81_FR_88 81 FR 87 - Revised Critical Infrastructure Protection Reliability Standards; Supplemental Notice of Agenda and Discussion Topics for Staff Technical Conference

81 FR 87 - Revised Critical Infrastructure Protection Reliability Standards; Supplemental Notice of Agenda and Discussion Topics for Staff Technical Conference

DEPARTMENT OF ENERGY
Federal Energy Regulatory Commission

Federal Register Volume 81, Issue 1 (January 4, 2016)

Page Range87-88
FR Document2015-33035

Federal Register, Volume 81 Issue 1 (Monday, January 4, 2016) 
[Federal Register Volume 81, Number 1 (Monday, January 4, 2016)]
[Notices]
[Pages 87-88]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2015-33035]


-----------------------------------------------------------------------

DEPARTMENT OF ENERGY

Federal Energy Regulatory Commission

[Docket No. RM15-14-000]


Revised Critical Infrastructure Protection Reliability Standards; 
Supplemental Notice of Agenda and Discussion Topics for Staff Technical 
Conference

    This notice establishes the agenda and topics for discussion at the 
technical conference to be held on January 28, 2016, to discuss issues 
related to supply chain risk management. The technical conference will 
start at 9:30 a.m. and end at approximately 4:30 p.m. (Eastern Time) in 
the Commission Meeting Room at the Commission's Headquarters, 888 First 
Street NE., Washington, DC. The technical conference will be led by 
Commission staff, and FERC Commissioners may be in attendance. All 
interested parties are invited to attend, and registration is not 
required.
    The topics and related questions to be discussed during this 
conference are provided as an attachment to this Notice. The purpose of 
the technical conference is to facilitate a structured dialogue on 
supply chain risk management issues identified by the Commission in the 
Revised Critical Infrastructure Protection Standards Notice of Proposed 
Rulemaking (NOPR) issued in this proceeding and raised in public 
comments to the NOPR. Prepared remarks will be presented by invited 
panelists.
    This event will be webcast and transcribed. The free webcast allows 
listening only. Anyone with internet access who desires to listen to 
this event can do so by navigating to the ``FERC Calendar'' at 
www.ferc.gov, and locating the technical conference in the Calendar of 
Events. Opening the technical conference in the Calendar of Events will 
reveal a link to its webcast. The Capitol Connection provides technical 
support for the webcast and offers the option of listening to the 
meeting via phone-bridge for a fee. If you have any questions, visit 
www.CapitolConnection.org or call 703-993-3100. The webcast will be 
available on the Calendar of Events at www.ferc.gov for three months 
after the conference. Transcripts of the conference will be immediately 
available for a fee from Ace-Federal Reporters, Inc. (202-347-3700).
    FERC conferences are accessible under section 508 of the 
Rehabilitation Act of 1973. For accessibility accommodations, please 
send an email to [email protected] or call toll free (866) 208-
3372 (voice) or (202) 502-8659 (TTY), or send a fax to (202) 208-2106 
with the requested accommodations.
    There is no fee for attendance. However, members of the public are 
encouraged to preregister online at: https://www.ferc.gov/whats-new/registration/01-28-16-form.asp.
    For more information about the technical conference, please 
contact: Sarah McKinley, Office of External Affairs, 202-502-8368, 
[email protected].

Critical Infrastructure Protection Supply Chain Risk Management RM15-
14-000

January 28, 2016

Agenda
Welcome and Opening Remarks by Commission Staff
9:30-9:45 a.m.
Introduction
    In a July 16, 2015 Notice of Proposed Rulemaking (NOPR) in the 
above-captioned docket, the Commission proposed to direct the North 
American Electric Reliability Corporation (NERC) to develop new or 
modified Critical Infrastructure Protection (CIP) Reliability Standards 
to provide security controls relating to supply chain risk management 
for industrial control system hardware, software, and services. The 
Commission sought and received comments on this proposal, including: 
(1) The NOPR proposal to direct that NERC develop a Reliability 
Standard to address supply chain risk management; (2) the anticipated 
features of, and requirements that should be included in, such a 
standard; and (3) a reasonable timeframe for development of a standard. 
The purpose of this conference is to clarify issues, share information, 
and determine the proper response to address security control and 
supply chain risk management concerns.
Staff Presentation: Supply Chain Efforts by Certain Other Federal 
Agencies
9:45 a.m.-10:05 a.m.

[[Page 88]]

Break
10:05 p.m.-10:15 p.m.
Panel 1: Need for a New or Modified Reliability Standard
10:15 a.m.-11:45 a.m.
    The Commission staff seeks information about the need for a new or 
modified Reliability Standard to manage supply chain risks for 
industrial control system hardware, software, and computing and 
networking services associated with bulk electric system operations. 
Panelists are encouraged to address:
     Identify challenges faced in managing supply chain risk.
     Describe how the current CIP Standards provide supply 
chain risk management controls.
     Describe how the current CIP Standards incentivize or 
inhibit the introduction of more secure technology.
     Identify possible other approaches that the Commission can 
take to mitigate supply chain risks.
Panelists:
    1. Nadya Bartol, Vice President, Industry Affairs and Cybersecurity 
Strategist, UTC
    2. Jon Boyens, Project Manager, Information Communication 
Technology (ICT) Supply Chain Risk Management, National Institute of 
Standards & Technology (NIST)
    3. John Galloway, Director, Cyber Security, ISO New England
    4. John Goode, Chief Information Officer/Senior Vice President, 
Midcontinent Independent System Operator (MISO)
    5. Barry Lawson, Associate Director, Power Delivery & Reliability, 
National Rural Electric Cooperative Association (NRECA)
    6. Helen Nalley, Compliance Director, Southern Company
    7. Jacob Olcott, Vice President of Business Development, Bitsight 
Tech
    8. Marcus Sachs, Senior Vice President and Chief Security Officer, 
North American Electric Reliability Corporation (NERC)
Lunch
11:45 a.m.-1:00 p.m.
Panel 2: Scope and Implementation of a New or Modified Standard
1:00 p.m.-2:30 p.m.
    The Commission staff seeks information about the scope and 
implementation of a new or modified Standard to manage supply chain 
risks for industrial control system hardware, software, and computing 
and networking services associated with bulk electric system 
operations. Panelists are encouraged to address:
     Identify types of assets that could be better protected 
with a new or modified Standard.
     Identify supply chain processes that could be better 
protected by a Standard.
     Identify controls or modifications that could be included 
in the Standard.
     Identify existing mandatory or voluntary standards or 
security guidelines that could form the basis of the Standard.
     Address how the verification of supply chain risk 
mitigation could be measured, benchmarked and/or audited.
     Present and justify a reasonable timeframe for development 
and implementation of a Standard.
     Discuss whether a Standard could be a catalyst for 
technical innovation and market competition.
Panelists:
    1. Michael Kuberski, Manager, Grid Protection and Automation, Pepco 
Holdings Inc. (PHI)
    2. Jonathan Appelbaum, Director, NERC Compliance, The United 
Illuminating Company
    3. Brent Castegnetto, Manager, Cyber Security Audits & 
Investigations, WECC
    4. Art Conklin, Ph.D., Associate Professor and Director of the 
Center for Information Security Research and Education, University of 
Houston
    5. Edna Conway, Chief Security Officer, Value Chain Security, Cisco
    6. Bryan Owen, Principal Cyber Security Manager, OSIsoft
    7. Albert Ruocco, Vice President and Chief Technology Officer, 
American Electric Power (AEP)
    8. Doug Thomas, Vice President and Chief Information Officer, 
Ontario Independent Electricity System Operation (IESO)
Break
2:30 p.m.-2:45 p.m.
Panel 3: Current Supply Chain Risk Management Practices and 
Collaborative Efforts
2:45 p.m.-4:15 p.m.
    The Commission staff seeks information about existing supply chain 
risk management efforts for information and communications technology 
and industrial control system hardware, software, and services in other 
critical infrastructure sectors and the government. Panelists are 
encouraged to address:
     Generally describe how registered entities and other 
organizations currently manage supply chain issues.
     Identify standards or guidelines that are used to 
establish supply chain risk management practices. Specifically, discuss 
experience under those standards or guidelines.
     Identify organizational roles involved in the development 
and implementation of supply chain risk management practices.
     Generally describe approaches for identifying, evaluating, 
mitigating, and monitoring supply chain risk.
     Generally discuss how supply chain risk is addressed in 
the contracting process with vendors and suppliers.
     Generally describe the capabilities that registered 
entities currently have to inspect third party information security 
practices.
     Generally describe the capabilities that registered 
entities currently have to negotiate for additional security in their 
hardware, software, and service contracts. Describe how this may vary 
based on the potential vendor or supplier and the type of service to be 
provided.
     Generally describe how vendors and suppliers are managing 
risk in their supply chain.
Panelists:
    1. Douglas Bauder, Vice President, Operational Services, and Chief 
Procurement Officer, Southern California Edison
    2. Andrew Bochman, Senior Cyber & Energy Security Strategist, INL/
DOE
    3. Dave Whitehead, Vice President of Research and Development, 
Schweitzer Engineering
    4. Andrew Ginter, Vice President, Industrial Security, Waterfall 
Security Solutions
    5. Steve Griffith, Industry Director, National Electrical 
Manufacturers Association (NEMA)
    6. Maria Jenks, Vice President, Supply Chain, Kansas City Power & 
Light (KCP&L)
    7. Robert McClanahan, Vice President/Chief Information Officer, 
Arkansas Electric Cooperative Corporation (AECC)
    8. Thomas O'Brien, Chief Information Officer, PJM Interconnection, 
LLC
4:15 p.m.-4:30 p.m. Closing Remarks

    Dated: December 28, 2015.
Nathaniel J. Davis, Sr.,
Deputy Secretary.
[FR Doc. 2015-33035 Filed 12-31-15; 8:45 am]
 BILLING CODE 6717-01-P

Vol. 81 Friday, No. 88 May 6, 2016 Pages 27295–27982 OFFICE OF THE FEDERAL REGISTER sradovich on DSK3TPTVN1PROD with FRONT MATTER_WS VerDate Sep 11 2014 21:16 May 05, 2016 Jkt 238001 PO 00000 Frm 00001 Fmt 4710 Sfmt 4710 E:\FR\FM\06MYWS.LOC 06MYWS

II Federal Register / Vol. 81, No. 88 / Friday, May 6, 2016 The FEDERAL REGISTER (ISSN 0097–6326) is published daily, SUBSCRIPTIONS AND COPIES Monday through Friday, except official holidays, by the Office PUBLIC of the Federal Register, National Archives and Records Administration, Washington, DC 20408, under the Federal Register Subscriptions: Act (44 U.S.C. Ch. 15) and the regulations of the Administrative Paper or fiche 202–512–1800 Committee of the Federal Register (1 CFR Ch. I). The Assistance with public subscriptions 202–512–1806 Superintendent of Documents, U.S. Government Publishing Office, Washington, DC 20402 is the exclusive distributor of the official General online information 202–512–1530; 1–888–293–6498 edition. Periodicals postage is paid at Washington, DC. Single copies/back copies: The FEDERAL REGISTER provides a uniform system for making Paper or fiche 202–512–1800 available to the public regulations and legal notices issued by Assistance with public single copies 1–866–512–1800 Federal agencies. These include Presidential proclamations and (Toll-Free) Executive Orders, Federal agency documents having general FEDERAL AGENCIES applicability and legal effect, documents required to be published Subscriptions: by act of Congress, and other Federal agency documents of public interest. Assistance with Federal agency subscriptions: Documents are on file for public inspection in the Office of the Email FRSubscriptions@nara.gov Federal Register the day before they are published, unless the Phone 202–741–6000 issuing agency requests earlier filing. For a list of documents currently on file for public inspection, see www.ofr.gov. The seal of the National Archives and Records Administration authenticates the Federal Register as the official serial publication established under the Federal Register Act. Under 44 U.S.C. 1507, the contents of the Federal Register shall be judicially noticed. The Federal Register is published in paper and on 24x microfiche. It is also available online at no charge at www.fdsys.gov, a service of the U.S. Government Publishing Office. The online edition of the Federal Register is issued under the authority of the Administrative Committee of the Federal Register as the official legal equivalent of the paper and microfiche editions (44 U.S.C. 4101 and 1 CFR 5.10). It is updated by 6:00 a.m. each day the Federal Register is published and includes both text and graphics from Volume 59, 1 (January 2, 1994) forward. For more information, contact the GPO Customer Contact Center, U.S. Government Publishing Office. Phone 202-512-1800 or 866-512- 1800 (toll free). E-mail, gpocusthelp.com. The annual subscription price for the Federal Register paper edition is $749 plus postage, or $808, plus postage, for a combined Federal Register, Federal Register Index and List of CFR Sections Affected (LSA) subscription; the microfiche edition of the Federal Register including the Federal Register Index and LSA is $165, plus postage. Six month subscriptions are available for one-half the annual rate. The prevailing postal rates will be applied to orders according to the delivery method requested. The price of a single copy of the daily Federal Register, including postage, is based on the number of pages: $11 for an issue containing less than 200 pages; $22 for an issue containing 200 to 400 pages; and $33 for an issue containing more than 400 pages. Single issues of the microfiche edition may be purchased for $3 per copy, including postage. Remit check or money order, made payable to the Superintendent of Documents, or charge to your GPO Deposit Account, VISA, MasterCard, American Express, or Discover. Mail to: U.S. Government Publishing Office—New Orders, P.O. Box 979050, St. Louis, MO 63197-9000; or call toll free 1-866-512-1800, DC area 202-512-1800; or go to the U.S. Government Online Bookstore site, see bookstore.gpo.gov. There are no restrictions on the republication of material appearing in the Federal Register. How To Cite This Publication: Use the volume number and the page number. Example: 81 FR 12345. Postmaster: Send address changes to the Superintendent of sradovich on DSK3TPTVN1PROD with FRONT MATTER_WS Documents, Federal Register, U.S. Government Publishing Office, Washington, DC 20402, along with the entire mailing label from the last issue received. . VerDate Sep 11 2014 21:16 May 05, 2016 Jkt 238001 PO 00000 Frm 00002 Fmt 4710 Sfmt 4710 E:\FR\FM\06MYWS.LOC 06MYWS


Document Created: 2015-12-31 23:05:22
Document Modified: 2015-12-31 23:05:22
CategoryRegulatory Information
CollectionFederal Register
sudoc ClassAE 2.7:
GS 4.107:
AE 2.106:
PublisherOffice of the Federal Register, National Archives and Records Administration
SectionNotices
FR Citation81 FR 87 
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR