SERC staff will present up-to-date information on current topics of interest regarding compliance with NERC Reliability Standards and bulk power system reliability. This event will be of interest to operations, transmission, compliance, and training staff of registered entities within the SERC Region.
CIP Compliance Seminar Agenda Brochure
October 6 - 7 , 2020 WebEx
Agenda SERC is committed to providing training and non-binding guidance to industry stakeholders regarding emerging and revised Reliability Standards. However, compliance depends on a number of factors including the precise language of the Standard, the specific facts and circumstances, and the quality of evidence. Purpose : Provide all SERC registered entities with an update on Compliance Monitoring and Enforcement Program (CMEP) developments, lessons learned, and key messages.
Agenda WebEx Logon 2020 Outreach
The agenda allows time for Q&A after each presentation. Therefore, times listed may vary. Those who attend the entire seminar will receive a participation certificate. The certificate does not satisfy educational requirements such as NERC continuing education hours .
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Tuesday, October 6, 2020
Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.
Todd Curl, NCSO - SERC Senior Manager of Compliance Monitoring Jason Blake - SERC President & CEO Matt Stryker –SERC Sr CIP Auditor
12 : 3 0 p.m.
Welcome
12 : 4 5 p.m.
President's Update
NERC Evidence Request Tool Evidence Excellence
1:0 5 p.m. .
2 : 00 p.m.
Data to Include in Self Report and Mitigation Plans
Todd Beam –SERC Manager, Risk Assessment & Mitigation Jimmy Cline – SERC Managing Counsel
2
Agenda
2 : 3 0 p .m.
Agenda WebEx Logon 2020 Outreach
Break
Update on Expanded Self Logging Program and Align Update
Rick Dodd – SERC Senior CIP Compliance Specialist Joe Stouse - Walser Technology Group Team Lead Janice Carney – SERC Senior Compliance Engineer Drew Slabaugh - SERC Legal Counsel Stephen Brown - SERC Manager, CIP Monitoring Clay Shropshire – SERC CIP Auditor Todd Curl, NCSO – SERC Senior Manager of Compliance Monitoring
2 : 45 p .m.
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
3 : 0 0 p .m.
SERC Duo Roll-out
Changes to IRA and COP Summary
3 : 20 p .m.
3 : 35 p .m.
Public Findings
Click on speaker’s name in agenda. Registered Entity Forum REF Steering Committee Speaker Bios
SERC CIP Audit Notification Process
3 : 45 p.m
4: 0 5 p.m.
CIP-006-6 and Beyond
4: 20 p.m.
Wrap Up
4:30 p.m.
Adjourn
3
Agenda
Wednsday, October 7, 2020
Agenda WebEx Logon 2020 Outreach
Todd Curl, NCSO - SERC Senior Manager of Compliance Monitoring Brandon Cain – Southern Company Services, Inc. CIP Compliance Assurance Manager
Welcome Day 2
8 : 30 a .m.
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
8 : 35 a .m.
REF Steering Committee Election
Stephen Brown - SERC Manager, CIP Monitoring Banna Underland - SERC
CIP-013 Introduction
8 : 45 a .m.
Supply Chain Training and Outreach
8:50 a.m .
Technical Writer and Training Coordinator Mike O’Neil – Florida Power & Light Company Sr Director Compliance and Regulatory Summer Esquerre - Florida Power & Light Company Director, NERC Compliance
Click on speaker’s name in agenda. Registered Entity Forum REF Steering Committee Speaker Bios
CIP-013 Implementation and Readiness Review CIP-013 Implementation Experiences and Internal Controls
9 : 00 a .m
9 : 30 a .m.
Howard Hunt – Southern Company CIP Cyber Compliance Coordinator Patrick Flynn – Southern Company NERC Internal Controls & Compliance Coordinator
10 : 0 0 a .m.
Break
10 : 15 a .m.
Brian Allen -NERC CIP Assurance Advisor
Supply Chain Update
3
Agenda
Supply Chain Security Understanding Foreign Ownership Control or Influence (FOCI)
Tobias Whitney – Fortress Information Security VP – Energy Security Solutions
10 : 45 a .m.
Agenda WebEx Logon 2020 Outreach
Justin Kelly - SERC Sr CIP Auditor
CIP-002 Failure Modes
11 : 15 a .m.
Todd Curl, NCSO – SERC Senior Manager of Compliance Monitoring
Wrap-Up
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC Registered Entity Forum REF Steering Committee Speaker Bios
1 2 : 15 p .m.
Adjourn
1 2 : 3 0 p .m.
Click on speaker’s name in agenda.
5
WebEx Logon
The WebEx session will be recorded. The recording will be posted to the SERC website and will, therefore, become public.
Agenda WebEx Logon 2020 Outreach
Tuesday, October 6 , 2020 Join Webex meeting
WebEx Begins at 12:30 p .m. (Eastern)
WebEx login information will be sent to registered attendees by October 5, 2020 Join by phone 1-408-792-6300 Call-in toll number (US/Canada) Wednesday, October 7 , 2020 Join Webex meeting WebEx login information will be sent to registered attendees by October 5, 2020 Join by phone 1-408-792-6300 Call-in toll number (US/Canada)
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
WebEx Begins at 8: 30 a.m. (Eastern)
Click on speaker’s name in agenda. Registered Entity Forum REF Steering Committee Speaker Bios
IMPORTANT NOTICE: Please note that this WebEx service allows audio and other information sent during the session to be recorded, which may be discoverable in a legal matter. By joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not join the session.
Participants will be muted upon entry to eliminate background noise. Please send questions through the Chat feature. If your question is too lengthy to type, send a request through the Chat feature to be un-muted.
6
2020 Outreach & Training Events
Compliance Seminars: WebEx Event details and registration are available on the SERC website under Outreach / Upcoming Events.
November 10 - 11 O&P Compliance Seminar Previously Fall Compliance Seminar. Because of the shortened allotted time and the fact that we hold a CIP Seminar we thought this would be the best option to keep attendees engaged
MORE
7
Antitrust
• It is SERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or which might appear to violate, the antitrust laws. • It is the responsibility of every SERC member, every SERC member employee who participates in SERC activities, and SERC staff personnel who may in any way affect SERC’s compliance with the antitrust laws to carry out this commitment . • Participants in SERC activities should refrain from the following prohibited discussions when acting in their capacity as participants in SERC activities: – Discussions involving pricing information, especially margin (profit) and internal cost – Discussions of a participant’s marketing strategies – Discussions regarding how customers and geographical areas are to be divided among competitors – Discussions concerning the exclusion of competitors from markets – Discussions concerning boycotting or group refusals to deal with competitors, vendors, or suppliers • Any other matters that do not clearly fall within these guidelines should be brought to the attention of the SERC office.
Agenda WebEx Logon 2020 Outreach
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Click on speaker’s name in agenda. Registered Entity Forum REF Steering Committee Speaker Bios
8
Confidentiality Policy
• Members of SERC committees may, in performing SERC functions, have to use information of a sensitive and commercial nature, including but not limited to that provided by SERC members and designated as “Confidential”, that SERC members customarily hold confidential and do not disclose publicly. • The SERC Confidentiality Agreement prohibits (i) the use of Confidential Information by Member Employees for other than SERC purposes and (ii) the disclosure of that information to any third party, unless disclosed to NERC pursuant to delegation agreement, or to a third party that has signed a Confidentiality Agreement with SERC. • If either you or your employer has not signed such an Agreement and/or your employer has not designated you as a Member Employee authorized to receive Confidential Information then you will not be given access to Confidential Information and you will be required to leave the meeting before any such information is disclosed, used, or discussed.
Agenda WebEx Logon 2020 Outreach
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.
9
Standards of Conduct
• The Federal Energy Regulatory Commission’s Standards of Conduct for transmission providers forbid a transmission provider from providing an undue preference or advantage to any person and require transmission providers to treat all customers in a not unduly discriminatory manner. • All participants in the SERC Identified Reliability Risk Team are expected to abide by the restrictions in the Standards of Conduct. • During any meetings, discussions, or other activities of the SERC Identified Reliability Risk Team, all participants should: – Refrain from disclosing non-public transmission function information, which includes any information related to day-to-day transmission operations and planning, such as transmission outages and constraints. – Refrain from discussing any non-public transmission customer-specific information. – If any non-public transmission function information or non-public customer information is disclosed during a SERC Identified Reliability Risk Team activity, the participants receiving that disclosure should not further disclose that information to any marketing function employees within their organizations or use any other person as a conduit to disclose such information.
Agenda WebEx Logon 2020 Outreach
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Click on speaker’s name in agenda. Registered Entity Forum REF Steering Committee Speaker Bios
1 0
Acronyms The master Acronym Reference Index is on the Q&A & Lessons Learned page of the SERC website under Outreach. It is updated following each outreach event.
Agenda WebEx Logon 2020 Outreach
ACC
Alternate Compliance Contact
AECI
Associated Electric Cooperative, Inc.
ATL
Audit Team Lead
BA
Balancing Authority
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
BCSI
BES Cyber System Information
BES
Bulk Electric System
BOTCC
(NERC) Board of Trustees Compliance Committee
BPS
Bulk Power System
CBT
Computer-based Training
CCC
Compliance and Certification Committee (NERC Committee)
CE
Compliance Exception
Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.
CEA
Compliance Enforcement Authority
CFR
Coordinated Functional Registration (formerly Type 2 Joint Registration Organization “JRO”)
CIP
Critical Infrastructure Protection (Family in NERC Reliability Standards)
CMAT
Controls Monitoring and Testing (Southern Company acronym)
CMEP
Compliance Monitoring and Enforcement Program
CMEP IP
Compliance Monitoring and Enforcement Program Implementation Plan
CORES
Centralized Organization Registration ERO System
COSO
Committee of Sponsoring Organizations (Treadway Commission)
CPC
Compliance Program Coordinators
DB
Design Basis
DP
Distribution Provider (Function)
DR
Data Request
EA
Enforcement Action
EACMS
Electronic Access Control and/or Monitoring Systems
EEI
Edison Electric Institute
1 1
Acronyms
EMP
Electromagnetic Pulses
EMS
Energy Management System
Agenda WebEx Logon 2020 Outreach
EOC
Extent of Condition
EPRI
Electric Power Research Institute
ERO
Electric Reliability Organization
FAC
Facilities, Design, Connections, and Maintenance (Family in NERC Reliability Standards)
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC Registered Entity Forum REF Steering Committee Speaker Bios
FERC
Federal Energy Regulatory Commission
FFT
Find, Fix, Track (and Report process)
GAO
Government Accountability Office - audit
GO
Generator Owners
GOP
Generator Operators
GSC
Guided Self Certification
GSU
Generator Step-Up
G&T
Generation & Transmission
HV
High Volt
IDS
Intrusion Detection System
Click on speaker’s name in agenda.
