Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Compliance Monitoring and Enforcement Program Technology Project UpdateStan Hoptroff, Vice President, Chief Technology Officer and Director of Information TechnologyTechnology and Security Committee MeetingFebruary 7, 2018
RELIABILITY | ACCOUNTABILITY2
Current Status
• Vendor references completed (Freddie MAC, Fannie MAE, SCANA, SunPower)
• Selections narrowed down to two vendors • Vendor product briefings conducted for ERO Technology
Leadership Team• Detailed technical evaluations in progress• Focused on understanding vendor “cautions and concerns,” e.g.,
"stay in the box,” strong governance, teamwork, trust, and transparency
RELIABILITY | ACCOUNTABILITY3
Top Steering Committee Issues
• Storage of CEII data within the new system• Treatment of International Entities• Management of historical data• Interface with FERC• Software licensing terms and conditions
RELIABILITY | ACCOUNTABILITY4
Upcoming Milestones
• Complete technical evaluation of vendor finalists – February 16• Steering Committee final vendor selection – February 26• Contracting and launch of Phase 2 work – April 1
RELIABILITY | ACCOUNTABILITY5
Registered Entities and ERO Enterprise IT Applications UpdateStan Hoptroff, Vice President, Chief Technology Officer and Director of Information TechnologyTechnology and Security Committee MeetingFebruary 7, 2018
RELIABILITY | ACCOUNTABILITY2
Agenda
• Misoperations data management portal • Entity Registration – Joint Registration Organization (JRO)• Electricity Information Sharing and Analysis Center (E-ISAC)
Technology Update• Priorities Looking Ahead
RELIABILITY | ACCOUNTABILITY3
• Greatly improved user experience Provides users access to their entity’s data as it appears in the database Users are able to update and edit previous submissions, if necessary Users can review and export various reports creating consistency in
calculations done by industry By improving user experience we aim to increase data quality and
decrease industry burden
• Users can submit for multiple entities for which they are authorized
Misoperations Portal Benefits to Registered Entities
RELIABILITY | ACCOUNTABILITY4
• Regional Entities have access to same reports as user, at the Regional level Includes Submission Status Reporto Provides a comprehensive one-stop check to determine what entities haven’t
submitted and what they still need to submit Misoperations Rate Report with consistent calculationso Can identify entities performing well or poorly relative to others in the Region or
compared to NERC aggregated value
• Entities required to submit waiver Acts as attestation that they have no Protection System Operations and/or
Misoperations to report Shows Regions which entities haven’t performed their submissions versus
which entities just didn’t have anything to submit
Portal Benefits to Regional Entity Users
RELIABILITY | ACCOUNTABILITY5
• Improvement of validations More comprehensive validations have been implemented Method of application greatly improved User receives immediate feedback on any errors in their spreadsheet
• Portal required initial development of security and permissions model Model has already been used as baseline for registration project
Portal Benefits to NERC
RELIABILITY | ACCOUNTABILITY6
Entity Registration – JRO
• Benefits to Registered Entities: Provides a portal to submit JRO requests electronically, replacing manual
email submissions Data access: Ability to see other requests associated to them Data management: Update, cancel, or terminate requests
• Benefits to Regions and NERC: Improved reporting Eliminates the need to publish on NERC.com Single data source for all JRO requests Data management: Update, cancel or terminate requests
RELIABILITY | ACCOUNTABILITY7
E-ISAC Technology Update
• New portal enabled on December 19, 2017• Provisioned over 6000 User IDs for access to the portal• Portal improvements include content organization, usability,
performance, and security enhancements
RELIABILITY | ACCOUNTABILITY8
Priorities Looking Ahead
• Southwest Power Pool Regional Entity Dissolution – Information Technology system modifications
• Public-facing website search, security, software upgrades, and publication improvements
• New functionality for the E-ISAC portal including User Communities and machine-to-machine automation
• New analytical capabilities for the E-ISAC include data warehousing and the delivery of an “analyst workbench”
RELIABILITY | ACCOUNTABILITY9
Information Technology Cost Optimization UpdateStan Hoptroff, Vice President, Chief Technology Officer and Director of Information TechnologyTechnology and Security Committee MeetingFebruary 7, 2018
