Electric Power Industry s Approach to Grid Security

Transcription

1 Electric Power Industry s Approach to Grid Security Richard Ward, Director, National Security Policy Edison Electric Institute (EEI) Cybersecurity & Privacy Policy Academy November 2, 2017 San Francisco, CA

2 Overview The Threat Landscape Approach to Grid Security Electricity Subsector Coordinating Council Ongoing Initiatives

3 3

4 The Electric Power Industry: Vital to America s Economy

5 Perception Government is inept Industry doesn t care Buy canned goods Hollywood movie scripts

6 Threat Landscape

7 Our Approach to Grid Security Regulations Industry-Government Partnership Incident Response Physical Electricity Subsector Coordinating Council (ESCC) Grid Resiliency Cyber Electricity Information Sharing & Analysis Center (E-ISAC) Mutual Assistance Partnerships with federal, state, & local governments Spare Equipment Programs

8 Purpose The ESCC is the principal liaison between the electric sector and the federal government for coordinating efforts to prepare for, and respond to, national-level disasters or threats to critical infrastructure. 8 8

9 9 Industry-Government Coordination

10 ESCC Update 10 10

11 1. Engaging New Administration 2. Cybersecurity Executive Order 3. Cross-Sector Coordination 4. Supplemental Operating Strategies 5. Cyber Mutual Assistance 6. Emerging Threats (IoT & Ransomware) 7. Proactive Incident Response Messaging 8. GridEx IV 11 11

12 Engaging New Administration Nov March 2017 June 2017 Aug. Oct 2017 Nov 2017 Outreach to the Transition Team ESCC Leadership meetings with Trump Administration ESCC meeting Response to Hurricanes Harvey, Irma, Maria, Nate, California Wildfires ESCC Meeting & GridEx IV

13 Cybersecurity Executive Order Relevant to electric sector: Report 1: Grid Impact Study (90 days) Report 2: Section 9 Entities (180 days) Workforce Development (120 days) Deterrence (90 days) 13

14 Supplemental Operating Strategies GridEx III & Ukraine underscored challenges and need to explore how to operate the grid in degraded state. ESCC tasked the North American Transmission Forum (NATF) to assess Work ongoing but what we are learning is operating the grid in a degraded state is all about the ability to communicate

15 Cross-Sector Coordination Interdependences across lifeline sectors (Communications, Downstream Natural Gas, Financial Services, Transportation, & Water) Focus on communications and financial services sectors Development of the Strategic Infrastructure Coordination Council (SICC)

16 Cyber Mutual Assistance A New Approach Not just reactive CMA Coordinator Senior level expert Open to all electric generation, transmission, distribution, and downstream natural gas entities Currently, 130 members Participants reimbursed for costs incurred while providing emergency cyber assistance Voluntary program NDA required

17 Emerging Threats Internet of Things (IoT) Dyn Attack (October 2016) Activated Cyber Mutual Assistance IoT challenges associated with Smarter Energy Infrastructure Ransomware The industry needs doctrine Mixed messages from the government

18 Proactive Incident Response Messaging ESCC and the government are improving how we gather, share, and communicate during incidents With social media, local events no longer remain local Media assumes equipment failure must be due to a cyber attack Coincidences = coordinated attack

19 GridEx IV November industry organizations participating ESCC-government executive TTX Cross-sector and state coordination focus GridEx findings and recommendations inform ESCC work period for following two years

20 Resources Edison Electric Institute: Electricity Subsector Coordinating Council: Richard Ward Director, National Security Policy Edison Electric Institute

21 The Edison Electric Institute (EEI) is the association that represents all U.S. investor-owned electric companies. Our members provide electricity for 220 million Americans, operate in all 50 states and the District of Columbia, and directly employ nearly 500,000 workers. With $100 billion in annual capital expenditures, the electric power industry is responsible for millions of additional jobs. Safe, reliable, affordable, and clean electricity powers the economy and enhances the lives of all Americans. EEI has dozens of international electric companies as International Members, and hundreds industry suppliers and related organizations as Associate Members. Organized in 1933, EEI provides public policy leadership, strategic business intelligence, and essential conferences and forums. For more information, visit our Web site at