02 Modifications to CIP Standards CIP-012-1 AB 4 ST 2016-02 Modifications to CIP Standards CIP-012-1 07/27/2017 08/25/2017 06/22/2018 07/03/2018

Filter:

Hot Answers

Lynn Goldstein, PNM Resources - Public Service Company of New Mexico, 1, 7/2/2018

- 0 - 0

The SPP Standards Review Group has a concern that the proposed Exemption will modify the current “Control Center” definition that potentially changes how High and Low impacts assets are evaluated. The review group is proposing some language (shown below) to help maintain consistency with the “Control Center” Definition and the proposed Exemption mentioned in the documentation. Additionally, the introduction of the term “Control System” as well as the diagrams and explanations in the rationale present complexity pertaining to the current process of identifying BES Cyber Systems. We would suggest that the drafting team remove the term “Control System” from all proposed language associated with this project.

Section 4.2.3. (Applicability Section –Standard)

BES generation resource or Transmission station or substation that transmits to a Control Center Real-time Assessment or Real-time monitoring data, such as RTU-style data, pertaining only to the generation resource or Transmission station or substation at which the data  transmitted is located.

SPP Standards Review Group, Segment(s) 2, 5, 4, 1, 3, 6, 7/2/2018

- 0 - 0

Other Answers

Steve Rose, On Behalf of: Steve Rose, , Segments 1, 3, 5

- 0 - 0

Thomas Foltz, AEP, 5, 6/15/2018

- 0 - 0

David Maier, On Behalf of: David Maier, , Segments 3

- 0 - 0

None.

Teresa Krabe, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

 SRP agrees with the principal of the exemption. However, SRP would like to see a revision of the language simplified in a fashion similar to how this question is constructed. "exempt Control Centers that only transmit data pertaining to a single-co-located substation or generation plant."

Russell Martin II, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

AECI, Segment(s) 1, 3, 6, 5, 4/30/2018

- 0 - 0

Aubrey Short, 6/25/2018

- 0 - 0

FirstEnergy Corporation, Segment(s) 4, 1, 3, 5, 6, 4/11/2017

- 0 - 0

The Technical Rationale document, in addressing this exemption, identifies the “intent” of this exemption which is to “exclude the normal RTU-style communication from a field asset about that field asset’s status from CIP-012”. This is commendable and the NSRF appreciates your identification of RTU-style communication as an exemption as it relates to the Control Center definition. The NSRF would like to point out that there are violations of Standards that have come down to discussions over intent.  The NSRF strongly suggests that the drafting team include the Technical Rationale intent for this exemption into the actual words of the exemption to avoid future misinterpretation of the exemption.  NSRF suggests the following for drafting team consideration, which also includes revisions for comments under #4 of this comment form:

           The NSRF recommends that the exemption reads as:

A Control Center at a BES generation resource or Transmission station or substation that transmits to another Control Center Real-time Assessment or Real-time monitoring data, such as RTU-style data,  pertaining only to the generation resource or Transmission station or substation at which the data transmitting transmitted Control Center is located.

Rationale:  The first use of “Control Center” implies that the exemption is for a Control Center to start with.  Where it is not a Control Center but a BES facility that transmits data, via an RTU (RTU was added since it plays a pivotal point of intent within the Technical Rational document).

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 7/19/2017

- 0 - 0

The exemption language of CIP-012-1 4.2.3 refers to real-time data derived from a single location at a generation or Transmission station. However, the Control Center term, as defined In the Proposed Definition of Control Center, items (3) and (4), refers to “two or more locations” for Transmission Operators and Generator Operators. They are conflicting one another and this could lead to misinterpretation and/or misapplication of the Standard’s protections. WECC believe clarity related to control Center vs. control room is necessary.

Steven Rueckert, Western Electricity Coordinating Council, 10, 6/28/2018

- 0 - 0

Language is very confusing. Based on Idaho Power’s understanding, this will eliminate smaller Control Centers but doesn't appear to have a large impact.

Laura Nelson, 6/28/2018

- 0 - 0

While Ameren supports the need for an Exemption for CIP-012-1, the exemption should be based on impact to reliable operations. We suggest modifying the proposed wording in 4.2.3 to provide the exemption for Low Impact Control Centers as defined in CIP-002, Attachment 1. If a Control Center regardless of its location meets the criteria for either a Medium Impact or High Impact facility then it should be protected appropriately.

David Jendras, On Behalf of: Ameren - Ameren Services, , Segments 1, 3, 6

- 0 - 0

Patricia Lynch, On Behalf of: Patricia Lynch, , Segments 5, 6

- 0 - 0

The Technical Rationale  document, in addressing this exemption, identifies the “intent” of this exemption which is to “exclude the normal RTU-style communication from a field asset about that field asset’s status from CIP-012”. This is commendable and the NSRF appreciates your identification of RTU-style communication as an exemption as it relates to the Control Center definition. The NSRF would like to point out that there are violations of Standards that have come down to discussion over intent; and the NSRF strongly suggests that the drafting team include the Technical Rationale intent for this exemption into the actual words of the exemption to avoid future misinterpretation of the exemption.  NSRF suggests the following for drafting team consideration, which also includes revisions for comments under #4 of this comment form:

 

              The NSRF recommends that the exemption reads as:

 

A Control Center at a BES generation resource or Transmission station or substation that transmits to a nother Control Center Real-time Assessment or Real-time monitoring

Aaron Smith, On Behalf of: Aaron Smith, , Segments 1, 3, 5, 6

- 0 - 0

Leonard Kula, Independent Electricity System Operator, 2, 6/29/2018

- 0 - 0

PacifiCorp agrees with the SDT providing the exemption language within the standard coupled with the clarification provided in the technical rationale document in the absence of revising the Control Center definition.  If additional edits to the exemption language changes the scope of what is covered in the final version or is the technical rationale is not ERO-endorsed prior to the final ballot, PacifiCorp may alter its final vote.  PAC understands that time and the SAR are obstacles for the SDT at this time, further development of the Control Center definition should be resolved before more standards regarding Control Centers are introduced.

Sandra Shaffer, 6/29/2018

- 0 - 0

David Ramkalawan, 6/29/2018

- 0 - 0

Michael Shaw, 6/29/2018

- 0 - 0

Reclamation does not support an exemption. Reclamation recommends that all Real-time Assessment and Real-time monitoring data be protected against the risk of unauthorized disclosure or modification.

Instead of exempting certain Control Centers, Reclamation recommends the SDT revise the Control Center definition to give consideration to the system-wide view a Control Center has versus the limited view held by Generator Operators as follows:

One or more BES facilities, including their associated Data Centers, that monitor and control the BES and also host System Operators who:

  1. perform the Real-time reliability-related tasks of a Reliability Coordinator; or

  2. perform the Real-time reliability-related tasks of a Balancing Authority; or

  3. perform the Real-time reliability-related tasks of a Transmission Operator for any BES Transmission Facilities; or

  4. can act independently as the Generator Operator to develop specific dispatch instructions for any BES generation Facilities; or

  5. can operate or direct the operation of a Transmission Owner’s BES Transmission Facilities in Real-time.

Section 4.2.3, as presently written, does not clearly explain why certain Control Centers would be exempted. If an exemption is provided, Reclamation recommends the SDT incorporate language from the Technical Rationale in the exemption to avoid future confusion (i.e., Control Center implies the exemption is for a Control Center, but the data may be transmitted by a BES facility such as an RTU).

Richard Jackson, U.S. Bureau of Reclamation, 1, 6/29/2018

- 0 - 0

Jeanne Kurzynowski, On Behalf of: CMS Energy - Consumers Energy Company - RF - Segments 1, 3, 4, 5

- 0 - 0

: FMPA agrees with the following comments submitted by MRO NSRF:

 The Technical Rationale document, in addressing this exemption, identifies the “intent” of this exemption which is to “exclude the normal RTU-style communication from a field asset about that field asset’s status from CIP-012”. This is commendable and the NSRF appreciates your identification of RTU-style communication as an exemption as it relates to the Control Center definition. The NSRF would like to point out that there are violations of Standards that have come down to discussions over intent.  The NSRF strongly suggests that the drafting team include the Technical Rationale intent for this exemption into the actual words of the exemption to avoid future misinterpretation of the exemption.  NSRF suggests the following for drafting team consideration, which also includes revisions for comments under #4 of this comment form:

The NSRF recommends that the exemption reads as:

A Control Center at a BES generation resource or Transmission station or substation that transmits to another Control Center Real-time Assessment or Real-time monitoring data, such as RTU-style data,  pertaining only to the generation resource or Transmission station or substation at which the data transmitting transmitted Control Center is located.

Rationale:  The first use of “Control Center” implies that the exemption is for a Control Center to start with.  Where it is not a Control Center but a BES facility that transmits data, via an RTU (RTU was added since it plays a pivotal point of intent within the Technical Rational document)

FMPA, Segment(s) , 10/23/2017

- 0 - 0

Kansas City Power and Light Company incorporates the Edison Electric Institute's response to Question No. 1.

Douglas Webb, 6/29/2018

- 0 - 0

FMPA agrees with the following comments submitted by MRO NSRF:

 The Technical Rationale document, in addressing this exemption, identifies the “intent” of this exemption which is to “exclude the normal RTU-style communication from a field asset about that field asset’s status from CIP-012”. This is commendable and the NSRF appreciates your identification of RTU-style communication as an exemption as it relates to the Control Center definition. The NSRF would like to point out that there are violations of Standards that have come down to discussions over intent.  The NSRF strongly suggests that the drafting team include the Technical Rationale intent for this exemption into the actual words of the exemption to avoid future misinterpretation of the exemption.  NSRF suggests the following for drafting team consideration, which also includes revisions for comments under #4 of this comment form:

           The NSRF recommends that the exemption reads as:

A Control Center at a BES generation resource or Transmission station or substation that transmits to another Control Center Real-time Assessment or Real-time monitoring data, such as RTU-style data,  pertaining only to the generation resource or Transmission station or substation at which the data transmitting transmitted Control Center is located.

Rationale:  The first use of “Control Center” implies that the exemption is for a Control Center to start with.  Where it is not a Control Center but a BES facility that transmits data, via an RTU (RTU was added since it plays a pivotal point of intent within the Technical Rational document)

Richard Montgomery, On Behalf of: Florida Municipal Power Agency, , Segments 3, 4, 5, 6

- 0 - 0

FMPA agrees with the following comments submitted by MRO NSRF:

 The Technical Rationale document, in addressing this exemption, identifies the “intent” of this exemption which is to “exclude the normal RTU-style communication from a field asset about that field asset’s status from CIP-012”. This is commendable and the NSRF appreciates your identification of RTU-style communication as an exemption as it relates to the Control Center definition. The NSRF would like to point out that there are violations of Standards that have come down to discussions over intent.  The NSRF strongly suggests that the drafting team include the Technical Rationale intent for this exemption into the actual words of the exemption to avoid future misinterpretation of the exemption.  NSRF suggests the following for drafting team consideration, which also includes revisions for comments under #4 of this comment form:

           The NSRF recommends that the exemption reads as:

A Control Center at a BES generation resource or Transmission station or substation that transmits to another Control Center Real-time Assessment or Real-time monitoring data, such as RTU-style data,  pertaining only to the generation resource or Transmission station or substation at which the data transmitting transmitted Control Center is located.

Rationale:  The first use of “Control Center” implies that the exemption is for a Control Center to start with.  Where it is not a Control Center but a BES facility that transmits data, via an RTU (RTU was added since it plays a pivotal point of intent within the Technical Rational document)

Carol Chinn, On Behalf of: Carol Chinn, , Segments 3, 4, 5, 6

- 0 - 0

FMPA agrees with the following comments submitted by MRO NSRF:

 The Technical Rationale document, in addressing this exemption, identifies the “intent” of this exemption which is to “exclude the normal RTU-style communication from a field asset about that field asset’s status from CIP-012”. This is commendable and the NSRF appreciates your identification of RTU-style communication as an exemption as it relates to the Control Center definition. The NSRF would like to point out that there are violations of Standards that have come down to discussions over intent.  The NSRF strongly suggests that the drafting team include the Technical Rationale intent for this exemption into the actual words of the exemption to avoid future misinterpretation of the exemption.  NSRF suggests the following for drafting team consideration, which also includes revisions for comments under #4 of this comment form:

           The NSRF recommends that the exemption reads as:

A Control Center at a BES generation resource or Transmission station or substation that transmits to another Control Center Real-time Assessment or Real-time monitoring data, such as RTU-style data,  pertaining only to the generation resource or Transmission station or substation at which the data transmitting transmitted Control Center is located.

Rationale:  The first use of “Control Center” implies that the exemption is for a Control Center to start with.  Where it is not a Control Center but a BES facility that transmits data, via an RTU (RTU was added since it plays a pivotal point of intent within the Technical Rational document)

Joe McKinney, On Behalf of: Joe McKinney, , Segments 3, 4, 5, 6

- 0 - 0

Comments: FMPA agrees with the following comments submitted by MRO NSRF:

 The Technical Rationale document, in addressing this exemption, identifies the “intent” of this exemption which is to “exclude the normal RTU-style communication from a field asset about that field asset’s status from CIP-012”. This is commendable and the NSRF appreciates your identification of RTU-style communication as an exemption as it relates to the Control Center definition. The NSRF would like to point out that there are violations of Standards that have come down to discussions over intent.  The NSRF strongly suggests that the drafting team include the Technical Rationale intent for this exemption into the actual words of the exemption to avoid future misinterpretation of the exemption.  NSRF suggests the following for drafting team consideration, which also includes revisions for comments under #4 of this comment form:

           The NSRF recommends that the exemption reads as:

A Control Center at a BES generation resource or Transmission station or substation that transmits to another Control Center Real-time Assessment or Real-time monitoring data, such as RTU-style data,  pertaining only to the generation resource or Transmission station or substation at which the data transmitting transmitted Control Center is located.

Rationale:  The first use of “Control Center” implies that the exemption is for a Control Center to start with.  Where it is not a Control Center but a BES facility that transmits data, via an RTU (RTU was added since it plays a pivotal point of intent within the Technical Rational document

Chris Gowder, On Behalf of: Florida Municipal Power Agency, , Segments 3, 4, 5, 6

- 0 - 0

MEC agrees with the SDT providing the exemption language in the applicability of the standard coupled with the explanation in the technical rationale document in the absence of revising the Control Center definition. If additional edits to the exemption language changes the scope of what is covered in the final version, MEC will change its vote on the final ballot. MEC understands that time and the SAR are obstacles for the SDT at this time, however, issues with the existing Control Center definition should be resolved before more standards regarding Control Centers are introduced.

Darnez Gresham, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 6/29/2018

- 0 - 0

Jeff Johnson, 6/29/2018

- 0 - 0

NV Energy agrees with the SDT providing the exemption language within the standard coupled with the clarification provided in the technical rationale document in the absence of revising the Control Center definition. 

Please note, that NV Energy may alter its vote, If additional edits to the exemption language changes the scope of what is covered in the final version or if the technical rationale is not ERO-endorsed prior to the final ballot.  NV Energy understands that a unknown expedited timeline and the original SAR are obstacles for the SDT at this time, and that this Standard will be approved in the near term, but we believe that further development of the Control Center definition should be resolved before more standards regarding Control Centers are introduced.

Kevin Salsbury, On Behalf of: Berkshire Hathaway - NV Energy, , Segments 5

- 0 - 0

Barry Lawson, 7/1/2018

- 0 - 0

The Exemption Language is ambiguous with regard to situations where an entity could have BES assets polling Non-BES data from other locations/facilities. 

Example 1:  Weather Data from remote locations.  No effect on generation but weather station is not physically at this facility. 

Example 2:  Operations of small hydro sites (under 10 mw) which are aggregated at the Low Impact BES facility but are located at other facilities. 

In this example, these Low Impact Control Centers are only identified as Control Centers because they have the Capability, NOT the Responsibility, to control another Low Impact BES site.  The capability is there so that technicians at one site can monitor alarms at the other Low Impact site.  But these sites are not staffed around the clock, and their function is not to perform operations at the other site. We suggest a clarification on the exemption language below. 

Current Language: 

A Control Center at a generation resource or Transmission station or substation that transmits to another Control Center Real-time Assessment or Real-time monitoring data pertaining only to the generation resource or Transmission station or substation at which the transmitting Control Center is located.

Language Suggestion: 

A Control Center at a generation resource or Transmission station or substation  where all of the BES data being transmitted to another Control Center, pertains to the generation resource or Transmission station or substation at which the transmitting Control Center is located.

This language is intended to prevent small sites with Non BES data coming from other locations from being unnecessarily included in the standard. 

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

ITC is concerned with the use of Control Center in the exemption and the confusion it may cause with the originally intended definition of Control Center.  ITC instead recommends the following language:

Exemption:

BES generation resource or Transmission station or substation that transmits Realtime monitoring or Assessment data to another Control Center, such as telemetry data, pertaining only to the generation resource or Transmission station.

Stephanie Burns, 7/2/2018

- 0 - 0

Please see comments submitted by Edison Electric Institute.

Steven Mavis, 7/2/2018

- 0 - 0

While Exelon supports the need for an Exemption for CIP-012-1, we have a concern that the language may still lack necessary clarity.  For this reason, we suggest language similar to the following:

4.2.3   A generating station, Transmission station or substation that is also a Control Center, but meets one of the following criteria:

      4.2.3.1   Aggregates and transmits Real-time Assessment and Real-time monitoring data from two or more Generation resource(s), Transmission station(s) and/or substation(s) but all aggregated data coming from these locations is contained within the same physical perimeter. (see Figure 1)

      4.2.3.2 Does not aggregate and transmit Real-time Assessment and Real-time monitoring data from a location outside the physical perimeter where it resides. (see Figure 2)

(See CIP 12 Figures.pdf)

 

Daniel Gacek, Exelon, 1, 7/2/2018

CIP 12 Figures.pdf

- 0 - 0

CenterPoint Energy Houston Electric, LLC (“CenterPoint Energy”) agrees with Edison Electric Institute’s (EEI) comments.

Eli Rivera, On Behalf of: Central Electric Cooperative, Inc. (Redmond, Oregon), Texas RE, Segments NA - Not Applicable

- 0 - 0

Please refer to MRO NERC Standards Review Forum (NSRF) comments.

- 0 - 0

RSC no Dominion, Segment(s) 10, 2, 4, 5, 7, 1, 3, 6, 0, 7/2/2018

- 0 - 0

Douglas Johnson, 7/2/2018

- 0 - 0

Under the current definition of Control Center per the NERC Glossary of terms, what qualifies as an associated data center is unclear (e.g., associated computer room, remote computer room, distributed front-end processor).

PPL NERC Registered Affiliates requests clarification regarding treatment of aggregation of SCADA data, in particular:

  • Please provide additional information and a diagram for the scope and exemptions for SCADA data from multiple substations to a remote computer room where data is aggregated at the remote computer room prior to transmitting to a data center that is associated with the Operations Center.
  • Please provide additional information and a diagram regarding communications scope of CIP-012-1 (e.g. SCADA data from various substation control buildings that are at a single location and communicating back via a network used for all substation communications back to head end computer room, aggregated and then sent to Data Center).

PPL NERC Registered Affiliates, Segment(s) 3, 1, 5, 6, 2/9/2017

- 0 - 0

James Anderson, 7/2/2018

- 0 - 0

While EEI supports the need for an Exemption for CIP-012-1, we are concerned that the language may still lack necessary clarity.  For this reason, we suggest language similar to the following:

4.2.3   A generating station, Transmission station or substation that is also a Control Center, but meets one of the following criteria:

      4.2.3.1   Aggregates and transmits Real-time Assessment and Real-time monitoring data from two or more Generation resource(s), Transmission station(s) and/or substation(s) but all aggregated data comes from locations that are contained within the same physical perimeter. (see EEI Figure 1)

      4.2.3.2 The Control Center does not aggregate and transmit Real-time Assessment and Real-time monitoring data from location(s) outside the physical perimeter where it resides. (see EEI Figure 2)

Andrea Koch, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

CIP 12 Figures.pdf

- 0 - 0

None

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

While the SDT believes the “integrity and availability of sensitive bulk electric system data”, as noted in FERC Order No. 822, paragraph 54, is addressed in R1, Texas RE notes the use of the term “or”: Identification of security protection used to mitigate the risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring and control data while being transmitted between Control Centers.  In its response, the SDT specifically referenced the Consideration of Issue or Directive document.  In that document, the SDT makes clear that entities may elect, solely at their discretion, to protect communications links, data, or both. 

Texas RE believes this directly conflicts with the plain language in FERC Order No. 822, P. 54.  FERC made it clear that protections should apply to both communication links and sensitive data.  However, the SDT has specified such protections could be potentially applied solely to communications links or sensitive data.  That is, the SDT has endorsed permitting responsible entities to simply elect to plan and implement physical protections for communications links.  This would “mitigate” the risk of an unauthorized disclosure or modification of data using one of the delineated methods.  As such, the responsible entity would potentially be compliant with the standard without proposing or implementing any logical protections for sensitive data during its transmission.  This appears counter to FERC’s intent to protect “both the integrity and availability of sensitive bulk electric system data.”  FERC Order No. 822, P. 54.  Texas RE maintains its recommendation to 1) change “or” to “and”; and 2) change the phrase risk of unauthorized disclosure or modification to integrity and availability of sensitive bulk electric system data.

Furthermore, Texas RE is also concerned with the SDT’s shortsighted approach to securing this type of data, which permits discretion around security matters that are not in controversy and are widely considered vulnerabilities that must be mitigated. This approach is also not consistent with the “defense in depth” philosophy, which is a fundamental aspect of cyber security domains. In other words, it is a more consistent with the defense in depth concept to mitigate the risk of unauthorized disclosure and modification for this data versus one without the other.

Additionally, since GO does not appear in the definition of Control Center, Texas RE suggests removing GO from the applicability section. 

Rachel Coyne, Texas Reliability Entity, Inc., 10, 7/2/2018

- 0 - 0

Santee Cooper, Segment(s) 1, 3, 5, 6, 7/2/2018

- 0 - 0

Martin Sidor, On Behalf of: NRG - NRG Energy, Inc., , Segments 5, 6

- 0 - 0

David Greyerbiehl, CMS Energy - Consumers Energy Company, 5, 7/2/2018

- 0 - 0

What about a similar Control Center that also receives data?

Marty Hostler, Northern California Power Agency, 4, 7/2/2018

- 0 - 0

What about a similar Control Center that also receives data?

Dennis Sismaet, Northern California Power Agency, 6, 7/2/2018

- 0 - 0

Southern Company supports the proposed exemption language.

Southern Company, Segment(s) 1, 3, 5, 6, 10/30/2017

- 0 - 0

Oncor supports EEI's comment.

Tho Tran, 7/2/2018

- 0 - 0

Quintin Lee, Eversource Energy, 1, 7/2/2018

- 0 - 0

The intent of the exclusion is a positive direction, but it needs re-worded for clarity. ACES is concerned that by identifying the facility as a NERC defined, Control Center, and not a NERC defined, Facility, it will have unintended consequences of being in scope to other standards that do not directly exempt it as a Control Center. 

 

ACES would support the following modification:

 

“A BES generation resource or Transmission station or substation that transmits Real-time Assessment or Real-time monitoring data via RTU to a Control Center, and the transmitted data pertains only to that generation resource or Transmission station or substation.”

Warren Cross, On Behalf of: ACES Power Marketing, MRO, WECC, Texas RE, SERC, Segments 1, 3, 4, 5

- 0 - 0

Adding the wording "within the same geographical location"  might help with the clarification of located

David Francis, On Behalf of: Midcontinent ISO, Inc. - MRO, SERC, RF - Segments 2

- 0 - 0

Hot Answers

Lynn Goldstein, PNM Resources - Public Service Company of New Mexico, 1, 7/2/2018

- 0 - 0

The SPP Standards Review Group has no issues with the language proposed, however, we would recommend that the SDT include an example pertaining to the under CIP Exceptional Circumstances in the Implementation Guidance Document.

SPP Standards Review Group, Segment(s) 2, 5, 4, 1, 3, 6, 7/2/2018

- 0 - 0

Other Answers

Steve Rose, On Behalf of: Steve Rose, , Segments 1, 3, 5

- 0 - 0

Thomas Foltz, AEP, 5, 6/15/2018

- 0 - 0

David Maier, On Behalf of: David Maier, , Segments 3

- 0 - 0

None

Teresa Krabe, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

SRP agrees the data should be protected. SRP also agrees the protections for the data in scope must ensure the data has not been modified, and that FERC directed NERC to “specify how the confidentiality, integrity, and availability of each type of bulk electric system data should be protected while it is being transmitted.” However, SRP takes exception to the extent the proposed standard requires the data in scope to be protected. FERC Order 822 states on page 36, “…we recognize that not all communication network components and data pose the same risk to bulk electric system reliability and may not require the same level of protection.” However, the proposed standard applies the same criteria of protection against unauthorized disclosure across all of the data within the defined scope. SRP does not agree viewing of the Real-time Assessment and Real-time monitoring and control data without context will decrease the reliable operation of the BES and asserts confidentiality does not need to be protected for all data under this scope. Along with this, SRP would like a clarification of how the SDT defines Real-Time Assessment Data.

Additionally, SRP recognizes the SDT is not specifying the controls used to protect confidentiality and integrity. However, the only method available to achieve the proposed required objective is to implement encryption. FERC Order 822 states on page 39, “it is reasonable to conclude that any lag in communication speed resulting from implementation of protections [encryption technologies] should only be measureable on the order of milliseconds and, therefore, will not adversely impact Control Center communications,” but SRP asserts this statement only refers to a single data stream. It is unknown what encryption will do when dealing with multiple data streams being transmitted at once, from one to many points, not only to the latency added for the reliable operation of the BES, but also to the computing resources

Russell Martin II, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

AECI and members of the AECI group are supportive of the comments provided by NRECA.

AECI, Segment(s) 1, 3, 6, 5, 4/30/2018

- 0 - 0

Aubrey Short, 6/25/2018

- 0 - 0

FirstEnergy Corporation, Segment(s) 4, 1, 3, 5, 6, 4/11/2017

- 0 - 0

The NSRF has the following three concerns and the double jeopardy of noncompliance with R1 and part 1.3. 

Concern one (1); R1 states “The Responsible Entity shall implement …” where the Responsible Entity is noted within section 4.1, Functional Entities.  So, each BA, GOP, GO, RC, TOP and TO shall implement a documented plan (s) to mitigate the risk of unauthorized disclosure or modification of Real-time Assessments and Real-time monitoring data.  Part 1.3 states that “If the Control Centers are owned or operated by different Responsible Entities” which they will be (unless there is a vertically integrated Entity), those different Entities already need to satisfy R1 since they are in section 4.1.  This part 1.3 is redundant and is recommended to be removed. 

Concern two (2); R1.3 states “… identify the responsibilities…” this identification of responsibilities is ambiguous as each Entity can only identify their own responsibilities to “mitigate the risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring data…” per R1.  In essence, just repeating the words within R1 is not enhancing system reliability by any means.   Recommended to be removed for this concern.

Concern three (3) is similar to concern 1, where one Entity needs to identify the other Entity which will be a different entity (unless they are a vertically integrated Entity); those different Entities already need to satisfy R1 since they are in section 4.1.  This part 1.3 is redundant and is recommended to be removed. 

The NSRF recommends that part 1.3 be deleted in its entirety as all Functional Entities will be required to satisfy R1 and part 1.1 and 1.2.

The NSRF agrees with adding “except under CIP Exceptional Circumstances” in R1.

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 7/19/2017

- 0 - 0

Steven Rueckert, Western Electricity Coordinating Council, 10, 6/28/2018

- 0 - 0

It is always good to include exceptions for unforeseen circumstances and emergencies.

Laura Nelson, 6/28/2018

- 0 - 0

David Jendras, On Behalf of: Ameren - Ameren Services, , Segments 1, 3, 6

- 0 - 0

Patricia Lynch, On Behalf of: Patricia Lynch, , Segments 5, 6

- 0 - 0

Comments: The NSRF has the following three concerns and the double jeopardy of noncompliance with R1 and part 1.3. 

 

Concern one (1); R1 states “The Responsible Entity shall implement …” where the Responsible Entity is noted within section 4.1, Functional Entities.  So, each BA, GOP, GO, RC, TOP and TO shall implement a documented plan (s) to mitigate the risk of unauthorized disclosure or modification of Real-time Assessments and Real-time monitoring data.  Then in part 1.3 it states that “If the Control Centers are owned or operated by different Responsible Entities” which they will be (unless there is a vertically integrated Entity), those different Entities already need to satisfy R1 since they are in section 4.1.  This part 1.3 is redundant and is recommended to be removed. 

 

Concern two (2); R1.3 states “… identify the responsibilities…” this identification of responsibilities is ambiguous as each Entity can only identify their own responsibilities to “mitigate the risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring data…” per R1.  In essence, just repeating the words within R1 is not enhancing system reliability by any means.   Recommended to be removed for this concern.

 

Concern three (3) is similar to concern 1, where one Entity needs to identify the other Entity  which will be a different entity (unless they are a vertically integrated Entity); those different Entities already need to satisfy R1 since they are in section 4.1.  This part 1.3 is redundant and is recommended to be removed. 

 

The NSRF recommends that part 1.3 be deleted in its entirety as all Functional Entities will be required to satisfy R1 and part 1.1 and 1.2.

 

The NSRF agrees with adding “except under CIP Exceptional Circumstances” in R1.

Aaron Smith, On Behalf of: Aaron Smith, , Segments 1, 3, 5, 6

- 0 - 0

Leonard Kula, Independent Electricity System Operator, 2, 6/29/2018

- 0 - 0

PacifiCorp agrees with the requirement based on the newly introduced paragraph in the Implementation Guidance, “Where the operational obligations of an entire communication link, including both endpoints, belong to the Control Center of another Responsible Entity, the Responsible Entity without operational obligations for the communication link may demonstrate compliance by ensuring the communications link endpoint is within its Control Center, which could be limited to including the communication link endpoint within a PSP.” PacifiCorp would like the following edit added “or where other physical protections are applied.” PacifiCorp feels that this will allow entities flexibility where the devices that perform this are located within its location.  PacifiCorp also likes the VPN examples provided. If the newly introduced paragraph or the VPN example are removed or if the implementation guidance is not ERO-endorsed prior to the final ballot, PacifiCorp may alter its final vote.

Sandra Shaffer, 6/29/2018

- 0 - 0

David Ramkalawan, 6/29/2018

- 0 - 0

Michael Shaw, 6/29/2018

- 0 - 0

It is not clear how a CIP Exceptional Circumstance would impact the mitigation of the risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring data; therefore, Reclamation asserts that an exception for CIP Exceptional Circumstances is not necessary.

Richard Jackson, U.S. Bureau of Reclamation, 1, 6/29/2018

- 0 - 0

Jeanne Kurzynowski, On Behalf of: CMS Energy - Consumers Energy Company - RF - Segments 1, 3, 4, 5

- 0 - 0

FMPA agrees with the below comments submitted by the NSRF:

The NSRF has the following three concerns and the double jeopardy of noncompliance with R1 and part 1.3. 

Concern one (1); R1 states “The Responsible Entity shall implement …” where the Responsible Entity is noted within section 4.1, Functional Entities.  So, each BA, GOP, GO, RC, TOP and TO shall implement a documented plan (s) to mitigate the risk of unauthorized disclosure or modification of Real-time Assessments and Real-time monitoring data.  Part 1.3 states that “If the Control Centers are owned or operated by different Responsible Entities” which they will be (unless there is a vertically integrated Entity), those different Entities already need to satisfy R1 since they are in section 4.1.  This part 1.3 is redundant and is recommended to be removed. 

Concern two (2); R1.3 states “… identify the responsibilities…” this identification of responsibilities is ambiguous as each Entity can only identify their own responsibilities to “mitigate the risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring data…” per R1.  In essence, just repeating the words within R1 is not enhancing system reliability by any means.   Recommended to be removed for this concern.

Concern three (3) is similar to concern 1, where one Entity needs to identify the other Entity which will be a different entity (unless they are a vertically integrated Entity); those different Entities already need to satisfy R1 since they are in section 4.1.  This part 1.3 is redundant and is recommended to be removed. 

The NSRF recommends that part 1.3 be deleted in its entirety as all Functional Entities will be required to satisfy R1 and part 1.1 and 1.2.

The NSRF agrees with adding “except under CIP Exceptional Circumstances” in R1

FMPA, Segment(s) , 10/23/2017

- 0 - 0

Douglas Webb, 6/29/2018

- 0 - 0

FMPA agrees with the below comments submitted by the NSRF:

 

The NSRF has the following three concerns and the double jeopardy of noncompliance with R1 and part 1.3. 

Concern one (1); R1 states “The Responsible Entity shall implement …” where the Responsible Entity is noted within section 4.1, Functional Entities.  So, each BA, GOP, GO, RC, TOP and TO shall implement a documented plan (s) to mitigate the risk of unauthorized disclosure or modification of Real-time Assessments and Real-time monitoring data.  Part 1.3 states that “If the Control Centers are owned or operated by different Responsible Entities” which they will be (unless there is a vertically integrated Entity), those different Entities 

already need to satisfy R1 since they are in section 4.1.  This part 1.3 is redundant and is recommended to be removed. 

Concern two (2); R1.3 states “… identify the responsibilities…” this identification of responsibilities is ambiguous as each Entity can only identify their own responsibilities to “mitigate the risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring data…” per R1.  In essence, just repeating the words within R1 is not enhancing system reliability by any means.   Recommended to be removed for this concern.

Concern three (3) is similar to concern 1, where one Entity needs to identify the other Entity which will be a different entity (unless they are a vertically integrated Entity); those different Entities already need to satisfy R1 since they are in section 4.1.  This part 1.3 is redundant and is recommended to be removed. 

The NSRF recommends that part 1.3 be deleted in its entirety as all Functional Entities will be required to satisfy R1 and part 1.1 and 1.2.

The NSRF agrees with adding “except under CIP Exceptional Circumstances” in R1.

Richard Montgomery, On Behalf of: Florida Municipal Power Agency, , Segments 3, 4, 5, 6

- 0 - 0

: FMPA agrees with the below comments submitted by the NSRF:

 

The NSRF has the following three concerns and the double jeopardy of noncompliance with R1 and part 1.3. 

Concern one (1); R1 states “The Responsible Entity shall implement …” where the Responsible Entity is noted within section 4.1, Functional Entities.  So, each BA, GOP, GO, RC, TOP and TO shall implement a documented plan (s) to mitigate the risk of unauthorized disclosure or modification of Real-time Assessments and Real-time monitoring data.  Part 1.3 states that “If the Control Centers are owned or operated by different Responsible Entities” which they will be (unless there is a vertically integrated Entity), those different Entities 

already need to satisfy R1 since they are in section 4.1.  This part 1.3 is redundant and is recommended to be removed. 

Concern two (2); R1.3 states “… identify the responsibilities…” this identification of responsibilities is ambiguous as each Entity can only identify their own responsibilities to “mitigate the risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring data…” per R1.  In essence, just repeating the words within R1 is not enhancing system reliability by any means.   Recommended to be removed for this concern.

Concern three (3) is similar to concern 1, where one Entity needs to identify the other Entity which will be a different entity (unless they are a vertically integrated Entity); those different Entities already need to satisfy R1 since they are in section 4.1.  This part 1.3 is redundant and is recommended to be removed. 

The NSRF recommends that part 1.3 be deleted in its entirety as all Functional Entities will be required to satisfy R1 and part 1.1 and 1.2.

The NSRF agrees with adding “except under CIP Exceptional Circumstances” in R1.

Carol Chinn, On Behalf of: Carol Chinn, , Segments 3, 4, 5, 6

- 0 - 0

: FMPA agrees with the below comments submitted by the NSRF:

 

The NSRF has the following three concerns and the double jeopardy of noncompliance with R1 and part 1.3. 

Concern one (1); R1 states “The Responsible Entity shall implement …” where the Responsible Entity is noted within section 4.1, Functional Entities.  So, each BA, GOP, GO, RC, TOP and TO shall implement a documented plan (s) to mitigate the risk of unauthorized disclosure or modification of Real-time Assessments and Real-time monitoring data.  Part 1.3 states that “If the Control Centers are owned or operated by different Responsible Entities” which they will be (unless there is a vertically integrated Entity), those different Entities 

already need to satisfy R1 since they are in section 4.1.  This part 1.3 is redundant and is recommended to be removed. 

Concern two (2); R1.3 states “… identify the responsibilities…” this identification of responsibilities is ambiguous as each Entity can only identify their own responsibilities to “mitigate the risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring data…” per R1.  In essence, just repeating the words within R1 is not enhancing system reliability by any means.   Recommended to be removed for this concern.

Concern three (3) is similar to concern 1, where one Entity needs to identify the other Entity which will be a different entity (unless they are a vertically integrated Entity); those different Entities already need to satisfy R1 since they are in section 4.1.  This part 1.3 is redundant and is recommended to be removed. 

The NSRF recommends that part 1.3 be deleted in its entirety as all Functional Entities will be required to satisfy R1 and part 1.1 and 1.2.

The NSRF agrees with adding “except under CIP Exceptional Circumstances” in R1.

Joe McKinney, On Behalf of: Joe McKinney, , Segments 3, 4, 5, 6

- 0 - 0

: FMPA agrees with the below comments submitted by the NSRF:

 

The NSRF has the following three concerns and the double jeopardy of noncompliance with R1 and part 1.3. 

Concern one (1); R1 states “The Responsible Entity shall implement …” where the Responsible Entity is noted within section 4.1, Functional Entities.  So, each BA, GOP, GO, RC, TOP and TO shall implement a documented plan (s) to mitigate the risk of unauthorized disclosure or modification of Real-time Assessments and Real-time monitoring data.  Part 1.3 states that “If the Control Centers are owned or operated by different Responsible Entities” which they will be (unless there is a vertically integrated Entity), those different Entities 

already need to satisfy R1 since they are in section 4.1.  This part 1.3 is redundant and is recommended to be removed. 

Concern two (2); R1.3 states “… identify the responsibilities…” this identification of responsibilities is ambiguous as each Entity can only identify their own responsibilities to “mitigate the risk of unauthorized disclosure or modification of Real-time Assessment and Real-time monitoring data…” per R1.  In essence, just repeating the words within R1 is not enhancing system reliability by any means.   Recommended to be removed for this concern.

Concern three (3) is similar to concern 1, where one Entity needs to identify the other Entity which will be a different entity (unless they are a vertically integrated Entity); those different Entities already need to satisfy R1 since they are in section 4.1.  This part 1.3 is redundant and is recommended to be removed. 

The NSRF recommends that part 1.3 be deleted in its entirety as all Functional Entities will be required to satisfy R1 and part 1.1 and 1.2.

The NSRF agrees with adding “except under CIP Exceptional Circumstances” in R1.

Chris Gowder, On Behalf of: Florida Municipal Power Agency, , Segments 3, 4, 5, 6

- 0 - 0

MEC agrees with the requirement based on the newly introduced sentence in the Implementation Guidance, “Where the operational obligations of an entire communication link, including both endpoints, belong to the Control Center of another Responsible Entity, the Responsible Entity without operational obligations for the communication link may demonstrate compliance by ensuring the communications link endpoint is within its Control Center, which could be limited to including the communication link endpoint within a PSP.” MEC would like the following edit added “or where other physical protections are applied.” This will provide more flexibility for entities. MEC also likes the VPN example provided. Inclusion of the newly introduced sentence, the VPN example and ERO-endorsement of the implementation guidance are needed in the final version for MEC to vote yes on the final ballot.

Darnez Gresham, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 6/29/2018

- 0 - 0

Jeff Johnson, 6/29/2018

- 0 - 0

NV Energy agrees with the requirement based on the newly introduced paragraph in the Implementation Guidance, “Where the operational obligations of an entire communication link, including both endpoints, belong to the Control Center of another Responsible Entity, the Responsible Entity without operational obligations for the communication link may demonstrate compliance by ensuring the communications link endpoint is within its Control Center, which could be limited to including the communication link endpoint within a PSP.”

NV Energy would like the following edit added “or where other physical protections are applied.” NV Energy believes that this will allow entities flexibility where their devices that perform this function are located within its location.  NV Energy believes the VPN examples provided are necessary and should remain within the Guidance document. If the newly introduced paragraph or the VPN example are removed or if the implementation guidance is not ERO-endorsed prior to the final ballot, NV Energy may alter its final vote.

Kevin Salsbury, On Behalf of: Berkshire Hathaway - NV Energy, , Segments 5

- 0 - 0

NRECA supports the modified R1; however, we request that the SDT provide clarification on why R1.3 is needed, especially when  R1, R1.1 and R1.2 seem to have an overlap in what is required with R1.3.  With a clarification on the need for R1.3, NRECA believes that will help registered entities to better understand why R1.3 is necessary.  With this clarification, it may not be necessary to  remove R1.3.

Barry Lawson, 7/1/2018

- 0 - 0

Duke Energy agrees with the proposed revision.

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

Stephanie Burns, 7/2/2018

- 0 - 0

Steven Mavis, 7/2/2018

- 0 - 0

Exelon supports the Requirement 1 revisions.  Exelon also supports the flexibility provided by Requirement 1; however, there are many different approaches to mitigating the risk of unauthorized disclosure or modification of data in transit. Additional guidance that explores various approaches and evaluates their effectiveness in mitigating risk may be helpful before entities make implementation investments for CIP-012-1.

Daniel Gacek, Exelon, 1, 7/2/2018

- 0 - 0

CenterPoint Energy Houston Electric, LLC (“CenterPoint Energy”) agrees with Edison Electric Institute’s (EEI) comments.

Eli Rivera, On Behalf of: Central Electric Cooperative, Inc. (Redmond, Oregon), Texas RE, Segments NA - Not Applicable

- 0 - 0

Please refer to MRO NERC Standards Review Forum (NSRF) comments.

- 0 - 0

Is <<Real-time monitoring data>> the same as operational data? Operational data is in other Standards

RSC no Dominion, Segment(s) 10, 2, 4, 5, 7, 1, 3, 6, 0, 7/2/2018

- 0 - 0

Douglas Johnson, 7/2/2018

- 0 - 0

PPL NERC Registered Affiliates, Segment(s) 3, 1, 5, 6, 2/9/2017

- 0 - 0

James Anderson, 7/2/2018

- 0 - 0

EEI supports the Requirement 1 revisions.  EEI also supports the flexibility provided by Requirement 1; however, there are many different approaches to mitigating the risk of unauthorized disclosure or modification of data in transit. Additional guidance that explores various approaches and evaluates their effectiveness in mitigating risk may be helpful before entities make implementation investments for CIP-012-1.

Andrea Koch, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

None

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

Texas RE does not have comments on this question.

Rachel Coyne, Texas Reliability Entity, Inc., 10, 7/2/2018

- 0 - 0

Santee Cooper, Segment(s) 1, 3, 5, 6, 7/2/2018

- 0 - 0

Martin Sidor, On Behalf of: NRG - NRG Energy, Inc., , Segments 5, 6

- 0 - 0

David Greyerbiehl, CMS Energy - Consumers Energy Company, 5, 7/2/2018

- 0 - 0

This is too prescriptive and unnecessary.  IRO-010-2 R3.3 and TOP-003-3 R5.3 already provide reliability assurance requirements for RCs, BAs, GOs, GOPs, TOPs, TOs, and DPs.  Additionally, NERC has a Standards Efficiency Initiative underway to get rid of standards and requirements such as CIP-012-1 and its' requirement 1.

Marty Hostler, Northern California Power Agency, 4, 7/2/2018

- 0 - 0

This is too prescriptive and unnecessary.  IRO-010-2 R3.3 and TOP-003-3 R5.3 already provide reliability assurance requirements for RCs, BAs, GOs, GOPs, TOPs, TOs, and DPs.  Additionally, NERC has a Standards Efficiency Initiative underway to get rid of standards and requirements such as CIP-012-1 and its' requirement 1.

Dennis Sismaet, Northern California Power Agency, 6, 7/2/2018

- 0 - 0

Southern Company supports the proposed revisions. 

Southern Company, Segment(s) 1, 3, 5, 6, 10/30/2017

- 0 - 0

Oncor supports EEI's comment.

Tho Tran, 7/2/2018

- 0 - 0

Quintin Lee, Eversource Energy, 1, 7/2/2018

- 0 - 0

ACES supports the modified R1. 

Warren Cross, On Behalf of: ACES Power Marketing, MRO, WECC, Texas RE, SERC, Segments 1, 3, 4, 5

- 0 - 0

Adding that statement clarifies the excludes meaning

David Francis, On Behalf of: Midcontinent ISO, Inc. - MRO, SERC, RF - Segments 2

- 0 - 0

Hot Answers

While it will take less time for entities to implement intra-entity solutions, it will take time for inter-entity solutions to be drafted and agreed upon.  Since both entities will need to agree on not just implementing a technical solution (e.g. IPSec, Secure ICCP), but how to maintain it (e.g. cryptography key management).

Lynn Goldstein, PNM Resources - Public Service Company of New Mexico, 1, 7/2/2018

- 0 - 0

SPP Standards Review Group, Segment(s) 2, 5, 4, 1, 3, 6, 7/2/2018

- 0 - 0

Other Answers

Steve Rose, On Behalf of: Steve Rose, , Segments 1, 3, 5

- 0 - 0

Thomas Foltz, AEP, 5, 6/15/2018

- 0 - 0

David Maier, On Behalf of: David Maier, , Segments 3

- 0 - 0

None

Teresa Krabe, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

Overall, SRP does not agree with twenty-four (24) calendar months for the implementation of Requirements R1, as R1 and R2 from the second draft have been merged. Although SRP recognizes the SDT is not specifying the controls to be used to protect confidentiality and integrity, the only examples provided in the implementation guidance includes encryption. If there are other methods available to achieve the security objective, SRP asks the SDT to provide them. However, the only method available to achieve the proposed required objective, on the ICCP network, is to implement encryption. As FERC order 822 states on page 37, “if several registered entities have joint responsibility for a cryptographic key management system used between their respective Control Centers, they should have the prerogative to come to a consensus on which organization administers that particular key management system.” Furthermore, the FERC order states on page 38, “While responsible entities are required to exchange real-time and operational planning data necessary to operate the bulk electric system using mutually agreeable security protocols, there is no technical specification for how this transfer of information should incorporate mandatory security controls.” These are activities and specifications that must be created and agreed upon by all registered entities involved in the data transfer. As such the timeline is reliant on registered entities working together on a common solution and would not be achievable within 24 calendar months.

Additionally, if encryption fails, SRP would lose Real-time Assessment and Real-time monitoring and control data. There are many opportunities for encryption to fail that must be addressed. The implementation of encryption requires a pilot to truly understand and address the mechanisms of failure, the impacts encryption would cause on the exchange of the data, and the computing resources required. A pilot also requires a great amount of coordination to execute, not only within the industry, but may also include carriers, vendors, and possibly third-party encryption key program managers.

Because of the aforementioned reasons and concerns, SRP is recommending a phased implementation for CIP-012-1. A 24 month implementation is appropriate, but only for Requirement R1. The 24 months for R1 would provide time to coordinate and create an industry-wide solution. SRP is proposing the SDT include an additional 12 months for the plan implementation aspect of Requirement R1. The additional 12 months would be used for a pilot and course correction if needed, in addition to understanding, formulating, and executing maintenance strategies.

Russell Martin II, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

AECI, Segment(s) 1, 3, 6, 5, 4/30/2018

- 0 - 0

Aubrey Short, 6/25/2018

- 0 - 0

FirstEnergy Corporation, Segment(s) 4, 1, 3, 5, 6, 4/11/2017

- 0 - 0

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 7/19/2017

- 0 - 0

WECC believes the Implementation Plan of 24 months is unnecessary and the standard 18-month Implementation Plan should suffice. However, if the clarification sought in question 1 above is provided, WECC would not vote NO solely based on the length of the Implementation Plan. 

Steven Rueckert, Western Electricity Coordinating Council, 10, 6/28/2018

- 0 - 0

The implementation plan is agreeable for a new CIP requirement to provide ample time to evaluate the impact and prepare the appropriate controls and procedures.

Laura Nelson, 6/28/2018

- 0 - 0

Ameren supports the proposed twenty-four (24) month implementation plan due to the complexity of securing control center to control center communications, which will require significant external coordination, procurement and installation of new technology and processes, legal reviews, and training.

Technical challenges to implementing the standard will also be significant. For example, entities may deploy Secure ICCP as their CIP-012-1 solution. The Pacific Northwest National Laboratory’s (“PNNL”) June 2017 report, “Secure ICCP,” identifies technical and other challenges for entities implementing secure ICCP (e.g., limited industry experience, documentation, support, difficulties with software upgrades and patching). The PNNL report is available at: https://www.pnnl.gov/main/publications/external/technical_reports/PNNL-26729.pdf.

While these issues are not insurmountable they will take time, and should not be inappropriately rushed. 

David Jendras, On Behalf of: Ameren - Ameren Services, , Segments 1, 3, 6

- 0 - 0

Patricia Lynch, On Behalf of: Patricia Lynch, , Segments 5, 6

- 0 - 0

Aaron Smith, On Behalf of: Aaron Smith, , Segments 1, 3, 5, 6

- 0 - 0

Leonard Kula, Independent Electricity System Operator, 2, 6/29/2018

- 0 - 0

Sandra Shaffer, 6/29/2018

- 0 - 0

David Ramkalawan, 6/29/2018

- 0 - 0

Michael Shaw, 6/29/2018

- 0 - 0

None

Richard Jackson, U.S. Bureau of Reclamation, 1, 6/29/2018

- 0 - 0

Jeanne Kurzynowski, On Behalf of: CMS Energy - Consumers Energy Company - RF - Segments 1, 3, 4, 5

- 0 - 0

FMPA, Segment(s) , 10/23/2017

- 0 - 0

Douglas Webb, 6/29/2018

- 0 - 0

Richard Montgomery, On Behalf of: Florida Municipal Power Agency, , Segments 3, 4, 5, 6

- 0 - 0

Carol Chinn, On Behalf of: Carol Chinn, , Segments 3, 4, 5, 6

- 0 - 0

Joe McKinney, On Behalf of: Joe McKinney, , Segments 3, 4, 5, 6

- 0 - 0

Chris Gowder, On Behalf of: Florida Municipal Power Agency, , Segments 3, 4, 5, 6

- 0 - 0

Darnez Gresham, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 6/29/2018

- 0 - 0

Jeff Johnson, 6/29/2018

- 0 - 0

With any Standard that provides multiple iterations for proving compliance, a longer timeline is necessary, and we support a 24 month window for implementation.

Kevin Salsbury, On Behalf of: Berkshire Hathaway - NV Energy, , Segments 5

- 0 - 0

Barry Lawson, 7/1/2018

- 0 - 0

Duke Energy disagrees that twenty-four calendar (24) months is enough time for implementation. We reiterate our previous comment and suggest a staggered implementation plan for CIP-012 specifically concerning coordination with neighboring entities. We consider it possible for an entity to gather necessary data, convening of internal work groups, and drafting of security protection plans in the proposed 24 month Implementation Plan. However, we feel that the coordination with other entities that will be necessary for R1.3 will take longer than the proposed 24 months, especially with internal work already taking place. We recommend the drafting team consider a staggered implementation plan for internal work (18 months) compared to external coordination work (36 months). When considering coordination/testing with neighboring entities, possible equipment upgrades/lead times that could ensue, we feel that additional time above the proposed 24-month Implementation Plan is warranted.

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

Stephanie Burns, 7/2/2018

- 0 - 0

Steven Mavis, 7/2/2018

- 0 - 0

Exelon supports the proposed twenty-four (24) month implementation plan due to the complexity of securing control center to control center communications, which will require significant external coordination, procurement and installation of new technology and processes, legal reviews, and training.

Daniel Gacek, Exelon, 1, 7/2/2018

- 0 - 0

Eli Rivera, On Behalf of: Central Electric Cooperative, Inc. (Redmond, Oregon), Texas RE, Segments NA - Not Applicable

- 0 - 0

- 0 - 0

Considering the complexity, it is estimated that 36 calendar months would be required to comply.

RSC no Dominion, Segment(s) 10, 2, 4, 5, 7, 1, 3, 6, 0, 7/2/2018

- 0 - 0

Douglas Johnson, 7/2/2018

- 0 - 0

PPL NERC Registered Affiliates, Segment(s) 3, 1, 5, 6, 2/9/2017

- 0 - 0

James Anderson, 7/2/2018

- 0 - 0

EEI supports the proposed twenty-four (24) month implementation plan due to the complexity of securing control center to control center communications, which will require significant external coordination, procurement and installation of new technology and processes, legal reviews, and training.

Technical challenges to implementing the standard will also be significant. For example, entities may deploy Secure ICCP as their CIP-012-1 solution. The Pacific Northwest National Laboratory’s (“PNNL”) June 2017 report, “Secure ICCP,” identifies technical and other challenges for entities implementing secure ICCP (e.g., limited industry experience, documentation, limited user community, support, difficulties with software upgrades and patching).  The report details the implementation of Secure ICCP using the same EMS vendor software.  Similar installations using different or comingled EMS vendor software may prove to be even more challenging.  The PNNL report is available at: https://www.pnnl.gov/main/publications/external/technical_reports/PNNL-26729.pdf.

In order to ensure there is sufficient time to address such reliability and compliance issues, EEI supports NERC’s proposed twenty-four (24) month implementation plan.

Andrea Koch, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

BPA agrees with the intent of the FERC Directive. BPA is concerned about the proposed solution and its implementation timeline.

BPA requests that the SDT incorporate a pilot project to validate the proposed solution; is designed to address the FERC directive. Additionally, BPA requests the implementation timeframe to be extended to a 36 month phased implementation timeline; to begin upon successful completion of the pilot project.  The industry needs 36 months due to the large amount of applicable data, access to funds, budget cycle, and resources to perform work required. 

BPA is concerned about 3rd party encryption keys and the risks they pose, including the expiration of encryption keys.  When an encryption key expires, the data flow ceases immediately to include Real-time Assessment and Real-time monitoring and control data.  BPA requests that controls be put in place to ensure mitigation measures do not allow encryption keys to expire.  Additionally, BPA is concerned that there is a risk of the certificate authority being unavailable for authentication, impacting maintenance of reliable communications between control centers for operation of the Bulk Electric System.

BPA also agrees with SRP comments, as follows:

“Overall, SRP does not agree with twenty-four (24) calendar months for the implementation of Requirements R1, as R1 and R2 from the second draft have been merged. Although SRP recognizes the SDT is not specifying the controls to be used to protect confidentiality and integrity, the only examples provided in the implementation guidance includes encryption. If there are other methods available to achieve the security objective, SRP asks the SDT to provide them. However, the only method available to achieve the proposed required objective, on the ICCP network, is to implement encryption. As FERC order 822 states on page 37, “if several registered entities have joint responsibility for a cryptographic key management system used between their respective Control Centers, they should have the prerogative to come to a consensus on which organization administers that particular key management system.” Furthermore, the FERC order states on page 38, “While responsible entities are required to exchange real-time and operational planning data necessary to operate the bulk electric system using mutually agreeable security protocols, there is no technical specification for how this transfer of information should incorporate mandatory security controls.” These are activities and specifications that must be created and agreed upon by all registered entities involved in the data transfer. As such the timeline is reliant on registered entities working together on a common solution and would not be achievable within 24 calendar months.

Additionally, if encryption fails, SRP would lose Real-time Assessment and Real-time monitoring and control data. There are many opportunities for encryption to fail that must be addressed. The implementation of encryption requires a pilot to truly understand and address the mechanisms of failure, the impacts encryption would cause on the exchange of the data, and the computing resources required. A pilot also requires a great amount of coordination to execute, not only within the industry, but may also include carriers, vendors, and possibly third-party encryption key program managers.

Because of the aforementioned reasons and concerns, SRP is recommending a phased implementation for CIP-012-1. A 24 month implementation is appropriate, but only for Requirement R1. The 24 months for R1 would provide time to coordinate and create an industry-wide solution. SRP is proposing the SDT include an additional 12 months for the plan implementation aspect of Requirement R1. The additional 12 months would be used for a pilot and course correction if needed, in addition to understanding, formulating, and executing maintenance strategies.”

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

Rachel Coyne, Texas Reliability Entity, Inc., 10, 7/2/2018

- 0 - 0

Santee Cooper, Segment(s) 1, 3, 5, 6, 7/2/2018

- 0 - 0

Martin Sidor, On Behalf of: NRG - NRG Energy, Inc., , Segments 5, 6

- 0 - 0

David Greyerbiehl, CMS Energy - Consumers Energy Company, 5, 7/2/2018

- 0 - 0

No, this standard should never be implemented! This is too prescriptive and unnecessary.  IRO-010-2 R3.3 and TOP-003-3 R5.3 already provide reliability assurance requirements for RCs, BAs, GOs, GOPs, TOPs, TOs, and DPs.  Additionally, NERC has a Standards Efficiency Initiative underway to get rid of standards and requirements such as CIP-012-1 and its' requirement 1.

Marty Hostler, Northern California Power Agency, 4, 7/2/2018

- 0 - 0

No, this standard should never be implemented! This is too prescriptive and unnecessary.  IRO-010-2 Question 3

Dennis Sismaet, Northern California Power Agency, 6, 7/2/2018

- 0 - 0

Southern Company supports the proposed twenty-four (24) month implementation plan.    

Southern Company, Segment(s) 1, 3, 5, 6, 10/30/2017

- 0 - 0

Oncor supports EEI's comment.

Tho Tran, 7/2/2018

- 0 - 0

Quintin Lee, Eversource Energy, 1, 7/2/2018

- 0 - 0

:ACES believes that twenty-four (24) calendar months after the effective date of the applicable governmental authority’s order approving the standard for implementation is appropriate.

Warren Cross, On Behalf of: ACES Power Marketing, MRO, WECC, Texas RE, SERC, Segments 1, 3, 4, 5

- 0 - 0

However, because this may invovle third parites equiement being place or added to a PSP based on the Technical Rationale and Justification for Reliability Standard guidance may need extended design and implementation efforts in meeting the PSP security requirments

David Francis, On Behalf of: Midcontinent ISO, Inc. - MRO, SERC, RF - Segments 2

- 0 - 0

Hot Answers

PNM Resources supports EEI’s comments on this question.

Lynn Goldstein, PNM Resources - Public Service Company of New Mexico, 1, 7/2/2018

- 0 - 0

The SPP Standards Review Group has a concern that the proposed Exemption will modify the current “Control Center” definition that potentially changes how High and Low impacts assets are evaluated. The review group is proposing some language (shown below) to help maintain consistency with the “Control Center” Definition and the proposed Exemption mentioned in the documentation. Additionally, the introduction of the term “Control System” as well as the diagrams and explanations in the rationale present complexity pertaining to the current process of identifying BES Cyber Systems. We would suggest that the drafting team remove the term “Control System” from all proposed language associated with this project.

Section 4.2.3. (Applicability Section –Standard)

BES generation resource or Transmission station or substation that transmits to a Control Center Real-time Assessment or Real-time monitoring data, such as RTU-style data, pertaining only to the generation resource or Transmission station or substation at which the data  transmitted is located.

SPP Standards Review Group, Segment(s) 2, 5, 4, 1, 3, 6, 7/2/2018

- 0 - 0

Other Answers

Steve Rose, On Behalf of: Steve Rose, , Segments 1, 3, 5

- 0 - 0

AEP requests the SDT consider including some statements in the Technical Rationale to address the possibility that data requests made related to TOP-003 and/or IRO-010 include other data that is not Real-time Assessment data or Real-time monitoring data, and how the Responsible Entity could exclude this other data from the security requirements.

 

The following text on page vi may need to be edited for sake of clarity “The only thing that has changed is an HMI for Station Beta has been moved within close physical proximity to an HMI for Station Alpha.”

Thomas Foltz, AEP, 5, 6/15/2018

- 0 - 0

David Maier, On Behalf of: David Maier, , Segments 3

- 0 - 0

None

Teresa Krabe, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

 SRP agrees with the Technical Rationale and Justification for CIP-012 provided by the SDT. However, SRP continues to maintain that an additional 12 months be considered for the plan implementation aspect of Requirement R1. PDF page 6, paragraph 3 of section title Identification of Where Security Protection is Applied by the Responsible Entity states "The SDT understands that in data exchanges between Control Centers, a single entity may not be responsible for both ends of the communication link." With the intent of the standard being to secure communications between Control Centers (including communication between two separate entities Control Centers), this will call for inter-entity cooperation to ensure both sides of link are secure. This is where the additional 12 months would be necessary, for coordination of efforts from both entities.    

Russell Martin II, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

AECI, Segment(s) 1, 3, 6, 5, 4/30/2018

- 0 - 0

Aubrey Short, 6/25/2018

- 0 - 0

FirstEnergy Corporation, Segment(s) 4, 1, 3, 5, 6, 4/11/2017

- 0 - 0

The NSRF does not agree that Figure 2 and related discussion within the Technical Rationale document applies to Transmission stations and substations and generation resources as being “Control Centers”. The NSRF believes that the Control Center definition was developed with the intent to apply to functionally manned control centers that monitor and control the BES; a center that hosts  System Operators that have specific training requirements and in some instances certifications to meet the requirements of their position. It appears the drafting team is expanding the Control Center definition for a field asset application in order to meet the needs of an exemption for CIP-012. Consider also, that in the last sentence of the first paragraph of the Reference Model Discussion in the Implementation Guidance it correctly states “Additionally, Entity Alpha does not need to consider any communications to other non-Control Center facilities such as generating plants or substations. These communications are out of scope for CIP-012-1” [emphasis added].

 The NSRF does agree that RTU-style data transmission between BES generation and Transmission stations and substations need to be explicitly excluded from CIP-012. The NSRF, under Comment #1 on this form, has provided revision language that meets our comments here and those already addressed.

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 7/19/2017

- 0 - 0

Steven Rueckert, Western Electricity Coordinating Council, 10, 6/28/2018

- 0 - 0

Idaho Power believes Figures 2 & 3 start to muddy the waters a little bit in terms of the initial intent of the CIP-012. Figure 2 seems to state that Station Alpha would be considered a control center, but Figure 3 seems to state that the communication between Station Alpha and the TOP control center would not be in scope of CIP-012. While Idaho Power would agree that in the end that seems to get to of the objective of the initial intent of CIP-012, this seems like a confusing way to reach that conclusion.

Laura Nelson, 6/28/2018

- 0 - 0

We believe that any of the technical rationale that can be condensed into clear, concise language should be moved into the CIP-012-1 as a defined requirement. Responsible Entities are audited to the Requirements in the Standard. Leaving this much information as Technical Rationale invites subjective audit interpretation unnecessarily increases compliance risk for the entity.

David Jendras, On Behalf of: Ameren - Ameren Services, , Segments 1, 3, 6

- 0 - 0

Patricia Lynch, On Behalf of: Patricia Lynch, , Segments 5, 6

- 0 - 0

The NSRF does not agree that Figure 2 and related discussion within the Technical Rationale document applies to Transmission stations and substations and generation resources as being “Control Centers”. The NSRF believes that the Control Center definition was developed with the intent to apply to functionally manned control centers that monitor and control the BES; a center that hosts  System Operators that have specific training requirements and in some instances certifications to meet the requirements of their position. It appears the drafting team is expanding the Control Center definition for a field asset application in order to meet the needs of an exemption for CIP-012. Consider also, that in the last sentence of the first paragraph of  the Reference Model Discussion in the Implementation Guidance it correctly states “Additionally, Entity Alpha does not need to consider any communications to other non-Control Center facilities such as generating plants or substations. These communications are out of scope for CIP-012-1” [emphasis added].

 

 The NSRF does agree that RTU-style data transmission between BES generation and Transmission stations and substations need to be explicitly excluded from CIP-012. The NSRF, under Comment #1 on this form, has provided revision language that meets our comments here and those already addressed.

Aaron Smith, On Behalf of: Aaron Smith, , Segments 1, 3, 5, 6

- 0 - 0

Leonard Kula, Independent Electricity System Operator, 2, 6/29/2018

- 0 - 0

PAC understands that time and the SAR are obstacles for the SDT at this time, further development of the Control Center definition should be resolved before more standards regarding Control Centers are introduced.

Sandra Shaffer, 6/29/2018

- 0 - 0

David Ramkalawan, 6/29/2018

- 0 - 0

Michael Shaw, 6/29/2018

- 0 - 0

Reclamation recommends that all Real-time Assessment and Real-time monitoring data be protected against the risk of unauthorized disclosure or modification. Reclamation asserts that the need to protect the data from a GOP Control Center with the ability to control more than two geographically separated facilities is no different than the need to protect the data from each single location, and no different from the need to protect data from a GOP Control Center to an RC or BA Control Center.

Richard Jackson, U.S. Bureau of Reclamation, 1, 6/29/2018

- 0 - 0

In the Technical Rationale document, please specify what type of date under TOP-003 and IRO-010 should be excluded from the CIP-012 requirements.

Jeanne Kurzynowski, On Behalf of: CMS Energy - Consumers Energy Company - RF - Segments 1, 3, 4, 5

- 0 - 0

Comments: FMPA agrees with the following comments submitted by the NSRF:

The NSRF does not agree that Figure 2 and related discussion within the Technical Rationale document applies to Transmission stations and substations and generation resources as being “Control Centers”. The NSRF believes that the Control Center definition was developed with the intent to apply to functionally manned control centers that monitor and control the BES; a center that hosts  System Operators that have specific training requirements and in some instances certifications to meet the requirements of their position. It appears the drafting team is expanding the Control Center definition for a field asset application in order to meet the needs of an exemption for CIP-012. Consider also, that in the last sentence of the first paragraph of the Reference Model Discussion in the Implementation Guidance it correctly states “Additionally, Entity Alpha does not need to consider any communications to other non-Control Center facilities such as generating plants or substations. These communications are out of scope for CIP-012-1” [emphasis added].

