Get documents about "Protocols Workshop
Document Sample
PRR Comments
Termination of Access Privileges to Restricted
PRR PRR Computer Systems, Control Systems and Facilities
822
Number Title formerly Removing of Access to Restricted Computer
Systems, Control Systems, and Facilities
Date September 25, 2009
Submitter’s Information
Name Jim Brenton
E-mail Address jbrenton@ercot.com
Company ERCOT
Phone Number (512) 248-3043
Cell Number (913) 221-8037
Market Segment Not applicable
Comments
ERCOT Security “due diligence” and “best practices” require moving final text segment
on workforce reductions from paragraph (2) to paragraph (1). Expedited termination
measures should be planned and executed by management during any “planned”
layoffs or workforce reduction in such a manner that access is terminated concurrently
with notification to the employee. This issue has recently had high visibility within
ERCOT Security and Human Resources communities across all industry sectors. All it
takes is one disgruntled employee to wreck havoc on a complex system. If access is
not immediately terminated, then the responsible Entity is at very high risk.
ERCOT proposes the following comments to PRR822 Termination of Access Privileges
to Restricted Computer Systems, Control Systems and Facilities:
Modified paragraph (2) to remove redundant language dealing with access to
Restricted Systems or Restricted Facilities which should provide clarity to this
requirement.
Modified paragraph (3) to add the term "network components" as “in scope” for
Restricted Systems. This change would include network switches, routers and
other security enforcement mechanisms which are essential to the secure
operation of the computer and control systems which support reliable operations
of Balancing Energy Service (BES).
822PRR-20 ERCOT Comments 092509 Page 1 of 5
PUBLIC
PRR Comments
Suggest that we determine whether the scope of Restricted Systems outlined in
paragraph (3) complies with the “intent” of the ERCOT/Texas Regional Entity
(TRE) Board request for this Protocol. There are a number of systems which
support BES and Market Operations which will not be covered within the scope
of this paragraph as originally written. Note: The precipitating incident that
focused attention on this matter involved access to operations planning and
email systems.
Modified paragraph (8) to clean up wording ambiguities and performed some
editing for clarity.
Added paragraph (9) with language to close the loop and ensure that failure to
report a violation is also listed as a Protocol violation.
Revised Proposed Protocol Language
16.12 Improper Termination of Access Privileges to Restricted Computer Systems,
Control Systems, and Facilities
(1) All Market Participants EntitiesParticipants and ERCOT are required to have processes in place Formatted: Indent: Left: -0.5"
to remove terminate access privileges to Rrestricted Ssystems and Rrestricted Facilities fromfor
any employee, consultant, or contractor, or affiliated Entity upon dismissed for cause within
twenty-four (24) hours of , consultant, contractor or affiliated Entity upon their termination of
employment or need for access. For the purposes of this section, Market EntitiesParticipants and
ERCOT shall include Market Participants and ERCOT.who had access to such restricted systems
or Facilities. by December 1, 2009.
(21) All Market EntitiesParticipants and ERCOT Participants are required to have processes in
place to terminate access privileges to Rrestricted Ssystems and Rrestricted Facilities
from any employee who resigns from the employ of the Market Participant who had
access to such restricted systems or Facilities within twenty-four (24) twelve (12)
hoursby 5:00 p.m. CPT of the next Business Day of after the termination of for any
employee, or any contractor, or any employee of a contractor or vendor who had
accessaccess privileges to such Rrestricted Ssystems or Restricted Facilities and was
involuntarily dismissed for cause. This provision also applies to any employee of a
Market Participant or ERCOT or a contractor employed by a Market Participant or
ERCOT who is affected by a workforce reduction. the effective date of the resignation.
(23) All Market ParticipantsEntitiesParticipants and ERCOT are required to have processes in
place to terminate access privileges to Rrestricted Ssystems and Rrestricted Facilities for
any employee or contractor or any employee of a contractor who resigns from the
employment of the Market ParticipantEntityParticipants orand ERCOT or contractor who
822PRR-20 ERCOT Comments 092509 Page 2 of 5
PUBLIC
PRR Comments
had accessaccess privileges to such Rrestricted Ssystems or Facilities within seven (7)
days of the effective date of the resignation. This provision also applies to any employee
of a Market EntityParticipant orand ERCOT or a contractor employed by a Market
Participant orand ERCOTEntity who is affected by a workforce reduction.
(
(43) All Market Participants are required to have processes in place to terminate access to
privileges to restricted systems and restricted Facilities from for any employee who no
longer requires access to such restricted systems for job performance as determined by
appropriate Market Participant management within seven (7) days of the effective date of
the determination.
(54) All Market Participants are required to have processes in place to terminate access Formatted: Indent: Left: 0", Hanging: 0.5"
privileges to restricted systems and restricted Facilities fromfor any consultant, contractor
or affiliated Entity within twenty-four (24) hours of the termination of the contract
between the Market Participant and any consultant, contractor or affiliated Entity who
had access to such restricted systems or Facilities.
(65) All Market Participants are required to have processes in place to terminate access
privileges to restricted systems and restricted Facilities for an individual employee of a
consultant, contractor or affiliated Entity who had access to such restricted systems or
Facilities within twenty-four (24) hours of the termination of that individual by the
consultant, contractor or affiliated Entity or determination that the individual no longer
requires access.
