Transcription
CIP-002-5.1a — Cyber Security — BES Cyber System CategorizationA. Introduction1.Title:Cyber Security — BES Cyber System Categorization2.Number:CIP-002-5.1a3.Purpose: To identify and categorize BES Cyber Systems and their associated BESCyber Assets for the application of cyber security requirements commensurate withthe adverse impact that loss, compromise, or misuse of those BES Cyber Systemscould have on the reliable operation of the BES. Identification and categorization ofBES Cyber Systems support appropriate protection against compromises that couldlead to misoperation or instability in the BES.4.Applicability:4.1.Functional Entities: For the purpose of the requirements contained herein, thefollowing list of functional entities will be collectively referred to as “ResponsibleEntities.” For requirements in this standard where a specific functional entity orsubset of functional entities are the applicable entity or entities, the functional entityor entities are specified explicitly.4.1.1. Balancing Authority4.1.2. Distribution Provider that owns one or more of the following Facilities, systems,and equipment for the protection or restoration of the BES:4.1.2.1. Each underfrequency load shedding (UFLS) or undervoltage load shedding(UVLS) system that:4.1.2.1.1. is part of a Load shedding program that is subject to one or morerequirements in a NERC or Regional Reliability Standard; and4.1.2.1.2. performs automatic Load shedding under a common control systemowned by the Responsible Entity, without human operator initiation,of 300 MW or more.4.1.2.2. Each Special Protection System or Remedial Action Scheme where theSpecial Protection System or Remedial Action Scheme is subject to one ormore requirements in a NERC or Regional Reliability Standard.4.1.2.3. Each Protection System (excluding UFLS and UVLS) that applies toTransmission where the Protection System is subject to one or morerequirements in a NERC or Regional Reliability Standard.4.1.2.4. Each Cranking Path and group of Elements meeting the initial switchingrequirements from a Blackstart Resource up to and including the firstinterconnection point of the starting station service of the next generationunit(s) to be started.4.1.3. Generator Operator4.1.4. Generator OwnerPage 1 of 37
CIP-002-5.1a — Cyber Security — BES Cyber System Categorization4.1.5. Interchange Coordinator or Interchange Authority4.1.6. Reliability Coordinator4.1.7. Transmission Operator4.1.8. Transmission Owner4.2.Facilities: For the purpose of the requirements contained herein, the followingFacilities, systems, and equipment owned by each Responsible Entity in 4.1 aboveare those to which these requirements are applicable. For requirements in thisstandard where a specific type of Facilities, system, or equipment or subset ofFacilities, systems, and equipment are applicable, these are specified explicitly.4.2.1. Distribution Provider: One or more of the following Facilities, systems andequipment owned by the Distribution Provider for the protection or restorationof the BES:4.2.1.1. Each UFLS or UVLS System that:4.2.1.1.1. is part of a Load shedding program that is subject to one or morerequirements in a NERC or Regional Reliability Standard; and4.2.1.1.2. performs automatic Load shedding under a common control systemowned by the Responsible Entity, without human operator initiation,of 300 MW or more.4.2.1.2. Each Special Protection System or Remedial Action Scheme where theSpecial Protection System or Remedial Action Scheme is subject to one ormore requirements in a NERC or Regional Reliability Standard.4.2.1.3. Each Protection System (excluding UFLS and UVLS) that applies toTransmission where the Protection System is subject to one or morerequirements in a NERC or Regional Reliability Standard.4.2.1.4. Each Cranking Path and group of Elements meeting the initial switchingrequirements from a Blackstart Resource up to and including the firstinterconnection point of the starting station service of the next generationunit(s) to be started.4.2.2. Responsible Entities listed in 4.1 other than Distribution Providers:All BES Facilities.4.2.3. Exemptions: The following are exempt from Standard CIP-002-5.1a:4.2.3.1. Cyber Assets at Facilities regulated by the Canadian Nuclear SafetyCommission.4.2.3.2. Cyber Assets associated with communication networks and datacommunication links between discrete Electronic Security Perimeters.Page 2 of 37
