august 19, 2021
TRANSCRIPT
Agenda
▪ Introduction and Review • Michael Dalebout, Enforcement Operations Manager
▪ Align Update• Ben Aldous, Senior Data Analyst
▪ WECC Entity Data Questionnaire• Scott Brooksby, Senior Cyber Security Engineer
▪ NERC Evidence Request Tool v5• Holly Peterson, Senior Auditor, Cyber Security
• Domenic Darling, Staff Auditor, Cyber Security
▪ Standards Development Update • Steve Rueckert, Director of Standards
3
Antitrust Policy
▪ All WECC meetings are conducted in accordance with the WECC
Antitrust Policy and the NERC Antitrust Compliance Guidelines
▪ All participants must comply with the policy and guidelines
▪ This meeting is public—confidential or proprietary information
should not be discussed in open session
4
Antitrust Policy
▪ This webinar is being recorded and will be posted publicly
▪ By participating, you give your consent for your name, voice,
image and likeness to be included in that recording
▪ WECC strives to ensure the information presented today is
accurate and reflects the views of WECC
▪ However, all interpretations and positions are subject to change
▪ If you have any questions, please contact WECC’s legal counsel
5
Release 2
▪ July 19—TFEs
▪ August 2—Periodic Data Submittals
• October 1—Q3 FAC-003-4 C.1.4
▪ October 1—Self-Certification
• December 15—2021 Annual Self-Certification
▪ Release 3
11
Data Migration
▪ Migrating to Align
• July 19—TFEs
• Q4 2021—Closed PNCs within retention period
• Early 2022—Open PNCs
▪ Other data, documents, and evidence
12
Digital Certificates
▪ All new activities in Align from August 2
▪ Certificates needed only for PNC processing
▪ Maintain contact info for notifications
▪ New entities do not need certificates
13
What
▪ WECC Risk Team will issue a short set of questions (approx. 35)
▪ Most questions are Yes, No, N/A (two require more detailed response)
▪ “Yes” answer will require basic details
▪ Questions cover:• CIP
• Transmission
• Generation
• Load
• Operations
• Protection Systems
• Events and System Restoration
16
Why
▪ WECC must stay informed of significant changes affecting the BPS
to successfully implement a risk-based approach to monitoring for
registered entities
▪ The timely submittal and incorporation of changes in the field to
WECC’s risk models is critical to identifying emerging risks to
reliability
▪ Entity Data Questionnaire is your opportunity to inform WECC of
changes
17
The Questionnaire
Each table asks questions about your system for certain topics
18
Question Applicable Functions Answer If yes, provide details WECC Questions Supporting Detail
How
▪ Primary Compliance Contacts (PCC) and Alternate Compliance
Contacts (ACC) will get email notifications
• Link to a Microsoft Excel spreadsheet
• Timing
• Location to return
• REs should return the completed spreadsheets to WECC through Secure
Workspace
19
When
▪ All High and Medium Inherent Risk entities will receive the
spreadsheet in September 2021
• Then annually
▪ Low Inherent Risk entities will receive questions in Q3 of 2021,
2022, or 2023
• Then triennially
▪ Entities will have 30 days to complete and return to WECC
20
Questions
▪ What will WECC do with my answers?
• WECC will update what it knows about your entity’s risk profile. Allows
WECC to better plan monitoring activity.
▪ If I answer “yes,” will that trigger a WECC response?
• WECC will review your written response and determine whether more
information is needed, either through an email, phone call, a meeting with
SMEs, or request for information.
21
August 19, 2021
Domenic DarlingCompliance Auditor, Cyber Security
Holly PetersonSenior Compliance Auditor, Cyber
Security
CIP Evidence Request Tool:
Common Challenges
Objectives
▪ Review common challenges with CIP Evidence Request Tool (ERT)
5.0
▪ Help you prepare to use the ERT in upcoming audits
▪ Answer your questions
▪ Solicit feedback on your experiences with the ERT 5.0
24
CIP ERT 5.0: What is it?
▪ A common request for information tool
▪ Helps with consistency and transparency
in audit approach across ERO Enterprise
▪ Helps entities plan for evidence requests
more efficiently
25
Where Can I Get the ERT?
26
▪ NERC announced availability of the ERTv5.0 in March 2021
▪ Download at NERC’s one-stop shop
• ERT
• CIP Evidence Request Tool User Guide
▪ WECC will provide copies in the Notice of Audit package for your
next audit
Completing All Detail Tabs
▪ Do I need to complete every worksheet of the ERT workbook?
• Yes. This ensures accurate sampling populations are identified and
provides necessary information used for inherent risk assessment and
Compliance Oversight Planning.
27
Filling Out the Detail Tabs
▪ What information should I put in the columns?
• The User Guide explains what information is requested for each column of
each Detail tab.
• If User Guide is not helpful, contact your Audit Team Lead or [email protected].
