Ad Hoc Smart Grid Executive Committee. February 10, 2011 New Orleans, LA

Similar documents
Electric Sector Security & Privacy Plans for 2011

Smart Grid Standards and Certification

Managing SCADA Security. NISTIR 7628 and the NIST/SGIP CSWG. Xanthus. May 25, Frances Cleveland

136 FERC 61,039 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. [Docket No. RM ] Smart Grid Interoperability Standards

Interoperability and Standardization: The NIST Smart Grid Framework

Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013

NIST Smart Grid Activities

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

Physical Security Reliability Standard Implementation

Cybersecurity for the Electric Grid

Grid Security & NERC

NIST Smart Grid Interoperability Framework

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

Smart Grid Cyber Security Strategy and Requirements

Statement for the Record

EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,

Security Metrics. February 25, Annabelle Lee Senior Technical Executive

UNITED STATES OF AMERICA BEFORE THE U.S. DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

Why you should adopt the NIST Cybersecurity Framework

Secure Remote Substation Access Interest Group Kickoff Meeting

Recent Issues in Electric Grid Physical Security

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Time Synchronization and Standards for the Smart Grid

Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas

Measurement Challenges and Opportunities for Developing Smart Grid Testbeds

Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

Industry role moving forward

Smart Grid and Cyber Security

Critical Infrastructure Protection Committee Strategic Plan

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

Cyber Security Standards Drafting Team Update

Critical Infrastructure Protection Version 5

Standard Development Timeline

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Implementing Executive Order and Presidential Policy Directive 21

On the Leading Edge: The National Electrical Infrastructure and Smart Grid

HPH SCC CYBERSECURITY WORKING GROUP

NIST SmartGrid Update. Paul Myrda Technical Executive Power Systems Engineering Research Center August 10, 2009

ANSI Homeland Security Standards Panel (ANSI-HSSP) Open Forum for Standards Developers

FERC's Revised Critical Infrastructure Protection Demands Active Vigilance

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

FERC Reliability Technical Conference Panel III: ERO Performance and Initiatives ESCC and the ES-ISAC

ARRA State & Local Energy Assurance Planning & Implementation

Critical Infrastructure Partnership

National Policy and Guiding Principles

Communications and Electric Power Sectors:

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

March 6, Dear Electric Industry Vendor Community: Re: Supply Chain Cyber Security Practices

History of NERC December 2012

The NIST Cybersecurity Framework

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

Critical Infrastructure Protection Committee Strategic Plan

NARUC. Winter Committee Meetings. Staff Subcommittee On Gas

ERO Enterprise Strategic Planning Redesign

Green California Summit. Paul Clanon Executive Director California Public Utilities Commission April 19, 2011

TERRORISM LIAISON OFFICER OUTREACH PROGRAM - (TLOOP)

Scope Cyber Attack Task Force (CATF)

Critical Infrastructure Protection Committee Strategic Plan

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015

Framework for Improving Critical Infrastructure Cybersecurity

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Standard CIP 005 4a Cyber Security Electronic Security Perimeter(s)

NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION

Cybersecurity Overview

PIPELINE SECURITY An Overview of TSA Programs

Updates to the NIST Cybersecurity Framework

SMART GRID TESTING & CERTIFICATION COMMITTEE (SGTCC) STATUS AND OVERVIEW. May 2011

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

Homeland Security Institute. Annual Report. pursuant to. Homeland Security Act of 2002

DOE s Roles and Responsibilities for Energy Sector Cybersecurity

United States Government Cloud Standards Perspectives

S&T Stakeholders Conference

Cyber Security Incident Report

This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

Emergency Management BC Update

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

EPRI Smart Grid R&D Overview

The Office of Infrastructure Protection

CYBERSECURITY TRAINING EXERCISE KMU TRAINING CENTER NOVEMBER 7, 2017

National Infrastructure Protection Plan (NIPP) Transportation Sector Specific Plan (TSSP) and The TSSP R&D Working Group

Exploring the Maturity of Risk Management Process in Government: An Integrated ERM Model at the U.S. Department of Education

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team

Ontario Energy Board Cyber Security Framework

Electric Power Research Institute. Smart Grid. Program Overview

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

ENISA EU Threat Landscape

Views on the Framework for Improving Critical Infrastructure Cybersecurity

Standards. Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016

CIO Workshop Wrap Up & Next Steps

Cyber Threats? How to Stop?

DRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1

Standard CIP Cyber Security Electronic Security Perimeter(s)

CCISO Blueprint v1. EC-Council

Transcription:

Ad Hoc Smart Grid Executive Committee February 10, 2011 New Orleans, LA

Agenda Time Topic and Location Lead 3:00 3:10p Welcome & Introductions George Bjelovuk, AEP 3:10 3:40p Regulatory Trends for Cyber Security Annabelle Lee, EPRI 3:40 4:15p EPRI Security & Privacy R&D for 2011 4:15 4:45p Regulatory Trends for Interoperability Standards Galen Rasche, EPRI Erfan Ibrahim, EPRI Annabelle Lee, EPRI 4:45 5:00p Wrap-up and Adjourn George Bjelovuk, AEP 2

Regulatory Trends on Cyber Security Annabelle Lee Technical Executive - Cyber Security 3

Current Status... Mandatory cyber security standards for the federal government are developed by the National Institute of Standards and Technology (NIST) The Department of Homeland Security (DHS) in coordination with other federal sector specific agencies (SSAs), has developed voluntary guidance The base document is the National Infrastructure Protection Plan (NIPP) Each SSA, in collaboration with the appropriate Sector Coordinating Council (SCC), developed a Sector Specific Plan Each plan is updated annually The Department of Energy (DOE) is the SSA for the energy sector, including the electric sector Energy, IT, communications, chemical, transportation, etc. 2011 Electric Power Power Research Research Institute, Institute, Inc. All rights Inc. All reserved. rights reserved. 24

Current Status... NERC developed the Critical Infrastructure Protection (CIPs) for the bulk power system The Smart Grid Interoperability Panel (SGIP) Cyber Security Working Group (CSWG) published National Institute of Standards and Technology Interagency Report (NISTIR) 7628, Guidelines for Smart Grid Cyber Security The document is guidance and voluntary Provides cyber security requirements at a high level Has been referenced by three states and adopted by China and Sweden DOE included security requirements in the American Recovery and Reinvestment Act (ARRA) of 2009 Grant winners are required to develop a system security plan 2011 Electric Power Power Research Research Institute, Institute, Inc. All rights Inc. All reserved. rights reserved. 25

Current Trends... The NERC CIPs are being revised The mandatory implementation date for the NERC CIPs 002-009, version 3 was October 1, 2010 CIP 002 - Cyber Security - Critical Cyber Asset Identification recently updated to Version 4 Initial assessment is that the new definition will not significantly increase the number of critical cyber assets FERC and NIST are assessing the results of the FERC technical conference Some state PUCs were watching FERC for guidance H.R. 174: Homeland Security Cyber and Physical Infrastructure Protection Act of 2011 Includes prioritized critical infrastructures 2011 Electric Power Power Research Research Institute, Institute, Inc. All rights Inc. All reserved. rights reserved. 26

Current Trends... GAO Report GAO-11-117: Electricity Grid Modernization Positive comments on the tasks that NIST performed on the Smart Grid Outstanding issues: NIST did not address cyber-physical attacks FERC does not have enforcement authority in the Energy Independence and Security Act of 2007 Fragmentation of the regulatory environment complicates smart grid interoperability and cyber security Report includes recommendations DOE IG Report - IG-0846, Jan 26, 2011, Federal Energy Regulatory Commission's Monitoring of Power Grid Cyber Security Criticisms of the NERC CIPs With new Congress - not clear what the priorities and trends will be 2011 Electric Power Power Research Research Institute, Institute, Inc. All rights Inc. All reserved. rights reserved. 27

Questions? Alee@epri.com 2011 Electric Power Power Research Research Institute, Institute, Inc. All rights Inc. All reserved. rights reserved. 58

