Cyber Security Working Group

Similar documents
Cyber Security Working Group

NIST and the Smart Grid

Securing the Grid. Marianne Swanson, NIST Also Moderator Akhlesh Kaushiva (AK), DOE Lisa Kaiser, DHS Leonard Chamberlin, FERC Brian Harrell, NERC

NIST Coordination and Acceleration of Smart Grid Standards. Tom Nelson National Institute of Standards and Technology 8 December, 2010

National Institute of Standards and Technology Smart Grid Cybersecurity

Introduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Consulting International

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

future data and infrastructure

Cyber Security and Privacy - Program 183

Testimony of Patrick D. Gallagher, Ph.D. Deputy Director

Cybersecurity & Public Utility Commissions

Button. Dr. Martin J. Burns President, Hypertek Inc. for NIST

Grid Modernization and Smart Grid

Cyber Risk to Help Shape Industry Trends in 2014

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit

Development of a Conceptual Reference Model for Micro Energy Grid

Cyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc.

DEVELOPING A CYBERSECURITY POLICY ARCHITECTURE

Panel Session: Lessons Learned in Smart Grid Cybersecurity

Using Architecture to Guide Cybersecurity Improvements for the Smart Grid

ELECTRICITY SECTOR CYBERSECURITY RISK MANAGEMENT PROCESS GUIDELINE

ADVANCED DISTRIBUTION MANAGEMENT SYSTEMS OFFICE OF ELECTRICITY DELIVERY & ENERGY RELIABILITY SMART GRID R&D

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, 2014 Utilities Telecom Council

Bridging the knowledge gap between power engineering and cyber security: Imparting the interdisciplinary knowledge in cyber security for power systems

Risk Management in Practice A Guide for the Electric Sector

DOE Cyber Security Policy Perspectives

ZigBee IP Stack Overview Don Sturek Pacific Gas and Electric (PG&E) 2009 ZigBee Alliance. All rights reserved. 1

NIST Cloud Computing Program

Compliance, audit, risk, security what s the difference and why do we need it?

Cyber Infrastructure for the Smart Grid

Framework for Improving Critical Infrastructure Cybersecurity

SGIG Cyber Security Program Review Process

Georgia Tech Cybersecurity Leadership Certificate Program July 25 29, 2016

Cyber Security. Smart Grid

What Risk Managers need to know about ICS Cyber Security

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity

Cybersecurity and the Evolving Role of State Regulation: How it Impacts the California Public Utilities Commission

Cyber Security Health Test

Developing a robust cyber security governance framework 16 April 2015

The NIST Definition of Cloud Computing

Smart Grid and Cyber Security for Energy Assurance

Securing Cyber-Physical Systems

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY

Facilitated Self-Evaluation v1.0

Cyber Security Risk Management: A New and Holistic Approach

The CAG An Earthquake in Security Compliance and How Security Is Measured ALAN PALLER DIRECTOR OF RESEARCH SANS INSTITUTE

NISTIR 7359 Information Security Guide For Government Executives

SOFTWARE AND HARD TARGETS: ENHANCING SMART GRID CYBER SECURITY IN THE AGE OF INFORMATION WARFARE. Energy Security Initiative

STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE

NIST Cybersecurity Framework What It Means for Energy Companies

Guidelines for Smart Grid Cyber Security: Vol. 3, Supportive Analyses and References

Challenges in Delivering Large-scale Services over Cloud Environments

How Much Cyber Security is Enough?

Cybersecurity: Mission integration to protect your assets

PROJECT BOEING SGS. Interim Technology Performance Report 1. Company Name: The Boeing Company. Contract ID: DE-OE

IEEE-Northwest Energy Systems Symposium (NWESS)

Update On Smart Grid Cyber Security

Highlights & Next Steps

Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium , Miami Beach FL / USA

Asset Management Challenges and Options, Including the Implications and Importance of Aging Infrastructure

RESEARCH CALL TO DOE/FEDERAL LABORATORIES. Cybersecurity for Energy Delivery Systems Research Call RC-CEDS

Confrontation or Collaboration?

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

Testimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security

Cyber Security Research and Development a Homeland Security Perspective

GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT

Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework

Green Cloud Computing: Case Study Sri Lanka & Pakistan

Threat Model for Software Reconfigurable Communications Systems

Transcription:

Cyber Security Working Group Guidelines for Smart Grid Cyber Security (NISTIR 7628) National Institute of Standards and Technology U.S. Department of Commerce 1

Today s Electric Grid Markets and Operations Generation Transmission Distribution Customer Use One-way flow of electricity Centralized, bulk generation Heavy reliance on coal and oil Limited automation Limited situational awareness Consumers lack data to manage energy usage 2

