cipc executive comittee update cipc conference call september 16, 2004 stuart brindley cipc chair...
TRANSCRIPT
CIPC Executive Comittee Update
CIPC Conference Call
September 16, 2004
Stuart Brindley
CIPC Chair
CIPC Confidentiality - Public
CIPC Executive Committee Activities
● Support to NERC Board 2005 Business Plan Strategic retreat
● CIPC Roles Work flow - developing security guidelines
● Monitor progress and resources of WG/TFs Seiki Harada replaces John Maguire on Standards &
Guidelines WG
● Relationship with governments
● Opportunities...
NERC 2005 Business Plan
● Recognizes need to increase scope and intensity of CIPC efforts
● Identified CIPC strategic objectives and major work items
● Includes additional NERC staff person dedicated to CIPC
● Request approval at October NERC Board meeting
CIPC Strategic Objectives - 2005
• Further develop ISAC capability
• Improve coordination and relationships with governments
• Develop National Infrastructure Protection Plan
• Develop methods to deter, mitigate and respond to attack
• Enhance SCADA and process control security
• Address cyber & physical security Blackout recommendations
NERC Board Strategic Retreat
● From NERC Readiness Audits, develop a plan for identifying and communicating: Best practices Commonly identified areas for improvement
● Update NERC’s response plan in the event of a significant system disturbance or emergency event
● Coordinate NERC and FERC operator training studies
● Increase the intensity and commitment of stakeholder contributions to Committees
● Clarify the role of the Regions
● More proactive with governments - regulatory, security
CIPC Relationships & RolesElectricity Sector - Critical Infrastructure Protection
Risk Assessments Threats Early Warning Operational Response
Electricity Industry Associations:• North American Electric Reliability Council• Edison Electric Institute• American Public Power Assoc.• National Rural Electric Co-op Assoc.• Canadian Electricity Association
CIP Committee *Executive Committee
ESISAC SubcommitteeSecurity Planning SubcommitteeWorking Groups & Task Forces
ELECTRICPOWERSYSTEM
OPERATION
PHYSICALINFRASTRUCTURE
INFORMATIONTECHNOLOGY
ELECTRICITY SECTOR ENTITIESUtilities, Transmitters, Generators, Distributors, Independent System/Market Operators
OPERATIONS PHYSICAL AND CYBER SECURITY EMERGENCYMANAGEMENT
PUBLIC HEALTH &SAFETY
CRITICAL INFRASTRUCTURE PROTECTION
NERC LeadershipTechnical Steering Ctee
Other NERC Standing CteesOC, PC, MC, etc
US:Department of Homeland Security (DHS)Department of Energy (DOE)Federal Energy Regulatory Commission (FERC)Canada:Public Safety & Emergency Preparedness Canada (PSEPC)Natural Resources Canada (NRCan)
Federal, Provincial and State Governments
14 ISACsSector Coordinators & ISAC Council
Executive Committee:• Identify strategic objectives and priorities• Respond to requests from NERC leadership, governments and industry associations• Identify needs to Working Groups/Task Forces• Seek active contribution of CIPC members.• Schedule and lead CIPC meetings• Support NERC President as Sector Coordinator
Subcommittee Working Groups & Task Forces:• Define scope, deliverables, milestones and resource requirements• Provide periodic status of milestones, deliverables to Executive Committee• Conduct Working Group/Task Force meetings.• Assign tasks to Committee members
NERC Staff:• Arrange meeting facilities such as physical space or conference calls• Provide administrative support• Act as primary contact with governments, decide responses with Executive Committee• Operate the ESISAC
CIP Committee Roles *
CIPC Work Flow - Security Guidelines
Identify need
Approve scope & resources
CIPC review and approvalto forward to NERC Board
Post “final document” for public review
Prepare “final document”
Forward “content draft” to Standards & Guidelines WG for:• consistency with existing Standards & Guidelines • final format
CIPC approval of “content draft”
Submit “content draft” for CIPC approval
Prepare “content draft”
Prepare scope and identify resources
Prioritize & assign to Working Group/Task Force
Executive Committee Standards & Guidelines WG NERC StaffCIPC Members Working Group/Task Force
Prepare “final draft”
Review “content draft”
Review scope
2 weeks 2 weeks
1 week
1 week
1 week
Scope-dependent
As versions developed
Within days
Within days
Facilitate meetings& conference calls
Coordinate review of otherNERC Committees as appropriateScope-dependent
Relationships with Governments
● Canada-US Outage TF report - prioritize actions
● DHS interface with NERC as Sector Coordinator, ESISAC, ISAC Council NERC President, CIPC Chair are Sector Coordinators
● Aug 31/04 meeting with senior DHS officials (NERC, EEI, AGA)
● Response to large-scale emergencies (eg. Blackout, hurricanes)
● Multi-national CIP initiative - assess opportunity industry and governments Australia, New Zealand, US, Canada
Canada-US Outage TF Report
● High visibility by governments - life of Task Force extended by 1 year
● 16 of 46 recommendations related to CIP many require coordination with other NERC
Committees (esp. Operating and Planning)
● Actions underway within CIPC many during 2004 some through 2005… and beyond
Sector Coordinators/ISAC Council
Mission:To advance the physical and cyber security
of the critical infrastructures of North America by establishing and maintaining a framework for valuable interaction between and among the ISACs and with government
Sector Coordinator/ISAC Council Initiatives
● Single forum for DHS to interface with all 14 critical infrastructure sectors who’s who ? Include Sector-Specific Agencies (eg. DoE)
● Matrix project - sharing structure, scope of each ISAC
● Interdependency Task Force - proposed 3 tabletop exercises to DHS
● Media/Outreach - key public messages communicating what is being done
● Physical/Cyber - integrating these functions
● Emergency Notification System (ENS) and conference bridge in place
Opportunities...
● Improved coordination with government 2-way information sharing, risk assessment
● Industry outreach to the public regarding CIP threats and incidents… as we did during the Blackout
Sector Coordinating CouncilPCIS/Sector Coordinators
ISACs
Government Coordinating CouncilDHS
Sector-Specific Agencies (eg.DoE)
Opportunities...
● Growing the ESISAC During response mode, can’t just be NERC staff Leverage CIPC participants:
Subject matter expertise Getting the right resources, right away
Coordinate with Operations Timely and effective support of government
Building the DHS Relationship
August 31, 2004 Meeting
Nebraska Ave.
Washington DC
Participants
DHS: Bob Liscouski, Al Martinez-Fonts, Jim
Caverley, Bill Flynn, Taralyn Riordon
Electricity, Gas Sectors: Stuart Brindley, Bob Canada, Pat Laird,
Lyman Shaffer
Meeting Objectives
● Recognize successful initiatives with DHS
● Demonstrate the commitment of asset owner/operators, and support of industry associations NERC, EEI, AGA, others Sector Coordinators, ESISAC, ISAC Council
● Improve 2-way communication between industry and DHS
Recognizing Successes● NERC ESISAC project with Homeland Security
Information Network (HSIN)
● ES contribution to NIPP (energy annex)
● Canada-US interdependency exercise
● NERC Security Standards, Guidelines and Workshops
● Cyber intrusion detection system pilot
● Security clearances with some industry players
● Regional gas reliability studies
● ESISAC support during emergencies (eg. hurricanes)
DHS and Industry Roles
● Industry sees too many CIP contacts with government agencies
● Not all Sector Coordinators or ISACs reach across their entire sector NERC is Sector Coordinator and operates
ESISAC CIPC reaches broadly across electric sector DHS to formally recognize NERC through
provisions of Federal Advisory Committee Act
Opportunities for Improvement
● Threat assessment and info-sharing industry decision-makers with security clearances
● Early consultation to facilitate DHS initiatives
● Support DHS’ National Infrastructure Coordinating Centre (NICC) Situation-dependent
● Protection of Critical Infrastructure Information (PCII) Some time until appropriate protection is in place
● DHS establishing liaison in 68 Secret Service field offices