IIIA Technical Paper 04-01
|
|
- Kevin Floyd
- 8 years ago
- Views:
Transcription
1 Network Security Risk Assessment Modeling (NSRAM) Application to Municipal Electric Power Grid IIIA Technical Paper May 2004 IIIA Institute for Infrastructure & Information Assurance James Madison University Harrisonburg, VA (540) ; Fax (540)
2 Network Security Risk Assessment Modeling (NSRAM) Application to Municipal Electric Power Grid J. McManus, MBA, G. Baker, Ph.D., S. Redwine, M.S., P. Riley, M.S. College of Integrated Science and Technology, James Madison University, Harrisonburg, Virginia, U.S.A. George Baker is a member of the faculty at James Madison University and is involved in consulting with industry and government in the areas of critical infrastructure assurance, high power electromagnetics, nuclear and directed energy effects, and ground sensors. He is the former director ( ) of the Defense Threat Reduction Agency s Springfield Research Facility involved in assessing, protecting and targeting critical underground, infrastructure and mobile systems. Much of his career was spent at the Defense Nuclear Agency directing RDT&E related to hardening systems to nuclear effects. He is presently a staff member of the Congressional EMP Commission and serves on the National committee of the American Electromagnetic (AMEREM) conference. He is past chairman of the Nonproliferation and Arms Control Technology Working Group (NPAC) focus group on buried facilities, the Underground Site Infrastructure Applications Working Group, and the international Technical Cooperation Program EMP Group. He is a member of IEEE and an EMP Fellow. He holds a Ph.D. from the U.S. Air Force Institute of Technology. Samuel T. Redwine, Jr. is a long-time figure in software engineering. He is past editor of the IEEE computer Society Software Engineering Technical Council Newsletter. He has received several major awards and has authored over 50 publications. His interests include software engineering, quality (particularly correctness), technology, and management; organizational improvement; R&D management; technology transfer; and computer security. Mr. Redwine has worked in industry and consulting for more than 25 years including time at Mitre, Institute for Defense Analyses, and the Software Productivity Consortium. He is an Associate Professor of Computer Science at James Madison University. Previously he was an Adjunct Professor at George Mason University and Virginia Tech. He has a B.S. and M.S. degrees from M.I.T. and is a member of IEEE, ACM, and the American Society for Quality (ASQ). James McManus is the Risk Assessment Modeler for the Critical Infrastructure Protection Project. His background includes over seventeen years of experience in the aerospace industry as design engineer and manager, risk assessment, and requirements management roles. He was also a director at a small research and development company where he oversaw research projects and overall operations of his office. Mr. McManus has a Bachelors in Aerospace Engineering from Georgia Tech, and an MBA from Kennesaw State University. Phil Riley is a Programmer/Analyst for the Critical Infrastructure Protection Project. His main interests are in Java development and mathematical computing. His degrees include AB, Math, University of Chicago; MA, Math, Duke University; and MS, Computer Science, James Madison University.
3 ABSTRACT Under the Critical Infrastructure Protection (CIP) program, The James Madison University (JMU) CIPP research team is developing Network Security Risk Assessment Modeling (NSRAM) tools that will enable the assessment of both cyber and physical infrastructure security risks. The effort is driven by the need to predict and compute the probability of adverse effects stemming from system attacks and malfunctions, to understand their consequences, and to improve existing systems to minimize these consequences. The tools are targeted at systems supporting critical infrastructures varying from individual systems to organization-wide systems, as well as systems covering entire geographical regions. Early work emphasizes computing systems, but systems sharing the network nature of computing systems, such as electrical and water supply systems are potential targets. Our development strategy emphasizes interaction with infrastructure service providers early-on to ensure that the final product is useful and user-friendly. The tools are being developed as part of a larger infrastructure assessment methodology development effort. As one of our first cooperative real-world case studies, we have used a developmental version of our network flow simulation tool to model Valleyville s" municipal electric power grid. We discuss the tool design, system characterization and modeling, and lessons learned from this case-study INTRODUCTION In 2003, the Department of Homeland Security issued national strategy documents for the protection of physical and cyber infrastructures that call for vulnerability assessments of critical infrastructure systems. 1,2 Modeling tools for simulation of network security and risk assessment will be an important part of such assessments. Critical infrastructure systems and facilities are subject to many different failure modes. It is important to anticipate the possible modes, the likelihood of their occurrence, and the relative seriousness of their consequences. Failures may be due to many causes, intentional and nonintentional, including cyber attacks, accidents, aging or sabotage from insiders or external malefactors. Failures can propagate such that seemingly minor problems may lead to complete functional failures. Some serious failure modes may be counter-intuitive. Of particular concern is the presence of single point failure locations known to exist in many existing critical facilities. Assessments provide an important basis for determining the most serious failure modes, implementing cost-effective countermeasures, and planning for reconstitution. To facilitate balanced assessments of both physical and cyber security problems, we are pursuing tools which extend probabilistic risk assessment into the time domain. 1 The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets, U.S. Dept of Homeland Security, February The National Strategy to Secure Cyberspace, U.S. Dept of Homeland Security, February 2003
4 NSRAM TOOL The NSRAM tool is a complex network system simulation modeling tool that is currently in development at JMU as part of the CIPP effort. The NSRAM tool concept emphasizes the analysis of large interconnected multi-infrastructure models. JMU is also developing the concept of sophisticated repair element sets that interact via pre-defined algorithms to more accurately simulation repair personnel reaction to system insults or malfunctions. These repair element sets are unique in that they interact with the simulation network model in a pre-determined manner, but their operating rules can be changed to allow the user to optimize repair strategies. The NSRAM tool design includes a graphical user interface for developing models, developing scenarios, and interpreting output. The tool is designed to be portable, and uses portable and expandable database and model structures. The tool also provides a framework to simulate large networks and analyze their behavior under conditions where the network suffers failures or structural breakdowns. In order to accurately portray the severity of network failures, repair variables (time to repair, cost to repair, repair priorities) must be taken into account. The NSRAM tool provides a repair element set that allows the user to develop an accurate repair capability that can model the effects of repair personnel or part scarcity, communication