Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas

Similar documents
Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas

NERC Staff Organization Chart

Grid Security & NERC

Cybersecurity for the Electric Grid

NERC Staff Organization Chart Budget

Security Standards for Electric Market Participants

EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,

NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION

Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

2011 North American SCADA & Process Control Summit March 1, 2011 Orlando, Fl

NERC Staff Organization Chart 2015 Budget

Cybersecurity Overview

Cyber Security Incident Report

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

Industry role moving forward

Standards. Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016

GridEx IV Initial Lessons Learned and Resilience Initiatives

Statement for the Record

New Brunswick 2018 Annual Implementation Plan Version 1

Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013

Cyber Threats? How to Stop?

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

RELIABILITY COMPLIANCE ENFORCEMENT IN ONTARIO

Cyber and Physical Security: An Integrated Approach Tim Rigg Managing Director, Enterprise Protective Services

playbook OpShield for NERC CIP 5 sales PlAy

FERC's Revised Critical Infrastructure Protection Demands Active Vigilance

Cyber Attacks on Energy Infrastructure Continue

Standard CIP Cyber Security Critical Cyber As s et Identification

LESSONS LEARNED IN SMART GRID CYBER SECURITY

National Policy and Guiding Principles

UNITED STATES OF AMERICA BEFORE THE U.S. DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Critical Infrastructure Protection Committee Strategic Plan

SOUTH TEXAS ELECTRIC COOPERATIVE, INC.

Standard CIP 007 3a Cyber Security Systems Security Management

Standard CIP Cyber Security Systems Security Management

Physical Security Reliability Standard Implementation

March 6, Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices

NERC Staff Organization Chart Budget 2017

Standard CIP Cyber Security Systems Security Management

Industrial Control Systems November 18, 2015

PIPELINE SECURITY An Overview of TSA Programs

Implementing Cyber-Security Standards

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Impacts and Implementation: NERC Reliability Standards, Compliance Initiatives, and Regulatory Activities

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION ) )

DRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1

Securing the Grid and Your Critical Utility Functions. April 24, 2017

FISMAand the Risk Management Framework

Critical Cyber Asset Identification Security Management Controls

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Ad Hoc Smart Grid Executive Committee. February 10, 2011 New Orleans, LA

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Standard CIP Cyber Security Critical Cyber As s et Identification

Cyber Security Reliability Standards CIP V5 Transition Guidance:

Standard Development Timeline

NERC Staff Organization Chart Budget 2019

NERC Staff Organization Chart Budget 2018

Cyber Security Standards Drafting Team Update

Critical Infrastructure Protection Version 5

Standard CIP Cyber Security Electronic Security Perimeter(s)

DHS Cybersecurity: Services for State and Local Officials. February 2017

Interactive Remote Access FERC Remote Access Study Compliance Workshop October 27, Eric Weston Compliance Auditor Cyber Security.

THE TRIPWIRE NERC SOLUTION SUITE

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION. Foundation for Resilient Societies ) Docket No.

NERC Staff Organization Chart Budget 2019

Legal, Ethical, and Professional Issues in Information Security

Standard CIP Cyber Security Incident Reporting and Response Planning

Standard CIP Cyber Security Security Management Controls

Standard CIP 007 4a Cyber Security Systems Security Management

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

Standard CIP 005 2a Cyber Security Electronic Security Perimeter(s)

NERC Overview and Compliance Update

NERC Staff Organization Chart Budget 2017

Information Systems Security Requirements for Federal GIS Initiatives

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

Cyber Security Update. Bennett L. Gaines Senior Vice President, Corporate Services, CIO, FirstEnergy 2012 Summer Seminar August 5-7, 2012

Exhibit to Agenda Item #2

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

Digital Wind Cyber Security from GE Renewable Energy

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Introduction to the NYISO

BILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

Regulatory Impacts on Research Topics. Jennifer T. Sterling Director, Exelon NERC Compliance Program

CIP Cyber Security Systems Security Management

Project Physical Security Directives Mapping Document

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

History of NERC January 2018

Private Sector Clearance Program (PSCP) Webinar

Standard Development Timeline

Electric Transmission Reliability

Smart Grid Standards and Certification

IT-CNP, Inc. Capability Statement

CYBER SECURITY POLICY REVISION: 12

Welcome Mike Kraft, MRO SAC Member

CIP Cyber Security Configuration Management and Vulnerability Assessments

Transcription:

Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas

Facts expressed in this presentation are Facts Opinions express in this presentation are solely my own The voices I hear speak only to me ERCOT should not be held accountable for my opinions, random ramblings or rants This presentation has NOT been reviewed by ERCOT Staff and does NOT represent ERCOT ISO or ERCOT Market Participant positions on any topic or issue that may be discussed 9/19/2011 2

Electric Reliability Council of Texas ERCOT Independent System Operator (ISO) for Texas Wholesale Generation and Retail Markets Regulated by Texas Utility Commission Texas Interconnection Some of ERCOT s Registered NERC functions include Reliability Coordinator Balancing Authority Transmission Operator Regional Transmission Planner We have been fully CIP Compliant since July 2008 with multiple NERC/RE CIP spot checks and audits 9/19/2011 3

Security of the North American Bulk Electric System (BES) is too important to be left to voluntary industry participation Implementation of Cyber Security controls in the CIP Standards requires a different model than that of other BES Reliability Standards Use of the BES Reliability Standards drafting and compliance models may actually reduce the overall security of the BES Full NERC CIP Compliance does NOT mean that an Entity is fully Secure against Advanced Threat Actors in Contested Network Space 9/19/2011 4

