1 20

2019 Assistance Catalog

2019 CATALOG

Assistance Program

2

Entity Assistance Request Form

2

Entity Engagement Engagement Process

4 6 8

Assistance ISME Program

Meet the Entity Assistance Team

2019 Offerings

10

Online Learning

12 15

Additional Offerings

Assistance Tips

18

SERC Assistance engagements are outside the scope of Compliance and provide an educational opportunity for registered entities to meet with SERC staff and others to discuss the Reliability Standards and possible compliance approaches in an open and non-audit environment. During the course of those discussions, representatives may provide guidance on specific approaches for implementing NERC Standards. Representatives, however, cannot guarantee compliance if those approaches are used, as compliance is necessarily dependent on the manner in which the guidance is implemented. Additionally, there may be other ways to comply with the obligations of the requirements of NERC Standards and circumstances and situations change. Lastly, to encourage an open exchange of information, representatives will not use the content from the engagement as a basis for a subsequent compliance or enforcement action(s).

PAGE 2

The SERC Entity Assistance program is a training and education program at SERC that sits outside of Compliance. Its goal is to partner with entities to reduce risk. The program promotes successful management, development, and implementation of reliability and security enhancing activities through training, education, and targeted assistance.

>

>

>

Registered entities within the SERC Region are invited to participate. Simply submit a request form. Entity Assistance Request Form

PAGE 3

TRUST

The SERC Assistance program plays an important role in helping to keep registered entities informed, educated, and enabled to maintain and enhance the reliability of the Bulk Electric System. Assistance allows SERC to interact on important issues and utilize the wealth of subject matter expertise available for the direct benefit of the entities. SERC Assistance is a targeted outreach program to directly aid registered entities where they need it the most.

Assistance is designed to maintain and promote a relationship of mutual trust with registered entities by establishing integral positions that clearly articulate and demonstrate value to program participants and the ERO Enterprise. SERC Entity Assistance was built separate from compliance with the purpose of providing guidance and coaching around security and reliability to registered entities by reducing or removing their exposure to risk. The goal is to work with our stakeholders to identify and prioritize risk so that we collaborate effectively to attack the highest priority risks first and then work our way down to lower risks as time and resources permit. We proactively work with our stakeholder to identify risks and communicate potential mitigating actions to take risk off the table. We have been working through the technical committees and outreach to provide training, work- shops, and information that promotes reliability. This effort is more targeted, focused, and tailored to the registered entity receiving the assistance on areas that we believe are high risk. We know that it will require us to build trust and show the value that we can add and are committed to promoting the SERC Company Vision of having a Secure and Reliable bulk power system.

PAGE 4

PAGE 5

The Assistance Industry Subject Matter Expert (AISME) program uses entity volunteers as supplemental assistance team members. An AISME is selected to participate in an Operations and Planning (O&P) or Critical Infrastructure and Protection (CIP) assistance based on back- ground, experience, and technical expertise. A volunteer may apply to become an AISME by completing the Entity Assistance Industry Subject Matter Expert Application. ENGAGEMENT

Tony Hall was the first AISME to participate on an Entity Engagement with SERC Staff. Here’s what he had to say.

“I was an AISME on this engagement and found it to be a two-way benefit. I was able to share my experiences with my program, learn SERC’s ideas and thoughts on the issue of discussion, as well as understand what another entity was doing on that topic. This is done at many events; however, that is normally just two entities discussing their programs. Having the third voice made this a very different event and expanded what I was able to gain.”

PAGE 6

TONY HALL, CRISC MANAGER, CIP PROGRAM LG&E AND KU ENERGY

Tony Hall is currently the Manager, Critical Infrastructure Protection (CIP) Program at LG&E and KU Energy, a diversified Energy Services Company headquartered in Louisville, Kentucky. Mr. Hall has held this position for the last two years. During this period, he has served as an Industry Subject Matter Expert (ISME) for two SERC audits, coordinated and prepared for a CIP mock audit in addition to LG&E and KU’s CIP Audit. He also led the company’s transition to CIP Version 4, as well as CIP Version 5. Mr. Hall serves as the point person for CIP-related industry comments. He coordinates company response from LG&E and KU as well as with the parent company, PPL Corporation.

Mr. Hall has worked at LG&E and KU for 23 years, spending 17 years within the IT organization serving a variety of roles from Operations to Development. His last assignment in IT was Service Delivery Manager responsible for all development activities for the Power Plants, Transmission, Trading, Legal, and Communication departments. Also, while a member of IT, Mr. Hall led and participated on several international project teams with the previous parent company, E.ON AG located in Germany. Before transitioning to Manager, CIP Program, Mr. Hall served as the Manager of IT and Operational Auditing where his responsibilities included the internal audits of both CIP and the 693 Reliability Standards. Mr. Hall is a graduate of the University of Louisville Speed School of Engineering with a Bachelor of Science in Electric Engineering and a Master of Engineering in Computer Science/Electric Engineering, and from California Southern University with a Master of Law. Mr. Hall also holds the CRISC certification from ISACA.

