MRO Cyber Security

1
MRO Cyber Security

• May 31, 2007 Compliance Workshop

2
MRO CIP Working Group

• Participants
• David Batz Alliant Energy
• Marc Child GRE
• Greg Frasor Manitoba Hydro
• James Phillips WAPA
• Active in CIP Work
• Identifying Resources for the Region

3
MRO CIP Contact

• Clark Liu
• Alternate NERC CIPC
• Cyber Security
• What but not How.
• If it sounds like Im saying if you do this,
  youll be compliant. Im not even if I do say
  that. I cannot evaluate your efforts prior to an
  audit.

4
Content

• Motivation towards AW for 2010
• Key Elements
• Useful Links on the NERC Website
• David Batz
• QA with Dave and Marc Child

5
Motivation

• Penalties
• CIP002-009 AW by 2010, SC by 2008.
• NERC Implementation Plan
• Additional Work
• Mitigation Plans
• Timelines
• Driving the number of Violations to 0.

6
Key Elements

• Senior Management Support
• Defend the work
• Assures that cross departmental work is accepted.
• Identifies key individuals that can be help
  accountable.

7
Key Elements

• Understanding the Standards
• Divide the requirements by department or function
  of your organization.
• Assess your current state.
• Determine what areas need clarification.
  Understand the language used in the Standard.

8
Key Elements

• Gap Analysis
• Identify the gaps.
• Plan and coordinate efforts to be in compliance.
• AW 2010 means C in 2009.
• Policies/Procedures need to be in affect for 12
  months.

9
Useful Links

• http//www.nerc.com/filez/standards/Reliability_S
  tandards.htmlCritical_Infrastructure_Protection
  - Implantation Plan
• http//www.nerc.com/filez/standards/Cyber-Securit
  y-Permanent.html - NERC CIP FAQ

10
Alliant Energy

• Dave Batz, 
• Cyber Security Risk Manager  
• CISSP, GSEC, GSNA
• Alliant Energy Security Facility Services

11
Questions

• David Batz (CISSP, GSEC, GSNA) and Marc Child
  (CISSP)