ERO Enterprise IT Projects Update

Similar documents
Agenda Technology and Security Committee November 6, :15 a.m.-12:00 p.m. Eastern

Reliability Standards Development Plan

Compliance Monitoring and Enforcement Program Technology Project Update

Grid Security & NERC

Critical Infrastructure Protection Version 5

Multi-Region Registered Entity Coordinated Oversight Program

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

NERC Staff Organization Chart Budget 2019

Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

NERC Staff Organization Chart Budget 2019

NERC Staff Organization Chart Budget 2018

Standards. Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016

Critical Infrastructure Protection Committee Strategic Plan

Agenda Technology and Security Committee

Critical Infrastructure Protection Committee Strategic Plan

Electric Reliability Organization Enterprise Operating Plan

NERC Staff Organization Chart Budget 2017

Standards. Howard Gugel, Senior Director of Standards and Education Board of Trustees Meeting November 9, 2017

NERC Staff Organization Chart Budget 2017

2018 MRO Regional Risk Assessment

Critical Infrastructure Protection Committee Strategic Plan

NERC Staff Organization Chart

Chapter X Security Performance Metrics

FERC Reliability Technical Conference Panel III: ERO Performance and Initiatives ESCC and the ES-ISAC

Chapter X Security Performance Metrics

Chief Executive Officer. Pacific Northwest Utilities Conference Committee Portland, Oregon March 8, 2013

NERC Staff Organization Chart 2015 Budget

Compliance Enforcement Initiative

CIP Version 5 Transition. Steven Noess, Director of Compliance Assurance Member Representatives Committee Meeting November 12, 2014

Private Sector Clearance Program (PSCP) Webinar

NERC Staff Organization Chart Budget

Standards. Howard Gugel, Director of Standards Board of Trustees Meeting May 5, 2016

Industry role moving forward

Physical Security Reliability Standard Implementation

NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION

Standards. Howard Gugel, Senior Director of Standards and Education Board of Trustees Meeting May 11, 2017

ERO Enterprise Strategic Planning Redesign

Agenda Technology and Security Committee February 7, :15 a.m.-12:15 p.m. Eastern

History of NERC January 2018

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

NERC Overview and Compliance Update

Efficiency and Effectiveness of Stakeholder Engagement

ERO Compliance Enforcement Authority Staff Training

EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,

Cyber Security Incident Report

New Brunswick 2018 Annual Implementation Plan Version 1

RELIABILITY COMPLIANCE ENFORCEMENT IN ONTARIO

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION. Foundation for Resilient Societies ) Docket No.

ERO Reliability Risk Priorities Report. Peter Brandien, RISC Chair Member Representatives Committee Meeting November 1, 2016

Live Webinar: Best Practices in Substation Security November 17, 2014

Cyber Security Standards Drafting Team Update

Impacts and Implementation: NERC Reliability Standards, Compliance Initiatives, and Regulatory Activities

Compliance Exception and Self-Logging Report Q4 2014

Contingency Reserve Sharing; Ancillary Services Market. Presented to the JCM Joint Stakeholder Meeting

Member Representatives Committee. Pre-Meeting and Informational Webinar January 16, 2013

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

RELIABILITY OF THE BULK POWER SYSTEM

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Cyber Security Reliability Standards CIP V5 Transition Guidance:

History of NERC December 2012

Global Resilience Federation Trust. Collaboration. Community. Cindy Donaldson President, Global Resilience Federation October 2017

FERC Reliability Technical Conference -- Panel I State of Reliability and Emerging Issues

NERC Critical Infrastructure Protection Committee (CIPC) Highlights

E-ISAC Long-Term Strategic Plan April 24, 2017

PIPELINE SECURITY An Overview of TSA Programs

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION ) )

Québec Reliability Standards Compliance Monitoring and Enforcement Program Implementation Plan Annual Implementation Plan

Board of Trustees Compliance Committee

Cybersecurity and the Board of Directors

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Appendix A3 - Northeast Power Coordinating Council (NPCC) 2015 CMEP Implementation Plan for Entities within the U.S.

ERO Reliability Risk Priorities Report. Peter Brandien, Reliability Issues Steering Committee Chair WECC Reliability Workshop March 21, 2018

Chapter X Security Performance Metrics

Regulatory Impacts on Research Topics. Jennifer T. Sterling Director, Exelon NERC Compliance Program

Member Representatives Committee Meeting

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Scope Cyber Attack Task Force (CATF)

Annual Report for the Utility Savings Initiative

Standard CIP Cyber Security Incident Reporting and Response Planning

Standard Development Timeline

Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013

Critical Cyber Asset Identification Security Management Controls

Critical Asset Identification Methodology. William E. McEvoy Northeast Utilities

Analysis of CIP-006 and CIP-007 Violations

Cyber Threats? How to Stop?

DRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1

Procedure For NPCC Bulk Electric System Asset Database

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

Standard CIP Cyber Security Electronic Security Perimeter(s)

Cyber Partnership Blueprint: An Outline

Standards. Mark Lauby, Vice President and Director of Standards Board of Trustees Meeting November 7, 2013

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

2017 MRO Performance Areas and an Update on Inherent Risk Assessments

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Smart Grid Task Force Scope

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

WECC Internal Controls Evaluation Process WECC Compliance Oversight Effective date: October 15, 2017

THE TRIPWIRE NERC SOLUTION SUITE

Standards Development Update

Defensible Security DefSec 101

Transcription:

ERO Enterprise IT Projects Update Stan Hoptroff, Vice President, Chief Technology Officer and Director of Information Technology Technology and Security Committee Meeting November 6, 2018

Agenda ERO IT Projects Update Compliance Monitoring and Enforcement Program (CMEP) Technology Project Entity Registration/Standards Situation Awareness for FERC, NERC and the Regional Entities (SAFNR) Priorities Looking Ahead 2

ERO-Wide Benefits The CMEP Technology Project will provide deep and broad views of reliability across the ERO Enterprise, leading to new insights into data-informed reliability risk management. This is essential to the achievement of our reliability mission. 3

How does this benefit you? Moving to a common platform will provide: Alignment of common CMEP business processes, ensuring consistent practices and data gathering A standardized interface for registered entities to interact with the ERO Enterprise Real-time access to information, eliminating delays and manual communications Consistent application of the CMEP 4

How is the ERO project team engaging stakeholders? Monthly meeting with Compliance and Certification Committee (CCC)-Alignment Working Group (AWG) Receiving feedback via Regional subject matter experts and Steering Committee 5

Timeline Full implementation scheduled for 2020 We are here 6

CMEP Technology Project Update Successes: Completed training for the core project team on BWise features Registered entities provided feedback on Self-Reports via the CCC-AWG Completed design and build for Self-Reports Completed Enforcement and Mitigation process work Completed Test Plan for Release 1 Self-Reports, Enforcement, and Mitigation Began business process work for Periodic Data Submittals, Self- Certifications, and Technical Feasibility Exceptions Created a standard presentation for the upcoming Regional fall compliance workshops 7

CMEP Technology Project Update What s next? Seek feedback on Enforcement and Mitigation process from CCC-AWG Complete design and build for Enforcement and Mitigation for Release 1 Execute test plan for Release 1 Begin process harmonization for Compliance Audit and Spot Checks, Compliance Investigations, and Complaints Complete strategic plan on data migration Execute communications plan via Regional compliance workshops 8

How do I stay informed? Key communication vehicles Dedicated project page on NERC.com: Click Here Upcoming CMEP Regional workshops Pertinent industry publications (Utility Analytics Institute article) Trades meetings, as appropriate 9

Entity Registration Benefits One common registration tool for the ERO Enterprise Consistent registration experience for registered entities Ability to easily share registration data Integration with new CMEP Technology Tool Project Status Updates provided to CCC and sub-committees Requirements and Design completed Development underway Testing scheduled for Q2 2019 Production launch scheduled for Q3 2019 10

SAFNR Upgrade Key features for the new version of SAFNR Ability to control views for NERC, FERC, Regional Entities, and Reliability Coordinators (RCs) Static power infrastructure mapping Real-time data on facilities (>200kV and >500W) RC dashboard with drill-down capability into data Administrator tools Vendor selection via RFP in progress Business case being developed 11

Priorities Looking Ahead CMEP Technology Project Business Process Harmonization Business Case for SAFNR Additional functionality for the Electricity Information Sharing and Analysis Center (E-ISAC) portal Additional authentication enhancements Additional user interface/experience enhancements, content editing, and editorial management and digital asset management (Version 10-2019) New ability to track client actions and track engagement, target content, and deploy personalized content (Version 11-2020) 12

Priorities Looking Ahead Additional analytical capabilities for the E-ISAC, with a focus on the analyst workbench/data warehousing New outreach capability via a customer relationship management investment for the E-ISAC 13

14

Additional Information 15

SAFNR Situation Awareness for FERC, NERC, and the Regional Entities, Version 3 (SAFNRv3) SAFNRv3 will replace the existing application and provide a common operating picture tool to be used by FERC, NERC, E-ISAC, and the seven Regional Entities with the ability to include other organizations, as may be appropriate, in the future. SAFNRv3 will facilitate an expedited awareness of conditions on the Bulk Power System (BPS) which will allow accurate, timely and optimal decisions involving the status of the BPS and support the ERO Enterprise in its capacity to maintain situational awareness of the BPS. 16

SAFNR Benefits: Presents current weather information onto the Graphical User Interface (GUI) Reveals hourly Balancing Authority actual load, forecasted load and net actual interchanges Allows collaboration by capturing and sharing notes within the GUI 17

SAFNR Benefits: Shows a visual indicator to alert users of state changes Provides ability to perform Seven-Day Trending Potential to display customer outage data by state/county level or by utility company (common names not NERC registration) 18

