NERC - CIPC - Compliant Settings Workflow Management for ... · Setting Calculation (CAPE, Manual, etc…) Used Relay Settings Formats (Output): Excel Files, Word, Paper, Private

Maintenance Intelligence of Tomorrow

NERC - CIPC - Compliant Settings Workflow Management

for CAPE Users

Dr. Zeljko Schreiner IPS GmbH

© 2009 IPS GmbH 1

Content

IntroductionNERC - CIPC RequirementsCurrent Detected ProblemsIntegrated Process SolutionConclusions

Introduction

NERC – North American Electric Reliability CorporationRecognition of possibility of “cyber” attacks on electrical gridNERC has established Critical Infrastructure Protection Committee (CIPC) to define challenges in cyber securityImpact of NERC – CIPC Requirements on life cycle management of protection devices

Internal Cyber Security External Cyber SecurityImpact on IT SystemsImpact on Protection Setting ManagementImpact on Protection Data Management

Cyber Security

NERC CIPC Standards: 8 Standards with 41 high-level requirementsReducing risk of cyber attacks on Critical Cyber AttacksWhat are “Critical Cyber Assets” ?

Digital Protection Relays, SCADA, RTU’s, etc...

NERC CIPC STANDARDS

© 2009 IPS GmbH 5

Eight Standards / 41 High-Level RequirementsEight Standards / 41 High-Level Requirements

CRITICAL CYBER ASSETS


SECURITY MANAGEMENT

CONTROLS

SECURITY MANAGEMENT

CONTROLSPERSONNEL

AND TRAINING

PERSONNEL AND TRAINING ELECTRONIC

SECURITY

ELECTRONIC SECURITY PHYSICAL

SECURITY

PHYSICAL SECURITY

SYSTEMS SECURITY

MANAGEMENT

SYSTEMS SECURITY

MANAGEMENT

INCIDENT REPORTING &

RESPONSE PLANNING


RESPONSE PLANNING

RECOVERY PLANS FOR

CCA

RECOVERY PLANS FOR

CCA

CIP-002 CIP-003 CIP-004 CIP-005 CIP-006 CIP-007 CIP-008 CIP-009

1. PLAN2. PHYSICAL

ACCESS CONTROLS

3. MONITORING PHYSICAL ACCESS

4. LOGGING PHYSICAL ACCESS

5. ACCESS LOG RETENTION

6. MAINTE-NANCE & TESTING

1. PLAN2. PHYSICAL

ACCESS CONTROLS





1. TEST PROCEDURES

2. PORTS & SERVICES

3. SECURITY PATCH MANAGEMENT

4. MALICIOUS SOFTWARE PREVENTION

5. ACCOUNT MANAGEMENT

6. SECURITY STATUS MONITORING

7. DISPOSAL OR REDEPLOY-MENT

8. CYBER VULNERABILITY ASSESSMENT

9. DOCUMEN-TATION

1. TEST PROCEDURES

2. PORTS & SERVICES







9. DOCUMEN-TATION

1. CYBER SECURITY INCIDENT RESPONSE PLAN

2. DOCUMEN-TATION


2. DOCUMEN-TATION

1. RECOVERY PLANS

2. EXERCISES3. CHANGE

CONTROL4. BACKUP &

RESTORE5. TESTING

BACKUP MEDIA

1. RECOVERY PLANS


CONTROL4. BACKUP &

RESTORE5. TESTING

BACKUP MEDIA

1. CRITICAL ASSETS

2. CRITICAL CYBER ASSETS

3. ANNUAL REVIEW

4. ANNUAL APPROVAL

1. CRITICAL ASSETS


3. ANNUAL REVIEW

4. ANNUAL APPROVAL

1. ELECTRONIC SECURITY PERIMETER

2. ELECTRONIC ACCESS CONTROLS

3. MONITORING ELECTRONIC ACCESS

4. CYBER VULNER-ABILITY ASSESSMENT

5. DOCUMEN-TATION





5. DOCUMEN-TATION

1. AWARENESS2. TRAINING3. PERSONNEL

RISK ASSESSMENT

4. ACCESS


RISK ASSESSMENT

4. ACCESS

1. CYBER SECURITY POLICY

2. LEADERSHIP3. EXCEPTIONS4. INFORMATION

PROTECTION5. ACCESS

CONTROL6. CHANGE

CONTROL



PROTECTION5. ACCESS

CONTROL6. CHANGE

CONTROL

Eight Standards / 41 High-Level RequirementsEight Standards / 41 High-Level Requirements



SECURITY MANAGEMENT

CONTROLS

SECURITY MANAGEMENT

CONTROLSPERSONNEL

AND TRAINING

PERSONNEL AND TRAINING ELECTRONIC

SECURITY

ELECTRONIC SECURITY PHYSICAL

SECURITY

PHYSICAL SECURITY

SYSTEMS SECURITY

MANAGEMENT

SYSTEMS SECURITY

MANAGEMENT


RESPONSE PLANNING


RESPONSE PLANNING

RECOVERY PLANS FOR

CCA

RECOVERY PLANS FOR

CCA

CIP-002 CIP-003 CIP-004 CIP-005 CIP-006 CIP-007 CIP-008 CIP-009

1. PLAN2. PHYSICAL

ACCESS CONTROLS





1. PLAN2. PHYSICAL

ACCESS CONTROLS





1. TEST PROCEDURES

2. PORTS & SERVICES







9. DOCUMEN-TATION

1. TEST PROCEDURES

2. PORTS & SERVICES







9. DOCUMEN-TATION


2. DOCUMEN-TATION


2. DOCUMEN-TATION

1. RECOVERY PLANS


CONTROL4. BACKUP &

RESTORE5. TESTING

BACKUP MEDIA

1. RECOVERY PLANS


CONTROL4. BACKUP &

RESTORE5. TESTING

BACKUP MEDIA

1. CRITICAL ASSETS


3. ANNUAL REVIEW

4. ANNUAL APPROVAL

1. CRITICAL ASSETS


3. ANNUAL REVIEW

4. ANNUAL APPROVAL





5. DOCUMEN-TATION





5. DOCUMEN-TATION


RISK ASSESSMENT

4. ACCESS


RISK ASSESSMENT

4. ACCESS



PROTECTION5. ACCESS

CONTROL6. CHANGE

CONTROL



PROTECTION5. ACCESS

CONTROL6. CHANGE

CONTROL

6 NERC CIPC Standards related to protection

© 2009 IPS GmbH 6

Some NERC Requirements

Cyber SecuritySetting Process Control and traceability

Management of Triggers for setting changeSite Feedback

Password Management for Protection RelaysControlled Management of the Protection parameters and not only files for digital relaysData Consistency CheckNERC Standard Report on network faults and Protection misoperationsControlling fulfilment of the Standard on “Loadability”

Cyber Security related to protection

Protective Relays are essential assets for reliable operation of the power gridManagement and controls of the relay settings need to minimize cyber attacks (Cyber Attacks can be internal or external)Additionally control of physical access standards is required:

Company Cyber Security policyStrong password managementSetting change control managementRelay change controlPersonnel awareness and training

Current Detected Problems

Inconstent Data Management of Digital Protection RelaysSeparate independent management of relay inventory, relay settings, and relay testingInconsistent Management of Relay settings:

Only variable parameter management (“Important parameters”)Inconsistant management of relay setting filesIneffective parameter (setting) change management

Inadequate password managementWho has access?Change management

Inadequate Setting consistency check from start to the end of the processMissing parameter controlling functionality

What is necessary for NERC-CIPC setting management compatibility

Dedicated IT database System with User Rights Management Defined, documented, and IT-supported setting workflow processIntroduction of the Setting Request Identifiers (Identification)Introduction of the Variable and Fixed Setting ParametersSetting Change tracking with Tracking of the parameter value originPassword managementRelay Misoperation managementRelay Failure ManagementIntroduction of the reference setting within setting databaseConsistency check from start (setting change trigger) until site as-built setting (In service)

Basic Process for Setting Change

Trigger for Setting Change

Primary plant changesAsset ReplacementLine Re-conductoringNew ConnectionsNeighboring UtilityExternally-Mandated Line Re-conductoring ChangesTemporary System ChangesMal-operationsRelay FailureChanges to communicationsManufacturer recommendation or AlertSetting ReviewsChange of reliability requirementsSecondary systems changesOthers…

Setting Creation & Management

Setting Calculation (CAPE, Manual, etc…)Used Relay Settings Formats (Output):

Excel Files, Word, Paper, Private DBRelay Files (Manufacturer Binary Formats)CAPE Formats

Setting Data ManagementIn setting software as projectsIn a File Structure: as exported Relay File (Manufacturer Format)In Setting Management System (Database)In calculation software, e.g. CAPE, In Dedicated Setting DB (e.g. IPS-RELEX, EPIS, etc…)

Setting Comissioning

Site Setting ImplementationSite Setting Confirmation

Setting ComparisonSite Setting Testing

DobleOMICRONMeggerEtc…

Generic Protection Setting Life Cycle Workflow

© 2009 IPS GmbH 15

NERC-CIPC-Compliant Setting Process Data Model

SCN 1 – System Change NotificationGSR 1 – Global Setting Request

RSR 1 – Relay Setting RequestRSR 2...RSR n

...GSR n

SCN - System Change Notification

© 2009 IPS GmbH 17

GSR – Global Setting Request

© 2009 IPS GmbH 18

RSR – Relay Setting Request

© 2009 IPS GmbH 19

NERC CIPC compliant setting change tracking

© 2009 IPS GmbH 20

NERC-Compliant Setting Comparison (with saved results)

© 2009 IPS GmbH 21

Data Exchange IPS-CAPE Bridge™

© 2009 IPS GmbH 22

Import and Export Data from CAPE via IPS-CAPE Bridge™

Management of the mapping between CAPE Styles and IPS Relay Models

Protection Data Setting and Testing Management

Professional (Advanced) Protection Setting Management

Setting Workflow Management

Power System Fault Management including Relays Operation Analyses

Bidirectional Interface CAPE & IPS-RELEX™

IPS-CAPE Bridge™

Conclusions

Necessary Advanced IT Database Support (Process Workflow Management)Advanced Protection Data ModelsData Exchange (Advanced Interfaces) between:

calculation software (CAPE)Relay and Setting Management DatabaseTest Device Software

Mobile System with setting data comparison on siteCyber Security

Log in controlUser rights controlPassword management

© 2009 IPS GmbH 24

www.ips-energy.com

Maintenance Intelligence of Tomorrow

NERC - CIPC - Compliant Settings Workflow Management for ... · Setting Calculation (CAPE, Manual, etc…) Used Relay Settings Formats (Output): Excel Files, Word, Paper, Private

Documents