The Electricity Sector lacks a sufficient number of qualified security SMEs at all levels needed to properly implement Security SecOps analysts; Audit, Compliance and Enforcement staff; and senior Executives and Boards of Directors Training and Certification of security SMEs is a weak link Industry has placed far too much focus on compliance documentation and way too little attention on real-time security operations and monitoring Just like FISMA see OMB report on GAO and Agencies 9/19/2011 5

Monitor Cyber Security Legislation and Executive Orders for new requirements Track and Monitor emerging NERC CIP Standards V4/V5, now CIP-002 thru CIP-011 Involve key Control System SME staff in Standards Development Differences between IT and OT (Operations Technology) NERC is moving to enhanced use of the ROP (Rules of Procedures), CANs (Compliance Application Notices), and RSAWS (Reliability Standards Auditor Worksheets) to implement security measures outside scope of the Reliability Standards Development Process (RSDP) 9/19/2011 6

Support Smart Grid Joint DoE/NIST/NERC Risk Management Process Initiative to implement Smart Grid Guidelines based on the Smart Grid NISTR Engage Smart Meter Vendors and Researchers Privacy of Customer Information in AMI Plan for SynchroPhasers Deployment Network Architecture for Phasor Mgt Units Be smart about CA/non-CA identification of SynchroPhaser components? LMP (Local Marginal Pricing) and Nodal Market Models 9/19/2011 7

Increased emphasis on timely application of Patches for known vulnerabilities Enhanced Change Control and Configuration Management processes beyond CIP Improve Vendor Contracts and Supply Chain Management to rapidly address remediation of emerging security vulnerabilities 9/19/2011 8

Increase Real-Time Security Ops monitoring of networks and systems Move from monitoring the external security perimeters required by CIP to comprehensive monitoring all internal and external transactions Deep dive into event records and log files Coordinate results and enhance information sharing with other industry entities Improve -Private Information Sharing with DoE/DHS You need a Security Clearance through DHS 9/19/2011 9

Dept of Energy and the National Labs INL and National SCADA Test Bed PNNL and ESNM (Electric Sector Network Monitoring) Department of Homeland Security and Local Protective Security Agents (PSA) Pre-coordinate with Local LEAs and your FBI office Security Event and Information Monitoring is key to successful Security Program Do something with the log files required by NERC CIP Stds. Deep dive and find out what is really happening on your networks 9/19/2011 10

Global Monitoring of Internet Activities Security Companies (fee required) Federal Initiatives DOE Electricity Sector Network Monitoring NSA Perfect Citizen DOD Protecting Defense Industrial Base and ISPs, will expand to Electricity Sector DHS - Einstein Alerts (Information Sharing) NERC ES-ISAC ICS-CERT, US-CERT, MS-CERT, etc NESCO/NESCOR Other Utilities and Cross-Sector Critical Infrastructures SMEs Local Indicators (Anomalies) Business Network (Monitoring and Logs) EMS/SCADA system application EMS/SCADA system hardware Need to add Distribution Substations and Generation facilities 11

Enterprise Responses Telecommunications Network and Internet Perimeters Personnel EMS and SCADA Defenses Substation Defenses Generation Defenses Education and Training Incident Response Plans Information Sharing Post-event Analysis Configuration Controls and Monitoring 12

Move industry efforts away from Audits, Compliance Documentation and Enforcements of security for CAs/BES to a model based on Continuous Security Performance Monitoring of all networks and systems by qualified Security Ops Analysts and SMEs FISMA-II Model: Dept of State, DoD and NASA examples Set the Tone and Tenor from TOP of the Company Engage Senior level Executives, Boards of Directors and State/Local Regulators in the CIP/Cyber Security Program 9/19/2011 13

Improve Security Event Reporting NERC Electricity Sector ISAC reporting should NOT be the same as CIP 008 Incident Report NESCO/NESCOR: EnergySec/EPRI new kid on block Suggest joint collaborative effort between NERC ES-ISAC and DoE/NESCO for betterment of industry outside of NERC compliance functions 9/19/2011 14

NERC/FERC need to move away from Strict Compliance of the current language in the CIP standards Documentation violations should NOT result in significant fines or sanctions CIP and Cyber Security are too important to be locked up in the FERC regulatory process Too many lawyers making technical security decisions focused on strict compliance with Government Regulation Change focus from managing Compliance Risk to that of managing Security Risks 9/19/2011 15

Restructure CIP Standards to uniquely address security for Generation, Transmission & Distribution, Load Serving Entities, and Control Center Entities One size does not fit all Sound Security Controls for a Control Center could adversely affect reliability of Gen/Trans systems NERC members must step up and implement real security measures and controls for all environments CA Identification of BES components is NOT the right issue Better Secure all BES systems, AND other mission-critical systems and enterprise network systems and components Congress and the public do NOT differentiate between BES, Market and Enterprise Systems 9/19/2011 16

The Abilene paradox is a situations in which a group of people collectively decide on a course of action that is counter to the preferences of any of the individuals in the group Current NERC Standards Development Process demonstrates the well-known pitfalls of this form of Dysfunctional Group Dynamics How did we get to where we are today with CIP Standards? Is anyone happy with the Security in the Electricity Sector today resulting from Cyber Security Controls? Industry, NERC/FERC, Congress/Administration, or the? What do we do to avoid repeating the same mistakes again? 9/19/2011 17

9/19/2011 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback