NERC CIPC March 16, 2006 Roadmap to Secure Control Systems in the Energy Sector U.S. Department of Energy Office of Electricity Delivery and Energy Reliability.

Slides:



Advertisements
Similar presentations
Department of Homeland Security Site Assistance Visit (SAV)
Advertisements

KEITH CANTANDO, CBCP CORPORATE SECURITY - PROGRAMS PROGRESS ENERGY PS-Prep (DHS – Voluntary Private Sector Preparedness Accreditation.
Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Advancing Alternative Energy Technologies Glenn MacDonell Director, Energy Industry Canada Workshop on Alternatives to Conventional Generation Technologies.
<<replace with Customer Logo>>
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
10/29/20091 Innovation Partnerhsip Models with the Finance Sector Dept. of Homeland Security Science & Technology Directorate Douglas Maughan, Ph.D. Branch.
DHS, National Cyber Security Division Overview
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Asia Pacific Economic Cooperation Transportation Working Group ITS Experts Group Chicago, Illinois September 2002 Walter Kulyk, P.E. Director, Office of.
National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.
Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Food and Agriculture Sector Coordinating Councils John L. Williams, DVM U.S. Department of Agriculture AFDO Annual Conference Kansas City, MO June 7, 2005.
The Evergreen, Background, Methodology and IT Service Management Model
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
CIPC Executive Comittee Update CIPC Conference Call September 16, 2004 Stuart Brindley CIPC Chair CIPC Confidentiality - Public.
Part of a Broader Strategy
Introduction & Overview April 11, 2011 Barry Haaser Managing Director.
Lessons Learned in Smart Grid Cyber Security
1 Toronto, Ontario - October 31 and November 1, 2002 October 31, 2002 David Dern Technology Roadmap for Intelligent Buildings Marketing Director Continental.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Seán Paul McGurk National Cybersecurity and Communications
NSTC Smart Grid Subcommittee Overview and Goals for Ongoing Federal/State Collaboration By George Arnold, NIST & Jessica Zufolo, RUS NARUC Annual Convention,
Network Security Resources from the Department of Homeland Security National Cyber Security Division.
Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation - ERO Perspective David R. Nevius and Michael J. Assante 2009 NRC Regulatory.
13 Nov 2007 National & Homeland Security Critical Infrastructure Protection/Resilience National Association of Regulatory Utility Commissioners Annual.
1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.
Smart Power Infrastructure Demonstration for Energy Reliability and Security (SPIDERS) Cyber Metrics Brief Mr. Ross Roley PACOM Energy Innovation.
Control Systems Security Working Group Report CIPC Meeting Denver, CO September 2005 Tom Flowers Public Release.
Applicable EPRI and Other Research to Assist Designs for AMI and Customer Communications Joe Hughes EPRI.
Role for Electric Sector in Critical Infrastructure Protection R&D Presented to NERC CIPC Washington D.C. June 9, 2005 Bill Muston Public Release.
© 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Technology for better business outcomes.
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
© 2011 EnerNex. All Rights Reserved. Lemnos Interoperable Security Project Background and Benefits 8/11/2011.
CI/KR Public-Private Partnerships Overview March 2010 Prepared By: Thomas DiNanno International Assessment and Strategy Center.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
June 17, 2009 Michael W. Howard, Ph.D. Sr. Vice President The Interoperable Smart Grid Evolving.
A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.
ISPE Cyber Security S99 Update December 08, 2009.
November 2, 2006 LESSONS FROM CIPAG 1 Lessons from Critical Infrastructure Group Bill Bojorquez November 2, 2006.
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
NASA ARAC Meeting Update on Next Generation Air Transportation System May 3, 2005 Robert Pearce Deputy Director, Joint Planning & Development Office.
CIPC Executive Committee Update-1 CIPC Meeting Long Beach CA March 17, 2005 Pat Laird Vice Chair Public Release.
State of the Industry NAESB Critical Infrastructure Committee.
Homeland Security, First Edition © 2012 Pearson Education, Inc. All rights reserved. Overview of National Infrastructure Protection CHAPTER 3.
U N I T E D S T A T E S D E P A R T M E N T O F C O M M E R C E N A T I O N A L O C E A N I C A N D A T M O S P H E R I C A D M I N I S T R A T I O N.
Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.
National Emergency Communications Plan Update National Association of Regulatory Utility Commissioners Winter Committee Meeting February 16, 2015 Ron Hewitt.
Findings from the DOE-OE Smart Grid Communications Program Meeting Validating the need for enhanced focus on smart grid communications research.
A Layered Solution to Cybersecurity Dr. Erfan Ibrahim Cyber-Physical Systems Security & Resilience Center National Renewable Energy Laboratory.
Climate Change Policy in Victoria
BruinTech Vendor Meet & Greet December 3, 2015
Ken Watson 9 Sep 2003 Critical Infrastructure Assurance: Business Case for Public-Private Partnership Ken Watson 9 Sep 2003
Introduction to the Federal Defense Acquisition Regulation
Detection and Analysis of Threats to the Energy Sector (DATES)
The National Initiative for Cybersecurity Education (NICE)  AFCEA International Cyber Education, Research, and Training Symposium January 17, 2018 Bill.
CIPC Relationships & Roles
Role for Electric Sector in Critical Infrastructure Protection R&D
NERC Critical Infrastructure Protection Advisory Group (CIP AG)
CSSWG Status Report March 17-18, 2005 CIPC Meeting Long Beach, CA
Control Systems Security Working Group Report
Group Meeting Ming Hong Tsai Date :
CIPC Executive Committee Update
IT Management Services Infrastructure Services
MODULE 11: Creating a TSMO Program Plan
Presentation transcript:

NERC CIPC March 16, 2006 Roadmap to Secure Control Systems in the Energy Sector U.S. Department of Energy Office of Electricity Delivery and Energy Reliability Hank Kenchington CIPC Confidentiality: Public Release

SCOPE DOE multi-laboratory program jointly managed and executed by INL and SNL (other partners include PNL, ANL, NIST, other contractors) Key program areas: –Assess and mitigate SCADA system vulnerability –Support development of security standards –Develop and test advanced secure control systems technology –Conduct outreach and awareness OBJECTIVE Support industry and government efforts to enhance control systems cyber security across the energy infrastructure National SCADA Test Bed

Key Activities: 1.SCADA System Assessments - ABB, AREVA, GE, Siemens 2.Provided cyber security training to over 400 end-users 3.Evaluated use of COTS IT antivirus and firewall tools in control systems 4.Working closely with electricity sector, developed mitigation strategies for “top 10” vulnerabilities 5.Conducting performance testing and cryptographic analysis of AGA 12 6.Evaluated and cataloged existing SCADA Standards National SCADA Test Bed Results: 1.New “hardened” SCADA systems now being deployed 2.Software patches developed by vendors and supplied to end-users to better secure existing systems

Enhanced SCADA systems in market Enhanced SCADA systems are being deployed…TODAY Vendor “Public” Test Reports System Patches Asset Owners Enhanced SCADA/Control Systems Test Direction “Proprietary” Test Reports National SCADA Test Bed National SCADA Test Bed SCADA/ Control Systems

Lots of activities…but no coordination DHS S&T SBIR projects DHS NCSD Cyber Security Test Bed NIST Process Control Security Requirements Forum NIST Process Control Security Requirements Forum DHS Process Control Systems Forum NSF R&D projects DOE National SCADA Test Bed DOE Critical Infrastructure Test Range EPRI EIS projects AGA 12 Standard NERC Standards & Guidelines DHS I3P SCADA FERC projects DOD TSWG DOD TSWG

Roadmap Process Create Steering Group Conduct Roadmap Workshop Prepare Technology Roadmap Implement Roadmap Guide Roadmap Development Identify Needs and Priorities Integrate into Plans Initiate Projects and Partnerships Trends & Driver Challenges &Barriers Priorities Action Plans We Are Here!

Roadmap Steering Committee Asset Owners and Operators Tom Flowers - CenterPoint Energy (electricity) Linda Nappier – Ameren (electricity) Al Rivero – formerly w/Chevron (oil and gas) David Poczynek – Williams Co. (oil and gas) Tom Frobase – TEPPCO (oil and gas) Michael Assante – formerly w/AEP and IEIA Forum Industry Organizations Bill Rush – GTI Lisa Soda – API Kimberly Denbow – AGA Gary Gardner – AGA Tom Kropp - EPRI Government Doug Maughan – U.S. DHS Hank Kenchington – U.S. DOE David Darling – Natural Resources Canada Researchers (National Laboratories) Tommy Cabe – Sandia National Laboratories Jeff Dagle – Pacific Northwest National Laboratory Bob Hill – Idaho National Laboratory

Roadmap Scope Time Frames Near: 0-2 yrs. Mid: 2-5 yrs. Long: 5-10 yrs. Sectors - Electricity - Oil - Gas - Telecom (supporting) People Processes Technology Potential Solutions See:

Workshop Participants Led by energy sector owners and operators Includes representatives from electricity, oil, gas, telecom industries Engages a cross-section of stakeholders and experts Industry Organizations Commercial Suppliers Asset Owners and Operators Government & Labs Control Systems, 15 Business and Security, 10 Operations, 5 Target Participants

Roadmap Framework Vision In 10 years, control systems for critical applications will be designed, installed, operated, and maintained to survive an intentional cyber assault with no loss of critical function. Key Strategies 1.Measure and assess security posture 2.Develop and integrate protective measures 3.Detect intrusion and implement response strategies 4.Sustain security improvements

Develop and Integrate Protective Measures Develop and Integrate Protective Measures Detect Intrusion and Implement Response Strategies Detect Intrusion and Implement Response Strategies Sustain Security Improvements Sustain Security Improvements Measure and Assess Security Posture Measure and Assess Security Posture MilestonesMilestones Milestones Milestones Milestones ♦50% of asset owners and operators performing self- assessments of their control systems using consistent criteria (2008) ♦Secure connectivity between business systems and control systems within corporate network (2009) ♦Cyber incident response is part of emergency operating plans at 30% of control systems (2008) ♦Resolve major info protection and sharing issues between U.S. govt. and industry (2006) ♦Fully automated security state and common response of control system networks (2015) ♦Secure control system architectures produced with built- in, end-to-end security (2015) ♦Self-configuring control system network architectures are in production (2015) ♦Cyber security awareness, education, and outreach programs integrated into energy sector operations (2015) time

Next Steps Work with Sector Coordinating Councils to develop Roadmap Implementation Forum Use results to coordinate activities of government, academia, and private sector to align with roadmap Use roadmap to guide DOE control systems security program activities Government Researchers Industry Organizations Asset Owners & Operators Commercial Entities See:

END US Department of Energy Office of Electricity Delivery and Energy Reliability Hank Kenchington

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.