requirements, and uncertainty. The repair element set is a specialized network made of elements and flows (the same as all NSRAM networks) that interact with the modeled network via predefined repair action rules. An initial set of repair elements was used in the Valleyville case study described below. The repair element set is a unique capability of the NSRAM tool. This capability will allow the user to accurately simulate any configuration of fault detection and repair schemes. The repair element set consists of repair entities with specialized functions. These specialized elements can be combined and customized by the user as desired to provide accurate and realistic repair and maintenance functionality to the network model. All repair element set actions will simulate the actions of agents in real time. Therefore, time to travel, cost, etc. will be variables that can be tracked. The repair element set will also collect statistical data of failure frequency, mean time to repair (MTTR) and other variables as required to determine repair effectiveness. The intent of these repair element sets is to more accurately model the human response to perceived system damage. The repair element sets identify symptoms, test the system to determine the elements that are damaged, attempt to repair the damage, and then attempt system recovery. If symptoms are still present, the repair elements repeat the above cycle until the system is recovered. Inspection routines will also be accommodated so that preventative maintenance effects are accurately incorporated. The repair element set design is a large task, and JMU is currently at the beginning of this effort. In order to incorporate the repair sets into the model as quickly as possible, they are being designed with extensibility in mind. That way, as the repair sets are developed, they can be easily modified and capabilities added to enhance fidelity and/or flexibility. We will initially incorporate relatively simple repair capabilities and add capabilities to accommodate client needs.
5 VALLEYVILLE MUNICIPAL ELECTRIC POWER GRID CASE-STUDY An important part of the NSRAM development strategy is early interaction with clients to ensure that the model is responsive to real-world needs in terms of input problems and output information. The client interaction is doubly important, because the tool is being developed as part of a larger vulnerability assessment methodology to treat realistic infrastructure problems. As one of our first clients, we have been able to work with a local municipal public works department to do an initial case study on their electric power distribution system. We used the codename Valleyville for this project to provide security for our client. The Valleyville case study project involved a broad set of objectives culminating in modeling the system using NSRAM. We organized an assessment team including faculty experts on electric power, risk assessment and modeling and simulation. A field team, including students, was deployed to survey and map the electric power system. All major power transformers and electrical distribution lines were mapped. This map provided the information required to develop both a physical and a logical (power flow) map of the town s power grid. The team also reviewed system engineering documents to gather information on network operating parameters and component design. In consultation with the public works department, we identified the critical system elements including grid components and locations of critical infrastructure facilities supplied by the grid. Critical facilities included water supply, waste treatment, government, police, fire and rescue services. Facilities having backup generators were noted. Repair resources and their capabilities were identified. We developed a comprehensive list of threats and hazards that might affect the system and discussed these with the public works department to determine those of highest concern.. MODELING VALLEYVILLE Once information gathering and physical mapping was complete we developed a one-line diagram of the system and selected a network subset for our initial NSRAM modeling. The modeling investigated the effect of various outage scenarios on the municipality. While the town and electrical power grid model are modest in size the task enabled us to exercise the graphical user interface model design scheme, build a realistic model, and provide feedback to the software developers to help design algorithms that make model creation intuitive. The Valleyville power grid is composed of three separate AC electrical circuits, each separated by 120 degrees of phase separation. These phases are noted as Phase A, B, and C. Power is purchased from a regional distributor and enters the municipal grid at 19.9 KV. This voltage level is stepped down at the main substation from 19.9 KV to 4.2 KV (phase to ground.) The 4.2 KV voltage is stepped down to the familiar household 120/240 V via distribution transformers. Distribution transformers generally provide power for three to ten homes. Businesses generally have a dedicated distribution transformer, and in several cases used power from different phase circuits simultaneously. The municipal grid has no active monitoring, and relies on inspections and trouble calls from customers to alert Valleyville Power Company to problems. The NSRAM tool used the Valleyville power flow map to develop an electrical grid functional model. While the three single phase circuits are physically very close (the three distribution lines generally are attached to the same power distribution poles) from a power distribution point of
6 view they are completely isolated. The three phases of electrical power were modeled as three separate models, however the naming convention used allowed us to investigate a situation where insults occur that could physically affect all three power phases simultaneously (for example, if a power distribution pole is knocked down.) Due to the relatively small size of the power grid, we were able to easily model the system at a detailed level. However, as in all modeling exercises, some abstractions were made. For this model, the power loads were simplified. Each power load element represents three to seven residential consumers power consumption needs or a commercial load. These loads are variable and are a function of time of year, time of day, temperature and a number of other variables; however in the first generation of this model the loads are considered to be constant. This simplification is acceptable because our original outage scenario focuses on power outages caused by large external events, such as lightning strikes, rather than power outages caused by customers overloading the system. The development approach for the NSRAM tool is to simultaneously develop the software while using early versions to solve client problems. Through exercising the tool via real world applications, we are attempting to modify our requirements while still in the design stages to enable the team to develop a more useable tool in the end. RESULTS Phase A of the Valleyville power grid was initially modeled as a capability demonstration. The model consisted of approximately 60 elements and 74 connections between those elements. Valleyville power usage was abstracted as total power demand at the final distribution transformer, that is, customer houses were lumped together as a distribution transformer load. Figure 1 is a screenshot from the demonstration showing the logical network of the power grid. Figure 2 shows details from the model. This figure shows individual elements (different icons for each type of element modeled), input and output ports (dots around the elements) and connections (lines.)
