Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

Transcription

1 Grid Security & NERC Council of State Governments The Future of American Electricity Policy Academy Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

2 1965 Northeast blackout 1968 NERC voluntary organization formed 1997 Electric Reliability Panel and Department of Energy Electric System Reliability Task Force agree that legislation needed to assure reliability standards are mandatory and enforceable 2

3 August 14, 2003

4 Recent NERC History Energy Policy Act of 2005 Section 215 Federal Power Act Authorized Creation of Electric Reliability Organization Interconnected grid called for North American approach Reliability standards developed by ERO Oversight by U.S and Canadian Authorities Mandatory and enforceable by all users, owners and operators of the bulk power system includes cybersecurity protection Regional entities with delegated responsibility Mandate to assess reliability 2006 NERC Certified by FERC as the ERO 2007 First standards become mandatory and enforceable 2009 Initial CIP Standards approved by NERC Board Of Trustees 4

5 Unique Form of Regulation Interconnected grid with Canada; oversight by U.S. and Canadian authorities Roughly 1900 owners, operators, and users of the BPS Focus on reliable operation of the BPS Standards cannot require construction of new transmission or generation capacity Independent Board of Trustees All entities with a material interest in the reliability of the BPS can be NERC members Member Representative Committee reports to the Board Eight Regional Entities at the front line, performing delegated functions 5

6 NERC Regions FRCC MRO NPCC RF SERC SPP-RE TRE WECC Florida Reliability Coordinating Council Midwest Reliability Organization Northeast Power Coordinating Council ReliabilityFirst SERC Reliability Corporation Southwest Power Pool Regional Entity Texas Reliability Entity Western Electric Coordinating Council 6

7 NERC CIP Relationships Federal Advisory Committees Strategic National Infrastructure Advisory Council (NIAC) Electricity Advisory Committee (EAC) Sector Coordinating Councils Information Sharing and Analysis Centers/ Organizations Policy Coordination Operational Coordination Electricity Sub-sector Coordinating Council (ESCC) Electricity Information Sharing and Analysis Center (E-ISAC) and NERC Standards 7

8 Cybersecurity Standards Designed to provide a foundation of sound security practices across the BPS Mandatory cyber standards cover numerous security aspects Critical assets identified Critical control centers and facilities secured Operations cyber assets fire walled and well-patched Industry is audited for compliance with the standards Now on CIP Version V 8

9 Physical Security Standards CIP-014 Purpose To identify and protect transmission stations and transmission substations, their associated primary control centers, that if rendered inoperable or damaged as a result of physical attack could result in widespread instability, uncontrolled separation, or cascading within an interconnection Applicability: Transmission Owners (TO) Transmission Operators (TOP) Effective Date October 1,

10 E-ISAC: Not Every Vulnerability Requires a Standard ISAC concept introduced in Presidential Decision Document 63, published in 1998 Electric power was identified as a critical sector along with 14 others Homeland Security Presidential Directive 7 (2003) Presidential Policy Directive 21 (2013) Electricity sector s ISAC has been hosted by NERC since 1999 Recent concerns about sensitive information shared with the ISAC Could leak to NERC compliance and enforcement groups Caused a rethinking about the proper relationship ESCC identified strategic review of the ES-ISAC as a priority national security issue for 2015 Strategic review initiated in January 2015, completed in June 2015 ES-ISAC renamed to E-ISAC in September

11 Products NERC Alerts Incident (cyber and physical) bulletins Daily, weekly, and monthly summary reports Issue-specific reports Programs and Services Monthly briefing series, first Tuesday of the month Training at quarterly CIPC meetings Grid Security Conference (GridSecCon) Grid Exercise (GridEx) Cyber Risk Information Sharing Program (CRISP) Physical security outreach visits Tools E-ISAC portal ( Emergency notifications STIX/TAXII automated information sharing E-ISAC Products and Services 11

12 E-ISAC and NCCIC The E-ISAC maintains a presence at the National Cybersecurity and Communications Integration Center (NCCIC), a DHSoperated 24/7 watch floor near Washington, D.C. Top Secret, real-time, operations center Hub for classified threat and vulnerability work E-ISAC cleared personnel analyze the threat and vulnerability components seen by the intelligence community and make an initial determination of potential impacts on the BPS 12

13 Cross-Sector Integration The E-ISAC maintains a close working relationship with other ISACs and information sharing organizations Energy DNG-ISAC ONG-ISAC Water Water-ISAC Communications Comm-ISAC Financial Services FS-ISAC Transportation Aviation-ISAC Healthcare NH-ISAC Information Technology IT-ISAC Government MS-ISAC ICS-CERT US-CERT National Coordinating Center for Telecommunications 13

14 E-ISAC Activities Cyber Examples of Phishing Themes/Subjects: Order delivery Fwd: (blank) General Liability and Workers Compensation Insurance 14

15 Data Exfil Events 15

16 Data Exfil Events Energy 16

17 E-ISAC Activities Physical The majority of events involved incidents of Intrusion (36%) Suspicious Activity (29%) 17

18 Exercises and Events Grid Security Conference (GridSecCon) 2016 October 18-21, 2016 Quebec City Grid Security Exercise (GridEx) IV November 15-16, 2017 Two days of distributed play Executive Tabletop Multiple ways to participate Builds on GridEx III lessons learned Secure The Grid (STG) Series classified one-day sessions 18

19 Learn More About Us! Sign up online at Download our how to guides Brochure Understanding Your E-ISAC Engaging the E-ISAC 19

20 Security Challenges Cyber-attack vectors are multiplying: System and network intrusions Complex supply chain Increased use of wireless communication and reliance on the Internet Physical security Increased Information sharing between public/private sector Security Clearances Limited access to classified information Diverse regulatory oversight: federal, state, provincial 20

21 Tip of the Iceberg 21

22 Questions? 22