Electric Power Industry s Approach to Grid Security

Similar documents
BEFORE THE U.S. HOUSE OF REPRESENTATIVES COMMITTEE ON ENERGY AND COMMERCE SUBCOMMITTEE ON ENERGY

GridEx IV Initial Lessons Learned and Resilience Initiatives

STATEMENT OF SCOTT I. AARONSON VICE PRESIDENT, SECURITY AND PREPAREDNESS EDISON ELECTRIC INSTITUTE BEFORE THE U.S. SENATE HOMELAND SECURITY AND

Cyber Mutual Assistance. August 16, 2017

Grid Security & NERC

Track 1 // Collaboration & Partnerships

Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

National Policy and Guiding Principles

Implementing Executive Order and Presidential Policy Directive 21

Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013

Cyber Mutual Assistance. February 26, 2018

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

PIPELINE SECURITY An Overview of TSA Programs

U.S. Department of Homeland Security Office of Cybersecurity & Communications

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Toward All-Hazards Security and Resilience for the Power Grid

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

EPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS

Chapter X Security Performance Metrics

FERC Reliability Technical Conference Panel III: ERO Performance and Initiatives ESCC and the ES-ISAC

Energy Assurance Energy Assurance and Interdependency Workshop Fairmont Hotel, Washington D.C. December 2 3, 2013

Control Systems Cyber Security Awareness

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Collaboration on Cybersecurity program between California University and Shippensburg University

California Cybersecurity Integration Center (Cal-CSIC)

ITE Programs Update System Management & Operations ITS Standards Connected and Autonomous Vehicles

February 21, pm ET

Staff Subcommittee on Electricity and Electric Reliability

HPH SCC CYBERSECURITY WORKING GROUP

ISACA West Florida Chapter - Cybersecurity Event

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

The Office of Infrastructure Protection

Addressing Dynamic Threats to the Electric Power Grid Through Resilience

Federal Information Sharing Resources for Small and Midsize Businesses

Energy Assurance State Examples and Regional Markets Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials

The Role of ISACs in Protecting Critical Infrastructure. Denise Anderson Chair National Council of ISACs. Agenda

Cyber Partnership Blueprint: An Outline

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Cybersecurity for the Electric Grid

Critical Infrastructure

E-ISAC Long-Term Strategic Plan April 24, 2017

DOE s Roles and Responsibilities for Energy Sector Cybersecurity

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Department of Defense. Installation Energy Resilience

Critical Infrastructure Protection Committee Strategic Plan

Chapter X Security Performance Metrics

Cybersecurity Overview

FERC's Revised Critical Infrastructure Protection Demands Active Vigilance

Grid Modernization at the Department of Energy

NERC History, Mission and Current Issues Southern States Energy Board. October 16, 2011

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

Statement for the Record

Critical Infrastructure Resilience

The Office of Infrastructure Protection

Industry role moving forward

Emergency Management Response and Recovery. Mark Merritt, President September 2011

National Level Exercise 2018 After-Action Findings

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Grid Modernization in New York: The Role of New Technologies and Early Lessons Learned

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

DHS Cybersecurity: Services for State and Local Officials. February 2017

CALIFORNIA CYBERSECURITY TASK FORCE

2018 Summary Report into the cyber security preparedness of the National and WA Wholesale Electricity Markets. AEMO report to market participants

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

Cyber Risks in the Boardroom Conference

History of NERC December 2012

ISAO SO Product Outline

Cyber Security in Europe

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016

Legal and Regulatory Developments for Privacy and Security

The NIST Cybersecurity Framework

Critical Infrastructure Sectors and DHS ICS CERT Overview

November ERO Reliability Risk Priorities, RISC Recommendations to the NERC Board of Trustees, November 2016

Media Kit. California Cybersecurity Institute

NYDFS Cybersecurity Regulations

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION. Foundation for Resilient Societies ) Docket No.

Mississippi Emergency Management Agency. Brittany Hilderbrand & Kamika Durr. Office Of Preparedness

Grid Security Exercise (GridEx II)

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

Standards. Howard Gugel, Senior Director of Standards and Education Board of Trustees Meeting May 11, 2017

Directive on security of network and information systems (NIS): State of Play

Office of Infrastructure Protection Overview

Cybersecurity & Digital Privacy in the Energy sector

Global Resilience Federation Trust. Collaboration. Community. Cindy Donaldson President, Global Resilience Federation October 2017

Executive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI

Mississippi Emergency Management Agency. Shawn Wise. Office Of Preparedness

POSITION DESCRIPTION

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Cybersecurity and Data Protection Developments

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

The Office of Infrastructure Protection

NGA Governor s Energy Advisors Energy Policy Institute Resiliency Panel

EARTH Ex 2017 Middle Planning Conference

SOC 3 for Security and Availability

This Webcast Will Begin Shortly

Drinking Water Emergency Management Ministry of the Environment 2012 Drinking Water Leadership Summit October 25, 2012

The Africa Utilities Telecom Council Johannesburg CC, South Africa 1 st December, 2015

Cyber Security Strategy

Live Webinar: Best Practices in Substation Security November 17, 2014

Transcription:

Electric Power Industry s Approach to Grid Security Richard Ward, Director, National Security Policy Edison Electric Institute (EEI) Cybersecurity & Privacy Policy Academy November 2, 2017 San Francisco, CA

Overview The Threat Landscape Approach to Grid Security Electricity Subsector Coordinating Council Ongoing Initiatives

3

The Electric Power Industry: Vital to America s Economy

Perception Government is inept Industry doesn t care Buy canned goods Hollywood movie scripts

Threat Landscape

Our Approach to Grid Security Regulations Industry-Government Partnership Incident Response Physical Electricity Subsector Coordinating Council (ESCC) Grid Resiliency Cyber Electricity Information Sharing & Analysis Center (E-ISAC) Mutual Assistance Partnerships with federal, state, & local governments Spare Equipment Programs

Purpose The ESCC is the principal liaison between the electric sector and the federal government for coordinating efforts to prepare for, and respond to, national-level disasters or threats to critical infrastructure. 8 8

9 Industry-Government Coordination

ESCC Update 10 10

1. Engaging New Administration 2. Cybersecurity Executive Order 3. Cross-Sector Coordination 4. Supplemental Operating Strategies 5. Cyber Mutual Assistance 6. Emerging Threats (IoT & Ransomware) 7. Proactive Incident Response Messaging 8. GridEx IV 11 11

Engaging New Administration Nov. 2016 March 2017 June 2017 Aug. Oct 2017 Nov 2017 Outreach to the Transition Team ESCC Leadership meetings with Trump Administration ESCC meeting Response to Hurricanes Harvey, Irma, Maria, Nate, California Wildfires ESCC Meeting & GridEx IV

Cybersecurity Executive Order Relevant to electric sector: Report 1: Grid Impact Study (90 days) Report 2: Section 9 Entities (180 days) Workforce Development (120 days) Deterrence (90 days) 13

Supplemental Operating Strategies GridEx III & Ukraine underscored challenges and need to explore how to operate the grid in degraded state. ESCC tasked the North American Transmission Forum (NATF) to assess Work ongoing but what we are learning is operating the grid in a degraded state is all about the ability to communicate

Cross-Sector Coordination Interdependences across lifeline sectors (Communications, Downstream Natural Gas, Financial Services, Transportation, & Water) Focus on communications and financial services sectors Development of the Strategic Infrastructure Coordination Council (SICC)

Cyber Mutual Assistance A New Approach Not just reactive CMA Coordinator Senior level expert Open to all electric generation, transmission, distribution, and downstream natural gas entities Currently, 130 members Participants reimbursed for costs incurred while providing emergency cyber assistance Voluntary program NDA required

Emerging Threats Internet of Things (IoT) Dyn Attack (October 2016) Activated Cyber Mutual Assistance IoT challenges associated with Smarter Energy Infrastructure Ransomware The industry needs doctrine Mixed messages from the government

Proactive Incident Response Messaging ESCC and the government are improving how we gather, share, and communicate during incidents With social media, local events no longer remain local Media assumes equipment failure must be due to a cyber attack Coincidences = coordinated attack

GridEx IV November 15-16 170 industry organizations participating ESCC-government executive TTX Cross-sector and state coordination focus GridEx findings and recommendations inform ESCC work period for following two years

Resources Edison Electric Institute: www.eei.org Electricity Subsector Coordinating Council: www.electricititysubsector.org Richard Ward Director, National Security Policy Edison Electric Institute rward@eei.org

The Edison Electric Institute (EEI) is the association that represents all U.S. investor-owned electric companies. Our members provide electricity for 220 million Americans, operate in all 50 states and the District of Columbia, and directly employ nearly 500,000 workers. With $100 billion in annual capital expenditures, the electric power industry is responsible for millions of additional jobs. Safe, reliable, affordable, and clean electricity powers the economy and enhances the lives of all Americans. EEI has dozens of international electric companies as International Members, and hundreds industry suppliers and related organizations as Associate Members. Organized in 1933, EEI provides public policy leadership, strategic business intelligence, and essential conferences and forums. For more information, visit our Web site at www.eei.org.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback