1 / 21

Critical Infrastructure Protection THE ELECTRICITY SECTOR

Critical Infrastructure Protection THE ELECTRICITY SECTOR. Presented to EMERGENCY POWER CONFERENCE November 2004. Topics. Electricity Sector (ES) North American Electric Reliability Council (NERC) Critical Infrastructure Protection (CIP) Organization ES CIP Initiatives

tammybrown
Download Presentation

Critical Infrastructure Protection THE ELECTRICITY SECTOR

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Critical Infrastructure ProtectionTHE ELECTRICITY SECTOR Presented to EMERGENCY POWER CONFERENCE November 2004

  2. Topics • Electricity Sector (ES) • North American Electric Reliability Council (NERC) • Critical Infrastructure Protection (CIP) Organization • ES CIP Initiatives • ES Information Sharing Analysis Center (ESISAC) • Interdependencies • A Path Forward

  3. The Electricity Sector 6 x10 C=1 aGen + bTransm + cLSE + dRC + eCA + fGov + + + 3I Characteristics: Instantaneous, Interconnected, Interdependent, Reliability, Security Organizations: APPA, CEA, EEI, ELCON, EPRI, EPSA, ESISAC & other ISACs, NEI, NERC, NAESB, NRECA Agencies: DOE, DHS, DOD, FERC, NARUC, NRC, PSEPC, RUS, USSS

  4. The equation: Summed over millions of Customers Entity types that comprise the ES * Divided by three Interconnections: Eastern Western Texas * Generation, Transmission, Load Serving Entities, Purchasing-Selling Entities, Reliability Coordinators, Control Areas, Regional Transmission Organizations, Independent System Operators, Regulators (Canada/US: Federal/State/Provincial/Local) APPA: American Public Power Association CA: Control Area CEA: Canadian Electricity Association DOD: Department of Defense DOE: Department of Energy DHS: Department of Homeland Security EEI: Edison Electric Institute ELCON: Electr Consumers Resource Council EPRI: Electric Power Research Institute EPSA: Electric Power Supply Association ES: Electricity Sector FERC: Federal Energy Regulatory Commission IAIP: Info Analysis, Infrastructure Protection ISAC: Information Sharing and Analysis Center NAESB: No. Amer. Energy Standards Board NARUC: Natl Assoc Reg Utility Commissioners NEI: Nuclear Energy Institute NERC: North American Electric Reliability Cncl NRC: Nuclear Regulatory Commission NRECA: Natl Rural Electric Cooperative Assn PSEPC: Public Safety and Emergency Preparedness Canada RC: Reliability Coordinator RUS: Rural Utility Services Description and Definitions

  5. 3 RC 13 RC 1 RC

  6. What is NERC? • NERC was formed in 1968 • NERC's mission is to ensure that the bulk electric system in North America is reliable, adequate and secure. • NERC operates as a voluntary industryorganization, relying on reciprocity, peer pressure and mutual self-interest. • Energy legislation pending in the House and Senate Energy bills would enable NERC to become an SRO capable of enforcing compliance with its reliability standards.

  7. What Does NERC Do? • Sets reliability standards. • Ensures compliance with reliability standards. • Provides education and training resources. • Conducts assessments, analyses, and reports. • Facilitates information exchange and coordination among members and industry organizations. • Supports reliable system operation and planning. • Certifies reliability service organizations and personnel. • Coordinates critical infrastructure protection of the bulk electric system (ESISAC). • Administers procedures for conflict resolution on reliability issues.

  8. North American Electric Reliability Council Structure • Board of Trustees • 9 independent members • Plus President • Standing Committees • Broad Sector representation • Subcommittees • Working Groups • Task Forces Board of Trustees Stakeholders Staff Operating Committee Planning Committee Operating Committee Critical Infrastructure Protection Committee Market Committee

  9. CIPC Executive Committee Manage policy matters and provide support to SCs, WGs ESISAC Subcommittee Develop & maintain ISAC capability to respond to security threats & incidents Outreach WG Reporting Technologies WG Indications, Analysis, Warnings WG Grid Monitoring System TF IDS Pilot TF Security Planning Subcommittee Improve ES ability to protect critical infrastructure Standards & Guidelines WG Risk Assessment WG Control Systems Security WG Critical Spares TF PKI TF HEMP TF CIP Committee Structure Physical Security Cyber Security Operations Policy September 18, 2004

  10. Electricity Sector Security Initiatives-1 • 14 August 2004 Blackout • Outage investigation • 46 Recommendations • Standards • Readiness audits • Implement the National Infrastructure Protection Plan for the Electricity Sector • Indications, Analysis, Warnings program* • Data/information exchange between ES and DHS • Threat Alert Levels: Physical and Cyber* • Guidance for ES actions in response to Homeland Security Alert System *Reference materials available: http://www.esisac.com

  11. Electricity Sector Security Initiatives-2 • Cyber Security Standard* • 1200 in place; 1300 under development • 15 Security Guidelines* • Physical, Cyber, Data • Critical Spares Project • Control Systems Security • Other technical studies • Outreach including workshops • Bi-lateral discussions and Urban Utility Center *Reference materials available: http://www.esisac.com

  12. Requirements Cyber Security Policy Critical Cyber Assets Electronic Security Perimeter Electronic Access Controls Physical Security Perimeter Physical Access Controls Personnel Monitoring Physical Access Monitoring Electronic Access Information Protection Training Systems Management Test Procedures Electronic Incident Response Actions Physical Incident Response Actions Recovery Plans Cyber Security Standard: 1200

  13. Overview Communications Emergency Plans Employment Background Screen Physical Security Threat Response Physical Cyber Vulnerability/Risk Assessment Continuity of Business Process Cyber Access Control Cyber IT Firewalls Cyber Intrusion Detection Cyber Risk Management Protecting Sensitive Info Securing Remote Access: Process Control Systems Incident Reporting Physical Security – Substations Security Guidelines Best practices for protecting critical assets

  14. ESISAC • Electricity SectorInformation Sharing Analysis Center • Share information about real and potential threats and vulnerabilities • Received from DHS and communicated to electricity sector participants • Received from electricity sector participants and communicated to DHS • Analyze information for trends, cross-sector dependencies, specific targets • Coordinate with other ISACs

  15. http://www.esisac.com

  16. Governments – Sectors CoordinationOperations (ES focus) ------------------ Governments ---------------- Sectors … DHS DOE PSEPC CHEM FS ESISAC . . . TEL Electricity Sector Electricity Sector CA GEN RC TRAN DIST PSE

  17. Chemical Electricity Emergency Management and Response Energy (Oil and Gas) Financial Services Health Care Highway Information Technology Multi-State Public Transit Research and Education Network Surface Transportation Telecommunications Water OperationalISACs

  18. Electricity Sector Dependency On

  19. ES Dependency on the Internet • Categories • Business System • Market System • Control System • Control System Support • Security System

  20. A Path Forward • Interdependencies • Qualitative • Quantitative • Secure database • Plans • TESP • TSP • Communication • Strategic • Outreach • Tactical

  21. Contacts • Lynn Costantini, CIO, NERC lynn.costantini@nerc.net • Lou Leffler, Manager CIP, NERC lou.leffler@nerc.net NERC: 609-452-8060 ESISAC: 609-452-1422 • Note: Referenced materials and this presentation available at: http://www.esisac.com TY

More Related