d1c7feeb22afab15161916b44aab5487.ppt
- Количество слайдов: 21
Critical Infrastructure Protection THE ELECTRICITY SECTOR Presented to EMERGENCY POWER CONFERENCE November 2004
Topics ● Electricity Sector (ES) ● North American Electric Reliability Council (NERC) ● Critical Infrastructure Protection (CIP) Organization ● ES CIP Initiatives ● ES Information Sharing Analysis Center (ESISAC) ● Interdependencies ● A Path Forward 2
The Electricity Sector x 10 6 C=1 a. Gen + b. Transm + c. LSE + d. RC + e. CA + f. Gov + + + 3 I Characteristics: Instantaneous, Interconnected, Interdependent, Reliability, Security Organizations: APPA, CEA, EEI, ELCON, EPRI, EPSA, ESISAC & other ISACs, NEI, NERC, NAESB, NRECA Agencies: DOE, DHS, DOD, FERC, NARUC, NRC, PSEPC, RUS, USSS 3
● APPA: American Public Power Association Description and Definitions ● The equation: § Summed over millions of Customers § Entity types that comprise the ES * § Divided by three Interconnections: - Eastern - Western - Texas * Generation, Transmission, Load Serving Entities, Purchasing-Selling Entities, Reliability Coordinators, Control Areas, Regional Transmission Organizations, Independent System Operators, Regulators (Canada/US: Federal/State/Provincial/Local) 4 ● ● ● ● ● ● CA: Control Area CEA: Canadian Electricity Association DOD: Department of Defense DOE: Department of Energy DHS: Department of Homeland Security EEI: Edison Electric Institute ELCON: Electr Consumers Resource Council EPRI: Electric Power Research Institute EPSA: Electric Power Supply Association ES: Electricity Sector FERC: Federal Energy Regulatory Commission IAIP: Info Analysis, Infrastructure Protection ISAC: Information Sharing and Analysis Center NAESB: No. Amer. Energy Standards Board NARUC: Natl Assoc Reg Utility Commissioners NEI: Nuclear Energy Institute NERC: North American Electric Reliability Cncl NRC: Nuclear Regulatory Commission NRECA: Natl Rural Electric Cooperative Assn PSEPC: Public Safety and Emergency Preparedness Canada RC: Reliability Coordinator RUS: Rural Utility Services
3 RC 5 13 RC 1 RC
What is NERC? ● NERC was formed in 1968 ● NERC's mission is to ensure that the bulk electric system in North America is reliable, adequate and secure. ● NERC operates as a voluntary industry organization, relying on reciprocity, peer pressure and mutual self-interest. ● Energy legislation pending in the House and Senate Energy bills would enable NERC to become an SRO capable of enforcing compliance with its reliability standards. 6
What Does NERC Do? ● ● ● ● ● 7 Sets reliability standards. Ensures compliance with reliability standards. Provides education and training resources. Conducts assessments, analyses, and reports. Facilitates information exchange and coordination among members and industry organizations. Supports reliable system operation and planning. Certifies reliability service organizations and personnel. Coordinates critical infrastructure protection of the bulk electric system (ESISAC). Administers procedures for conflict resolution on reliability issues.
North American Electric Reliability Council Structure ● Board of Trustees § 9 independent members Staff § Plus President ● Standing Committees § Broad Sector representation § Subcommittees § Working Groups § Task Forces Operating Committee Critical Infrastructure Protection Committee Stakeholders Planning Committee Market Committee
CIP Committee Structure CIPC Executive Committee Manage policy matters and provide support to SCs, WGs Physical Security Cyber Security Operations Policy ESISAC Subcommittee Security Planning Subcommittee Develop & maintain ISAC capability to respond to security threats & incidents Improve ES ability to protect critical infrastructure Outreach WG Reporting Technologies WG Indications, Analysis, Warnings WG Grid Monitoring System TF IDS Pilot TF Standards & Guidelines WG Risk Assessment WG Control Systems Security WG Critical Spares TF PKI TF HEMP TF September 18, 2004 9
Electricity Sector Security Initiatives-1 ● 14 August 2004 Blackout § Outage investigation § 46 Recommendations § Standards § Readiness audits ● Implement the National Infrastructure Protection Plan for the Electricity Sector ● Indications, Analysis, Warnings program* § Data/information exchange between ES and DHS ● Threat Alert Levels: Physical and Cyber* § Guidance for ES actions in response to Homeland Security Alert System *Reference materials available: http: //www. esisac. com 10
Electricity Sector Security Initiatives-2 ● Cyber Security Standard* § 1200 in place; 1300 under development ● 15 Security Guidelines* § Physical, Cyber, Data ● Critical Spares Project ● Control Systems Security ● Other technical studies ● Outreach including workshops ● Bi-lateral discussions and Urban Utility Center *Reference materials available: http: //www. esisac. com 11
Cyber Security Standard: 1200 Requirements 1. 2. 3. 4. 5. 6. 7. 8. 9. 12 Cyber Security Policy Critical Cyber Assets Electronic Security Perimeter Electronic Access Controls Physical Security Perimeter Physical Access Controls Personnel Monitoring Physical Access Monitoring Electronic Access 10. Information Protection 11. Training 12. Systems Management 13. Test Procedures 14. Electronic Incident Response Actions 15. Physical Incident Response Actions 16. Recovery Plans
Security Guidelines ● ● ● Best practices for Overview Communications Emergency Plans Employment Background Screen Physical Security Threat Response § Physical § Cyber ● Vulnerability/Risk Assessment ● Continuity of Business Process 13 protecting critical assets ● Cyber Access Control ● Cyber IT Firewalls ● Cyber Intrusion Detection ● Cyber Risk Management ● Protecting Sensitive Info ● Securing Remote Access: Process Control Systems ● Incident Reporting ● Physical Security – Substations
ESISAC § Electricity Sector Information Sharing Analysis Center § Share information about real and potential threats and vulnerabilities § Received from DHS and communicated to electricity sector participants § Received from electricity sector participants and communicated to DHS § Analyze information for trends, cross-sector dependencies, specific targets § Coordinate with other ISACs 14
http: //www. esisac. com 15
Governments – Sectors Coordination Operations (ES focus) --------- Governments -------- DHS DOE PSEPC Sectors … CHEM FS ESISAC TEL Electricity Sector RC 16 CA TRAN GEN DIST . . . PSE
Operational ISACs ● Chemical ● Electricity ● Emergency Management and Response ● Energy (Oil and Gas) ● Financial Services ● Health Care ● Highway 17 ● ● Information Technology Multi-State Public Transit Research and Education Network ● Surface Transportation ● Telecommunications ● Water
Electricity Sector Dependency On Sector Chemical Oil Gas Financial IT Telcom Surface TX Trucking Water Health Care 18 Immed Physical Immed Cyber Long term Physical Long term Cyber
ES Dependency on the Internet ● Categories § Business System § Market System § Control System Support § Security System 19
A Path Forward ● Interdependencies § Qualitative § Quantitative § Secure database ● Plans § TESP § TSP ● Communication § Strategic - Outreach § Tactical 20
Contacts ● Lynn Costantini, CIO, NERC lynn. costantini@nerc. net ● Lou Leffler, Manager CIP, NERC lou. leffler@nerc. net NERC: 609 -452 -8060 ESISAC: 609 -452 -1422 ● Note: Referenced materials and this 21 presentation available at: http: //www. esisac. com TY