![Page 1: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/1.jpg)
1
E-ISAC Update
Bill Lawrence, Director of your E-ISAC
WECC Compliance Workshop
Boise, ID
March 29, 2018
![Page 2: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/2.jpg)
2
CID to CIP
![Page 3: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/3.jpg)
3
• Mission and Vision / Structure
• Code of Conduct / Traffic Light Protocol
• Long-term Strategic Plan background
• Strategic plan framework
• Key activities
• Cyber and Physical incidents
• GridEx IV update
• GridSecCon 2018 update
• Contacts
Agenda
![Page 4: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/4.jpg)
4
Mission
The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing
unique insights, leadership, and collaboration
VisionTo be a world class, trusted source for the
quality analysis and rapid sharing of electricity industry security information
![Page 5: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/5.jpg)
5
E-ISAC Structure
![Page 6: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/6.jpg)
6
• Established in 2014; revised in 2015
• Covers all NERC personnel
E-ISAC Code of Conduct
https://www.nerc.com/gov/Pages/default.aspx
![Page 7: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/7.jpg)
7
Traffic Light Protocol
https://www.eisac.com/portal-home/document-detail?id=64208
![Page 8: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/8.jpg)
8
E-ISAC Portal
![Page 9: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/9.jpg)
9
• The E-ISAC underwent a strategic review with the ElectricitySubsector Coordinating Council (ESCC) in 2015
• Under the ESCC, the Member Executive Committee (MEC)was created and serves as a CEO-led stakeholder advisorygroup
• MEC input was used on the E-ISAC Long-term Strategic Plandeveloped in 2017
• The plan was approved by the NERC Board in 2017 andincluded in the NERC Business Plan and Budget forimplementation in 2018 and beyond
Background
![Page 10: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/10.jpg)
10
Vision: To be a world class, trusted source of quality analysis and rapid sharing of electricity industry security information
Supported by:• NERC Board of Trustees• Electricity Subsector Coordinating Council (ESCC)• ESCC Members Executive Committee (MEC)
E-ISAC Strategic Plan
EngagementAnalysisInformation Sharing
Accelerate sharing and high priority
notifications
Enhanceportal
Improveinformation flow
and security
CRISP CYOTE CAISS Strategic Vendor
Partnerships
Hire and developexceptional employees
Leverage information sharing
technologies and resources
to enhance analytical capability
Prioritize products and
services
Metricsbenchmarking
Evaluate 24x7
Operations(future)
Build trust and show value
World Class ISAC
![Page 11: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/11.jpg)
11
Key Activities
E-ISAC Critical Broadcast Program• Launched a rapid information sharing capability of the E-ISAC on February 7• 1,208 individuals from 245 organizations joined the call• Exercise on February 22 had over 960 individuals from 220 organizations
CRISP• Expanding membership Base – NERC, Res, and five other companies joining in Q1• Identifying and evaluating opportunities to lower cost of participation
Portal enhancements• Improving email notification capabilities with expected delivery date of March 31• User community requirements under review and development process underway
Industry Augmentation Program• Completed two cycles with analysts from NYPA, SRP, and NPPD• Builds trust, exchanges expertise and understanding of threats and response
![Page 12: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/12.jpg)
12
New Services
CAISS
(Cyber Automated Information Sharing System)
MARTIE
(Malware Analysis Repository and Threat Information Engine)
![Page 13: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/13.jpg)
13
Physical Security Overview
Q1 Incidents of Note • Axe incident in CA• Suspicious Activity Events• Emotionally unstable
individuals inside substation • Drone/UAS events• Security Equipment theft• Copper price
monitoring/theft
![Page 14: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/14.jpg)
14
Phishing
Incidents
![Page 15: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/15.jpg)
15
Cryptocurrency Mining
Incidents
![Page 16: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/16.jpg)
16
Mission statement
GridEx is an unclassified public/private exercise
designed to simulate a coordinated cyber and physical attack
with operational impacts
on electric and other critical infrastructures
across North America
to improve security, resiliency, and reliability
![Page 17: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/17.jpg)
17
• Exercise incident response plans
• Expand local and regional response
• Engage critical interdependencies
• Improve communication
• Gather lessons learned
• Engage senior leadership
GridEx Objectives
![Page 18: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/18.jpg)
18
Players across the stakeholder landscape will participate from
their local geographies
Facilitated discussion engages senior decision
makers in reviewing distributed play and
exploring policy triggers
Executive Tabletop
Utilities
Reliability Coordinators
E-ISAC and
BPSA
Fed/State/Prov Agencies
Support
and Vendors
Injects and
info
sharing
by email
and phone
Identification
Containment
Distributed Play(2 days)
Executive Tabletop (1/2 day)
Move 0Pre-Exercise
Preparation
Operators may participate in Cyber Intrusion detection
activities
Exercise Components
![Page 19: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/19.jpg)
19
Participation
• 6500 Participants
• 206 Electric utilities
• 452 Organizations
• 17 Cross-sector partners
• 10 States (2 full-scale)
![Page 20: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/20.jpg)
20
Active and Observing
36
122
209
335
40
109
155
117
0
50
100
150
200
250
300
350
400
450
500
GridEx 2011 (76) GridEx II (231) GridEx III (364) GridEx IV (452)
GridEx Exercise Participation
Active Observing
47%
53%53%
47%
57%
43%
74%
26%
![Page 21: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/21.jpg)
21
• Where’s the Cavalry?▪ Relationship building with partners (e.g. cross-sector, law enforcement,
emergency managers, etc.)
▪ What is the State/Federal Government’s role during a Grid Emergency?
• E-ISAC Portal improvements
• Greater cross-sector participation
• Public Affairs and Corporate Communications vs. Incorrect or Misleading information
• Communication resiliency (e.g. WPS, GETS, HF Radio, etc.)
• Electric Utility – RC emergency communications
• Cyber Mutual Assistance
• On-keyboard cyber training
• Active Lead Planners
Preliminary Findings –GridEx IV Distributed Play
![Page 22: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/22.jpg)
22
• GridEx IV Reports are complete and posted this week!
• CIPC Grid Exercise Working Group standing back up June, 2018
• GridEx V Initial Planning Meeting will be held November 2018
Way Forward
GridEx V:
November 13-14, 2019
![Page 23: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/23.jpg)
23
GridSecCon 2018
October
16-19
2018
![Page 24: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/24.jpg)
24
• Resiliency, reliability, security
• The E-ISAC and CMEP functions can and should work together –carefully
• The E-ISAC Long-term Strategic Plan is just beginning, but taking off quickly▪ CBP and MARTIE
• The E-ISAC Portal contains security information that is available to CMEP personnel
• GridEx and GridSecCon are valuable sources of security information
Key Takeaways
![Page 25: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/25.jpg)
25
Contact
![Page 26: E-ISAC Update Update WECC...4 Mission The E-ISAC reduces cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership,](https://reader030.vdocuments.mx/reader030/viewer/2022040722/5e30a87421014967f22087b5/html5/thumbnails/26.jpg)
26