ELECTRICITY SECTOR CRITICAL INFRASTRUCTURE PROTECTION and ESISAC

1
ELECTRICITY SECTORCRITICAL INFRASTRUCTURE
PROTECTIONandESISAC

• Presentation to
• Waterpower XIII Conference
• 31 July 2003

2
Topics

• Electricity Sector
• NERC
• CIPAG
• ESISAC
• Communications
• Other Projects

3
The Electricity Sector
6 x10? C1
aGen bTrans cLSE dPSE eRC fCA gGov

3I
Interconnectedness, Interdependencies,
Reliability, Security Guidelines, Standards
Orgs NERC, ESISAC, Other ISACs, APPA, CEA,
EEI, ELCON, EPRI, EPSA, NEI, NAESB, NRECA
Agencies DOE, CIAO, DHS, DOD, FERC, NARUC
NRC, OCIPEP, RUS, USSS
4
Definitions and Description

• APPA American Public Power Association
• CEA Canadian Electricity Association
• CIAO Critical Infrastructure Assurance Office
• DOD Department of Defense
• DOE Department of Energy
• DHS Department of Homeland Security
• EEI Edison Electric Institute
• ELCON Electricity Consumers Resource Council
• EPRI Electric Power Research Institute
• EPSA Electric Power Supply Association
• ES Electricity Sector
• FERC Federal Energy Regulatory Commission
• IAIP Info Analysis, Infrastructure Protection
• ISAC Information Sharing and Analysis Center
• NAESB No. Amer. Energy Standards Board
• NARUC Natl Assoc Reg Utility Commissioners
• NEI Nuclear Energy Institute
• NERC North American Electric Reliability Cncl
• NIPC Natl Infrastructure Protection Center

• The equation
• Summed over millions of Customers
• Entity types that comprise the ES
• Divided by three Interconnections
• Eastern
• Western
• Texas
• Generation, Transmission, Load Serving Entities,
  Purchasing-Selling Entities, Reliability
  Coordinators, Control Areas, Regional
  Transmission Organizations, Independent System
  Operators, Regulators (Canada/US
  Federal/State/Provincial/Local)

5
(No Transcript)
6
CRITICAL INFRASTRUCTURE PROTECTION ADVISORY GROUP
Board of Trustees
NERC Stndg Cmtes MC, OC, PC
US CAN Gov
APPA
CIPAG Physical Security Cyber Security Operations
Policy Development Needs Peer Review
CEA  
EEI  
ESISAC Analysis Communications
NRECA
CIP Task Forces Processes and Practices Developmen
t
Professional Review Recommendations Practices
08 Jun 2003
7
ESISAC Communications
RA
BA
IA
TSP
TOw
TOp
DP
GEN
LSE
PA
PSE
ESISAC
DHS-IAIP
Law Enforce
Other ISACs
RA
BA
IA
TSP
TOw
TOp
DP
GEN
LSE
PA
PSE
Other Federal, State, Provincial Agencies
8
ESISAC Mission

• Receive electricity sector security data
• Analyze security data
• With DHS, other agencies, other ISACs
• Disseminate threat indications, .analyses,
  warnings with interpretations

9
http//www.esisac.com
10

• REPORT INCIDENTS TO
• LOCAL LAW ENFORCEMENT
• Establish and maintain relationship
• LOCAL FBI
• Establish and maintain relationship
• DHS-IAIP IAW Program
• InfraGard CIPIS nipc.watch_at_fbi.gov
• 202-323-3204,5,6
• 888-585-9078
• ESISAC
• CIPIS https//www.nerc.net/registration/
  esisac_at_nerc.com
• 609-452-8060 day
• 609-452-1422 anytime

11
Communication Types

• Incident data for analysis
• From Electricity Sector (ES) entities
• To DHS-IAIP, ESISAC, ES entities as determined by
  inputting entity
• Threat Alerts, Advisories, Warnings, other
  information
• From DHS-IAIP and ESISAC
• To ES entities
• Sector, Area, Type facility, Specific facility

12
Communications Mechanisms

• Critical Infrastructure Protection Information
  System (CIPIS)
• Email listservers
• Lists with pager and text cell phones included
• Hotline Reliability Coordinators on shift
• Conference calls
• Specific entity by telephone
• Voice message system (under development)
• Out of band communication (future)

13
CIPIS / RCIS
14
(No Transcript)
15
(No Transcript)
16
(No Transcript)
17
IAW Program Reporting Events

• Loss of Generation
• Loss HV Transmission
• Loss of Distribution (NS/EP)
• Loss of Distribution (EPS)
• Loss of Load Center
• Loss of Telecom for System operator
• Loss of Control
• Loss of or Degraded Market Functionality
• Anomalous Non-character System Behavior

• Announced Credible Threats
• Intelligence Gathering Physical Surveillance
• Intelligence Gathering and Operations Cyber
  Surveillance
• Intelligence Gathering Social Engineering
• Security Breaches Affecting IT
• Planting/Pre-Positioning Malicious Code

18
Threat Alert Levels
19
Security Guidelines

• Overview
• Communications
• Emergency Plans
• Employment Background Screen
• Physical Security
• Threat Response
• Physical
• Cyber
• Vulnerability/Risk Assessment
• Continuity of Business Process

• Cyber Access Control
• Cyber IT Firewalls
• Cyber Intrusion Detection
• Cyber Risk Management
• Protecting Sensitive Info
• Securing Remote Access Process Control Systems
• Incident Reporting
• Cyber Security STANDARD

20
Other ES Initiatives

• Public Key Infrastructure
• Process Control Systems
• Spare Equipment Project
• Critical Infrastructure Interdependencies
• CIP Workshops

21
CIP Workshops Agendas

• Security Guidelines (14)
• Cyber Security Standard
• Vulnerability Assessment Methodologies
• Communications

22
Meeting The Security Challenge Workshops
TY