GridEx IV Panel Discussion

Transcription

1 GridEx IV Panel Discussion NERC GridSecCon October,

2 Generation 254 GW Transmission Geography 120,000 Miles 22 States

3 GridEx IV Panel Discussion Focus on Operations NERC GridSecCon October 20, 2016 Steven McElwee Director, Enterprise Information Security PJM 2016

4 stress testing of response processes 4 PJM 2016 Photo credit:

5 facing problems you may not have anticipated 5 PJM 2016 Photo credit:

6 multiple levels of coordination 6 PJM 2016 Photo credit:

7 working with shared simulations PJM PJM 2016

8 engagement across different teams 8 PJM 2016 PJM 2016

9 Critical infrastructure must be secure and able to withstand and rapidly recover from all hazards. Achieving this will require integration with the national preparedness system across prevention, protection, mitigation, response, and recovery. Presidential Policy Directive PJM 2016 Photo credit:

10 Southern Company GridEx III October 20th 2016

11 Southern Company GridEx III Overview Over Southern Company Employees participated company wide 31 Departments and multiple sub departments participated Local Law Enforcement

12 Southern Company GridEx III Overview

13 Southern Company GridEx III Southern Company and GridExIII The preparation The GEWG did the heavy lifting Scenarios Timeline But, Have it your way! (Customization) Cyber Risk Preparedness Assessment (CRPA) GridEx is the easy button for CRPA to assess your Security program

14 Southern Company GridEx III Southern Company and GridExIII Generation Generation Control systems were infected by malicious code introduced by the vendor. Communication from 4 Generation plants was unreliable to the DCS One plant had a UAV carrying a bomb blowup a coal conveyer belt Transmission Communications issues Active Shooter Distribution Distribution substation attack at telecommunications facilities Explosion causes loss of Internet at our corporate headquarters

15 Southern Company GridEx III Southern Company Takeaways Communication Process Who to call When to call What to do when your overwhelmed Technology Diverse Technologies (Data and Voice) Serial Routable Cellular Satellite

16 GridEx III Player Training Questions

17 GridEx IV Panel Discussion Greg Goodrich Principal - Security and Compliance Coordination New York Independent System Operator NERC GridSecCon Québec City, QC October 20, New York Independent System Operator, Inc. All Rights Reserved.

18 GridEx I NYISO GridEx History Cyber triage with transmission owner GridEx II Operation engagement with cyber and physical events GridEx III Reliability Coordinator Sub-team Cyber Sub-team New York State simulation coordinated with transmission owners New York Independent System Operator, Inc. All Rights Reserved. 18

19 Cyber or Physical Security (Potential or Actual)+(Threat or Impact)=Risk to BES Entity Facility Service Impact - Status TransCo Control Center Station Service Loss - 100% GenCo Substation Transformer Loss - % BA Line Communications Access RC Generator Relaying Situational Awareness Load RTU/PLC Threat Communications Control Damage Other Vendor or Service Provider BES Assessment Metering Recovery: Estimated => Actual Theft New York Independent System Operator, Inc. All Rights Reserved. 19

20 The mission of the New York Independent System Operator, in collaboration with its stakeholders, is to serve the public interest and provide benefit to consumers by: Maintaining and enhancing regional reliability Operating open, fair and competitive wholesale electricity markets Planning the power system for the future Providing factual information to policy makers, stakeholders and investors in the power system New York Independent System Operator, Inc. All Rights Reserved. 20

21 NERC GridEx GridEx IV

22 Why? - Company Standards Governance Culture System Design System Maintenance Architectures Agility Defense Capability Plans Procedures Training Exercises Information Sharing Law Enforcement Intelligence Requests for Assistance SLA s

23 Why? -You Interaction and exposure to areas of your organization Interaction and exposure to peers Education on other sectors Education on other career areas Practice and exercise your emergency response skills 23

24 Participants GridEx Past, Present, and Future , ,400 3 GridEx IV 6, Utilities Gov / Academia Utilities Gov / Academia Utilities Gov / Academia Utilities Gov / Academia RC / ISO RC / ISO RC / ISO RC / ISO NERC RE NERC RE NERC RE NERC RE 420 Players 2,000 Players 4,400 Players 6,000 + Players

25 Practice the Way You Play Preparation Lessons Learned Identification Recovery Containment Eradication

26 Distributed Play Focus Shift GridEx 2011, GridEx II, GridEx III GridEx IV Preparation Identification Containment Eradication Recovery Lessons Learned

27 GridEx IV Scenario Escalation Consideration Grid Reliability Level Normal Nov 15 9 am 1 pm Nov 15 1 pm 5 pm Distributed Play Nov 16 9 am 1 pm Nov 16 1 pm - 5 pm Real time (Eastern) Executive Tabletop Nov am - 5 pm Move 0 Move 1 T = 0 to 4 hours Move 2 T = 4 to 8 hours Move 3 T = 24 to 28 hours Move 4 T = 72 to 76 hours Scenario Time

28 Move Zero 28

29 GEWG Big Picture Execution Foundation Customization -

30 Participation 30

31 Panel Discussion Questions