RELIABILITY | ACCOUNTABILITY2
• Supports ERO Enterprise strategy to improve enterprise-wide efficiency and effectiveness
• Eleven cost categories compatible with benchmarking studies• Researched how NERC compares to other similar organizations –
ERO Enterprise combined 11.8 percent ratio of revenue to Information Technology (IT) spend; similar organizations at 12 percent
• Next steps Report Regional IT budgets using the newly created cost categories Examine consolidation of ERO Enterprise IT purchasing power
IT Cost Optimization
RELIABILITY | ACCOUNTABILITY3
Additional Information
RELIABILITY | ACCOUNTABILITY4
IT Cost Types
• Network• Storage and servers• Cyber security solutions• Desktops and client peripherals• Application support and enhancements• Software support agreements• Microsoft Enterprise Agreement• New capabilities
RELIABILITY | ACCOUNTABILITY5
1
E-ISAC Quarterly Update
Bill LawrenceDirector of the Electricity Information Sharing and Analysis CenterTechnology and Security Committee MeetingFebruary 7, 2018
2
• Long-Term Strategic Plan Background• 2017 Accomplishments• Strategic Plan Framework• Key Activities• GridEx IV Update
Agenda
3
• The E-ISAC underwent a strategic review with the Electricity Subsector Coordinating Council (ESCC) in 2015
• Under the ESCC, the Member Executive Committee (MEC) was created and serves as a CEO-led stakeholder advisory group
• MEC input was used on the E-ISAC Long-Term Strategic Plan developed in 2017
• The plan was approved by the NERC Board of Trustees (Board) in 2017 and included in the NERC Business Plan and Budget for implementation in 2018
Background
4
• Information Sharing: provided subject matter expert content to three NERC Alerts
• Analysis: launched the Embedded Industry Augmentation program
• Engagement: conducted GridEx IV with over 6,500 participants (up 50% from GridEx III), over 450 organizations (up 30% from GridEx III)
2017 Major Accomplishments
5
Vision: To be a world class, trusted source of quality analysis and rapid sharing of electricity industry security information
Supported by:• NERC Board of Trustees• Electricity Subsector Coordinating Council (ESCC)• ESCC Members Executive Committee (MEC)
E-ISAC Strategic Plan
EngagementAnalysisInformation Sharing
Accelerate sharing and high priority
notifications
Enhanceportal
Improveinformation flow
and security
CRISP CYOTE CAISS Strategic Vendor
Partnerships
Hire and developexceptional employees
Leverage information sharing
technologies and resources
to enhance analytical capability
Prioritize products and
services
Metricsbenchmarking
Evaluate 24x7
Operations(future)
Build trust and show value
World Class ISAC
Strategic Plan
6
Key Activities Update
E-ISAC Critical Broadcast Notifications• Procedures established and prepping for exercise in Q1
CRISP Program and CRISP Governance Committee Activities• Established E-ISAC local access to CRISP data• Governance Committee organized, charter under development• Further expanding Membership Base – target minimum of four companies joining• Identifying and evaluating opportunities to lower cost of participation• Developing Strategic Plan
Portal Launch• Launched December 19, 2017• Providing post-production support• Commence planning for portal enhancements, including potential data
visualization, authentication, user management, and registration
7
Key Activities Update
MEC Working Group• Ongoing stakeholder feedback on enhancement activities with pilot program
support and feedback
User Communities• Developing user communities governance and implementation plan• Implementing and testing user community capability
Automated Information Sharing • Developing and piloting CAISS analytic capabilities• Evaluating pros and cons in moving ahead with ThreatConnect platform
Products and Services• Gathering requirements, developing plan, and issuing RFP for data
warehouse, analyst workbench, and event management tool• Evaluating deployment of DOE malware forensics tools and dropbox
8
• Exercise incident response plans• Expand local and regional response• Engage critical interdependencies• Improve communication• Gather lessons learned• Engage senior leadership
GridEx Objectives
9
GridEx IV Participation Map
10
Coordination with
Government
TradeAssociations
Bulk-Power System Entities
Coordinated Operations
Vendor Support
IT, ICS, ISP,Anti-virus
Local, State/Provincial
Government• Emergency
Management Organizations
• Emergency Operations Centers / Fusion Centers
• Local FBI, PSAs • National Guard• PUCs, PSCs
Reliability Coordinators, Balancing Authorities, Generator Operators,
Transmission Operators, Load Serving Entities, etc.
