generation cyber security r&d securing the last line of defense … · 2016-09-09 · bulk...
TRANSCRIPT
© 2016 Electric Power Research Institute, Inc. All rights reserved.
Welcome
2© 2016 Electric Power Research Institute, Inc. All rights reserved.
Safety Moment
3© 2016 Electric Power Research Institute, Inc. All rights reserved.
Today’s Goals:
- Better Understand the Cyber Security Research Needs
Unique to Generation
- Report on a Plan to Meet Those Needs
4© 2016 Electric Power Research Institute, Inc. All rights reserved.
Meeting Logistics
5© 2016 Electric Power Research Institute, Inc. All rights reserved.
Download the
“EPRI Events” Meeting App!
Search for EPRI Events
Login – genf16
URL - https://event.crowdcompass.com/gen-adv-council
Confirmation number required to access materials – see
registration desk or welcome letter
6© 2016 Electric Power Research Institute, Inc. All rights reserved.
Using Member Center
Visit Generation Sector Cockpit
View Slideshow for Tutorial
on Member Center
7© 2016 Electric Power Research Institute, Inc. All rights reserved.
Sign up for TIP Emails
Select EPRI program cockpits of
special interest
Weekly or biweekly
Program cockpit updates
– Meetings & webcasts
– Project Updates
New product announcements
Links are direct to member center
Questions email [email protected]
8© 2016 Electric Power Research Institute, Inc. All rights reserved.
Time Topic
8:00 a.m. Welcome
8:30 a.m. Generation Research Approach
9:30 a.m. Foundational Research – Threat Analysis
10:00 a.m. Morning Break
10:30 a.m. Foundational Research – Industry Initiatives
11:00 a.m. Foundational Research – Emerging Technologies
11:30 a.m. Foundational Research – Process & Integration
12:00 p.m. Lunch – Kingston Hall
1:00 p.m. Applied Research – Prevent
1:45 p.m. Applied Research – Detect
2:30 p.m. Afternoon Break
3:00 p.m. Applied Research – Recover
3:45 p.m.
Next Steps – Collaboration
Project Prioritization
Industry Collaboration
Cross-Sector Collaboration
Council Report-Out
5:00 p.m. Adjourn
© 2016 Electric Power Research Institute, Inc. All rights reserved.
Justin Thibault
Sr. Technical Leader
Generation Sector Council
September 16, 2016
Generation
Cyber Security R&DSecuring Bulk Power Generation:
The Foundation of a Resilient Power System
10© 2016 Electric Power Research Institute, Inc. All rights reserved.
Generation Cyber Security – Past to Present
Supplemental, Base, Other
The collaborative is growing, but the gap is growing faster
11© 2016 Electric Power Research Institute, Inc. All rights reserved.
Problem Statement:
The cyber security challenge is outpacing the current
research in Generation sector.
12© 2016 Electric Power Research Institute, Inc. All rights reserved.
Agenda
Understanding the growing challenge
–Security & Compliance
–Bulk Power Generation Strategic Drivers
Meeting the Challenge
–Research Strategy
–Council Insights
–Next Steps
13© 2016 Electric Power Research Institute, Inc. All rights reserved.
Understanding the growing challenge
14© 2016 Electric Power Research Institute, Inc. All rights reserved.
Security & Compliance – A Balancing Act
SecurityCompliance
15© 2016 Electric Power Research Institute, Inc. All rights reserved.
Even the Perception of a Breach…
December 2014 hackers published information about a power
company’s reactors on Twitter, along with personal
information about employees
The nuclear plant control systems were not breached
The government was forced to heighten cyber-security and
form an investigation team
The power company had to prove that no breach occurred
Source: Security Week
16© 2016 Electric Power Research Institute, Inc. All rights reserved.
Additional Federal
Action -2013 Executive
Order
Increasingly Complex
Compliance
Increasing Cyber Security Regulations – US Case
Additional Entities
FERC/NERC
17© 2016 Electric Power Research Institute, Inc. All rights reserved.
FERC Order 822 January 2016
Regulators are Not Slowing Down
18© 2016 Electric Power Research Institute, Inc. All rights reserved.
More ICS Vulnerabilities than Expected
Source: ICS-CERT 2016 May-June Monthly Monitor
19© 2016 Electric Power Research Institute, Inc. All rights reserved.
US Perspective: NERC-CIP Evolving Rapidly
CIP Version 3
CIP Version 4 Approved April2012
CIP Version 5-6
Approved Nov 2014
Implemented July 2016
CIP Version 7In Development
20© 2016 Electric Power Research Institute, Inc. All rights reserved.
Anatomy of a Breach
December 2015 three different
Ukrainian distribution companies
suffered a cyber attack
225,000 customers were affected for
over three hours
Operators were forced to take manual
control and operated in a constrained
mode following restoration
The attackers focus on:
– Gaining access to the control systems,
– Discovery of control system
components, architecture, and
communications and,
– Gaining control of the plant.
Source: E‐ISAC | Analysis of the Cyber Attack on the Ukrainian Power Grid | March 18, 2016
21© 2016 Electric Power Research Institute, Inc. All rights reserved.
Conflicting Strategic Issues?
SPANNING THE GENERATION PORTFOLIO
22© 2016 Electric Power Research Institute, Inc. All rights reserved.
Have Cyber Security concerns hindered introducing more digital
technologies at your generation plants?
Yes
No, we have a plan and cyber is not an obstacle
No, we aren’t implementing any additional digital
technologies and don’t have any plans to do so
I don’t know
23© 2016 Electric Power Research Institute, Inc. All rights reserved.
Bulk Power Generation Cyber Security Strategic Drivers
Power System Protection & Resiliency
• Expectation of the power industry is to have a mature cyber security strategy that will prevent and detect cyber attacks, and recover through swift, competent incident response.
• A successful power generation industry cyber security strategy requires a coordinated approach that is leveraged by industry learning informed by generation technical needs
• Increasing regulatory requirements and voluntary participation.
Increased Deployment of Digital Technologies
• Competitive pressure and flexibility drives the need for secure integration of advanced control, automation, monitoring, and digital worker technologies.
• Replacing control assets ‘in kind’ is becoming more difficult.
• Vendors are accelerating the use of sophisticated new technologies, requiring advanced integration and knowledge, increasing the cyber security attack surface.
Generation Assets Are a Target
• Bulk power generation is the foundation of a resilient power system & generation assets are highly visible to the public.
• The threat landscape is evolving and becoming more sophisticated.
• The number of vulnerabilities that are being discovered in industrial control systems is growing.
• The convergence of IT/OT is an emerging challenge due to the technical complexity of advanced control and monitoring systems.
24© 2016 Electric Power Research Institute, Inc. All rights reserved.
Meeting the Challenge
25© 2016 Electric Power Research Institute, Inc. All rights reserved.
Cross-Sector Collaboration for a Secure Power System
EPRI Cyber
Security R&D
Nuclear: I&C Program
Generation: Cross-Sector Technologies
Power Delivery & Utilization:
Program 183
26© 2016 Electric Power Research Institute, Inc. All rights reserved.
Launch 2 year
Cyber Security
Supplemental
Project
Cyber Security
Collaborative supplemental
research transitions to
research portfolio
Integrate Cyber Security Advisors into Generation
Advisory Structure
2016 2017 2018
Cyber Security
Advisory Meeting
and Council
Discussion
Previous
Work
Generation Cyber Security – Moving Forward
Supplemental, Base, Other
27© 2016 Electric Power Research Institute, Inc. All rights reserved.
Generation Cyber Security Framework
28© 2016 Electric Power Research Institute, Inc. All rights reserved.
Foundational Research & Support
Threat Analysis
• Current & Emerging Threats
• Vulnerabilities
• Distillation & Interpretationfrom Multiple Information Sources
Industry Initiatives
• NIST, DHS, ICS-CERT, NERC, FERC, etc.
• Keeping EPRI research current
• Participatingand Informingcodes & standards development
Industry Collaboration
• Best practices
• Collaboration workshops
• Technical forums
Emerging Technologies
• Innovation scouting
• Technology Development
• Application Engineering
• Laboratory testing & evaluation
Process & Integration
• Risk Management
• Cyber SecurityCapability Maturity Model (C2M2)
• IT/OT Integration & Coordination
29© 2016 Electric Power Research Institute, Inc. All rights reserved.
Applied Research: Defense in Depth Approach
Prevent
DetectRecover
30© 2016 Electric Power Research Institute, Inc. All rights reserved.
Prevent – Detect – Recover: What area presents the largest gap? (Choose 1)
Prevent
Detect
Recover
31© 2016 Electric Power Research Institute, Inc. All rights reserved.
Generation Cyber Security Next Steps
September 2016
– Hold first Cyber Security Advisory Meeting
– Discussion and engagement with the Generation Sector Council
– Launch of 2-year Cyber Security collaborative supplemental project
2017 – 2018 Activities
– Focused meetings with member companies on cyber security needs and
EPRI’s role moving forward
– Integrate Cyber Security advisors in Generation Sector advisory structure
– Evaluate engagement, R&D scope and collaboration for future recommendation
of cyber security approach to the Generation Council
Requesting Council Engagement and Endorsement Moving Forward
32© 2016 Electric Power Research Institute, Inc. All rights reserved.
Together…Shaping the Future of Electricity