CIP-013-AB-2, CIP-003-AB-8, CIP-005-AB-7 & CIP-010-AB-4

Consultation has concluded

Forwarding Notice Forwarded and Approved

A forwarding notice for approval of proposed new CIP-013 and Supporting Standards was submitted on July 25, 2023 to the Alberta Utilities Commission. The AUC issued Decision 28354-D01-2023 on Aug. 25, 2022 approving proposed new CIP-013-AB-2 and Supporting Standards (CIP-003-AB-8, CIP-005-AB-7, CIP-010-AB-4), proposed new CIP-PLAN-AB-2 and retirement of existing CIP-003-AB-5, CIP-005-AB-5, CIP-010-AB-1, CIP-PLAN-AB-1 effective Oct. 1, 2024 (except for CIP-003-AB-8, requirement R2, which will have a staggered implementation timeline as detailed within the AESO’s application).

For information regarding the decision please visit the Commission’s eFiling site and go to proceeding #28354.

Background

The AESO consulted with Stakeholders on the CIP-013 (Critical Infrastructure Protection) and supporting standards (adoption of CIP-003-AB-8, CIP-005-AB-7, CIP-010-AB-4, CIP-013-AB-2 and the retirement of CIP-003-AB-5, CIP-005-AB-5 and CIP-010-AB-1) which are focused on addressing new cyber security challenges facing the Alberta Interconnected Electric System (AIES). Adoption of CIP-003-AB-8, CIP-005-AB-7, CIP-010-AB-4 and CIP-013-AB-2 will require all Responsible Entities with high-, medium-, and low-impact Bulk Electric System (BES) cyber systems to implement supply chain security.

A forwarding notice for approval of proposed new CIP-013 and Supporting Standards was submitted on July 25, 2023 to the AUC.

Forwarding Notice Forwarded and Approved

A forwarding notice for approval of proposed new CIP-013 and Supporting Standards was submitted on July 25, 2023 to the Alberta Utilities Commission. The AUC issued Decision 28354-D01-2023 on Aug. 25, 2022 approving proposed new CIP-013-AB-2 and Supporting Standards (CIP-003-AB-8, CIP-005-AB-7, CIP-010-AB-4), proposed new CIP-PLAN-AB-2 and retirement of existing CIP-003-AB-5, CIP-005-AB-5, CIP-010-AB-1, CIP-PLAN-AB-1 effective Oct. 1, 2024 (except for CIP-003-AB-8, requirement R2, which will have a staggered implementation timeline as detailed within the AESO’s application).

For information regarding the decision please visit the Commission’s eFiling site and go to proceeding #28354.

Background

The AESO consulted with Stakeholders on the CIP-013 (Critical Infrastructure Protection) and supporting standards (adoption of CIP-003-AB-8, CIP-005-AB-7, CIP-010-AB-4, CIP-013-AB-2 and the retirement of CIP-003-AB-5, CIP-005-AB-5 and CIP-010-AB-1) which are focused on addressing new cyber security challenges facing the Alberta Interconnected Electric System (AIES). Adoption of CIP-003-AB-8, CIP-005-AB-7, CIP-010-AB-4 and CIP-013-AB-2 will require all Responsible Entities with high-, medium-, and low-impact Bulk Electric System (BES) cyber systems to implement supply chain security.

A forwarding notice for approval of proposed new CIP-013 and Supporting Standards was submitted on July 25, 2023 to the AUC.

  • CLOSED: This survey has concluded.

    Written Consultation 2 | Material Stakeholder Feedback

    The AESO is seeking a final round of written comments from Stakeholders on the CIP-013 and Supporting Standards and CIP-PLAN-AB-2.  The AESO values stakeholder feedback and invites all interested stakeholders to provide their comments via the Stakeholder Feedback survey on or before May 23, 2023.

    Instructions

    1.  To submit your feedback, you will need to be registered and signed in on the AESO Engage platform.
    2. Please click on the "Complete Stakeholder Feedback" box below to provide your specific comments.
    3. Please submit one completed Stakeholder Feedback survey per organization.
    4. Stakeholder Feedback results will be posted on AESO Engage, in their original state.
    5. Responses due on or before May 23, 2023.

    Stakeholder Questions:

    1. Is there any instance where the AESO's approach of aligning with NERC causes concern related to the draft proposed new CIP-003-AB-8, Cyber Security - Security Management Controls (“CIP-003-AB-8")? If so, please elaborate.
    2. Do you agree that the proposed new CIP-003-AB-8 is not technically deficient? If not, why?
    3. Do you agree that the proposed new CIP-003-AB-8 supports the public interest? If not, why?
    4. Is there any instance where the AESO's approach of aligning with NERC causes concern related to the draft proposed new CIP-005-AB-7, Cyber Security - Electronic Security Perimeter(s) (“CIP-005-AB-7")? If so, please elaborate.
    5. Do you agree that the proposed new CIP-005-AB-7 is not technically deficient? If not, why?
    6. Do you agree that the proposed new CIP-005-AB-7 supports the public interest? If not, why?
    7. Is there any instance where the AESO's approach of aligning with NERC causes concern related to the draft proposed new CIP-010-AB-4, Cyber Security - Configuration Change Management and Vulnerability Assessments (“CIP-010-AB-4")? If so, please elaborate.
    8. Do you agree that the proposed new CIP-010-AB-4 is not technically deficient? If not, why?
    9. Do you agree that the proposed new CIP-010-AB-4 supports the public interest? If not, why?
    10. Is there any instance where the AESO's approach of aligning with NERC causes concern related to the draft proposed new CIP-013-AB-2, Cyber Security - Supply Chain Risk Management (“CIP-013-AB-2")? If so, please elaborate.
    11. Do you agree that the proposed new CIP-013-AB-2 is not technically deficient? If not, why?
    12. Do you agree that the proposed new CIP-013-AB-2 supports the public interest? If not, why?
    13. Is there any instance where the AESO's approach of aligning with NERC causes concern related to the proposed new CIP-PLAN-AB-2, Cyber Security – Implementation Plan for CIP Security Standards (“CIP-PLAN-AB-2")? If so, please elaborate.
    14. Do you agree that the proposed new CIP-PLAN-AB-2 is not technically deficient? If not, why?
    15. Do you agree that the proposed new CIP-PLAN-AB-2 supports the public interest? If not, why?
    16. Do you have any questions, concerns, or comments related to the AESO’s Consolidated Authoritative Document Glossary (“CADG”) terms that the AESO plans to use to replace terms found in NERC’s Glossary of Terms in CIP standards? If so, please elaborate.
    17. Is there any instance where the AESO's approach of aligning with NERC causes concern related to the proposed new authoritative term transient cyber asset? If so, please elaborate.
    18. Is there any instance where the AESO's approach of aligning with NERC causes concern related to the proposed new authoritative term removable media? If so, please elaborate.
    19. Do you have any questions, concerns, or comments related to the proposed amended AESO information document, ID #2015-003RS, Guidance Information for CIP Standards? If so, please elaborate.
    20. Do you have any questions, concerns, or comments related to the proposed AESO Reliability Standard Audit Worksheet for CIP-003-AB-8? If so, please elaborate.
    21. Do you have any questions, concerns, or comments related to the proposed AESO Reliability Standard Audit Worksheet for CIP-005-AB-7? If so, please elaborate.
    22. Do you have any questions, concerns, or comments related to the proposed AESO Reliability Standard Audit Worksheet for CIP-010-AB-4? If so, please elaborate.
    23. Do you have any questions, concerns, or comments related to the proposed AESO Reliability Standard Audit Worksheet for CIP-013-AB-2? If so, please elaborate.
    24. The AESO is targeting an effective date of October 1, 2024 for CIP-013 and supporting standards. How could the AESO work with you to ameliorate your concerns? If so, please elaborate and indicate a reasonable alternative timeline.
    25. Do you have any questions, comments, or concerns with the proposed retirement of the existing CIP-003-AB-5, CIP-005-AB-5, or CIP-010-1? If so, please elaborate.
    26. If necessary, please upload any additional supporting documentation.
    Consultation has concluded
  • CLOSED: This survey has concluded.

    Written Consultation 2 | Pilot Stakeholder Feedback

    The AESO is seeking a final round of written comments from Stakeholders on the CIP-013 and Supporting Standards Pilot.  The AESO values stakeholder feedback and invites all interested stakeholders to provide their comments via the Stakeholder Feedback survey on or before May 23, 2023.

    Instructions

    1.  To submit your feedback, you will need to be registered and signed in on the AESO Engage platform.
    2. Please click on the "Complete Stakeholder Feedback" box below to provide your specific comments.
    3. Please submit one completed Stakeholder Feedback survey per organization.
    4. Stakeholder Feedback results will be posted on AESO Engage, in their original state.
    5. Responses due on or before May 23, 2023.

    Stakeholder Questions:

    1. Do you agree with the approach the AESO used with the CIP Pilot project of developing a subset of the NERC CIP standards related to supply chain security, rather than fully align with all NERC CIP standards at one time? If not, why not?
    2. Do you agree with the approach the AESO used with the CIP Pilot project of setting, and honoring, aggressive development timelines? If not, why not?
    3. As a result of having early access and an opportunity to discuss the RSAW content, do you have an increased level of confidence in your understanding of the reliability standard requirements. If not, why not?
    4. Do you agree with how the AESO referenced NERC guidance material in the ID. If not, why not?
    5. Do you agree with the CIP ID content being consolidated into 1 ID? If not, why not?
    6. Do you have any other comments, questions or concerns related to the piloted ID structure?
    7. As a result of having early access and an opportunity to discuss the RSAW content, do you have an increased level of confidence in your ability to implement, including your ability to gather evidence to demonstrate compliance?
    8. The AESO gave, at minimum 3 weeks for stakeholders to review key material prior to hosting a session to discuss it. Did you have enough time to review material? If not, how much time is needed?
    9. The AESO strives to make all material easily accessible to stakeholders. Are there any comments, questions, or concerns regarding the AESO Engage project webpage accessibility? If so, please elaborate.
    10. Do you have any suggestions or comments on what else the AESO could have included or piloted within this CIP-013 and Supporting Standards Pilot?
    11. Do you have any suggestions or comments on what aspects of the pilot should be adopted by the AESO as a permanent change to the ARS Program?
    12. If necessary, please upload any additional supporting documentation.
    Consultation has concluded
  • CLOSED: This survey has concluded.

    March 16, 2023 Reliability Standards Workshop Stakeholder Feedback

    March 16, 2023 Reliability Standards Workshop Stakeholder Feedback

    The AESO is seeking post-session feedback on the Reliability Standards Workshop held on March 16, 2023 from 9 a.m. to 12:30 p.m.  The AESO values stakeholder feedback and invites all interested stakeholders to provide their comments via the Stakeholder Feedback survey on or before March 30, 2023.

    Instructions

    1.  To submit your feedback, you will need to be registered and signed in on the AESO Engage platform.
    2. Please click on the "Complete Stakeholder Feedback" box below to provide your specific comments.
    3. Please submit one completed Stakeholder Feedback survey per organization.
    4. Stakeholder Feedback results will be posted on AESO Engage, in their original state.
    5. Responses due on or before March 30, 2023

    Stakeholder Questions:

    1. If the AESO hosts a second Reliability Standards Workshop (RSW) for CIP-013 and Supporting Standards, what topics would you like to see covered?
    2. Do you have any additional comments related to CIP-013-AB-2 and Supporting Standards or the reference material posted? If yes, please specify.
    3. Do you have any follow up questions or comments related to the AESO replies to Stakeholder comments on CIP-013-AB-2 and Supporting Standards? If so, please specify.
    4. Is there any feedback you would like to provide the AESO with respect to the Reliability Standards Workshop hosted on March 16, 2023? Was there something the AESO could have done to make the session more helpful? If yes, please specify.
    5. This is the first time the AESO has used AESO Engage for an ARS Development Project. Do you have any suggested improvements for the AESO Engage Stakeholder Engagement webpage? If yes, please specify
    6. Is there any content in the CIP-013-AB-2 and Supporting Standards RSAWs that is not clearly articulated? If yes, please indicate the specific section of the draft RSAWs, describe the concern, and suggest alternative language.
    7. Is there any additional content that you would like to see in the CIP-013-AB-2 and Supporting Standards RSAWs? If yes, please specify.
    8. Do you have any other feedback on the CIP-013-AB-2 and Supporting Standards Reliability Standards Audit Worksheets (RSAW)?
    Consultation has concluded