PAGE 7

PERFORMANCE

See their wide-range of expertise.

Bill Peterson Manager, Entity Assistance & IT

Lynn Black Sr. Program Support Assistant

Wayne Ahl Sr. Program Manager, Assistance

Mike Hagee Sr. Program Manager, Assistance

Chris Holmquest Program Manager, Entity Assistance

PAGE 8

RENÉ FREE SOUTH CAROLINA

PUBLIC SERVICE AUTHORITY

What Ren É Free had to say about the program. “The Entity Assistance visit with Santee Cooper was very beneficial. The team worked with us on setting the agenda to ensure that it met our needs. Our team consisted of Mike Hagee and Bill Peterson; and with their years of combined experience from an auditing and enforcement perspective, they were able to provide assistance with self-reporting, mitigation plans, and internal controls. They were very timely in getting back to us with any questions they were not able to answer while on-site. I recommend that

every company request an Entity Assistance site visit!”

Comments received from other registered entities following Assistance engagements.

“SERC is dedicated to helping member entities achieve reliability objectives.” “ . . . enjoyed meeting with the SERC EAP team and exploring the information and opportunities that this new program provides. As an entity interested in developing and maintaining a strong, successful NERC CIP compliance program, I feel that this program will be a useful tool in facilitating that goal.” “SERC Reliability Entity Assistance Program has proven to be an invaluable resource for team. The knowledge and expertise they provide, not only to those of us on our team with NERC-CIP knowledge, but also other personnel such as IT and Facility Management has been educational and informative. It was a pleasure speaking with the SERC Assistance Program Team!” Larry Snow, NERC-CIP Program Manager Cogentrix Energy Power Management

PAGE 9

COACHING AND GUIDANCE CUSTOMIZED FOR YOUR ENTITY

CYBER SECURITY Emerging threats and best practices are provided to assist entities with some of the hottest topics in the news and on the minds of industry and government leaders.

CIP-010-2 R1, R2, R4 Cyber Security - Configuration Change Management and Vulnerability Assessments CIP-007-6 R2, R3, R4, R5 Cyber Security - System Security Management CIP-004-6 R4, R5 Cyber Security - Personnel & Training CIP-005-5 R1 Cyber Security - Electronic Security Perimeter(s) CIP-006-6 R1, R2 Cyber Security - Physical Security of BES Cyber Systems CIP-002-5.1a R1, R2 Cyber Security - BES Cyber System Categorization CIP-009-6 R2 Cyber Security - Recovery Plans for BES Cyber Systems PRC-005-6 R3 Protection System, Automatic Reclosing, and Sudden Pressure Relaying Maintenance

PHYSICAL SECURITY SERC staff have collaborated with the Department of Homeland Security and the FBI in order to share tips on how to protect against physical intrusions and attacks on the power grid. The SERC Assistance team can develop customized training and education modules to address any specific needs that you might have. TRAINING AND EDUCATION

STANDARDS The Assistance team is

focused on the most violated standards. However, they are happy to address any of the Standards you may want to discuss.

PAGE 10

AUDIT / SPOT-CHECK PROCESS

The notification, process, scheduling, and reporting are different for a Compliance Audit and a Spot-Check. Learn more about each to help your entity be better prepared.

INCIDENT REPORTING Some incident reporting is mandated by NERC Reliability Standards. Learn the report- ing requirements for incidents and the types of incidents that need to be reported.

INCIDENT RESPONSE AND RECOVERY

It is vitally important to quickly respond to incidents and recover systems to maintain the reliability of the bulk electric system. SERC staff will review your procedures and share best practices.

MITIGATING ACTIONS AND VIOLATIONS

Learn how to submit an effective Mitigation Plan that addresses extent of condition and mitigates risk.

DATA COLLECTION RETENTION

SERC gathers information from entities to track trends and reduce reliability risks. Learn what data is collected, the frequency, how it is stored by SERC, and retention period.

INHERENT RISK ASSESSMENT / INTERNAL CONTROLS

Understand when IRAs are conducted and what informa- tion will be requested. Learn how internal controls can help your company’s reliability and compliance efforts.

Learn what safeguards can be taken to help keep yourself and your co-workers safe in the event of a workplace violence incident. WORKPLACE VIOLENCE

OTHER TOPICS If your entity would like additional information on a topic not listed, simply submit an Entity Assistance Request form.

