ERO Enterprise IT Strategy and IT Projects UpdateStan Hoptroff, Vice President, Chief Technology Officer and Director of Information TechnologyTechnology and Security Committee Conference CallAugust 9, 2018

RELIABILITY | ACCOUNTABILITY2

Agenda

• ERO IT Strategy Update Data and Analytics Collaboration and Information Sharing Standards and Compliance Technology Platforms

RELIABILITY | ACCOUNTABILITY3

Agenda

• ERO IT Projects Update Compliance Monitoring and Enforcement Program (CMEP) Technology

Project Entity Registration/Standards Situation Awareness for FERC, NERC and the Regional Entities (SAFNR) Southwest Power Pool, RE (SPP RE) Dissolution Electricity Information Sharing and Analysis Center (E-ISAC) Technology

Update

• Priorities Looking Ahead

RELIABILITY | ACCOUNTABILITY4

Data and Analytics

• 2018 Business Intelligence tool updates and user adoption initiatives User and Entity Information Federation - planning and design (coordinated

with Entity Registration work)

• 2019 Geomagnetic Disturbance (GMD) Data Collection on xRM Platform

RELIABILITY | ACCOUNTABILITY5

Data and Analytics

• 2020 Generating Availability Data System (GADS) Solar Data Collection on xRM

Platform GADS data warehouse updates Misoperation Information Data Analysis System/GADS data relationships

• 2021 and Beyond GADS replacement, Transmission Availability Data System replacement;

Demand Response Availability Data System replacement

RELIABILITY | ACCOUNTABILITY6

• 2018-2020 Ongoing migration of external business activities to new Extranet Remaining migration of internal business activities to new Intranet

• 2021 and Beyond Replace public-facing web site with Content Management System (CMS) Announcements and Alerts via our Microsoft Dynamic (xRM) platform Discussion groups, supporting committees, and working groups instead of

Lyris lists

Collaboration and Communications

RELIABILITY | ACCOUNTABILITY7

• 2018 CMEP process harmonization, initial design work, Infrastructure

• 2019 Entity Registration deployed and integrated with new CMEP tool Standards as Data deployed and integrated with new CMEP tool Standards Export for registered entities CMEP Tool Release 1: Self Reports, Enforcement, Mitigation

• 2020 CMEP Tool Release 2: Compliance Monitoring CMEP Tool Release 3: Reliability Risk, Implementation Plan, Compliance

Oversight Plan, Inherent Risk Assessment, Internal Controls Evaluation

Standards and Compliance

RELIABILITY | ACCOUNTABILITY8

• Nasdaq BWise Governance, Risk, and Compliance (GRC) Platform for CMEP

• Ingenuix CMS for the E-ISAC• xRM for ERO applications• Microsoft SharePoint for ERO and NERC collaboration

Technology Platforms

RELIABILITY | ACCOUNTABILITY9

Software Platform Value Accumulation

1000 1000 1000 1000

100 100 100

100 100

100

1000 FP

1100 FP

1200 FP

1300 FP

Base Product Vendor Enhancements NERC Enhancements Upgrade Enhancements

Soft

war

e Fu

nctio

n Po

ints

Careful planning and upgrade-safe development provides consistently increasing value over time

NERC pays a vendor to add functionality

NERC developersadd more functionality

Platform Upgradeadds more functionality

RELIABILITY | ACCOUNTABILITY10

ERO IT Projects Update

RELIABILITY | ACCOUNTABILITY11

CMEP Technology Project Benefits and Beneficiaries

Standardization and implementation of common business processes and workflows, enabling increased productivity

Single, common portal for registered entities, enabling consistency of experience

Improved capability to support the Risk-Based Compliance Oversight Framework

Increased capability to implement audit best practices and processes

Enhanced quality assurance and oversight, enabling consistent application of the CMEP

Improved analytics, including visibilityinto compliance and reliability risks

Real-time access to information, eliminating delays and manual communications

Reduced application costs across the ERO Enterprise ($548k annual savings)

EntitiesNERC RegionsERO Enterprise Registered

RELIABILITY | ACCOUNTABILITY12

• Process Harmonization Schedule Self-Report – Sharing current thinking with stakeholders (Compliance and

Certification Committee Alignment Working Group (CCC-AWG)) Enforcement Processing - Underway Mitigation Plan Creation and Tracking - Underway Self-Certifications – Periodic Data Submittals (September) Compliance Audit and Spot Check (October) Compliance Planning (November)

CMEP Technology Project Update

RELIABILITY | ACCOUNTABILITY13

CMEP Technology Project Update

• BWise vendor licensing and hosting agreements completed • Project plan completed – Will revise as needed• Project communications – Completed and being executed• Training Needs Assessment – Under development• Change Management Plan – To be developed • Support resource on-boarded

RELIABILITY | ACCOUNTABILITY14

CMEP Stakeholder Engagement and Communications Plans

• CCC AWG

• Other standing committees and subcommittees• Regional committees and groups• Trade organizations and other groups• Canadian and Mexican entities

RELIABILITY | ACCOUNTABILITY15

CMEP Top Steering Committee Issues

• Ensuring stakeholder involvement and registered entity readiness

• International entities• Conversion of historical data• Data protection and security • FERC access

RELIABILITY | ACCOUNTABILITY16

Entity Registration and Standards as Data

• Updated business case for the ERO Technology Leadership Team (TLT) - August 14, 2018

• Standards and registration data integration with BWise (Q3 2019)

RELIABILITY | ACCOUNTABILITY17

SPP RE Dissolution

• Majority of data migration completed• Useful knowledge gained from data migration efforts, applicable

to the CMEP Technology Project• Number of test cases executed - 150

RELIABILITY | ACCOUNTABILITY18

SAFNR Upgrade

• Key required features for a new version of SAFNR Ability to control views for NERC, FERC, Regional Entities, and Reliability

Coordinators Request and vetting process for new and existing users Facilities search function Trending capability for historical data Visual indicator for change in status Alerting for transmission and generation outage Ability to perform user-defined data aggregation

• Business case, RFP, and ERO-TLT approval during 2018

RELIABILITY | ACCOUNTABILITY19

E-ISAC Technology Update

• E-ISAC Portal User communities delivered June 28 • Continue to deploy and deliver enhancements to data analytics

capabilities (people, data, tools)• Integration with machine-to-machine applications, other threat

intelligence feeds, and malware analysis tools (DOE)

RELIABILITY | ACCOUNTABILITY20

Priorities Looking Ahead

• CMEP Technology Project Business Process Harmonization• Business Case for SAFNR• Additional functionality for the E-ISAC portal Additional authentication enhancements Additional user interface/experience enhancements, content editing, and

editorial management and digital asset management (Version 10 - 2019) New ability to track client actions and track engagement, target content,

and deploy personalized content (Version 11 - 2020)

• Additional analytical capabilities for the E-ISAC, with a focus on the “analyst workbench/data warehousing”

RELIABILITY | ACCOUNTABILITY21

1 RELIABILITY | RESILIENCE | SECURITY

RELIABILITY | RESILIENCE | SECURITY

E-ISAC Update

Bill Lawrence, Director of the E-ISACWebinarAugust 9, 2018

2 RELIABILITY | RESILIENCE | SECURITY

Agenda

• Mission and vision• E-ISAC Long-term Strategic Plan framework• Key activities update• Overview of 2018 Q1/Q2 accomplishments

3 RELIABILITY | RESILIENCE | SECURITY

MissionThe E-ISAC reduces cyber and physical security risk to the

electricity industry across North America by providing unique insights, leadership, and collaboration

VisionTo be a world-class, trusted source for the quality analysis and

rapid sharing of electricity industry security information

Mission and Vision

4 RELIABILITY | RESILIENCE | SECURITY

Vision: To be a world class, trusted source of quality analysis and rapid sharing of electricity industry security information

Supported by:• NERC Board of Trustees• Electricity Subsector Coordinating Council (ESCC)• ESCC Members Executive Committee (MEC)

E-ISAC Strategic Plan

EngagementAnalysisInformation Sharing

Accelerate sharing and high priority

notifications

Enhanceportal

Improveinformation flow

and security

CRISP CYOTE CAISS Strategic Vendor

Partnerships

Hire and developexceptional employees

Leverage information sharing

technologies and resources

to enhance analytical capability

Prioritize products and

services

Metricsbenchmarking

Evaluate 24x7

Operations(future)

Build trust and show value

World Class ISAC

Strategic Framework

5 RELIABILITY | RESILIENCE | SECURITY

Key Activities Update

Team• Multiple new technical certifications and new hires

Engagement• Completed five cycles of Industry Engagement Program with 17 cyber

and physical analysts• Cyber Mutual Assistance• Japan Electricity ISAC and European Energy ISAC• GridSecCon 2018

Technology pilots and programs• Cyber Risk Information Sharing System (CRISP)• Cyber Automated Information Sharing System (CAISS)• E-ISAC Portal

6 RELIABILITY | RESILIENCE | SECURITY

2018 Q1 and Q2 Deliverables

Q1 Q2

30 60 90 30 60 90

Info

rmat

ion

Shar

ing

Enhance Portal

Improve information accessJoin quarterly DHS secure video teleconference tests with industry clearance holders

Obtain credentials for staff access to DHS National Cybersecurity and Communications Integration Center

Develop detailed roadmap and begin implementations of portal enhancements including potential data visualization, enhanced authentication, user management and registration

Circulate draft GridEx IV reports Release GridEx IV reports

Build work plan with ESCC and CIPC to accomplish GridEx recommendations and lessons learned

Ongoing projects Significant progressLegend:

Deliver Email Notifications with Content

Implement User Communities

Accelerate sharing and high-priority notificationsEstablish and exerciseCritical Broadcast process

Develop strategic vendor partnerships

Develop and pilot CAISS information sharing capabilities

Deploy HF capability

Gather requirements, develop plan, issue RFP for Event Management tool

7 RELIABILITY | RESILIENCE | SECURITY

2018 Q1 and Q2 Deliverables

Q1 Q2

30 60 90 30 60 90

Anal

ysis

Acquire and develop high quality resources

Leverage technology

Evaluate new analytical capabilities

Enhance CRISP data analysis

Evaluate deployment of DOE malware forensics tools and dropbox

Metrics benchmarking

Hire additional cyber analysts

Develop requirements and issue RFP for contracted analyst supportDevelop embedded industry augmentation program

Develop and pilot CAISS analytic capabilities

Benchmark security metric data

Continue work with CIPC Security Metrics Working Group

Hire physical security manager and analyst

Implement embedded industry augmentation program

Gather requirements and issue RFP for data warehouse and analyst workbenchPrioritize products and services with MEC Working Group

8 RELIABILITY | RESILIENCE | SECURITY

2018 Q1 and Q2 Deliverables

Q1 Q2

30 60 90 30 60 90

Enga

gem

ent

Hire Member Services manager

Strengthen private sector relationships (e.g., SANS, CEATI, etc.)

Expand industry relationships and collaboration

Promote unclassified workshopsBuild trust and value via user communities

Strengthen governmental, institutional, and private sector relationshipsEstablish recurring meetings with DOE, DHS, FERC OEIS

Add CRISP participants

Establish MOU with Canadian Cyber Incident Response Centre

SANS ICS Summit

MEC and CIPC MEC and CIPC

Establish monthly CRISP classified workshops with DOE and Pacific Northwest National Laboratory

Continue work on trilateral MOU with Japan E-ISAC and European Energy ISAC

GridSecCon strategic planning GridSecCon call for presentations and training

Enhance Energy (DNG, ONG) and cross-sector ISAC relationships (Water, Auto, REN, Nuclear, Comms, FS)

Define relationship with Cyber Mutual Assistance program

Develop user community governance and additional portal requirements

MEC

Develop User management registration requirements

9 RELIABILITY | RESILIENCE | SECURITY