Technologies for Security and Compliance by Ken McIntyre, Ercot
-
Upload
theanfieldgroup -
Category
Technology
-
view
212 -
download
1
Transcript of Technologies for Security and Compliance by Ken McIntyre, Ercot
![Page 1: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/1.jpg)
Page 1 Company Logo
2012 Technologies for Security and Compliance Summit
August 2012Austin, Texas
Ken McIntyre
Director Standards and Protocol Compliance
Electric Reliability Council Of Texas
![Page 2: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/2.jpg)
Page 2 Company Logo
2012 Technologies for Security and Compliance Summit
Presentation:
• Electric Reliability Council of Texas
• The Regulatory Challenge
• ERCOT Compliance Initiatives
![Page 3: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/3.jpg)
Page 3 Company Logo
Electric Reliability Council Of Texas (ERCOT)
ERCOT Responsibilities
• System Reliability
• Open and Competitive Markets
• Congestion Management
• Network Modeling
![Page 4: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/4.jpg)
Page 4 Company Logo
Electric Reliability Council Of Texas (ERCOT)
Key Features of the ERCOT Grid
• Represents 85% of Texas Load
• 74,000 MW of generation capacity
• 40,530 miles of transmission lines
• Electrical island with several DC Ties
• RC, BA, TOP (CFR), PC, IC, RP, TSP
ERCOT facilitates competitive markets to help achieve reliability.
ERCOT facilitates competitive markets to help achieve reliability.
![Page 5: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/5.jpg)
Page 5 Company Logo
Electric Reliability Council Of Texas (ERCOT)
ERCOT Compliance Department
• Centralized Compliance Program
• Increased from two to thirteen employees
• 693, CIP and all ERCOT Protocols
• Standards Development (ballots etc.)
• All things NERC e.g. CANs, TFEs, EA
ERCOT Compliance Mission Statement:Promote ERCOT Reliability, Security and Compliance,
through Collaboration, Leadership and Expertise.
ERCOT Compliance Mission Statement:Promote ERCOT Reliability, Security and Compliance,
through Collaboration, Leadership and Expertise.
![Page 6: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/6.jpg)
Page 6 Company Logo
The Regulatory Challenge
ERCOT
Public Utility Commission of
TexasPUCT
FERC / NERC
SSAE16 / SOXERCOT Board
F&A(Internal Audits)
Texas Reliability Entity
(Regional Entity)
DOE, DHS, EPA, NAESB
![Page 7: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/7.jpg)
Page 7 Company Logo
![Page 8: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/8.jpg)
Page 8 Company Logo
![Page 9: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/9.jpg)
Page 9 Company Logo
![Page 10: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/10.jpg)
Page 10 Company Logo
The Regulatory Challenge cont.
• Audits and Investigation Preparation
• Compliance burden on organization
• Standards Development
• Compliance with new standards and versions
• Internal Compliance and Monitoring Program
• Event Analysis Reporting and Lessons Learned
• Institutionalize recommendations
• Critical Infrastructure Protection
• Maintaining best practice / Defense in Depth
• SCADA System integrity / Smart Grid information / Mobile Devices
• CIP Standards and new versions
![Page 11: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/11.jpg)
Page 11 Company Logo
ERCOT Compliance Initiatives
What should the Compliance Department do?
• Compliance ‘promotes’ Reliability and Security
• Allow Subject Matter Experts to focus on improving industry, while still meeting compliance obligations (daily activities)
• Reduce duplication of regulatory efforts across the organization (one activity meets multiple regulatory requirements)
• Active Policy Monitoring and Enforcement to allow early detection and mitigation of issues, and avoid unnecessary compliance burden
• Minimize ‘Drift’ from stated expectations
• Institutionalize Recommendations, ‘Normal Practice’
![Page 12: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/12.jpg)
Page 12 Company Logo
ERCOT Compliance Initiatives cont.
What is the Compliance Department going to do?
• Consolidate PUCT/FERC/NERC Compliance Data Repositories
• Common regulatory evidence, sampling, reporting, event analysis, mitigation
• Implement AlertEnterprise ‘GRC’ Solution for Compliance
• NERC Reliability Standards, ERCOT Protocols, Corporate Policies, SSAE16
• Automate RSAW development, and other compliance activities
• Active Policy Monitoring and Enforcement (2013)
• Map requirements between multiple regulatory environments
• Provide Compliance Transparency
• AlertEnterprise Dashboards for Executives and Managers
• Risk/Gap/Impact analysis (AlertEnterprise ‘Risk Engine’ concept)
![Page 13: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/13.jpg)
Page 13 Company Logo
ERCOT Compliance Initiatives cont.
Additional detail on some initiatives....
![Page 14: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/14.jpg)
Page 14 Company Logo
ERCOT Compliance Initiatives cont.
AlertEnterprise/ERCOT mapping requirements between multiple regulatory environments:
- Map requirements between NERC – Protocols – Guides – Policy
- Interactive display of Requirement and document associations with master & transaction data,
- Displays Requirement association with transaction data (Assessments, Investigation, Mitigation, Self Report, Action Items, RSAW, Event Tracker) within a date range
![Page 15: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/15.jpg)
Page 15 Company Logo
ERCOT Compliance Initiatives cont.
AlertEnterprise/ERCOT NERC RSAW functionality:
- Developed for NERC RSAW creation,
- Can be applied/formatted for other regulatory requirements
- Templates with requirements and placeholders for compliance actions, SME and evidence tables
RSAW Kickoff
Requirements Mapping and
Evidence Collection
RSAW Draft Review and submission
process
NERC
![Page 16: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/16.jpg)
Page 16 Company Logo
ERCOT Compliance Initiatives cont.
![Page 17: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/17.jpg)
Page 17 Company Logo
ERCOT Compliance Initiatives cont.
![Page 18: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/18.jpg)
Page 18 Company Logo
ERCOT Compliance Initiatives cont.
AlertEnterprise/ERCOT ‘Risk Engine’ concept :
- Essentially a means to provide the association of a NERC ‘risk score’ or ‘risk categorization’ to framework items and controls
- Based on VRF, compliance history, enforcement history, NERC ranking (Top 20), self reports, mitigation plans etc.
- Benefits of assigning a ‘risk score’ to a standard and requirement will be the development of appropriate monitoring, reporting, dash-boarding, frequency of assessments, focused training, resource allocation etc.
- ERCOT vision is one of a ‘real-time’ compliance monitoring tool. Are we compliant today and what is the confidence that our controls in place are adequate, how well are we prepared to demonstrate compliance?
![Page 19: Technologies for Security and Compliance by Ken McIntyre, Ercot](https://reader035.fdocuments.us/reader035/viewer/2022062706/55759fd8d8b42aff598b4ba1/html5/thumbnails/19.jpg)
Page 19 Company Logo
Thank you - Questions?