naseo western regional meeting · • cybersecurity training w/ naruc • cybersecurity primer for...
TRANSCRIPT
NASEO Western Regional Meeting
DOE SLTT Energy Assurance Activities
Matthew D. Duncan – Program Manager
April 18, 2017
2
Agenda
• Program Overview
• FY 17 Energy Assurance Activities
• LIBERTY ECLIPSE Key Findings
• FY 18 Energy Assurance Planning
3
DOE SLTT Energy Assurance Program
Build Relationships
Encourage Comprehensive
Planning
Increase Expertise
4
Energy Assurance Activities in FY 17 – DOE HQ
• SLTT Energy Assurance 2016 Year in Review
• https://energy.gov/oe/articles/state-local-tribal-and-territorial-energy-assurance-2016-year-review
• Established Energy Assurance Joint Policy Committee• Comprised of Energy Officials,
Emergency Managers, & Regulators – April 5, 2017
• Next Generation of EAGLE-I • Full access for states in Spring ’17
• Develop Energy Sector Waiver Library on Energy.gov • Common Electricity and Oil and Gas
waivers during response – May ’17
• Clear Path V – Houston, TX• May 31-June 1, 2017
• Hurricane Season 2017• UPDATE EEAC INFO by May 31
55
Energy Assurance Activities in FY 17 – N-Groups
• Energy Assurance Plan Updates w/ NASEO
• 12 states in process of updating plans
• NASEO updating guidelines/provide technical assistance
• Cybersecurity Training w/ NARUC
• Cybersecurity Primer for Regulators 3.0 – Jan 2017
• Cybersecurity Primer regional training – Summer ‘17
• Resilience Assessment/ Exec Orders w/ NGA
• Develop state resilience assessment tool for states
• Develop executive order roadmap
• Emergency Management Energy Education w/ NEMA
• Hosted cyber incident coordination panel in March ’17
• Developing energy focused TTX package for states
66
Energy Assurance Activities in FY 17 – N-Groups
• Protect Critical Infrastructure Information and Tribal Engagement w/ NCSL
• Develop best practices for critical infrastructure information protections in legislation
• Reengage tribal state energy assurance work
• Enhance mutual assistance with municipally-owned utilities w/ APPA
• Improve outage mapping and information sharing
• Support updates and exercising of mutual assistance plans and agreements
• Reinvigorate local energy assurance activities
• Reestablish local energy assurance contacts
• Identify gaps in local energy assurance capabilities
7
LIBERTY ECLIPSE Key Findings and Recommendations
LIBERTY ECLIPSE Exercise –
Newport, RI, December 8-9,
2016 – Co-hosted w/ NASEO
• Cyber-incident in the
electricity sub-sector
affecting other sectors
• Interdependencies in
energy sector
• 3 FEMA Regions, 13 States,
industry, 96 participants
• AAR to be released April 18
8
LIBERTY ECLIPSE Key Findings and Recommendations
1) The cyber incident coordination frameworks at both the state and federal levels need to be further defined and synchronized with industry.
2) The public will face a great deal of uncertainty following a significant cyber incident that causes physical damage (such as a long-term power outage or petroleum disruption), creating a considerable challenge for public information and expectation management, particularly around restoration times.
3) The evolving nature of cybersecurity threats makes it difficult for PUCs to accurately quantify the cost of cybersecurity investments for rate recovery.
Key Findings – Cyber Incident Coordination
9
LIBERTY ECLIPSE Key Findings and Recommendations
4) While the consequence management activities for the physical impacts caused by a cyber incident are largely the same as they would be for any other hazard—including the potential use of the Stafford Act—the unique conditions of a cyber incident pose additional challenges that necessitate new capabilities and the use of new authorities.
5) Information sharing and the ability to communicate remain prime concerns in an energy emergency—regardless of the cause.
6) There is a need to improve state petroleum response plans to make them more operational and detailed and provide for greater consistency across multi-state regions.
10
LIBERTY ECLIPSE Key Findings and Recommendations
7) Emergency response stakeholders need to have a good understanding of the energy sector supply chains and interdependencies to plan for, and respond to, energy emergencies.
8) There are substantial resources available to support efforts that would enhance cybersecurity. These resources, and their applicability, are not always well known at the state and local levels by some of the organizations within the energy supply chain.
11
LIBERTY ECLIPSE Key Findings and Recommendations
Key Findings – Exercise Design
8) The quality of the exercise, the ability to identify planning
gaps, and action items are affected by the composition of
the individuals and organizations that participate in the
exercise.
9) Participants felt that the exercise should have been a more
focused set of events targeting a smaller geographic region
to allow for more in-depth discussions.
12
LIBERTY ECLIPSE Key Findings and Recommendations
1) DOE should support SLTT governments and industry partners to
improve communication and information sharing consistent with
forthcoming cyber-incident coordination mechanisms, and strengthen
procedures to facilitate energy restoration. Particular attention needs
to be paid to public communication and expectation-setting during
significant cyber incidents.
2) The federal government needs to better define its roles and
responsibilities for a significant cyber incident and communicate those
roles clearly.
3) DOE should continue its work with SLTT partners, other federal
agencies, and the private sector to ensure that appropriate resources
and capabilities are available to reduce the risks to the energy sector
from a cybersecurity threat. DOE, DHS, and industry should also
work together to ensure that measures are in place for the recovery of
critical information technology systems to ensure a more rapid system
restoration and to minimize impacts.
Recommendations
13
LIBERTY ECLIPSE Key Findings and Recommendations
4. DOE should facilitate further dialogue between governments at all
levels and industry on developing fuel-shortage response plans, and
to evaluate these plans in future regional exercises that focused on
the oil and natural gas subsector.
5. DOE should maintain and expand its energy assurance program to
encourage and support planning and preparedness, through regular
education, training, and exercises for SLTT partners, with the goal of
promoting a better understanding of energy sector supply-chain
interdependencies. These efforts should culminate in updated energy
assurance plans at all levels.
14
Energy Assurance Activities for FY18
• Three Themes
• Cybersecurity preparedness
• Information sharing and situational awareness
• Regional Interdependencies
• EAGLE-I Upgrades to include ISERnet content
• Possible work on Local Energy Assurance
• Cross DOE/Lab Cooperation on analytical
products focused on resilience and security
15
Matthew Duncan
Program Manager
State, Local, Tribal, & Territorial (SLTT)
Energy Assurance
U.S. Department of Energy
Phone: 202.586.8828
Email: [email protected]
Infrastructure Security & Energy Restoration (ISER)
Division, DOE --
http://www.oe.netl.doe.gov/
ISERnet – secure, restricted password-protected site
https://www.oe.netl.doe.gov/isernet/