7 Figure 1 NSRAM Demonstration Model Figure 2 Model Details
8 The model was subjected to a major outage condition simulating a municipal grid line failing. This failure caused the household loads to exceed the power available at the distribution transformer, which caused the loads to shut down. The loads (households or commercial) wait a random amount of time before phoning the power company to notify it of a failure condition. The repair element set for this case study was an initial set designed specifically for Valleyville that consists of two repair agents and the main power company. When the power company is notified that a failure occurred, it radios one of the repair agents and sends it to the notification location. The repair agent has a delay built into the programming to simulate the need to drive to the location. When the agent reaches the location, it tests the element to determine if the element has failed. If so, the agent repairs it. If the element is operational, the repair agent travels to the first element between the previously checked one and the main power station. It repeats that cycle, working its way towards the main power station until it finds a failed element, which it repairs. Then it notifies the main power company that it has finished its work and returns to base. This behavior accurately simulates the methods used in Valleyville. When a customer calls in the repair truck is dispatched to that location. The power lines are traced back towards the main substation until the problem is found and repaired. The demonstration run consisted of one of the municipal grid lines failing. This lead to a large number of customers losing power, which provided a large set of starting points for the repair agents to begin their diagnoses. As this line is fairly well upstream the repair agents would on average check several elements prior to discovering the major power line failure. This study simulates a large lightning strike, the intentional destruction of a power line or a similar event. Below is an example of a resultant output graph from the case study where operational impact occurred. The output shows the percentage chance that power is available at that element. Initially, the power grid is allowed to come to equilibrium and operate for a short period of time. The sudden decrease indicates the failure event. Then, depending on where the repair agent initially starts its search, the percentage chance that power is available begins to climb back towards nominal. The three lines on the graph indicate the mean values and one standard deviation above and below that value.
9 Figure 3 Typical NSRAM Output Graph LESSONS LEARNED FROM CASE STUDY The strategy of using a modeling tool that is in development to assist in a client analysis has been both fruitful and frustrating. It was sometimes frustrating to the modeler that the NSRAM tool is still in development and many of its features are more difficult to access than would be expected in a mature tool. This caused the development of the electrical grid models to be delayed somewhat and incurred extra time in building those models. In addition, the development team was busy testing the next revision of the software during the time the models were developed. Although the development team was quite helpful, it was unrealistic to expect them to have the time to solve all discovered problems in time to help with the initial phase of model building. However, this exercise provided helpful feedback on several features of the software that are either in development or are planned to be developed in the next release. The team feels that this feedback helped to focus the development team planning for the next internal release task. It also provided the modeler with a better understanding of the developers targeted usage of the tool and the developers with a better understanding of how the tool will ultimately be used. CONCLUSION We are developing risk analysis modeling tools that address physical and cyber infrastructures. The tools extend probabilistic risk assessment into the time domain and include a time domain fault tree technique and a network flow simulation based techniques. The fault tree technique provides a simple, top level calculation of overall system mission functionality vs. time. The network flow based technique provides detailed system service performance, security and risk metrics vs. time. For critical infrastructure networks the JMU models and tools will provide insights into failure and degradation including possibilities, probabilities, modes, cascading effects, and durations. They should provide useful insights into probable failure points and most cost effective protection and/or upgrade approaches. Results will be useful for estimating the cost of service degradation or outage.
