live webinar: best practices in substation security ...es-isac portal •goals for the es-isac...
TRANSCRIPT
Live Webinar:
Best Practices in Substation
Security
November 17, 2014
1
Agenda & Panelists
Welcome & Introduction - Allan Wick, CFE, CPP, PSP, PCI, CBCPEnterprise Security Manager-CSOTri-State Generation & Transmission Assoc.
NERC Reliability Standards, Metcalf - Brian M. Harrell, CPPDirector, ES-ISAC OperationsElectricity Sector Information Sharing and Analysis CenterNorth American Electric Reliability Corporation
Protecting Our Key Electrical Assets - David Batz, CISSPDirector, Cyber & Infrastructure Security at the Edison Electric Institute (EEI)
Substation Physical & Electronic Security - Hamid Sharifnia, P.E.Sr. Substation Technical AdvisorChair, IEEE Physical Security Standards Working Group
2ShotSpotter
Physical Security Update
Brian M. Harrell, CPP
Director, NERC ES-ISAC
November 2014
Over 55,000
Substations
over 100 Kv in
size!
Securing a Remote or Urban Asset!
The Real Challenge…
Metcalf
• 10 of 11 - 500/230kV units damaged
• 3 of 4 - 230/115 kV units damaged
• 6 x 115kV Circuit Breakers received gunshot
damage
Metcalf
Physical Security Standard
CIP-014
• Purpose:
– To identify and protect transmission stations and
transmission substations, their associated primary
control centers, that if rendered inoperable or
damaged as a result of physical attack could result in
widespread instability, uncontrolled separation, or
cascading within an interconnection.
• Applicability:
– Transmission Owners (TO)
– Transmission Operators (TOP)
Physical Security Standard
CIP-014
• FERC Directive to NERC on March 7th
• SDT quickly assembled
• Physical security plan to secure the most critical sub-stations
and primary Control Centers
• Approved by industry on 5/5
• Submitted to FERC on 5/23
• FERC NOPR on 7/17
Information Sharing
ES-ISAC
The Electric Sector Information Sharing and Analysis Center (ES-ISAC) provides a trusted capability for:• Sharing sector specific information
• Collecting, analyzing, and disseminating Alerts and incident reports
• Working with government agencies to ensure sector technical details are accurately understood
• Coordinating with other ISACs and International groups
• Providing for mutual information sharing during disruptions
ES-ISAC Portal
• Goals for the ES-ISAC Portal Extend the functionality and use of the portal
Utilize Microsoft technology and maintain alignment with existing and future information technology (IT) in-house initiatives
Act as the clearinghouse for Registered Entities to securely find, share, and collaborate on critical infrastructure and security related information
Portal will undergo aggressive schedule following several iterations of Design Build Test Promote cycles (see next slide for graphic)
The portal will create the vertical communications that were regarded as lacking
during the GridEx.
Objectives:Portal 1.0 go-live – This will put the portal out of pilot mode and into full production open to all registered entities
HYDRA – This will create a collaborative zone strictly for registered entity HYDRA members
Task Force Collaboration Zones – This will create a collaborative zone strictly for registered entity task forces
Portal 1.5 – This will have a formal feature addition list for the main site as well as HYDRA and Task Forces
Condition Reporting – This will serve as a hub to report one event by the registered entity to various groups such as
CID, SA, EA
Portal 2.0 – Feature and polish incremental release (TBD during design phase)
ES-ISAC Outreach Activities
• GridEx III- November 18-19, 2015
• DHS Energy Sector Road Show Briefings
• Critical Infrastructure Protection Committee (CIPC) Meetings
• One-on-One Outreach Visits
• NERC Grid Security Conference (GridSecCon)
• Cyber Risk Preparedness Assessments (CRPA)
• DOE/DHS/NERC Physical Security Maturity Model
• Increased Physical Security Presence on the ES-ISAC Portal
• Classified Briefs
– Next Classified brief (Secret) is Dec. 9th in Atlanta
Critical Infrastructure Protection:
Protecting Our Key Electrical Assets
David Batz
Director – Cyber and Infrastructure Security
Edison Electric
Institute
1933
70%
Spare Transformer Equipment Program -2006
SpareConnect - 2014
SpareConnect offers an
online tool to communicate
a utility’s bulk power system
equipment needs and
provides point of contact
information for people and
equipment across the North
American electric utility
industry for specific
equipment categories and
classes.
Timeline
IEEE PES Substations Committee
Substation Physical and Electronic Security
Hamid Sharifnia, P.E.
November 17th, 2014
1. Despite the Metcalf attack, most U.S. substations remain
vulnerable.
2. Best practices for a comprehensive security program for
substations.
3. Components of a complete physical security plan for electric
power substations.
4. Physical protection to mitigate the risks for unmanned, rural
substations.
5. Requirements for different levels of physical security for
electric power substations.
6. Best practices for alerting first responders and how do staff
security teams interact with them?
• Overview. P1402 This standard establishes minimum
requirements and practices for the physical security of electric
power substations.
• Threat assessment; Social, political & economic background of the threat,
company downsizing.
• Intrusions;
- Type of Intrusions, pedestrian, vehicular, projectile, electronic;
- Parameters, events that influence intrusions
IEEE PROJECT P1402 Standard for Physical Security of Electric Power Substations (Read entire Standard at http://www.scribd.com/doc/97207183/IEEE-Std-1402)
Substation Security Plan
• Objective
States primary concerns, such as vandalism and theft in existing
stations, or theft and injury during substation construction.
• Responsibility, Who?
• Basic Requirements
Minimum level includes fences with locked gates, control buildings w
locked doors,
• Additional measures
Motion detectors, perimeter/area detection systems, security cameras,
jersey barriers, posted guards
• Sample assessment
Criteria for Substation Security
A. Security Methods
Barriers; fence, walls, locks;
Electronic; motion sensing, video surveillance, building system,
computer security, passwords, dial back verification, selective access,
virus scans, encrypting and coding;
Other Methods; lighting, landscaping, building, patrols,
B. Communications
Internal; all employees know their security responsibilities.
External; neighbors, community
C. Effectiveness of Security Methods
• Security Measure: Fence, Wall, Barriers, Passive Anti-arm Barriers,
Active Entry Point.
• Mitigation: Electronic Access Control, Barcode, Magnetic Stripe,
Biometric Readers, Perimeter intrusion detections systems, Video
Monitoring System, Gunshot Detection, Security Lighting, Power &
Communication.
• Optimum Security Option: Computing equipment shall be placed in a
physically controlled environment with access limited to personnel who
are responsible for administering the equipment. The room shall have
proper environmental controls.
• Risk: An initial survey of substations and overall systems should be
conducted to identify persons or groups who threaten substations and to
identify the risks such as theft, vandalism, or terrorism.
Possible Threat Vectors
• Unauthorized forced entry
• Insider threat
• Small arms ballistic attack (gunfire)
• Improvised explosive device
Effectiveness of security methods—
rural substationsSurvey cited in1402 standard
Best Practices: Working w First Responders
• Have a plan.
• Establish relationships with federal & local law
enforcement officials, review your plan with them.
• Designate a point person - both at your facility and in
local law enforcement.
• Keep abreast of threats and attacks.
• Consider hosting training events with federal & local law
enforcement officials at your facility to help strengthen
relationships, improve information sharing and help build
more accurate risk assessments.
Webinar:
Best Practices in Substation Security
Q & A –How Can We Help?
Makers of ShotSpotter SiteSecure
Gunshot Detection Solutions for UtilitiesFor more info, see www.ShotSpotter.com/
27