COMPLETE THE ONLINE COURSE SUCCESSFULLY AND RECEIVE A CERTIFICATE Click picture to launch course

FERC CIP v5 Audits

Guidance on Violation Processing

PAGE 12

Low Impact

Patch Management

Self-Reporting

Mitigation Plans

NERC Alerts

SERC Committee Membership

PAGE 13

SERC Compliance & Committee Portal

SERC Reliability Assessment Portal

SERC Entity Assistance

SERC Technical Committee Portal

PAGE 14

• Introduction to Compliance Audits • Phishing Prevention

• ISME Training • AISME Training • CIP-013 Supply Chain Risk Management • NERC Family of Standards • NERC Functional Model • Fundamentals of Electricity • Basic Power Systems

• Audit Team Lead Training • Winterization Best Practices

Download and print phishing posters created to constantly remind your staff to be on the lookout for malicious emails. PHISHING AWARENESS

PAGE 15

RESOURCE LIBRARY

The SERC Resource Library webpage contains a variety of helpful information. Visitors to the library will find presentations, eLearning modules, the phishing posters, and new information as it becomes available. The Presentation Library is an Excel list of presentations given at past outreach events. Users may filter or sort the list by topic, presentation title, speaker, speaker's company, event,

or event date. Topics include: • CIP • Compliance

• General Interest • Portal/Website • RAPA • Registration • Standards

PAGE 16

FAQ & LESSONS LEARNED

Questions and SERC’s responses are located on the FAQ & Lessons Learned webpage under Outreach. Look through the categorized topics for questions you may have or for answers to questions you

didn’t know you had. The Q&As are listed by categories; those under Standards

by standard family and then numerical sequence. A green NEW box appears next to the question for 30 days after posting. No reference is made to any company when an FAQ is posted on the SERC website. Registered entities may submit questions directly to SERC staff or anonymously through an O&P or CIP Registered Entity Forum representative. There is a link on the webpage to submit questions. There is also a link to the SERC Acronym Reference Index. Questions are assigned to a SERC subject matter expert (SME). Responses are returned as soon as possible based on the SME’s schedule. If a question requires ERO Enterprise collaboration to ensure consistency, it is referred to the O&P Compliance Task Force (OPCTF) at NERC, and you are notified there will be a delay in receiving a response.

PAGE 17

PHISHING

In this age of connectivity, company information like names, titles, emails, and phone numbers are readily available online. This makes it easy for someone to impersonate a partner, a well-known company, or even an internal employee in an attempt to steal information for malicious purposes. The NERC E-ISAC has observed a steady increase of targeted attempts to impersonate executive leadership, HR, and Finance departments at organizations inside the electric sector. These attempts often come in the form of emails, text messages, or phone calls. SERC staff are regularly trained and informed on ways to identify common malicious communication traps. We encourage our entities to do the same, and strongly encourage registered entity staff to be vigilant with both internal and external emails, especially around HR, Finance, and PEI programs. Emails or texts that seem urgent, soliciting, or suspicious in any way should be carefully examined. Reaching out to the sender via an alternate means of communication is encouraged if you are unsure. The SERC assistance program is focused on helping registered entities build or improve their current malicious email prevention programs. Don’t hesitate to reach out to us for Assistance, and remember to always, “think before you click” links or attachments!

PAGE 18

CYBER SPACE

Cyberspace has long been deemed the “5th theatre of war” with an attack surface that is increasing year after year. New devices are connected and disconnected every day creating a changing landscape for potential adversaries. Imagine trying to defend landscape that is constantly changing. When you plug one electronic device into another, the landscape changes. The Universal Serial Bus (USB) drive is an electronic device that you plug in to transfer files, pictures, movies, and sometimes malicious code. Many companies are disabling USB storage drives in an effort to defend and reduce their attack surface. However, mice, keyboards, or other mobile devices connected via USB are often allowed. Protect yourself from transferring malicious code by following these tips: 1. Never plug in USB devices you have found. 2. Avoid using USB drives owned by others. Instead, stick to hardware with which you are familiar. 3. Bring your own charger with you on trips, and avoid public USB charging stations. 4. Charge your device with an outlet, not a computer or smart refrigerator. 5. Keep patches updated on your mobile devices and computers. 6. Think before you plug one of your devices into another microprocessor. (Microprocessor: an integrated circuit that contains all the functions of a central processing unit.)

PAGE 19

SUCCESS

Assuring an effective and efficient reduction of risk to the reliability and security of the Bulk Power System

Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 13 Page 14 Page 15 Page 16 Page 17 Page 18 Page 19 Page 20

Made with FlippingBook - Online Brochure Maker