Upload
others
View
9
Download
0
Embed Size (px)
Citation preview
Grid Security & NERCCouncil of State GovernmentsThe Future of American Electricity Policy Academy
Janet Sena, Senior Vice President, Policy and External AffairsSeptember 22, 2016
RELIABILITY | ACCOUNTABILITY2
1965 – Northeast blackout
1968 – NERC voluntary organization formed
1997 – Electric Reliability Panel and Department of Energy Electric System Reliability Task Force agree that legislation needed to assure reliability standards are mandatory and enforceable
August 14, 2003
RELIABILITY | ACCOUNTABILITY4
Recent NERC History
Energy Policy Act of 2005 – Section 215 Federal Power Act• Authorized Creation of Electric Reliability Organization Interconnected grid called for North American approach Reliability standards developed by ERO Oversight by U.S and Canadian Authorities Mandatory and enforceable by all users, owners and operators of the bulk
power system – includes cybersecurity protection Regional entities with delegated responsibility Mandate to assess reliability
• 2006 – NERC Certified by FERC as the ERO• 2007 – First standards become mandatory and enforceable• 2009 – Initial CIP Standards approved by NERC Board Of Trustees
RELIABILITY | ACCOUNTABILITY5
Unique Form of Regulation
• Interconnected grid with Canada; oversight by U.S. and Canadian authorities
• Roughly 1900 owners, operators, and users of the BPS Focus on reliable operation of the BPS Standards cannot require construction of new transmission or generation
capacity
• Independent Board of Trustees• All entities with a material interest in the reliability of the BPS
can be NERC members • Member Representative Committee reports to the Board
• Eight Regional Entities at the front line, performing delegated functions
RELIABILITY | ACCOUNTABILITY6
NERC Regions
FRCC Florida Reliability Coordinating Council MRO Midwest Reliability Organization NPCC Northeast Power Coordinating Council RF ReliabilityFirst SERC SERC Reliability Corporation SPP-RE Southwest Power Pool Regional Entity TRE Texas Reliability Entity WECC Western Electric Coordinating Council
RELIABILITY | ACCOUNTABILITY7
NERC CIP Relationships
Strategic
Policy Coordination
Operational Coordination
Information Sharing and
Analysis Centers/ Organizations
Sector Coordinating Councils
Federal Advisory Committees
National Infrastructure Advisory Council (NIAC)
Electricity Information Sharing and Analysis Center
(E-ISAC) and
NERC Standards
Electricity Sub-sector Coordinating Council
(ESCC)
Electricity Advisory Committee (EAC)
RELIABILITY | ACCOUNTABILITY8
Cybersecurity Standards
• Designed to provide a foundation of sound security practices across the BPS
• Mandatory cyber standards cover numerous security aspects Critical assets identified Critical control centers and facilities secured Operations cyber assets fire walled and well-patched
• Industry is audited for compliance with the standards• Now on CIP Version V
RELIABILITY | ACCOUNTABILITY9
Physical Security Standards
CIP-014 Purpose• To identify and protect transmission stations and transmission
substations, their associated primary control centers, that if rendered inoperable or damaged as a result of physical attack could result in widespread instability, uncontrolled separation, or cascading within an interconnection
• Applicability: Transmission Owners (TO) Transmission Operators (TOP)
• Effective Date – October 1, 2015
RELIABILITY | ACCOUNTABILITY10
• ISAC concept introduced in Presidential Decision Document 63, published in 1998 Electric power was identified as a critical sector along with 14 others Homeland Security Presidential Directive 7 (2003) Presidential Policy Directive 21 (2013)
•Electricity sector’s ISAC has been hosted by NERC since 1999 Recent concerns about sensitive information shared with the ISAC Could “leak” to NERC compliance and enforcement groups Caused a rethinking about the proper relationship
•ESCC identified strategic review of the ES-ISAC as a priority national security issue for 2015 Strategic review initiated in January 2015, completed in June 2015
•ES-ISAC renamed to E-ISAC in September 2015
E-ISAC: Not Every Vulnerability Requires a Standard
RELIABILITY | ACCOUNTABILITY11
• Products NERC Alerts Incident (cyber and physical) bulletins Daily, weekly, and monthly summary reports Issue-specific reports
• Programs and Services Monthly briefing series, first Tuesday of the month Training at quarterly CIPC meetings Grid Security Conference (GridSecCon) Grid Exercise (GridEx) Cyber Risk Information Sharing Program (CRISP) Physical security outreach visits
• Tools E-ISAC portal (www.eisac.com) Emergency notifications STIX/TAXII automated information sharing
E-ISAC Products and Services
RELIABILITY | ACCOUNTABILITY12
E-ISAC and NCCIC
• The E-ISAC maintains a presence at the National Cybersecurity and Communications Integration Center (NCCIC), a DHS-operated 24/7 watch floor near Washington, D.C. Top Secret, real-time, operations center Hub for classified threat and vulnerability work
• E-ISAC cleared personnel analyze the threat and vulnerability components seen by the intelligence community and make an initial determination of potential impacts on the BPS
RELIABILITY | ACCOUNTABILITY13
•Energy DNG-ISAC ONG-ISAC
•WaterWater-ISAC
•Communications Comm-ISAC
•Financial Services FS-ISAC
•Transportation Aviation-ISAC
Cross-Sector Integration
The E-ISAC maintains a close working relationship with other ISACs and information sharing organizations
• Healthcare NH-ISAC
• Information Technology IT-ISAC
• Government MS-ISAC ICS-CERT US-CERT National Coordinating Center for
Telecommunications
RELIABILITY | ACCOUNTABILITY14
Examples of Phishing Themes/Subjects:•Order delivery•Fwd: (blank)•General Liability and
Workers Compensation Insurance
E-ISAC Activities – Cyber
RELIABILITY | ACCOUNTABILITY15
Data Exfil Events
RELIABILITY | ACCOUNTABILITY16
Data Exfil Events – Energy
RELIABILITY | ACCOUNTABILITY17
•The majority of events involved incidents of Intrusion (36%) Suspicious Activity (29%)
E-ISAC Activities – Physical
RELIABILITY | ACCOUNTABILITY18
•Grid Security Conference (GridSecCon) 2016 October 18-21, 2016 Quebec City
•Grid Security Exercise (GridEx) IV November 15-16, 2017 Two days of distributed play Executive TabletopMultiple ways to participate Builds on GridEx III lessons learned
•Secure The Grid (STG) Series – classified one-day sessions
Exercises and Events
RELIABILITY | ACCOUNTABILITY19
•Sign up online at https://www.eisac.com•Download our “how to” guides Brochure Understanding Your E-ISAC Engaging the E-ISAC
Learn More About Us!
RELIABILITY | ACCOUNTABILITY20
Security Challenges
• Cyber-attack vectors are multiplying: System and network intrusions Complex supply chain Increased use of wireless communication and reliance on the Internet
• Physical security• Increased Information sharing between public/private sector• Security Clearances• Limited access to classified information• Diverse regulatory oversight: federal, state, provincial
RELIABILITY | ACCOUNTABILITY21
Tip of the Iceberg
RELIABILITY | ACCOUNTABILITY22
Questions?