IRA
Inherent Risk Assessment
ISO
Independent System Operator
JRO
Joint Registration Organization
kV
Kilovolts (1000 volts)
LAFA
Lafayette Utilities System
LIBCS
Low Impact BES Cyber Systems (BES = Bulk Electric System)
LUS
Lafayette Utilities System
MANTIS
Modeling and Network Transmission Information System (AECI acronym)
MFA
Multifactor Authentication
MIDAS
Misoperation Information Data Analysis System
1 2
Acronyms
MLE
Motor Lead Extension
MRO
Midwest Reliability Organization (Region within the ERO Enterprise)
Agenda WebEx Logon 2020 Outreach
MRRE
Multi-Regional Registered Entity
MSA
Master Service Agreement
MVA
Mega Volt Amps
MW
Megawatt
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
NAGF
North American Generator Forum
NATF
North American Transmission Forum
NAVAPS
Notice of Alleged Violation(s) and Penalty or Sanction
NCSO
NERC Certified System Operator
NERC
North American Electric Reliability Corporation
NIST
National Institute of Standards and Technology
Click on speaker’s name in agenda. Registered Entity Forum REF Steering Committee Speaker Bios
NOCV
Notice of Confirmed Violation
NOP
Notice of Penalty
O&P
Operations & Planning
PA
Planning Authority (Function)
PACS
Physical Access Control System
PCC
Primary Compliance Contact
PCO
Primary Compliance Officer
PEI
Protected Entity Information
PER
Personnel Performance, Training, and Qualifications (Family in NERC Reliability Standards)
PNC
Possible Noncompliance
PRA
Personnel Risk Assessment
PRC
Protection and Control (Family in NERC Reliability Standards)
Pre-NAV
Pre-Notice of Alleged Violation
PSP
Physical Security Perimeter
1 3
Acronyms
RAM
Risk Assessment & Mitigation
RAPA
Reliability Assessment and Performance Analysis
Agenda WebEx Logon 2020 Outreach
Regional Advanced Techniques Staff-Statistical (Audit tool used by US Dept. of Health & Human Services)
RAT-STATS
Reliability Coordinator (Function)
RC
REF
Registered Entity Forum
RFI
Request for Information
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
RSAW
Reliability Standards Audit Worksheet
RTCA
Real-Time Contingency Analysis
RTO
Regional Transmission Organization
SAGAS
Small Group Advisory Sessions
SAR
Standard Authorization Request
SC
Self Certification
SCADA
Supervisory Control and Data Acquisition
Click on speaker’s name in agenda. Registered Entity Forum REF Steering Committee Speaker Bios
SCS
Southern Company Services
SCWG
Supply Chain Working Group
SFTP
Secure File Transfer Protocol
SME
Subject Matter Expert
SNOP
Spreadsheet Notice of Penalty
Security Operations Center or System Operator Conference
SOC
SPOC
Single Point of Contact
Transmission Owner (Function)
TO
Transmission Operator (Function) or Transmission Operations (Family in NERC Reliability Standards)
TOP
Transmission Planner (Function)
TP
TTP
Tactics, Techniques, and Procedures
UMR
User Management and Records
VPN
Virtual Private Network
Western Electricity Coordinating Council (Region within the ERO Enterprise)
WECC
1 4
Questions for SERC
Entity Assistance
Q&A Process
Agenda WebEx Logon 2020 Outreach
Topic
Email Support@serc1.org
• General inquiries / Q&A • Seminar & Webinar Topic Suggestions • Media inquiries
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
• SERC Membership • SERC Committees • SERC Compliance & Committee Portal/Committee related issues • Registration and Certification Issues • Compliance monitoring methods: o Self-Certification o Self-Report submittals o Compliance data submittals • Enforcement and Mitigation o Mitigation Plan submittals • SERC Compliance & Committee Portal-Compliance related issues • Reliability Assessment data reporting
SERCregistration@serc1.org SERCComply@serc1.org
Click on speaker’s name in agenda. Registered Entity Forum REF Steering Committee Speaker Bios
RAStaff@serc1.org
• Reliability Assessment forms • Annual Voting Rights • Reliability Data Reporting Portal • Industry Subject Matter Expert (ISME) Program
ISME@serc1.org
• Submitting an ISME application • Event Reporting
Reporting_Line_Sit@list-serc1.org
• Situational Awareness • Events Analysis
SAEA@serc1.org
1 5
Registered Entity Forum
If you have a question you would like to submit anonymously, you may do so by contacting one of the Registered Entity Forum Steering Committee members. Registered Entity Forum (REF) sessions are generally held during SERC seminars. However, REF Steering Committee members are gracious enough to assist registered entities within the SERC Region throughout the year. For your information, the REF is open to participation by all entities registered in the SERC Compliance Registry, regardless of membership status in SERC. The purpose of the REF is to promote compliance excellence, elevate the collective compliance culture, and strengthen reliability among all SERC Region registered entities. The REF is a self-directed forum that provides a safe harbor for registered entities to (1) exchange information, (2) share lessons learned, (3) discuss compliance issues of interest and importance, and (4) generate concerns and questions to be provided to SERC staff regarding compliance with SERC and NERC reliability rules, standards, and regulations. The REF Steering Committee is comprised of representatives from registered entities, and members are elected by the registered entities. Positions include representatives with both