1 / 15

ELECTRICITY SECTOR CRITICAL INFRASTRUCTURE PROTECTION

ELECTRICITY SECTOR CRITICAL INFRASTRUCTURE PROTECTION. Background Materials for Presentation by Lou Leffler North American Electric Reliability Council Forum on U.S. Energy Security Traditional and Emerging Challenges 28 January 2002 Resources for the Future, Washington DC.

calla
Download Presentation

ELECTRICITY SECTOR CRITICAL INFRASTRUCTURE PROTECTION

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ELECTRICITY SECTORCRITICAL INFRASTRUCTURE PROTECTION Background Materials for Presentation by Lou Leffler North American Electric Reliability Council Forum on U.S. Energy Security Traditional and Emerging Challenges 28 January 2002 Resources for the Future, Washington DC

  2. The Electricity SectorSECURITY: Physical, Cyber, Operations • Many types of entities own and operate transmission and generation systems • Reliability responsibilities are shared across several levels and institutions • Multiple regulators (roughly 62)

  3. Critical Infrastructure Interdependencies (A few of the many) FIN SVCS OIL/GAS TELECOM IT ELECTRICITY NS/EP TRANSP WATER EM SVCS ISAC

  4. Electric Sector Industry Sector Advisory Committee (ES-ISAC) • Receive incident data from Electric Supply entities • Assist the National Infrastructure Protection Center (NIPC) in its analyses • Disseminate threat and vulnerability assessments • Liaison with other ISACs • Share best practices and lessons learned • Analyze sector interdependencies • Participate in infrastructure exercises

  5. Assessments • Threats, Vulnerabilities, Risk, Plans (Avoidance, Assurance, Detection, Restoration), Risk Management, Review • Red, Gray, and Blue: Assessing Threat, Environment, Self • Highly formal assessments: • Dams • Transmission • Professional • Physical and cyber • National Labs program

  6. Issue: Data Security • System data • System plans • System Maps • Filed reports: FERC, DOE, State/Local • Internet sites

  7. Other Critical Infrastructure Protection Issues • Physical security over the long term • Process controls • Timely and actionable information sharing • Common interpretation of Threat Alert Levels • Secure and reliable communications • Legislation: FOIA, Practices

  8. Additional CIP Info • IAW Program • Business Cases for Action • Approach to Action <http://www.nerc.com> <esisac@nerc.com> (609-452-8060) • PCIS <http://www.pcis-forum.org>

  9. Indications, Analysis and Warnings (IAW) Program: NERC & NIPC Incident reports • From any verified ES Entities to the NIPC • Physical and cyber • Analysis with other information • Assessments, Advisories, Alerts • From NIPC to ES Entities • Actionable • Voluntary NERC = North American Electric Reliability Council NIPC = National Infrastructure Protection Center

  10. Define Threat Alert Levels issued by the ES-ISAC: Physical – Cyber – Operational Normal – Low – Medium – High Specificity: Sector, Geographical, Object (eg named facility or type). Guidelines (non-prescriptive examples) of security measures that ES entities may consider taking, based on Threat Alert Level: Physical – Cyber – Operational Consistent Threat Alert Levels with the threat information received by the ES-ISAC from Government sources and other ISACs. Threat Alert Levels - Goals

  11. Communications • Communications with Organizations: • Variety of channels • Communications within Organizations • Operations • Physical Security • Cyber Security, IT, Telecom

  12. Managing the Business Risks of Information Technology Dependencies ~~~~~~ North American Electric Reliability Council What Utility Operations Executives Can Do T The Emerging Business Risks of IT Technology jfinq j[fj vc jv qero8v v9 Dshjqouhuiqbqeuibqe ohecoiecoic jewhdfh ihoj h vneio h hifihoqernvnv rehiu vhwu v eruirvv np[vhj2[vj v hvhvherhv2er vhvhvhj2 v v vhj2hj982w qoiqev hnvna98rhnvnadiv v v a adhdvdvhv piu n dnuds vhaduasbdv L vcnv879qnbv hfhif89n d8hn hjdha98ph;vu ah fd h vneio h hifihoqernvnv rehiu vhwu v eruirvv np[vhj2[vj v hvhvherhv2er vhvhvhj2 v v vhj2hj982w qoiqev hnvna98rhnvnadiv v v a adhdvdvhv piu n dnuds vhaduasbdv L vcnv879qnbv hfhif89n d8hn hjdha98ph;vu ahjdui dhjafdp89fhv ajf8gp;fd afjafo8 ajfgjafd What is Changing? Electricity Transmission and Distribution Systems j vhqe[vj v hvhvherhv2er vhvhvhj2 v v vhj2hj982w qoiqev hnvna98rhnvnadiv v v a adhdvdvhv piu n dnuds vhaduasbdv L vc Business Cases for Action Five targeted audiences Chief Executive Officer Chief Information Officer Operations Executive NERC Leadership General Industry Reader

  13. North American Electric Reliability Council Working Group Forum on Critical Infrastructure Protection An Approach to Action for the Electricity Sector Version 1.0 June 2001 Approach to Action (AtA) What is the AtA? A reference for the Electricity Sector. Presents a range of actions in response to CIP. Encourages an organization to size up its own situation and choose appropriate Actions for itself. A work-in-progress…a living document.

  14. The Electricity Sector Response to the Critical Infrastructure Protection Challenge National Plan Report National Strategy

  15. Partnership for Critical Infrastructure Security (PCIS) • PCIS Working Groups • Interdependencies • Information Sharing • Public Policy and Legislation • Research and Development • National Plan

More Related