Live Webinar: Best Practices in Substation Security November 17, 2014

Transcription

1 Live Webinar: Best Practices in Substation Security November 17,

2 Agenda & Panelists Welcome & Introduction - Allan Wick, CFE, CPP, PSP, PCI, CBCP Enterprise Security Manager-CSO Tri-State Generation & Transmission Assoc. NERC Reliability Standards, Metcalf - Brian M. Harrell, CPP Director, ES-ISAC Operations Electricity Sector Information Sharing and Analysis Center North American Electric Reliability Corporation Protecting Our Key Electrical Assets - David Batz, CISSP Director, Cyber & Infrastructure Security at the Edison Electric Institute (EEI) Substation Physical & Electronic Security - Hamid Sharifnia, P.E. Sr. Substation Technical Advisor Chair, IEEE Physical Security Standards Working Group ShotSpotter 2

3 Physical Security Update Brian M. Harrell, CPP Director, NERC ES-ISAC November 2014

4 Over 55,000 Substations over 100 Kv in size!

5 The Real Challenge Securing a Remote or Urban Asset!

6 Metcalf 10 of /230kV units damaged 3 of 4-230/115 kv units damaged 6 x 115kV Circuit Breakers received gunshot damage

7 Metcalf

8 Physical Security Standard CIP-014 Purpose: To identify and protect transmission stations and transmission substations, their associated primary control centers, that if rendered inoperable or damaged as a result of physical attack could result in widespread instability, uncontrolled separation, or cascading within an interconnection. Applicability: Transmission Owners (TO) Transmission Operators (TOP)

9 Physical Security Standard CIP-014 FERC Directive to NERC on March 7th SDT quickly assembled Physical security plan to secure the most critical sub-stations and primary Control Centers Approved by industry on 5/5 Submitted to FERC on 5/23 FERC NOPR on 7/17

10 Information Sharing

11 The Electric Sector Information Sharing and Analysis Center (ES-ISAC) provides a trusted capability for: ES-ISAC Sharing sector specific information Collecting, analyzing, and disseminating Alerts and incident reports Working with government agencies to ensure sector technical details are accurately understood Coordinating with other ISACs and International groups Providing for mutual information sharing during disruptions

12 ES-ISAC Portal Goals for the ES-ISAC Portal Extend the functionality and use of the portal Utilize Microsoft technology and maintain alignment with existing and future information technology (IT) in-house initiatives Act as the clearinghouse for Registered Entities to securely find, share, and collaborate on critical infrastructure and security related information Portal will undergo aggressive schedule following several iterations of Design Build Test Promote cycles (see next slide for graphic) Objectives: Portal 1.0 go-live This will put the portal out of pilot mode and into full production open to all registered entities HYDRA This will create a collaborative zone strictly for registered entity HYDRA members Task Force Collaboration Zones This will create a collaborative zone strictly for registered entity task forces Portal 1.5 This will have a formal feature addition list for the main site as well as HYDRA and Task Forces Condition Reporting This will serve as a hub to report one event by the registered entity to various groups such as CID, SA, EA Portal 2.0 Feature and polish incremental release (TBD during design phase) The portal will create the vertical communications that were regarded as lacking during the GridEx.

13 ES-ISAC Outreach Activities GridEx III- November 18-19, 2015 DHS Energy Sector Road Show Briefings Critical Infrastructure Protection Committee (CIPC) Meetings One-on-One Outreach Visits NERC Grid Security Conference (GridSecCon) Cyber Risk Preparedness Assessments (CRPA) DOE/DHS/NERC Physical Security Maturity Model Increased Physical Security Presence on the ES-ISAC Portal Classified Briefs Next Classified brief (Secret) is Dec. 9 th in Atlanta

14 Critical Infrastructure Protection: Protecting Our Key Electrical Assets David Batz Director Cyber and Infrastructure Security

15 Edison Electric Institute %

16 Spare Transformer Equipment Program SpareConnect SpareConnect offers an online tool to communicate a utility s bulk power system equipment needs and provides point of contact information for people and equipment across the North American electric utility industry for specific equipment categories and classes.

17 Timeline

18 IEEE PES Substations Committee Substation Physical and Electronic Security Hamid Sharifnia, P.E. November 17 th, 2014

19 1. Despite the Metcalf attack, most U.S. substations remain vulnerable. 2. Best practices for a comprehensive security program for substations. 3. Components of a complete physical security plan for electric power substations. 4. Physical protection to mitigate the risks for unmanned, rural substations. 5. Requirements for different levels of physical security for electric power substations. 6. Best practices for alerting first responders and how do staff security teams interact with them?

20 IEEE PROJECT P1402 Standard for Physical Security of Electric Power Substations (Read entire Standard at Overview. P1402 This standard establishes minimum requirements and practices for the physical security of electric power substations. Threat assessment; Social, political & economic background of the threat, company downsizing. Intrusions; - Type of Intrusions, pedestrian, vehicular, projectile, electronic; - Parameters, events that influence intrusions

21 Substation Security Plan Objective States primary concerns, such as vandalism and theft in existing stations, or theft and injury during substation construction. Responsibility, Who? Basic Requirements Minimum level includes fences with locked gates, control buildings w locked doors, Additional measures Motion detectors, perimeter/area detection systems, security cameras, jersey barriers, posted guards Sample assessment

22 Criteria for Substation Security A. Security Methods Barriers; fence, walls, locks; Electronic; motion sensing, video surveillance, building system, computer security, passwords, dial back verification, selective access, virus scans, encrypting and coding; Other Methods; lighting, landscaping, building, patrols, B. Communications Internal; all employees know their security responsibilities. External; neighbors, community C. Effectiveness of Security Methods

23 Security Measure: Fence, Wall, Barriers, Passive Anti-arm Barriers, Active Entry Point. Mitigation: Electronic Access Control, Barcode, Magnetic Stripe, Biometric Readers, Perimeter intrusion detections systems, Video Monitoring System, Gunshot Detection, Security Lighting, Power & Communication. Optimum Security Option: Computing equipment shall be placed in a physically controlled environment with access limited to personnel who are responsible for administering the equipment. The room shall have proper environmental controls. Risk: An initial survey of substations and overall systems should be conducted to identify persons or groups who threaten substations and to identify the risks such as theft, vandalism, or terrorism.

24 Possible Threat Vectors Unauthorized forced entry Insider threat Small arms ballistic attack (gunfire) Improvised explosive device

25 Effectiveness of security methods rural substations Survey cited in1402 standard

26 Best Practices: Working w First Responders Have a plan. Establish relationships with federal & local law enforcement officials, review your plan with them. Designate a point person - both at your facility and in local law enforcement. Keep abreast of threats and attacks. Consider hosting training events with federal & local law enforcement officials at your facility to help strengthen relationships, improve information sharing and help build more accurate risk assessments.

27 Webinar: Best Practices in Substation Security 27 Q & A How Can We Help? info@shotspotter.com awick@tristategt.org dbatz@eei.org brian.harrell@nerc.net Hamids@ieee.org Makers of ShotSpotter SiteSecure Gunshot Detection Solutions for Utilities For more info, see