Electric Sector Security & Privacy Plans for 2011 Galen Rasche Technical Executive Erfan Ibrahim Technical Executive Ad-Hoc Smart Grid Executive Committee 2011-Feb-10

Contents PDU Cyber Security R&D Portfolio National Electric Sector Cyber Security Organization EPRI Security and Privacy Initiative 10

EPRI s Cyber Security Focus for 2011 11

EPRI 2011 Cyber Security R&D Portfolio 12

EPRI Cyber Security Resources Staffing Three Technical Executives One Senior Project Manager Three Project Engineers Lab capabilities Substation lab in Knoxville Interconnects between Charlotte, Knoxville, and Lenox Advisory structure Ad hoc Security and Privacy Executive Committee 13

EPRI Cyber Security Projects and Programs PDU Base Program For 2011: NERC CIP and DHS ICS JWG Coordination and Reporting Lemnos Testing for Security Configuration Profiles DNP4 Security Interoperability Testing Smart Energy Profile 2.0 Security Testing Procedures & Penetration Testing NESCO: Focal point for utilities, federal agencies, regulators, and researchers Organize the collection, analysis, and dissemination of infrastructure vulnerabilities and threats Cyber Security standards and requirements evaluation Research Projects: Secure Smart Grid Communications Cryptographic Key Management Tools and Templates For Measuring Security Posture Best Practices for NERC CIP Compliance 14

National Electric Sector Cyber Security Organization (NESCO) Vision: Provide a focal point for bringing together utilities, federal agencies, regulators, and researchers to address the electric sector security threats Objectives: Focus cyber security R&D priorities Identify and disseminate best practices Organize the collection, analysis, and dissemination of infrastructure vulnerabilities and threats 15

NESCO Project Structure Cyber Incident Data Center (EnergySec): Identify / receive threat information Forensics Vulnerability analysis Categorize threats Disseminate threat information to asset owners and operators R&D Industry Advisory Board: Provide technical oversight for the project for direction setting and content creation Facilitate outreach in the industry for greater participation and implementation Populated by industry groups, federal agencies, regulators R&D Team (EPRI and EnergySec): Review NIST, NERC and other cyber security requirements and results Assess existing power system and cyber security standards to meet the security requirements of the power system Develop risk mitigation strategies, best practices and metrics Test security technologies in labs and pilot projects 16

EPRI Led Team Supporting DOE NESCO National/ Commercial Research Labs Oak Ridge National Lab Sandia National Lab Idaho National Lab National Renewable Energy Laboratory Palo Alto Research Center SRI Telcordia Academia University of Houston Mladen Kezunovic (Texas A&M University) UCLA UC Berkeley University of Minnesota Smart Grid Consortium Subject-Matter Experts N-Dimension Inguardians Arc Technical EnerNex Xanthus Consulting International 17

NESCO Work Flow 18

EPRI Members Call to Action for NESCO Communicate critical security and privacy issues to EPRI to facilitate RD&D project identification (e.g., relating to NERC Compliance, SGIG and SGDP Cyber Security Assessment Plan) Volunteer cyber security technical staff to participate in NESCO Working Groups Volunteer senior cyber security experts to sit on NESCO advisory board 19

EPRI Cyber Security and Privacy Initiative Cross-sector initiative (Power Delivery, Generation, and Nuclear) Leverage lessons learned and address common concerns Address gaps in current industry security and privacy R&D work Forum for designing and implementing collaborative R&D projects to meet long-term security needs of the electric sector Ad-Hoc Electric Sector Security and Privacy Executive Committee Provides strategic advice and guidance on EPRI security and privacy R&D activities Contributions from IOUs, co-ops, ISOs, and municipals Involvement at the CIO-level 20

Near Term Goals of EPRI Cyber Security Research Initiative Develop the organizational structure and populate the Ad- Hoc Security and Privacy Executive Committee Organize and populate working groups to perform the RD&D projects 1Q11 2Q11 3Q11 4Q11 Create focused task forces for areas of interest Identify 1 st set of high priority RD&D projects 21