CIP-002-5.1a — Cyber Security — BES Cyber System Categorization4.2.3.3. The systems, structures, and components that are regulated by the NuclearRegulatory Commission under a cyber security plan pursuant to 10 C.F.R.Section 73.54.4.2.3.4. For Distribution Providers, the systems and equipment that are not includedin section 4.2.1 above.5.6.Effective Dates:1.24 Months Minimum – CIP-002-5.1a shall become effective on the later of July1, 2015, or the first calendar day of the ninth calendar quarter after the effectivedate of the order providing applicable regulatory approval.2.In those jurisdictions where no regulatory approval is required CIP-002-5.1a shallbecome effective on the first day of the ninth calendar quarter following Boardof Trustees’ approval, or as otherwise made effective pursuant to the lawsapplicable to such ERO governmental authorities.Background:This standard provides “bright-line” criteria for applicable Responsible Entities tocategorize their BES Cyber Systems based on the impact of their associated Facilities,systems, and equipment, which, if destroyed, degraded, misused, or otherwiserendered unavailable, would affect the reliable operation of the Bulk Electric System.Several concepts provide the basis for the approach to the standard.Throughout the standards, unless otherwise stated, bulleted items in therequirements are items that are linked with an “or,” and numbered items are itemsthat are linked with an “and.”Many references in the Applicability section and the criteria in Attachment 1 of CIP002 use a threshold of 300 MW for UFLS and UVLS. This particular threshold of 300MW for UVLS and UFLS was provided in Version 1 of the CIP Cyber SecurityStandards. The threshold remains at 300 MW since it is specifically addressing UVLSand UFLS, which are last ditch efforts to save the Bulk Electric System. A review ofUFLS tolerances defined within regional reliability standards for UFLS programrequirements to date indicates that the historical value of 300 MW represents anadequate and reasonable threshold value for allowable UFLS operational tolerances.BES Cyber SystemsOne of the fundamental differences between Versions 4 and 5 of the CIP CyberSecurity Standards is the shift from identifying Critical Cyber Assets to identifying BESCyber Systems. This change results from the drafting team’s review of the NIST RiskManagement Framework and the use of an analogous term “information system” asthe target for categorizing and applying security controls.Page 3 of 37
CIP-002-5.1a — Cyber Security — BES Cyber System CategorizationVersion 4 Cyber AssetsVersion 5 Cyber AssetsBES Cyber SystemCCACCACCACCAAssociatedProtected CyberAssetsNon-CriticalNon-Critical CyberCyber AssetAssetWithinWithin anan ESPESPAssociatedElectronic andPhysical AccessControl andMonitoringSystemsCIP-005-4 R1.5 andCIP-006-4 R2In transitioning from Version 4 to Version 5, a BES Cyber System can be viewed simplyas a grouping of Critical Cyber Assets (as that term is used in Version 4). The CIP CyberSecurity Standards use the “BES Cyber System” term primarily to provide a higher levelfor referencing the object of a requirement. For example, it becomes possible toapply requirements dealing with recovery and malware protection to a groupingrather than individual Cyber Assets, and it becomes clearer in the requirement thatmalware protection applies to the system as a whole and may not be necessary forevery individual device to comply.Another reason for using the term “BES Cyber System” is to provide a convenient levelat which a Responsible Entity can organize their documented implementation of therequirements and compliance evidence. Responsible Entities can use the welldeveloped concept of a security plan for each BES Cyber System to document theprograms, processes, and plans in place to comply with security requirements.It is left up to the Responsible Entity to determine the level of granularity at which toidentify a BES Cyber System within the qualifications in the definition of BES CyberSystem. For example, the Responsible Entity might choose to view an entire plantcontrol system as a single BES Cyber System, or it might choose to view certaincomponents of the plant control system as distinct BES Cyber Systems. TheResponsible Entity should take into consideration the operational environment andPage 4 of 37
