View
2
Download
0
Category
Preview:
Citation preview
CIPC Workplan Update
Marc A. Child, Great River Energy, CIPC ChairCritical Infrastructure Protection CommitteeJune 5-6, 2018
RELIABILITY | ACCOUNTABILITY2
Executive CommitteeRoss Johnson, Phys SME, Capital Power Marc Child, Chair, Great River Energy Andrea Koch, EEIBrenda Davis, Cyber SME, CPS Energy David Grubbs, Vice Chair, City of Garland (vacant) APPAChuck Abell, Ops SME, Ameren David Revill, Vice Chair, NRECA (vacant) EPSAJeff Fuller, Policy SME, AES Ken McIntyre, Secretary, NERC (vacant) IPC
Physical Security Subcommittee(Ross Johnson)
Cybersecurity Subcommittee(Brenda Davis)
Operating Security Subcommittee
(Chuck Abell)
Policy Subcommittee
(Jeff Fuller)
Physical SecurityWG (PSAG)
(Ross Johnson)
Control Systems Security WG(Mike Mertz)
(Carter Manucy)
Grid Exercise WG
(Tim Conway)
Security Metrics WG
(Larry Bugh)
Compliance Input WG(Paul Crist)
Physical Security Guidelines TF
(Darrell Klimitchek)
Security Training WG(David Godfrey)(Amelia Sawyer)
Supply Chain Working Group
(Mike Meason)
Planning Committee Joint Projects
Operating Committee Joint Projects
CIPC Organizational Chart
RELIABILITY | ACCOUNTABILITY3
# CIPC Deliverable (non-ongoing projects) EstimatedCompletion Date
1 Implications of Voice-over-IP and the CIP Standards Q1 2018
2 Develop CIPC Collaboration Site on NERC.com Q2 2018
3 CIP Implications of Shared Transmission Facilities Q2 2018
4 Key management security guideline Q2 2018
5 Vendor Essential Security Practices Model Q3 2018
6 Security implications of UAVs Q3 2018
7 Update CIPC Website on NERC.com Q3 2018
8 Implications of Cloud Services for CIP Assets Q4 2018
9 Assess the cyber security risk of Fuel Handling SCADA systems for Generation Q1 2019
10 Address Remote Access Security Findings #1-#18 Q3 2019
11 Identification and Reduction of Cyber and Physical Security Risks Q4 2019
12 Legacy system testing coordination with National Labs Q4 2019
13 Annual Security Assessment of the BES Q4 2019
Timeline of Activities
RELIABILITY | ACCOUNTABILITY4
• Budget NERC budget / E-ISAC budget – little discussion or debate NERC down 5 FTE’s – E-ISAC hiring 3 FTE’s
• SERC-RF-WECC ‘CIP Themes & Lessons Learned’ Board of Trustees Compliance Committee briefing by Ken McIntyre ‘Disassociation’ (compliance vs security) ‘Organizational Silos’ CIPC may be asked to help with guidance
• E-ISAC briefing Status of long-term strategic plan Observation: Board members are very pleased with progress
Notes from the Board of Trustees (Board) Meeting
RELIABILITY | ACCOUNTABILITY5
• Commissioner LaFleur (Member Representatives Committee meeting) Large number of Federal Energy Regulatory Commission staff in
attendance Recognized new President & CEO Jim Robb NERC efforts on defining/measuring resiliency are job #1 Standards Efficiency Review is a very worthwhile exercise
• Commissioner Glick Concerned about pipeline security & security jurisdiction
• NERC CEO Jim Robb Security is the ‘number one’ personal area of focus, as well as supporting
the E-ISAC
Notes from the Board of Trustees (Board) Meeting
RELIABILITY | ACCOUNTABILITY6
Roster changes and opportunities
RELIABILITY | ACCOUNTABILITY7
Legislative Update
Kaitlin Brennan, Manager – Cyber and Infrastructure Security, EEICritical Infrastructure Protection Committee Meeting June 5-6, 2018
RELIABILITY | ACCOUNTABILITY2
• H.R. 5174 Energy Emergency Leadership Act • H.R. 5239 The “CyberSense” Act• H.R. 5240 Enhancing Grid Security through Public-Private Partnerships Act• H.R. 5175 Pipeline and LNG Facility Cybersecurity Act• S. 79 Securing Energy Infrastructure Act • S. 2392 Cyber SAFETY Act of 2018• Other possibilities: Expanding background investigations of critical utility personnel S. 1460 - The Energy and Natural Resources Act H.R. 4036 - Active Cyber Defense Certainty Act S. 536 - Cybersecurity Disclosure Act of 2017 Data breach legislation
Legislative Update
RELIABILITY | ACCOUNTABILITY3
Electricity Subsector Coordinating Council Update
Kaitlin Brennan, Manager – Cyber and Infrastructure Security, EEICritical Infrastructure Protection Committee MeetingJune 5-6, 2018
RELIABILITY | ACCOUNTABILITY2
•2018 Schedule: May 7, in Washington, DC July 11-12, at Idaho National Laboratories October 9-10 in the Washington, DC / Baltimore, MD area
•Puerto Rico Response•ESCC-Government Engagement•Research & Development Strategic Committee•Cross-Sector Coordination
ESCC Update
RELIABILITY | ACCOUNTABILITY3
CIPC RISC Update
Marc A. Child, Great River Energy, CIPC ChairCritical Infrastructure Protection CommitteeJune 5-6,
RELIABILITY | ACCOUNTABILITY2
Executive CommitteeRoss Johnson, Phys SME, Capital Power Marc Child, Chair, Great River Energy Andrea Koch, EEIBrenda Davis, Cyber SME, CPS Energy David Grubbs, Vice Chair, City of Garland (vacant) APPAChuck Abell, Ops SME, Ameren David Revill, Vice Chair, NRECA (vacant) EPSAJeff Fuller, Policy SME, AES Ken McIntyre, Secretary, NERC (vacant) IPC
Physical Security Subcommittee(Ross Johnson)
Cybersecurity Subcommittee(Brenda Davis)
Operating Security Subcommittee
(Chuck Abell)
Policy Subcommittee
(Jeff Fuller)
Physical SecurityWG (PSAG)
(Ross Johnson)
Control Systems Security WG(Mike Mertz)
(Carter Manucy)
Grid Exercise WG
(Tim Conway)
Security Metrics WG
(Larry Bugh)
Compliance Input WG(Paul Crist)
Physical Security Guidelines TF
(Darrell Klimitchek)
Security Training WG(David Godfrey)(Amelia Sawyer)
Supply Chain Working Group
(Mike Meason)
Planning Committee Joint Projects
Operating Committee Joint Projects
CIPC Organizational Chart
RELIABILITY | ACCOUNTABILITY3
•Resiliency Primary area of focus Framework nearing completion CIPC added ‘detect’ to the definition of Resourcefulness
•CIPC Representation Chuck Abell will provide updates on future actions/activities
Reliability Issues Steering Committee
RELIABILITY | ACCOUNTABILITY4
Supply Chain Activities
Howard Gugel, Senior Director of Standards and Education, NERCCritical Infrastructure Protection Committee MeetingJune 5-6, 2018
RELIABILITY | ACCOUNTABILITY2
• Support effective and efficient implementation (e.g. CIP V5 transition)
• Supply chain risk study• Communicate supply chain risks to industry • Forum and Association white papers• Plan to evaluate effectiveness of supply chain standards
Board Resolution
RELIABILITY | ACCOUNTABILITY3
• NERC created a supply chain standard webpage• Critical Infrastructure Protection Committee (CIPC) to establish
advisory task force Advise on activities to support standard implementation Develop schedule for webinars, workshops, and technical conferences in
coordination with NERC and the Regional Entities Document existing risks and develop security guidelines
• NERC and Regions to conduct small group advisory sessions• NERC and Regions to offer outreach and readiness evaluations
Effective and Efficient Implementation
RELIABILITY | ACCOUNTABILITY4
