WG10FutureWork #5102
Control of LN.Mod without using MMS
Added by Michael Haecker about 3 years ago.
Updated over 2 years ago.
Discuss in Upcoming Meeting:
No
Description
From WG 10 meeting October 2021, TF Golden SLD
For reasons of C/S users perfer to restrict traffic on process level busses to GOOSE and SV, no MMS. Without MMS, how to control LN.Mod, for activating the test mode, e.g.)?
Files
Proposal descriptions
Choices are decided by ESP.
Utilities should use (secure) MMS if needed (in order to change the LN.Mod).
Recommendations do not standardize how to use GOOSE for this.
GOOSE should not be used to switch Mod.
TF Golden SLD shall use MMS for this.
- TF Unique ID deleted (
WG 10 - 2021-10_1)
This issue has been discussed in TF Controls between functions teleconference, the 9th of December, 2021.
If MMS is not implemented, the only way to activate test mode with GOOSE will be to add additional transient DO SPS in the data model as illustrated in the figure attached 
However, this is not a solution that we would like to promote. So, we don't plan to document it in TR.
Different Scenarios
1.All MMS Disabled – Utility Decision (NERC letter seeking clarification)
2.All MMS not supported – Vendor (Not an option)
3.MMS Controls Disabled - Utility Decision (NERC letter seeking clarification)
4.GOOSE Control without Security - Utility Decision (C.Camelis TF)
5.GOOSE Control with Security - Utility Decision (WG15 recommendation)
6.R-GOOSE without Security - Utility Decision (Need to more guidelines and conformance testing)
7.R-GOOSE with Security - Utility Decision (WG15 recommendation)
- Status changed from Accepted to In Progress
- Discuss in Upcoming Meeting changed from Yes to No
After WG10 plenary discussion on 11th February 2022, the only standardized way of executing control model is by MMS except for control between C-LN and process interface logical nodes as defined in 7-4/7-500.
- Assignee changed from Michael Haecker to Herbert Falk
As assigned, I have contacted NERC via email and have had a verbal discussion with the compliance department. The question I asked was:
"The basic question is, with appropriate mitigations and processes in place, does NERC CIP allow the use of routable protocols regardless of the BES clarification (e.g. High, Medium, and Low)?:
As I expected, the verbal response was of course it is allowed. A formal response is forthcoming.
Here is the response from NERC Compliance:
"
Thanks for the question. The NERC CIP Standards do not prohibit registered entities from using routable protocols for BES Cyber Systems (High, Medium, or Low). However, the Standards do require additional controls for the BES Cyber Systems that are using routable protocols, and those are outlined in each Standard/Requirement. For example, CIP-007-6 R1, Part 1.1. outlines additional controls for medium impact BES Cyber Systems with External Routable Connectivity, among others.
Let me know if you have any further questions.
Lonnie
Lonnie J Ratliff, CISSP, CISA
Senior Manager, Cyber and Physical Security Assurance
North American Electric Reliability Corporation
"
- Status changed from In Progress to Closed
- % Done changed from 0 to 100
- Proposal descriptions updated (diff)
Also available in: Atom
PDF