Cyber Mutual Assistance. February 26, 2018

Transcription

1 Cyber Mutual Assistance February 26, 2018

2 Summary of Today Overview of the ESCC Cyber Mutual Assistance Program Who/what is the ESCC? What is CMA? Why a CMA Program? How does it work? What value for Cooperatives? How to become a Member

3 A Few Questions How many of you are adequately staffed to handle all of your day-to-day IT responsibilities? How many of you are adequately staffed to handle your duties in an emergency situation? How many could completely rebuild every workstation in your organization in the timeframe that would be expected?

4 Mutual Assistance

5 Electric Subsector Coordinating Council Senior policy-setting body in the electric sector under the DHS critical infrastructure protection framework Provides a senior-level interface with federal agencies that work with the electric sector CEOs from 30 IOUs, Cooperatives, Municipals & RTO/ISOs AECC CEO Duane Highley serves as co-chair for Cooperative utilities ESCC sponsors initiatives to increase resilience in the electric sector

6 ESCC Initiatives Playbook for major emergencies in our sector Oversight of NERC s Electricity Information-Sharing and Analysis Center (E-ISAC) EMP Task Force, engaged with EPRI Cyber Mutual Assistance (CMA) program Other high-level policy issues

7 Cyber Mutual Assistance A new approach to cyber-related issues Not just reactive, but proactive Legal and operational groundwork done in advance Provides surge capacity for cyber events affecting delivery of essential services Similar in concept to traditional mutual aid programs Yet a VERY different set of challenges

8 Linemen, bucket trucks, chain saws, etc. Similar line construction across the continent Incidents are geographically-bounded Hurricanes Ice Storms Tornadoes Traditional Mutual Aid Some level of advance notice

9 Differences in Cyber Mutual Assistance Servers, workstations, routers, firewalls, EMS/SCADA, AMI/AMR, OMS, etc. Very different configurations from company to company Cyber events are NOT geographically-bounded Little or no advance warning Regulatory issues Am I next? Much to consider

10 Cyber Mutual Assistance Challenges Cyber is a very different animal from storm restoration Transmission and distribution systems are similar from one utility to the next Cyber systems are not Cyber attacks come with no notice Unlike hurricanes and ice storms, which give some warning Cyber issues come with regulatory and compliance issues NERC, HIPAA, PCI, etc.

11 Cyber Mutual Assistance Challenges (cont) Cyber attacks are not geographically-bounded Again, unlike hurricanes and ice storms Can strike multiple locations simultaneously and randomly Am I next? Given the uncertainty, I may be unwilling to release my staff to assist someone else Undoubtedly other issues, as well

12 CMA is entirely voluntary No requirement for utilities to join No requirement for Members to participate Program cannot require Members to provide resources to others CMA provides a solid legal framework for resource sharing to take place How Does it Work? The hard work here has been done

13 Cyber Mutual Assistance (cont) Guiding principles codified in two legal documents A non-disclosure agreement (NDA) ensures protection of information (required for participation in CMA) A boilerplate contract provides terms and conditions for engagement between utilities (voluntary, but useful) Covers travel costs, labor costs, safety, etc. Execute the NDA and your Cooperative is Member Execute the contract to save time in a crisis

14 How Does CMA Work? Several engagement options 1. Coordinate through the CMA Program Office 2. Coordinate through G&T/Statewide (if CMA Members) 3. Contact a CMA peer directly

15 Through CMA Program Office Contact the CMA Program Office at EEI Ask to convene the CMA Coordinators group Discuss your issues and needs with the group Wait for volunteers to step forward Work out contractual details with responders (or use boilerplate contract) Bring them in to get the work done

16 Through a G&T/Statewide Very similar, but in the family If your G&T is a member and is willing to coordinate Contact your G&T and ask to convene CMA Members G&T convenes CMA members in your G&T Discuss your issues and needs with your peers Wait for peers to step forward Work out details with peers (or use boilerplate contract) Bring in your peers to get the work done

17 Directly With Your Peers Contact a peer in the CMA program directly Discuss your issues and needs with your peer Determine their willingness to assist Work out details with peer (or use boilerplate contract) Bring in your peer to get the work done

18 Value of CMA for Cooperatives Cooperatives already provide assistance to each other in times of need always have, always will CMA provides an additional layer of structure and protection for cyber-related incidents NDA protects the information shared Cyber is sensitive business Boilerplate services agreement provides pre-established terms and conditions, if desired

19 Value of CMA for Cooperatives (cont) CMA participants are free to engage each other however they choose There may be hesitance to engage full CMA program Reach out to other Cooperatives first/directly, if preferred Leverage the CMA framework for one-on-one engagement The hard work has already been done Great value to having Cooperatives on the CMA Roster See next slide

20 Value of CMA for Cooperatives (cont) Resources Access to skilled, trusted resources Privacy Only CMA members know other members; information-sharing is protected Protection NDA and default Terms of Service agreement Experience Periodic CMA conference calls and exercises Information-Sharing CMA passes along critical information as it comes available (but won t overwhelm) Perception - Cooperative participation shows that we are serious about cyber security

21 To join CMA See Contact Dave Batz at or Kaitlin Brennan at Mention that their dear friend Robert AECC referred you G&Ts and Statewides: PLEASE encourage your Member Cooperatives to join What Next? We need more Cooperatives participating!

22 Questions? We can connect one-on-one to discuss For more information: Robert McClanahan VP/Chief Technology Officer Arkansas Electric Cooperative Corp (501)