Electric Sector Security & Privacy Plans for 2011

Transcription

1 Electric Sector Security & Privacy Plans for 2011 Galen Rasche Technical Executive Erfan Ibrahim Technical Executive Ad-Hoc Smart Grid Executive Committee 2011-Feb-10

2 Contents PDU Cyber Security R&D Portfolio National Electric Sector Cyber Security Organization EPRI Security and Privacy Initiative 2

3 EPRI s Cyber Security Focus for

4 EPRI 2011 Cyber Security R&D Portfolio 4

5 EPRI Cyber Security Resources Staffing Three Technical Executives One Senior Project Manager Three Project Engineers Lab capabilities Substation lab in Knoxville Interconnects between Charlotte, Knoxville, and Lenox Advisory structure Ad hoc Security and Privacy Executive Committee 5

6 EPRI Cyber Security Projects and Programs PDU Base Program For 2011: NERC CIP and DHS ICS JWG Coordination and Reporting Lemnos Testing for Security Configuration Profiles DNP4 Security Interoperability Testing Smart Energy Profile 2.0 Security Testing Procedures & Penetration Testing NESCO: Focal point for utilities, federal agencies, regulators, and researchers Organize the collection, analysis, and dissemination of infrastructure vulnerabilities and threats Cyber Security standards and requirements evaluation Research Projects: Secure Smart Grid Communications Cryptographic Key Management Tools and Templates For Measuring Security Posture Best Practices for NERC CIP Compliance 6

7 National Electric Sector Cyber Security Organization (NESCO) Vision: Provide a focal point for bringing together utilities, federal agencies, regulators, and researchers to address the electric sector security threats Objectives: Focus cyber security R&D priorities Identify and disseminate best practices Organize the collection, analysis, and dissemination of infrastructure vulnerabilities and threats 7

8 NESCO Project Structure Cyber Incident Data Center (EnergySec): Identify / receive threat information Forensics Vulnerability analysis Categorize threats Disseminate threat information to asset owners and operators R&D Industry Advisory Board: Provide technical oversight for the project for direction setting and content creation Facilitate outreach in the industry for greater participation and implementation Populated by industry groups, federal agencies, regulators R&D Team (EPRI and EnergySec): Review NIST, NERC and other cyber security requirements and results Assess existing power system and cyber security standards to meet the security requirements of the power system Develop risk mitigation strategies, best practices and metrics Test security technologies in labs and pilot projects 8

9 EPRI Led Team Supporting DOE NESCO National/ Commercial Research Labs Academia Subject-Matter Experts Oak Ridge National Lab Sandia National Lab Idaho National Lab National Renewable Energy Laboratory Palo Alto Research Center SRI Telcordia University of Houston Mladen Kezunovic (Texas A&M University) UCLA UC Berkeley University of Minnesota Smart Grid Consortium N-Dimension Inguardians Arc Technical EnerNex Xanthus Consulting International 9

10 NESCO Work Flow 10

11 EPRI Members Call to Action for NESCO Communicate critical security and privacy issues to EPRI to facilitate RD&D project identification (e.g., relating to NERC Compliance, SGIG and SGDP Cyber Security Assessment Plan) Volunteer cyber security technical staff to participate in NESCO Working Groups Volunteer senior cyber security experts to sit on NESCO advisory board 11

12 EPRI Cyber Security and Privacy Initiative Cross-sector initiative (Power Delivery, Generation, and Nuclear) Leverage lessons learned and address common concerns Address gaps in current industry security and privacy R&D work Forum for designing and implementing collaborative R&D projects to meet long-term security needs of the electric sector Ad-Hoc Electric Sector Security and Privacy Executive Committee Provides strategic advice and guidance on EPRI security and privacy R&D activities Contributions from IOUs, co-ops, ISOs, and municipals Involvement at the CIO-level 12

13 Near Term Goals of EPRI Cyber Security Research Initiative Develop the organizational structure and populate the Ad- Hoc Security and Privacy Executive Committee Organize and populate working groups to perform the RD&D projects 1Q11 2Q11 3Q11 4Q11 Create focused task forces for areas of interest Identify 1 st set of high priority RD&D projects 13

14 Security and Privacy Initiative Research Areas 14

15 Questions? 15

16 Together Shaping the Future of Electricity 16