Presentation is loading. Please wait.

Presentation is loading. Please wait.

NERC CIPC March 16, 2006 Roadmap to Secure Control Systems in the Energy Sector U.S. Department of Energy Office of Electricity Delivery and Energy Reliability.

Published byIssac Monck Modified over 9 years ago

Similar presentations

Presentation on theme: "NERC CIPC March 16, 2006 Roadmap to Secure Control Systems in the Energy Sector U.S. Department of Energy Office of Electricity Delivery and Energy Reliability."— Presentation transcript:

1 NERC CIPC March 16, 2006 Roadmap to Secure Control Systems in the Energy Sector U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Hank Kenchington 202-586-1878 henry.kenchington@hq.doe.gov CIPC Confidentiality: Public Release

2 SCOPE DOE multi-laboratory program jointly managed and executed by INL and SNL (other partners include PNL, ANL, NIST, other contractors) Key program areas: –Assess and mitigate SCADA system vulnerability –Support development of security standards –Develop and test advanced secure control systems technology –Conduct outreach and awareness OBJECTIVE Support industry and government efforts to enhance control systems cyber security across the energy infrastructure National SCADA Test Bed

3 Key Activities: 1.SCADA System Assessments - ABB, AREVA, GE, Siemens 2.Provided cyber security training to over 400 end-users 3.Evaluated use of COTS IT antivirus and firewall tools in control systems 4.Working closely with electricity sector, developed mitigation strategies for “top 10” vulnerabilities 5.Conducting performance testing and cryptographic analysis of AGA 12 6.Evaluated and cataloged existing SCADA Standards National SCADA Test Bed Results: 1.New “hardened” SCADA systems now being deployed 2.Software patches developed by vendors and supplied to end-users to better secure existing systems

4 Enhanced SCADA systems in market Enhanced SCADA systems are being deployed…TODAY Vendor “Public” Test Reports System Patches Asset Owners Enhanced SCADA/Control Systems Test Direction “Proprietary” Test Reports National SCADA Test Bed National SCADA Test Bed SCADA/ Control Systems

5 Lots of activities…but no coordination DHS S&T SBIR projects DHS NCSD Cyber Security Test Bed NIST Process Control Security Requirements Forum NIST Process Control Security Requirements Forum DHS Process Control Systems Forum NSF R&D projects DOE National SCADA Test Bed DOE Critical Infrastructure Test Range EPRI EIS projects AGA 12 Standard NERC Standards & Guidelines DHS I3P SCADA FERC projects DOD TSWG DOD TSWG

6 Roadmap Process Create Steering Group Conduct Roadmap Workshop Prepare Technology Roadmap Implement Roadmap Guide Roadmap Development Identify Needs and Priorities Integrate into Plans Initiate Projects and Partnerships Trends & Driver Challenges &Barriers Priorities Action Plans We Are Here!

7 Roadmap Steering Committee Asset Owners and Operators Tom Flowers - CenterPoint Energy (electricity) Linda Nappier – Ameren (electricity) Al Rivero – formerly w/Chevron (oil and gas) David Poczynek – Williams Co. (oil and gas) Tom Frobase – TEPPCO (oil and gas) Michael Assante – formerly w/AEP and IEIA Forum Industry Organizations Bill Rush – GTI Lisa Soda – API Kimberly Denbow – AGA Gary Gardner – AGA Tom Kropp - EPRI Government Doug Maughan – U.S. DHS Hank Kenchington – U.S. DOE David Darling – Natural Resources Canada Researchers (National Laboratories) Tommy Cabe – Sandia National Laboratories Jeff Dagle – Pacific Northwest National Laboratory Bob Hill – Idaho National Laboratory

8 Roadmap Scope Time Frames Near: 0-2 yrs. Mid: 2-5 yrs. Long: 5-10 yrs. Sectors - Electricity - Oil - Gas - Telecom (supporting) People Processes Technology Potential Solutions See: www.controlsystemsroadmap.net

9 Workshop Participants Led by energy sector owners and operators Includes representatives from electricity, oil, gas, telecom industries Engages a cross-section of stakeholders and experts Industry Organizations Commercial Suppliers Asset Owners and Operators Government & Labs 30 15 8 7 Control Systems, 15 Business and Security, 10 Operations, 5 Target Participants

10 Roadmap Framework Vision In 10 years, control systems for critical applications will be designed, installed, operated, and maintained to survive an intentional cyber assault with no loss of critical function. Key Strategies 1.Measure and assess security posture 2.Develop and integrate protective measures 3.Detect intrusion and implement response strategies 4.Sustain security improvements

11 Develop and Integrate Protective Measures Develop and Integrate Protective Measures Detect Intrusion and Implement Response Strategies Detect Intrusion and Implement Response Strategies Sustain Security Improvements Sustain Security Improvements Measure and Assess Security Posture Measure and Assess Security Posture MilestonesMilestones Milestones Milestones Milestones ♦50% of asset owners and operators performing self- assessments of their control systems using consistent criteria (2008) ♦Secure connectivity between business systems and control systems within corporate network (2009) ♦Cyber incident response is part of emergency operating plans at 30% of control systems (2008) ♦Resolve major info protection and sharing issues between U.S. govt. and industry (2006) ♦Fully automated security state and common response of control system networks (2015) ♦Secure control system architectures produced with built- in, end-to-end security (2015) ♦Self-configuring control system network architectures are in production (2015) ♦Cyber security awareness, education, and outreach programs integrated into energy sector operations (2015) time

12 Next Steps Work with Sector Coordinating Councils to develop Roadmap Implementation Forum Use results to coordinate activities of government, academia, and private sector to align with roadmap Use roadmap to guide DOE control systems security program activities Government Researchers Industry Organizations Asset Owners & Operators Commercial Entities See: www.controlsystemsroadmap.net

13 END US Department of Energy Office of Electricity Delivery and Energy Reliability Hank Kenchington henry.kenchington@hq.doe.gov 202-586-1878

Download ppt "NERC CIPC March 16, 2006 Roadmap to Secure Control Systems in the Energy Sector U.S. Department of Energy Office of Electricity Delivery and Energy Reliability."

Similar presentations

Department of Homeland Security Site Assistance Visit (SAV)

Department of Homeland Security Site Assistance Visit (SAV)
KEITH CANTANDO, CBCP CORPORATE SECURITY - PROGRAMS PROGRESS ENERGY PS-Prep (DHS – Voluntary Private Sector Preparedness Accreditation.

KEITH CANTANDO, CBCP CORPORATE SECURITY - PROGRAMS PROGRESS ENERGY PS-Prep (DHS – Voluntary Private Sector Preparedness Accreditation.
Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Advancing Alternative Energy Technologies Glenn MacDonell Director, Energy Industry Canada Workshop on Alternatives to Conventional Generation Technologies.

Advancing Alternative Energy Technologies Glenn MacDonell Director, Energy Industry Canada Workshop on Alternatives to Conventional Generation Technologies.
<<replace with Customer Logo>>

<<replace with Customer Logo>>
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
10/29/20091 Innovation Partnerhsip Models with the Finance Sector Dept. of Homeland Security Science & Technology Directorate Douglas Maughan, Ph.D. Branch.

10/29/20091 Innovation Partnerhsip Models with the Finance Sector Dept. of Homeland Security Science & Technology Directorate Douglas Maughan, Ph.D. Branch.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Asia Pacific Economic Cooperation Transportation Working Group ITS Experts Group Chicago, Illinois September 2002 Walter Kulyk, P.E. Director, Office of.

Asia Pacific Economic Cooperation Transportation Working Group ITS Experts Group Chicago, Illinois September 2002 Walter Kulyk, P.E. Director, Office of.
National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.

National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.
Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Food and Agriculture Sector Coordinating Councils John L. Williams, DVM U.S. Department of Agriculture AFDO Annual Conference Kansas City, MO June 7, 2005.

Food and Agriculture Sector Coordinating Councils John L. Williams, DVM U.S. Department of Agriculture AFDO Annual Conference Kansas City, MO June 7, 2005.
The Evergreen, Background, Methodology and IT Service Management Model

The Evergreen, Background, Methodology and IT Service Management Model
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

Similar presentations

Ads by Google