ELECTRICITY SECTOR PERSPECTIVE Critical Infrastructure Protection - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

ELECTRICITY SECTOR PERSPECTIVE Critical Infrastructure Protection

Description:

North American Electric Reliability Council. 2. Topics. About NERC ... National Critical Infrastructure Exercise. ElectroMagnetic Pulse. 19. Contacts. NERC: 609 ... – PowerPoint PPT presentation

Number of Views:84
Avg rating:3.0/5.0
Slides: 20
Provided by: nerc6
Category:

less

Transcript and Presenter's Notes

Title: ELECTRICITY SECTOR PERSPECTIVE Critical Infrastructure Protection


1
ELECTRICITY SECTOR PERSPECTIVECritical
Infrastructure Protection
  • Michehl R. Gent
  • President and CEO
  • North American Electric Reliability Council

2
Topics
  • About NERC
  • Critical Infrastructure Protection
  • ESISAC
  • Control Systems
  • Cyber Security Standards
  • Security Guidelines

3
What is NERC?
  • NERC was formed in 1968
  • NERC's mission is to ensure that North American
    bulk electric system reliable, adequate secure
  • NERC is a voluntary self-regulatory organization,
    relying on reciprocity, peer pressure and mutual
    self-interest
  • The House and Senate have passed energy
    legislation that would give NERC authority to
    enforce compliance with reliability standards
  • Legislation must now go to conference

4
What Does NERC Do?
  • Develops reliability standards
  • Enforces compliance with reliability standards
  • Provides education and training resources
  • Conducts assessments, analyses and reports
  • Facilitates information exchange and coordination
  • Supports reliable system operation and planning
  • Certifies reliability service organizations and
    personnel
  • Administers procedures for conflict resolution
  • Coordinates critical infrastructure protection of
    the bulk electric system

5
North American Interconnections
6
NERC Governance Structure
  • Board of Trustees
  • 9 independent members president
  • 10 Member Regions
  • Standing Committees
  • Regional and sector representation
  • Subject matter expertise

Board of Trustees
Stakeholders
Staff
Operating Committee
Planning Committee
CIPC
Compliance Certification Committee
Standards Authorization Committee
7
Critical Infrastructure Protection
  • Physical Security
  • Cyber Security
  • Industry-wide
  • Standards
  • Guidelines
  • Communications
  • Coordination
  • Interdependencies

8
Critical Assets
  • Those facilities, systems, and equipment,
    which, if destroyed, damaged, degraded, or
    otherwise rendered unavailable, would have a
    significant impact on the ability to serve large
    quantities of customers for an extended period of
    time, would have a detrimental impact on the
    reliability or operability of the bulk electric
    system, or would cause significant risk to public
    health and safety.

9
Electricity Sector ISAC
  • Electricity Sector Information Sharing Analysis
    Center
  • Share information with industry, DHS other
    agencies about real and potential threats and
    vulnerabilities
  • Analyze data and information for trends,
    cross-sector dependencies, specific targets
  • Maintain situational awareness of all hazards
  • Coordinate with other ISACs

10
Control Systems in the Electricity Sector
11
Securing Control Systems
  • NERC is working with industry and government to
  • Assess risks and vulnerabilities
  • Develop standards and guidelines
  • Evaluate vulnerabilities and solutions
  • in a test bed environment
  • Secure legacy systems
  • Secure new systems
  • Recognize and protect against attacks
  • Mitigate attacks on control systems
  • Conduct outreach and workshops

12
Cyber Security Standard 1200
  • Information Protection
  • Training
  • Systems Management
  • Test Procedures
  • Electronic Incident Response Actions
  • Physical Incident Response Actions
  • Recovery Plans
  • Cyber Security Policy
  • Critical Cyber Assets
  • Electronic Security Perimeter
  • Electronic Access Controls
  • Physical Security Perimeter
  • Physical Access Controls
  • Personnel
  • Monitoring Physical Access
  • Monitoring Electronic Access

13
Permanent Cyber Security Standard
  • Builds upon Cyber Security Standard 1200
  • Requires critical cyber assets related to the
    reliable operation of the bulk electric systems
    be identified and protected
  • Includes process control and SCADA assets
    critical to grid reliability
  • Provides additional detail to clarify technical
    requirements and compliance requirements

14
Security Guidelines
  • Cyber IT Firewalls
  • Cyber Intrusion Detection
  • Cyber Risk Management
  • Protecting Sensitive Info
  • Securing Remote Access Process Control Systems
  • Incident Reporting
  • Physical Security Substations
  • Patch Management for Control Systems
  • Control System Business Network Electronic
    Connectivity
  • Communications
  • Emergency Plans
  • Employment Background Screen
  • Physical Security
  • Threat Response
  • Physical
  • Cyber
  • Vulnerability/Risk Assessment
  • Continuity of Business Process
  • Cyber Access Control

15
Securing Remote Access
  • Address demonstrated vulnerabilities
  • New technology created threat
  • Smart protective devices
  • Alternative solutions in guideline

16
Patch Management
  • Identified need
  • Created by open technology revolution
  • Control system asset inventory
  • Risk assessment
  • Documentation
  • Testing

17
Control System-Business System Connectivity
  • Identified need
  • Architectures are critical
  • Defense in depth
  • Compartmentalization
  • Security-centric
  • Well understood information flow

18
Related Activities
  • Common Vulnerabilities of Control Systems list
  • National SCADA Test Bed
  • Recommendations to the common vulnerabilities
  • AGA-12 Cryptographic Protection of SCADA
    Communications
  • Communications ISAC
  • Interdependencies
  • Next Generation Networks
  • Exercises
  • Cyber Storm
  • National Critical Infrastructure Exercise
  • ElectroMagnetic Pulse

19
Contacts
  • NERC 609-452-8060
  • ESISAC 609-452-1422
  • Referenced materials and this
    presentation are available at
  • http//www.esisac.com
Write a Comment
User Comments (0)
About PowerShow.com