CIP-002-5.1a — Cyber Security — BES Cyber System Categorizationscope of management when defining the BES Cyber System boundary in order tomaximize efficiency in secure operations. Defining the boundary too tightly may resultin redundant paperwork and authorizations, while defining the boundary too broadlycould make the secure operation of the BES Cyber System difficult to monitor andassess.Reliable Operation of the BESThe scope of the CIP Cyber Security Standards is restricted to BES Cyber Systems thatwould impact the reliable operation of the BES. In order to identify BES CyberSystems, Responsible Entities determine whether the BES Cyber Systems perform orsupport any BES reliability function according to those reliability tasks identified fortheir reliability function and the corresponding functional entity’s responsibilities asdefined in its relationships with other functional entities in the NERC FunctionalModel. This ensures that the initial scope for consideration includes only those BESCyber Systems and their associated BES Cyber Assets that perform or support thereliable operation of the BES. The definition of BES Cyber Asset provides the basis forthis scoping.Real-time OperationsOne characteristic of the BES Cyber Asset is a real-time scoping characteristic. Thetime horizon that is significant for BES Cyber Systems and BES Cyber Assets subject tothe application of these Version 5 CIP Cyber Security Standards is defined as thatwhich is material to real-time operations for the reliable operation of the BES. Toprovide a better defined time horizon than “Real-time,” BES Cyber Assets are thoseCyber Assets that, if rendered unavailable, degraded, or misused, would adverselyimpact the reliable operation of the BES within 15 minutes of the activation orexercise of the compromise. This time window must not include in its considerationthe activation of redundant BES Cyber Assets or BES Cyber Systems: from the cybersecurity standpoint, redundancy does not mitigate cyber security vulnerabilities.Categorization CriteriaThe criteria defined in Attachment 1 are used to categorize BES Cyber Systems intoimpact categories. Requirement 1 only requires the discrete identification of BESCyber Systems for those in the high impact and medium impact categories. All BESCyber Systems for Facilities not included in Attachment 1 – Impact Rating Criteria,Criteria 1.1 to 1.4 and Criteria 2.1 to 2.11 default to be low impact.This general process of categorization of BES Cyber Systems based on impact on thereliable operation of the BES is consistent with risk management approaches for thepurpose of application of cyber security requirements in the remainder of the Version5 CIP Cyber Security Standards.Electronic Access Control or Monitoring Systems, Physical Access Control Systems,and Protected Cyber Assets that are associated with BES Cyber SystemsPage 5 of 37
CIP-002-5.1a — Cyber Security — BES Cyber System CategorizationBES Cyber Systems have associated Cyber Assets, which, if compromised, pose athreat to the BES Cyber System by virtue of: (a) their location within the ElectronicSecurity Perimeter (Protected Cyber Assets), or (b) the security control function theyperform (Electronic Access Control or Monitoring Systems and Physical Access ControlSystems). These Cyber Assets include:Electronic Access Control or Monitoring Systems (“EACMS”) – Examples include:Electronic Access Points, Intermediate Systems, authentication servers (e.g.,RADIUS servers, Active Directory servers, Certificate Authorities), security eventmonitoring systems, and intrusion detection systems.Physical Access Control Systems (“PACS”)– Examples include: authenticationservers, card systems, and badge control systems.Protected Cyber Assets (“PCA”) – Examples may include, to the extent they arewithin the ESP: file servers, ftp servers, time servers, LAN switches, networkedprinters, digital fault recorders, and emission monitoring systems.B. Requirements and MeasuresR1.Each Responsible Entity shall implement a process that considers each of thefollowing assets for purposes of parts 1.1 through 1.3: [Violation Risk Factor:High][Time Horizon: Operations Planning]i.Control Centers and backup Control Centers;ii.Transmission stations and substations;iii.Generation resources;iv.Systems and facilities critical to system restoration, including BlackstartResources and Cranking Paths and initial switching requirements;v.Special Protection Systems that support the reliable operation of the BulkElectric System; andvi.For Distribution Providers, Protection Systems specified in Applicabilitysection 4.2.1 above.1.1.1.2.1.3.Identify each of the high impact BES Cyber Systems according toAttachment 1, Section 1, if any, at each asset;Identify each of the medium impact BES Cyber Systems according toAttachment 1, Section 2, if any, at each asset; andIdentify each asset that contains a low impact BES Cyber Systemaccording to Attachment 1, Section 3, if any (a discrete list of low impactBES Cyber Systems is not required).M1. Acceptable evidence includes, but is not limited to, dated electronic or physical listsrequired by Requirement R1, and Parts 1.1 and 1.2.Page 6 of 37
CIP-002-5.1a — Cyber Security — BES Cyber System CategorizationR2.The Responsible Entity shall: [Violation Risk Factor: Lower] [Time Horizon: OperationsPlanning]2.1Review the identifications in Requirement R1 and its parts (and updatethem if there are changes identified) at least once every 15 calendarmonths, even if it has no identified items in Requirement R1, and2.2Have its CIP Senior Manager or delegate approve the identificationsrequired by Requirement R1 at least once every 15 calendar months,even if it has no identified items in Requirement R1.M2. Acceptable evidence includes, but is not limited to, electronic or physical datedrecords to demonstrate that the Responsible Entity has reviewed and updated, wherenecessary, the identifications required in Requirement R1 and its parts, and has had itsCIP Senior Manager or delegate approve the identifications required in RequirementR1 and its parts at least once every 15 calendar months, even if it has none identifiedin Requirement R1 and its parts, as required by Requirement R2.C. Compliance1. Compliance Monitoring Process:1.1. Compliance Enforcement Authority:The Regional Entity shall serve as the Compliance Enforcement Authority (“CEA”)unless the applicable entity is owned, operated, or controlled by the RegionalEntity. In such cases the ERO or a Regional Entity approved by FERC or otherapplicable governmental authority shall serve as the CEA.1.2. Evidence Retention:The following evidence retention periods identify the period of time an entity isrequired to retain specific evidence to demonstrate compliance. For instanceswhere the evidence retention period specified below is shorter than the timesince the last audit, the CEA may ask an entity to provide other evidence to showthat it was compliant for the full time period since the last audit.The Responsible Entity shall keep data or evidence to show compliance asidentified below unless directed by its CEA to retain specific evidence for alonger period of time as part of an investigation: Each Responsible Entity shall retain evidence of each requirement in thisstandard for three calendar years. If a Responsible Entity is found non-compliant, it shall keep informationrelated to the non-compliance until mitigation is complete and approved orfor the time specified above, whichever is longer.Page 7 of 37
CIP-002-5.1a — Cyber Security — BES Cyber System Categorization The CEA shall keep the last audit records and all requested and submittedsubsequent audit records.1.3. Compliance Monitoring and Assessment Processes: Compliance Audit Self-Certification Spot Checking Compliance Investigation Self-Reporting Complaint1.4. Additional Compliance Information NonePage 8 of 37
CIP-002-5.1a — Cyber Security — BES Cyber System Categorization2. Table of Compliance olation Severity Levels (CIP-002-5.1a)Lower VSLModerate VSLHigh VSLSevere VSLFor ResponsibleEntities with morethan a total of 40 BESassets in RequirementR1, five percent orfewer BES assets havenot been consideredaccording toRequirement R1;For ResponsibleEntities with morethan a total of 40 BESassets in RequirementR1, more than fivepercent but less thanor equal to 10 percentof BES assets have notbeen considered,according toRequirement R1;For ResponsibleEntities with morethan a total of 40 BESassets in RequirementR1, more than 10percent but less thanor equal to 15 percentof BES assets have notbeen considered,according toRequirement R1;For ResponsibleEntities with morethan a total of 40 BESassets in RequirementR1, more than 15percent of BES assetshave not beenconsidered, accordingto Requirement R1;ORORORFor ResponsibleEntities with a total of40 or fewer BES assets,2 or fewer BES assetsin Requirement R1,have not beenconsidered accordingto Requirement R1;ORFor ResponsibleEntities with morethan a total of 100high and mediumimpact BES CyberORFor ResponsibleEntities with a total ofFor ResponsibleFor Responsible40 or fewer BES assets,Entities with a total of Entities with a total of more than six BES40 or fewer BES assets, 40 or fewer BES assets, assets in Requirementmore than two, butmore than four, butR1, have not beenfewer than or equal to fewer than or equal to considered accordingfour BES assets insix BES assets into Requirement R1;Requirement R1, have Requirement R1, have ORnot been considerednot been consideredFor Responsibleaccording toaccording toEntities with moreRequirement R1;Requirement R1;than a total of 100ORORhigh and mediumimpact BES CyberPage 9 of 37
CIP-002-5.1a — Cyber Security — BES Cyber System CategorizationR#TimeHorizonVRFViolation Severity Levels (CIP-002-5.1a)Lower VSLModerate VSLHigh VSLSevere VSLSystems, five percentor fewer of identifiedBES Cyber Systemshave not beencategorized or havebeen incorrectlycategorized at a lowercategory;For ResponsibleEntities with morethan a total of 100high and mediumimpact BES CyberSystems, more thanfive percent but lessthan or equal to 10percent of identifiedBES Cyber Systemshave not beencategorized or havebeen incorrectlycategorized at a lowercategory;For ResponsibleEntities with morethan a total of 100high or mediumimpact BES CyberSystems, more than 10percent but less thanor equal to 15 percentof identified BES CyberSystems have not beencategorized or havebeen incorrectlycategorized at a lowercategory;Systems, more than 15percent of identifiedBES Cyber Systemshave not beencategorized or havebeen incorrectlycategorized at a lowercategory;ORFor ResponsibleEntities with a total of100 or fewer high andmedium impact BESCyber Systems, five orfewer identified BESCyber Systems havenot been categorizedor have beenincorrectly categorizedat a lower category.ORFor ResponsibleEntities with morethan a total of 100high and mediumimpact BES CyberORORFor ResponsibleFor ResponsibleEntities with a total ofEntities with a total of 100 or fewer high or100 or fewer high and medium impact andmedium impact andBES Cyber Assets,BES Cyber Systems,more than 10 but lessmore than five but less than or equal to 15than or equal to 10identified BES Cyberidentified BES CyberAssets have not beenSystems have not been categorized or havecategorized or havebeen incorrectlybeen incorrectlyPage 10 of 37ORFor ResponsibleEntities with a total of100 or fewer high andmedium impact BESCyber Systems, morethan 15 identified BESCyber Systems havenot been categorizedor have beenincorrectly categorizedat a lower category.ORFor ResponsibleEntities with morethan a total of 100high and mediumimpact BES Cyber
CIP-002-5.1a — Cyber Security — BES Cyber System CategorizationR#TimeHorizonVRFViolation Severity Levels (CIP-002-5.1a)Lower VSLModerate VSLHigh VSLSevere VSLSystems, five percentor fewer high ormedium BES CyberSystems have not beenidentified;categorized at a lowercategory.categorized at a lowercategory.ORORFor ResponsibleEntities with morethan a total of 100high and mediumimpact BES CyberSystems, more thanfive percent but lessthan or equal to 10percent high ormedium BES CyberSystems have not beenidentified;For ResponsibleEntities with morethan a total of 100high and mediumimpact BES CyberSystems, more than 10percent but less thanor equal to 15 percenthigh or medium BESCyber Systems havenot been identified;Systems, more than 15percent of high ormedium impact BESCyber Systems havenot been identified;ORFor ResponsibleEntities with a total of100 or fewer high andmedium impact BESCyber Systems, five orfewer high or mediumBES Cyber Systemshave not beenidentified.ORORFor ResponsibleFor ResponsibleEntities with a total ofEntities with a total of 100 or fewer high and100 or fewer high and medium impact BESmedium impact BESCyber Systems, moreCyber Systems, morethan 10 but less thanthan five but less than or equal to 15 high oror equal to 10 high or medium BES Cybermedium BES CyberSystems have not beenSystems have not been identified.identified.Page 11 of 37ORFor ResponsibleEntities with a total of100 or fewer high andmedium impact BESCyber Systems, morethan 15 high ormedium impact BESCyber Systems havenot been identified.
CIP-002-5.1a — Cyber Security — BES Cyber System LowerViolation Severity Levels (CIP-002-5.1a)Lower VSLModerate VSLHigh VSLSevere VSLThe Responsible Entitydid not complete itsreview and update forthe identificationrequired for R1 within15 calendar monthsbut less than or equalto 16 calendar monthsof the previous review.(R2.1)The Responsible Entitydid not complete itsreview and update forthe identificationrequired for R1 within16 calendar monthsbut less than or equalto 17 calendar monthsof the previous review.(R2.1)The Responsible Entitydid not complete itsreview and update forthe identificationrequired for R1 within17 calendar monthsbut less than or equalto 18 calendar monthsof the previous review.(R2.1)The Responsible Entitydid not complete itsreview and update forthe identificationrequired for R1 within18 calendar months ofthe previous review.(R2.1)ORORORORThe Responsible Entityfailed to complete itsThe Responsible Entity The Responsible Entity The Responsible Entity approval of thedid not complete itsfailed to complete itsfailed to complete itsidentificationsapproval of theapproval of theapproval of therequired by R1 by P Senior Manager orrequired by R1 by therequired by R1 by therequired by R1 by thedelegate according toCIP Senior Manager or CIP Senior Manager or CIP Senior Manager or Requirement R2 withindelegate according todelegate according todelegate according to18 calendar months ofRequirement R2 within Requirement R2 within Requirement R2 within the previous approval.15 calendar months16 calendar months17 calendar months(R2.2)but less than or equalbut less than or equalbut less than or equalto 16 calendar months to 17 calendar months to 18 calendar monthsof the previousof the previousof the previousapproval. (R2.2)approval. (R2.2)approval. (R2.2)Page 12 of 37
CIP-002-5.1a — Cyber Security — BES Cyber System CategorizationD. Regional VariancesNone.E. InterpretationsNone.F. Associated DocumentsNone.Page 13 of 37
CIP-002-5.1a — Cyber Security — BES Cyber System CategorizationCIP-002-5.1a - Attachment 1Impact Rating CriteriaThe criteria defined in Attachment 1 do not constitute stand-alone compliance requirements,but are criteria characterizing the level of impact and are referenced by requirements.1. High Impact Rating (H)Each BES Cyber System used by and located at any of the following:1.1. Each Control Center or backup Control Center used to perform the functionalobligations of the Reliability Coordinator.1.2. Each Control Center or backup Control Center used to perform the functionalobligations of the Balancing Authority: 1) for generation equal to or greater than anaggregate of 3000 MW in a single Interconnection, or 2) for one or more of the assetsthat meet criterion 2.3, 2.6, or 2.9.1.3. Each Control Center or backup Control Center used to perform the functionalobligations of the Transmission Operator for one or more of the assets that meetcriterion 2.2, 2.4, 2.5, 2.7, 2.8, 2.9, or 2.10.1.4 Each Control Center or backup Control Center used to perform the functionalobligations of the Generator Operator for one or more of the assets that meetcriterion 2.1, 2.3, 2.6, or 2.9.2. Medium Impact Rating (M)Each BES Cyber System, not included in Section 1 above, associated with any of the following:2.1. Commissioned generation, by each group of generating units at a single plant location,with an aggregate highest rated net Real Power capability of the preceding 12calendar months equal to or exceeding 1500 MW in a single Interconnection. For eachgroup of generating units, the only BES Cyber Systems that meet this criterion arethose shared BES Cyber Systems that could, within 15 minutes, adversely impact thereliable operation of any combination of units that in aggregate equal or exceed 1500MW in a single Interconnection.2.2. Each BES reactive resource or group of resources at a single location (excludinggeneration Facilities) with an aggregate maximum Reactive Power nameplate rating of1000 MVAR or greater (excluding those at generation Facilities). The only BES CyberSystems that meet this criterion are those shared BES Cyber Systems that could,within 15 minutes, adversely impact the reliable operation of any combination ofresources that in aggregate equal or exceed 1000 MVAR.Page 14 of 37
