1 / 13

Role for Electric Sector in Critical Infrastructure Protection R&D

Public Release. Role for Electric Sector in Critical Infrastructure Protection R&D. Presented to NERC CIPC Washington D.C. June 9, 2005 Bill Muston. Summary. What is the role of R&D in the electric sector to assure its protection as a critical infrastructure?

jared
Download Presentation

Role for Electric Sector in Critical Infrastructure Protection R&D

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public Release Role for Electric Sector in Critical Infrastructure Protection R&D Presented to NERC CIPC Washington D.C. June 9, 2005 Bill Muston

  2. Summary • What is the role of R&D in the electric sector to assure its protection as a critical infrastructure? • What is the role of the electric sector in defining R&D requirements, articulating those to the government, and in funding and conducting R&D itself? • What would be a good organizational framework for sector-wide R&D coordination on CIP, and what role should CIPC fill?

  3. Role of R&D to Support Critical Infrastructure Protection • Technological needs of the electric sector that can help mitigate security risks can be identified • R&D needs so identified should be prioritized, and programs should be developed to accomplish those needs where the risk is judged to be high • R&D needs might consist of needs that are unique to the electric sector • eg. Recovery transformer • R&D needs might also include opportunities to adapt technology from other sectors or co-develop applications with other sectors • eg. Low cost sensors & communications for intrusion detection

  4. The Need for a Coordinating Role for R&D • Present clear industry-consensus priorities to the U.S. Government regarding uses of federal funds for R&D related to Electric Sector CIP • Clarify or establish our own role as an industry in funding R&D, advising the government, hosting demonstrations • Example: “Recovery transformer”, as conceived in EPRI ISI, may represent a major opportunity for our industry in terms of critical vulnerabilities. Federal funding could substantially advance the effort. DHS recently advised our sector that it could not fund this. Is this truly a high-risk matter? Does the recovery transformer need to proceed? Should it have federal funding, or should it be accomplished by industry alone? What is the next industry action? • Example: Cyber security of SCADA – recognized area of emerging importance for further development. But what specific R&D is important? What does our industry think are the roles of national labs, EPRI, private consultants, transmission owner/operators?

  5. Role of CIPC & Electric Sector Coordinating Council Interim NIPP • The United States Government, through DHS, is asking the electric sector, as well as other critical infrastructures, to develop “Sector Coordinating Councils” • One of the roles envisioned for these Councils is to “define the requirements for research and development” • The NERC Critical Infrastructure Protection Committee’s Executive Committee plus Mike Gent, the head of NERC, will constitute the Electric Sector Coordinating Council.

  6. Sector Coordinating Councils Interim NIPP • Concept established by DHS in the Interim NIPP February 2005 • To be established by the Private Sector, not government • Provide the framework for CI owners & operators throughout a sector to -- • Facilitate inclusive organization & coordination of policy development, infrastructure-protection planning, and plan implementation activities within the sector • Identify and support the information-sharing mechanisms and capabilities (eg. ISACs) deemed most appropriate for the sector. • Provide a focused means for each CI to engage DHS and the Sector-Specific Agencies and to collaborate with them.

  7. Sector Coordinating Councils -- Detailed Interim NIPP • Facilitate inclusive organization and coordination of the policy development, infrastructure-protection planning, and plan implementation activities within the sector. Such activities include • broad-based planning; • development of suggested practices and evolution of these practices over time to best-practice standards; • promulgation of programs and plans; and • development of requirements for • effective information sharing, • research and development, and • cross-sector coordination. • Identify and support the information-sharing mechanisms and capabilities (e.g., ISACs) deemed most appropriate for the sector • The core function of these information-sharing mechanisms and capabilities is to deliver alerts, warnings, and advisories to the sector and to share back with DHS and the SSAs information on both threats and incidents.

  8. Uses for a Set of “R&D Requirements” • Provide guidance to Congress, DHS, DOE, and other governmental organizations regarding appropriate uses of federal funds for R&D for the electric sector • Means to reach industry consensus on what our own industry should do • Establish prioritized plans for collective action • Transmission owner/operators • ISOs & RTOs • Reliability councils • Distribution owner/operators • Generation owner/operators • R&D Organizations such as EPRI, CERTS, others • Universities, vendors, consultants • Utilize requirements to educate regulatory and legislative bodies • Costs & cost recovery

  9. Process to Establish R&D Requirements NERC CIPC provides an overall focal point NERC CIPC provides a means for inclusive action Utilize committee & committee process With regional councils and owner/operators via CIPC membership Input from EPRI & other industry R&D entities Input from vendors & consultants

  10. Stages of Security Actions • The National Infrastructure Protection Plan and National Response Plan define 7 stages of the NIPP process: • Deterrence • Prevention • Protection • Preparedness • Manage Crisis and Respond • Recovery • Restoration • R&D Requirements may span across all stages

  11. Example of R&D Requirements Across Stages Substation: Intruder Damages HV-to-MV Transformer & SCADA Elements Deter: Design substation & perimeter to deter an intruder from even attempting Prevention: Detect an intrusion to allow timely response Protection: Design equipment to protect it from harm by an intruder, such as via a pipe bomb Preparedness: Standardized equipment design & spares Manage crisis & respond: Outage detected automatically. Problem identified automatically as being at the substation, not on feeders. Recovery: Feeders are switched to alternate sources to restore power to customers via remote control Restoration: Standardized equipment & processes are deployed to replace equipment and restore normal operation at this substation

  12. Types of Risk to Consider is Establishing R&D Requirements • Physical threats • Cyber threats • Personnel threats • Potential results from risk • Financial • Revenue loss, threat to financial stabilityt • Regulatory/legislative impact if perceived lack of preparedness • Societal Risk: Power outage impacts • Direct impacts on customers • Direct impacts on other critical infrastructures • Eg. Telecom, water, law enforcement, banking • Impacts to the economy, if outage either widespread or prolonged

  13. Summary – Why CIPC? • Why place a new R&D role on CIPC? • DHS request to Sector Coordinating Councils • Need & opportunity to provide sector input to DHS & DOE • Need for “industry” view, not just views of individual companies • CIPC as inclusive organization

More Related