Security and Privacy Initiative Research Areas 22

Questions? Galen Rasche grasche@epri.com Erfan Ibrahim eibrahim@epri.com 23

FERC Smart Grid Technical Conference - January 2011 Annabelle Lee Technical Executive Cyber Security 24

Background... Energy Independence and Security Act (EISA) of 2007, Title XIII, Section 1305 National Institute of Standards and Technology (NIST) to coordinate the development of a framework That includes protocols and modern standards for information management To achieve interoperability of Smart Grid devices and systems At any time after NIST has reached sufficient consensus in FERC's judgment FERC shall institute a rule making proceeding to adopt such standards and protocols as may be necessary to insure Smart Grid functionality and interoperability in Interstate transmission of electric power and Regional and wholesale electricity markets. New roles for both FERC and NIST Significant pressure for NIST to move forward on the standards 2011 Electric Power Power Research Research Institute, Institute, Inc. All rights Inc. All reserved. rights reserved. 25 2

FERC Technical Conference Held January 31, 2011 at FERC http://www.ferc.gov/eventcalendar/eventdetails.aspx?id=5 571&CalType=%20&CalendarID=116&Date=01/31/2011&Vie w=listview All five commissioners attended Presentations by George Arnold, National Coordinator for Smart Grid Interoperability Two panels NIST process used for reviewing and selecting the five families of standards Smart Grid interoperability standards development and identification process going forward 2011 Electric Power Power Research Research Institute, Institute, Inc. All rights Inc. All reserved. rights reserved. 26 2

FERC Technical Conference Initial families of standards posted by NIST IEC 61850 - substation automation IEC 61968 - common Information model IEC 61970 - common information model IEC 61870-6 - TASE 2/ICCP IEC 62351 - security All 13 panel members, in response to a question from Chairman Wellinghoff, stated there was not sufficient consensus for adoption 2011 Electric Power Power Research Research Institute, Institute, Inc. All rights Inc. All reserved. rights reserved. 27 2

Issues Raised at the FERC Technical Conference What is the definition of "adoption"? Adoption involves significant policy issues What is the definition of consensus? Applicable to the Smart Grid? Technical content reviewed and accepted by experts? Applicable to interoperability? 2011 Electric Power Power Research Research Institute, Institute, Inc. All rights Inc. All reserved. rights reserved. 28 2

Issues Raised at the FERC Technical Conference Standards are a snapshot in time How do you allow for innovation? Not sufficient discussion on the context for using the standard Need further review on functionality and interoperability Significant technical cyber security issues Limitations to access of the standards 2011 Electric Power Power Research Research Institute, Institute, Inc. All rights Inc. All reserved. rights reserved. 29 2

What's Next?... FERC is accepting comments on the presentations and the questions posted Comments due March 2, 2011 Comments on comments due March 16, 2011 May be supplemental questions posted... The path forward is not clear Both NIST and FERC are assessing the results of the technical conference Many state PUCs were waiting for FERC to perform the rule making 2011 Electric Power Power Research Research Institute, Institute, Inc. All rights Inc. All reserved. rights reserved. 30 2

Questions? Alee@epri.com 2011 Electric Power Power Research Research Institute, Institute, Inc. All rights Inc. All reserved. rights reserved. 31 5

EPRI s Role Going Forward EPRI will very quickly develop a series of white papers on the adoption of standards by the electric utility industry The first white paper will present an adoption roadmap for standards in the electric utility industry The second and third white papers will provide mappings of CIM and 61850 to the adoption roadmap The fourth white paper will be a case study of a utility who has adopted one of the five NIST standard. 32

EPRI s Role Going Forward Wayne Longcore (Consumers Energy), Phil Slack (FPL) and Chris Knudsen (PG&E) have already volunteered to help develop the white papers George Arnold likes what is being proposed George Arnold has asked that EPRI organize a technical workshop to discuss the adoption of standards by the electric utility industry. 33

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback