2019 CIP Compliance Seminar

CIP Compliance Seminar Agenda Brochure

September 17-18, 2019 Charlotte, NC / WebEx

Agenda

SERC is committed to providing training and non-binding guidance to industry stakeholders regarding emerging and revised Reliability Standards. However, compliance depends on a number of factors including the precise language of the Standard, the specific facts and circumstances, and the quality of evidence. The agenda allows time for Q&A after each presentation. Therefore, times listed may vary. WebEx begins at 9:30 a.m. (Eastern). Those who attend the entire seminar will receive a participation certificate. The certificate does not satisfy educational requirements such as NERC continuing education hours .

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Tuesday, September 17, 2019

7:30 a.m.

Continental Breakfast Visit with Registered Entity Forum Steering Committee Members in VACAR Conference Room.

Todd Curl, NCSO - SERC Senior Manager of Compliance Monitoring

Welcome

8:00 a.m.

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

8:15 a.m.

Registered Entity Forum (REF) REF Steering Committee Members Whether attending the seminar or not, registered entities may submit questions prior to the seminar to REF Steering Committee members at the email links below for discussion during the REF session. Please submit questions by noon on September 16. Jennifer Blair, CFE jennifer.blair@lge-ku.com LG&E and KU Energy Allan Long, PE along@mlgw.org Memphis Light, Gas and Water Division Bill Thigpen bill.thigpen@powersouth.com PowerSouth Energy Cooperative

9:15 a.m.

Break

2

Agenda

* * * WebEx Begins * * *

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

9:30 a.m.

Welcome WebEx Attendees

Jason Blake - SERC President and CEO

and SERC Update

Risk-Based Audit Approach

Carlos Valiente - SERC Senior CIP Auditor

10:00 a.m.

10:30 a.m.

Break

10:45 a.m.

NERC CIP Update

Daniel Bogle - NERC Senior CIP Assurance Advisor

11:30 a.m.

CIP Themes Report and

Todd Beam - SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

Lessons Learned

Senior Lead Compliance Specialist

12:00 p.m.

Lunch Visit with Registered Entity Forum Steering Committee Members in VACAR Conference Room.

12:45 p.m.

REF Recap

Todd Curl - SERC Senior Manager of Compliance Monitoring

SERC Audit Approach to CIP-014

Matt Stryker - SERC Senior CIP Auditor

1:00 p.m.

1:30 p.m.

Low Impact: CIP-003-7 Changes

Daniel Bogle - NERC Senior CIP Assurance Advisor

3

Agenda

2:00 p.m.

Break

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

2:15 p.m.

Protected Entity Information

Chris Murphy - SERC Senior CIP Auditor

2:30 p.m.

SERC’s Initial Approach to Renny Ramai - SERC Low Impact Transient Cyber Assets Senior CIP Auditor

2:45 p.m.

FERC Report

David DeFalaise - FERC Office of Electric Reliability

3:30 p.m.

Break

3:45 p.m.

Evidence Request Tool

Clay Shropshire - SERC CIP Auditor

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

4:15 p.m.

SERC Assistance Team Visit

Eric Scott - Ameren Director, Reliability Standards Compliance

4:30 p.m.

Assistance Engagement

Wayne Ahl - SERC

Lessons Learned

Senior Program Manager, Assistance

4:45 p.m.

SERC Outreach & Training

Lynn Black - SERC

Opportunities

Senior Program Support Assistant

4:55 p.m.

Wrap-up

Todd Curl, NCSO - SERC Senior Manager of Compliance Monitoring

5:00 p.m.

Adjourn

4

Agenda

Wednesday, September 18, 2019

7:30 a.m.

Continental Breakfast Visit with Registered Entity Forum Steering Committee Members in VACAR Conference Room

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

* * * WebEx Begins * * *

8:00 a.m.

Welcome: Day 2

Todd Curl - SERC Senior Manager of Compliance Monitoring Allan Long - Memphis Light, Gas and Water Division Manager of Regulatory Compliance Vice President, Chief Information Officer Nacy Millé - Entergy Manater, IT Regulatory Compliance & Continuous Improvement Zeeshan Sheikh - Entergy

8:05 a.m.

REF Steering Committee Election

8:15 a.m.

CIP Internal Controls:

Best Practices & Lessons Learned

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

8:45 a.m.

TVA’s Patch Management Program Ivana Hinton – Tennessee Valley Authority (CIP-007 R2) Configuration Management & Security Nick Van Allen Real Time Operations Infrastructure Administrator

9:15 a.m.

Break

5

Agenda

9:30 a.m.

Audit Preparation Panel Discussion

Jennifer Blair - LG&E and KU Energy, LLC

J Blair Presentation B Cain Presentation

Senior Compliance Specialist

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Brandon Cain - Southern Company CIP Compliance Assurance Manager

V Naik Presentation

Vijay Naik - SERC CIP Auditor

M Stryker Presentation

Matt Stryker - SERC Senior CIP Auditor

10:40 a.m.

Break

10:50 a.m.

Physical Security Access Revocation

Matt Stryker - SERC Senior CIP Auditor

11:20 a.m.

Align

Andrew Williamson - SERC Director, Reliability Assurance

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

11:25 a.m.

REF Responses

SERC Staff

Todd Curl, NCSO - SERC Senior Manager of Compliance Monitoring

11:55 a.m.

Wrap-up

12:00 p.m.

Adjourn

6

WebEx Logon

The WebEx session will not be recorded.

Tuesday, September 17, 2019 Join Webex meeting Meeting number (access code): 718 798 794 Meeting password: SERC Join by phone 1-408-792-6300 Call-in toll number (US/Canada) Wednesday, September 18, 2019 Join Webex meeting Meeting number (access code): 713 663 743 Meeting password: SERC Join by phone 1-408-792-6300 Call-in toll number (US/Canada)

WebEx Begins at 9:30 a.m. (Eastern)

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

WebEx Begins at 8:00 a.m. (Eastern)

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

Participants will be muted upon entry to eliminate background noise. Please send questions through the Chat feature. If your question is too lengthy to type, send a request through the Chat feature to be un-muted. Can't join the meeting? IMPORTANT NOTICE: Please note that this WebEx service allows audio and other information sent during the session to be recorded, which may be discoverable in a legal matter. By joining this session, you automatically consent to such recordings. If you do not consent to being recorded, discuss your concerns with the host or do not join the session.

7

2019 Upcoming Events

September 24 - 26 System Operator Conference October 8 - 9 Fall Compliance Seminar

Technical Committee Meetings : Charlotte, NC / WebEx September 30 - October 2

8

2020 Outreach & Training Events

Compliance Seminars: Charlotte, NC / WebEx Event details and registration will be available on the SERC website under Outreach / Upcoming Events by November 15, 2019.

March 10 - 11

Spring Compliance Seminar

March 11 Small Entity Seminar October 6 - 7 CIP Compliance Seminar November 10 - 11 Fall Compliance Seminar

MORE

9

2020 Outreach & Training Events

Webinar Series Event details will be available on the SERC website under Outreach / Upcoming Events by November 15, 2019. No registration required.

January 27 February 10

Q1 2020 Open Forum

SERC 101

May 11 July 27

Q2 2020 Open Forum Q3 2020 Open Forum

MORE

10

2020 Outreach & Training Events

System Operator Conferences Event details and registration will be available on the SERC website under Outreach / Upcoming Events by November 15, 2019.

April 7 - 9

Greenville, SC

April 28 - 30 Greenville, SC August 25 - 27 Franklin, TN Sep 29 - Oct 1 Franklin, TN

MORE

11

2020 Technical Committee Meetings

Event details and registration will be available on the SERC website under Outreach / Upcoming Events by November 15, 2019. Technical Committee Meetings : Charlotte, NC / WebEx • Spring March 16 - 18 • Fall September 28 - 30

Summer Regional Meeting / Pig Roast To Be Announced

12

Antitrust

• It is SERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or which might appear to violate, the antitrust laws. • It is the responsibility of every SERC member, every SERC member employee who participates in SERC activities, and SERC staff personnel who may in any way affect SERC’s compliance with the antitrust laws to carry out this commitment . • Participants in SERC activities should refrain from the following prohibited discussions when acting in their capacity as participants in SERC activities: – Discussions involving pricing information, especially margin (profit) and internal cost – Discussions of a participant’s marketing strategies – Discussions regarding how customers and geographical areas are to be divided among competitors – Discussions concerning the exclusion of competitors from markets – Discussions concerning boycotting or group refusals to deal with competitors, vendors, or suppliers • Any other matters that do not clearly fall within these guidelines should be brought to the attention of the SERC office.

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

13

Confidentiality Policy

• Members of SERC committees may, in performing SERC functions, have to use information of a sensitive and commercial nature, including but not limited to that provided by SERC members and designated as “Confidential”, that SERC members customarily hold confidential and do not disclose publicly. • The SERC Confidentiality Agreement prohibits (i) the use of Confidential Information by Member Employees for other than SERC purposes and (ii) the disclosure of that information to any third party, unless disclosed to NERC pursuant to delegation agreement, or to a third party that has signed a Confidentiality Agreement with SERC. • If either you or your employer has not signed such an Agreement and/or your employer has not designated you as a Member Employee authorized to receive Confidential Information then you will not be given access to Confidential Information and you will be required to leave the meeting before any such information is disclosed, used, or discussed.

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

14

Standards of Conduct

• The Federal Energy Regulatory Commission’s Standards of Conduct for transmission providers forbid a transmission provider from providing an undue preference or advantage to any person and require transmission providers to treat all customers in a not unduly discriminatory manner. • All participants in the SERC Identified Reliability Risk Team are expected to abide by the restrictions in the Standards of Conduct. • During any meetings, discussions, or other activities of the SERC Identified Reliability Risk Team, all participants should: – Refrain from disclosing non-public transmission function information, which includes any information related to day-to-day transmission operations and planning, such as transmission outages and constraints. – Refrain from discussing any non-public transmission customer-specific information. – If any non-public transmission function information or non-public customer information is disclosed during a SERC Identified Reliability Risk Team activity, the participants receiving that disclosure should not further disclose that information to any marketing function employees within their organizations or use any other person as a conduit to disclose such information.

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

15

Acronyms

The master Acronym Reference Index is on the FAQ & Lessons Learned page of the SERC website under Outreach. It is updated following each outreach event.

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

3PAO

Third party assessment organization

4Ps

[An organization’s] Policies, Programs, Plans, Procedures

AISME

Assistance Industry Subject Matter Expert

ANL

Audit Notification Letter

AoC

Areas of Concern

ATL

Audit Team Lead

BCS

BES Cyber System

BCSI

BES Cyber System Information

BES

Bulk Electric System

BU

Business Unit

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

CA

Compliance Assessment

Critical Infrastructure Protection (Family in NERC Reliability Standards)

CIP

CIWG

Compliance Input Working Group

CMEP

Compliance Monitoring and Enforcement Program

CMEP IP

Compliance Monitoring and Enforcement Program Implementation Plan

DR

Data Request

EACMS

Electronic Access Control and/or Monitoring Systems

EAP

Electronic Access Point

EFT™

Enhanced File Transfer

EMS

Energy Management System

ER

Exception Request

16

Acronyms

ERO

Electric Reliability Organization

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

ERT

Evidence Request Tool

ESP

Electronic Security Perimeter

FedRAMP

Federal Risk and Authorization Management Program

FERC

Federal Energy Regulatory Commission

GAGAS

Generally Accepted Government Auditing Standards

GRC

Governance, Risk and Compliance

HTTPS

Hyper Text Transfer Protocol

IRA

Inherent Risk Assessment

ISO

International Organization of Standardization

IT

Information Technology

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

LAN

Local Area Network

MBSA

Microsoft Baseline Security Analyzer

MW

Megawatt

NERC

North American Electric Reliability Corporation

NERS

NERC Evidence Request Spreadsheet

O&P

Operations & Planning

PACS

Physical Access Control System

PCA

Protected Cyber Asset

PCC

Primary Compliance Contact

PEI

Protected Entity Information

17

Acronyms

PGP

Pretty Good Privacy

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

PIN

Personal Identification Number

PPE

Personal Protective Equipment

RDP

Remote Desktop Protocol

RFI

Request for Information

RM

Removable Media

ROP

Rules of Procedure

RSAW

Reliability Standards Audit Worksheet

SAR

Standard Authorization Request

SDT

Standard Drafting Team

SFTP

Secure File Transfer Protocol

SME

Subject Matter Expert

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

Security Operations Center or System Operator Conference

SOC

SPOC

Single Point of Contact

SUBS

Substations (Southern Company acronym)

TCA

Transient Cyber Assets

TO

Transmission Owner (Function)

TOP

Transmission Operator (Function) or Transmission Operations (Family in NERC Reliability Standards)

TVA

Tennessee Valley Authority

UTPR

Unaffiliated Third-Party Reviewers

VPN

Virtual Private Network

WSUS

Windows Server Update Service

18

Questions for SERC

FAQ Process

Entity Assistance

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Topic

Email

• General inquiries / FAQ

Support@serc1.org

• Seminar & Webinar Topic Suggestions • Media inquiries

• SERC Membership • SERC Committees • SERC Compliance & Committee Portal/Committee related issues • Registration and Certification Issues • Compliance monitoring methods: o Self-Certification o Self-Report submittals o Compliance data submittals • Enforcement and Mitigation o Mitigation Plan submittals • SERC Compliance & Committee Portal-Compliance related issues • Reliability Assessment data reporting

SERCComply@serc1.org

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

RAStaff@serc1.org

• Reliability Assessment forms • Annual Voting Rights • Reliability Data Reporting Portal • Industry Subject Matter Expert (ISME) Program

ISME@serc1.org

• Submitting an ISME application • Event Reporting

Reporting_Line_Sit@list-serc1.org

• Situational Awareness • Events Analysis

SAEA@serc1.org

19

Registered Entity Forum

If you have a question you would like to submit anonymously, you may do so by contacting one of the Registered Entity Forum Steering Committee members. Registered Entity Forum (REF) sessions are generally held during SERC seminars. However, REF Steering Committee members are gracious enough to assist registered entities within the SERC Region throughout the year. For your information, the REF is open to participation by all entities registered in the SERC Compliance Registry, regardless of membership status in SERC. The purpose of the REF is to promote compliance excellence, elevate the collective compliance culture, and strengthen reliability among all SERC Region registered entities. The REF is a self-directed forum that provides a safe harbor for registered entities to (1) exchange information, (2) share lessons learned, (3) discuss compliance issues of interest and importance, and (4) generate concerns and questions to be provided to SERC staff regarding compliance with SERC and NERC reliability rules, standards, and regulations. The REF Steering Committee is comprised of representatives from registered entities, and members are elected by the registered entities. Positions include representatives with both CIP and Operations & Planning expertise. If you would like to be on the committee, elections are held each fall. REF Steering Committee members are prohibited from disclosing to SERC the names of registered entities whose concerns or questions are discussed with SERC staff members. Should you have questions or topics that you would like to discuss with them, please feel free to contact the committee members listed on the CIP or Operations & Planning links above. Responses to previously submitted questions are available on the SERC website. From the SERC home page, select Outreach / FAQ & Lessons Learned. The REF Charter is posted to the SERC website. From the SERC home page, select Outreach / Registered Entity Forum. Elections are held each November, and committee members serve a two-year term. For information on the 2019 election process and nomination form, CLICK HERE.

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

20

REF Steering Committee

O&P Committee Member Brad Arnold Operational Compliance Manager Ameren Missouri barnold@Ameren.com Sarah Snow Manager of Reliability Compliance Cooperative Energy ssnow@cooperativeenergy.com Bill Thigpen Supervisor of Compliance Support PowerSouth Energy Cooperative bill.thigpen@powersouth.com Ryan Ziegler Reliability Compliance Specialist Associated Electric Cooperative, Inc. rziegler@aeci.org

CIP Committee Member Jennifer Blair Compliance Specialist LG&E and KU Energy, LLC jennifer.blair@lge-ku.com Eric Jebsen, PE Senior Regulatory Engineer Exelon Generation eric.jebsen@exeloncorp.com

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Allan Long, PE Manager of Regulatory Compliance Memphis Light, Gas and Water Division along@mlgw.org

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

21

Wayne Ahl

SERC Reliability Corporation Senior Program Manager, Assistance

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Wayne Ahl serves as a Senior Program Manager Assistance for SERC. He has served in this capacity for five months, while previously serving as a Senior CIP auditor for six and one-half years. During this time he also served as Project Manager for the Assistance corporate strategic initiative. His initial experience in the industry was gained for thirty years at a Public Power Utility in the Southeast, performing various duties. Mr. Ahl has gained a broad-based knowledge of Transmission Operations and Reliability. Mr. Ahl obtained a Bachelor of Science in Electrical and Computer Engineering from the University of South Carolina in 1982. After graduation, Mr. Ahl went to work at the Public Power Company as an Engineer in the Power Supply Operations group. Shortly thereafter, the Company’s first Energy Management System (EMS) was made operational, and Mr. Ahl supervised the hardware and communications portions of the EMS. Sometime later, Mr. Ahl Supervised the entire group, and over time has commissioned two more EMS systems and the Standby Control Center. In addition to EMS duties, Mr. Ahl has operated and maintained various Voltage Flicker and Harmonics systems, Dynamic Scheduling systems, Regulation Sharing systems, Trunking Radio systems, and has assisted in the

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

creation of Cyber Security policies and procedures. Mr. Ahl also coordinated many specialty projects, including projects with Clemson University and the University of South Carolina. Mr. Ahl has served his community by participating on Boards for Tax Assessment Review for the County, as well as Habitat for Humanity, and coaching in recreation for 17 years. Mr. Ahl also serves on an advisory board for engineering students at Trident Technical College. In addition, Mr. Ahl serves in his local Church of which he has been a member since 1997.

22

Todd Beam

SERC Reliability Corporation Senior Lead Compliance Specialist

Agenda WebEx Logon 2019 Outreach

Todd Beam is the Senior Lead Compliance Specialist at SERC Reliability Corporation, a nonprofit corporation responsible for promoting and improving the reliability, adequacy, and critical infrastructure protection of the bulk power system in all or portions of 16 southeastern and central states. Todd works on the Entity Assessment and Mitigation team, which is responsible for conducting entity inherent risk assessments (IRA), internal controls evaluations (ICE), and providing registered entities a single point of contact for all noncompliance issues. Prior to joining SERC in February 2012, Todd was employed by Duke Energy Corporation in Charlotte, NC for 25 years where he worked in a variety of roles. His most recent role was for four years as the CIP Compliance Project Manager for BA/TOP and TO with a focus on transmission substations. Prior to that he spent seven years as the Supervisor of Routine Work and Outage Restoration and Management.

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

23

Lynn Black

SERC Reliability Corporation Senior Program Support Assistant

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Lynn Black joined the Entity Assistance team at SERC Reliability Corporation in April 2018. Previously, Lynn was a Human Resources consultant in South African Labor Relations for Maytham and Associates based in Johannesburg. Ms. Black specialized in assisting companies with employee performance issues under the very rigid and complicated South African Labor Laws. Her duties included advising on action plans, legal measures, mediation, and moderating management-employee meetings to facilitate conflict resolution. Prior to joining Maytham and Associates, Lynn served 12 years as a Cabin Controller and recruiter for British Airways/Comair. Ms. Black studied Labor Relations at the University Of South Africa. Although Lynn is fairly new to the electric power industry, being on the Assistance team is providing a great learning opportunity, which she embraces enthusiastically.

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

24

Jennifer Blair, CFE

LG&E and KU Energy, LLC Senior Compliance Specialist

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Jennifer Blair is currently the Compliance Specialist at Louisville Gas & Electric and Kentucky Utilities, a diversified Energy Services Company headquartered in Louisville, Kentucky. Ms. Blair has held this position for the last four years. During her tenure at the company, she has coordinated and prepared for an onsite CIP audit, is responsible for helping lead the company’s transition to CIP Version 5, supporting the company’s day-to-day administration of the CIP compliance program, and serves as the point person for the company’s activities as it relates to CIP compliance monitoring and enforcement with the appropriate regulators. Prior to LG&E/KU, Ms. Blair worked in the banking industry as an operations supervisor responsible for conducting audits relating to various regulation and compliance processes, managing daily employee operations, and investigating and resolving escalated fraud issues to protect and mitigate risk to the assets of the company. Ms. Blair is a graduate of the University of Louisville with a Bachelor of Science in Business Administration with a focus in Finance. Ms. Blair also holds the Certified Fraud Examiner (CFE) certification from ACFE.

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

25

Jason Blake

SERC Reliability Corporation President and Chief Executive Officer

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Mr. Blake is President and CEO for SERC and is passionate about SERC’s mission, which is to reduce risks and ensure a reliable, resilient, and secure electric grid across 16 central and southeastern states. He leads with a commitment to operational excellence, innovation, continuous improvement, and deploying resources in an effective and efficient manner that adds value. Prior to joining SERC, Mr. Blake spent almost nine years serving as the Vice President and General Counsel for SERC’s northern neighbor and sister region, ReliabilityFirst. During that time, he helped lead RF through its start-up phase and into a sustainable risk-based organization focused on ensuring a reliable, resilient, and secure electric grid across the Mid-Atlantic and Great Lakes regions of the U.S. Prior to this, Mr. Blake developed broad business and regulatory experience through his private practice with large, corporate law firms located in Pittsburgh, Pennsylvania and then in Cleveland, Ohio. Mr. Blake is a graduate of the Ohio State University and the University of Pittsburgh School of Law. He also served on the Board of Directors for the American Heart Association for the Cleveland Metropolitan Area and enjoys volunteering to coach his children’s sports teams.

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

26

Daniel Bogle

North American Electric Reliability Corporation (NERC) Senior CIP Assurance Advisor

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Daniel serves as a Senior CIP Assurance Advisor in the NERC Grid Assurance group. In this position, Daniel works with the Assurance Team to providing oversight, guidance, and coordination in managing programs and processes to monitor, review, and evaluate program effectiveness of Electric Reliability Organization (ERO) Enterprise implementation of risk-based compliance monitoring and adherence to the NERC Rules of Procedure, Compliance Monitoring and Enforcement Program, and approved delegation agreements. Daniel joined the NERC CIP Assurance team in July 2018. Prior to NERC, Daniel served as IT Management Information Security at FERC. In this role, Daniel worked for the Office of Electric Reliability focusing on cyber security, specializing in industrial control system security since the mid 2000’s. In the course of working at FERC, Daniel has worked on every aspect of the CIP program including investigations, audits, processing penalties, and event analysis. The last few years at FERC, Daniel was head of the FERC CIP audit program and was the audit team lead for the FERC led CIP Audits.

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

27

Brandon Cain, MBA, CISSP, CCM

Southern Company CIP Compliance Assurance Manager

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Brandon Cain is the CIP Cyber Compliance Assurance Manager for Southern Company Operations, which includes NERC CIP compliance oversight of Southern Company Transmission, Southern Company Generation, and affiliate operating companies Alabama Power, Georgia Power, Mississippi Power, and Southern Power. Brandon began his CIP compliance assurance responsibilities for the NERC CIP Reliability Standards as a CIP Compliance Coordinator when he joined Southern Company in the spring of 2011, prior to assuming his current role in 2016. Previously, Brandon served the University of Alabama at Birmingham (UAB) as a policy and compliance specialist. In that capacity, he implemented various campus compliance programs, such as Payment Card Industry Data Security Standards (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA), and Family Educational Rights and Privacy Act (FERPA). Brandon has a Masters in Business Administration, a Bachelors in Information Systems Security Management (ISSM), and is a Certified Information System Security Professional and Certified Continuity Manager.

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

28

Todd Curl, NCSO

SERC Reliability Corporation Senior Manager of Compliance Monitoring

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Todd is currently responsible for managing all areas of Compliance Monitoring (in both Operations & Planning and Critical Infrastructure Protection areas), and Registration & Certification activities. Previously he was Manager of Compliance Programs which included Registration & Certification, Compliance Investigations, and Compliance Outreach. Todd joined SERC as an O&P Compliance Auditor in 2010, with about 29 years in the electric utility industry. Before joining SERC, Todd was a Senior System Operator at Southern Company’s Power Coordination Center in Birmingham, Alabama. Primary responsibilities included providing real-time monitoring and control decisions and direction for the 24/7 operation of the Southern Company bulk power system balancing area. He also was responsible for various aspects of reliably operating the bulk power system in a coordinated manner with the four Operating Company transmission control centers, generation operations, and neighboring utilities. He worked with a team of NERC certified operators balancing generation with load, keeping the transmission system reliable, and ensuring correct interchange power flows with neighbors. Todd also spent 10 years on Southern Company’s energy trading floor as an Energy Coordinator, providing economic evaluation and negotiation of next-hour power sales and purchases, and arranged for scheduling of transactions in a real time 24/7 operation. Todd also spent 17 years with Georgia Power Company as a Transmission Operator in Atlanta, and a Substation Maintenance electrician.

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

Todd has a Bachelor of Science degree in Business Administration, and an Executive Certificate in Organizational Leadership from the University of Notre Dame. Todd is also a NERC Certified System Operator with the Reliability Coordinator certification since 1999. Todd has also completed NERC Audit/Certification Team Leader and Compliance Investigation training, and is a member of the Institute of Internal Auditors.

29

David DeFalaise

FERC Office of Electric Reliability

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

David DeFalaise has worked 18 years as a Federal employee after eight years in the private sector. Prior to government service, David did about four years of database software development for law firms, and then four years of web development for dot-coms and telecoms. David also worked as a U.S. Navy civilian for ten years doing Supervisory Control and Data Acquisition (SCADA) and Industry Control Systems (ICS) development on Department of Defense gas and oil pipeline systems. He has now been at the Federal Energy Regulatory Commission for eight years working on the CIP Reliability Standards. Specifically, he managed and served as the technical reviewer for Order No. 791, Order No. 802, and Order No. 822. For the last few years David has worked on Commission-Led CIP audits, the 2017 and 2018 Lessons Learned from Commission-Led CIP Reliability Audits staff reports, and CIP Notice of Penalties that are filed with the Commission. David graduated with a degree in Mathematics from Saint Joseph’s University in Philadelphia.

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

30

Allan Long, PE

Memphis Light, Gas and Water Division Manager of Regulatory Compliance

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Allan Long joined Memphis Light, Gas, and Water Division (MLGW) in 1980 as part of the engineering team on a coal gasification synthetic fuels project for the U.S. Department of Energy. He has worked in a series of engineering and management positions that have given him over 34 years of experience in electric, gas, and water system design and utility business operations. Mr. Long was Supervisor of Residential Engineering for ten years, overseeing electric, gas, and water design, addressing assignment, and contract payments, as well serving as liaison with city planning agencies and other utilities. In 1998, he became the Supervisor of Electric Distribution Engineering, where he was responsible for service to major industrial and commercial electric customers, the downtown network distribution system, and street light engineering. Throughout this period, Mr. Long often served as a media spokesman for the Division and as its representative to the area’s Emergency Management Agency during utility crises. In 2009, Mr. Long led a team that secured a Smart Grid Investment Grant from the U.S. Department of Energy to build a $13 million communications and distribution automation project. He continues in the role of Project Manager for this effort. In 2010, MLGW registered with NERC as a Transmission Owner, Transmission Planner, Transmission Operator, and Distribution Provider. Mr. Long was selected as the Division’s first Manager of Regulatory Compliance to develop and oversee the Internal Compliance Program.

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

31

Nacy Millé, MBA, CISA

Entergy Manager, IT Regulatory Compliance & Continuous Improvement Nacy Millé leads Entergy IT and Information Security, Regulatory Compliance Program. Prior to joining Entergy in 2010, Nacy began his career in information technology and then advanced to internal auditing in the healthcare and oil & gas industries. Upon joining Entergy, Nacy first worked in the NERC Compliance division and then joined Information Security. Nacy’s responsibilities include critical infrastructure protection, regulatory compliance, Sarbanes Oxley, and cyber security. In addition, Nacy supports the nuclear cyber program, and was instrumental in the implementation of the Nuclear Cyber Milestone 8 project. With a broad portfolio of technical, security, compliance capabilities, and global experience, Nacy has a strong track-record of delivering successful NERC CIP projects, is highly regarded as a center-of- excellence for regulatory compliance, and he also speaks at industry events on critical infrastructure protection. Nacy holds a Bachelor of Science in Management Information Sciences with a concentration in Internal

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

Audit from Louisiana State University, as well as a Master of Science in Business Administration from the University of New Orleans. Nacy is also a Certified Information Systems Auditor (CISA).

32

Chris Murphy, MS, CISM

SERC Reliability Corporation CIP Auditor Chris Murphy joined SERC Reliability Corporation in September 2017.

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Formerly of Johnson & Johnson, Chris serves as a CIP Auditor. Prior to joining the Compliance Audit team, he was the SERC Program Manager Entity Assistance & Information Technology where he participated as a team member during Assistance Engagements. In addition, Chris also provides cybersecurity articles for the monthly newsletter on a regular basis. Mr. Murphy is a proven IT specialist with over 13 years of management experience in a fast-paced environment, 5 years of cyber security experience, and earned his Master’s degree in Cybersecurity, dual majoring in Cyber Forensics and Cyber Operations, from Utica College of Syracuse University. Utica College is designated by NSA and DHS as a National Center of Academic Excellence in Information Assurance and Cyber Defense Education. Chris is a versatile, efficient and reliable leader with excellent analytical abilities, technical skills, and the ability to learn new technologies.

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

33

Vijay Naik, CCNA

SERC Reliability Corporation CIP Auditor

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Vijay joined the CIP Compliance audit team at SERC Reliability Corporation in January 2019. Previously, Vijay worked for Georgia System Operations Corporation (GSOC) since 2014. During that time, he served as Principal Engineer - Security & Compliance. While at GSOC, he worked in the areas of Cyber Security, Audit and Compliance, and System Administration. Vijay has more than 17 years of information technology experience in system/threat intelligence, network infrastructure monitoring and compliance. He holds CCNA (Cisco Certified Network Associate) certification. Vijay holds a Bachelor of Computer Science degree.

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

34

Renny Ramai, MBA, CISA, NCSO

SERC Reliability Corporation Senior CIP Auditor

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Renny joined the CIP Compliance audit team at SERC Reliability Corporation in July 2019. Previously, Renny Ramai was the Manager of CIP Compliance with Florida Reliability Coordinating Council (FRCC) in Tampa, Florida. He held several roles including Manager of Compliance and Senior Compliance Auditor. He conducted both CIP and O&P audits, served as an Audit Team Lead or team member to ensure FRCC fulfilled its CMEP obligations, and worked for FRCC since 2008. Renny has more than 16 years of electric utility experience. He was the System Operations Manager at City of Homestead in Florida and was responsible for the 24x7 operations activities of a BA/TOP/GO/GOP control center, operational planning, energy and gas marketing, EMS system, substations, telecommunication, compliance, training and all other system support activities. Renny holds a diploma in Mechanical/Electrical Engineering Technology from San Fernando Technical Institute (Trinidad), an A.A. degree in Electrical Engineering from Miami Dade College, a bachelor’s degree in Business Administration, graduating with Honors, and a Master’s in Business Administration from Florida International University. He is certified as a Certified Information System Auditor (CISA) and a NERC Reliability Coordinator.

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

35

Eric Scott

Ameren Corporation Director Reliability Standards Compliance

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Eric Scott is the Director Reliability Standards Compliance for Ameren Corporation, headquartered in St. Louis, Missouri. He is responsible for overseeing and managing Ameren’s compliance with NERC reliability standards. He also coordinates the NERC and regional entity advocacy efforts for Ameren. Eric has been in the utility industry for 20 years. He started his career at Associated Electric Cooperative Inc. in 1999 working in various roles before joining Ameren in 2008. His experience includes power marketing, resource planning, financial planning, financial audits, risk management, development of policies and procedures, SOX compliance, and NERC compliance. He has worked in the NERC compliance and standards development area since 2007 helping participate in the drafting of the NERC CIP standards.

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

36

Zeeshan Sheikh

Entergy Corporation Vice President, Chief Information Officer Zeeshan Sheikh became Entergy’s chief information officer in January 2014. He leads the company’s information technology function in both daily operational and strategic roles. Prior to becoming CIO Sheikh served at Entergy in a variety of roles over more than a decade, supporting the company’s nuclear, transmission, system planning and operations, fossil and wholesale commodities organizations. Sheikh began his career in 1997 as an engineering assistant for Con Edison at Indian Point Energy Center, later transitioning to an IT role there. He joined Entergy in 2001 when the company acquired Indian Point Unit 2. Sheikh became the site’s IT manager in 2004 and the nuclear fleet’s senior IT manager in 2008. In 2010 Sheikh became Entergy’s business unit CIO for all of the operations side of the business, with accountability for consolidating IT functions across various business units and improving Entergy’s critical infrastructure protection program.

Agenda WebEx Logon 2019 Upcoming Events 2020 Outreach Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

He has led a number of significant projects designed to improve the reliability and efficiency of the company’s SCADA systems, which are used to monitor and control plant operations. From 2008 to 2010, Sheikh built, managed and decommissioned a spin-off company for Entergy. Sheikh received a Bachelor of Science degree in economics from Rutgers University.

37

Clay Shropshire, MBA, CPP, PSP, CPTED

SERC Reliability Corporation CIP Compliance Auditor D. Clay Shropshire, MBA, CPP, PSP, CPTED Practitioner, has successfully completed the Fundamentals of Auditing (FOA) and Audit Team Lead (ATL) training courses for NERC Compliance. Mr. Shropshire has over six years of experience as a CIP compliance auditor for the SERC region and four years of experience as a consultant conducting mock CIP audits for electric utilities across the country. Prior to joining SERC, Clay Shropshire spent 29 years in the field of security systems design, systems engineering, project management, and consulting, primarily in designated U.S. critical infrastructure industries. Mr. Shropshire specialized in providing consulting services pertaining to: NERC CIP Compliance; physical and information protection programs (assessments, systems design, systems engineering, policy & procedures); security master planning; security project management; regulatory compliance; business continuity planning; security awareness & training programs; in-depth needs and security assessments; physical protection systems design using access control, biometrics, badging, CCTV, video recording, video display, intrusion detection, perimeter systems, fire alarm, life-safety, code blue,

Agenda WebEx Logon 2019 Outreach

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

intercom, paging, and specialty electronics systems; and project management. Throughout his career, Clay has designed, engineered, and managed security projects for hundreds of clients, including many of the Fortune 500 in the utility industry, including electric utilities, natural gas companies, and water treatment facilities as well as for one of the top three telecommunications companies, top-tier financial institutions, automobile companies, hospitals, high-rise office buildings, college campuses, retail distribution centers, government facilities, military installations, retail chain headquarters and stores, greeting card companies and manufacturing plants.

38

Matt Stryker, PSP, CISSP

SERC Reliability Corporation Senior CIP Compliance Auditor Matt joined the CIP Compliance audit team at SERC Reliability Corporation in January 2019. Previously, Matt Stryker was a Supervisor of CIP with Georgia System Operations Corporation (GSOC) in Tucker, Georgia. He worked in the Security Operations department on both physical and electronic security processes in support of Georgia Transmission (GTC) and GSOC’s compliance with the NERC CIP Reliability Standards. Mr. Stryker performed similar roles as a Group Lead of CIP for Georgia Transmission Corporation (GTC) since 2012. Previously, Mr. Stryker held positions as a Senior CIP Compliance Auditor and later as the Manager of CIP Compliance Monitoring at SERC Reliability Corporation. He served as an Audit Team Lead or team member during audits of compliance with NERC Reliability Standards in the SERC Region. Matt has more than 15 years of security experience in asset management, physical security, network operations, and compliance. Matt holds the ASIS Physical Security Professional (PSP) and the ISC 2 Certified Information Systems Security Professional (CISSP) certifications. Matt holds a Bachelor of Science degree in Management from Georgia Tech.

Agenda WebEx Logon 2019 Outreach

Antitrust Guidelines Confidentiality Policy Standards of Conduct Acronyms Questions for SERC

Registered Entity Forum REF Steering Committee Speaker Bios Click on speaker’s name in agenda.

39

Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 13 Page 14 Page 15 Page 16 Page 17 Page 18 Page 19 Page 20 Page 21 Page 22 Page 23 Page 24 Page 25 Page 26 Page 27 Page 28 Page 29 Page 30 Page 31 Page 32 Page 33 Page 34 Page 35 Page 36 Page 37 Page 38 Page 39 Page 40 Page 41 Page 42

www.serc1.org

Made with FlippingBook - Online magazine maker