• NERC to use EPRI to conduct risk study Assessment of product/manufacturer types used on the BES Analysis & applicability to BES Cyber Assets Analysis of best practices and standards in other industries to mitigate
supply chain risks Analysis of generalized vendor practices and approaches used to mitigate
supply chain risks
• NERC to recruit industry experts and vendors to participate in supply chain risk study
• E-ISAC to engage Department of Energy and Department of Homeland Security to explore information sharing opportunities and future supply chain risk assessment activities
Supply chain risk study
RELIABILITY | ACCOUNTABILITY5
• NERC and E-ISAC to continue utilizing NERC Alerts to communicate supply chain risks
• E-ISAC included supply chain risk topic in GridEx IV• NERC to capture supply chain standard resources on webpage• NERC and Regions to include supply chain topic at planned
workshops and seminars in 2018 NERC to conduct additional webinars and technical conferences
• CIPC to develop supply chain security guidelines• NERC and CIPC to partner with National Laboratory group to
conduct current equipment supply chain risk evaluation
Communicate supply chain risks
RELIABILITY | ACCOUNTABILITY6
• Forums and Associations developing white papers First drafts completed Final review and publish Q3 2018
• NERC to post white papers on supply chain standard webpage• NERC, Forums and Associations to jointly present papers to
industry
Forums and Associations
RELIABILITY | ACCOUNTABILITY7
• NERC and Regions to develop effectiveness evaluation plan in Q4 2018 Evaluation plan dependent on FERC approval Plan to consider standard effective date and associated implementation
plan
• CIPC advisory task force to provide feedback to ERO Enterprise and industry on supply chain standard effectiveness
• NERC and Regions to continue small group advisory sessions throughout supply chain implementation to obtain feedback on outcomes and standard effectiveness
• ERO Enterprise auditor observations and feedback on standard effectiveness
Plan to evaluate standard effectiveness
RELIABILITY | ACCOUNTABILITY8
NATF UpdateNERC CIPC Meeting
June 5-6, 2018
Ken KeelsNATF Director, Practices and Initiatives
kkeels@natf.net; 704-945-1950
Open DistributionCopyright © 2018 North American Transmission Forum. Not for sale or commercial use. All rights reserved.
Community Confidentiality Candor Commitment
Topics
• Update on NATF Compliance Implementation Guidance• NATF Work on Supply Chain Cybersecurity Risk Management• NATF Member Security Practices Sharing and Development• NATF Member Security Practices Workshop
Open Distribution 2
Endorsed Compliance Implementation Guidance
• CIP-010-3, R1.6 (Software Integrity & Authenticity)• Cyber security supply chain risk management
• CIP-014-2, R4 Practices Document (Threat and Vulnerability Evaluations)
• CIP-014-2, R5 Practices Document (Physical Security Plans)
Open Distribution 3
Non-Endorsed Compliance Implementation Guidance
NATF projects teams working on revisions to these two guidance documents:
• CIP-010-2, R4 Implementation and Use of Transient Cyber Assets (TCA)
• CIP-005-6, R2.4 and R2.5 (Vendor Remote Access)• Cyber security supply chain risk management
Open Distribution 4
Supply chain risk management
Completed NATF Activities/Products• Compliance Implementation Guidance – available to public!
• CIP-010-3, R1.6 (Software Integrity & Authenticity) – ERO Endorsed• CIP-005-6, R2.4 and R2.5 (Vendor Remote Access) – Not Endorsed
Under Development NATF Activities/Products• White Paper – future public availability!
• Cyber Security Supply Chain Risk Management Guidance• Compliance Implementation Guidance – future public
availability!• CIP-013 (Reliance on Independent Assessments of Vendors)
Open Distribution
NATF Supply Chain Cyber Security Risk Management Approach
Procurement Specifications Vendor Requirements
Existing Equipment
Open Distribution
Supply Chain Cyber Security Risk Management Plan
• Recommends establishment of cross-functional team within company to develop and implement plan
• Describes approach for assessing risk• Identifies supply chain cyber security criteria, drawn from
existing security frameworks (e.g., NIST, SOC2, ISO)• Suggests defining process/responsibility within company to
approve “exceptions”
Open Distribution
Common Approach and Criteria
Open Distribution
Established Cyber Security Criteria and Frameworks
8
Cyber Security Criteria for BES Entities
Open Distribution
Draft NATF Paper
Partner Sharing
NERC Sharing
Fine Tune/Finalize Documents and
Additional Socialization
Industry Publication
Circulate draft with EEI, APPA, NRECA, ISO/RTO, NAGF, EPRI, NERC, NERC CIPC, UTC
NERC BOT –Overview/Update
NATF board approval for open distribution
Feb/Mar
Apr
May
June/July
August
NERC BOT –Whitepaper Presentation
Further industry collaboration
Public Posting
NATF Timeline
FUTURE:Additional practices; white papers; industry alignment on approach and criteria
NATF Member Security Practices Sharing and Development
• Future Practice:• Managing data and applications in a “cloud” environment
• Topic Specific Webinars:• Cyber Kill Chain• Defense in Depth
• Focus Groups:• Emerging Issues White Papers Working Group
• Creating a Security Benchmarking Program• Phishing - How not to get caught by the Social Engineering Fisherman
• Configuration Management Users Group (New)• Tools Working Group
Open Distribution 10
NATF Member Security Practices WorkshopCyber Security Break Out Focus• Audit experience - CIP-007 patching • Patch evaluation • Tracking security patch mitigation
plans • Tools for automated patching • Security patch authenticity • How to build an effective and
efficient patch management program
Open Distribution 11
Physical Security Break Out Focus• Physical Security Maturity Model • Social Engineering & Investigative
Stories • Red Teaming / Penetration Testing • Situation Awareness / Security
Analysis • Crisis Communications• Low Impact Physical Security • Incident Command
Questions?
Open Distribution 12
Technical Rationale
Howard Gugel, Senior Director of Standards and EducationCIPC MeetingJune 5-6, 2018
RELIABILITY | ACCOUNTABILITY2
• Reliability Standards template has included Guidelines and Technical Basis (GTB) section
Provides SDT mechanism to: (i) explain technical basis for Standard/Requirements; and
Provides technical guidance to apply Standard
• May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards and develop policy for the purpose, development, use and maintenance of guidance
• Team identified two purposes for guidance:
Assist registered entities w/ implementing standards; and
To provide direction to ERO Enterprise CMEP staff
• Team Established principles for developing guidance and recommended
Implementation Guidance (IG)
CMEP Practice Guides
“One-stop shop” on website for guidance info on a Standard
Background
RELIABILITY | ACCOUNTABILITY3
Principles for Developing Guidance:
• Guidance documents cannot change scope or purpose of Standard
• Contents not only way to comply
• Compliance expectations made clear through Standards development process, minimizing the need for guidance after final approval of standard
• Forms of guidance should not conflict
• Guidance developed collaboratively and posted on NERC website
• Finite/limited set of guidance tools; Well understood; Organized to facilitate use and implementation
• All guidance related to same standard coordinated and collected in one location
BOT Compliance Guidance Policy – Nov. 2015
RELIABILITY | ACCOUNTABILITY4
• Standards template currently has GTB section to: Explain technical basis for Standard/ Requirements; and Provide technical guidance to help support effective application of Standard
• In response to BOT Compliance Guidance Policy, NERC Standards personnel and SC leadership drafted Technical Rationale for Reliability Standards document Goal: clarify difference between IG and Technical Rationale Presented to SC in June 2017
What about Guidelines & Technical Basis?
RELIABILITY | ACCOUNTABILITY5
• June 2017 – SC endorsed Technical Rationale for Reliability Standards document
Standards template no longer will include GTB section
Existing GTB replaced by Technical Rationale or Implementation Guidance (IG) (as appropriate)
Technical Rationale should:
o Create a separate document clearly marked Technical Rationale for Reliability Standard XXX-XXX-X;
o Provide stakeholders & ERO Enterprise an understanding of technical Requirements
o Avoid compliance approach(es) to implement a Reliability Standard
• SC created and charged Technical Rationale Advisory Group (TRAG) w/ developing an plan to implement Technical Rationale for Reliability Standards
Background: Technical Rationale Documents
RELIABILITY | ACCOUNTABILITY6
• TRAG members Chris Gowder – FMPA, Sean Bodkin – Dominion Energy, Andrew Gallo – Austin Energy, Howard Gugel
– NERC, Chris Larson – NERC, Steve Noess – NERC, Nasheema Santos – NERC, Shamai Elstein - NERC
• Conducted meetings to address questions & issues• Primary Goals & Considerations
o Communication with stakeholders on reasons for projecto Effective & efficient transition to Technical Rationaleo Identification of compliance approaches for evaluation as Implementation Guidance (IG)o Transparencyo Stakeholder involvement
TRAG Work
RELIABILITY | ACCOUNTABILITY7
Frequently Asked Questions on Technical Rationale Project Page• Examples of FAQs: Why do we need to change the current approach? What are some of the benefits of this project? What are some considerations or risks associated with this project? How will you ensure Registered Entities know a Technical Rationale document is associated with a
particular Standard? How will you ensure Technical Rationale documents get updated as needed when a Standard is
revised? Will Registered Entities be able to provide input on Technical Rationale documents? Will new Technical Rationale content or future changes be balloted?
Frequently Asked Questions
RELIABILITY | ACCOUNTABILITY8
• Additional examples of FAQs: Will the information contained in the Technical Rationale document be available during the
development of the associated standard? What consideration or weight will be afforded to the Technical Rationale documents during
monitoring and enforcement activities? How are Technical Rationale and Implementation Guidance related to SPM Section 11 documents, if
at all? Can you clarify the difference between “SAR technical rationale” and Reliability Standard Technical
Rationale? How will GTB that is considered neither Technical Rationale nor Implementation Guidance be
handled? Is there a third option such as submitting a SAR?
Frequently Asked Questions
RELIABILITY | ACCOUNTABILITY9
• Guidelines and Technical Basis: A tool for a SDT to provide technical information or explain development
Rationales developed to explain SDT basis for Requirements
Created during the standards development process
• Technical Rationale: Provide SDT a way to explain technical rationale/justification for Standard and provide other relevant technical info
Not compliance approaches; Not endorsed/approved by ERO; Not mandatory/enforceable
• (Compliance) Implementation Guidance: Provide stakeholders a tool to provide compliance approaches
Developed and vetted by industry
Endorsed by ERO Enterprise; CMEP staff gives deference to approved IG approaches
Only an example for achieving compliance; Not the only approach to implementing Standard
Entities may choose alternative approaches
Technical Rationale Terms
RELIABILITY | ACCOUNTABILITY10
Track 1: GTB w/ no: (1) modification of technical info or (2) compliance examples/approaches
Step 1: Identify Standards (not under current SAR) w/ GTB or other info considered technical rationale
Step 2: Form GTB Review Teams (RT)
• RTs identify GTB w/ only technical guidance/rationale and no compliance examples
• RTs divided by:
o CIP
o Ops/Data Exchange – BAL, INT, IRO, TOP
o Personnel/Emergency Planning – COM, EOP, PER
o Modeling/Long-term Planning – FAC, MOD, NUC, TPL
o System Performance – PRC, VAR
• SC solicits nominations and appoints RTs
GTB w/ No Compliance Examples/Approaches
RELIABILITY | ACCOUNTABILITY11
Track 1: (continued)
Step 3: RT ensures GTB has no compliance examples/approaches and no technical modification needed
Else goes to Track 2
Step 4: GTB language removed/moved verbatim to TR named “Technical Rationale for Reliability Standard XXX-XXX-X” per following process:
• TR posted for comment/non-binding poll to confirm suitable for TR as is
• All comment forms ask: “Are you aware of any reason GTB should not transition to TR document?”
• If passes non-binding poll (using criteria from Sec. 4 of SPM), SC endorses TR
If comments indicate GTB should go to Track 2, SC may seek input from Technical Committee(s) or other resources re: whether to endorse TR
GTB w/ No Compliance Examples/Approaches
RELIABILITY | ACCOUNTABILITY12
Track 1: (continued)
Step 4 (cont’d)
• If SC endorses TR:
Posted to NERC website on “Related Information” page for Standard
Link TR to one-stop shop
BOT and FERC approval not required
• If SC does not endorse TR, SC decides whether to address comments and re-post or send to Track 2
• If TR fails non-binding poll, goes to Track 2
GTB w/ No Compliance Examples/Approaches
RELIABILITY | ACCOUNTABILITY13
Track 2: Three Scenarios1. GTB not eligible for Track 1; 2. TR fails non-binding poll; or3. TR not endorsed by SC• If any above, change goes through Standards Development Process• Info in GTB will transition to TR or IG (where appropriate) next time Standard goes
through standards development project or Periodic Review
Transition to TR through Development
RELIABILITY | ACCOUNTABILITY14
• SDT may develop TR w/ Standard per SPM•Existing TR revised only when associated Standard under review/revisionHelps ensure version numbers match
•Because TR stands separate from Standard, it will continue to contain technical info developed w/ previous versions and still accurate/relevant (per SDT)
•During development, NERC staff will post proposed TR on project page w/ Standard
• Following approval of Standard, TR posted to NERC website on “Related Information” page + link to TR in one-stop-shop
Future TR Development
RELIABILITY | ACCOUNTABILITY15
Next steps
• Webinar recording made available• GTB Review Team Nominations in progress• GTB Review Team(s) formed
RELIABILITY | ACCOUNTABILITY16
• Technical Rationale Project Page Technical Rational Transition Plan GTB Review Team Nominations Frequently Asked Questions Technical Rationale for Reliability Standards, June 14 SC Meeting, agenda item 12
• BOT Compliance Guidance Policy, November 5, 2015• Implementation Guidance Website• Questions? Al.McMeekin@nerc.net
Resources
RELIABILITY | ACCOUNTABILITY17
Security Training Working Group
June 2018New Orleans, LA
2 RELIABILITY | ACCOUNTABILITY
Security Training WG
1. CharterCIPC will provide meeting attendees with an opportunity to participate in physical, cyber, and operational security training, as well as, educational outreach opportunities.
2. Current MembersTim Conway, Tom Hofstetter, Ross Johnson, Carl Herron, Jake Schmitter, Bill Lawrence, John Gasstrom, Michele Wright, Amelia S. Anderson and David Godfrey.
3 RELIABILITY | ACCOUNTABILITY
Security Training WG
3. Latest Activitiesa. Continue to have monthly conference calls.
4. June 2018 Training Reviewa. June 2018 – Supply Chain Security - What are suppliers doing address the
issue/standards, and what do suppliers expect from Asset Owners when the standards are in effect?
Speakers: Mike Meason – WFEC, Supply Chain WG (Chair) Jim Waters – Black and Veatch Dennis Gammel - Schweitzer Engineering Laboratories Brenda Truhe – PPL, North American Transmission Forum
4 RELIABILITY | ACCOUNTABILITY
Security Training WG
4. June 2018 Training Review – (continued)
Panel Discussion: Jim Waters - Black and Veatch Dennis Gammel - Schweitzer Engineering Laboratories Brenda Truhe – PPL (represting NATF) Paul Ackerman - Exelon Corporation (representing EEI) Lonnie Ratliff – NERC (Small Group Advisory Session) Mike Meason from Western Farmers Electric Cooperative, SCWG Chair (Moderator)
5 RELIABILITY | ACCOUNTABILITY
Security Training WG
5. 2018 Training Schedulea. September 2018 – Supply Chain Security (Part – 2) or Transient Cyber Asset(s) -
(Panel Discussion)
6. Next Stepsa. The SWTG is looking for training topic recommendations for 2019 CIPC Meetings,
please contact a STWG Member with your ideas.b. We continue to seek and secure volunteer speakers.
7. CIPC Actionsa. Questions and/or suggestions for today’s discussion
Supply Chain WG Update
Michael Meason, Western Farmers Electric CooperativeCritical Infrastructure Protection Committee Meeting June 5-6, 2018
RELIABILITY | ACCOUNTABILITY2
CIPC Organizational Chart
RELIABILITY | ACCOUNTABILITY3
• High Level Objectives Identify known supply chain risks and address through guidance and input Partner with National Labs to identify vulnerabilities in legacy systems and
develop mitigation strategies Assist where possible with the E-ISAC and DOE, to explore information
sharing and supply chain risk assessments Provide input and feedback associated with development and execution of
supply chain risk study Coordinate with NATF to ensure requirements are clearly articulated
Supply Chain Working Group
RELIABILITY | ACCOUNTABILITY4
• Work Items Work item #1: Inclusion into the CIPC Strategic Plano Possible start June 2018
Work item #2: Conference Calls and Face-to-Face Meetingo First conference call May 14, 2018o Seeking time slot at next CIPC
Work item #3: Trainingo First training hosted by STWG prior to today’s meetingo Perhaps a second round of training
Supply Chain Working Group
RELIABILITY | ACCOUNTABILITY5
• Work Items II Work item #4: NATF Collaborationo Coordinated a conference call with NATF to discuss their guidance document
April 2018 Work item #5: Open letter to vendorso Possible start June 2018
Work item #6: Develop a process for requestso Possible start August 2018
Supply Chain Workgroup
RELIABILITY | ACCOUNTABILITY6
• Look Forward Todayo Approve charter
Next 30 dayso Begin drafting open letter to supplierso Integration into CIPC strategic plano Conference calls
Next 90 dayso Support NATF guidanceo More training (if needed)o Develop a process for requests
Supply Chain Working Group
RELIABILITY | ACCOUNTABILITY7
Physical Security Advisory Group“Skating to where the puck is going – Wayne Gretzsky
John Breckinridge, KCPL, PSAG ChairCritical Information Protection Committee Meeting June 5-6, 2018
RELIABILITY | ACCOUNTABILITY2
PSAG - Mission
• From the charter; The PSAG will assist the E-ISAC on the analysis of physical security threats.
The industry will benefit from advice on operational plans, policy and procedure, evolving and “state of the art” security technology, training, incident response and management. Provide seasoned expertise to advise the industry on threat mitigation strategies to enhance bulk power system (BPS) physical security and reliability.
RELIABILITY | ACCOUNTABILITY3
PSAG - Objectives
• Advise the E-ISAC, CIPC and industry on physical security incidents with the potential of impacting the security and reliability of the Bulk Power System of North America
• Advise the E-ISAC on a physical security portal build out and suggest information content to share timely threat or suspicious incidents to enhance information sharing within the industry;
• Assist the Department of Energy (DOE) in development of the Physical Security Capability Maturity Model (PSCM2);
• Advise the CIPC Executive Committee and CIPC Physical Security Subcommittee with advice on initiatives, projects and on physical security guidelines, roundtable topics and training needed by the industry;
• Liaison with physical security technology providers and government to enhance their understanding of evolving and “state of art” technologies;
• Create and publish whitepapers and opinions through the E-ISAC to the Electricity Sub-sector, as needed, related to physical security programs, incident response, technology reviews, training and periodic exercises and/or testing;
• Volunteer physical security expertise to liaise, advise and coordinate with the industry to conduct, upon request, on-site peer to peer confidential reviews and provide feedback on observations for improving security at the entity.
RELIABILITY | ACCOUNTABILITY4
PSAG - Members and Structure
• The PSAG will report to the E-ISAC Director, E-ISAC Operations and will be the executive sponsor. The staff support will be delegated to the Manager of Physical Security Members of the PSAG will be selected by the E-ISAC and are recognized
expertise from the following:Subject matter experts in physical security operationsSubject matter experts in physical security technologySubject matter experts in security training, drills and testingSubject matter experts in security programs and developmentSubject matter experts in vulnerability assessmentSubject matter experts in threat assessmentSubject matter experts in intelligence gatheringNERC staff
RELIABILITY | ACCOUNTABILITY5
PSAG - Activities
• Past activities/products: Design Basis Threat (DBT) and DBT Implementation Guide Transmission Line Corridor security issues White Paper Insider Threat template Drone threat/mitigation research and concepts Security Management in the Electricity Sector guideline SERC Physical Security Professional (PSP) Prep Course
• Current/Future activities/products: Eco-terrorism/Protests workshop and products Threat intelligence/open source media scraping tools analysis Mass Notification tools analysis
• And we will continue to……
RELIABILITY | ACCOUNTABILITY6
PSAG
• Liaison with other Physical Security groups-Government Partners, Law Enforcement, Other Critical Infrastructure, Industry Organizations, Trade Organizations, etc.
• Produce White Papers re; PS Issues, P&P, Methods, Technologies, that can lead to…….
• Quick, simple Guidelines• Continue to work with the E-ISAC and CIPC.
RELIABILITY | ACCOUNTABILITY7
• Test Testo Test
– Test
RELIABILITY | ACCOUNTABILITY8
RELIABILITY | ACCOUNTABILITY9
RELIABILITY | ACCOUNTABILITY10
Recommended