0 width=100%>Yahoo! is not affiliated with the authors of this page or responsible for its content.
Project Authorization Request (PAR)
Sherry
Hampton/STDS/STAFF/
US/IEEE
10/02/2007 10:34 PM
To am.sahazizian@hydroone.com
cc rsnowell@southernco.com, stds-pes-scc@ieee.org,
samuels@microsol.com, Matthew
Ceglia/STDS/STAFF/US/IEEE@IEEE
bcc
Subject Approval of Project - P1686
02 October 2007
Anne-Marie Sahazizian
Hydro One Inc.
483 Bay St. (TCT13)
Toronto, Ontario M5G 2P5
am.sahazizian@hydroone.com
Re: P1686 - Standard for Substation Intelligent Electronic Devices (IED) Cyber Security
Capabilities
Dear Anne-Marie:
I am pleased to inform you that on 27 September 2007 the IEEE-SA Standards Board approved
the above referenced project until 31 December 2009. A copy of the file can be found on our
website at
http://standards.ieee.org/board/nes/projects/1686.pdf
.
Now that your project has been approved, please forward a roster of participants involved in the
development of this project. This request is in accordance with the IEEE-SA Operations Manual,
Clause 5.1.2i under Duties of the Sponsor which states:
"Submit annually to the IEEE Standards Department an electronic roster of individuals
participating on standards projects"
Rosters can be submitted in any format to the NesCom Administrator (nescom-admin@ieee.org).
Please forward this list to the NesCom Administrator via e-mail at nescom-admin@ieee.org no
later than 26 December 2007.
Or, for your convenience, you can manage your standards development roster in myProject.
Instructions are as follows:
Go to myProject - https://development.standards.ieee.org/my-site
Login using your IEEE Web Account username and password.
Once logged into myProject, go to "Manage Committees"
Drill down to the project by clicking the (+) on the left to expand each level. The actual project
will be highlighted in yellow
Click "Manage Committees" for that project. A list of individuals enrolled in the
Committee/Project will appear. On this screen you can assign whether a person is a Participant, a Non-Voting Member or a Voting Member of the project group. You may also view contact
information for that individual.
Please visit our website, IEEE Standards Development Online
(http://standards.ieee.org/resources/development/index.html), for tools, forms and training to
assist you in the standards development process. Also, we strongly recommend that a copy of
your draft be sent to this office for review prior to the final vote by the working group to allow
for a quick review by editorial staff before sponsor balloting begins.
If you should have any questions, please contact the NesCom Administrator via e-mail at
nescom-admin@ieee.org or via telephone at +1 732 562 3806.
Sincerely,
NesCom Admin
Standards Activities
Email: nescom-admin@ieee.org Project Authorization Request (PAR)
PAR Request Date:
20 August 2007
PAR Approval Date:
27 September 2007
PAR Signature Page on File:
Yes
Type of PAR:
Modification to Approved PAR
Status:
Modification to a Previously Approved PAR P1686, 10 November 2005
Root Project:
New Project
1.1 Project No.:
1686
1.2 Type of Document:
Standard
1.3 Life Cycle:
Full-Use
1.4 Is this document in ballot now?
No
2.1 Title

Standard for Substation Intelligent Electronic Devices (IED) Cyber Security Capabilities
3.1 Working Group Name
Application of Computer-Based Systems
Working Group Chair
Sciacca, Samuel C

Phone: 203-881-1287
Email: samuels@microsol.com
Working Group Vice Chair
3.2 Sponsor
IEEE Power Engineering Society Substations (PE/SUB)
Sponsor Chair
Nowell, Robert S

Phone: 404 506 2735
Email: rsnowell@southernco.com
Name of Standards Liaison
Representative (if applicable)
Sahazizian, Anne-Marie

Phone: 416-345-6657
Email: am.sahazizian@hydroone.com
3.3 Joint Sponsor

4.1 Type of Ballot:
Individual
4.2 Expected Date of Submission for Initial Sponsor Ballot:
June 2006
4.3 Projected Completion Date for Submittal to RevCom:
October 2007
5.1 Approximate number of people expected to work on this project:
30
5.2 Scope:
The standard defines the functions and features to be provided in substation
intelligent electronic devices (IEDs) to accommodate critical infrastructure protection
programs. The standard addresses security regarding the access, operation, configuration,
firmware revision and data retrieval from an IED. Encryption for the secure transmission of
data both within and external to the substation is not part of this standard as this is
addressed in other efforts.
Old Scope:
The standard will define the functions and features to be provided in substation
intelligent electronic devices (IEDs) to accommodate critical infrastructure protection
programs. The standard will address security regarding the access, operation, configuration,
firmware revision and data retrieval from an IED, including the substation RTU.
Encryption for the secure transmission of data both within and external to the substation
will not be part of this standard as this is being addressed in other efforts.
5.3 Is the completion of this document contingent upon the completion of another document?
No
https://spadev.ieee.org/cgi-bin/sadb/par?prttable:2077 (1 of 2)10/2/2007 10:30:58 PM Project Authorization Request (PAR)
5.4 Purpose:
The standard defines the functions and features to be provided in substation
intelligent electronic devices (IEDs) to accommodate critical infrastructure protection
programs. Specifically, the standard states what safeguards, audit mechanisms and alarm
indications shall be provided by the vendor of the IED with regards to all activities
associated with access, operation, configuration, firmware revision and data retrieval from
an IED. The standard also allows the user to define a security program around these
features, and alert the user if an IED does not meet this standard as to the need for other
defensive measures (technical and/or procedural) which may need to be taken. The
encryption for the secure transmission of data both within and external to the substation is
not part of this standard as this is addressed in other efforts.
Old Purpose:
The standard will define the functions and features to be provided in
substation intelligent electronic devices(IEDs)to accommodate critical infrastructure
protection programs. Specifically, the standard will state what safeguards, audit
mechanisms and alarm indications shall be provided by the vendor of the IED with regards
to all activities associated with access, operation, configuration, firmware revision and data
retrieval from an IED, including the substation RTU. The standard will also allow the user
to define a security program around these features, and alert the user if an IED does not
meet this standard as to the need for other defensive measures (technical and/or procedural)
which may need to be taken. The Encryption for the secure transmission of data both
within and external to the substation will not be part of this standard as this is being
addressed in other efforts.
5.5 Need for the Project:
The North American Electric Reliabilty Council (NERC) is issuing a series of CIP standards which cannot be implemented without cyber security features in
IEDs. Without a clearly defined standard of security features, including their functionality, a substation owner may unwittingly compromise his CIP program by the deployment of an
IED with features which are inconsistent with the user's intentions/assumptions. Stakeholders for the project are as follows: 1. Utilities/Users - Purchasers of substation IEDs. 2. IED
Vendors 3. Regulatory Agencies - Agencies and government organizations with an interest in utility CIP such as NERC, FERC, DOH and DOE."
5.6 Stakeholders for the Standard:
1. Utilities/Users - Purchasers of substation IEDs. 2. IED Vendors 3. Regulatory Agencies - Agencies and government organizations with an
interest in utility CIP such as NERC, FERC, DOH and DOE."
6.1.a. Has the IEEE-SA policy on intellectual property been presented to those responsible for preparing/submitting this PAR prior to the PAR submittal to the IEEE-SA
Standards Board?
Yes Presented Date: 2007-09-16
If no, please explain:
6.1.b. Is the Sponsor aware of any copyright permissions needed for this project?
No
If yes, please explain:
6.1.c. Is the Sponsor aware of possible registration activity related to this project?
No
If yes, please explain:
7.1 Are there other standards or projects with a similar scope?
No
If yes, please explain:


Sponsor Organization:

Project/Standard Number:

Project/Standard Date:
0000-00-00
Project/Standard Title:
7.2 Is there potential for this standard (in part or in whole) to be adopted by another national, regional, or international organization? ?
Do not know at this time
Technical Committee Name and Number:

Contact person:

Contact person Phone Number:

Contact person Email Address:
7.3 Will this project result in any health, safety, security, or environmental guidance that affects or applies to human health or safety?
No
7.4 Additional Explanatory Notes:

Title was changed to eliminate the redundant word "Standard" at the end. Scope and Purpose were changed to eliminate the special reference to RTU. Balloters correctly noted that
RTUs fall under the IEEE-100 definition of IED and special reference is not required.
8.1 Sponsor Information:

Is