Critical Infrastructure Protection THE ELECTRICITY SECTOR Presented to EMERGENCY POWER CONFERENCE...
-
Upload
samantha-maloney -
Category
Documents
-
view
220 -
download
0
Transcript of Critical Infrastructure Protection THE ELECTRICITY SECTOR Presented to EMERGENCY POWER CONFERENCE...
Critical Infrastructure ProtectionTHE ELECTRICITY SECTOR
Presented to
EMERGENCY POWER CONFERENCE
November 2004
2
Topics
● Electricity Sector (ES)
● North American Electric Reliability Council (NERC)
● Critical Infrastructure Protection (CIP) Organization
● ES CIP Initiatives
● ES Information Sharing Analysis Center (ESISAC)
● Interdependencies
● A Path Forward
aGen + bTransm + cLSE + dRC + eCA+ fGov + + +
6 x10
C=1 3I
The Electricity Sector
Organizations: APPA, CEA, EEI, ELCON, EPRI, EPSA, ESISAC & other ISACs, NEI, NERC, NAESB, NRECA
Characteristics: Instantaneous, Interconnected, Interdependent, Reliability, Security
Agencies: DOE, DHS, DOD, FERC, NARUC, NRC, PSEPC, RUS, USSS
Description and Definitions
The equation: Summed over
millions of Customers
Entity types that comprise the ES *
Divided by three Interconnections: Eastern Western Texas
* Generation, Transmission, Load Serving Entities, Purchasing-Selling Entities, Reliability Coordinators, Control Areas, Regional Transmission Organizations, Independent System Operators, Regulators (Canada/US: Federal/State/Provincial/Local)
● APPA: American Public Power Association● CA: Control Area● CEA: Canadian Electricity Association● DOD: Department of Defense● DOE: Department of Energy● DHS: Department of Homeland Security● EEI: Edison Electric Institute● ELCON: Electr Consumers Resource Council● EPRI: Electric Power Research Institute● EPSA: Electric Power Supply Association● ES: Electricity Sector● FERC: Federal Energy Regulatory Commission● IAIP: Info Analysis, Infrastructure Protection● ISAC: Information Sharing and Analysis Center● NAESB: No. Amer. Energy Standards Board● NARUC: Natl Assoc Reg Utility Commissioners● NEI: Nuclear Energy Institute● NERC: North American Electric Reliability Cncl● NRC: Nuclear Regulatory Commission● NRECA: Natl Rural Electric Cooperative Assn● PSEPC: Public Safety and Emergency
Preparedness Canada● RC: Reliability Coordinator● RUS: Rural Utility Services
13 RC
1 RC
3 RC
6
What is NERC?
● NERC was formed in 1968● NERC's mission is to ensure that the bulk
electric system in North America is reliable, adequate and secure.
● NERC operates as a voluntary industry organization, relying on reciprocity, peer pressure and mutual self-interest.
● Energy legislation pending in the House and Senate Energy bills would enable NERC to become an SRO capable of enforcing compliance with its reliability standards.
7
What Does NERC Do?
● Sets reliability standards. ● Ensures compliance with reliability standards. ● Provides education and training resources. ● Conducts assessments, analyses, and reports. ● Facilitates information exchange and coordination
among members and industry organizations. ● Supports reliable system operation and planning. ● Certifies reliability service organizations and
personnel. ● Coordinates critical infrastructure protection
of the bulk electric system (ESISAC). ● Administers procedures for conflict resolution on
reliability issues.
North American Electric Reliability Council Structure
Staff
OperatingCommittee
OperatingCommittee
PlanningCommittee
Board of Trustees● Board of Trustees 9 independent members Plus President
● Standing Committees Broad Sector
representation Subcommittees Working Groups Task Forces
Market Committee
CriticalInfrastructure
ProtectionCommittee
Stakeholders
CIP Committee Structure
CIPCExecutive CommitteeManage policy matters and
provide support to SCs, WGs
Security Planning SubcommitteeImprove ES ability to protect
critical infrastructure
Standards & Guidelines WGRisk Assessment WG
Control Systems Security WGCritical Spares TF
PKI TFHEMP TF
ESISACSubcommittee
Develop & maintain ISAC capability torespond to security threats & incidents
Outreach WGReporting Technologies WG
Indications, Analysis, Warnings WGGrid Monitoring System TF
IDS Pilot TF
September 18, 2004
Physical SecurityCyber SecurityOperationsPolicy
10
Electricity Sector Security Initiatives-1● 14 August 2004 Blackout
Outage investigation 46 Recommendations Standards Readiness audits
● Implement the National Infrastructure Protection Plan for the Electricity Sector
● Indications, Analysis, Warnings program* Data/information exchange between ES and DHS
● Threat Alert Levels: Physical and Cyber* Guidance for ES actions in response to Homeland
Security Alert System*Reference materials available: http://www.esisac.com
11
Electricity Sector Security Initiatives-2
● Cyber Security Standard* 1200 in place; 1300 under development
● 15 Security Guidelines* Physical, Cyber, Data
● Critical Spares Project● Control Systems Security● Other technical studies● Outreach including workshops● Bi-lateral discussions and Urban Utility Center
*Reference materials available: http://www.esisac.com
12
Cyber Security Standard: 1200
Requirements
1. Cyber Security Policy 2. Critical Cyber Assets 3. Electronic Security
Perimeter 4. Electronic Access Controls 5. Physical Security Perimeter 6. Physical Access Controls 7. Personnel 8. Monitoring Physical Access9. Monitoring Electronic
Access
10. Information Protection
11. Training
12. Systems Management
13. Test Procedures
14. Electronic Incident Response Actions
15. Physical Incident Response Actions
16. Recovery Plans
13
Security Guidelines
● Overview● Communications● Emergency Plans● Employment
Background Screen● Physical Security● Threat Response
Physical Cyber
● Vulnerability/Risk Assessment
● Continuity of Business Process
● Cyber Access Control
● Cyber IT Firewalls
● Cyber Intrusion Detection
● Cyber Risk Management
● Protecting Sensitive Info
● Securing Remote Access: Process Control Systems
● Incident Reporting● Physical Security – Substations
Best practices for protecting critical assets
14
ESISAC Electricity Sector
Information Sharing Analysis Center
Share information about real and potential threats and vulnerabilities
Received from DHS and communicated to electricity sector participants
Received from electricity sector participants and communicated to DHS
Analyze information for trends, cross-sector dependencies, specific targets
Coordinate with other ISACs
http://www.esisac.com
Governments – Sectors CoordinationOperations
(ES focus)
DHS DOE PSEPC
ESISAC
… CHEM
FS
TEL
...
------------------ Governments ---------------- Sectors
RC
Electricity Sector
CA TRAN GEN DIST PSE
Electricity Sector
17
Operational ISACs
● Chemical
● Electricity
● Emergency Management and Response
● Energy (Oil and Gas)
● Financial Services
● Health Care
● Highway
● Information Technology
● Multi-State
● Public Transit
● Research and Education Network
● Surface Transportation
● Telecommunications
● Water
Electricity Sector Dependency OnSector Immed
Physical
Immed
Cyber
Long term
Physical
Long term
Cyber
Chemical
Oil
Gas
Financial
IT
Telcom
Surface TX
Trucking
Water
Health Care
19
ES Dependency on the Internet
● Categories Business System Market System Control System Control System Support Security System
20
A Path Forward
● Interdependencies Qualitative Quantitative Secure database
● Plans TESP TSP
● Communication Strategic
Outreach
Tactical
21
Contacts
● Lynn Costantini, CIO, [email protected]
● Lou Leffler, Manager CIP, [email protected]
NERC: 609-452-8060 ESISAC: 609-452-1422
● Note: Referenced materials and this presentation available at: http://www.esisac.com TY