Presentation on theme: "Critical Infrastructure Protection THE ELECTRICITY SECTOR Presented to EMERGENCY POWER CONFERENCE November 2004."— Presentation transcript:
Critical Infrastructure Protection THE ELECTRICITY SECTOR Presented to EMERGENCY POWER CONFERENCE November 2004
2 Topics Electricity Sector (ES) North American Electric Reliability Council (NERC) Critical Infrastructure Protection (CIP) Organization ES CIP Initiatives ES Information Sharing Analysis Center (ESISAC) Interdependencies A Path Forward
Description and Definitions The equation: Summed over millions of Customers Entity types that comprise the ES * Divided by three Interconnections: Eastern Western Texas * Generation, Transmission, Load Serving Entities, Purchasing-Selling Entities, Reliability Coordinators, Control Areas, Regional Transmission Organizations, Independent System Operators, Regulators (Canada/US: Federal/State/Provincial/Local) APPA: American Public Power Association CA: Control Area CEA: Canadian Electricity Association DOD: Department of Defense DOE: Department of Energy DHS: Department of Homeland Security EEI: Edison Electric Institute ELCON: Electr Consumers Resource Council EPRI: Electric Power Research Institute EPSA: Electric Power Supply Association ES: Electricity Sector FERC: Federal Energy Regulatory Commission IAIP: Info Analysis, Infrastructure Protection ISAC: Information Sharing and Analysis Center NAESB: No. Amer. Energy Standards Board NARUC: Natl Assoc Reg Utility Commissioners NEI: Nuclear Energy Institute NERC: North American Electric Reliability Cncl NRC: Nuclear Regulatory Commission NRECA: Natl Rural Electric Cooperative Assn PSEPC: Public Safety and Emergency Preparedness Canada RC: Reliability Coordinator RUS: Rural Utility Services
6 What is NERC? NERC was formed in 1968 NERC's mission is to ensure that the bulk electric system in North America is reliable, adequate and secure. NERC operates as a voluntary industry organization, relying on reciprocity, peer pressure and mutual self-interest. Energy legislation pending in the House and Senate Energy bills would enable NERC to become an SRO capable of enforcing compliance with its reliability standards.
7 What Does NERC Do? Sets reliability standards. Ensures compliance with reliability standards. Provides education and training resources. Conducts assessments, analyses, and reports. Facilitates information exchange and coordination among members and industry organizations. Supports reliable system operation and planning. Certifies reliability service organizations and personnel. Coordinates critical infrastructure protection of the bulk electric system (ESISAC). Administers procedures for conflict resolution on reliability issues.
North American Electric Reliability Council Structure Staff Operating Committee Operating Committee Planning Committee Board of Trustees 9 independent members Plus President Standing Committees Broad Sector representation Subcommittees Working Groups Task Forces Market Committee Critical Infrastructure Protection Committee Stakeholders
CIP Committee Structure CIPC Executive Committee Manage policy matters and provide support to SCs, WGs Security Planning Subcommittee Improve ES ability to protect critical infrastructure Standards & Guidelines WG Risk Assessment WG Control Systems Security WG Critical Spares TF PKI TF HEMP TF ESISAC Subcommittee Develop & maintain ISAC capability to respond to security threats & incidents Outreach WG Reporting Technologies WG Indications, Analysis, Warnings WG Grid Monitoring System TF IDS Pilot TF September 18, 2004 Physical Security Cyber Security Operations Policy
10 Electricity Sector Security Initiatives-1 14 August 2004 Blackout Outage investigation 46 Recommendations Standards Readiness audits Implement the National Infrastructure Protection Plan for the Electricity Sector Indications, Analysis, Warnings program* Data/information exchange between ES and DHS Threat Alert Levels: Physical and Cyber* Guidance for ES actions in response to Homeland Security Alert System *Reference materials available: http://www.esisac.com
11 Electricity Sector Security Initiatives-2 Cyber Security Standard* 1200 in place; 1300 under development 15 Security Guidelines* Physical, Cyber, Data Critical Spares Project Control Systems Security Other technical studies Outreach including workshops Bi-lateral discussions and Urban Utility Center *Reference materials available: http://www.esisac.com
13 Security Guidelines Overview Communications Emergency Plans Employment Background Screen Physical Security Threat Response Physical Cyber Vulnerability/Risk Assessment Continuity of Business Process Cyber Access Control Cyber IT Firewalls Cyber Intrusion Detection Cyber Risk Management Protecting Sensitive Info Securing Remote Access: Process Control Systems Incident Reporting Physical Security – Substations Best practices for protecting critical assets
14 ESISAC Electricity Sector Information Sharing Analysis Center Share information about real and potential threats and vulnerabilities Received from DHS and communicated to electricity sector participants Received from electricity sector participants and communicated to DHS Analyze information for trends, cross-sector dependencies, specific targets Coordinate with other ISACs
Governments – Sectors Coordination Operations (ES focus) DHSDOEPSEPC ESISAC … CHEM FS TEL...... ------------------ Governments ---------------- Sectors RC Electricity Sector CA TRAN GEN DIST PSE Electricity Sector
17 Operational ISACs Chemical Electricity Emergency Management and Response Energy (Oil and Gas) Financial Services Health Care Highway Information Technology Multi-State Public Transit Research and Education Network Surface Transportation Telecommunications Water
Electricity Sector Dependency On SectorImmed Physical Immed Cyber Long term Physical Long term Cyber Chemical Oil Gas Financial IT Telcom Surface TX Trucking Water Health Care
19 ES Dependency on the Internet Categories Business System Market System Control System Control System Support Security System
20 A Path Forward Interdependencies Qualitative Quantitative Secure database Plans TESP TSP Communication Strategic Outreach Tactical
21 Contacts Lynn Costantini, CIO, NERC firstname.lastname@example.org Lou Leffler, Manager CIP, NERC email@example.com NERC: 609-452-8060 ESISAC: 609-452-1422 Note: Referenced materials and this presentation available at: http://www.esisac.com TY
Your consent to our cookies if you continue to use this website.