Compliance Monitoring and Enforcement Program Technology Project Update

Transcription

1 Compliance Monitoring and Enforcement Program Technology Project Update Stan Hoptroff, Vice President, Chief Technology Officer and Director of Information Technology Technology and Security Committee Meeting February 7, 2018

2 Current Status Vendor references completed (Freddie MAC, Fannie MAE, SCANA, SunPower) Selections narrowed down to two vendors Vendor product briefings conducted for ERO Technology Leadership Team Detailed technical evaluations in progress Focused on understanding vendor cautions and concerns, e.g., "stay in the box, strong governance, teamwork, trust, and transparency 2 RELIABILITY ACCOUNTABILITY

3 Top Steering Committee Issues Storage of CEII data within the new system Treatment of International Entities Management of historical data Interface with FERC Software licensing terms and conditions 3 RELIABILITY ACCOUNTABILITY

4 Upcoming Milestones Complete technical evaluation of vendor finalists February 16 Steering Committee final vendor selection February 26 Contracting and launch of Phase 2 work April 1 4 RELIABILITY ACCOUNTABILITY

5 5 RELIABILITY ACCOUNTABILITY

6 Registered Entities and ERO Enterprise IT Applications Update Stan Hoptroff, Vice President, Chief Technology Officer and Director of Information Technology Technology and Security Committee Meeting February 7, 2018

7 Agenda Misoperations data management portal Entity Registration Joint Registration Organization (JRO) Electricity Information Sharing and Analysis Center (E-ISAC) Technology Update Priorities Looking Ahead 2 RELIABILITY ACCOUNTABILITY

8 Misoperations Portal Benefits to Registered Entities Greatly improved user experience Provides users access to their entity s data as it appears in the database Users are able to update and edit previous submissions, if necessary Users can review and export various reports creating consistency in calculations done by industry By improving user experience we aim to increase data quality and decrease industry burden Users can submit for multiple entities for which they are authorized 3 RELIABILITY ACCOUNTABILITY

9 Portal Benefits to Regional Entity Users Regional Entities have access to same reports as user, at the Regional level Includes Submission Status Report o Provides a comprehensive one-stop check to determine what entities haven t submitted and what they still need to submit Misoperations Rate Report with consistent calculations o Can identify entities performing well or poorly relative to others in the Region or compared to NERC aggregated value Entities required to submit waiver Acts as attestation that they have no Protection System Operations and/or Misoperations to report Shows Regions which entities haven t performed their submissions versus which entities just didn t have anything to submit 4 RELIABILITY ACCOUNTABILITY

10 Portal Benefits to NERC Improvement of validations More comprehensive validations have been implemented Method of application greatly improved User receives immediate feedback on any errors in their spreadsheet Portal required initial development of security and permissions model Model has already been used as baseline for registration project 5 RELIABILITY ACCOUNTABILITY

11 Entity Registration JRO Benefits to Registered Entities: Provides a portal to submit JRO requests electronically, replacing manual submissions Data access: Ability to see other requests associated to them Data management: Update, cancel, or terminate requests Benefits to Regions and NERC: Improved reporting Eliminates the need to publish on NERC.com Single data source for all JRO requests Data management: Update, cancel or terminate requests 6 RELIABILITY ACCOUNTABILITY

12 E-ISAC Technology Update New portal enabled on December 19, 2017 Provisioned over 6000 User IDs for access to the portal Portal improvements include content organization, usability, performance, and security enhancements 7 RELIABILITY ACCOUNTABILITY

13 Priorities Looking Ahead Southwest Power Pool Regional Entity Dissolution Information Technology system modifications Public-facing website search, security, software upgrades, and publication improvements New functionality for the E-ISAC portal including User Communities and machine-to-machine automation New analytical capabilities for the E-ISAC include data warehousing and the delivery of an analyst workbench 8 RELIABILITY ACCOUNTABILITY

14 9 RELIABILITY ACCOUNTABILITY

15 Information Technology Cost Optimization Update Stan Hoptroff, Vice President, Chief Technology Officer and Director of Information Technology Technology and Security Committee Meeting February 7, 2018

16 IT Cost Optimization Supports ERO Enterprise strategy to improve enterprise-wide efficiency and effectiveness Eleven cost categories compatible with benchmarking studies Researched how NERC compares to other similar organizations ERO Enterprise combined 11.8 percent ratio of revenue to Information Technology (IT) spend; similar organizations at 12 percent Next steps Report Regional IT budgets using the newly created cost categories Examine consolidation of ERO Enterprise IT purchasing power 2 RELIABILITY ACCOUNTABILITY

17 Additional Information 3 RELIABILITY ACCOUNTABILITY

18 IT Cost Types Network Storage and servers Cyber security solutions Desktops and client peripherals Application support and enhancements Software support agreements Microsoft Enterprise Agreement New capabilities 4 RELIABILITY ACCOUNTABILITY

19 5 RELIABILITY ACCOUNTABILITY

20 E-ISAC Quarterly Update Bill Lawrence Director of the Electricity Information Sharing and Analysis Center Technology and Security Committee Meeting February 7,

21 Agenda Long-Term Strategic Plan Background 2017 Accomplishments Strategic Plan Framework Key Activities GridEx IV Update 2

22 Background The E-ISAC underwent a strategic review with the Electricity Subsector Coordinating Council (ESCC) in 2015 Under the ESCC, the Member Executive Committee (MEC) was created and serves as a CEO-led stakeholder advisory group MEC input was used on the E-ISAC Long-Term Strategic Plan developed in 2017 The plan was approved by the NERC Board of Trustees (Board) in 2017 and included in the NERC Business Plan and Budget for implementation in

23 2017 Major Accomplishments Information Sharing: provided subject matter expert content to three NERC Alerts Analysis: launched the Embedded Industry Augmentation program Engagement: conducted GridEx IV with over 6,500 participants (up 50% from GridEx III), over 450 organizations (up 30% from GridEx III) 4

24 Strategic Plan E-ISAC Strategic Plan Vision: To be a world class, trusted source of quality analysis and rapid sharing of electricity industry security information Supported by: NERC Board of Trustees Electricity Subsector Coordinating Council (ESCC) ESCC Members Executive Committee (MEC) Information Sharing Analysis Engagement Accelerate sharing and high priority notifications Enhance portal Improve information flow and security Build trust and show value CRISP CYOTE CAISS Strategic Vendor Partnerships Hire and develop exceptional employees Leverage information sharing technologies and resources to enhance analytical capability Prioritize products and services Metrics benchmarking Evaluate 24x7 Operations (future) World Class ISAC 5

25 E-ISAC Critical Broadcast Notifications Procedures established and prepping for exercise in Q1 Key Activities Update CRISP Program and CRISP Governance Committee Activities Established E-ISAC local access to CRISP data Governance Committee organized, charter under development Further expanding Membership Base target minimum of four companies joining Identifying and evaluating opportunities to lower cost of participation Developing Strategic Plan Portal Launch Launched December 19, 2017 Providing post-production support Commence planning for portal enhancements, including potential data visualization, authentication, user management, and registration 6

26 Key Activities Update MEC Working Group Ongoing stakeholder feedback on enhancement activities with pilot program support and feedback User Communities Developing user communities governance and implementation plan Implementing and testing user community capability Automated Information Sharing Developing and piloting CAISS analytic capabilities Evaluating pros and cons in moving ahead with ThreatConnect platform Products and Services Gathering requirements, developing plan, and issuing RFP for data warehouse, analyst workbench, and event management tool Evaluating deployment of DOE malware forensics tools and dropbox 7

27 GridEx Objectives Exercise incident response plans Expand local and regional response Engage critical interdependencies Improve communication Gather lessons learned Engage senior leadership 8

28 9 GridEx IV Participation Map

29 GridEx IV Communications NERC Crisis Action Team Electricity Subsector Coordinating Council (ESCC) Regional Entities Trade Associations Energy GCC Other SCCs Unified Coordination Group (UCG) or non-us equiv. Executive Coordination NERC Bulk Power System Awareness (BPSA) E-ISAC Electricity Information Sharing & Analysis Center DOE Department of Energy DHS NCCIC ICS-CERT US-CERT Other Federal Agencies US: FBI, FERC, DOD Canada: Public Safety Canada, NRCan, RCMP, CSIS, CCIRC Vendor Support IT, ICS, ISP, Anti-virus Other Critical Infrastructures Telecommunications Oil & Gas others Bulk-Power System Entities Coordinated Operations Reliability Coordinators, Balancing Authorities, Generator Operators, Transmission Operators, Load Serving Entities, etc. Coordination with Government Local, State/Provincial Government Emergency Management Organizations Emergency Operations Centers / Fusion Centers Local FBI, PSAs National Guard PUCs, PSCs ExCon GridEx IV Exercise Control NERC staff, GEWG, Booz Allen, Nat l Labs, SMEs for Sim-cell, etc. 10

30 GridEx Participation GridEx Exercise Participation % % % % % % 57% 36 47% GridEx I GridEx II GridEx III GridEx IV Active Observing 11

31 Executive Tabletop GridEx IV Executive tabletop events with senior industry and government participants were held in parallel in the U.S., Canada, and Australia The tabletops engaged senior leaders in a robust discussion of the policy issues, decisions, and actions needed to respond to a grid security emergency caused by severe coordinated cyber and physical attacks Participants discussed security and electricity reliability challenges, cross-sector interdependencies, and the decisions needed to support timely response and recovery of the grid 12

32 GridEx IV Reports Three reports are under construction: Distributed play lessons learned (limited release) Executive tabletop recommendations (limited release) Public report Reports will be out for comment and edits in February Reports issued in March 13

33 14

34 15 Backups

35 2017 Accomplishments Launched portal 16 Information Sharing Analysis Engagement Shared over 210 cyber bulletins (140 member-posted; 71 E-ISAC-posted) and 165 physical bulletins (64 memberposted; 101 E-ISAC-posted) Provided content to three NERC Alerts on: Modular Malware Targeting Electric Industry Assets in Ukraine Advanced Persistent Threat Actor Targeting Electric Industry and Other Critical Sectors Supply Chain Risk Gathered GridEx IV lessons learned and recommendations Adopted internationally accepted Traffic Light Protocol for information handling Facilitated 12 monthly E-ISAC and CRISP webinars Facilitated two CRISP member workshops and threat briefings Participated in NRECA RC3 Cyber Security Summits for information sharing best practices Launched recruiting efforts, hired one cyber analysis specialist in 2017 Launched the Embedded Industry Augmentation program Collaborated with CIPC Security Metrics Working Group on new security metrics and data sources Produced a security risk assessment for the MRO Security Advisory Council Produced 51 Weekly, 12 Monthly, 1 Mid-Year, and 1 End of Year reports Produced 12 MonthlyCRISP Analysis reports Conducted GridEx IV: over 6,500 participants (up 50% from GridEx III), over 450 organizations (up 30% from GridEx III) Conducted GridSecCon 2017 with over 500 participants (an increase of 20% from GridSecCon 2016) Enhanced CRISP Participation from 25 to 27 companies CRISP governance group of 15 companies Independent audit of PNNL security practices, data handling Formalized partnership with Downstream Natural Gas ISAC Established MEC user group governance team (UNITE, ISO/RTO Council, Large Public Power Council) Increased active E-ISAC Portal membership from 2,500 to over 3,200 from Q1 to Q3 Partnered with DARPA on a cyber security program for electric utilities linked to the GridEx program Partnered with the University of Illinois at Urbana-Champaign and its new Industry University Cooperative Research Center Discussed malware solutions pipeline research effort with DOE and National Laboratory system Enhanced international engagement: Performed Cyber Risk Preparedness Assessment in Mexico Initiated collaboration with the Japan Electricity ISAC and European E-ISAC (to be continued in 2018)