Presentation is loading. Please wait.

Presentation is loading. Please wait.

Critical Infrastructure Protection THE ELECTRICITY SECTOR Presented to EMERGENCY POWER CONFERENCE November 2004.

Similar presentations

Presentation on theme: "Critical Infrastructure Protection THE ELECTRICITY SECTOR Presented to EMERGENCY POWER CONFERENCE November 2004."— Presentation transcript:

1 Critical Infrastructure Protection THE ELECTRICITY SECTOR Presented to EMERGENCY POWER CONFERENCE November 2004

2 2 Topics Electricity Sector (ES) North American Electric Reliability Council (NERC) Critical Infrastructure Protection (CIP) Organization ES CIP Initiatives ES Information Sharing Analysis Center (ESISAC) Interdependencies A Path Forward

3 aGen + bTransm + cLSE + dRC + eCA + fGov x10 C=1 3I3I The Electricity Sector Organizations: APPA, CEA, EEI, ELCON, EPRI, EPSA, ESISAC & other ISACs, NEI, NERC, NAESB, NRECA Characteristics: Instantaneous, Interconnected, Interdependent, Reliability, Security Agencies: DOE, DHS, DOD, FERC, NARUC, NRC, PSEPC, RUS, USSS

4 Description and Definitions The equation: Summed over millions of Customers Entity types that comprise the ES * Divided by three Interconnections: Eastern Western Texas * Generation, Transmission, Load Serving Entities, Purchasing-Selling Entities, Reliability Coordinators, Control Areas, Regional Transmission Organizations, Independent System Operators, Regulators (Canada/US: Federal/State/Provincial/Local) APPA: American Public Power Association CA: Control Area CEA: Canadian Electricity Association DOD: Department of Defense DOE: Department of Energy DHS: Department of Homeland Security EEI: Edison Electric Institute ELCON: Electr Consumers Resource Council EPRI: Electric Power Research Institute EPSA: Electric Power Supply Association ES: Electricity Sector FERC: Federal Energy Regulatory Commission IAIP: Info Analysis, Infrastructure Protection ISAC: Information Sharing and Analysis Center NAESB: No. Amer. Energy Standards Board NARUC: Natl Assoc Reg Utility Commissioners NEI: Nuclear Energy Institute NERC: North American Electric Reliability Cncl NRC: Nuclear Regulatory Commission NRECA: Natl Rural Electric Cooperative Assn PSEPC: Public Safety and Emergency Preparedness Canada RC: Reliability Coordinator RUS: Rural Utility Services

5 13 RC 1 RC 3 RC

6 6 What is NERC? NERC was formed in 1968 NERC's mission is to ensure that the bulk electric system in North America is reliable, adequate and secure. NERC operates as a voluntary industry organization, relying on reciprocity, peer pressure and mutual self-interest. Energy legislation pending in the House and Senate Energy bills would enable NERC to become an SRO capable of enforcing compliance with its reliability standards.

7 7 What Does NERC Do? Sets reliability standards. Ensures compliance with reliability standards. Provides education and training resources. Conducts assessments, analyses, and reports. Facilitates information exchange and coordination among members and industry organizations. Supports reliable system operation and planning. Certifies reliability service organizations and personnel. Coordinates critical infrastructure protection of the bulk electric system (ESISAC). Administers procedures for conflict resolution on reliability issues.

8 North American Electric Reliability Council Structure Staff Operating Committee Operating Committee Planning Committee Board of Trustees 9 independent members Plus President Standing Committees Broad Sector representation Subcommittees Working Groups Task Forces Market Committee Critical Infrastructure Protection Committee Stakeholders

9 CIP Committee Structure CIPC Executive Committee Manage policy matters and provide support to SCs, WGs Security Planning Subcommittee Improve ES ability to protect critical infrastructure Standards & Guidelines WG Risk Assessment WG Control Systems Security WG Critical Spares TF PKI TF HEMP TF ESISAC Subcommittee Develop & maintain ISAC capability to respond to security threats & incidents Outreach WG Reporting Technologies WG Indications, Analysis, Warnings WG Grid Monitoring System TF IDS Pilot TF September 18, 2004 Physical Security Cyber Security Operations Policy

10 10 Electricity Sector Security Initiatives-1 14 August 2004 Blackout Outage investigation 46 Recommendations Standards Readiness audits Implement the National Infrastructure Protection Plan for the Electricity Sector Indications, Analysis, Warnings program* Data/information exchange between ES and DHS Threat Alert Levels: Physical and Cyber* Guidance for ES actions in response to Homeland Security Alert System *Reference materials available:

11 11 Electricity Sector Security Initiatives-2 Cyber Security Standard* 1200 in place; 1300 under development 15 Security Guidelines* Physical, Cyber, Data Critical Spares Project Control Systems Security Other technical studies Outreach including workshops Bi-lateral discussions and Urban Utility Center *Reference materials available:

12 12 Cyber Security Standard: 1200 Requirements 1.Cyber Security Policy 2.Critical Cyber Assets 3.Electronic Security Perimeter 4.Electronic Access Controls 5.Physical Security Perimeter 6.Physical Access Controls 7.Personnel 8.Monitoring Physical Access 9.Monitoring Electronic Access 10.Information Protection 11.Training 12.Systems Management 13.Test Procedures 14.Electronic Incident Response Actions 15.Physical Incident Response Actions 16.Recovery Plans

13 13 Security Guidelines Overview Communications Emergency Plans Employment Background Screen Physical Security Threat Response Physical Cyber Vulnerability/Risk Assessment Continuity of Business Process Cyber Access Control Cyber IT Firewalls Cyber Intrusion Detection Cyber Risk Management Protecting Sensitive Info Securing Remote Access: Process Control Systems Incident Reporting Physical Security – Substations Best practices for protecting critical assets

14 14 ESISAC Electricity Sector Information Sharing Analysis Center Share information about real and potential threats and vulnerabilities Received from DHS and communicated to electricity sector participants Received from electricity sector participants and communicated to DHS Analyze information for trends, cross-sector dependencies, specific targets Coordinate with other ISACs


16 Governments – Sectors Coordination Operations (ES focus) DHSDOEPSEPC ESISAC … CHEM FS TEL Governments Sectors RC Electricity Sector CA TRAN GEN DIST PSE Electricity Sector

17 17 Operational ISACs Chemical Electricity Emergency Management and Response Energy (Oil and Gas) Financial Services Health Care Highway Information Technology Multi-State Public Transit Research and Education Network Surface Transportation Telecommunications Water

18 Electricity Sector Dependency On SectorImmed Physical Immed Cyber Long term Physical Long term Cyber Chemical Oil Gas Financial IT Telcom Surface TX Trucking Water Health Care

19 19 ES Dependency on the Internet Categories Business System Market System Control System Control System Support Security System

20 20 A Path Forward Interdependencies Qualitative Quantitative Secure database Plans TESP TSP Communication Strategic Outreach Tactical

21 21 Contacts Lynn Costantini, CIO, NERC Lou Leffler, Manager CIP, NERC NERC: ESISAC: Note: Referenced materials and this presentation available at: TY

Download ppt "Critical Infrastructure Protection THE ELECTRICITY SECTOR Presented to EMERGENCY POWER CONFERENCE November 2004."

Similar presentations

Ads by Google