Docstoc

PowerPoint - Information Sharing

Document Sample
PowerPoint - Information Sharing Powered By Docstoc
					Critical Infrastructure Protection THE ELECTRICITY SECTOR Security Initiatives
Presented to

WATER SECURITY WORKING GROUP
October 2004

Topics
● ● ● ● Electricity Sector (ES) North American Electric Reliability Council (NERC) Critical Infrastructure Protection (CIP) Organization ES CIP
 Initiatives  Cyber Security Standard  Security Guidelines

● ES Information Sharing Analysis Center (ESISAC)

2

The Electricity Sector
6
x10



aGen + bTransm + cLSE + dRC + eCA + fGov + + +

C=1

3I

Characteristics: Instantaneous, Interconnected, Interdependent, Reliability, Security Organizations: APPA, CEA, EEI, ELCON, EPRI, EPSA, ESISAC & other ISACs, NEI, NERC, NAESB, NRECA

Agencies: DOE, DHS, DOD, FERC, NARUC, NRC, PSEPC, RUS, USSS

Description and Definitions ●

● APPA: American Public Power Association

The equation:  Summed over millions of Customers  Entity types that comprise the ES *  Divided by three Interconnections:  Eastern  Western  Texas

* Generation, Transmission, Load

Serving Entities, Purchasing-Selling Entities, Reliability Coordinators, Control Areas, Regional Transmission Organizations, Independent System Operators, Regulators (Canada/US: Federal/State/Provincial/Local)

● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●
● ●

CA: Control Area CEA: Canadian Electricity Association DOD: Department of Defense DOE: Department of Energy DHS: Department of Homeland Security EEI: Edison Electric Institute ELCON: Electr Consumers Resource Council EPRI: Electric Power Research Institute EPSA: Electric Power Supply Association ES: Electricity Sector FERC: Federal Energy Regulatory Commission IAIP: Info Analysis, Infrastructure Protection ISAC: Information Sharing and Analysis Center NAESB: No. Amer. Energy Standards Board NARUC: Natl Assoc Reg Utility Commissioners NEI: Nuclear Energy Institute NERC: North American Electric Reliability Cncl NRC: Nuclear Regulatory Commission NRECA: Natl Rural Electric Cooperative Assn PSEPC: Public Safety and Emergency Preparedness Canada RC: Reliability Coordinator RUS: Rural Utility Services

3 RC

13 RC

1 RC

What is NERC?
● NERC was formed in 1968 ● NERC's mission is to ensure that the bulk electric
system in North America is reliable, adequate and secure. ● NERC operates as a voluntary industry organization, relying on reciprocity, peer pressure and mutual self-interest. ● Energy legislation pending in the House and Senate Energy bills would enable NERC to become an SRO capable of enforcing compliance with its reliability standards.
6

What Does NERC Do?
● ● ● ● ● ● ● ● ●
Sets reliability standards. Ensures compliance with reliability standards. Provides education and training resources. Conducts assessments, analyses, and reports. Facilitates information exchange and coordination among members and industry organizations. Supports reliable system operation and planning. Certifies reliability service organizations and personnel. Coordinates critical infrastructure protection of the bulk electric system (ESISAC). Administers procedures for conflict resolution on reliability issues.

7

North American Electric Reliability Council Structure

● Board of Trustees
 9 independent members  Plus President

Board of Trustees

Staff

Stakeholders

● Standing Committees
 Broad Sector
Operating Operating Committee Committee Critical Infrastructure Protection Committee Planning Committee Market Committee

representation  Subcommittees  Working Groups  Task Forces

CIP Committee Structure
CIPC
Executive Committee
Manage policy matters and provide support to SCs, WGs
Physical Security Cyber Security Operations Policy

ESISAC Subcommittee
Develop & maintain ISAC capability to respond to security threats & incidents
Outreach WG Reporting Technologies WG Indications, Analysis, Warnings WG Grid Monitoring System TF IDS Pilot TF
September 18, 2004

Security Planning Subcommittee
Improve ES ability to protect critical infrastructure Standards & Guidelines WG Risk Assessment WG Control Systems Security WG Critical Spares TF PKI TF HEMP TF

Electricity Sector Security Initiatives-1
● Responses to 14 August 2004 Blackout Recommendations: physical and cyber security ● Implement the National Infrastructure Protection Plan for the Electricity Sector ● Indications, Analysis, Warnings program*
 Data/information exchange between ES and DHS

● Threat Alert Levels: Physical and Cyber*
 Guidance for ES actions in response to Homeland Security Alert System
*Reference materials available: http://www.esisac.com
10

Electricity Sector Security Initiatives-2
● Cyber Security Standard*
 1200 in place; 1300 under development

● 15 Security Guidelines*
 Physical, Cyber, Data

● ● ● ● ●

Critical Spares Project Control Systems Security Other technical studies Outreach including workshops Bi-lateral discussions and Urban Utility Center
*Reference materials available: http://www.esisac.com

11

Critical Assets
Those facilities, systems, and equipment which, if destroyed, damaged, degraded, or otherwise rendered unavailable, would have a significant impact on the ability to serve large quantities of customers for an extended period of time, would have a detrimental impact on the reliability or operability of the electric grid, or would cause significant risk to public health and safety.
12

Cyber Security Standard: 1200
● Development process ● To whom does it apply? ● To what does it apply? ● What are the requirements? ● Compliance ● Workshops planned

13

Cyber Security Standard: 1200
Requirements
1. Cyber Security Policy 2. Critical Cyber Assets 3. Electronic Security Perimeter 4. Electronic Access Controls 5. Physical Security Perimeter 6. Physical Access Controls 7. Personnel 8. Monitoring Physical Access 9. Monitoring Electronic Access Information Protection Training Systems Management Test Procedures Electronic Incident Response Actions 15. Physical Incident Response Actions 16. Recovery Plans 10. 11. 12. 13. 14.

