Presentation is loading. Please wait.

Presentation is loading. Please wait.

Energy Storage & Cyber Security

Published by所 崔 Modified over 4 years ago

Similar presentations

Presentation on theme: "Energy Storage & Cyber Security"— Presentation transcript:

1 Energy Storage & Cyber Security
EPRI’s Approach Candace Suh-Lee, CISSP, CISSA Principal Technical Leader – Cyber Security April 11 Energy Storage Technologies & Applications Conference, UCR

2 EPRI’s Mission Advancing safe, reliable, affordable and environmentally responsible electricity for society through global collaboration, thought leadership and science & technology innovation

3 Three Key Aspects of EPRI
Independent & Neutral Objective, scientifically based results address reliability, efficiency, affordability, health, safety, and the environment Nonprofit Chartered to serve the public benefit Collaborative Bring together scientists, engineers, academic researchers, and industry experts Intellectual Leverage Financial Leverage

4 Conducting Research Today
Cyber Security Research in 3 EPRI Sectors Energy and Environment Environmental Sciences: Air and Multimedia Strategic Analysis and Technology Assessments Environmental Sciences: Groundwater and Land Management Workforce and the Public: Health Assessment and Safety Environmental Sciences: Water and Ecosystems Nuclear Advanced Nuclear Technology Chemistry, Low-Level Waste and Radiation Management Equipment Reliability Fuel Reliability Long-Term Operations Materials Degradation/Aging Nondestructive Evaluation and Material Characterization Risk and Safety Management Used Fuel and High-Level Waste Management Generation Advanced Coal Plants, Carbon Capture and Storage Combustion Turbines Environmental Controls Major Component Reliability Materials and Chemistry Operations and Maintenance Power Plant Water Management Renewable Energy Power Delivery and Utilization Distribution Utilization Distribution Energy Utilization Information, Communication, and Cyber Security Transmission Grid Operations and Planning Transmission and Substations

5 Cyber Security Roadmap – Electric Industry Driven
Cyber Security Roadmap for EPRI, Updated December 31, 2018

6 Safe, reliable, cost-effective
Advancing the integration of energy storage systems through open, technical collaboration Safe, reliable, cost-effective

7 Poll from ESIC Waltham General Meeting: Strong Need Identified for Cybersecurity Guidelines

8 Energy Storage & Cyber Security
Energy Storage Team’s Perspective Cyber Security Team’s Perspective Utility IT dept’s have a variety of policies covering Vendor Remote Access Cloud Based Controls Vendors are still unfamiliar with owner cyber needs Solicitations for Storage need to clearly inform Vendors of these requirements No apparent uniform approach – solicitations change and confuse vendors The cost and project impact of cyber adherence can be significant Reliability Risk Resiliency System availability Safety Risk Workforce Safety Consumer Safety Financial Risk Reputational Financial Integrity Data / Privacy Risk Customer data Business data

9 Cyber Security Standards
Information Technology Industrial Control Systems SOC 2 - SaaS PCI-DSS – Credit Card Processing SOX – Financial Systems ISO series – international standard for general cyber security COBIT – Information Security Auditing Standard NIST FIPS – Federal GDPR – General Data Protection Regulation (EU) ISA/IEC (Formerly ISA 99) NERC CIP NIST CSF NISTIR 7628 IEEE 1402 ISO/IEC 17799 IEC/TS 62351

10 What is SOC2? Auditing procedure for SaaS (Software as a Service) provider Developed by AICPA (American Institute of CPAs) Focus on data privacy and protection 5 trust service principles: Data Security Data Availability Data Processing Integrity Data confidentiality Data Privacy 2 Reports: Type I : vendor’s systems, design principles (attestation based) Type II : operational effectiveness (audit) Image Source:

11 Is SOC 2 the right standard for storage integration?
Typical SaaS Architecture Representative Storage Integration Architecture

12 Questions to ask Risk Data, systems & communication
What are we trying to protect? Asset availability vs data confidentiality What is the risk? Risk = likelihood X impact Data, systems & communication What types of data are stored, processed, or transferred? What types of systems are used? How they are connected? Software, hardware, supply-chain Who are the main vendors? Where are they made? Operation – monitoring, response, & updates Who controls the systems & how? Who maintains the systems & how? Can the software/firmware be updated? What are utility’s responsibilities?

13 2019 Collaboration Plan – Energy Storage & Cyber Security
Technical Update - Cybersecurity Considerations for Distributed Energy Storage Cybersecurity issues for distributed energy storage systems Technical and practical options for addressing the issue Articulation of cybersecurity risk and mitigating controls Available to EPRI members ESIC Cyber Security Task Force - Whitepaper – Cyber Security for Energy Storage Systems Identification of security issues (risks) Regulatory issues Technical challenges People challenges - disconnect of people and knowledge Next steps/Recommendations Available to the public

14 EPRI Cyber Security Interest Group for DER & Grid-Edge Systems
Collaborative Industry Working Group to address the current challenges in DER & Grid-Edge Systems Possible Topics: Cyber Security Roadmap for Cyber Security for DER & Grid-Edge Systems Functional requirements for communication and operational security for customer, utility, or third-party owned assets/systems Reference cyber security architecture Standardization of interoperable cyber secure ecosystem

15

Download ppt "Energy Storage & Cyber Security"

Similar presentations

UNRESTRICTED Infrastructure Assessment as Viewed by Technology Holders IAEA Technical Meeting December 10-12, 2008 R. Godden.

UNRESTRICTED Infrastructure Assessment as Viewed by Technology Holders IAEA Technical Meeting December 10-12, 2008 R. Godden.
John B. Wharton, PE Technical Executive Baltimore, Maryland October 16, 2013 Perspectives on Grid-Integrated Microgrids Maryland Clean Energy Summit.

John B. Wharton, PE Technical Executive Baltimore, Maryland October 16, 2013 Perspectives on Grid-Integrated Microgrids Maryland Clean Energy Summit.
Security Controls – What Works

Security Controls – What Works
Jeju, 13 – 16 May 2013Standards for Shared ICT HIS – Smart Grid Karen Bartleson, President, IEEE Standards Association Document No: GSC17-PLEN-72 Source:

Jeju, 13 – 16 May 2013Standards for Shared ICT HIS – Smart Grid Karen Bartleson, President, IEEE Standards Association Document No: GSC17-PLEN-72 Source:
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
2015 World Forum on Energy Regulation May 25, 2015

2015 World Forum on Energy Regulation May 25, 2015
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
DOE’s Smart Grid R&D Needs Steve Bossart Energy Analyst U.S. Department of Energy National Energy Technology Laboratory Materials Challenges in Alternative.

DOE’s Smart Grid R&D Needs Steve Bossart Energy Analyst U.S. Department of Energy National Energy Technology Laboratory Materials Challenges in Alternative.
ACTION PROPOSAL FOR FLYWHEEL ENERGY TECHNOLOGY Enhance future grid reliability, interoperability, & extreme event protection In 20 years, the flywheel.

ACTION PROPOSAL FOR FLYWHEEL ENERGY TECHNOLOGY Enhance future grid reliability, interoperability, & extreme event protection In 20 years, the flywheel.
ELECTRICAL CRITICAL INFRASTRUCTURE SECURITY Charles Hookham, P.E., M.ASCE, VP, Utility Projects HDR Engineering 1.

ELECTRICAL CRITICAL INFRASTRUCTURE SECURITY Charles Hookham, P.E., M.ASCE, VP, Utility Projects HDR Engineering 1.
Safety Driven Performance Conference 2013 The future of managing asset-intensive businesses John Keefe APM/RBMI Technical Manager Asset Integrity Services.

Safety Driven Performance Conference 2013 The future of managing asset-intensive businesses John Keefe APM/RBMI Technical Manager Asset Integrity Services.
Frankfurt (Germany), 6-9 June 2011 IT COMPLIANCE IN SMART GRIDS Martin Schaefer – Sweden – Session 6 – 0210.

Frankfurt (Germany), 6-9 June 2011 IT COMPLIANCE IN SMART GRIDS Martin Schaefer – Sweden – Session 6 – 0210.
GRC - Governance, Risk MANAGEMENT, and Compliance

GRC - Governance, Risk MANAGEMENT, and Compliance
Smart Grid - Developments and Implementations Prof. Gady Golan – HIT, Israel Dr. Yuval Beck – HIT, Israel 14-11-2012, Electricity 2012, Eilat.

Smart Grid - Developments and Implementations Prof. Gady Golan – HIT, Israel Dr. Yuval Beck – HIT, Israel , Electricity 2012, Eilat.
AIAA’s Publications Business Publications New Initiatives Subcommittee Wednesday, 9 January 2008 Rodger Williams.

AIAA’s Publications Business Publications New Initiatives Subcommittee Wednesday, 9 January 2008 Rodger Williams.
Tom MAZOUR IAEA, Division of Nuclear Power

Tom MAZOUR IAEA, Division of Nuclear Power
Challenges in Infosecurity Practices at IT Organizations

Challenges in Infosecurity Practices at IT Organizations
Sustainability Issues

Sustainability Issues
CERTIFICATION In the Electronics Recycling Industry © 2007 IAER Web Site - -

CERTIFICATION In the Electronics Recycling Industry © 2007 IAER Web Site - -
Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.

Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.

Similar presentations

Ads by Google