CIP and Operations & Planning expertise. If you would like to be on the committee, elections are held each fall. REF Steering Committee members are prohibited from disclosing to SERC the names of registered entities whose concerns or questions are discussed with SERC staff members. Should you have questions or topics that you would like to discuss with them, please feel free to contact the committee members listed on the CIP or Operations & Planning links above. Responses to previously submitted questions are available on the SERC website. From the SERC home page, select Outreach / Q&A and Lessons Learned. The REF Charter is posted to the SERC website. From the SERC home page, select Outreach / Registered Entity Forum. Elections are held each November, and committee members serve a two-year term.
Agenda WebEx Logon 2020 Outreach
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.
16
REF Steering Committee
CIP Committee Member Jennifer Blair, Compliance Specialist
O&P Committee Member Brad Arnold, Manager, Policy & Compliance Ameren Missouri barnold@Ameren.com John Babik, Director Electric Compliance JEA babijj@jea.com Greg Davis, Regulatory Compliance Manager Georgia Transmission Corporation Greg.davis@gatrans.com Sarah Snow, Manager of Reliability Compliance Cooperative Energy ssnow@cooperativeenergy.com Bill Thigpen, Supervisor of Compliance Support PowerSouth Energy Cooperative bill.thigpen@powersouth.com
Agenda WebEx Logon 2020 Outreach
LG&E and KU Energy, LLC jennifer.blair@lge-ku.com
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Brandon Cain, CIP Compliance Assurance Manager Southern Company pbcain@southernco.com Eric Jebsen, PE, Senior Regulatory Engineer Exelon Generation eric.jebsen@exeloncorp.com
Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.
.
17
Todd Curl ,NCSO
Agenda WebEx Logon 2020 Outreach
SERC Reliability Corporation Senior Manager of Compliance Monitoring
Todd is currently responsible for managing all areas of Compliance Monitoring (in both Operations & Planning and Critical Infrastructure Protection areas). Previously he was Manager of Compliance Programs, which included Registration & Certification, Compliance Investigations, and Compliance Outreach. Todd joined SERC as an O&P Compliance Auditor in 2010, with about 29 years in the electric utility industry. Before joining SERC, Todd was a Senior System Operator at Southern Company’s Power Coordination Center in Birmingham, Alabama. Primary responsibilities included providing real-time monitoring and control decisions and direction for the 24/7 operation of the Southern Company bulk power system balancing area. He also was responsible for various aspects of reliably operating the bulk power system in a coordinated manner with the four Operating Company transmission control centers, generation operations, and neighboring utilities. He worked with a team of NERC certified operators balancing generation with load, keeping the transmission system reliable, and ensuring correct interchange power flows with neighbors. Todd also spent 10 years on Southern Company’s energy trading floor as an Energy Coordinator, providing economic evaluation and negotiation of next-hour power sales and purchases, and arranged for scheduling of transactions in a real time 24/7 operation. Todd also spent 17 years with Georgia Power Company as a Transmission Operator in Atlanta, and a Substation Maintenance electrician.
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Click on speaker’s name in agenda. Registered Entity Forum REF Steering Committee Speaker Bios
Todd has a Bachelor of Science degree in Business Administration, and an Executive Certificate in Organizational Leadership from the University of Notre Dame. Todd is a NERC Certified System Operator with the Reliability Coordinator certification since 1999. Todd has also completed NERC Audit/Certification Team Leader training, and Compliance Investigations training.
18
Jason Blake
Agenda WebEx Logon 2020 Outreach
SERC Reliability Corporation President and Chief Executive Officer
Mr. Blake is President and CEO for SERC and is passionate about SERC’s mission, which is to reduce risks and ensure a reliable, resilient, and secure electric grid across 16 central and southeastern states. He leads with a commitment to operational excellence, innovation, continuous improvement, and deploying resources in an effective and efficient manner that adds value. Prior to joining SERC, Mr. Blake spent almost nine years serving as the Vice President and General Counsel for SERC’s northern neighbor and sister region, ReliabilityFirst. During that time, he helped lead RF through its start-up phase and into a sustainable risk-based organization focused on ensuring a reliable, resilient, and secure electric grid across the Mid-Atlantic and Great Lakes regions of the U.S. Prior to this, Mr. Blake developed broad business and regulatory experience through his private practice with large, corporate law firms located in Pittsburgh, Pennsylvania and then in Cleveland, Ohio. Mr. Blake is a graduate of the Ohio State University and the University of Pittsburgh School of Law. He also served on the Board of Directors for the American Heart Association for the Cleveland Metropolitan Area and enjoys volunteering to coach his children’s sports teams.
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.
19
Matt Stryker, PSP, CISSP
SERC Reliability Corporation Senior CIP Compliance Auditor Matt joined the CIP Compliance audit team at SERC Reliability Corporation in January 2019. Previously, Matt Stryker was a Supervisor of CIP with Georgia System Operations Corporation (GSOC) in Tucker, Georgia. He worked in the Security Operations department on both physical and electronic security processes in support of Georgia Transmission (GTC) and GSOC’s compliance with the NERC CIP Reliability Standards. Mr. Stryker performed similar roles as a Group Lead of CIP for Georgia Transmission Corporation (GTC) since 2012. Previously, Mr. Stryker held positions as a Senior CIP Compliance Auditor and later as the Manager of CIP Compliance Monitoring at SERC Reliability Corporation. He served as an Audit Team Lead or team member during audits of compliance with NERC Reliability Standards in the SERC Region. Matt has more than 15 years of security experience in asset management, physical security, network operations, and compliance. Matt holds the ASIS Physical Security Professional (PSP) and the ISC 2 Certified Information Systems Security Professional (CISSP) certifications. Matt holds a Bachelor of Science degree in Management from Georgia Tech.
Agenda WebEx Logon 20 20 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.
2 0
Rick Dodd, CISSP, MSCIS, MBA
SERC Reliability Corporation Senior CIP Compliance Specialist
Agenda WebEx Logon 2020 Outreach
R ick Dodd joined SERC on July 1, 2019 as a Senior CIP Compliance Specialist. Rick works in the Risk Assessment and Mitigation team specializing in Critical Infrastructure Protection responsible for implementation of the SERC Compliance Program that assesses overall entity risk within the SERC Region. In addition, he works as a single point of contact with entities to perform specific inherit risk assessments (IRAs) and internal controls evaluations, as well as to review, accept, track, and verify the entity’s Mitigation Plans pertaining to issues or violations of NERC Reliability Standards. Rick has over 38 years of management and technical experience in all aspects of IT and Information Security. Prior to joining SERC, Rick worked with FRCC as a Sr. Risk Assessment and Mitigation Specialist for more than six years as a team member performing similar functions. Prior to joining FRCC, he was a senior member of an Energy Practice consulting team for five years, participating on NERC working groups and numerous client engagements relevant to the CIP Reliability Standards and NEI 08-09, Revision 6 including engagements at numerous registered entities across most of the Regions. While his expertise is broad in all aspects of the CIP Reliability Standards, he has written many highly regarded compliant incident response and recovery plan documents commensurate with the culture and needs of utility clients. His training capabilities are enhanced from his role as an instructor, as he brings more than 10 years of experience as an instructor for diverse curriculum in both classroom and online settings for IT and business subjects. He started his career in the telecommunications industry with Verizon Data Services (formerly GTEDS) gaining extensive knowledge and experience in developing, implementing, and administering scalable multi- tiered, information security, state-of-the-art data warehouse, decision support, document management, Internet website, access administration, and billing systems using the full SDLC. He has demonstrated expertise in gathering business requirements, business process analysis, setting policies and standards, trouble shooting, tuning, and system evaluation. During his tenure with Verizon Data Services, he also managed an Information Security team of more than 30 employees. The wide versatility in multiple computing environments, with a strong understanding of object- oriented technologies, web services and workflow technologies along with BPMN, UML, and Use Case Methods, complements the needs of the team. He has directed and participated in the selection of hardware and software, building proof-of-concept/pilot projects aiding in deployment of enterprise-wide systems.
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.
Rick is a Certified Information Systems Security Professional, and holds a Master of Science in Computer Information Systems, a Master of Business Administration, and a Bachelor of Science in Professional Management from Nova Southeastern University, Ft. Lauderdale, FL.
16
Todd Beam
SERC Reliability Corporation Manager, Risk Assessment & Mitigation
Agenda WebEx Logon 2020 Outreach
Todd Beam is the Senior Lead Compliance Specialist at SERC Reliability Corporation, a nonprofit corporation responsible for promoting and improving the reliability, adequacy, and critical infrastructure protection of the bulk power system in all or portions of 16 southeastern and central states. Todd works on the Entity Assessment and Mitigation team, which is responsible for conducting entity inherent risk assessments (IRA), internal controls evaluations (ICE), and providing registered entities a single point of contact for all noncompliance issues. Prior to joining SERC in February 2012, Todd was employed by Duke Energy Corporation in Charlotte, NC for 25 years where he worked in a variety of roles. His most recent role was for four years as the CIP Compliance Project Manager for BA/TOP and TO with a focus on transmission substations. Prior to that he spent seven years as the Supervisor of Routine Work and Outage Restoration and Management.
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.
2 2
Jimmy C. Cline
Agenda WebEx Logon 2020 Outreach
SERC Managing Counsel J immy C. Cline is the Managing Counsel at SERC Reliability Corporation. He has 14 years of experience as an attorney, nine of which has been in the electric power industry. Jimmy joined SERC in January 2018, and his primary role is overseeing the Enforcement department. He came from Southwest Power Pool Regional Entity (SPP RE) in Little Rock, Arkansas, where he was employed for eight years as a Senior Compliance Enforcement Attorney. Prior to joining SPP RE, Jimmy practiced law for four years in a Human Resources defense firm where he counseled management on employment law matters. Jimmy’s first attorney position was for former Arkansas Supreme Court Chief Justice Betty Dickey, where he was responsible for drafting her judicial opinions
Click on speaker’s name in agenda. Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC Registered Entity Forum REF Steering Committee Speaker Bios
2 3
Stephen Brown ,MBA, CISM
SERC Reliability Corporation Manager, CIP Monitoring
Agenda WebEx Logon 2020 Outreach
Stephen joined the CIP Compliance audit team at SERC Reliability Corporation in September 2018. Previously, Stephen joined the NERC ERO at Georgia System Operations (GSOC) in 2006. While at GSOC, he managed and coordinated all Critical Infrastructure Protection (CIP) changes to ensure that stakeholders were aware of the change(s) and risks. He also ensured security controls were identified prior to changes and confirmed all documentation was complete. Stephen has over 15 years of information and operation technology experience with detailed knowledge in asset management, business continuity, disaster recover planning, incident response, policy administration, process improvement, and risk assessment. He has led a security and network operations center and managed multiple security and compliance projects. Stephen is a Certified Information Security Manager (CISM) and has been a Subject Matter Expert on standards CIP-006, CIP-007, and CIP-010 for multiple Critical Infrastructure Protection (CIP) audits. He is a new resident to North Carolina and holds a Masters of Business Administration (MBA) in Information Systems from Argosy University.
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Click on speaker’s name in agenda. Registered Entity Forum REF Steering Committee Speaker Bios
2 4
Clay Shropshire, MBA, CPP, PSP, CPTED
SERC Reliability Corporation CIP Compliance Auditor D. Clay Shropshire, MBA, CPP, PSP, CPTED Practitioner, has successfully completed the Fundamentals of Auditing (FOA) and Audit Team Lead (ATL) training courses for NERC Compliance. Mr. Shropshire has over six years of experience as a CIP compliance auditor for the SERC region and four years of experience as a consultant conducting mock CIP audits for electric utilities across the country. Prior to joining SERC, Clay Shropshire spent 29 years in the field of security systems design, systems engineering, project management, and consulting, primarily in designated U.S. critical infrastructure industries. Mr. Shropshire specialized in providing consulting services pertaining to: NERC CIP Compliance; physical and information protection programs (assessments, systems design, systems engineering, policy & procedures); security master planning; security project management; regulatory compliance; business continuity planning; security awareness & training programs; in-depth needs and security assessments; physical protection systems design using access control, biometrics, badging, CCTV, video recording, video display, intrusion detection, perimeter systems, fire alarm, life-safety, code blue, intercom, paging, and specialty electronics systems; and project management.
Agenda WebEx Logon 2020 Outreach
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Click on speaker’s name in agenda. Registered Entity Forum REF Steering Committee Speaker Bios
Throughout his career, Clay has designed, engineered, and managed security projects for hundreds of clients, including many of the Fortune 500 in the utility industry, including electric utilities, natural gas companies, and water treatment facilities as well as for one of the top three telecommunications companies, top-tier financial institutions, automobile companies, hospitals, high-rise office buildings, college campuses, retail distribution centers, government facilities, military installations, retail chain headquarters and stores, greeting card companies and manufacturing plants.
2 5
Brandon Cain, MBA, CISSP, CCM
Southern Company CIP Compliance Assurance Manager
Agenda WebEx Logon 2020 Outreach
Brandon Cain joined SCS Operations Compliance in 2011 as a CIP Compliance Coordinator and was later promoted to CIP Cyber Compliance Assurance Manager. In this role, he provides strategic management of the Company’s CIP Compliance Program and oversees the implementation of cyber security initiatives intended to meet and maintain compliance with regulatory reliability standards impacting Transmission and Generation. His team provides crucial support to Company business unit management engaged in cyber compliance activities, prepares for audits and self-certifications, and handles routine regulatory compliance filings for the Company. Prior to joining Southern Company, Brandon served as Branch Chief, Tactical Exploitation Branch of the Counterterrorism Task Force, Defense Intelligence Agency. There, he managed multiple regional teams providing direct overseas intelligence support to agency and military operations and led the production of critical intelligence reports and assessments developed for government officials and senior military leaders. Brandon holds a B.S. in Information Systems Security Management and an M.B.A. from the University of Alabama in Birmingham. He has also obtained professional certifications as a Certified Information Systems Security Professional (CISSP), and a Certified Continuity Manager (CCM).
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC Registered Entity Forum REF Steering Committee Speaker Bios
Click on speaker’s name in agenda.
2 6
Janice Carney
SERC Senior Enforcement Engineer
Agenda WebEx Logon 2020 Outreach
Janice Carney joined SERC in January 2009 as a Compliance Engineer, and currently serves as a Senior Complaince Engineer. Ms. Carney is responsible for administering the Compliance Monitoring and Enforcement Program. This responsibility includes the determination of Alleged Violations and the Enforcement staff’s review and acceptance of Mitigation Plans. Ms. Carney also has the lead role in SERC’s Inherent Risk Assessment processes. Prior to joining SERC, Ms. Carney was the Manager, Regulatory Issues for ElectriCities of North Carolina, Inc., a membership organization including public power communities in North Carolina, South Carolina, and Virginia. Before joining ElectriCities in May 2003, Ms. Carney held various positions in her 16-year career with Progress Energy – Carolinas including power marketer, Manager of Retail Sales, and Major Accounts Manager.
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Click on speaker’s name in agenda. Registered Entity Forum REF Steering Committee Speaker Bios
Ms. Carney holds a degree in computer engineering from Clemson University.
27
Summer Esquerre
Agenda WebEx Logon 2020 Outreach
Florida Power & Light Company Director, NERC Compliance
Summer Esquerre, as the Director of Reliability Standards Compliance, leads a team that oversees, advises, and guides business units' implementation of North American Electric Reliability Corporation (NERC) Reliability Standards for NextEra Energy, Inc.'s ("NextEra's") Compliance and Responsibility Organization. She has over 15 years' experience in the industry. Her responsibilities include managing Reliability Standards regulatory compliance audits and spot checks, ensuring that executive management is aware of all potential non- compliance risks and potential exposures. She also oversees NextEra's Sustainability Assurance program, which ensures sustainability by monitoring Standard changes, reviewing implemented Internal Controls, and proposed enhancements. She advises and supports the Senior Director of Reliability Standards Compliance by maintaining a robust compliance program. NextEra has Registered Entities in all six NERC regions, and NextEra has compliance responsibility for virtually all registered functions. NextEra's largest Registered Entity is Florida Power & Light Company in the SERC region. Florida Power & Light Company is the largest energy company in the United States as measured by retail electricity produced and sold, serving more than 5.1 million customer accounts or an estimated 10 million+ people across the state of Florida. From 2016 – 2019, Ms. Esquerre served as a member of the Texas RE Member Representatives Committee (MRC) and is an active observer of NERC's Search Results Compliance and Certification Committee (CCC), participating on several sub-committees and task forces. Ms. Esquerre is a Business Unit leader responsible for the growth, development, and engagement of staff, serving as a mentor and role model for compliance personnel and business units' staff regarding compliance efforts. She holds a Master's Degree in Information Assurance from Norwich University and is a Certified Information Systems Security Professional (CISSP) as well as Certified in Risk and Information Systems Control (CRISC).
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.
28
Mike O'Neil
Florida Power & Light Company Senior Director of Critical Infrastructure Protection (CIP) Compliance Mike O’Neil, Florida Power & Light (FPL), is Senior Director of Critical Infrastructure Protection (CIP) Compliance where he is responsible for ensuring execution of NextEra Energy’s (NEE) CIP program across all NEE businesses. In his prior role, Mike was responsible for managing business unit execution compliance of North American Electric Reliability Corporation (NERC) operation/planning and CIP reliability standards for transmission facilities at FPL, Gulf Power, Lone Star Transmission and New Hampshire Transmission. Mike was also responsible for the FPL Power Delivery business unit’s Florida Public Service Commission rate case preparation and regulatory filings.
Agenda WebEx Logon 2020 Outreach
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC Registered Entity Forum Speaker Bios Click on speaker’s name in agenda.
Mike earned his Bachelor of Science in Electrical Engineering from the University of Pennsylvania.
29
Howard Hunt ,
CISSP, CISM
Southern Company CIP Cyber Compliance Coordinator
Agenda WebEx Logon 2020 Outreach
Howard Hunt is a CIP Cyber Compliance Coordinator at Southern Company. In his role, Howard directly oversees the assurance of CIP-005, CIP-010, CIP-011, and CIP-013 Standards across the several business units within Southern Company, ensuring the compliance, audits, and reports are within NERC requirements. Howard is also a member of the CIP-013 Standards Drafting Team. Howard joined Southern Company in November 2018. Howard has over 23 years of experience working in both the DoD and private sectors in Defensive Cyber Operations and Compliance. Howard earned a bachelor’s degree in Marketing at the University of Central Arkansas and is currently pursuing his master’s in Public Administration at the University of Alabama Birmingham. He is a Certified Information Systems Security Professional (CISSP) and a Certified Information Security Manager (CISM). Howard is member of ISC2, E- Council, and ISACA.
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.
