generation cyber security r&d securing the last line of defense … · 2016-09-09 · bulk...

© 2016 Electric Power Research Institute, Inc. All rights reserved.

Welcome

2© 2016 Electric Power Research Institute, Inc. All rights reserved.

Safety Moment


Today’s Goals:

- Better Understand the Cyber Security Research Needs

Unique to Generation

- Report on a Plan to Meet Those Needs


Meeting Logistics


Download the

“EPRI Events” Meeting App!

Search for EPRI Events

Login – genf16

URL - https://event.crowdcompass.com/gen-adv-council

Confirmation number required to access materials – see

registration desk or welcome letter

https://event.crowdcompass.com/gen-adv-council


Using Member Center

Visit Generation Sector Cockpit

View Slideshow for Tutorial

on Member Center


Sign up for TIP Emails

Select EPRI program cockpits of

special interest

Weekly or biweekly

Program cockpit updates

– Meetings & webcasts

– Project Updates

New product announcements

Links are direct to member center

Questions email [email protected]


Time Topic

8:00 a.m. Welcome

8:30 a.m. Generation Research Approach

9:30 a.m. Foundational Research – Threat Analysis

10:00 a.m. Morning Break

10:30 a.m. Foundational Research – Industry Initiatives

11:00 a.m. Foundational Research – Emerging Technologies

11:30 a.m. Foundational Research – Process & Integration

12:00 p.m. Lunch – Kingston Hall

1:00 p.m. Applied Research – Prevent

1:45 p.m. Applied Research – Detect

2:30 p.m. Afternoon Break

3:00 p.m. Applied Research – Recover

3:45 p.m.

Next Steps – Collaboration

Project Prioritization

Industry Collaboration

Cross-Sector Collaboration

Council Report-Out

5:00 p.m. Adjourn

© 2016 Electric Power Research Institute, Inc. All rights reserved.

Justin Thibault

Sr. Technical Leader

Generation Sector Council

September 16, 2016

Generation

Cyber Security R&DSecuring Bulk Power Generation:

The Foundation of a Resilient Power System


Generation Cyber Security – Past to Present

Supplemental, Base, Other

The collaborative is growing, but the gap is growing faster


Problem Statement:

The cyber security challenge is outpacing the current

research in Generation sector.


Agenda

Understanding the growing challenge

–Security & Compliance

–Bulk Power Generation Strategic Drivers

Meeting the Challenge

–Research Strategy

–Council Insights

–Next Steps


Understanding the growing challenge


Security & Compliance – A Balancing Act

SecurityCompliance


Even the Perception of a Breach…

December 2014 hackers published information about a power

company’s reactors on Twitter, along with personal

information about employees

The nuclear plant control systems were not breached

The government was forced to heighten cyber-security and

form an investigation team

The power company had to prove that no breach occurred

Source: Security Week


Additional Federal

Action -2013 Executive

Order

Increasingly Complex

Compliance

Increasing Cyber Security Regulations – US Case

Additional Entities

FERC/NERC


FERC Order 822 January 2016

Regulators are Not Slowing Down


More ICS Vulnerabilities than Expected

Source: ICS-CERT 2016 May-June Monthly Monitor


US Perspective: NERC-CIP Evolving Rapidly

CIP Version 3

CIP Version 4 Approved April2012

CIP Version 5-6

Approved Nov 2014

Implemented July 2016

CIP Version 7In Development


Anatomy of a Breach

December 2015 three different

Ukrainian distribution companies

suffered a cyber attack

225,000 customers were affected for

over three hours

Operators were forced to take manual

control and operated in a constrained

mode following restoration

The attackers focus on:

– Gaining access to the control systems,

– Discovery of control system

components, architecture, and

communications and,

– Gaining control of the plant.

Source: E‐ISAC | Analysis of the Cyber Attack on the Ukrainian Power Grid | March 18, 2016


Conflicting Strategic Issues?

SPANNING THE GENERATION PORTFOLIO


Have Cyber Security concerns hindered introducing more digital

technologies at your generation plants?

Yes

No, we have a plan and cyber is not an obstacle

No, we aren’t implementing any additional digital

technologies and don’t have any plans to do so

I don’t know


Bulk Power Generation Cyber Security Strategic Drivers

Power System Protection & Resiliency

• Expectation of the power industry is to have a mature cyber security strategy that will prevent and detect cyber attacks, and recover through swift, competent incident response.

• A successful power generation industry cyber security strategy requires a coordinated approach that is leveraged by industry learning informed by generation technical needs

• Increasing regulatory requirements and voluntary participation.

Increased Deployment of Digital Technologies

• Competitive pressure and flexibility drives the need for secure integration of advanced control, automation, monitoring, and digital worker technologies.

• Replacing control assets ‘in kind’ is becoming more difficult.

• Vendors are accelerating the use of sophisticated new technologies, requiring advanced integration and knowledge, increasing the cyber security attack surface.

Generation Assets Are a Target

• Bulk power generation is the foundation of a resilient power system & generation assets are highly visible to the public.

• The threat landscape is evolving and becoming more sophisticated.

• The number of vulnerabilities that are being discovered in industrial control systems is growing.

• The convergence of IT/OT is an emerging challenge due to the technical complexity of advanced control and monitoring systems.


Meeting the Challenge


Cross-Sector Collaboration for a Secure Power System

EPRI Cyber

Security R&D

Nuclear: I&C Program

Generation: Cross-Sector Technologies

Power Delivery & Utilization:

Program 183


Launch 2 year

Cyber Security

Supplemental

Project

Cyber Security

Collaborative supplemental

research transitions to

research portfolio

Integrate Cyber Security Advisors into Generation

Advisory Structure

2016 2017 2018

Cyber Security

Advisory Meeting

and Council

Discussion

Previous

Work

Generation Cyber Security – Moving Forward

Supplemental, Base, Other


Generation Cyber Security Framework


Foundational Research & Support

Threat Analysis

• Current & Emerging Threats

• Vulnerabilities

• Distillation & Interpretationfrom Multiple Information Sources

Industry Initiatives

• NIST, DHS, ICS-CERT, NERC, FERC, etc.

• Keeping EPRI research current

• Participatingand Informingcodes & standards development

Industry Collaboration

• Best practices

• Collaboration workshops

• Technical forums

Emerging Technologies

• Innovation scouting

• Technology Development

• Application Engineering

• Laboratory testing & evaluation

Process & Integration

• Risk Management

• Cyber SecurityCapability Maturity Model (C2M2)

• IT/OT Integration & Coordination


Applied Research: Defense in Depth Approach

Prevent

DetectRecover


Prevent – Detect – Recover: What area presents the largest gap? (Choose 1)

Prevent

Detect

Recover


Generation Cyber Security Next Steps

September 2016

– Hold first Cyber Security Advisory Meeting

– Discussion and engagement with the Generation Sector Council

– Launch of 2-year Cyber Security collaborative supplemental project

2017 – 2018 Activities

– Focused meetings with member companies on cyber security needs and

EPRI’s role moving forward

– Integrate Cyber Security advisors in Generation Sector advisory structure

– Evaluate engagement, R&D scope and collaboration for future recommendation

of cyber security approach to the Generation Council

Requesting Council Engagement and Endorsement Moving Forward


Together…Shaping the Future of Electricity

generation cyber security r&d securing the last line of defense … · 2016-09-09 · bulk...

Documents