The NSRF does agree that RTU-style data transmission between BES generation and Transmission stations and substations need to be explicitly excluded from CIP-012. The NSRF, under Comment #1 on this form, has provided revision language that meets our comments here and those already addressed

FMPA, Segment(s) , 10/23/2017

- 0 - 0

Douglas Webb, 6/29/2018

- 0 - 0

FMPA agrees with the following comments submitted by the NSRF:

The NSRF does not agree that Figure 2 and related discussion within the Technical Rationale document applies to Transmission stations and substations and generation resources as being “Control Centers”. The NSRF believes that the Control Center definition was developed with the intent to apply to functionally manned control centers that monitor and control the BES; a center that hosts  System Operators that have specific training requirements and in some instances certifications to meet the requirements of their position. It appears the drafting team is expanding the Control Center definition for a field asset application in order to meet the needs of an exemption for CIP-012. Consider also, that in the last sentence of the first paragraph of the Reference Model Discussion in the Implementation Guidance it correctly states “Additionally, Entity Alpha does not need to consider any communications to other non-Control Center facilities such as generating plants or substations. These communications are out of scope for CIP-012-1” [emphasis added].

Richard Montgomery, On Behalf of: Florida Municipal Power Agency, , Segments 3, 4, 5, 6

- 0 - 0

FMPA agrees with the following comments submitted by the NSRF:

The NSRF does not agree that Figure 2 and related discussion within the Technical Rationale document applies to Transmission stations and substations and generation resources as being “Control Centers”. The NSRF believes that the Control Center definition was developed with the intent to apply to functionally manned control centers that monitor and control the BES; a center that hosts  System Operators that have specific training requirements and in some instances certifications to meet the requirements of their position. It appears the drafting team is expanding the Control Center definition for a field asset application in order to meet the needs of an exemption for CIP-012. Consider also, that in the last sentence of the first paragraph of the Reference Model Discussion in the Implementation Guidance it correctly states “Additionally, Entity Alpha does not need to consider any communications to other non-Control Center facilities such as generating plants or substations. These communications are out of scope for CIP-012-1” [emphasis added].

Carol Chinn, On Behalf of: Carol Chinn, , Segments 3, 4, 5, 6

- 0 - 0

FMPA agrees with the following comments submitted by the NSRF:

The NSRF does not agree that Figure 2 and related discussion within the Technical Rationale document applies to Transmission stations and substations and generation resources as being “Control Centers”. The NSRF believes that the Control Center definition was developed with the intent to apply to functionally manned control centers that monitor and control the BES; a center that hosts  System Operators that have specific training requirements and in some instances certifications to meet the requirements of their position. It appears the drafting team is expanding the Control Center definition for a field asset application in order to meet the needs of an exemption for CIP-012. Consider also, that in the last sentence of the first paragraph of the Reference Model Discussion in the Implementation Guidance it correctly states “Additionally, Entity Alpha does not need to consider any communications to other non-Control Center facilities such as generating plants or substations. These communications are out of scope for CIP-012-1” [emphasis added].

Joe McKinney, On Behalf of: Joe McKinney, , Segments 3, 4, 5, 6

- 0 - 0

FMPA agrees with the following comments submitted by the NSRF:

The NSRF does not agree that Figure 2 and related discussion within the Technical Rationale document applies to Transmission stations and substations and generation resources as being “Control Centers”. The NSRF believes that the Control Center definition was developed with the intent to apply to functionally manned control centers that monitor and control the BES; a center that hosts  System Operators that have specific training requirements and in some instances certifications to meet the requirements of their position. It appears the drafting team is expanding the Control Center definition for a field asset application in order to meet the needs of an exemption for CIP-012. Consider also, that in the last sentence of the first paragraph of the Reference Model Discussion in the Implementation Guidance it correctly states “Additionally, Entity Alpha does not need to consider any communications to other non-Control Center facilities such as generating plants or substations. These communications are out of scope for CIP-012-1” [emphasis added] The NSRF does agree that RTU-style data transmission between BES generation and Transmission stations and substations need to be explicitly excluded from CIP-012. The NSRF, under Comment #1 on this form, has provided revision language that meets our comments here and those already addressed

Chris Gowder, On Behalf of: Florida Municipal Power Agency, , Segments 3, 4, 5, 6

- 0 - 0

While MEC understands that time and the SAR are obstacles for the SDT at this time, however, issues with the existing Control Center definition should be resolved before more standards regarding Control Centers are introduced.

Darnez Gresham, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 6/29/2018

- 0 - 0

Jeff Johnson, 6/29/2018

- 0 - 0

NV Energy understands that a unknown expedited timeline and the original SAR are obstacles for the SDT at this time, and that this Standard will be approved in the near term, but we believe that further development of the Control Center definition should be resolved before more standards regarding Control Centers are introduced.

Kevin Salsbury, On Behalf of: Berkshire Hathaway - NV Energy, , Segments 5

- 0 - 0

Barry Lawson, 7/1/2018

- 0 - 0

Duke Energy suggests the drafting team consider adding a diagram that demonstrates under what circumstances a generating resource or Transmission sub would be applicable to this standard. With the added exemption language, it would be helpful for the industry to have a couple of examples where the exemption would not apply to existing generation resources and Transmission subs.

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

The technical rational should show examples of demarcation points for the protections or define the demarcation points.  For example, if a leased line or router is not owned by the entity, however the entity chose to deploy a firewall to encrypt the traffic ahead of the router, then the firewall shall be the demarcation point, not the router.  Explanations left to the entity without proper guidance may lead to confusion.  Furthermore, while entities may not own both sides of the links, technologies such as VPN require both sides to follow the same configuration in order to encrypt data.  If the other side is not equipped to encrypt the data, the link will remain unsecure. 

Stephanie Burns, 7/2/2018

- 0 - 0

Steven Mavis, 7/2/2018

- 0 - 0

Exelon supports the need for an exemption and explanation for digital control systems installed at generating stations and Transmission stations and substations that may also be classified as Control Centers. However, we have concerns that some parts of the Technical Rationale may align too closely with NERC’s description of Implementation Guidance.  (see Technical Rationale Transition Plan)

In the redline edits provided by the SDT, Figures 2 and 3 provide examples of communications between two generating stations, while technically conforming to the definition of a Control Center, are outside the intended scope of CIP-012-1 standard.  While the language and figures provide needed clarity, we suggest the SDT consider using diagrams that more closely conform to the figures provided within our comments.  We have provided these suggested changes because we are concerned that the issues of aggregated communications along with situations where Facilities contained within a single confined area are not clearly addressed in the Technical Rationale. We believe the diagrams provided more clearly define the limitations of the exemption.

Exelon is also concerned that the examples and approaches provided in the Technical Rationale may be better contained in the Implementation Guidance given the above referenced NERC document suggests that Implementation Guidance is where examples and approaches are to be used to illustrate how to comply with a Reliability Standard.

Daniel Gacek, Exelon, 1, 7/2/2018

- 0 - 0

CenterPoint Energy Houston Electric, LLC (“CenterPoint Energy”) agrees with Edison Electric Institute’s (EEI) comments.

Eli Rivera, On Behalf of: Central Electric Cooperative, Inc. (Redmond, Oregon), Texas RE, Segments NA - Not Applicable

- 0 - 0

Please refer to MRO NERC Standards Review Forum (NSRF) comments.

- 0 - 0

We feel that the example presented in the Technical Guidance reflects the Exemption accurately, however, the SDT is compounding the Control Center issue by having another explanation of a Control Center/control center to those already present in CIP-002, CIP-014, and the NERC Glossary, and now CIP-012. We recommend a single document that explains the Control Center / control center topic.

RSC no Dominion, Segment(s) 10, 2, 4, 5, 7, 1, 3, 6, 0, 7/2/2018

- 0 - 0

Douglas Johnson, 7/2/2018

- 0 - 0

PPL NERC Registered Affiliates, Segment(s) 3, 1, 5, 6, 2/9/2017

- 0 - 0

In the Technical Rationale document, please specify what type of date under TOP-003 and IRO-010 should be excluded from the CIP-012 requirements.

James Anderson, 7/2/2018

- 0 - 0

EEI supports the need for an exemption and explanation for digital control systems installed at generating stations and Transmission stations and substations that may also be classified as Control Centers. However, we have concerns that some parts of the Technical Rationale may align too closely with NERC’s description of Implementation Guidance.  (see Technical Rationale Transition Plan)

In the redline edits provided by the SDT, Figures 2 and 3 provide examples of communications between two generating stations, while technically conforming to the definition of a Control Center, are outside the intended scope of CIP-012-1 standard.  While the language and figures provide needed clarity, we suggest the SDT consider using diagrams that more closely conforms to the figures provided within our comments.  We have provided these suggested changes because we are concerned that the issues of aggregated communications along with situations where Facilities contained within a single confined area are not clearly addressed in the Technical Rationale. We believe the diagrams provided more clearly define the limitations of the exemption.

As stated above, we are concerned that the examples and approaches provided in the Technical Rationale may be better contained in the Implementation Guidance given the above referenced NERC document suggests that Implementation Guidance is where examples and approaches are to be used to illustrate how to comply with a Reliability Standard.

Andrea Koch, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

CIP 12 Figures.pdf

- 0 - 0

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

Texas RE does not have comments on this question.

Rachel Coyne, Texas Reliability Entity, Inc., 10, 7/2/2018

- 0 - 0

Santee Cooper, Segment(s) 1, 3, 5, 6, 7/2/2018

- 0 - 0

Martin Sidor, On Behalf of: NRG - NRG Energy, Inc., , Segments 5, 6

- 0 - 0

In the Technical Rationale document, please specify what type of date under TOP-003 and IRO-010 should be excluded from the CIP-012 requirements.

David Greyerbiehl, CMS Energy - Consumers Energy Company, 5, 7/2/2018

- 0 - 0

Marty Hostler, Northern California Power Agency, 4, 7/2/2018

- 0 - 0

Dennis Sismaet, Northern California Power Agency, 6, 7/2/2018

- 0 - 0

Southern Company supports the need to exempt certain Control Centers.  Barring the ability to address the Control Center definition fully, Southern recognizes that the proposed Standard addresses the need for an exemption in an appropriate way.

Southern Company, Segment(s) 1, 3, 5, 6, 10/30/2017

- 0 - 0

Oncor supports EEI's comment.

Tho Tran, 7/2/2018

- 0 - 0

We feel that the example presented in the Technical Guidance reflects the Exemption accurately, however, the SDT is compounding the Control Center issue by having another explanation of a Control Center/control center to those already present in CIP-002, CIP-014, and the NERC Glossary, and now CIP-012. We recommend a single document that explains the Control Center / control center topic.

Quintin Lee, Eversource Energy, 1, 7/2/2018

- 0 - 0

No comments.

Warren Cross, On Behalf of: ACES Power Marketing, MRO, WECC, Texas RE, SERC, Segments 1, 3, 4, 5

- 0 - 0

Increases security risk with repair personnel going into a PSP without knowning all the CIP security requirments for such devises and have in house personnel escorting the repair personnel during any repair work

David Francis, On Behalf of: Midcontinent ISO, Inc. - MRO, SERC, RF - Segments 2

- 0 - 0

Hot Answers

PNM Resources supports EEI’s comments on this question.

Lynn Goldstein, PNM Resources - Public Service Company of New Mexico, 1, 7/2/2018

- 0 - 0

The SPP Standards Review Group would ask that the drafting team provide us some feedback on the next steps in their process on how they plan to get the Implementation Guidance Document formalized and coordinated with the CIP-012-1 Standard. From our prospective, this document was well put together and we would hate to see this document to be left out of the approval process for the CIP project.

SPP Standards Review Group, Segment(s) 2, 5, 4, 1, 3, 6, 7/2/2018

- 0 - 0

Other Answers

Steve Rose, On Behalf of: Steve Rose, , Segments 1, 3, 5

- 0 - 0

AEP requests the SDT consider including some statements in the Implementation Guidance to address the possibility that data requests made related to TOP-003 and/or IRO-010 include other data that is not Real-time Assessment data or Real-time monitoring data, and how the Responsible Entity could exclude this other data from the security requirements.

Thomas Foltz, AEP, 5, 6/15/2018

- 0 - 0

David Maier, On Behalf of: David Maier, , Segments 3

- 0 - 0

None

Teresa Krabe, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

Overall, SRP does not agree with twenty-four (24) calendar months for the implementation of Requirements R1, as R1 and R2 from the second draft have been merged. Although SRP recognizes the SDT is not specifying the controls to be used to protect confidentiality and integrity, the only examples provided in the implementation guidance includes encryption. If there are other methods available to achieve the security objective, SRP asks the SDT to provide them. However, the only method available to achieve the proposed required objective, on the ICCP network, is to implement encryption. As FERC order 822 states on page 37, “if several registered entities have joint responsibility for a cryptographic key management system used between their respective Control Centers, they should have the prerogative to come to a consensus on which organization administers that particular key management system.” Furthermore, the FERC order states on page 38, “While responsible entities are required to exchange real-time and operational planning data necessary to operate the bulk electric system using mutually agreeable security protocols, there is no technical specification for how this transfer of information should incorporate mandatory security controls.” These are activities and specifications that must be created and agreed upon by all registered entities involved in the data transfer. As such the timeline is reliant on registered entities working together on a common solution and would not be achievable within 24 calendar months.

Additionally, if encryption fails, SRP would lose Real-time Assessment and Real-time monitoring and control data. There are many opportunities for encryption to fail that must be addressed. The implementation of encryption requires a pilot to truly understand and address the mechanisms of failure, the impacts encryption would cause on the exchange of the data, and the computing resources required. A pilot also requires a great amount of coordination to execute, not only within the industry, but may also include carriers, vendors, and possibly third-party encryption key program managers.

Because of the aforementioned reasons and concerns, SRP is recommending a phased implementation for CIP-012-1. A 24 month implementation is appropriate, but only for Requirement R1. The 24 months for R1 would provide time to coordinate and create an industry-wide solution. SRP is proposing the SDT include an additional 12 months for the plan implementation aspect of Requirement R1. The additional 12 months would be used for a pilot and course correction if needed, in addition to understanding, formulating, and executing maintenance strategies.

Russell Martin II, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

AECI, Segment(s) 1, 3, 6, 5, 4/30/2018

- 0 - 0

Aubrey Short, 6/25/2018

- 0 - 0

FirstEnergy Corporation, Segment(s) 4, 1, 3, 5, 6, 4/11/2017

- 0 - 0

Based upon NSRF comments to delete Requirement 1, Part 1.3 as identified under #2 of this comment form, the section within the Implementation Guidance titled “Identification of Responsibilities when the Control Centers are Owned or Operated by Different Responsible Entities” would need to be revised or eliminated. In addition, the Reference Model section of the Implementation Guide would also need be revised in those areas that reflect Responsible Entity accountability for other Responsible Entities.

The drafting team in earlier response to comments has stated that the Implementation Guidance would be submitted as a Standard Application Guide to NERC. This is imperative for Responsible Entities and Regional Entities to understand the intent and consistent application of this non-prescriptive Standard.

The NSRF questions when any type of Guidance is needed when the Standard is clearly written.  As stated in FERC Order 693 section 253, FERC states “…The most critical element of a Reliability Standard is the Requirements. As NERC explains, “the Requirements within a standard define what an entity must do to be compliant . . . [and] binds an entity to certain obligations of performance under section 215 of the FPA.” If properly drafted, a Reliability Standard may be enforced in the absence of specified Measures or Levels of Non-Compliance”.

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 7/19/2017

- 0 - 0

Steven Rueckert, Western Electricity Coordinating Council, 10, 6/28/2018

- 0 - 0

Laura Nelson, 6/28/2018

- 0 - 0

As with technical rationale any implementation guidance that can be condensed into clear, concise language should be moved into the CIP-012-1 as a defined requirement. Responsible Entities are audited to the Requirements in the Standard. In our opinion, leaving this much information as implementation guidance invites subjective audit interpretation and therefore unnecessarily increases compliance risk for the entity. The inclusion of acceptable means/methods within the verbiage of a Requirement does not necessarily make it prescriptive because the wording can state "or any other means that addresses the XXX risk". In addition, this type of guidance provides explicit compliance help which on its face increases overall BES reliability because entities may rely on the guidance to be compliant and not err by misinterpreting what can be done.

David Jendras, On Behalf of: Ameren - Ameren Services, , Segments 1, 3, 6

- 0 - 0

Patricia Lynch, On Behalf of: Patricia Lynch, , Segments 5, 6

- 0 - 0

:  Based upon NSRF comments to delete Requirement 1, Part 1.3 as identified under #2 of this comment form the section within the Implementation Guidance titled “Identification of Responsibilities when the Control Centers are Owned or Operated by Different Responsible Entities” would need to be revised or eliminated. In addition, the Reference Model section of the Implementation Guide would also need be revised in those areas that reflect Responsible Entity accountability for other Responsible Entities.

 

The drafting team in earlier response to comments has stated that the Implementation Guidance would be submitted as a Standard Application Guide to NERC. This is imperative for Resonsible Entities and Regional Entities to understand intent and consistent application of this non-prescriptive Standard.

The NSRF questions when any type of Guidance is needed when the Standard is clearly written.  As stated in FERC Order 693 section 253, FERC states “…The most critical element of a Reliability Standard is the Requirements. As NERC explains, “the Requirements within a standard define what an entity must do to be compliant . . . [and] binds an entity to certain obligations of performance under section 215 of the FPA.” If properly drafted, a Reliability Standard may be enforced in the absence of specified Measures or Levels of Non-Compliance

Aaron Smith, On Behalf of: Aaron Smith, , Segments 1, 3, 5, 6

- 0 - 0

Leonard Kula, Independent Electricity System Operator, 2, 6/29/2018

- 0 - 0

PacifiCorp agrees with modifications made to the implementation guidance, specifically the newly introduced paragraph, “Where the operational obligations of an entire communication link, including both endpoints, belong to the Control Center of another Responsible Entity, the Responsible Entity without operational obligations for the communication link may demonstrate compliance by ensuring the communications link endpoint is within its Control Center, which could be limited to including the communication link endpoint within a PSP.” PacifiCorp would like the following edit added “or where other physical protections are applied.” PacifiCorp feels that this will allow entities flexibility where the devices that perform this are located within its location.  PacifiCorp also likes the VPN examples provided. If the newly introduced paragraph or the VPN examples are removed or if the implementation guidance is not ERO-endorsed prior to the final ballot, PacifiCorp may alter its final vote.

Sandra Shaffer, 6/29/2018

- 0 - 0

David Ramkalawan, 6/29/2018

- 0 - 0

Michael Shaw, 6/29/2018

- 0 - 0

None

Richard Jackson, U.S. Bureau of Reclamation, 1, 6/29/2018

- 0 - 0

In the Implementation Guidance document, please specify what type of date under TOP-003 and IRO-010 should be excluded from the CIP-012 requirements.

Jeanne Kurzynowski, On Behalf of: CMS Energy - Consumers Energy Company - RF - Segments 1, 3, 4, 5

- 0 - 0

The example “Identification of Responsibilities when the Control Centers are Owned or Operated by Different Responsible Entities, the language indicates the communication link endpoint is within a PSP.  If the Control Center is rated as a Low Impact per the CIP-002-5.1a Attachment 1 Criteria 3.1, the term PSP does not apply and is not required by the Standard. 

FMPA, Segment(s) , 10/23/2017

- 0 - 0

Kansas City Power and Light Company incorporates the Edison Electric Institute's response to Question No. 5.

Douglas Webb, 6/29/2018

- 0 - 0

The example “Identification of Responsibilities when the Control Centers are Owned or Operated by Different Responsible Entities, the language indicates the communication link endpoint is within a PSP.  If the Control Center is rated as a Low Impact per the CIP-002-5.1a Attachment 1 Criteria 3.1, the term PSP does not apply and is not required by the Standard

Richard Montgomery, On Behalf of: Florida Municipal Power Agency, , Segments 3, 4, 5, 6

- 0 - 0

The example “Identification of Responsibilities when the Control Centers are Owned or Operated by Different Responsible Entities, the language indicates the communication link endpoint is within a PSP.  If the Control Center is rated as a Low Impact per the CIP-002-5.1a Attachment 1 Criteria 3.1, the term PSP does not apply and is not required by the Standard

Carol Chinn, On Behalf of: Carol Chinn, , Segments 3, 4, 5, 6

- 0 - 0

The example “Identification of Responsibilities when the Control Centers are Owned or Operated by Different Responsible Entities, the language indicates the communication link endpoint is within a PSP.  If the Control Center is rated as a Low Impact per the CIP-002-5.1a Attachment 1 Criteria 3.1, the term PSP does not apply and is not required by the Standard.  

Joe McKinney, On Behalf of: Joe McKinney, , Segments 3, 4, 5, 6

- 0 - 0

The example “Identification of Responsibilities when the Control Centers are Owned or Operated by Different Responsible Entities, the language indicates the communication link endpoint is within a PSP.  If the Control Center is rated as a Low Impact per the CIP-002-5.1a Attachment 1 Criteria 3.1, the term PSP does not apply and is not required by the Standard

Chris Gowder, On Behalf of: Florida Municipal Power Agency, , Segments 3, 4, 5, 6

- 0 - 0

MEC agrees with modifications made to the Implementation Guidance, specifically the newly introduced sentence, “Where the operational obligations of an entire communication link, including both endpoints, belong to the Control Center of another Responsible Entity, the Responsible Entity without operational obligations for the communication link may demonstrate compliance by ensuring the communications link endpoint is within its Control Center, which could be limited to including the communication link endpoint within a PSP.” MEC would like to see “or where other physical protections are applied.” This will provide more flexibility for entities. MEC also likes the VPN example provided.  Inclusion of the newly introduced sentence, the VPN example and ERO-endorsement of the implementation guidance are needed in the final version for MEC to vote yes on the final ballot.

Darnez Gresham, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 6/29/2018

- 0 - 0

Jeff Johnson, 6/29/2018

- 0 - 0

NV Energy agrees with the requirement based on the newly introduced paragraph in the Implementation Guidance, “Where the operational obligations of an entire communication link, including both endpoints, belong to the Control Center of another Responsible Entity, the Responsible Entity without operational obligations for the communication link may demonstrate compliance by ensuring the communications link endpoint is within its Control Center, which could be limited to including the communication link endpoint within a PSP.”

NV Energy would like the following edit added “or where other physical protections are applied.” NV Energy believes that this will allow entities flexibility where their devices that perform this function are located within its location.  NV Energy believes the VPN examples provided are necessary and should remain within the Guidance document. If the newly introduced paragraph or the VPN example are removed or if the implementation guidance is not ERO-endorsed prior to the final ballot, NV Energy may alter its final vote.

Kevin Salsbury, On Behalf of: Berkshire Hathaway - NV Energy, , Segments 5

- 0 - 0

Barry Lawson, 7/1/2018

- 0 - 0

No comment at this time.

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

Comments above in question 4 apply here as well.

Stephanie Burns, 7/2/2018

- 0 - 0

Steven Mavis, 7/2/2018

- 0 - 0

Generally, Exelon supports the Implementation Guidance, but ask the SDT to consider the following suggested changes:

  1. Address how an entity might effectively identify Control Centers (as defined by the NERC Glossary) that would be exempted from complying with CIP-012-1 as a result of the newly developed Exemption 4.2.3 language.

  2. There are many different approaches to mitigating the risk of unauthorized disclosure or modification of data in transit. Additional guidance that explores various approaches and evaluates their effectiveness in mitigating risk may be helpful before entities make implementation investments for CIP-012-1.

  3. Exelon suggests the SDT consider removing or modifying the email example (last bullet on page 8) since email and the associated password exchange recommended (e.g., by phone) i  “inconsistent with the requirements of Real-time data exchange” as indicated in the draft Implementation Guidance.

While Exwlon recognizes that approval of Implementation Guidance goes beyond the responsibility of the SDT, we suggest the final version of Implementation Guidance be approved by the ERO and posted with the Standard before any final ballot.

Daniel Gacek, Exelon, 1, 7/2/2018

- 0 - 0

CenterPoint Energy Houston Electric, LLC (“CenterPoint Energy”) agrees with Edison Electric Institute’s (EEI) comments.

Eli Rivera, On Behalf of: Central Electric Cooperative, Inc. (Redmond, Oregon), Texas RE, Segments NA - Not Applicable

- 0 - 0

Please refer to MRO NERC Standards Review Forum (NSRF) comments.

- 0 - 0

RSC no Dominion, Segment(s) 10, 2, 4, 5, 7, 1, 3, 6, 0, 7/2/2018

- 0 - 0

American Transmission Company LLC (ATC) agrees that the controls prescribed by CIP-006 satisfy CIP-012 Requirement R1 Parts 1.1 and 1.2, and appreciates being able to leverage Standards that are already implemented and enforceable as opposed to creating a new requirement.  ATC cautions that this approach could re-create ‘spaghetti’ requirements placing Registered Entities in potential double jeopardy if conditions of non-compliance occur.  ATC requests consideration of inclusion of statements in a CIP-012 CMEP Practice Guide to instruct Regional Compliance Enforcement Agencies to audit in a manner that does not place the Registered Entities at odds with both CIP-006-6 and CIP-012 for individual instances of potential non-compliance.

Douglas Johnson, 7/2/2018

- 0 - 0

PPL NERC Registered Affiliates, Segment(s) 3, 1, 5, 6, 2/9/2017

- 0 - 0

In the Implementation Guidance document, please specify what type of date under TOP-003 and IRO-010 should be excluded from the CIP-012 requirements.

James Anderson, 7/2/2018

- 0 - 0

Generally, EEI supports the Implementation Guidance, but ask the SDT to consider the following suggested changes:

  1. Address how an entity might effectively identify Control Centers (as defined by the NERC Glossary) that would be exempted from complying with CIP-012-1 as a result of the newly developed Exemption 4.2.3 language.

  2. There are many different approaches to mitigating the risk of unauthorized disclosure or modification of data in transit. Additional guidance that explores various approaches and evaluates their effectiveness in mitigating risk may be helpful before entities make implementation investments for CIP-012-1.

  3. EEI suggests the SDT consider removing or modifying the email example (last bullet on page 8) since email and the associated password exchange recommended (e.g., by phone) i  “inconsistent with the requirements of Real-time data exchange” as indicated in the draft Implementation Guidance.