3 0
Patrick Flynn ,CPA, CIA, CISA
Southern Company NERC Internal Controls & Compliance Coordinator
Agenda WebEx Logon 2020 Outreach
Patrick Flynn is a NERC Internal Controls & Compliance Coordinator at Southern Company. In this role, Patrick assists in the design, management, direction and oversight of the following: (i) developing a risk assessment specific to NERC Reliability and CIP Cyber Security Standards compliance; (ii) developing a program for identifying, designing and documenting internal controls that support Southern Company’s compliance with NERC Reliability and CIP Cyber Security Standards; (iii) developing a program for periodic monitoring and testing of internal controls including the reporting of internal control concerns and recommendations to management; (iv) developing program (control framework) documentation to ensure repeatability and consistency in program execution. Patrick joined Southern Company in October 2018. Patrick has over 21 years of experience in areas such as internal audit, financial accounting, internal controls, compliance and risk. Patrick earned a bachelor’s degree in Business Administration and a master’s degree in Accounting Information Systems from Auburn University. He is a Certified Public Accountant (CPA) in the State of Alabama, a Certified Internal Auditor (CIA), and a Certified Information Systems Auditor (CISA). He is also a member of the Alabama Society of CPA s , the Institute of Internal Auditors, and ISACA.
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.
3 1
Brian Allen
NERC CIP Assurance Advisor
Agenda WebEx Logon 2020 Outreach
Brian serves as a CIP Assurance Advisor in the NERC Grid Assurance group. In this position, Brian works with the Assurance Team to provide oversight, guidance, and coordination in managing programs and processes to monitor, review, and evaluate program effectiveness of the Electric Reliability Organization (ERO) Enterprise implementation of risk-based compliance monitoring and adherence to the NERC Rules of Procedure, Compliance Monitoring and Enforcement Program, and approved delegation agreements. Brian joined the NERC CIP Assurance team in January 2019. Prior to NERC, Brian served as a Cyber Security Specialist at Georgia Systems Operation Corporation. In this role, Brian worked within Security Operations focusing on governance, risk, and compliance of the CIP Program.
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Click on speaker’s name in agenda. Registered Entity Forum REF Steering Committee Speaker Bios
3 2
Tobias Whitney
Fortress Information Security VP Energy Security Solutions
Agenda WebEx Logon 2020 Outreach
At Fortress, Tobias Whitney leads sales and marketing as the Vice President of Energy Security Solutions. He is a recognized leader in control systems security solutions with over 20 years of critical infrastructure security experience. For six years, Whitney lead the compliance and standards for NERC's Critical Infrastructure Protection program. Most recently, Whitney spent two years as Technical Executive at the Electric Power Research Institute (EPRI), evaluating risks in supply chain cybersecurity for utilities, developing solutions to address security architecture for utility cloud-based solutions, as well as researching emerging technologies, such as electric vehicle charging and supply chain security.
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC Registered Entity Forum REF Steering Committee Speaker Bios
Click on speaker’s name in agenda.
3 3
Banna Underland
Agenda WebEx Logon 2020 Outreach
SERC Technical Writer & Training Coordinator
Ms. Underland joined SERC Reliability Corporation (SERC) in 2016 as the Technical Writer. Because of her experience as an Instructional Designer, she is responsible for developing training for corporate compliance topics. She assumed the role of Training Coordinator in 2019. Ms. Underland has been a Technical Communicator and Instructional Designer for more than 30 years. In addition to her time at SERC, her employment experience includes service in the U.S. Navy as an Electronics Technician and instructor; and instructional design and technical training for both the metrology and software industries. Ms. Underland has been part of SERC's Entity Assistance program development since its inception. Entity Assistance is part of SERC's Outreach & Training department, which Ms. Underland joined in 2019. Ms. Underland earned a Bachelor's degree in Business Administration from Montreat College. She is a Certified Professional Technical Communicator (CPTC).
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC
Click on speaker’s name in agenda. Registered Entity Forum REF Steering Committee Speaker Bios
3 4
Justin Kelly, PE, MS, CISSP
SERC Reliability Corporation Senior CIP Auditor
Agenda WebEx Logon 2020 Outreach
Justin joined the CIP Compliance audit team at SERC Reliability Corporation in September 2019. Previously, Justin Kelly was an Electrical Engineer with the Federal Energy Regulatory Commission in Washington, DC. He was a sub-team lead for both CIP Version 5 and CIP-014 FERC-led audits. Justin has also been involved in monitoring Standard Drafting Teams, drafting FERC Orders, reviewing CIP related sanctions filed or posted by NERC, and observing regional entity audits. He primarily focused on CIP Reliability Standards during his time at FERC, but also was a technical team lead for Geomagnetic Disturbance and Electromagnetic Pulse research and standards projects. Justin received a Master of Science in Electrical Engineering degree from Virginia Polytechnic and State University in 2009. He is a licensed Professional Engineer (PE) in the state of Maryland and is a Certified Information System Security Professional (CISSP).
Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC Registered Entity Forum REF Steering Committee Speaker Bios
Click on speaker’s name in agenda.
3 5
Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 13 Page 14 Page 15 Page 16 Page 17 Page 18 Page 19 Page 20 Page 21 Page 22 Page 23 Page 24 Page 25 Page 26 Page 27 Page 28 Page 29 Page 30 Page 31 Page 32 Page 33 Page 34 Page 35 Page 36Made with FlippingBook - Online magazine maker