Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.safezonesystems.com SafeZone® patent pending 1 Detect. Inform. Prevent. NERC Physical Security Standards and Guidelines SafeZone® Detect. Inform. Prevent.

Similar presentations


Presentation on theme: "Www.safezonesystems.com SafeZone® patent pending 1 Detect. Inform. Prevent. NERC Physical Security Standards and Guidelines SafeZone® Detect. Inform. Prevent."— Presentation transcript:

1 www.safezonesystems.com SafeZone® patent pending 1 Detect. Inform. Prevent. NERC Physical Security Standards and Guidelines SafeZone® Detect. Inform. Prevent. www.safezonesystems.com

2 NERC Standards, References and Guidelines and SafeZone® CIP-014-1 — Physical Security, New 2014 Standard – The standard: http://www.nerc.com/pa/Stand/Reliability%20Standards/CIP-014-1.pdf – A summation of the standard: http://www.morganlewis.com/pubs/Energy_LF_FERCProposestoApproveNERC PhysicalSecurityStandard_21july14#_ftn1 NERC Physical Security Guidelines – http://www.nerc.com/comm/CIPC/Security%20Guidelines%20DL/Phys ical%20Security%20Guideline%202012-05-18-Final.pdf http://www.nerc.com/comm/CIPC/Security%20Guidelines%20DL/Phys ical%20Security%20Guideline%202012-05-18-Final.pdf In the following slides, SafeZone® Risk Management of Physical Security Vulnerabilities exploited in the Metcalf attacks will be described to illustrate compliance with CIP-014-1 and NERC Physical Security Guidelines. 2 SafeZone® Detect. Inform. Prevent. www.safezonesystems.com

3 CP-014-1 Core Requirements The CP-014-1 standard is defined in terms of 6 core requirements: – R1 requires Transmission Owners of certain categories of transmission facilities to perform risk assessments to identify the substations that “if rendered inoperable or damaged could result in widespread instability, uncontrolled separation, or cascading within an Interconnection.” Transmission Owners must also identify the control centers for those critical facilities. – R2 requires that the risk assessments be verified by unaffiliated and qualified third parties. – R3 directs Transmission Owners to notify the Transmission Operators of the identified critical control centers that their control centers are responsible for critical transmission facilities. – R4 requires Transmission Owners and Transmission Operators of critical facilities to perform threat assessments to identify the physical threats to their facilities and any vulnerabilities. – R5 directs Transmission Owners and Transmission Operators of critical facilities to develop and implement physical security plans to address the threats and vulnerabilities they have identified. – R6 requires that an unaffiliated, qualified third party review the threat assessments and physical security plans. These core requirements comprise a set of Risk Management steps to be performed to identify and mitigate the Risk of Physical Security Vulnerabilities being exploited to cause harm to the ES. SafeZone® is an automated Risk Management System, compliant with the Standard, that uses real time video analysis and notifications to detect and mitigate Threats to Physical Security. 3 SafeZone® Detect. Inform. Prevent. www.safezonesystems.com

4 SafeZone®, Metcalf, and CIP-014-1 Risk Management (R1, R4, R5, R6) R1: Critical Facilities – In this analysis, the Metcalf Transmission Substation is assumed to be a Critical Facility. R4: These Threats and Vulnerabilities at Metcalf are known (have been exploited): – Destruction of Critical Communications – Destruction of Critical Components – Unauthorized Critical Facilities Access – Theft of Assets – Destruction of Assets – Intrusion – Ineffective Threat Responses R5: SafeZone® provides Mitigations to these Threats – Unauthorized persons presence detection and response – Intrusion detection and response – Physical attack on communications detection and response – Physical attack on assets detection and response – Gun attack detection and response – SafeZone® informed response will eliminate ineffective response errors. R6: In addition to static auditing of mitigations, SafeZone® provides continuous monitoring, testing, and reporting for quantifying all capabilities in operating systems. – Validate all mitigations are fully operational at all times. 4 SafeZone® Detect. Inform. Prevent.

5 SafeZone® and Enhancing Metcalf Physical Security SafeZone® deployment will mitigate Physical Security Threats and Vulnerabilities present in the Metcalf Transmission Substation. SafeZone® can be configured and deployed in a manner consistent with the CIP-014-1 core requirements, particularly, proven effective mitigations and operational auditing. 5 SafeZone® Detect. Inform. Prevent. www.safezonesystems.com

6 SafeZone® : NERC 8 concepts The NERC Guidelines specify 8 important concepts regarding physical security, here is how SafeZone maps to these concepts : – Deter – Label presence of SafeZone ® video threat protection Low deterrence at Metcalf – Detect – Extensible, configurable threat detectors including interior and exterior settings; guns, intrusion, unauthorized presence, etc. Early warning Low light capable Metcalf detection capabilities are inadequate – Delay – Activate time barriers upon threat detection. Controllable time barrier elements can be activated upon threat detection – Assess – Cascaded response mechanisms Ask the question of responsible parties: “Is this a problem?” supported with Video and Mapping. Automated “See Something, Say Something” – Communicate – Configurable, automated, robust, redundant, multi-channel notification and status communications Early warning Real time status Multi-agency distribution Support for redundant communications – have to be able get information out to responders – Respond – Informed response What is the threat (or threats), where is it (or are they), what is happening now. Where are responders, where are bystanders. How many are out there? Remove attacker advantage Incomplete information has led to inadequate response at Metcalf – Intelligence – Threat visualization tools, efficient user interfaces Real time video cueing and mapping – Audit – Automatically test, assess, and report capabilities in working systems, at all times. Comply with standards: are the mitigations working right now ? 6 SafeZone® Detect. Inform. Prevent. www.safezonesystems.com

7 NERC Guidelines: Protection in Depth SafeZone ® implements Protection in Depth Video coverage can be layered in depth SafeZone ® implements redundancy another form of Protection in Depth Metcalf has inadequate defense in depth and an attackable perimeter 7 SafeZone® Detect. Inform. Prevent. www.safezonesystems.com

8 SafeZone ® Compliant Physical Security Risk Management SafeZone ® can directly mitigate existing threats to Physical Security in the Electric System in compliance with CIP-014-1 SafeZone ® implements elements recommended in the NERC Physical Security Guidelines. Harden your Critical Facilities today, Prevent Reliability impacts and loss costs SafeZone ® is available today to harden your parts of the Electric System To see more: www.safezonesystems.com 8 SafeZone® Detect. Inform. Prevent. www.safezonesystems.com

9 Appendix 9 SafeZone® Detect. Inform. Prevent. www.safezonesystems.com

10 DHS Information 90 percent of consumed power passes through extra-high voltage (EHV) transformers at some point on the transmission grid. If these transformers fail— especially in large numbers—the nation could face a major, potentially long term, blackout. With more than 60 percent of the Gross Domestic Product tied to electricity, annual losses due to power failures throughout the nation are estimated at more than $100 billion. extra high-voltage (EHV) transformers are the most vulnerable components in the electric grid. Three high-consequence TTPs are most commonly found in the available data; targeted shootings, intentional downing of power lines, and bombings. 10 SafeZone® Detect. Inform. Prevent. www.safezonesystems.com


Download ppt "Www.safezonesystems.com SafeZone® patent pending 1 Detect. Inform. Prevent. NERC Physical Security Standards and Guidelines SafeZone® Detect. Inform. Prevent."

Similar presentations


Ads by Google