Presentation is loading. Please wait.

Presentation is loading. Please wait.

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

Published byVanessa Gordon Modified over 9 years ago

Similar presentations

Presentation on theme: "K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss"— Presentation transcript:

1 K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss jweiss@kemaconsulting.com (408) 253-7934 KEMA, Inc. jweiss@kemaconsulting.com

2 K E M A, I N C. 2 Control System Cyber Security Summary n Cyber security threats are real n Cyber security is not just a regulatory or national infrastructure issue; it makes good business sense n Technology will continue to evolve to meet demands for productivity and reliability improvements n Security requirements need to keep pace with technology advancements n There are workable near-term solutions n We need to work toward  Addressing the gap between IT and operations  Long-term technology changes

3 K E M A, I N C. 3 Current Status n Government/Industry  NERC/FERC  Presidential decision directive- HSPD-7  DHS/DOE  National Strategy to Secure Cyberspace  Industry/standards organizations n Solution  Conduct vulnerability and risk assessments  Develop recovery plans  Address IT/Operations gap  Provide training programs

4 K E M A, I N C. 4 Where is the Industry n All over the map n Little information sharing, however…. everyone wants to know where everyone else is n Whatever you do will set a precedent

5 K E M A, I N C. 5 What does the Final Blackout Report Say n Recommendation 32 – Implement NERC IT Standards n Recommendation 33 – Develop and deploy IT management procedures n Recommendation 34 – Develop corporate level IT security governance and strategies n Recommendation 35 – Implement controls to manage system health, network monitoring, and incident management

6 K E M A, I N C. 6 Blackout Recommendations (Continued) n Recommendation 36 – Initiate a US-Canada risk management study n Recommendation 37 – Improve IT forensic and diagnostic capabilities n Recommendation 38 – Assess IT risk and vulnerability at scheduled intervals n Recommendation 39 – Develop capability to detect wireless and remote wireline intrusion and surveillance

7 K E M A, I N C. 7 Blackout Recommendations (Continued) n Recommendation 40 – Control access to operationally sensitive equipment n Recommendation 41 – NERC should provide guidance on employee background checks n Recommendation 42 – Confirm NERC ES-ISAC as the central point for sharing security information and analysis n Recommendation 43 – Establish clear authority for physical and cyber security

8 K E M A, I N C. 8 Blackout Recommendations (Continued) n Recommendation 44 – Develop procedures to prevent or mitigate inappropriate disclosure of information

9 K E M A, I N C. 9 Blackout Recommendations NOT Addressed by NERC Standard 1200

10 K E M A, I N C. 10 Blackout Recommendations n Recommendation 33 – Places on obligation on vendors n Recommendation 36 – Not addressed (US- Canadian Task Force) n Recommendation 37 – Emphasis on forensics n Recommendation 38 – Requires periodic risk and vulnerability assessments n Recommendation 39 – Wireless not addressed

11 K E M A, I N C. 11 NERC Cyber Security Standards

12 K E M A, I N C. 12 NERC Cyber Security Standard-1200 n Purpose : To reduce risks to the reliability of the bulk electric systems from any compromise of critical cyber assets Standard is meant to address operational systems, not IT n Applicability: These standards apply to control areas, transmission owners and operators, and generation owners and operators n Scope : Control Centers n Implementation Schedule: –Substantial by First Quarter-04 –Complete by First Quarter-05

13 K E M A, I N C. 13 Scope n 1201 Cyber Security Policy n 1202 Critical Cyber Assets n 1203 Electronic Security Perimeter n 1204 Electronic Access Controls n 1205 Physical Security Perimeter n 1206 Physical Access Controls n 1207 Personnel n 1208 Monitoring Physical Access n 1209 Monitoring Electronic Access n 1210 Information Protection n 1211 Training n 1212 Systems Management n 1213 Test Procedures n 1214 Electronic Incident Response Actions n 1215 Physical Incident Response Actions n 1216 Recovery Plans

14 K E M A, I N C. 14 Identified Needs n Cyber security policy for control systems and senior management responsibility (1201)  Security policies for SCADA/control systems do not exist n Define appropriate critical cyber security assets (1202)  See previous slides on “Issues to Consider” n Define cyber security perimeter (1203)  See previous slides on “Issues to Consider” n Methodology for identifying and controlling remote access points (1204)  Generic methodology in development n Identify physical security perimeter for cyber assets (1205)

15 K E M A, I N C. 15 Identified Needs n Identify physical access controls for SCADA systems (1206) n Screening for personnel with access to critical cyber assets (1207) n Methodology for monitoring physical access for cyber assets (1208) n Methodology for monitoring electronic access (1209)  May need development of logging n Information protection program for security (1210)  SCADA/control system configuration management n Security training program (1211)  Address SCADA/control system specific issues not covered by IT

16 K E M A, I N C. 16 Identified Needs n Management policies and identification of capabilities needed to be developed (1212)  Password management (special considerations for SCADA/control systems)  Authorization and periodic review of access rights  Disabling of unauthorized, invalidated, expired, or unused access rights  Disabling of unused services and ports (other considerations needed for SCADA/control systems)  Secure dial-up modem connections (procedures needed)  Firewall management (may not exist in substations, power plants)

17 K E M A, I N C. 17 Identified Needs (1212 continued) n Management policies and identification of capabilities needed to be developed (continued)  Intrusion detection processes (may not exist in substations, power plants)  Security patch management (may not exist for SCADA/control systems)  Anti-virus software (could impact control system performance)  Retention and review of operator logs, application logs, and intrusion detection logs (may not exist for SCADA/control systems)  Identification of vulnerabilities and responses (may be difficult for SCADA/control systems)

18 K E M A, I N C. 18 Identified Needs n Security test procedures (1213)  Not developed for SCADA/control systems n Methodology for identifying and performing incident response on electronic intrusions (1214)  Methodology for identifying control system incidents n Incident response for physical intrusions to a cyber asset (1215) n Recovery plans (1216)  Cyber significantly changes business continuity/recovery plans

19 K E M A, I N C. 19 Expected Gaps n Control system cyber security policies n Cyber security test procedures n Control system cyber security training program n Configuration management program and policies for cyber security assets n Methodology for control system cyber incident response n Cyber impacts on business continuity planning/recovery plans

20 K E M A, I N C. 20 Final Standard -1300 n Expected to include power plant control systems and substation equipment n Expected to be risk-based n Expected to have audits with penalties n Needs to be available by 2005 since 1200 cannot be extended

21 K E M A, I N C. Thank You Joe Weiss (408) 832-5396 - mobile jweiss@kemaconsulting.com

Download ppt "K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss"

Similar presentations

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.

NERC Cyber Security Standards Pre-Ballot Review. Background Presidents Commission on Critical Infrastructure Protection PDD-63 SMD NOPR NERC Urgent Action.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.

NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst.

Cyber Security 2005 ERCOT COMPLIANCE ROLLOUT Lane Robinson Reliability Analyst.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Project 2008-06 Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.

Project Cyber Security Order 706 January 10, 2012 Most of the material presented has been compiled from NERC webinars and drafting team meetings.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Critical Infrastructure Protection Updates (CIP Compliance)

Critical Infrastructure Protection Updates (CIP Compliance)
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Computer Security: Principles and Practice

Computer Security: Principles and Practice

Similar presentations

Ads by Google