While EEI recognizes that approval of Implementation Guidance goes beyond the responsibility of the SDT, we suggest the final version of Implementation Guidance be approved by the ERO and posted with the Standard before any final ballot.

Andrea Koch, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

On pages 5 and 6 of the Implementation Guidance document, BPA believes additional clarity is needed to identify each entity’s responsibility, as follows: “Where the operational obligations of an entire communication link, including both endpoints, belong to the Control Center of another Responsible Entity A, the Responsible Entity without operational obligations (B) for the communication link Responsible Entity B may demonstrate compliance by ensuring the communications link endpoint is within B’s Control Center, which could be limited to including the communication link endpoint within B’s PSP.”

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

Texas RE prefers commenting on Implementation Guidance once the standard language is in its final form.

Rachel Coyne, Texas Reliability Entity, Inc., 10, 7/2/2018

- 0 - 0

The guidance provides encryption as a method.  The industry has not been able to test security controls such as encryption, to ensure that reliability is not impacted.  Concerned that encryption of data will create an adverse impact to reliability.  It is unclear the amount of latency that may be added or amount of computing resources required to encrypt and decrypt this data every 6 seconds.

Additionally, the burden should not be placed on a Registered Entity to prove that a neighbor’s control room has the appropriate protections in place.  We should only have the burden for our own control room.

Santee Cooper, Segment(s) 1, 3, 5, 6, 7/2/2018

- 0 - 0

Martin Sidor, On Behalf of: NRG - NRG Energy, Inc., , Segments 5, 6

- 0 - 0

In the Implementation Guidance document, please specify what type of date under TOP-003 and IRO-010 should be excluded from the CIP-012 requirements.

David Greyerbiehl, CMS Energy - Consumers Energy Company, 5, 7/2/2018

- 0 - 0

IRO-010-2 R3.3 and TOP-003-3 R5.3 already provide reliability assurance requirements for RCs, BAs, GOs, GOPs, TOPs, TOs, and DPs; and they are not presriptive.  Consequently, CIP-012 is and its' draft implementation quidance are not needed.

Additionally, NERC has a Standards Efficiency Initiative underway to get rid of standards and requirements such as CIP-012-1 and its' Requirement 1.

Marty Hostler, Northern California Power Agency, 4, 7/2/2018

- 0 - 0

IRO-010-2 R3.3 and TOP-003-3 R5.3 already provide reliability assurance requirements for RCs, BAs, GOs, GOPs, TOPs, TOs, and DPs; and they are not prescriptive.  Consequently, CIP-012 is and its' draft implementation guidance are not needed.  Additionally, NERC has a Standards Efficiency Initiative underway to get rid of standards and requirements such as CIP-012-1 and its' requirement 1.

Dennis Sismaet, Northern California Power Agency, 6, 7/2/2018

- 0 - 0

Southern Company, Segment(s) 1, 3, 5, 6, 10/30/2017

- 0 - 0

Oncor supports EEI's comment.

Tho Tran, 7/2/2018

- 0 - 0

Quintin Lee, Eversource Energy, 1, 7/2/2018

- 0 - 0

No comments.

Warren Cross, On Behalf of: ACES Power Marketing, MRO, WECC, Texas RE, SERC, Segments 1, 3, 4, 5

- 0 - 0

For the same reasons stated in response for question 4 with third party personnel entering a PSP

David Francis, On Behalf of: Midcontinent ISO, Inc. - MRO, SERC, RF - Segments 2

- 0 - 0

Hot Answers

Lynn Goldstein, PNM Resources - Public Service Company of New Mexico, 1, 7/2/2018

- 0 - 0

N/A

SPP Standards Review Group, Segment(s) 2, 5, 4, 1, 3, 6, 7/2/2018

- 0 - 0

Other Answers

Steve Rose, On Behalf of: Steve Rose, , Segments 1, 3, 5

- 0 - 0

Thomas Foltz, AEP, 5, 6/15/2018

- 0 - 0

David Maier, On Behalf of: David Maier, , Segments 3

- 0 - 0

None

Teresa Krabe, On Behalf of: Lower Colorado River Authority, , Segments 1, 5

- 0 - 0

SRP does not agree the current standard and implementation plan can be executed in a cost effective manner. Encryption has been the only presented solution provided by auditors and SDT guidance to protect both confidentiality and integrity for the data within this scope. If the implementation timeframe remains at 24 months, more resources and capital will be required versus a phased implementation. A phased implementation provides the ability to not only ensure the most effective plan, but also provides the ability to plan more accurately within budget cycles. More importantly, if encryption fails, SRP would lose Real-time Assessment and Real-time monitoring and control data.  SRP is concerned a 24 month implementation timeline would impact reliability as there are many opportunities for encryption to fail that must be addressed. This has a direct correlation on cost when addressing those opportunities during this timeframe.

Additionally, SRP would like to see reference models of methods that do not require encryption as a method to protect communications between Control Centers.

Russell Martin II, On Behalf of: Salt River Project, WECC, Segments 1, 3, 5, 6

- 0 - 0

AECI, Segment(s) 1, 3, 6, 5, 4/30/2018

- 0 - 0

Aubrey Short, 6/25/2018

- 0 - 0

FirstEnergy Corporation, Segment(s) 4, 1, 3, 5, 6, 4/11/2017

- 0 - 0

Undetermined at this time.

MRO NSRF, Segment(s) 3, 4, 5, 6, 1, 2, 7/19/2017

- 0 - 0

Steven Rueckert, Western Electricity Coordinating Council, 10, 6/28/2018

- 0 - 0

The options for flexibility aren’t clearly presented in the draft standard and the language provided.

Laura Nelson, 6/28/2018

- 0 - 0

As currently worded in draft 4 we believe that there is too much potential risk to support a "yes" response to this question.

David Jendras, On Behalf of: Ameren - Ameren Services, , Segments 1, 3, 6

- 0 - 0

Patricia Lynch, On Behalf of: Patricia Lynch, , Segments 5, 6

- 0 - 0

Aaron Smith, On Behalf of: Aaron Smith, , Segments 1, 3, 5, 6

- 0 - 0

Leonard Kula, Independent Electricity System Operator, 2, 6/29/2018

- 0 - 0

Sandra Shaffer, 6/29/2018

- 0 - 0

David Ramkalawan, 6/29/2018

- 0 - 0

Michael Shaw, 6/29/2018

- 0 - 0

Reclamation recommends the term “plan” be replaced with the term “process” throughout the CIP-012-1 standard, Technical Rationale, Implementation Guidance, and associated documents. A plan is an unwarranted layer of compliance that does not improve the reliability of the BES. The processes an entity implements have defined controls that reduce the entity’s risks to the BES and thereby improve BES reliability.

Richard Jackson, U.S. Bureau of Reclamation, 1, 6/29/2018

- 0 - 0

More flexibility and less guidance could lead to inconsistency on requirement implementation among different entities.

Jeanne Kurzynowski, On Behalf of: CMS Energy - Consumers Energy Company - RF - Segments 1, 3, 4, 5

- 0 - 0

Undetermined

FMPA, Segment(s) , 10/23/2017

- 0 - 0

Douglas Webb, 6/29/2018

- 0 - 0

Undetermined

Richard Montgomery, On Behalf of: Florida Municipal Power Agency, , Segments 3, 4, 5, 6

- 0 - 0

Undetermined

Carol Chinn, On Behalf of: Carol Chinn, , Segments 3, 4, 5, 6

- 0 - 0

Undetermined

Joe McKinney, On Behalf of: Joe McKinney, , Segments 3, 4, 5, 6

- 0 - 0

Undetermined

Chris Gowder, On Behalf of: Florida Municipal Power Agency, , Segments 3, 4, 5, 6

- 0 - 0

Darnez Gresham, Berkshire Hathaway Energy - MidAmerican Energy Co., 3, 6/29/2018

- 0 - 0

Jeff Johnson, 6/29/2018

- 0 - 0

Kevin Salsbury, On Behalf of: Berkshire Hathaway - NV Energy, , Segments 5

- 0 - 0

Barry Lawson, 7/1/2018

- 0 - 0

No comment at this time.

Duke Energy , Segment(s) 1, 5, 6, 4/10/2014

- 0 - 0

ITC does not agree with this approach being cost effective.  This is especially true for larger balancing authorities that own and pay for many routers and circuits to receive ICCP data they require for real time operation.   Many routers deployed today may not have encryption capabilities and many circuits may not have adequate bandwidth to support additional encryption overhead.  In addition the methods to connect to the control center such as the lease lines, or communication circuits, may need to change to accommodate the new protection requirements.

Stephanie Burns, 7/2/2018

- 0 - 0

Steven Mavis, 7/2/2018

- 0 - 0

Daniel Gacek, Exelon, 1, 7/2/2018

- 0 - 0

Eli Rivera, On Behalf of: Central Electric Cooperative, Inc. (Redmond, Oregon), Texas RE, Segments NA - Not Applicable

- 0 - 0

This has not been determined due to the need for revisions to the proposed standard.

- 0 - 0

RSC no Dominion, Segment(s) 10, 2, 4, 5, 7, 1, 3, 6, 0, 7/2/2018

- 0 - 0

Douglas Johnson, 7/2/2018

- 0 - 0

PPL NERC Registered Affiliates, Segment(s) 3, 1, 5, 6, 2/9/2017

- 0 - 0

More flexibility and less guidance could lead to inconsistency on requirement implementation among different entities.

James Anderson, 7/2/2018

- 0 - 0

No comment

Andrea Koch, On Behalf of: Edison Electric Institute, NA - Not Applicable, Segments NA - Not Applicable

- 0 - 0

BPA believes that if the data must be protected throughout the transmission, it would seem that could only be accomplished with encryption. For cases where the existing equipment is not capable of encryption, replacement will be costly and implementation lengthy.  While the proposed standard and implementation guidance do not require encryption, no other solution seems viable.

Due to BPA’s large amount of applicable data, access to funds and budget cycle, and resources to perform work required, the solution will be costly.

BPA also agrees with SRP’s comments as follows:

“SRP does not agree the current standard and implementation plan can be executed in a cost effective manner. Encryption has been the only presented solution provided by auditors and SDT guidance to protect both confidentiality and integrity for the data within this scope. If the implementation timeframe remains at 24 months, more resources and capital will be required versus a phased implementation. A phased implementation provides the ability to not only ensure the most effective plan, but also provides the ability to plan more accurately within budget cycles. More importantly, if encryption fails, SRP would lose Real-time Assessment and Real-time monitoring and control data.  SRP is concerned a 24 month implementation timeline would impact reliability as there are many opportunities for encryption to fail that must be addressed. This has a direct correlation on cost when addressing those opportunities during this timeframe.

Additionally, SRP would like to see reference models of methods that do not require encryption as a method to protect communications between Control Centers.”

Aaron Cavanaugh, On Behalf of: Bonneville Power Administration, WECC, Segments 1, 3, 5, 6

- 0 - 0

Texas RE does not have comments on this question.

Rachel Coyne, Texas Reliability Entity, Inc., 10, 7/2/2018

- 0 - 0

Significant capital may need to be budgeted in order to implement architecture improvements to address the required computing resources for encryption and decryption of data.  Encryption adds a burden for on-going maintenance and management.  There is concern of the impacts on real-time operations for encryption and decryption of data.

Santee Cooper, Segment(s) 1, 3, 5, 6, 7/2/2018

- 0 - 0

Martin Sidor, On Behalf of: NRG - NRG Energy, Inc., , Segments 5, 6

- 0 - 0

More flexibility and less guidance could lead to inconsistency on requirement implementation among different entities.

David Greyerbiehl, CMS Energy - Consumers Energy Company, 5, 7/2/2018

- 0 - 0

IRO-010-2 R3.3 and TOP-003-3 R5.3 already provide reliability assurance requirements for RCs, BAs, GOs, GOPs, TOPs, TOs, and DPs; they provide flexibility to meet reliability objectives in a cost effective manner.  Proposed CIP-012 does not and is not needed.  Additionally, NERC has a Standards Efficiency Initiative underway to get rid of standards and requirements such as CIP-012-1 and its' Requirement 1.

Marty Hostler, Northern California Power Agency, 4, 7/2/2018

- 0 - 0

IRO-010-2 R3.3 and TOP-003-3 R5.3 already provide reliability assurance requirements for RCs, BAs, GOs, GOPs, TOPs, TOs, and DPs; they provide flexibility to meet reliability objectives in a cost effective manner.  Proposed CIP-012 does not, and is not needed.  Additionally, NERC has a Standards Efficiency Initiative underway to get rid of standards and requirements such as CIP-012-1 and its' Requirement 1.

 

Dennis Sismaet, Northern California Power Agency, 6, 7/2/2018

- 0 - 0

Southern Company, Segment(s) 1, 3, 5, 6, 10/30/2017

- 0 - 0

Tho Tran, 7/2/2018

- 0 - 0

Quintin Lee, Eversource Energy, 1, 7/2/2018

- 0 - 0

ACES does agree with the cost effective approach, if the wording is revised from Control Center to Facility. A Control Center has much more compliance obligations than a Facility.

Warren Cross, On Behalf of: ACES Power Marketing, MRO, WECC, Texas RE, SERC, Segments 1, 3, 4, 5

- 0 - 0

David Francis, On Behalf of: Midcontinent ISO, Inc. - MRO, SERC, RF - Segments 2

- 0 - 0