SAFNR System Features: Base Maps: Provides users with three overlay options to choose from (street map, imagery with and without labels, dark gray canvas); each option offers pan and zoom capability Static Power Infrastructure Mapping: Displays visible elements with the ability to filter by voltage, attributes, and geolocation SAFNR Real-Time Data Superimposed: Provides real time data on facilities (>200kV and > 500MW) that includes generator icons signified by fuel type and substation icons signified by per-unit voltage 19

SAFNR System Features: RC Status Dashboard: Displays a status summary of all RCs and ability to drill down to individual screens for additional aggregated details Administrative Tools: Allows users with permissions to adjust constraints, update base maps and static power infrastructure mappings 20

E-ISAC Update Long-Term Strategy Execution Bill Lawrence, Vice President and CSO, NERC, and Director, E-ISAC Technology and Security Committee Meeting November 6, 2018 TLP:GREEN RELIABILITY RESILIENCE SECURITY 1 RELIABILITY RESILIENCE SECURITY

Update Topics Member Engagement Information Sharing Threat Analysis Technology Update Resource Planning Metrics MEC Working Group Initiative 2019 Key Initiatives 2 TLP:GREEN RELIABILITY RESILIENCE SECURITY

Member Engagement 6,956 E-ISAC Members 16.5% increase in 2018 (Average of 22 added per week) Industry Engagement Program 21 analysts from 16 organizations Regional Industry Engagement Key Initiatives Northeast IESO 4th Annual Executive Brief on Cybersecurity Midwest MRO Security Conference Southeast SERC Joint Technical Committee Conference West- SCE Exercise, GridSecCon 2018 3 TLP:GREEN RELIABILITY RESILIENCE SECURITY

Canadian Engagement Strategy Three Main Objectives Highlight the value of the E-ISAC through a discussion of increased capabilities Provide a deeper understanding of the benefits of E-ISAC membership Strengthen the E-ISAC s relationship with Canadian members Recent Outreach Efforts Canadian Roadshow Q4 start Focused on outreach across all interconnected provinces GridSecCon 2018 Classified Briefing / GridEx V in 2019 Measure Impact (membership, portal activity, surveys) 4 TLP:GREEN RELIABILITY RESILIENCE SECURITY

Information Sharing Highlights Portal Approximately 17 percent increase YTD in registered users Increase in cyber and physical bulletins posted o Cyber-219 thru Q3 2018 o Physical-134 thru Q3 2018 Two private User Communities in soft-launch phase CRISP Expanding membership with DOE funding support Public power and cooperative utility pilots under development 5 TLP:GREEN RELIABILITY RESILIENCE SECURITY

Threat Analysis Highlights Unclassified Threat Briefings Will host 4 in 2018 CRISP - 2 workshops Classified Threat Briefings Coordinated 3 non-crisp classified briefings in 2018 o Securing the Grid V (May) approximately 100 attendees o GridSecCon 2018 (October) approximately 45 attendees o CIPC (December) approximately 50 attendees CRISP- monthly briefings Increased Number of Physical and Cyber Bulletins 6 TLP:GREEN RELIABILITY RESILIENCE SECURITY

Technology Update Portal Enhancements Cyber Automated Information Sharing System Malware Analysis Repository and Threat Information Exchange Data Storage and Management System Customer Relationship Management System DHS Shared Resources HF Radio Disaster Recovery Capability 7 TLP:GREEN RELIABILITY RESILIENCE SECURITY

Resource Planning 2018 Resource Additions (22 -> 32) Two watch officers (1 to go) Three cyber security analysts Two physical security analysts One executive assistant Two programs and engagement managers One chief of staff Evaluating current capabilities and resource needs 8 TLP:GREEN RELIABILITY RESILIENCE SECURITY

Metrics Three main focus areas Monitoring 2018 department metrics o 9-6-18 Status Review with MEC Exploring benchmarking against other ISACs Development of 2019 department metrics 9 TLP:GREEN RELIABILITY RESILIENCE SECURITY

Members Executive Committee MEC Working Group Task Group Initiative Moving towards creation of limited number of groups: o Focused on specific issues requiring support o Limited duration o Defined deliverables o Subject matter expertise o Oversight by MEC and MEC Working Group Developed Task Group charter template Proposed initial task force focus areas o Canadian Engagement Strategy and execution o Metrics o ERO Enterprise Effectiveness Survey Results 10 TLP:GREEN RELIABILITY RESILIENCE SECURITY

2019 Key Priorities Information Sharing Enhance CRISP capabilities and participation Establish two-way sharing of machine-readable cyber indicators Analysis Hire/integrate planned resource additions Develop data storage and management system Develop and deploy analyst work bench Enhancing CRISP analysis Engagement GridEx V Expand Industry Engagement Program Execute Canadian Engagement Strategy 11 TLP:GREEN RELIABILITY RESILIENCE SECURITY

12 TLP:GREEN RELIABILITY RESILIENCE SECURITY

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback