![Executive Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©Copyright 2008-2009 Abidance Consulting All Rights Reserved.](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (8)
Ähnlich wie Abidance Cip Presentation
Ähnlich wie Abidance Cip Presentation (20)
Abidance Cip Presentation
- 1. Abidance Consulting Compliance Presentation NERC Compliance Program (CIP Compliance)
- 3. ©Copyright 2008 -2009 Abidance Consulting All Rights Reserved. CIP Program - Framework Prioritize Protective Effectiveness Metrics State Federal Local Program Management Office Feedback for continuous improvement Design Monitoring Audit Assessment FERC Order NERC CIP Compliance Integrated Security Business Continuity Planning Abidance Consulting – NERC CIP Program
- 10. ©Copyright 2008 Abidance Consulting All Rights Reserved. Begin Work (BW), Substantially Compliant (SC), Compliant (C), and Auditably Compliant (AC) NERC Implementation Timeline - CIP Requirement Dec 31, 2007 Dec 31, 2008 Dec 31, 2009 Dec 31, 2010 CIP-002-1 Critical Cyber Assets BW SC C AC CIP-003-1 Security Management Controls BW SC C AC CIP-004-1 Personnel & Training BW SC C AC CIP-005-1 Electronic Security BW SC C AC CIP-006-1 Physical Security BW SC C AC CIP-007-1 Systems Security Management BW SC C AC CIP-008-1 Incident Reporting and Response Planning BW SC C AC CIP-009-1 Recovery Plans BW SC C AC
Hinweis der Redaktion
- Critical (Physical) Assets: Electric generation, transmission and local distribution facilities; Natural gas wells, collection systems, gas processing plants, inter- and intra-state pipelines and storage; and Petroleum production, refining, inter- and intra-state pipelines plus over-the-road delivery systems and storage. Threat environment: Deliberate attacks caused by people (e.g. terrorists, criminals, hackers, delinquents, employees). 2. Natural attacks caused by nature (e.g., hurricanes, tornadoes, floods, wildfires, earthquake). 3. Accidental attacks caused by technological failure (e.g., pipeline rupture, chemical spills, nuclear, or biological contamination). Systemic threats caused by physical inability of energy delivery system to meet demand. 3. Policies and Procedures: Refining policies, understanding and practicing procedures are all traditional components of comprehensive energy preparedness planning. All viable energy emergency plans should be updated regularly to assure that contemporary policies are included and that all responders are acquainted with how response and mitigation systems are designed to work. 4. Physical security: Government has existing natural gas pipeline safety rules. Continuing to work with the industry to assure that these rules are followed increases energy assurance. Government has extensive rules pertaining to the reliable delivery of electricity. Energy emergency planning can include general descriptions of existing physical security measures as well as illustrative descriptions of the steps energy companies take to restore power or supply. This information will help planners respond to a disruption efficiently and assist officials with their explanation to the public. The infrastructure of the unregulated petroleum market is often understood in general terms only. However, the more a state knows about the location of pipelines, storage, loading terminals, preferred highway delivery routes and the nature and location of retail outlets, the more it can do to assist in a shortage. Knowledge of regional refining facilities and competing finished product markets are other pieces of the physical structure with potential security issues affecting vulnerability. 5. Operations Security: State program developers are unlikely to need extensive knowledge of energy company operations security. It is good to know that this security is in place and that energy companies train personnel in its implementation. The role of government regarding operational security might best be to ask questions and insist on site specific security measures. Public Utility Commissions (PUC) may include operational security requirements in a Certificate of Convenience and Necessity, or other rules, for energy entities regulated by the state. Industry can assist state emergency responders by explaining their operations security process and practice. This will help public officials to plan and respond accordingly during a shortage. States may wish to have their own information technology specialists work with the energy industry and the Federal Government to improve such systems, thus increasing energy assurance. 7. Consequence analysis means understanding downstream effects of an energy disruption. Some consequences are impacts on related energy systems; others are societal impacts such as people displaced from their homes, costs to state and local government and loss of business income. 8. Up-to-date energy emergency plans often contain a vulnerability analysis associating state energy infrastructure with demographics. Risk is also associated with operating any type of energy power or delivery system and better understanding of this will allow planners to pre-determine the magnitude of possible damage for any given geographical area of impact. Most states already prioritize energy user risk through utility outage and restoration rules or through a critical user list contained in a state petroleum set-aside. It is suggested that planners re-examine existing priorities and make them current. 9. Since a major purpose of such a plan is to organize these items in a meaningful way for efficient response, it may be prudent to keep some response information general rather than specific. It may be better to keep secure information stored outside of the plan for use by authorized individuals only. 10. Some potential positive effects of efficiency and alternatives are: Providing time for responders to repair or backup energy. Protecting critical systems that no longer have primary energy. Reducing the impact of consequential system effects.