E-ISACElectricity
Information Sharing &
Analysis Center
Other Federal AgenciesUS: FBI, FERC, DOD
Canada: Public Safety Canada, NRCan, RCMP, CSIS,
CCIRC
NERC
Crisis Action Team
DOEDepartment of Energy
DHSNCCIC
ICS-CERTUS-CERT
NERC Bulk Power
System Awareness (BPSA)
Regional Entities
Executive Coordination
Electricity Subsector Coordinating Council (ESCC)
Other Critical Infrastructures
TelecommunicationsOil & Gas
others
Energy GCCOther SCCs
Unified Coordination Group (UCG) or non-US equiv.
GridEx IV Communications
ExConGridEx IV Exercise Control
NERC staff, GEWG, Booz Allen, Nat’l Labs, SMEs for Sim-cell, etc.
11
GridEx Participation
36
122
209
335
40
109
155
117
0
50
100
150
200
250
300
350
400
450
500
GridEx I GridEx II GridEx III GridEx IV
GridEx Exercise Participation
Active Observing
47%
53% 53%
47%
57%
43%
74%
26%
12
• GridEx IV Executive tabletop events with senior industry and government participants were held in parallel in the U.S., Canada, and Australia
• The tabletops engaged senior leaders in a robust discussion of the policy issues, decisions, and actions needed to respond to a grid security emergency caused by severe coordinated cyber and physical attacks
• Participants discussed security and electricity reliability challenges, cross-sector interdependencies, and the decisions needed to support timely response and recovery of the grid
Executive Tabletop
13
• Three reports are under construction: Distributed play lessons learned (limited release) Executive tabletop recommendations (limited release) Public report
• Reports will be out for comment and edits in February• Reports issued in March
GridEx IV Reports
14
15
Backups
16
2017 Accomplishments
Information Sharing Analysis Engagement
Launched portalLaunched recruiting efforts, hired one cyberanalysis specialist in 2017
Conducted GridEx IV: over 6,500 participants (up 50% fromGridEx III), over 450 organizations (up 30% from GridEx III)
Shared over 210 cyber bulletins (140 member-posted; 71E-ISAC-posted) and 165 physical bulletins (64 member-posted; 101 E-ISAC-posted)
Launched the Embedded IndustryAugmentation program
Conducted GridSecCon 2017 with over 500 participants (anincrease of 20% from GridSecCon 2016)
Provided content to three NERC Alerts on:• Modular Malware Targeting Electric Industry Assets in
Ukraine• Advanced Persistent Threat Actor Targeting Electric
Industry and Other Critical Sectors• Supply Chain Risk
Collaborated with CIPC Security MetricsWorking Group on new security metrics anddata sources
Enhanced CRISP• Participation from 25 to 27 companies• CRISP governance group of 15 companies• Independent audit of PNNL security practices, data
handling
Gathered GridEx IV lessons learned and recommendationsProduced a security risk assessment for theMRO Security Advisory Council
Formalized partnership with Downstream Natural Gas ISAC
Adopted internationally accepted Traffic Light Protocol forinformation handling
Produced 51 Weekly, 12 Monthly, 1 Mid-Year,and 1 End of Year reports
Established MEC user group governance team (UNITE,ISO/RTO Council, Large Public Power Council)
Facilitated 12 monthly E-ISAC and CRISP webinars Produced 12 Monthly CRISP Analysis reportsIncreased active E-ISAC Portal membership from 2,500 toover 3,200 from Q1 to Q3
Facilitated two CRISP member workshops and threatbriefings
Partnered with DARPA on a cyber security program forelectric utilities linked to the GridEx program
Participated in NRECA RC3 Cyber Security Summits forinformation sharing best practices
Partnered with the University of Illinois atUrbana-Champaign and its new Industry – UniversityCooperative Research Center
Discussed “malware solutions pipeline” research effort withDOE and National Laboratory system
Enhanced international engagement:• Performed Cyber Risk Preparedness Assessment in
Mexico• Initiated collaboration with the Japan Electricity ISAC and
European E-ISAC (to be continued in 2018)