adjustments to tariff to facilitate emergency data sharing ... rsc item 08 dhs...nov 01, 2018 ·...
TRANSCRIPT
November 1, 2018
Adjustments to Tariff to Facilitate Emergency Data Sharing at a
Time of Cyber Attack and Responsiveness to Reliability
Authorities
1
Objectives for today:
• Discuss federal government and electric industry
developments regarding responses to possible
cyber attack
• Highlight MISO proposed adjustments to Tariff
provisions
• Request feedback/comments on MISO proposed
adjustments by November 21, 2018
2
Industry-Government Data Sharing
Backdrop to Proposed Tariff Changes – What is Section 9?
• Presidential Executive Order 13636, Improving Critical
Infrastructure Cybersecurity, is comprised of 12 sections:
o Section 9 covers: Identification of Critical Infrastructure at Greatest Risk
o MISO has been identified as critical infrastructure entity per Department of
Homeland Security (DHS) and Sector Specific Agencies (SSAs)
• Presidential Executive Order 13800, Strengthening the
Cybersecurity of Federal Networks and Critical Infrastructure,
tasked DHS to:
o Identify authorities and capabilities that agencies could employ to support
cybersecurity efforts of “Section 9” critical infrastructure entities.
o Engage “Section 9” entities and solicit input around capabilities
o Provide a report to President on addressing counterterrorism
4
Executive Order 13636 Section 9: “Identification of Critical Infrastructure at Greatest Risk”
Section 9 Engagement
5
5
► Executive Order 13636, Improving
Critical Infrastructure Cybersecurity
(2013)
► Section 9 directs DHS and SSA’s to develop “a risk-based approach to identify critical infrastructure where a cybersecurity incident could reasonably result in catastrophic
regional or national effects…” (2017)
► Requires DHS and the SSAs to identify authorities and capabilities that agencies can employ to support the cybersecurity efforts of Section 9 entities
► DHS, DOE, and interagency partners focus on delivering and enhancing useful capabilities and resources to these entities in the following areas:
► Supply Chain Working Group
► Incident Response Working Group
Section 9 – Cyber Incident Response Working Group
6
6
6
► The private sector and
government agencies have
complementary roles and
capabilities that can all be
brought to bear on cyber
incidents.
► The team developed a
Information Exchange
Checklist that will be used
during a cyber event.
Industry-Government Information Exchange Checklist
Section 9 – Cyber Incident Response Working Group
7
7
7
Industry-Government Information Exchange Checklist
7
► ISSUE: MISO and CAISO,
Working Group members, must
adjust tariffs to permit information
sharing.
► The RTO chooses when to
engage and disengage
► Only for a MAJOR cyber event
– “exigent* circumstances” –
such as blackout.
*Exigent: Urgent & requiring great effort
Section 9 – Cyber Incident Response Working Group
8
8
8
Industry-Government Information Exchange Checklist
8
Shifting Gears: Incident Response per CIP-008
9
9
9 9
• FERC Order 848 - FERC Requires Expanded Cyber Security
Incident Reporting for CIP-008-5
o FERC order requires the reporting of Cyber Security Incidents that
compromise, or attempt to compromise a responsible entity's Electronic
Security Perimeter (ESP) or associated Electronic Access Control or
Monitoring Systems (EACMs).
o FERC order demonstrates the need to report more cyber security attempts to
compromise reliability functions due to increased cyber threats
• MISO has taken an active role to formulate CIP-008-6 Cyber
Security Incident Reporting Standard
o MISO chairing NERC Standard Drafting Team (Dave Rosenthal)
o CIP-008-6 will require additional information sharing with NERC
9
► CIP-008 demonstrates importance of information sharing during a critical cyber event
Shifting Gears: Incident Response per CIP-008
10
10
10 10 10
• FERC Order 848 - FERC Requires Expanded Cyber Security
Incident Reporting for CIP-008-5 to include:
o Attack Vector (e.g. malware and use of stolen credentials)
o Functional Impact (e.g. situational awareness, dynamic response, ability to perform real-
time assessments, or real-time monitoring)
o Level of Intrusion (e.g. whether the compromise or attempt to compromise occurred on
Applicable Systems outside the Electronic Security Perimeter (ESP), at the ESP, or inside the
ESP)
• The new CIP-008-6 will also drive the required Tariff update
o FERC Order 848 requires information sharing to Industrial Control Systems Cyber
Emergency Response Team (ICS-CERT)
• With the addition of ICS-CERT, the Tariff change supports the new CIP-008-6
proposed standard
• Tariff change will ensure CIP-008-6 information sharing requirements will not
violate our Tariff
10
Data Sharing Implementation
11
11
11 11 11
• MISO hopes to never need to use the additional data
sharing practices
• MISO may request help from DHS and/or other
federal agencies with cyber security responsibilities
• Authorized solely by MISO Corporate Information
Officer (CIO) or Corporate Information Security
Officer (CISO)
• Other MISO utilities are engaged with DHS
• MISO can terminate the agreement with DHS at
anytime
11
MISO Proposed Tariff Adjustments
Tariff Adjustment Proposal – A, B, Cs and D
13
13
13 13 13
• Information sharing with federal agencies – “a”
o Primary location of Tariff adjustment is Sec. 38.9.3, which permits
data sharing with:
• FERC (or its staff)
• Commodity Futures Trading Commission (CFTC) (or its staff), which
will both continue (Sec. 38.9.3.a(i))
o MISO proposes to expand the applicability of the existing provision
to include additional entities:
• Federal agencies with responsibilities for cyber security in response to
cyber exigency (Sec. 38.9.3.a(ii))
• Reliability entities (NERC and Regional Entities, Sec. 38.9.3.a(iii))
– Responsive to the proposed CIP-008-6
– Repositions provision for data sharing from Sec. 38.9.1
13
Relevant Tariff Section – Section 38.9.3 (related 38.9.1)
Tariff Adjustment Proposal – A, B, Cs and D
14
14
14 14 14
• Reconciliation Adjustments – “b” and “c”
o Existing provision for requesting confidential treatment for shared
data by FERC and the CFTC – “b”
• Located in Sec. 38.9.1.b
• Generalized to cover added agencies/organizations
• MISO will use any available support for desired confidentiality (federal
rules, but also other authorities such as NERC rules)
o Existing provision for notification of data owner upon request by
FERC or the CFTC to share information with third parties – “c”
• Placed in Sec. 38.9.1.c
• Generalized to cover added agencies/organizations who share
information with third parties other than an agency/organization of the
U.S. Government
14
Relevant Tariff Section – Section 38.9.3
Tariff Adjustment Proposal – A, B, Cs and D
15
15
15 15 15
• Non-Substantive Adjustments (Clean Up) – “d”
o “Electronic Delivery of Confidential and Non-Public Data to the
Commission” repositioned as Sec. 38.9.3.d (Section 38.9.3(A)
deleted) – “d”
o Add titles and other adjustments to Sections 38.9.1, 38.9.2, and
38.9.3 for unified appearance
o Adjustments for readability purposes
15
Relevant Tariff Section – Section 38.9.1 , .2, .3, and .3(A)
Feedback Requested
Feedback Request
17
17
17 17 17
• Interested in feedback regarding proposed Tariff change
o Feedback requested by November 21
o All feedback requests will be posted to the Stakeholder Feedback
Page, and stakeholder comments should be submitted through the
feedback tool
• Remember in your feedback:
o Information on cyber security attacks will only be shared if there is
a significant cyber event affecting MISO and the reliability of grid
operations
o MISO intends to engage DHS, with the engagement managed by
the MISO CIO or CISO
17
Proposed Timeline
18
18
18 18 18
18
November 21, 2018
• Stakeholders submit comments/feedback on the redlines
December 2018
• Review stakeholder feedback on Tariff revisions at Reliability Subcommittee
January 2019
• Tariff Filing during January 2019