CIP-002-5.1a — Cyber Security — BES Cyber System Categorization2.3. Each generation Facility that its Planning Coordinator or Transmission Plannerdesignates, and informs the Generator Owner or Generator Operator, as necessary toavoid an Adverse Reliability Impact in the planning horizon of more than one year.2.4. Transmission Facilities operated at 500 kV or higher. For the purpose of this criterion,the collector bus for a generation plant is not considered a Transmission Facility, but ispart of the generation interconnection Facility.2.5. Transmission Facilities that are operating between 200 kV and 499 kV at a singlestation or substation, where the station or substation is connected at 200 kV or highervoltages to three or more other Transmission stations or substations and has an"aggregate weighted value" exceeding 3000 according to the table below. The"aggregate weighted value" for a single station or substation is determined bysumming the "weight value per line" shown in the table below for each incoming andeach outgoing BES Transmission Line that is connected to another Transmissionstation or substation. For the purpose of this criterion, the collector bus for ageneration plant is not considered a Transmission Facility, but is part of the generationinterconnection Facility.Voltage Value of a LineWeight Value per Lineless than 200 kV (not applicable)(not applicable)200 kV to 299 kV700300 kV to 499 kV1300500 kV and above02.6. Generation at a single plant location or Transmission Facilities at a single station orsubstation location that are identified by its Reliability Coordinator, PlanningCoordinator, or Transmission Planner as critical to the derivation of InterconnectionReliability Operating Limits (IROLs) and their associated contingencies.2.7. Transmission Facilities identified as essential to meeting Nuclear Plant InterfaceRequirements.2.8. Transmission Facilities, including generation interconnection Facilities, providing thegeneration interconnection required to connect generator output to the TransmissionSystems that, if destroyed, degraded, misused, or otherwise rendered unavailable,would result in the loss of the generation Facilities identified by any Generator Owneras a result of its application of Attachment 1, criterion 2.1 or 2.3.2.9. Each Special Protection System (SPS), Remedial Action Scheme (RAS), or automatedswitching System that operates BES Elements, that, if destroyed, degraded, misused orotherwise rendered unavailable, would cause one or more Interconnection ReliabilityOperating Limits (IROLs) violations for failure to operate as designed or cause areduction in one or more IROLs if destroyed, degraded, misused, or otherwiserendered unavailable.Page 15 of 37
CIP-002-5.1a — Cyber Security — BES Cyber System Categorization2.10. Each system or group of Elements that performs automatic Load shedding under acommon control system, without human operator initiation, of 300 MW or moreimplementing undervoltage load shedding (UVLS) or underfrequency load shedding(UFLS) under a load shedding program that is subject to one or more requirements ina NERC or regional reliability standard.2.11. Each Control Center or backup Control Center, not already included in High ImpactRating (H) above, used to perform the functional obligations of the GeneratorOperator for an aggregate highest rated net Real Power capability of the preceding 12calendar months equal to or exceeding 1500 MW in a single Interconnection.2.12. Each Control Center or
Version 4 Cyber Asset s Version 5 Cyber Asset s CIP-005-4 R1.5 and CIP-006-4 R2 In transitioning from Version 4 to Version 5, a BES Cyber System can be viewed simply as a grouping of Critical Cyber Assets (as that term is used in Version 4). The CIP Cyber Security Standards u
