1. ERCOT IT Update Ken Shoquist VP, CIO Information Technology Board Meeting February 2004

2. Page 2 Security Update – Threat is Real  Last month, an east Texas man pleaded guilty to possession of a weapon of mass destruction. …investigators found a sodium-cyanide bomb capable of killing thousands, more than a hundred explosives, half a million rounds of ammunition, dozens of illegal weapons, and … antigovernment literature. …investigators have been unable to answer questions such as: Where was the sodium-cyanide bomb destined? And were the weapons being prepared for a group or sold individually? Experts say the case is important …because it shows how serious a threat the country faces from within. Source: http://www.csmonitor.com/2003/1229/p02s01-usju.html

3. February 2004 Page 3 Security Update – Threat is Real (cont.) The worm propagated, blocking SCADA traffic.” (NON ERCOT)  “A server on the control center LAN running SQL was not patched. The worm did not reach the server via the organization’s connection to the Internet. It did apparently migrate through the corporate networks until it finally reached the critical SCADA network via a remote computer through a VPN connection. The worm propagated, blocking SCADA traffic.” (NON ERCOT) Source: NERC, SQL Slammer Worm Lessons Learned for Consideration by the Electricity Sector, June 2003.  At ERCOT in January, 13 cyber security incidents, 90 port violations, and five external malicious code events  ERCOT is currently 62% in compliance with NERC Security Standard. All remaining initiatives identified for focus in ’04.

4. February 2004 Page 4 Purpose and Description  ERCOT is the reliability compliance monitor designated by NERC for the ERCOT electric sector. Consequences of noncompliance from NERC or the DOE could have a negative effect to the operating reliability of the ERCOT electric grid and possible financial penalties to ERCOT. The cyber-security standard is the first ANSI compliant standard approved by NERC.  ERCOT should comply with NERC standards and therefore must control the connection points from market participants to the ERCOT systems to ensure secured, reliable operations. ERCOT expects to become the regional certificate authority as delegated by NERC.  Modeled after the “Regional Planning Process” the ESPAC is a collaborative effort to bring together owners and operators of critical physical and cyber assets to share information and discuss security solutions that will assist in securing the Texas electric sector. Ercot Security Protection Advisor Council (ESPAC)

5. February 2004 Page 5 Future Structure  The ESPAC will enable ERCOT to monitor compliance with defined NERC standards. In addition, the group may offer security advisory services, assist market participants in developing stakeholder standards and will assist in communicating and clarifying critical information from federal and state agencies. ESPAC (cont.)

6. February 2004 Page 6 Future Structure (cont.)  ESPAC will: Serve as an expert advisory team to ERCOT in the areas of physical and cyber security Provide updates to the board when requested Establish and maintain an information reporting procedure for critical infrastructure protection among industry segments and, as appropriate, with federal and state government agencies Conduct forums and workshops related to the scope of ESPAC  ERCOT Security Staff will: Establish security standards for interfacing with ERCOT systems Assist stakeholders in developing security standards for the ERCOT Market Lead the ESPAC and manage an open stakeholder forum ESPAC (cont.)