14

Cyber Security Standard: 1300
● Requires that critical cyber assets related to the
reliable operation of the bulk electric systems are identified and protected. ● Builds upon the concepts and requirements found in the Urgent Action Cyber Security Standard 1200. ● Includes process control and SCADA assets critical to grid reliability ● Provides additional detail to clarify technical requirements and compliance measures

15

Security Guidelines
● ● ● ● Best practices for Overview Communications Emergency Plans Employment Background Screen Physical Security Threat Response
 Physical  Cyber

● ●

16

● Vulnerability/Risk Assessment ● Continuity of Business Process

protecting critical assets ● Cyber Access Control ● Cyber IT Firewalls ● Cyber Intrusion Detection ● Cyber Risk Management ● Protecting Sensitive Info ● Securing Remote Access: Process Control Systems ● Incident Reporting ● Physical Security – Substations

Spare Equipment Project
NERC maintains a database of spare transformers and is planning expansion to include other critical spare equipment. Establishing spare equipment requirements, sharing protocols, acquisition, spares repositories. Collaborating with EPRI, Government Agencies

17

Control Systems in Electricity Sector
System Operations Center EMS ICCP Interconnected System Operations Center

SCADA

Telecom

Generating or Transmission Station

RTU

BTG

Protective Relays

Data Sensors

Transmission Control

DCS and PLC

The Security Challenge
● PCS are universal ● PCS operate in real-time ● PCS may not have built-in security features ● Reality of security concern
 Some testing
 Electronic access beyond physical security

perimeter  Access within physical security perimeter

19

Securing Control Systems
CIPC is working with electricity sector participants, governments, other critical infrastructure sectors, and control system vendors to:  Evaluate vulnerabilities and solutions in a test bed environment  Assess risk  Create plans to secure new systems  Create plans to secure old systems  Recognize a potential or actual attack  Mitigate an attack on control systems  Developed Security Guideline: Securing Remote Access to Electronic Control and Protection Systems
20

ESISAC
 Electricity Sector Information Sharing Analysis Center

 Share information about real and potential threats and vulnerabilities
 Received from DHS and communicated to electricity sector participants  Received from electricity sector participants and communicated to DHS

 Analyze information for trends, cross-sector dependencies, specific targets
 Coordinate with other ISACs
21

http://www.esisac.com

Governments – Sectors Coordination Operations
(ES focus) ------------------ Governments ----------------

Sectors

DHS

DOE

PSEPC

…

CHEM FS

ESISAC

. . .
TEL

Electricity Sector RC CA TRAN GEN DIST PSE

Operational ISACs
● Chemical ● Electricity ● Emergency Management and Response ● Energy (Oil and Gas) ● Financial Services ● Health Care ● Highway
24

● ● ● ●

Information Technology Multi-State Public Transit Research and Education Network ● Surface Transportation ● Telecommunications ● Water

ISACCouncil Activities
● Discussion papers
        Government-Private Sector Relations HSPD-7 Issues and Metrics Information Sharing and Analysis Integration of ISACs into Exercises ISAC Analytical Efforts Policy Framework for the ISAC Community Reach of the Major ISACs Vetting and Trust

● Operational Clarity Matrix
25

Electricity Sector Dependency On
Sector Immed Physical Immed Cyber Long term Long term Physical Cyber

Chemical

Oil
Gas Financial

IT
Telcom Surface TX

Trucking
Water Health Care

ES Dependency on the Internet
● Categories
 Business System
 Market System  Control System

 Control System Support
 Security System

27

Report
● Malicious physical events that cause
transmission outages, loss of generation, loss of load, damage to facilities ● Malicious physical events that cause damage to facilities, breach of security ● Malicious cyber events that result in actual or potential intrusion to a critical computer or utility telecom system ● Threats received (eg bomb, mail, tel) ● Surveillance
28

Possible Steps Toward A Terrorist Attack
Target Selection Surveillance (first level, non – professional) Planning (weapons, location, etc)

Final Selection (target)

Deployment (equipment, people)

Final Surveillance (professional)

ATTACK!

Reports:
● From the ES, ● Together with other critical infrastructures, ● And intelligence sources: May help the DHS to:

30

Some Things to Think About
1. Does the ESISAC have your 24x7 contact? Are there multiple contact points and communications available? 2. Is a security decision-making process in place? 3. How will your organization’s physical and cyber security decision-makers get notified? Are there backup communications? 4. Is there a means in place to communicate decisions to action-takers? A backup? 5. Consider responses in accordance with the “Threat Alert Systems and Physical / Cyber Response Guidelines for the Electricity Sector”.
31

READY Business : http://www.ready.gov/business/

Contacts
● Lynn Costantini, CIO, NERC
lynn.costantini@nerc.net ● Lou Leffler, CIP Project Manager, NERC lou.leffler@nerc.net
NERC: 609-452-8060 ESISAC: 609-452-1422

● Note: Referenced materials and this
presentation available at: http://www.esisac.com
32

TY


				
DOCUMENT INFO