GridEx IV Initial Lessons Learned and Resilience Initiatives

Similar documents
Grid Security & NERC

Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

Electric Power Industry s Approach to Grid Security

Critical Infrastructure Protection Committee Strategic Plan

BEFORE THE U.S. HOUSE OF REPRESENTATIVES COMMITTEE ON ENERGY AND COMMERCE SUBCOMMITTEE ON ENERGY

NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION

Cyber Security Incident Report

RELIABILITY COMPLIANCE ENFORCEMENT IN ONTARIO

Essential Reliability Services NERC Staff Report

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Security Standards for Electric Market Participants

NERC History, Mission and Current Issues Southern States Energy Board. October 16, 2011

MassMutual Business Continuity Disclosure Statement

GridEx IV Panel Discussion

History of NERC January 2018

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION. Foundation for Resilient Societies ) Docket No.

Standard Authorization Request Form

NATIONAL ELECTRIC GRID SECURITY AND RESILIENCE ACTION PLAN

Grid Security Exercise GridEx IV

Wide-Area Reliability Monitoring and Visualization Tools

Electric Reliability Organization Enterprise Operating Plan

Industry role moving forward

Cybersecurity Overview

Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas

Why you should adopt the NIST Cybersecurity Framework

U.S. Department of Homeland Security Office of Cybersecurity & Communications

PIPELINE SECURITY An Overview of TSA Programs

The Office of Infrastructure Protection

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

FERC's Revised Critical Infrastructure Protection Demands Active Vigilance

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION

NERC Overview and Compliance Update

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

ISAO SO Product Outline

DOE s Roles and Responsibilities for Energy Sector Cybersecurity

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

History of NERC December 2012

Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013

National Policy and Guiding Principles

Critical Infrastructure Protection Committee Strategic Plan

Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Physical Security Reliability Standard Implementation

CIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra

FERC Reliability Technical Conference Panel III: ERO Performance and Initiatives ESCC and the ES-ISAC

March 4, 2011 VIA ELECTRONIC FILING

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION ) )

Cyber Mutual Assistance. August 16, 2017

Department of Defense. Installation Energy Resilience

Compliance Monitoring and Enforcement Program Technology Project Update

Critical Infrastructure Sectors and DHS ICS CERT Overview

Critical Infrastructure Partnership

Standards. Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016

RELIABILITY OF THE BULK POWER SYSTEM

Project CIP Modifications

DRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1

2011 North American SCADA & Process Control Summit March 1, 2011 Orlando, Fl

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Live Webinar: Best Practices in Substation Security November 17, 2014

Cybersecurity for the Electric Grid

CYBERSECURITY TRAINING EXERCISE KMU TRAINING CENTER NOVEMBER 7, 2017

EPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS

CIP Version 5 Evidence Request User Guide

STATEMENT OF SCOTT I. AARONSON VICE PRESIDENT, SECURITY AND PREPAREDNESS EDISON ELECTRIC INSTITUTE BEFORE THE U.S. SENATE HOMELAND SECURITY AND

EARTH Ex 2017 Middle Planning Conference

Scope Cyber Attack Task Force (CATF)

Chapter X Security Performance Metrics

Exhibit to Agenda Item #2

The Office of Infrastructure Protection

Introduction to the NYISO

Implementing Executive Order and Presidential Policy Directive 21

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

The Office of Infrastructure Protection

OF ELECTRICAL AND ELECTRONICS ENGINEERS POWER & ENERGY SOCIETY

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

The Office of Infrastructure Protection

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

E-ISAC Long-Term Strategic Plan April 24, 2017

Alberta Reliability Standard Cyber Security Incident Reporting and Response Planning CIP-008-AB-5

Federal Information Sharing Resources for Small and Midsize Businesses

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

HPH SCC CYBERSECURITY WORKING GROUP

Addressing Dynamic Threats to the Electric Power Grid Through Resilience

Statement for the Record

Florida Regional Domestic Security Task Forces

Critical Infrastructure Protection and Suspicious Activity Reporting. Texas Department of Public Safety Intelligence & Counterterrorism Division

Comments by the Northeast Power Coordinating Council FERC Reactive Power Technical Conference

The NIST Cybersecurity Framework

Addressing Challenges Through Interconnection Wide

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION

Misoperations Information Data Analysis System (MIDAS)

Title. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.

Project Physical Security Directives Mapping Document

DHS Supply Chain Activity: Cross-Sector Supply Chain Working Group and Strategy on Global Supply Chain Security

Transcription:

GridEx IV Initial Lessons Learned and Resilience Initiatives LeRoy T. Bunyon, MBA, CBCP Sr. Lead Analyst, Business Continuity

2017 GridEx IV GridEx is a NERC-sponsored, North American grid resilience exercise conducted every two years. When Nov. 15-16, 2017 Purpose Strengthen industry capabilities to respond to and recover from severe physical, cyber and operational events affecting the bulk power system. Who NERC-registered entities, law enforcement, local government and suppliers. Participation is voluntary. How Through simulated cyber and physical attacks that degrade bulk power system operations. 2

ISO & RTO Participation in 2017 GridEx IV ERCOT FRCC HQT ISNE MISO NBPC NYIS ONT PJM SPC SOCO SPP TVA VACS PEAK AESO Electric Reliability Council of Texas ISO Florida Reliability Coordinating Council Hydro-Québec TransÉnergie ISO New England Midcontinent Independent System Operator New Brunswick Power Corporation New York Independent System Operator Independent Electricity System Operator (Ontario) PJM Interconnection SaskPower Southern Company Services Southwest Power Pool Tennessee Valley Authority VACAR-South Peak Reliability Alberta Electric System Operator Over 6,500 participants 3

A biennial unclassified public/private exercise designed to simulate a cyber/physical attack on electric and other critical infrastructures across North America to improve security, resilience and reliability. 2017 GridEx IV 15 Transmission Operators + 3 Generation Operators Key Observers Department of Homeland Security FEMA U.S. Army Cyber Command Defense Advanced Research Projects Agency Utility Commissions PJM Participant Teams Corporate Incident Response Operational Emergency Response Cyber Security Response Physical Security Incident Response Crisis Communication Response System Operations Training Business Continuity Planning State and Member Training State and Government Policy Enterprise Information Security Corporate Applications Applied Solutions 4

Exercise Results Due to the decisive actions taken by PJM and transmission and generation operators, the PJM footprint stood resilient against operational, physical and cyber injections. Exercises covered Loss of extra-high-voltage assets Realistic communications Incorporated lessons learned from 2016 annual security exercise Promoted awareness of cyber events with dispatchers Provided 13 continuing education hours for dispatchers Provided CIP compliance evidence 5

Reliability... Resilience 6

PJM s Resilience Initiatives PJM System Resilience Evolve the drill and exercise programs to incorporate business impact analysis results and support resilience-focused objectives. Engage with federal and state partners for joint planning and execution. Advancing Security & Resilience Advancing Security & Resilience System Restoration & Degraded Operations Expand and prioritize partnerships with the DoD and other government agencies to explore advanced cyber and physical security tools and capabilities. Expand outreach initiatives to federal & state partners, cross-industry and cross-sector peers, research organizations & PJM members expand the discussion of resilience-related initiatives. 7

Feedback from Transmission Owners Initial Lessons Learned Aligning to Resilience Initiatives The planning team should include additional sector-based organizations affiliated with the National Council of Information Sharing and Analysis Centers in future exercises to identify interdependencies and common vulnerabilities. National Council of ISACs Downstream Natural Gas ISAC Emergency Management and Response ISAC Oil & Natural Gas ISAC Multi-State ISAC National Coordinating Center for Communications ISAC Additional information: Gather more information about the Electric Subsector Coordinating Council s Cyber Mutual Assistance program What is the process for requesting assistance? What services are available? Is there a sample Cyber Mutual Assistance Memorandum of Agreement or Memorandum of Understanding available? 8

Next Steps Conduct additional lessons learned with PJM internal/external participants Compile and report lessons learned to NERC Review executive tabletop summary for lessons learned NERC report issued in February Incorporate lessons learned from GridEx IV into annual security exercise Incorporate lessons learned updates into emergency procedures Conduct annual security exercise in 2018 9

10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback