Role for Electric Sector in Critical Infrastructure Protection R&D Presented to NERC CIPC Washington D.C. June 9, 2005 Bill Muston Public Release.

Slides:



Advertisements
Similar presentations
Smart Grid: an Ontario Perspective Brian Hewson, Senior Manager Regulatory Policy Hamilton May 8, 2013.
Advertisements

Museum Presentation Intermuseum Conservation Association.
Protective Security Advisors Securing the Nations critical infrastructure one community at a time.
NERC Critical Infrastructure Protection Advisory Group (CIP AG) Electric Industry Initiatives Reducing Vulnerability To Terrorism.
Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.
Connecticut Emergency Management and Response
“Measuring Water Security Progress” 2008 Water Policy Conference AMWA Security Committee March 3, 2008 By Billy Turner, President, Columbus Water Works.
National Infrastructure Protection Plan
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
DHS, National Cyber Security Division Overview
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Continuity of Business Overview Adapted from the FAD PReP/NAHEMS Guidelines: Continuity of Business (2013)
James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
Session 5Slide 5-1 Risk Management In the Private Sector Session 5 Slide Deck.
Food and Agriculture Sector Coordinating Councils John L. Williams, DVM U.S. Department of Agriculture AFDO Annual Conference Kansas City, MO June 7, 2005.
SafeZone® patent pending 1 Detect. Inform. Prevent. NERC Physical Security Standards and Guidelines SafeZone® Detect. Inform. Prevent.
Maintaining Essential Business and Community Services During a Pandemic Paul R. Patrick, Director Bureau of Emergency Medical Services Utah Department.
ELECTRICAL CRITICAL INFRASTRUCTURE SECURITY Charles Hookham, P.E., M.ASCE, VP, Utility Projects HDR Engineering 1.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
CIPC Executive Comittee Update CIPC Conference Call September 16, 2004 Stuart Brindley CIPC Chair CIPC Confidentiality - Public.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Seán Paul McGurk National Cybersecurity and Communications
Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation - ERO Perspective David R. Nevius and Michael J. Assante 2009 NRC Regulatory.
1 Energy Assurance Guidelines for States Miles Keogh, NARUC David Terry, Stateline Energy April 2007.
CIPC Executive Committee Update CIPC Meeting Denver CO September 29, 2005 Stuart Brindley CIPC Chair Public Release.
Division of Emergency Management & Homeland Security Department of Emergency Services & Public Protection June 25, 2013 Connecticut All-Hazards Response.
Planning for Resiliency. Primary Reference Emergency Management Principles and Practices for Healthcare Systems, The Institute for Crisis, Disaster and.
CIP Program Highlights Member Representatives Committee October 28, 2008 Michael Assante, CSO
Critical Infrastructure Protection Overview Building a safer, more secure, more resilient America The National Infrastructure Protection Plan, released.
Critical Infrastructure Protection: Program Overview
Information Sharing Challenges, Trends and Opportunities
1 Crisis Management / Emergency Management Overview.
Critical Infrastructure Protection Critical Infrastructure Protection Private Sector Programs April 7, 2005 Rod Nydam, JD, GMU Law School Private Sector.
Sandra C Security Advisor Energy Dan B Security Advisor Water
Presenter’s Name June 17, 2003 Nationwide Perspective: Building a Nationwide Network for Public Safety Dusty Rhoads Office of Emergency Communications.
Status Report for Critical Infrastructure Protection Advisory Group
WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.
CI/KR Public-Private Partnerships Overview March 2010 Prepared By: Thomas DiNanno International Assessment and Strategy Center.
Unclassified  1 Critical Infrastructure Protection Chuck Whitley EMS User’s Group June 9, 1999.
NFPA 1600 Disaster/Emergency Management and Business Continuity Programs.
International Recovery Forum 2014 ~ The Role of Private Sector in Disaster Recovery ~ 21 January 2014 Kobe, Japan Dr Janet L. Asherson THE LINK BETWEEN.
NERC and ESISAC Electricity Sector Information Sharing and Analysis Center Update March 2006 CIPC Confidentiality: Public Release.
November 2, 2006 LESSONS FROM CIPAG 1 Lessons from Critical Infrastructure Group Bill Bojorquez November 2, 2006.
What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.
Business Crisis and Continuity Management (BCCM) Class Session
1 Thoughts on ERCOT-Wide Critical Infrastructure Protection Committee Bill Muston October 31, 2006.
1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.
Fiscal Year 2007 Urban Area Security Initiative Nonprofit Security Grant Program Investment Justification Questions, Criteria, and Prioritization Methodology.
CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.
Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.
Financial Services Sector Coordinating Council (FSSCC) 2011 KEY FSSCC INITIATIVES 2011 Key FSSCC Initiatives Project Name: Project Description: All-Hazards.
National Emergency Communications Plan Update National Association of Regulatory Utility Commissioners Winter Committee Meeting February 16, 2015 Ron Hewitt.
Business Continuity Planning 101
March 23, 2015 Missouri Public Service Commission | Jefferson City, MO.
Agenda Control systems defined
and Security Management: ISO 28000
California Cybersecurity Integration Center (Cal-CSIC)
About the NIS directive
CIPC Relationships & Roles
2017 Health care Preparedness and Response Draft Capabilities
Role for Electric Sector in Critical Infrastructure Protection R&D
NERC Critical Infrastructure Protection Advisory Group (CIP AG)
John M. Felker Director, NCCIC.
CIPC Executive Committee Update
CIPC Executive Committee Report-2
Unit 5- IS 800 Introduction to the National Response Framework
Presentation transcript:

Role for Electric Sector in Critical Infrastructure Protection R&D Presented to NERC CIPC Washington D.C. June 9, 2005 Bill Muston Public Release

Summary What is the role of R&D in the electric sector to assure its protection as a critical infrastructure? What is the role of the electric sector in defining R&D requirements, articulating those to the government, and in funding and conducting R&D itself? What would be a good organizational framework for sector-wide R&D coordination on CIP, and what role should CIPC fill?

Role of R&D to Support Critical Infrastructure Protection Technological needs of the electric sector that can help mitigate security risks can be identified R&D needs so identified should be prioritized, and programs should be developed to accomplish those needs where the risk is judged to be high R&D needs might consist of needs that are unique to the electric sector –eg. Recovery transformer R&D needs might also include opportunities to adapt technology from other sectors or co-develop applications with other sectors –eg. Low cost sensors & communications for intrusion detection

The Need for a Coordinating Role for R&D Present clear industry-consensus priorities to the U.S. Government regarding uses of federal funds for R&D related to Electric Sector CIP Clarify or establish our own role as an industry in funding R&D, advising the government, hosting demonstrations –Example: “Recovery transformer”, as conceived in EPRI ISI, may represent a major opportunity for our industry in terms of critical vulnerabilities. Federal funding could substantially advance the effort. DHS recently advised our sector that it could not fund this. Is this truly a high-risk matter? Does the recovery transformer need to proceed? Should it have federal funding, or should it be accomplished by industry alone? What is the next industry action? –Example: Cyber security of SCADA – recognized area of emerging importance for further development. But what specific R&D is important? What does our industry think are the roles of national labs, EPRI, private consultants, transmission owner/operators?

Role of CIPC & Electric Sector Coordinating Council The United States Government, through DHS, is asking the electric sector, as well as other critical infrastructures, to develop “Sector Coordinating Councils” One of the roles envisioned for these Councils is to “define the requirements for research and development” The NERC Critical Infrastructure Protection Committee’s Executive Committee plus Mike Gent, the head of NERC, will constitute the Electric Sector Coordinating Council. Interim NIPP

Sector Coordinating Councils Concept established by DHS in the Interim NIPP February 2005 To be established by the Private Sector, not government Provide the framework for CI owners & operators throughout a sector to -- –Facilitate inclusive organization & coordination of policy development, infrastructure- protection planning, and plan implementation activities within the sector –Identify and support the information-sharing mechanisms and capabilities (eg. ISACs) deemed most appropriate for the sector. Provide a focused means for each CI to engage DHS and the Sector-Specific Agencies and to collaborate with them. Interim NIPP

Sector Coordinating Councils -- Detailed Facilitate inclusive organization and coordination of the policy development, infrastructure-protection planning, and plan implementation activities within the sector. Such activities include –broad-based planning; –development of suggested practices and evolution of these practices over time to best-practice standards; –promulgation of programs and plans; and –development of requirements for effective information sharing, research and development, and cross-sector coordination. Identify and support the information-sharing mechanisms and capabilities (e.g., ISACs) deemed most appropriate for the sector –The core function of these information-sharing mechanisms and capabilities is to deliver alerts, warnings, and advisories to the sector and to share back with DHS and the SSAs information on both threats and incidents. Interim NIPP

Uses for a Set of “R&D Requirements” Provide guidance to Congress, DHS, DOE, and other governmental organizations regarding appropriate uses of federal funds for R&D for the electric sector Means to reach industry consensus on what our own industry should do Establish prioritized plans for collective action Transmission owner/operators ISOs & RTOs Reliability councils Distribution owner/operators Generation owner/operators R&D Organizations such as EPRI, CERTS, others Universities, vendors, consultants Utilize requirements to educate regulatory and legislative bodies –Costs & cost recovery

Process to Establish R&D Requirements NERC CIPC provides an overall focal point NERC CIPC provides a means for inclusive action Utilize committee & committee process With regional councils and owner/operators via CIPC membership Input from EPRI & other industry R&D entities Input from vendors & consultants

Stages of Security Actions The National Infrastructure Protection Plan and National Response Plan define 7 stages of the NIPP process: –Deterrence –Prevention –Protection –Preparedness –Manage Crisis and Respond –Recovery –Restoration R&D Requirements may span across all stages

Example of R&D Requirements Across Stages Substation: Intruder Damages HV-to-MV Transformer & SCADA Elements Deter: Design substation & perimeter to deter an intruder from even attempting Prevention: Detect an intrusion to allow timely response Protection: Design equipment to protect it from harm by an intruder, such as via a pipe bomb Preparedness: Standardized equipment design & spares Manage crisis & respond: Outage detected automatically. Problem identified automatically as being at the substation, not on feeders. Recovery: Feeders are switched to alternate sources to restore power to customers via remote control Restoration: Standardized equipment & processes are deployed to replace equipment and restore normal operation at this substation

Types of Risk to Consider is Establishing R&D Requirements Physical threats Cyber threats Personnel threats Potential results from risk –Financial Revenue loss, threat to financial stabilityt Regulatory/legislative impact if perceived lack of preparedness –Societal Risk: Power outage impacts Direct impacts on customers Direct impacts on other critical infrastructures –Eg. Telecom, water, law enforcement, banking Impacts to the economy, if outage either widespread or prolonged

Summary – Why CIPC? Why place a new R&D role on CIPC? –DHS request to Sector Coordinating Councils –Need & opportunity to provide sector input to DHS & DOE –Need for “industry” view, not just views of individual companies –CIPC as inclusive organization