cyber security working group november 2010
DESCRIPTION
Cyber Security working Group November 2010. Marianne Swanson [email protected] November 30, 2010. Agenda. Industry Update: NESCO (Rhonda Dunfee) Subgroup Updates (Subgroup Leads). November 30-December 3, 2010. 2. The NESCO Group: EnergySec + EPRI. Rhonda Dunfee - PowerPoint PPT PresentationTRANSCRIPT
![Page 2: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/2.jpg)
•Industry Update: NESCO (Rhonda Dunfee)•Subgroup Updates (Subgroup Leads)
AGENDA
2November 30-December 3, 2010
![Page 4: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/4.jpg)
Roadmap VisionIn 10 years, control systems for critical applications will
be designed, installed, operated, and maintained to survive an intentional cyber assault with no loss of critical
function.
Roadmap VisionIn 10 years, control systems for critical applications will
be designed, installed, operated, and maintained to survive an intentional cyber assault with no loss of critical
function.
• Published in January 2006, updated Roadmap in development
• Energy Sector’s synthesis of critical control system security challenges, R&D needs, and
implementation milestones
• Provides strategic framework to
– align activities to sector needs
– coordinate public and private programs
– stimulate investments in control systems security
ROADMAP UPDATED TO INCLUDE SMART ROADMAP UPDATED TO INCLUDE SMART GRIDGRID
![Page 5: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/5.jpg)
THE NESCO GROUP
• Mission: Lead a broad-based, public-private partnership to improve electric sector energy systems cyber security
• Vision: An industry owned and operated group that supports electric sector response efforts to address cyber events
• Goals:• Identify and disseminate cyber security best practices to the
sector• Analyze, monitor and relay infrastructure weakness and threat
information• Work with federal agencies to improve electric sector cyber
security• Encourage key electric sector supplier and vendor support /
interaction
![Page 6: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/6.jpg)
• $16.2M Cost-sharing award ($10M Federal)– EnergySec – NESCO (Total $9,752,730)– EPRI – NESCOR a research and analysis resource for NESCO
(Total $6,662,500)
THE NESCO GROUP FUNDING
![Page 7: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/7.jpg)
ACTIVITIES TO DATE
• Sep 30: Completed• Internal DOE meeting to discuss expectations and roles• Meetings with EnergySec and EPRI discussing roles/responsibilities• Definitized EnergySec agreement awarded (eff. Oct 1)• Undefinitized EPRI agreement awarded (expected definitization Dec
31)
• Nov 2-3: Visit with ICS-CERT at Idaho National Laboratory• Nov 3-4: Participation in the TCIPG Industry Workshop• Nov 17: Kickoff Meeting for NESCO/NESCOR
• Identify key milestones and deliverables• Discuss expectations
• Nov 18: Informational Briefing for Federal Partners in DC• Dec 1: Participation in the CIP Congress at the National Harbor• Dec 8-9: Participation in CIPC in Tampa
![Page 8: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/8.jpg)
NESCO - ENERGYSEC
SGIP GridInterOp, November 30-December 3, 2010
![Page 9: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/9.jpg)
ENERGYSEC
• 501(c)(3) non-profit organization• 401 active portal users from 108 unique organizations• Organizations represent 54.92% U.S. generation and 66.79%
electric distribution• Current board of directors and advisory team consist of
industry professionals in information security, physical security, engineering, plant operations, disaster recover, telecommunications, etc.
• First deliverable complete: Closed mailing list to replace the general EnergySec Forum and enable participants to more easily interact
![Page 10: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/10.jpg)
STRENGTHEN THE CYBER SECURITY POSTURE OF THE ELECTRIC SECTOR
• Establish a broad-based public-private partnership for collaboration and cooperation• Develop NESCO membership• Conduct Town Hall Meetings• Improve collaboration with government• Reach out to other industry groups, academia and
organizations• For example, ES-ISAC, ICSJWG, NERC
• Encourage vendor and manufacturer involvement in collaboration
![Page 11: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/11.jpg)
ENERGYSEC PORTAL
11
![Page 12: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/12.jpg)
ENHANCE ELECTRIC INFRASTRUCTURE RELIABILITY AND CYBER SECURITY SOLUTIONS DEVELOPMENT
• Coordinate “end user” testing opportunities for projects and research requiring broad industry adoption for success
• Create code and best practices repository• Create working groups to evaluate incidents and best
practices
![Page 13: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/13.jpg)
PROVIDE A PATH FOR RAPID INFORMATION DISSEMINATION
• Establish a rapid notification system• Develop situational awareness information dissemination
system for threat and vulnerability information • Enhance collaboration web portal• Institute the capability to share information, best practices,
resources, and solutions to and from domestic and international electric sector participants
![Page 14: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/14.jpg)
PROVIDE DATA ANALYSIS AND FORENSICS CAPABILITIES TO ASSESS CYBER-RELATED THREATS AND EVENTS
• Provide on-demand service to conduct forensics for cyber security breaches through external organizations who are forensics leaders
• Design and implement a data analysis program
![Page 15: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/15.jpg)
ADDITIONAL TASKS
• Project management• Assist in developing strategies to protect the energy
infrastructure• Stimulate support and interaction with key electric sector
suppliers and vendors
![Page 16: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/16.jpg)
NESCOR - EPRI
SGIP GridInterOp, November 30-December 3, 2010
![Page 17: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/17.jpg)
ELECTRIC POWER RESEARCH INSTITUTE• Independent nonprofit organization• Conducts R&D relating to the generation, delivery and use of
electricity• Members represent more than 90% of the electricity
generated and delivered in the U.S.• International partnership includes 40 countries
![Page 18: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/18.jpg)
COLLABORATE AND PROVIDE INPUT TO NESCO
• Support NESCO in enhancing collection and dissemination of threat and vulnerability information to industry
• Assist NESCO and others in developing strategies to identify and prepare for immediate and future challenges to grid reliability, resiliency, and security
• Review and assess existing cyber security standards to meet requirements and identify gaps in cyber security capabilities
• Conduct cost-benefit analyses of graded risk management approach
• Develop testing methodologies and facilitate testing
![Page 19: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/19.jpg)
DISCUSSION
SGIP GridInterOp, November 30-December 3, 2010
![Page 20: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/20.jpg)
INFORMATION SHARING APPROACH• Building on EnergySec’s past successes• Keys have been proficiency, familiarity and trust• Built relationships at the operations, management, and
executive levels among companies within the energy sector• Provided trusted and effective forums for obtaining mutual
assistance on issues related to critical infrastructure protection• Developed trust within the industry in order to develop,
promote, and support new information sharing technologies that provide both confidentiality and impartiality
• Focused on the industry• Emphasized timeliness as demanded by the current threat and
risk landscape
![Page 21: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/21.jpg)
ISSUES/CONCERNS• Constraints to NESCO
• Staged Cost-sharing leading to self-sustainability in 3 years• Large sector size• Diverse stakeholders (asset owners/operators; generation,
transmission and distribution; end users, vendors)• Collaboration with Federal agencies and Industry organizations• Avoiding duplication of effort and establishing
roles/responsibilities• Information sharing
• Government NESCO• Industry NESCO
![Page 22: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/22.jpg)
Rhonda DunfeeInfrastructure Security & Energy Restoration Division
Office of Electricity Delivery & Energy ReliabilityDOE
![Page 23: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/23.jpg)
CSWG SUBGROUP UPDATES
Subgroup Leads
23November 30-December 3, 2010
![Page 24: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/24.jpg)
•AMI Security (Darren Highfill)•Design Principles (Daniel Thanos)•Privacy (Tanya Brewer)•Testing & Certification (Sandy Bacik)
SUBGROUP UPDATES
24November 30-December 3, 2010
![Page 25: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/25.jpg)
AMI SEC
• Twiki: http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CsCTGAMI
• Meetings: Tuesdays at 13:00 Eastern• Dial-in Information: 866-793-6322 X3836162#• Mailing list: [email protected] • To join the mailing list contact [email protected] • Co-Chair contact information
– Darren Highfill ([email protected]) – Ed Beroset ([email protected])
25November 30-December 3, 2010
![Page 26: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/26.jpg)
• Back-office components that have metering as primary focus• E.g.: MDMS is in scope, CIS is not
• Through the electric meter or utility-owned/operated gateway• Water meters, gas meters, and customer-owned/operated devices
are not explicitly in scope• Interface-Oriented Projection of Requirements: Devices wishing to
communicate using AMI must meet certain capabilities and follow certain behavior to be allowed on the network
• May develop “classes” of device requirements to account for highly heterogeneous resource constraints (i.e.: home EMS vs. gas meter)
• All layers of communications stack• Challenge in finding appropriate SDO to work with• Consensus from St. Louis: benefits of unified document addressing
AMI in the manner it is procured outweigh challenges
AMI SECURITY SUBGROUP – SCOPE
26
![Page 27: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/27.jpg)
• Consensus: Propose a Priority Action Plan to standardize a set of requirements for AMI security• Proposal is stronger if we know which SDO/SSO we want to work with• Current draft:
http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/AMISecurityRequirements
• Linked on CSCTGAMI and Priority Action Plans pages• Criteria for selecting SDO/SSO
• Industry acceptance• Expertise in power systems, especially advanced metering• Expertise in communications, networking, and security
• Openness to interaction with AMI Security Subgroup and the SGIP• Ability to work quickly• Cost of final product (i.e. purchase price of standard)
• Nominated SDOs/SSOs• ANSI, IEC, IEEE, IETF, ISA, and NEMA• AMI Security Subgroup to produce and distribute RFI
AMI SECURITY SUBGROUP – PAP PROPOSAL
27
![Page 28: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/28.jpg)
•Twiki: http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CSWGDesignPrinciples •Meetings: Fridays 15:30 Eastern•Dial-in Information: 800-728-9607 X4570752#•Mailing list: [email protected] •To join the mailing list contact [email protected] •Chair contact information
• Daniel Thanos ([email protected])
DESIGN PRINCIPLES
28November 30-December 3, 2010
![Page 29: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/29.jpg)
•Twiki: http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CSCTGPrivacy •Meetings: Thursdays, 11:00 Eastern•Dial-in Information: 866-802-3515 X2817109#•Mailing list: [email protected] •To join the mailing list contact [email protected] •Chair contact information
• Rebecca Herold ([email protected])
PRIVACY
29November 30-December 3, 2010
![Page 30: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/30.jpg)
Smart Grid Privacy Group Scope/MissionTo identify and clearly describe privacy concerns within the Smart Grid and opportunities for their mitigation. In addition, the group strives to clarify privacy expectations, practices, and rights with regard to the Smart Grid by:
• Identifying potential privacy problems and encouraging the use of relevant existing fair information practices
•Seeking the input of and educating Smart Grid entities, subject matter experts, and the public on options for protecting privacy of, and avoiding misuse of, personal information used within the Smart Grid
•Providing recommendations for coordinating activities of relevant local, state, and federal agencies regarding Smart Grid privacy related issues
•Making recommendations and providing information to organizations developing privacy policies and practices that promote and protect the interest of Smart Grid consumers and organizations
![Page 31: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/31.jpg)
Smart Grid Privacy Group Scope/MissionTry to answer questions such as those received informally:• “How will information about my energy consumption (days, times, amounts,
and other use profile information) be used shared with business partners?”
• “Will there be any public way to verify addresses or names of clients of the grid?”
• “Any and all PII will be considered private and confidential I hope. Or will they make the mistakes of so many others in the past of doing reverse lookups based on meter numbers or neighborhood consumption reports?”
• “Do the Fair Information Practice principles (“FIPs”) provide a sound and adaptable framework for addressing consumer privacy concerns or are they just the baseline?”
• “How secure are the meters, HAN and other communication devices (secure in the means of protecting customer information)?”
• “What types of "click and consent" models will be used?”
• “How will information be shared and used, and how will it be protected?”
• “What kind privacy protections will be in place prior to allowing third party access?”
![Page 32: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/32.jpg)
Group Demographics
The NIST Smart Grid Privacy Subgroup currently includes:
• Energy and Utilities Industry Experts• State Public Utilities Commission Representatives• Information Security Experts• Privacy Experts• Attorneys and Legal Experts• University Professors and Students
Other technical, operational and privacy experts, from all regions, are welcome to join the group!
![Page 33: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/33.jpg)
• Address privacy issues for businesses (commercial, institutional, industrial)
• Expand upon PEV issues• Discuss National Strategy for Trusted IDs in Cyber Space (NSTIC)
impact on privacy in the Smart Grid• Address privacy issues related to energy generation• Add more privacy use cases to what is in NISTIR 7628• Add more discussion of opt-in versus opt-out: what real choices are
possible to allow Smart Grid functioning and what is not?• Expand upon data collection endpoints/paths (e.g., private
internetworks, storage media devices, etc.) that will be part of the Smart Grid
• Expand upon Internet- and wireless-related issues
Work Going Forward
![Page 34: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/34.jpg)
Work Going Forward
Smart Grid Categories with Potential Privacy Issues
Consumers (expanding Upon Version 1 of NISTIR 7628)
Commercial / Institutional (apartments, hospitals, dormitories,
etc.)
Commercial/Non-Institutional (office buildings, retail stores, data centers,
car rentals, etc.)
PhysicalAdmini-strative Technical
Privacy Impacting
Data PhysicalAdmini-strative Technical
Privacy Impacting
Data PhysicalAdmini-strative Technical
Privacy Impacting
Data
Smart Meters - energy usage X X X X X X X X - P P P - pricing data X X X X X X X X - P P P - smart device data X X X X X X X X - P P P PEVs (NOTE: Requested by PAP11) - private charging station X X X X X X X X - P P P * energy usage X X X X X X X X - P P P * pricing data X X X X X X X X - P P P * PEV related data X X X X X X X X - P P P - public charging station P P P P P P - P - P P P * PEV related data P P P P P P - P - P P P - servicing X X X X P P P P - P P P
![Page 35: Cyber Security working Group November 2010](https://reader036.vdocuments.us/reader036/viewer/2022062423/568146b9550346895db3e840/html5/thumbnails/35.jpg)
•Thank you to everyone for your contributions and support
•On Wednesday,• Annabelle Lee, FERC, will provide us with an update on the FERC
standards review• CSWG PAP liaisons and their involvement in the PAPs will be
discussed• CSWG Standards subgroup lead will provide a review of what the
standards subgroup has accomplished and the standard template the CSWG uses for the standard review process
• Preview of the CSWG 3-year plan
•Twiki: http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CyberSecurityCTG
WRAP-UP
35November 30-December 3, 2010