Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
ELECTRICITY SECTORCRITICAL INFRASTRUCTURE PROTECTION Background Materials for Presentation by Lou Leffler North American Electric Reliability Council Forum on U.S. Energy Security Traditional and Emerging Challenges 28 January 2002 Resources for the Future, Washington DC
The Electricity SectorSECURITY: Physical, Cyber, Operations • Many types of entities own and operate transmission and generation systems • Reliability responsibilities are shared across several levels and institutions • Multiple regulators (roughly 62)
Critical Infrastructure Interdependencies (A few of the many) FIN SVCS OIL/GAS TELECOM IT ELECTRICITY NS/EP TRANSP WATER EM SVCS ISAC
Electric Sector Industry Sector Advisory Committee (ES-ISAC) • Receive incident data from Electric Supply entities • Assist the National Infrastructure Protection Center (NIPC) in its analyses • Disseminate threat and vulnerability assessments • Liaison with other ISACs • Share best practices and lessons learned • Analyze sector interdependencies • Participate in infrastructure exercises
Assessments • Threats, Vulnerabilities, Risk, Plans (Avoidance, Assurance, Detection, Restoration), Risk Management, Review • Red, Gray, and Blue: Assessing Threat, Environment, Self • Highly formal assessments: • Dams • Transmission • Professional • Physical and cyber • National Labs program
Issue: Data Security • System data • System plans • System Maps • Filed reports: FERC, DOE, State/Local • Internet sites
Other Critical Infrastructure Protection Issues • Physical security over the long term • Process controls • Timely and actionable information sharing • Common interpretation of Threat Alert Levels • Secure and reliable communications • Legislation: FOIA, Practices
Additional CIP Info • IAW Program • Business Cases for Action • Approach to Action <http://www.nerc.com> <firstname.lastname@example.org> (609-452-8060) • PCIS <http://www.pcis-forum.org>
Indications, Analysis and Warnings (IAW) Program: NERC & NIPC Incident reports • From any verified ES Entities to the NIPC • Physical and cyber • Analysis with other information • Assessments, Advisories, Alerts • From NIPC to ES Entities • Actionable • Voluntary NERC = North American Electric Reliability Council NIPC = National Infrastructure Protection Center
Define Threat Alert Levels issued by the ES-ISAC: Physical – Cyber – Operational Normal – Low – Medium – High Specificity: Sector, Geographical, Object (eg named facility or type). Guidelines (non-prescriptive examples) of security measures that ES entities may consider taking, based on Threat Alert Level: Physical – Cyber – Operational Consistent Threat Alert Levels with the threat information received by the ES-ISAC from Government sources and other ISACs. Threat Alert Levels - Goals
Communications • Communications with Organizations: • Variety of channels • Communications within Organizations • Operations • Physical Security • Cyber Security, IT, Telecom
Managing the Business Risks of Information Technology Dependencies ~~~~~~ North American Electric Reliability Council What Utility Operations Executives Can Do T The Emerging Business Risks of IT Technology jfinq j[fj vc jv qero8v v9 Dshjqouhuiqbqeuibqe ohecoiecoic jewhdfh ihoj h vneio h hifihoqernvnv rehiu vhwu v eruirvv np[vhj2[vj v hvhvherhv2er vhvhvhj2 v v vhj2hj982w qoiqev hnvna98rhnvnadiv v v a adhdvdvhv piu n dnuds vhaduasbdv L vcnv879qnbv hfhif89n d8hn hjdha98ph;vu ah fd h vneio h hifihoqernvnv rehiu vhwu v eruirvv np[vhj2[vj v hvhvherhv2er vhvhvhj2 v v vhj2hj982w qoiqev hnvna98rhnvnadiv v v a adhdvdvhv piu n dnuds vhaduasbdv L vcnv879qnbv hfhif89n d8hn hjdha98ph;vu ahjdui dhjafdp89fhv ajf8gp;fd afjafo8 ajfgjafd What is Changing? Electricity Transmission and Distribution Systems j vhqe[vj v hvhvherhv2er vhvhvhj2 v v vhj2hj982w qoiqev hnvna98rhnvnadiv v v a adhdvdvhv piu n dnuds vhaduasbdv L vc Business Cases for Action Five targeted audiences Chief Executive Officer Chief Information Officer Operations Executive NERC Leadership General Industry Reader
North American Electric Reliability Council Working Group Forum on Critical Infrastructure Protection An Approach to Action for the Electricity Sector Version 1.0 June 2001 Approach to Action (AtA) What is the AtA? A reference for the Electricity Sector. Presents a range of actions in response to CIP. Encourages an organization to size up its own situation and choose appropriate Actions for itself. A work-in-progress…a living document.
The Electricity Sector Response to the Critical Infrastructure Protection Challenge National Plan Report National Strategy
Partnership for Critical Infrastructure Security (PCIS) • PCIS Working Groups • Interdependencies • Information Sharing • Public Policy and Legislation • Research and Development • National Plan