This is the second post in the series of three or four I am writing about ambiguities in CIP-002-5, and the different interpretations I've encountered that try to address these ambiguities.[i] The last one had to do with how an entity identifies its BES Cyber Assets / Systems. This one addresses a question I've debated with several other people who don’t have anything better to do than discuss CIP Version 5: Will all the cyber assets associated with a particular Facility take the ranking of that Facility, or can there be multiple levels of cyber assets (H/M/L) at the same Facility?
- Can there be more than one level of BES Cyber Systems at a particular Facility?
- Can there be multiple levels of cyber assets at a particular Facility?
My Generation friend also pointed out that Criterion 2.3 might lead to multiple levels of BCS at a Facility. This could happen in the case where the Planning Coordinator or Transmission Planner notified the owner of a large generating station that one or more units in the station - but not the whole station - were what's known as "Reliability Must Run". In this case, the systems that control or impact those unit(s) are Mediums, while those that control the other units are Lows (although my friend believes the latter could be out of scope altogether for CIP V5 unless they are actually Low BES Cyber Systems. I actually think such an animal - a Low BCS - doesn't exist, but even if it did it wouldn't make a difference in practice at all. I hope to do a follow-on post based on the emails we've been exchanging on this and other questions related to this post).
It seems, Dear Reader, that we've reached the end of this post. To summarize, I think there can’t be multiple levels of BES Cyber Systems at a single Facility. But I do think there can be multiple levels of cyber assets at a Facility. Of course, the only way I can say this is by ignoring some of the wording of CIP-002-5 that I contend doesn't reflect the intentions of the drafting team. But before you condemn me for that, consider this: I don't think it is possible to make any consistent interpretation of CIP-002-5 without ignoring at least some of the language. Not a great situation, but it's what we've got.