cip program highlights n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
CIP Program Highlights PowerPoint Presentation
Download Presentation
CIP Program Highlights

Loading in 2 Seconds...

play fullscreen
1 / 14

CIP Program Highlights - PowerPoint PPT Presentation


  • 144 Views
  • Uploaded on

CIP Program Highlights. Member Representatives Committee October 28, 2008 Michael Assante, CSO michael.assante@nerc.net. Establish a core CIP program, Enhance SA & work across NERC’s programs. Board of Trustees. ESSG. NERC CEO. CSO. Standards. Compliance. Assessment. Events Analysis.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'CIP Program Highlights' - Rita


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
cip program highlights

CIP Program Highlights

Member Representatives Committee

October 28, 2008

Michael Assante, CSO michael.assante@nerc.net

slide2

Establish a core CIP program, Enhance SA

& work across NERC’s programs

Board of Trustees

ESSG

NERC CEO

CSO

Standards

Compliance

Assessment

Events Analysis

Training

  • Focused on CIP risks
  • Focused on CIP events & enhancing preparedness

Mutually

Supporting

Constructive

Overlap

(ES-ISAC)

Regions

Industry

  • CIPC & EC
    • ESCC engagement
    • Standards
    • Assessments
    • Leadership
    • Support
  • Support their mission/role

Situational

Awareness

Critical

Infrastructure

Protection

  • Support the development of expertise
  • Training
  • Identify, address and monitor security risk to the BPS
  • Provide expertise
  • Support efforts
  • Monitor reliability
  • Monitor hazards
  • Coordination with government
  • Coordinate with other sectors (PCIS)
nerc core programs cip
NERC Core Programs - CIP

Ensure the Reliability of the Bulk Power System

  • Trusted within the industry
  • Recognized for effective leadership

Security Risk Assessment

  • Assess threats to the Bulk Power System
  • Identify concerns to be addressed
  • Cyber risk & preparedness evaluation

CIP Standards Compliance

  • Enforce compliance (along with regional reliability organizations)
  • Audits, monitoring & investigations

CIP Standards Development

  • 9 CIP standards approved
  • Enhance & update existing standards
  • Propose new standards to address security concerns

“Ensure threats to the reliability of the BPS, especially cyber, are clearly understood and are sufficiently mitigated”

Critical Infrastructure Protection

Security Leadership

ES-ISAC

Situational Awareness

Chief Security Officer (CSO)

ESCC, ESSG, PCIS, NIAC,

CSO Council

  • Notifications & alerts
  • Preparedness & response coordination
  • Monitor events impacting the grid
  • Facilitate coordination & reliability tools
nerc cip enhancement plan
NERC CIP Enhancement Plan

2HCY08

Milestones

2HCY09

1HCY09

  • Mobilize executive participation & guidance (e.g. ESSG)
  • Establish NERC CIP Program (Hire CSO, Strategy, Resources)
  • Formalize NERC led assessment & initial CRP evaluation
  • Enhance the ES-ISAC (improve alert reporting, process maturity, lists)

Cyber Summit

CEO Briefing

Executive Engagement

  • ESSG

NERC CIP Program

  • Portfolio
  • Resourcing

Assessments

  • Risk Assessment
  • CRP Evaluation

Enhance ES-ISAC

ESSG

CSO

CIP Portfolio

Resourcing

Order 706

Phase I

Improve. Prjcts

cyber risk preparedness evaluation
Cyber Risk Preparedness Evaluation
  • Identify existing capabilities to prevent, detect, respond and limit the potential damage of existing/emerging attack techniques
  • Objective: Understanding how prepared both individual entities (by type) and existing processes/mechanisms are to ensure reliability of the BPS while under a successful cyber attack
  • Approach: Devise several realistic but challenging cyber scenarios and conduct a series of table top exercises with volunteer entities
    • CRP team will use a process to evaluate key criteria for determining preparedness
  • Areas to Evaluate: (The scenarios will be consistently evaluated for all entities for the following capabilities)
    • A. Prevent cyber attacks
    • B. Detect cyber attacks
    • C. Technically respond to cyber attacks
    • D. Manage their systems and electricity assets to minimize potential damage
    • E. Communicate and coordinate effectively with interconnected neighbors and area coordinators to contain effects on the bulk power system
es isac mission
ES-ISAC Mission
  • The ES-ISAC serves the Electricity Sector by facilitating communications between electricity sector participants, federal governments, and other critical infrastructures.
    • Preparedness & response calls  (e.g. Hurricane Gustav)
  • It is the job of the ES-ISAC to promptly disseminate threat indications, analyses, and warnings, together with interpretations, to assist electricity sector participants to take protective actions.
    • As the ES-ISAC, NERC gathers, disseminates and interprets security-related information.
    • FERC has oversight of NERC’s alerting process for U.S. entities
    • Canadian authorities provide guidance for alerting to Canadian entities
ero es isac similar but distinct
ERO & ES-ISAC (similar but distinct)

Formal effort to involve industry SME’s in the generation of Alerts

cip es isac nerc alerts
CIP: ES-ISAC/NERC Alerts

Advisories, Recommendations, and requests for Essential Actions (ERO & ES-ISAC missions)

Issued to relevant industry sectors when a security risk (threat or vulnerability) arises

Advises the industry to evaluate the risk and take action to correct issues affecting reliability/CIP

Cyber

Physical

Logical

All Hazards

reporting concerns objectives
Reporting Concerns & Objectives
  • Don’t want to numb the sector with too much reporting
  • Do want to appropriately chose alerting vehicles based on the seriousness of the risk
    • Advisory – Notify the sector of a vulnerability that could be applied in a way that would directly or indirectly impact the BPS
    • Recommendation – Notify the sector and receive replies to appropriately monitor the status of the risk (mitigation efforts) based on the attributes of the vulnerability and potential to cause serious consequence in the BPS
    • Essential Action – Notify the sector so they may take immediate actions and require replies to appropriately monitor the status of the risk (mitigation efforts) based on the attributes of the vulnerability, potential consequences, and indications or the potential that an attacker will exploit the vulnerability
  • In a perfect world we would like to see the reporting fall into the following buckets over a year (we will not shape reporting to arbitrarily fit these levels):
    • Advisories: 80%
    • Recommendations: <20%
    • Essential Actions: <1% (only used for critical & time sensitive risks)
scada vulnerability exploit disclosures
SCADA Vulnerability & Exploit Disclosures
  • Tracking from 2005 to Present (4QTR08)

* This captures only publically released vulnerability discoveries and exploit tools/code

es isac operational excellence
ES-ISAC “Operational Excellence”
  • Streamline & exercise NERC notification lists
    • Project underway to address existing problems and establish a sustainable approach to manage the lists
    • Will exercise the notification lists (improve, educate and verify)
      • Administrative exercise (November)
        • Addition of an FAQ
        • Instructions to recipients
      • Operational exercise (2 tests per year)
        • Recommendation-level or higher Alert
        • Instructions & Exercise Replies required
  • Longer-term: Develop a secure mechanism to receive alert feedback and facilitate effective two-way communication
    • Identify an appropriate mechanism for authenticated (record responses for recipients by entity) and secure feedback & alert responses