Transcription
Jim BrentonRegional Security CoordinatorERCOT—Electric Reliability Council of Texas
Facts expressed in this presentation are Facts Opinions express in this presentation are solely myown The voices I hear speak only to me ERCOT should not be held accountable for my opinions,random ramblings or rants This presentation has NOT been reviewed by ERCOTStaff and does NOT represent ERCOT ISO or ERCOTMarket Participant positions on any topic or issue thatmay be discussedPublic9/19/20112
Electric Reliability Council of Texas—ERCOT Independent System Operator (ISO) for Texas Texas Interconnection Some of ERCOT’s Registered NERC functions include Wholesale Generation and Retail Markets Regulated by Texas Public Utility Commission Reliability CoordinatorBalancing AuthorityTransmission OperatorRegional Transmission PlannerWe have been fully CIP Compliant since July 2008 withmultiple NERC/RE CIP spot checks and auditsPublic9/19/20113
Security of the North American Bulk ElectricSystem (BES) is too important to be left tovoluntary industry participationImplementation of Cyber Security controls in theCIP Standards requires a different model thanthat of other BES Reliability Standards Use of the BES Reliability Standards drafting andcompliance models may actually reduce the overallsecurity of the BES Full NERC CIP Compliance does NOT mean that an Entityis fully Secure against Advanced Threat Actors inContested Network SpacePublic9/19/20114
The Electricity Sector lacks a sufficient number ofqualified security SMEs at all levels needed toproperly implement Security SecOps analysts; Audit, Compliance and Enforcementstaff; and senior Executives and Boards of Directors Training and Certification of security SMEs is a weak link Industry has placed far too much focus oncompliance documentation and way too littleattention on real-time security operations andmonitoring Just like FISMA—see OMB report on GAO and Agencies Public9/19/20115
Monitor Cyber Security Legislation and ExecutiveOrders for new requirements Track and Monitor emerging NERC CIPStandards—V4/V5, now CIP-002 thru CIP-011 Involve key Control System SME staff in StandardsDevelopment Differences between IT and OT (Operations Technology) NERC is moving to enhanced use of the ROP(Rules of Procedures), CANs (ComplianceApplication Notices), and RSAWS (ReliabilityStandards Auditor Worksheets) to implementsecurity measures outside scope of the ReliabilityStandards Development Process (RSDP)Public9/19/20116
Support Smart Grid Joint DoE/NIST/NERC Risk Management Process Initiativeto implement Smart Grid Guidelines based on the SmartGrid NISTR Engage Smart Meter Vendors and Researchers Privacy of Customer Information in AMI Plan for SynchroPhasers Deployment Network Architecture for Phasor Mgt Units Be smart about CA/non-CA identification ofSynchroPhaser components? LMP (Local Marginal Pricing) and Nodal MarketModelsPublic9/19/20117
Increased emphasis on timely application ofPatches for known vulnerabilitiesEnhanced Change Control and ConfigurationManagement processes beyond CIPImprove Vendor Contracts and Supply ChainManagement to rapidly address remediationof emerging security vulnerabilitiesPublic9/19/20118
Increase Real-Time Security Ops monitoringof networks and systems Move from monitoring the external securityperimeters required by CIP to comprehensivemonitoring all internal and external transactions Deep dive into event records and log files Coordinate results and enhance information sharingwith other industry entities Improve Public-Private Information Sharingwith DoE/DHS You need a Security Clearance through DHSPublic9/19/20119
Dept of Energy and the National Labs Department of Homeland Security and LocalProtective Security Agents (PSA) Pre-coordinate with Local LEAs and your FBI office Security Event and Information Monitoring is key tosuccessful Security Program INL and National SCADA Test Bed PNNL and ESNM (Electric Sector Network Monitoring) Do something with the log files required by NERC CIP Stds. Deep dive and find out what is really happening on yournetworksPublic9/19/201110
Global Monitoring of Internet Activities Security Companies (fee required) Federal Initiatives Alerts (Information Sharing) DOE – Electricity Sector Network MonitoringNSA – Perfect CitizenDOD – Protecting Defense Industrial Base and ISPs, will expand to Electricity SectorDHS - EinsteinNERC ES-ISACICS-CERT, US-CERT, MS-CERT, etcNESCO/NESCOROther Utilities and Cross-Sector Critical Infrastructures SMEsLocal Indicators (Anomalies) Business Network (Monitoring and Logs)EMS/SCADA system applicationEMS/SCADA system hardwareNeed to add Distribution Substations and Generation facilities11
Enterprise Responses Telecommunications Network and Internet Perimeters PersonnelEMS and SCADA DefensesSubstation DefensesGeneration DefensesEducation and TrainingIncident Response PlansInformation SharingPost-event AnalysisConfiguration Controls and Monitoring12
Move industry efforts away from ―Audits,Compliance Documentation and Enforcements‖ ofsecurity for CAs/BES to a model based onContinuous Security Performance Monitoring ofall networks and systems by qualified SecurityOps Analysts and SMEs FISMA-II Model: Dept of State, DoD and NASA examples Set the Tone and Tenor from TOP of theCompany Engage Senior level Executives, Boards of Directors andState/Local Regulators in the CIP/Cyber Security ProgramPublic9/19/201113
Improve Security Event Reporting NERC Electricity Sector ISAC reporting should NOTbe the same as CIP – 008 Incident Report NESCO/NESCOR: EnergySec/EPRI—new kid on block Suggest joint collaborative effort betweenNERC ES-ISAC and DoE/NESCO for bettermentof industry outside of NERC compliancefunctionsPublic9/19/201114
NERC/FERC need to move away from ―StrictCompliance‖ of the current language in the CIPstandards Documentation violations should NOT result insignificant fines or sanctions CIP and Cyber Security are too important to belocked up in the FERC regulatory process Too many lawyers making technical security decisionsfocused on strict compliance with GovernmentRegulation Change focus from managing ―Compliance Risk‖to that of managing ―Security Risks‖Public9/19/201115
Restructure CIP Standards to uniquely addresssecurity for Generation, Transmission & Distribution,Load Serving Entities, and Control Center Entities One size does not fit all Sound Security Controls for a Control Center couldadversely affect reliability of Gen/Trans systems NERC members must step up and implement realsecurity measures and controls for all environments CA Identification of BES components is NOT the right issue Better Secure all BES systems, AND other mission-criticalsystems and enterprise network systems and components Congress and the public do NOT differentiatebetween BES, Market and Enterprise SystemsPublic9/19/201116
The Abilene paradox is a situations in which a groupof people collectively decide on a course of actionthat is counter to the preferences of any of theindividuals in the groupCurrent NERC Standards Development Processdemonstrates the well-known pitfalls of this form ofDysfunctional Group Dynamics How did we get to where we are today with CIP Standards? Is anyone happy with the Security in the Electricity Sectortoday resulting from Cyber Security Controls? Industry,NERC/FERC, Congress/Administration, or the Public? What do we do to avoid repeating the same mistakesagain?Public9/19/201117
Public9/19/201118
SecOps analysts; Audit, Compliance and Enforcement . Dept of Energy and the National Labs INL and National SCADA Test Bed PNNL and ESNM (Electric Sector Network Monitoring) . NESCO/NESCOR Other
