Presentation is loading. Please wait.

Presentation is loading. Please wait.

NERC CIPC March 16, 2006 Roadmap to Secure Control Systems in the Energy Sector U.S. Department of Energy Office of Electricity Delivery and Energy Reliability.

Similar presentations


Presentation on theme: "NERC CIPC March 16, 2006 Roadmap to Secure Control Systems in the Energy Sector U.S. Department of Energy Office of Electricity Delivery and Energy Reliability."— Presentation transcript:

1 NERC CIPC March 16, 2006 Roadmap to Secure Control Systems in the Energy Sector U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Hank Kenchington CIPC Confidentiality: Public Release

2 SCOPE DOE multi-laboratory program jointly managed and executed by INL and SNL (other partners include PNL, ANL, NIST, other contractors) Key program areas: –Assess and mitigate SCADA system vulnerability –Support development of security standards –Develop and test advanced secure control systems technology –Conduct outreach and awareness OBJECTIVE Support industry and government efforts to enhance control systems cyber security across the energy infrastructure National SCADA Test Bed

3 Key Activities: 1.SCADA System Assessments - ABB, AREVA, GE, Siemens 2.Provided cyber security training to over 400 end-users 3.Evaluated use of COTS IT antivirus and firewall tools in control systems 4.Working closely with electricity sector, developed mitigation strategies for “top 10” vulnerabilities 5.Conducting performance testing and cryptographic analysis of AGA 12 6.Evaluated and cataloged existing SCADA Standards National SCADA Test Bed Results: 1.New “hardened” SCADA systems now being deployed 2.Software patches developed by vendors and supplied to end-users to better secure existing systems

4 Enhanced SCADA systems in market Enhanced SCADA systems are being deployed…TODAY Vendor “Public” Test Reports System Patches Asset Owners Enhanced SCADA/Control Systems Test Direction “Proprietary” Test Reports National SCADA Test Bed National SCADA Test Bed SCADA/ Control Systems

5 Lots of activities…but no coordination DHS S&T SBIR projects DHS NCSD Cyber Security Test Bed NIST Process Control Security Requirements Forum NIST Process Control Security Requirements Forum DHS Process Control Systems Forum NSF R&D projects DOE National SCADA Test Bed DOE Critical Infrastructure Test Range EPRI EIS projects AGA 12 Standard NERC Standards & Guidelines DHS I3P SCADA FERC projects DOD TSWG DOD TSWG

6 Roadmap Process Create Steering Group Conduct Roadmap Workshop Prepare Technology Roadmap Implement Roadmap Guide Roadmap Development Identify Needs and Priorities Integrate into Plans Initiate Projects and Partnerships Trends & Driver Challenges &Barriers Priorities Action Plans We Are Here!

7 Roadmap Steering Committee Asset Owners and Operators Tom Flowers - CenterPoint Energy (electricity) Linda Nappier – Ameren (electricity) Al Rivero – formerly w/Chevron (oil and gas) David Poczynek – Williams Co. (oil and gas) Tom Frobase – TEPPCO (oil and gas) Michael Assante – formerly w/AEP and IEIA Forum Industry Organizations Bill Rush – GTI Lisa Soda – API Kimberly Denbow – AGA Gary Gardner – AGA Tom Kropp - EPRI Government Doug Maughan – U.S. DHS Hank Kenchington – U.S. DOE David Darling – Natural Resources Canada Researchers (National Laboratories) Tommy Cabe – Sandia National Laboratories Jeff Dagle – Pacific Northwest National Laboratory Bob Hill – Idaho National Laboratory

8 Roadmap Scope Time Frames Near: 0-2 yrs. Mid: 2-5 yrs. Long: 5-10 yrs. Sectors - Electricity - Oil - Gas - Telecom (supporting) People Processes Technology Potential Solutions See:

9 Workshop Participants Led by energy sector owners and operators Includes representatives from electricity, oil, gas, telecom industries Engages a cross-section of stakeholders and experts Industry Organizations Commercial Suppliers Asset Owners and Operators Government & Labs Control Systems, 15 Business and Security, 10 Operations, 5 Target Participants

10 Roadmap Framework Vision In 10 years, control systems for critical applications will be designed, installed, operated, and maintained to survive an intentional cyber assault with no loss of critical function. Key Strategies 1.Measure and assess security posture 2.Develop and integrate protective measures 3.Detect intrusion and implement response strategies 4.Sustain security improvements

11 Develop and Integrate Protective Measures Develop and Integrate Protective Measures Detect Intrusion and Implement Response Strategies Detect Intrusion and Implement Response Strategies Sustain Security Improvements Sustain Security Improvements Measure and Assess Security Posture Measure and Assess Security Posture MilestonesMilestones Milestones Milestones Milestones ♦50% of asset owners and operators performing self- assessments of their control systems using consistent criteria (2008) ♦Secure connectivity between business systems and control systems within corporate network (2009) ♦Cyber incident response is part of emergency operating plans at 30% of control systems (2008) ♦Resolve major info protection and sharing issues between U.S. govt. and industry (2006) ♦Fully automated security state and common response of control system networks (2015) ♦Secure control system architectures produced with built- in, end-to-end security (2015) ♦Self-configuring control system network architectures are in production (2015) ♦Cyber security awareness, education, and outreach programs integrated into energy sector operations (2015) time

12 Next Steps Work with Sector Coordinating Councils to develop Roadmap Implementation Forum Use results to coordinate activities of government, academia, and private sector to align with roadmap Use roadmap to guide DOE control systems security program activities Government Researchers Industry Organizations Asset Owners & Operators Commercial Entities See:

13 END US Department of Energy Office of Electricity Delivery and Energy Reliability Hank Kenchington


Download ppt "NERC CIPC March 16, 2006 Roadmap to Secure Control Systems in the Energy Sector U.S. Department of Energy Office of Electricity Delivery and Energy Reliability."

Similar presentations


Ads by Google