(1576) Restricted Ssystems include, but are not limited to, computer or control systems and
network components that directly impact are essential to the reliable reliable operation of
Restricted Facilities. Market operation systems and other systems which do not affect the
operation of Restricted Facilities, such as Texas Market Link, are not Restricted Systems
for the purposes of this section.
utilize or require user sign on, password protection, digital certificate, token or any other access
control mechanism.
(42678) Restricted Facilities include Facilities and assets that support the reliable
operation of the bulk ERCOT System (100 kv and above), as determined by the
application of a reasonable risk-based assessment methodology including, but not limited
to:
(a) Generation Resources;
(b) Transmission substations;
(c) Control/dispatch centers and backup control/dispatch systemscenters related to
items (a) and (b) above;
(d) Special protection systemsdevices;
822PRR-20 ERCOT Comments 092509 Page 3 of 5
PUBLIC
PRR Comments
(e) Systems and Facilities critical to system restoration (including but not limited to
Black Start generators and substations); and
(f) Systems and Facilities critical to automatic firm load shedding.; and
Formatted: Indent: Left: 0.5", Hanging: 0.5"
(g) Communications Facilities and information technology Facilities necessary for the Formatted: Indent: Left: 0"
reliable operation of the foregoing systems.
(3) Termination means the end of the employment relationship or contract and is Formatted: Indent: Hanging: 0.5", Numbered
+ Level: 1 + Numbering Style: 1, 2, 3, … +
defined as occurring when: Start at: 3 + Alignment: Left + Aligned at:
0.25" + Tab after: 0.5" + Indent at: 0.5"
(a) An employee or contractor provides notice of intent to voluntarily resign or end their Formatted: Bullets and Numbering
contract, regardless of notice period, unless the supervisor approves retaining access to Formatted: Indent: Left: 0", Tab stops: Not
restricted systems and restricted Facilities until the last date of actual employment or at 0.75"
contract and documents the rationale for such retention, in which case termination occurs
at 5:00 p.m Central Prevailing Time (CPT). on the last day of employment or contract;
(b) When an employee, contractor, or affiliated Entity is informed that he, she, or it has been Formatted: Indent: Left: 0"
terminated for any reason by management; or
(c) At 5:00 p.m. CPT on the day a contractor’s or affiliate’s contract expires by its terms
(unless the time is otherwise set forth in the contract).
(598) (4) AccessAccess privilege is defined to include computer, electronic and physical Formatted: Indent: Left: 0", Hanging: 0.5"
access.
(6109) (7) Each Market ParticipantsEntityParticipant and ERCOT mustshall have internal Formatted: Indent: Left: 0", Hanging: 0.5"
controls in place to ensure these processes are reviewed at least on an annual basis.
effectiveness of these processes. Audits mustshall be conducted on at least an annual
basis, and documentation of the such audits shall be made available upon request from
ERCOTmust be maintained.
(71110) Each Market ParticipantEntityParticipant and ERCOT is required to notify the the
Texas Regional Entity (TRE) ERCOTcompliance monitoring authority within two (2)
Business Days of any incident where a terminated employee, consultant, contractor or
employee of a contractor affiliate has accessed a Rrestricted computer sSystem, control
system or Restricted Facility after the time period when access privileges should have
been revoked. under this section termination.w Failure to report this to the TRE
withinithin two (2) Business Days of identifying such an the incident. will be considered
a violation of these Protocols.
822PRR-20 ERCOT Comments 092509 Page 4 of 5
PUBLIC
PRR Comments
Failure to timely revoke access to any restricted computer system, control system or Formatted: Bullets and Numbering
Facility by any employee, consultant, contractor or affiliate as described in sections (1),
(2), (3) or (4) above will be considered a violation of the Protocols.
(9) Failure to Access to any restricted computer system, control system or Facility by any Formatted: Indent: Left: 0", Hanging: 0.5"
employee, consultant, contractor or affiliate after his or her termination will be
considered a violation of the Protocols. Each Market Participant is required to notify the
Texas Regional Entity (TRE) within one (1)two (2) Business Days of identifying any
incident where the Market Participant failed to meet the deadlines described in
paragraphs (1), (2), (3) or (4) above a terminated employee, consultant, contractor or
affiliate has accessed a restricted computer system, control system or Facility after
termination. Failure to report this to the TRE within two (2) Business Days will be
considered a violation of the Protocols.
(10) This section shall become effective on the first day of the month after approval by the Formatted: Not Highlight
ERCOT Board of Directors or by January 1, 2010, whichever is later.
(1211) Failure by a to follow the Market Participant’s own to follow its processes that results
in access to any restricted computer system, control system or Facility by any employee,
consultant, contractor or affiliate after his or her termination will be considered a
violation of these Protocols.
(1312) Failure by ato follow the Market Participant’s own to follow its processes that does Formatted: Indent: Left: 0", Hanging: 0.5"
not result in access to any restricted computer system, control system or Facility by any
employee, consultant, contractor or affiliate after his or her termination will not be
considered a violation of these Protocols, however, this level of failure should be
monitored by the Market Participant’s internal audit process and reviewed by senior
management for risk assessment.
(8) Failure by a Market Participant or ERCOT to follow their local access termination its
processes that resultings in unauthorized access to any restricted computer system,
control system or Restricted Facility by any employee, consultant, contractor or affiliate
after his or her their termination will be considered a violation of these Protocols.
(9) Failure by a Market Participant or ERCOT to notify the compliance monitoring authority
within two (2) Business Days of any incident as stated in paragraph seven (7) above will
be considered a violation of these Protocols.
822PRR-20 ERCOT Comments 092509 Page 5 of 5
PUBLIC