28
Keys to Success: Detail Tabs
▪ See the User Guide for specifics on what information each Detail tab is requesting.
▪ Don’t overwrite drop-down options with copy-and-paste. Specific responses are needed in several Sample Set IDs for accurate filtering.
▪ Check data entered on tabs for errors.
29
Personnel Tab
▪ In the Personnel tab, how should I
input multiple dates?
• Include all dates the person had
access authorized in a single cell. To
do this, use Alt+Enter to break lines
of text.
30
Keys to Success: Personnel Tab
▪ Using several rows to list dates for one person’s access
authorizations may complicate sampling if CIP-004-6 is in scope of
the audit.
▪ Before submitting the ERT workbook, coordinate with your Audit
Team Lead to discuss options for providing Personnel data that
best suit your needs and the audit team.
31
RSAWs & Level 1 Evidence
▪ How should I package the evidence to include our Level 1 responses with
our RSAW evidence?
• You have flexibility in how you package your initial evidence submittal.
• Documents referenced in the RSAW can be grouped into corresponding
ERT Level 1 folder.
32
Keys to Success: Initial Evidence Submittal
▪ Ensure file names match RSAW narratives.
▪ Remember to use the RSAW “Registered Entity Narrative” to tell
your story:
• Documented process(es) for the requirement;
• Highlight changes during the audit period (implemented a new tool); and
• Detail use of internal controls.
33
Level 2 Responses
▪ How should I put together evidence for Level 2 responses?
• Evidence is best organized by Request ID and could be further grouped by index number.
• Entity Response Narrative can be included in the Level 2 worksheet or provided in
separate files with each Request ID.
34
Keys to Success: Level 2 Responses
▪ Highlight and point to specific areas in evidence demonstrating
implementation.
▪ Use Entity Response Narrative to introduce audit team to evidence
and tell your story.
▪ Ensure evidence supports the requirement’s objective.
35
Stay Tuned: CIP ERT 6.0
▪ ERO Enterprise is working on updates for ERT 6.0.
• Goal to share draft ERT 6.0 with RSTC’s SWG in late 2021 or early 2022.
• ERT 6.0 released in Q1 2022.
▪ Align and Secure Evidence Locker integrations for ERT are
ongoing discussions within ERO Enterprise.
36
Closing Thoughts
▪ Integrate ERT worksheets into routine evidence processes.
▪ Develop an approach for ERT responses regardless of upcoming
audit engagement.
▪ Monitor SWG (subcommittee of RSTC) for reviews of upcoming
ERT versions.
• Version 6 suggestions.
• Changes relating to Align and Secure Evidence Lockers (TBD).
37
Contact:
38
Domenic Darling
Compliance Auditor, Cyber Security
Holly Peterson, CISA, CRISC, CISSP
Senior Compliance Auditor, Cyber Security
Items to be Covered
▪ WECC
• BAL-002-WECC-3 Retirement of Requirement R2
• BAL-002-WECC-3 Retirement of entire Standard
• TPL-001-WECC-CRT Revisions
▪ NERC
• Modifications to CIP Standards
• Cold Weather Project Webinar
• New Projects
40
BAL-002-WECC-3 R2
▪ Retirement of Requirement R2
• 50% of Contingency Reserve must be spinning
▪ Became effective June 28, 2021
41
BAL-002-WECC-3 Retirement
▪ This project proposes the retirement of the entire standard
▪ Drafting of the justification for retirement was underway
▪ The drafting team requested that the project effort be put on hold
• Currently in abeyance with no firm resume date
42
TPL-001-WECC-CRT-3.2
▪ Five-year review of the criterion
• General review of entire document
• Review of referenced WECC documents
• Will most likely post for a 30-day industry review this week
43
Other WECC Projects
https://www.wecc.org/Standards/Pages/Standards-Under-
Development.aspx
44
Modifications to CIP Standards
▪ Project addresses 11 CIP Standards
▪ Protection for transient devices at Low Impact BES Cyber Systems
▪ Implement controls to protect communication links
▪ Ballot was held March 12–22, 2021
• All 11 standards failed the ballot
▪ Drafting team reviewed comments included with the “no” votes
• Revisions posted for a 45-day industry comment on June 30, 2021
• Comment period has been extended through September 1, 2021
45
Cold Weather
▪ Impacts to three standards
• EOP-011-2 Emergency Preparedness
• IRO-010-4 Reliability Coordinator Data Specification and Collection
• TOP-003-5 Operational Reliability Data
▪ First ballot failed
▪ Second ballot approved
▪ Webinar on September 2, 2021
46
New NERC Projects
▪ Six new projects have been initiated so far in 2021
▪ In early development
▪ Some still forming drafting teams
• Project 2021-06 Modifications to IRO-010 and TOP-003 had to extend the
nomination period
47
Other NERC Projects
https://www.nerc.com/pa/Stand/Pages/Standards-Under-
Development.aspx
48