10 The tools are still in the developmental stage. The initial products will be somewhat technical in nature, designed for the use of JMU consultant level experts, with current development work concentrating on modeling repair, computer security phenomena, user interface refinements to increase accessibility and capabilities needed to model client infrastructure networks. Successful application of these tools requires that they be used as part of a well defined risk assessment methodology and that system subject matter experts be involved in defining input parameters to ensure reliable results. May, 2004 Institute for Infrastructure & Information Assurance
I n s t i t u t e f o r I n f r a s t r u c t u r e a n d I n f o r m a t i o n A s s u r a n c e
A Vulnerability Assessment Methodology for Critical Infrastructure Facilities 1 George H Baker III, PhD James Madison University Harrisonburg, VA 22807 bakergh@jmuedu ABSTRACT Highly efficient, complex,
More informationThe calm after the storm
The calm after the storm Human decision support in storm outage recovery Rafael Ochoa, Amitava Sen It s a fact of life that interruptions in an electrical distribution utility happen. Although they can
More informationStorm Ready: How to Prepare Your Business
Storm Ready: How to Prepare Your Business Emergency Planning and Storm Preparedness Louis DeBrino, Manager, Emergency Preparedness 1 PSEG Long Island: Who We Are and the Promises We ve Made 2 PSEG Vision,
More informationMonitoring Web Applications with Application Response
Monitoring Web Applications with Application Response For time-critical Web-based applications, even a short-term performance problem can cause lost revenue when customers cannot place orders or they become
More informationREQUIREMENTS FOR A REAL-TIME RISK MONITORING TOOL TO REDUCE TRANSMISSION GRID NUCLEAR PLANT VULNERABILITIES
REQUIREMENTS FOR A REAL-TIME RISK MONITORING TOOL TO REDUCE TRANSMISSION GRID NUCLEAR PLANT VULNERABILITIES M. D. Muhlheim, 1 L. C. Markel, 2 F. J. Rahn, 3 and B. P. Singh 4 1 Oak Ridge National Laboratory,
More informationInfrastructure Interdependencies
Infrastructure Interdependencies Terrence K. (Terry) Kelly, Ph.D. Senior National Security Officer White House Office of Science and Technology Policy based in part on an article to appear in IEEE Control
More informationUsing Application Response to Monitor Microsoft Outlook
Focus on Value Using Application Response to Monitor Microsoft Outlook Microsoft Outlook is one of the primary e-mail applications used today. If your business depends on reliable and prompt e-mail service,
More informationAdvancing Cyber Security Using System Dynamics Simulation Modeling for System Resilience, Patching, and Software Development
Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity (IC) 3 12 February 2015 Advancing Cyber Security Using System Dynamics Simulation Modeling for System Resilience, Patching,
More informationNuclear Power Plant Electrical Power Supply System Requirements
1 Nuclear Power Plant Electrical Power Supply System Requirements Željko Jurković, Krško NPP, zeljko.jurkovic@nek.si Abstract Various regulations and standards require from electrical power system of the
More informationNCUA LETTER TO CREDIT UNIONS
NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314 DATE: December 2001 LETTER NO.: 01-CU-21 TO: SUBJ: ENCL: All Federally Insured Credit Unions Disaster
More informationSystem Aware Cyber Security
System Aware Cyber Security Application of Dynamic System Models and State Estimation Technology to the Cyber Security of Physical Systems Barry M. Horowitz, Kate Pierce University of Virginia April, 2012
More informationBusiness Continuity Position Description
Position Description February 9, 2015 Position Description February 9, 2015 Page i Table of Contents General Characteristics... 2 Career Path... 3 Explanation of Proficiency Level Definitions... 8 Summary
More informationPUBLIC UTILITIES COMMISSIO~t~ Docket No. DE 15-
Th~NALZZ~ Exhibit STATE OF NEW HAMPSHIRE t~~eeee BEFORE THE FROM FILE PUBLIC UTILITIES COMMISSIO~t~ Liberty Utilities (Granite State Electric) Corp. dibla Liberty Utilities Calendar Year 2014 Reliability
More informationCIPS 2011 Awarded Grants. Project number Applicant's name Ctry Title Description Grant
CIPS 2011 Awarded Grants Project number Applicant's name Ctry Title Description Grant HOME/2011/CIPS/AG/2012 NATIONAL INSTUTE COMMUNICATION TECHNOLOGIES (INTECO) ES SCADA laboratory and testbed as a service
More informationPrediction of DDoS Attack Scheme
Chapter 5 Prediction of DDoS Attack Scheme Distributed denial of service attack can be launched by malicious nodes participating in the attack, exploit the lack of entry point in a wireless network, and
More informationEmergency Operations California State University Los Angeles
Business Continuity Plan Emergency Operations California State University Los Angeles 1. Objective & Scope 2. Definition of Disaster 3. Risk and Business Impact Analysis Summary 4. Business Continuity
More informationEMERGENCY PREPAREDNESS PLAN Business Continuity Plan
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic
More informationA Risk Assessment Methodology (RAM) for Physical Security
A Risk Assessment Methodology (RAM) for Physical Security Violence, vandalism, and terrorism are prevalent in the world today. Managers and decision-makers must have a reliable way of estimating risk to
More informationREINVESTMENT STRATEGY MAKING FOR DISTRIBUTION NETWORKS
REINVESTMENT STRATEGY MAKING FOR DISTRIBUTION NETWORKS Maria D. Catrinu, Agnes Nybø, SINTEF Energy Research maria.d.catrinu@sintef.no, agnes.nybo@sintef.no, Dag Eirik Nordgård NTNU Dag.E.Nordgard@elkraft.ntnu.no
More informationPanel Session: Lessons Learned in Smart Grid Cybersecurity
PNNL-SA-91587 Panel Session: Lessons Learned in Smart Grid Cybersecurity TCIPG Industry Workshop Jeff Dagle, PE Chief Electrical Engineer Advanced Power and Energy Systems Pacific Northwest National Laboratory
More informationDesign & Implementation about Mining Enterprise EAM (Enterprise Asset Management) System
Design & Implementation about Mining Enterprise EAM (Enterprise Asset Management) System Wang Huan, Li Changliang, Wang Dianlong Anshan Iron and Steel Group Corporation Mining Industry Company Abstract:
More informationEffective Practices in Deploying Mobile Computing Devices for Field Operations in Process Industries
PROCEEDINGS of the HUMAN FACTORS AND ERGONOMICS SOCIETY 48th ANNUAL MEETING 2004 1155 Effective Practices in Deploying Mobile Computing Devices for Field Operations in Process Industries John Hajdukiewicz
More informationResearch on Framework of Product Health Management Center Based on DoDAF
A publication of CHEMICAL ENGINEERING TRANSACTIONS VOL. 33, 2013 Guest Editors: Enrico Zio, Piero Baraldi Copyright 2013, AIDIC Servizi S.r.l., ISBN 978-88-95608-24-2; ISSN 1974-9791 The Italian Association
More informationInformation Technology Engineers Examination. Network Specialist Examination. (Level 4) Syllabus. Details of Knowledge and Skills Required for
Information Technology Engineers Examination Network Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination Version 2.0
More informationElectromagnetic Pulse: Effects on the U.S. Power Grid
Executive Summary The nation s power grid is vulnerable to the effects of an electromagnetic pulse (EMP), a sudden burst of electromagnetic radiation resulting from a natural or man-made event. EMP events
More informationStrategyDriven.com. Organizational Performance Measures. Types. Business Execution Series...
StrategyDriven.com Business Execution Series... Organizational Performance Measures Types Copyright 2007 by Nathan A. Ives. All rights reserved. Limit of Liability/Disclaimer of Warranty: While the author
More informationMore than Just Monitoring - A Virtual Technician
Next Generation Monitoring of Substations More than Just Monitoring - A Virtual Technician C. Harper Anderton Contents Introduction... 1 Smoke signals vs fiber optic... 1 Standard response vs smart response...
More informationEA Technology (UK) EA Technology (UK) NEDL (UK)
Optimising Customer Information and the Fault Management Process D C Newis L Roberts John Barnett EA Technology (UK) EA Technology (UK) NEDL (UK) SUMMARY Electricity companies are under increasing pressure
More informationComEd Grid Modernization
ComEd Grid Modernization Dan Gabel Manager, Smart Grid and Technology September 30, 2013 THE STORM OF THE CENTURY IS BECOMING THE NORM Summer of 2011 Most damaging storm season on record for ComEd Eleven
More informationRisk Management in Practice A Guide for the Electric Sector
Risk Management in Practice A Guide for the Electric Sector Annabelle Lee Senior Technical Executive ICCS European Engagement Summit April 28, 2015 Before we continue let s get over our fears and myths
More informationNetwork Mission Assurance
Network Mission Assurance Michael F. Junod, Patrick A. Muckelbauer, PhD, Todd C. Hughes, PhD, Julius M. Etzl, and James E. Denny Lockheed Martin Advanced Technology Laboratories Camden, NJ 08102 {mjunod,pmuckelb,thughes,jetzl,jdenny}@atl.lmco.com
More informationDeputy Chief Financial Officer Peggy Sherry. And. Chief Information Security Officer Robert West. U.S. Department of Homeland Security.
Deputy Chief Financial Officer Peggy Sherry And Chief Information Security Officer Robert West U.S. Department of Homeland Security Testimony Before the Subcommittee on Government Organization, Efficiency
More informationFour Steps to Disaster Recovery and Business Continuity using iscsi
White Paper Four Steps to Disaster Recovery and Business Continuity using iscsi It s a fact of business life physical, natural, and digital disasters do occur, and they interrupt operations and impact
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective
More informationSummary of CIP Version 5 Standards
Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have
More informationTestimony of Eunice Santos. House Oversight and Government Affairs Committee Subcommittee on Information Technology
Testimony of Eunice Santos Before the House Oversight and Government Affairs Committee Subcommittee on Information Technology Federal Efforts to Improve Cybersecurity June 20 th, 2016 Chicago, Illinois
More informationIT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.
IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach. Gunnar Wahlgren 1, Stewart Kowalski 2 Stockholm University 1: (wahlgren@dsv.su.se), 2: (stewart@dsv.su.se) ABSTRACT
More informationContingency planning. DAU Marts 2013
ning DAU Marts 2013 Agenda Introduction Process definition Activation and notification Recovery Reconstruction Evaluation Examples Do and Don t Why bother? Information provided by information technology
More informationOPERATIONS CAPITAL. The Operations Capital program for the test years is divided into two categories:
Filed: September 0, 00 EB-00-0 Tab Schedule Page of OPERATIONS CAPITAL.0 INTRODUCTION Operations Capital funds enhancements and replacements to the facilities required to operate the Hydro One Transmission
More informationEnergy Systems Integration
Energy Systems Integration Dr. Martha Symko-Davies Director of Partnerships, ESI March 2015 NREL is a national laboratory of the U.S. Department of Energy, Office of Energy Efficiency and Renewable Energy,
More informationCRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE
1 CRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE Gavin McLintock P.Eng. CISSP PCIP 2 METCALFE POWER STATION 16 April 2013 Sophisticated physical attack 27 Days outage $15.4 million
More informationSureSense Software Suite Overview
SureSense Software Overview Eliminate Failures, Increase Reliability and Safety, Reduce Costs and Predict Remaining Useful Life for Critical Assets Using SureSense and Health Monitoring Software What SureSense
More informationFederal Wage System Job Grading Standards for Electric Power Controlling, 5407. Table of Contents
Federal Wage System Job Grading Standards for Electric Power Controlling, 5407 Table of Contents WORK COVERED... 2 WORK NOT COVERED...2 TITLES... 2 GRADE LEVELS... 2 SPECIAL ADDITIONAL RESPONSIBILITIES...
More informationTELECOMMUNICATION SYSTEM HAZARD MITIGATION STRATEGIC PLANNING
TELECOMMUNICATION SYSTEM HAZARD MITIGATION STRATEGIC PLANNING A.K. Tang 1 1 President, L&T Engineering and Project Management Consultant, Mississauga. Canada Email: alexktang@mac.com ABSTRACT: Telecommunication
More informationROAD WEATHER INFORMATION AND WINTER MAINTENANCE MANAGEMENT SYSTEM ICELAND
ROAD WEATHER INFORMATION AND WINTER MAINTENANCE MANAGEMENT SYSTEM ICELAND Björn Ólafsson, Head of Service Departament, Public Road Administration, Iceland The following flow chart shows the relation between
More informationSCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com
SCADA Business Continuity and Disaster Recovery Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com Business Continuity Planning, a Sound Process A Business Continuity Plan: "A
More informationReport in respect of. Service Disruption on 9 April 2012
Report in respect of Service Disruption on 9 April 2012 1. Introduction On 9 April 2012, a power outage occurred in the Shatin Switching Centre, one of three switching centres deployed by SmarTone Mobile
More informationNew York State 2100 Commission Report: Energy
New York State 2100 Commission Report: Energy Improving Strength and Resilience Phil Mihlmester New York Bar Association Columbia University Law School New York, NY May 14, 2014 Context: Aftermath of Hurricane
More informationBest Practices for Creating Your Smart Grid Network Model. By John Dirkman, P.E.
Best Practices for Creating Your Smart Grid Network Model By John Dirkman, P.E. Best Practices for Creating Your Smart Grid Network Model By John Dirkman, P.E. Executive summary A real-time model of their
More informationOpportunities to Overcome Key Challenges
The Electricity Transmission System Opportunities to Overcome Key Challenges Summary Results of Breakout Group Discussions Electricity Transmission Workshop Double Tree Crystal City, Arlington, Virginia
More informationAsset Management Challenges and Options, Including the Implications and Importance of Aging Infrastructure
Asset Management Challenges and Options, Including the Implications and Importance of Aging Infrastructure Presentation to the U.S. Department of Energy by the IEEE Joint Task Force on QER Trends: Resilience
More informationMONITORING AND DIAGNOSIS OF A MULTI-STAGE MANUFACTURING PROCESS USING BAYESIAN NETWORKS
MONITORING AND DIAGNOSIS OF A MULTI-STAGE MANUFACTURING PROCESS USING BAYESIAN NETWORKS Eric Wolbrecht Bruce D Ambrosio Bob Paasch Oregon State University, Corvallis, OR Doug Kirby Hewlett Packard, Corvallis,
More informationSection 2: Overview of Wireless Broadband Networks
Section 2: Overview of Wireless Broadband Networks 2.1 Introduction to Broadband Network Elements Over the past decade, technological innovation and a motivation to deploy broadband in new, efficient ways
More informationFRCC Standards Handbook. FRCC Automatic Underfrequency Load Shedding Program. Revision Date: July 2003
F R C C FRCC Standards Handbook FRCC Automatic Underfrequency Load Shedding Program Revision Date: July 2003 FRCC Underfrequency Load Shedding Program Modification and Approval Process Requests to modify
More informationEssential Power System Requirements for Next Generation Data Centers
Essential Power System Requirements for Next Generation Data Centers White Paper #4 Revision 4 Executive Summary Effective mission critical installations must address the known problems and challenges
More informationData Security Concerns for the Electric Grid
Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid The U.S. power grid infrastructure is a vital component of modern society and commerce, and represents a critical
More informationUtility Communications FOXMAN-UN Network Management System for ABB Communication Equipment
Utility Communications FOXMAN-UN Network Management System for ABB Communication Equipment A reliable & flexible communication network lies at the heart of successful electrical grid operations. A comprehensive
More informationIncreased power protection with parallel UPS configurations
Increased power protection with parallel UPS configurations Making the selection between Centralized Bypass and Distributed Bypass systems Janne Paananen Application Engineer, Large Systems Group Eaton
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationCity of Buffalo Municipal Electric Utility Energy Emergency Response
City of Buffalo Municipal Electric Utility Energy Emergency Response Table of Contents Page 1. Goals 2 2. Types of Energy Emergencies..3 3. Utility Emergency Operating Plans.4 4. Link to General Reliability/Outage
More informationAutomotive Black Box Data Recovery Systems
Introduction Automotive Black Box Data Recovery Systems By Don Gilman For years, airplane crash investigators have had the benefit of retrieving data from the flight-data recorder, or "black box." This
More informationAC 2012-3560: FROM DEFENSE TO DEGREE: INTEGRATING MILI- TARY VETERANS INTO ENGINEERING PROGRAMS
AC 2012-3560: FROM DEFENSE TO DEGREE: INTEGRATING MILI- TARY VETERANS INTO ENGINEERING PROGRAMS Dr. David L. Soldan, Kansas State University Dr. Noel N. Schulz, Kansas State University Dr. Don Gruenbacher,
More informationCONTINUITY OF OPERATION PLAN (COOP) FOR NONPROFIT HUMAN SERVICES PROVIDERS
A L L I A N C E F O R H U M A N S E R V I C E S www.alliance4hs.org CONTINUITY OF OPERATION PLAN (COOP) FOR NONPROFIT HUMAN SERVICES PROVIDERS ALLIANCE FOR HUMAN SERVICES & MIAMI-DADE COUNTY OFFICE OF
More informationConstructing a successful business continuity plan
Constructing a successful business continuity plan By Alan Berman Alan Berman Being prepared is the cornerstone of having a business continuity plan regardless of the size of a company. Ultimately, getting
More informationCyber-Physical System Security of the Power Grid
Course on: Cyber-Physical System Security of the Power Grid April 9-11, 2013 at KTH Royal Institute of Technology, Stockholm, Sweden Background Cyber Security is essential to today s power grid operation
More informationAlberta Reliability Standard Cyber Security Configuration Change Management and Vulnerability Assessments CIP-010-AB-1
A. Introduction 1. Title: 2. Number: 3. Purpose: To prevent and detect unauthorized changes to BES cyber systems by specifying configuration change management and vulnerability assessment requirements
More informationGUIDANCE FOR ASSESSING THE LIKELIHOOD THAT A SYSTEM WILL DEMONSTRATE ITS RELIABILITY REQUIREMENT DURING INITIAL OPERATIONAL TEST.
GUIDANCE FOR ASSESSING THE LIKELIHOOD THAT A SYSTEM WILL DEMONSTRATE ITS RELIABILITY REQUIREMENT DURING INITIAL OPERATIONAL TEST. 1. INTRODUCTION Purpose The purpose of this white paper is to provide guidance
More informationMethods for Assessing Vulnerability of Critical Infrastructure
March 2010 Methods for Assessing Vulnerability of Critical Infrastructure Project Leads Eric Solano, PhD, PE, RTI International Statement of Problem Several events in the recent past, including the attacks
More informationSeptember 4, 2003. appearing before you today. I am here to testify about issues and challenges in providing for
Testimony of John A. McCarthy, Director of the Critical Infrastructure Protection Project, George Mason School of Law Before a joint hearing of the House Subcommittee on Infrastructure Security and The
More informationSafeguards and Security
Safeguards and Security Overview The Safeguards and Security (S&S) program mission is to support Departmental research at Office of Science (SC) laboratories by ensuring appropriate levels of protection
More informationGovernment Degree on the Safety of Nuclear Power Plants 717/2013
Translation from Finnish. Legally binding only in Finnish and Swedish. Ministry of Employment and the Economy, Finland Government Degree on the Safety of Nuclear Power Plants 717/2013 Chapter 1 Scope and
More informationIntrado Call Handling CPE. Standard Maintenance and Support Services ( MSS Terms )
Intrado Call Handling CPE Standard Maintenance and Support Services ( MSS Terms ) These Maintenance and Support Services terms ( MSS Terms ) describe the current offerings for maintenance and support services
More informationFault Tolerant Servers: The Choice for Continuous Availability on Microsoft Windows Server Platform
Fault Tolerant Servers: The Choice for Continuous Availability on Microsoft Windows Server Platform Why clustering and redundancy might not be enough This paper discusses today s options for achieving
More informationSEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID
SEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID ZBIGNIEW KALBARCZYK EMAIL: KALBARCZ@ILLINOIS.EDU UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN JANUARY 2014
More informationA Security Approach in System Development Life Cycle
A Security Approach in System Development Life Cycle (1) P.Mahizharuvi, Research Scholar, Dept of MCA, Computer Center, Madurai Kamaraj University, Madurai. mahiconference@gmail.com (2) Dr.K.Alagarsamy,
More informationI. PURPOSE II. SITUATION AND ASSUMPTIONS
I. PURPOSE This annex describes the processes for providing reliable and effective communications among organizations participating in an emergency operation. This Annex is designed to support the City
More informationVisualization, Modeling and Predictive Analysis of Internet Attacks. Thermopylae Sciences + Technology, LLC
Visualization, Modeling and Predictive Analysis of Internet Attacks Thermopylae Sciences + Technology, LLC Administrative POC: Ms. Jeannine Feasel, jfeasel@t-sciences.com Technical POC: George Romas, gromas@t-sciences.com
More informationEmergency Preparedness Guidelines
DM-PH&SD-P7-TG6 رقم النموذج : I. Introduction This Guideline on supports the national platform for disaster risk reduction. It specifies requirements to enable both the public and private sector to develop
More informationMassachusetts Institute of Technology. Functional Area Recovery Management Team Plan Development Template
Massachusetts Institute of Technology Functional Area Recovery Management Team Plan Development Template Public Distribution Version For further information, contact: Jerry Isaacson MIT Information Security
More informationINTRODUCTION TO INFORMATION TECHNOLOGY SECTOR CRITICAL INFRASTRUCTURE PROTECTION...
Table of Contents EXECUTIVE SUMMARY...4 1 INTRODUCTION TO INFORMATION TECHNOLOGY SECTOR CRITICAL INFRASTRUCTURE PROTECTION...9 1.1. PARTNERING FOR SECURITY...9 1.2. IT SECTOR PROFILE...11 2 RISK MANAGEMENT
More informationSECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY
SECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More information2014 Polk County ESF #2 Communications. Public Version. Public Version-Polk County ESF #2 Communications 2014
2014 Polk County ESF #2 Communications Public Version ESF#2 Communications 2014 Polk County Emergency Management Agency Page 1 of 13 Table of Contents 1. Introduction... 3 1.1 Purpose of ESF #2: Communication...
More informationCyber Security and Privacy - Program 183
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
More informationThe Strategic Importance, Causes and Consequences of Terrorism
The Strategic Importance, Causes and Consequences of Terrorism How Terrorism Research Can Inform Policy Responses Todd Stewart, Ph.D. Major General, United States Air Force (Retired) Director, Program
More informationHow to Detect and Prevent Cyber Attacks
Distributed Intrusion Detection and Attack Containment for Organizational Cyber Security Stephen G. Batsell 1, Nageswara S. Rao 2, Mallikarjun Shankar 1 1 Computational Sciences and Engineering Division
More informationUNLOCK YOUR IEC 61850 TESTING EXCELLENCE
IMPROVE EFFICIENCY TEST WITH CONFIDENCE OF KNOW-HOW LEARN AND EXPAND YOUR IEC 61850 SKILLS MASTER YOUR NETWORK KNOWLEDGE GENERATE TEST RESULTS UNLOCK YOUR IEC 61850 TESTING EXCELLENCE Connect To & Read
More informationDisaster Preparedness & Response
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 A B C E INTRODUCTION AND PURPOSE REVIEW ELEMENTS ABBREVIATIONS NCUA REFERENCES EXTERNAL REFERENCES Planning - Ensuring
More informationSecurity Policy Review: Credible Event Management. Scope and Methodology Draft for Industry 2014
Security Policy Review: Credible Event Management Scope and Methodology Draft for Industry 2014 Version Date Change 1 26/03/2014 Draft for industry Position Date Prepared By: Reviewed By: Ina Ilieva, Senior
More informationCyberspace Situational Awarness in National Security System
Cyberspace Situational Awarness in National Security System Rafał Piotrowski, Joanna Sliwa, Military Communication Institute C4I Systems Department Zegrze, Poland, r.piotrowski@wil.waw.pl, j.sliwa@wil.waw.pl
More informationThis document contains the text of Secretary of the State regulations concerning
1 This document contains the text of Secretary of the State regulations concerning Emergency Contingency Model Plan for Elections (Sections 9-174a-1 to 9-174a-34) This document was created by the Office
More informationTECHNICAL DESCRIPTION OF THE DISTRIBUTION SUBSTATION REMOTE MONITORING SYSTEM
HELLENIC ELECTRICITY DISTRIBUTION NETWORK OPERATOR S.A. NOTICE OF CALL FOR TENDERS No ND-xxx PROJECT: Pilot Telemetering and Management System for the Electric Power Supply Demand by Residential and Small
More information6545(Print), ISSN 0976 6553(Online) Volume 4, Issue 2, March April (2013), IAEME & TECHNOLOGY (IJEET)
INTERNATIONAL International Journal of JOURNAL Electrical Engineering OF ELECTRICAL and Technology (IJEET), ENGINEERING ISSN 0976 & TECHNOLOGY (IJEET) ISSN 0976 6545(Print) ISSN 0976 6553(Online) Volume
More informationLow Voltage Products
Low Voltage Products ABB Power Quality Filters: The most efficient solution for active filtering of harmonics, smooth reactive power compensation and load balancing. Enabling trouble-free and efficient
More informationPennsylvania Summer Reliability
A. Reliability Enhancement Programs In 2015, Pennsylvania Power Company s ( Penn Power or Company ) reliability plan incorporates projects and programs to enhance overall reliability. The plan is structured
More informationOngoing Help Desk Management Plan
Ongoing Help Desk Management Plan HELP DESK IMPLEMENTATION /MANAGEMENT The Vendor shall provide in its Response to DIR a Help Desk Implementation Plan which shall include, but not be limited to: a. Customer
More informationRelationship to National Response Plan Emergency Support Function (ESF)/Annex
RISK MANAGEMENT Capability Definition Risk Management is defined by the Government Accountability Office (GAO) as A continuous process of managing through a series of mitigating actions that permeate an
More informationOracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
More informationOil and Gas Industry A Comprehensive Security Risk Management Approach. www.riskwatch.com
Oil and Gas Industry A Comprehensive Security Risk Management Approach www.riskwatch.com Introduction This white paper explores the key security challenges facing the oil and gas industry and suggests
More information