Sufficiency Review Program

Overview

The North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Department (CID) developed and implemented a Sufficiency Review Program (SRP) to examine bulk power systems (BPS) Registered Entities’ Risk-Based Assessment Methodology (RBAM). The RBAM is found within CIP Reliability Standard 002-3 (Cyber Security – Critical Cyber Asset Identification), which requires the identification and documentation of the Critical Cyber Assets associated with the Critical Assets that support the reliable operation of the Bulk Electric System. The RBAM must determine which assets if destroyed, degraded, compromised, or otherwise rendered unavailable, impact the reliability of the BPS.

The SRP examines whether a Registered Entity’s RBAM is sufficient to ensure this safe, reliable operation of the BPS.

Activities/Background

NERC developed the SRP after finding instances where Registered Entities’ methodologies are not sufficiently comprehensive to produce a complete and accurate list of Critical Assets to ensure the reliability of the BPS. These methodologies suggested that Registered Entities required greater clarity in either NERC standards or industry guidelines to provide more accurate identifications of entity Critical Assets. Thus, NERC initiated a series of Sufficiency Reviews to better understand how Registered Entities develop their RBAMs, and to determine if entities were fully considering the purpose of the CIP standards.

Sufficiency Reviews are conducted outside of the NERC compliance monitoring and audit program to encourage full and open discussion. The Sufficiency Review teams are composed of subject matter experts from NERC and the regions, who collectively provide the necessary cybersecurity, planning, and operations expertise. To objectively assess whether a Registered Entity has a methodology in place that enhances BPS security, the Sufficiency Review team reviews each entity’s methodology against criteria the team identifies.

The Sufficiency Review Procedure consists of ensuring the RBAM and associated documents are sufficient to ensure the reliability of the BPS.

Status

·  2010: CID conducted three Sufficiency Reviews that identified two major issues for improvement. The first—and more significant—issue focused on the large amounts of generation dispatched from a single location that was not a critical asset, and recommendations were made to make the common generation “dispatch centers” dispatching multiple sites as critical assets. The second issue identified was the Blackstart Cranking Path. While entities understand that the Blackstart units are critical assets, the Cranking Path, as identified in the glossary of terms to the target generation, was not considered part of critical assets. So, while the Blackstart generation was available, the path to the target generators could be compromised, leaving no ability to restart the system. Several other lessons learned are included in the following link: http://www.nerc.com/news_pr.php?npr=708

·  2011: To date, CID has scheduled eight Sufficiency Reviews, with others still being scheduled. As part of the SRP, entities may also participate in the following optional services:

–  Standards Update: Update focuses on the latest information on CIP-002-4 and other CIP Standards in progress; conducted via WebEx, NERC staff leads the update presentation, which is followed by a question and answer session.

–  Aurora Mitigation Review: The review consists of presentations NERC used for previous Aurora Mitigation webinars; the review is followed by a question and answer session.

–  Department of Homeland Security Briefs: Briefs related to the security of the BPS are held at the Unclassified/For Official Use Only level.

Impact on the Electricity Sector

NERC formed the SRP to educate industry on the intent of CIP-002-3 and effective reliability risk controls to protect the BPS. The SRP will ensure BPS Registered Entities understand and identify their Critical Assets in a standardized manner across the sector to ensure the reliability of the BPS.

Sufficiency Review Program