electric sector security & privacy r&d project portfolio
TRANSCRIPT
Electric Sector Security & Privacy Plans for 2011
Galen Rasche Technical ExecutiveErfan IbrahimTechnical Executive
Ad-Hoc Smart Grid Executive Committee 2011-Feb-10
2© 2011 Electric Power Research Institute, Inc. All rights reserved.
Contents
• PDU Cyber Security R&D Portfolio
• National Electric Sector Cyber Security Organization
• EPRI Security and Privacy Initiative
3© 2011 Electric Power Research Institute, Inc. All rights reserved.
EPRI’s Cyber Security Focus for 2011
4© 2011 Electric Power Research Institute, Inc. All rights reserved.
EPRI 2011 Cyber Security R&D Portfolio
5© 2011 Electric Power Research Institute, Inc. All rights reserved.
EPRI Cyber Security Resources
• Staffing– Three Technical Executives– One Senior Project Manager– Three Project Engineers
• Lab capabilities– Substation lab in Knoxville– Interconnects between Charlotte, Knoxville, and Lenox
• Advisory structure– Ad hoc Security and Privacy Executive Committee
6© 2011 Electric Power Research Institute, Inc. All rights reserved.
EPRI Cyber Security Projects and Programs
PDU Base Program For 2011:• NERC CIP and DHS ICS JWG
Coordination and Reporting• Lemnos Testing for Security
Configuration Profiles• DNP4 Security Interoperability
Testing• Smart Energy Profile 2.0 Security
Testing Procedures & Penetration Testing
NESCO:• Focal point for utilities, federal
agencies, regulators, and researchers
• Organize the collection, analysis, and dissemination of infrastructure vulnerabilities and threats
• Cyber Security standards and requirements evaluation
Research Projects:• Secure Smart Grid Communications• Cryptographic Key Management• Tools and Templates For Measuring
Security Posture• Best Practices for NERC CIP
Compliance
7© 2011 Electric Power Research Institute, Inc. All rights reserved.
National Electric Sector Cyber Security Organization (NESCO)
• Vision:– Provide a focal point for bringing together utilities,
federal agencies, regulators, and researchers to address the electric sector security threats
• Objectives:– Focus cyber security R&D priorities– Identify and disseminate best practices– Organize the collection, analysis, and dissemination of
infrastructure vulnerabilities and threats
8© 2011 Electric Power Research Institute, Inc. All rights reserved.
NESCO Project Structure
Cyber Incident Data Center (EnergySec):
• Identify / receive threat information
• Forensics
• Vulnerability analysis
• Categorize threats
• Disseminate threat information to asset owners and operators
R&D Team (EPRI and EnergySec):• Review NIST, NERC and other cyber
security requirements and results• Assess existing power system and cyber
security standards to meet the security requirements of the power system
• Develop risk mitigation strategies, best practices and metrics
• Test security technologies in labs and pilot projects
R&D Industry Advisory Board:• Provide technical oversight for the project for
direction setting and content creation• Facilitate outreach in the industry for greater
participation and implementation
• Populated by industry groups, federal agencies, regulators
9© 2011 Electric Power Research Institute, Inc. All rights reserved.
EPRI Led Team Supporting DOE NESCO
National/ Commercial Research Labs Academia Subject-Matter
Experts
•
Oak Ridge National Lab•
Sandia National Lab•
Idaho National Lab•
National Renewable Energy Laboratory
•
Palo Alto Research Center•
SRI•
Telcordia
•
University of Houston•
Mladen Kezunovic (Texas A&M University)
•
UCLA•
UC Berkeley•
University of Minnesota Smart Grid Consortium
•
N-Dimension•
Inguardians •
Arc Technical•
EnerNex•
Xanthus Consulting International
11© 2011 Electric Power Research Institute, Inc. All rights reserved.
EPRI Members Call to Action for NESCO
• Communicate critical security and privacy issues to EPRI to facilitate RD&D project identification (e.g., relating to NERC Compliance, SGIG and SGDP Cyber Security Assessment Plan)
• Volunteer cyber security technical staff to participate in NESCO Working Groups
• Volunteer senior cyber security experts to sit on NESCO advisory board
12© 2011 Electric Power Research Institute, Inc. All rights reserved.
EPRI Cyber Security and Privacy Initiative
• Cross-sector initiative (Power Delivery, Generation, and Nuclear)
– Leverage lessons learned and address common concerns
• Address gaps in current industry security and privacy R&D work
• Forum for designing and implementing collaborative R&D projects to meet long-term security needs of the electric sector
• Ad-Hoc Electric Sector Security and Privacy Executive Committee
– Provides strategic advice and guidance on EPRI security and privacy R&D activities
– Contributions from IOUs, co-ops, ISOs, and municipals
– Involvement at the CIO-level
13© 2011 Electric Power Research Institute, Inc. All rights reserved.
1Q11 2Q11 3Q11 4Q11
Near Term Goals of EPRI Cyber Security Research Initiative
Develop the organizational structure and populate the Ad- Hoc Security and Privacy Executive Committee
• Create focused task forces for areas of interest
• Identify 1st set of high priority RD&D projects
Organize and populate working groups to perform the RD&D projects
14© 2011 Electric Power Research Institute, Inc. All rights reserved.
Security and Privacy Initiative Research Areas