nerc situation awareness and cyber security update...nerc situation awareness and cyber security...
TRANSCRIPT
NERC Situation Awareness and Cyber Security Update
NPCC General MeetingSeptember 24, 2009
Stan Johnson
609-524-7012
Situation Awareness History
August 14, 2003 Blackout Report• Electric Reliability Organization (ERO) Filing
• Energy Policy Act of 2005
• Established as ERO Program Area
Presidential Decision Directive 63-1998• Created Information Sharing and Analysis Centers
(ISAC)
Situation Awareness Definition
Definition relates to the goals and objectives of a specific job or function• Different for Reliability Coordinator than for Region
than for NERC than for FERC
“The perception of the elements in the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future”
» Dr. Mica Endsley, 1988
NERC Situation Awareness Activities
Operate Electric Sector ISAC• Bulk Power System Disturbances
• Situation Awareness for FERC, NERC, Regions-SAFNR
• North American Synchro Phasor Initiative
• Typical Events-Share Information with Governments Hurricanes, Ice Storms, Earthquakes
Wildfires
Fuel Supply issues
NERC Situation Awareness Information Sources
Reliability Coordinators
Regions
Ace-Frequency Tool
F-Net
SAFNR
RTDMS
HSIN (DHS)
Media
OE-417
EOP-004
CIP-001
CIP-008
NICC, NCC (DHS)
NOAA
Other sector ISAC’s
NERC Situation Awareness Activities
Monday Morning Briefing-NERC SA/EA Team• On Duty Officer briefs SA/EA Team on week past
Bi-weekly FERC-NERC-Region Call• Every other Tuesday
• Review events of last two weeks and any carry over
North American Bulk Power System Log• New initiative-started 9/14/09-working out kinks
SAFNR Project Summary
June 1, 2009 Target Date-Start Date September, 2008
Revised Operating Reliability Data Non-Disclosure Agreement to NERC Trustees 5/6/09
Support Documents Completed
Displays Finalized-East, West, ERCOT
Reliability Coordinators to be Commended
Next Steps• Review summer 09
• Meet with FERC, NERC, Regions next week
SAFNR Display-NPCC
SAFNR Display-ReliabilityFirst-PJM
Southeastern
MISO
NERC Situation Awareness Room-Purpose
Manage major emergencies to the bulk power system• Specifically physical and cyber infrastructure
• Other major catastrophes or attacks involving North America
Serve as a central and secure communications command center• Tactical and strategic planning room
• Daily briefing room
NERC Situation Awareness Room-Layout
800 Sq. Ft.
Three interconnected offices• Situation Awareness Supervisor (20’ x 11’) Small conference table
• Conference Area (20’ x 20’)
• Situation Awareness Team (20’ x 10’) Two Workstations
Two satellite TV feeds
Travel desk for telecommuters
NERC Situation Awareness Center at a Glance
NERC Situation Awareness Center at a Glance
NERC Situation Awareness Center at a Glance
NERC Situation Awareness Center at a Glance
NERC Alerts
Have been operating with E-mail based system
Primarily Cyber based alerts but some equipment related
Moving rapidly to implement new secure, smarter system
Message sent to log in and look
Training in progress via webex-9/22, 29/09
Elephant in Room-Compliance
Key Question-How does NERC Situation Awareness interact with NERC Compliance?
As required by Rules of Procedure, but….
Current process is supposed to be serial• Situation Awareness, then
• Events Analysis, then
• Compliance, but…. are involved throughout process
NERC Cyber Update
History
Current activities, including standards
Hot topic, all sectors, U.S. Congress proposed legislation for increased FERC role
Material from Mike Assante, Tim Roxey, Scott Mix
Cyber Security History
Initial Cyber Standards-Urgent Action post 9/11
Participated in U.S. DOE Cyber Security Roadmap
Worked with Pacific Northwest Lab to identify top 10 vulnerabilities
Participated in development of SCADA Test Bed at Idaho National Lab
Participation in numerous exercises-Cyber Storm
NERC Cyber Security Activities
ES-ISAC Activity• Aurora
• Boreas
• Microsoft RPC
• Conficker
• Hydra Team formed for industry subject matter expertise
• NERC Alerts
NERC Cyber Security Current Activities
Cyber Readiness Preparedness Assessment
FERC Order 706B-Nuclear Plants
Technical Feasibility Exception Process
Congressional Testimony
CIP Education-Table 3 Entities
NERC Alerts
CIP Standard Revisions-Recap of Activities
Drafting Team 1st meeting – October, 2008 Version 2 standards approved by Board of Trustees
May, 2009 • Awaiting FERC action
Version 1 VSL / VRF Approved by Board of Trustees• Submitted to FERC following 1st round ballot
Version 2 VSL / VRF in initial ballot Concept Paper Published July 2009 Webinar on Concept Paper – August 25, 2009 Order 706-B (Nuclear Plant implementation) –
approved by industry September 10, 2009
NERC CIP Standards Revision-Concept Paper
Describes a new approach to identifying the “scope of applicability” for the CIP Cyber Security Standards – a replacement for the current CIP-002• Moves away from “Critical” vs. “Non-Critical”
• Provides a multi-level graded approach, based on impact to BES reliability
• A “decoupled” approach independently assessing both “BES impact” and “cyber impact”; then combining assessments into a final impact categorization
NERC CIP Standards Revision-Concept Paper
Posted for 45-day comment period
Comment Period closed September 4• 52 sets of comments
• 137 pages of comments Responses to 11 specific questions
Page/Line comments
Individual responses to comments will not be developed• Comments will be used in further refinement of concepts and
development of Requirements
• We’ll hear about any remaining or open issues during the official comment period
Development Schedule
Proposed development schedule:• Now through December, 2009 – develop CIP-002-3
• December 2009 – post Draft 1 of CIP-002
• January 2010 – April 2010 – develop “CIP-003 through CIP-009”
• February 2010 – April 2010 – Respond to comments on CIP-002-3
• April 2010 – Post Draft 2 CIP-002-3 and Draft 1 “CIP-003-3 through CIP-003-9”
• Remainder of 2010 – Revise and post CIP-002-3 through CIP-009-3 (multiple draft cycles)
• December 2010 – Ballot CIP-002-3 through CIP-009-3 with implementation plan
Development Schedule
Graphically:
Web Resources
CIP Standards Activities overview page:
• http://www.nerc.com/filez/standards/Cyber-Security-Activities.html
CIP Standards Project page:
• http://www.nerc.com/filez/standards/Project_2008-06_Cyber_Security.html
CIP Standards Version 1 VSL page:
• http://www.nerc.com/filez/standards/Project2008-14_Cyber_Security_VSLDT.html
Web Resources
Phase II Activities
• Concept Paper & Webinar slides
• http://www.nerc.com/filez/standards/Project_2008-06_Cyber_Security_PhaseII_Standards.html
Identifying Critical Assets Guideline
• http://www.nerc.com/filez/sgwg.html
Identifying Critical Cyber Assets Guideline
• http://www.nerc.com/filez/sgwg.html