The Smart Grid 3

Energy Independence and Security Act In the Energy Independence and Security Act (EISA) of 2007, Congress established the development of a Smart Grid as a national policy goal. Under EISA, NIST is directed to coordinate the development of a framework that includes protocols and model standards for information management to achieve interoperability of smart grid devices and systems as well as maintain the reliability and security of the electricity infrastructure. 4

Conceptual Reference Diagram for Smart Grid Information Networks 5

Interoperability Framework Testing and Certification Standards Security Architecture and Requirements Conceptual Reference Model Business and Public Policy Requirements 6

NIST Three Phase Plan PHASE 1 Identify an initial set of existing consensus standards and develop a roadmap to fill gaps PHASE 2 Establish public/private Standards Panel to provide ongoing recommendations for new/revised standards PHASE 3 Testing and Certification Framework 2009 2010 7 7

President s Cyberspace Policy Review as the United States deploys new Smart Grid technology, the Federal government must ensure that security standards are developed and adopted to avoid creating unexpected opportunities for adversaries to penetrate these systems or conduct large-scale attacks. 8

Smart Grid an Opportunity Modernization provides an opportunity to improve security of the Grid Integration of new IT and networking technologies Brings new risks as well as an array of security standards, processes, and tools Architecture is key Security must be designed in it cannot be added on later 9

CSWG To address the cross-cutting issue of cyber security, NIST established the Cyber Security Coordination Task Group (CSCTG) in March 2009. Moved under the NIST Smart Grid Interoperability Panel (SGIP) as a standing working group and was renamed the Cyber Security Working Group (SGIP CSWG). 10

CSWG - continued The CSWG now has more than 500 participants from the private sector (including vendors and service providers), academia, regulatory organizations, national research laboratories, and federal agencies. 11

The CSWG Management Team Marianne Swanson NIST Chair Bill Hunteman DOE, Vice Chair Alan Greenberg Boeing, Vice Chair Dave Dalva CISCO, Vice Chair Mark Enstrom Neustar, Secretary Tanya Brewer NIST Victoria Yan Booz Allen Hamilton Sandy Bacik - EnerNex 12

Weekly telecon CSWG Meeting Info Teleconference Day & Time: Mondays, 11am Eastern Time Call-in number:866-793-6322 Participant passcode: 3836162 13

CWSG Subgroups and Leads Architecture Group R & D Group Sandy Bacik Bottom Up Group Andrew Wright; Daniel Thanos Isaac Ghansah; Daniel Thanos Standards Group Virginia Lee Crypto and Key Management Group Daniel Thanos; Doug Biggs; Tony Metke High Level Requirements Group Dave Dalva Vulnerabilities Group Matt Carpenter, Matt Thomson Security Testing and Certification Group Nelson Hastings, Sandy Bacik, and Robert Former Privacy Group Rebecca Herold CSWG- SG AMI Security Group Darren Highfill, Ed Beroset 14

Guidelines for Smart Grid Cyber Security NIST Interagency Report 7628 - August 2010 Development of the document lead by NIST Represents significant coordination among Federal agencies Private sector Regulators Academics Document includes material that will be used in selecting and modifying security requirements 15

NISTIR 7628 What it IS and IS NOT What it IS A tool for organizations that are researching, designing, developing, and implementing Smart Grid technologies May be used as a guideline to evaluate the overall cyber risks to a Smart Grid system during the design phase and during system implementation and maintenance Guidance for organizations Each organization must develop its own cyber security strategy (including a risk assessment methodology) for the Smart Grid. What it IS NOT It does not prescribe particular solutions It is not mandatory 16

Smart Grid Cyber Security Strategy - Tasks 17

NISTIR 7628 Content The NISTIR includes the following Executive Summary Chapter 1 - Overall cyber security strategy for the Smart Grid Chapter 2 High level and logical security architecture Chapter 3 High level security requirements Chapter 4 Cryptography and key management 18

NISTIR 7628 Content (2) Chapter 5 - Privacy and the Smart Grid Chapter 6 Vulnerability Classes Chapter 7 Bottom-up security analysis of the Smart Grid Chapter 8 - R&D themes for cyber security in the Smart Grid Chapter 9 Overview of the standards review 19

NISTIR 7628 Content (3) Chapter 10 Key power system use cases for security requirements Appendices A - J 20

NISTIR News Introduction to NISTIR 7622 20 Page description of the document Written for utility or security personnel Describes NISTIR content http://collaborate.nist.gov/twikisggrid/pub/smartgrid/cybersecurityctg/introducti on_to_nistir_7628.pdf Request from Chinese Government to translate document and use within China Articles in many trade journals about the document 21

Outreach University of Washington - Seattle, 20-21 July 2010 Cal Poly Pomona, 10-11 August 2010 CPUC San Francisco, 28-29 September 2010 University of Illinois Champaign, 5 November 2010 Georgia Tech Atlanta, 18-19 November 2010 (following NARUC meeting) 22

How to Participate in CSWG NIST Smart Grid portal http://nist.gov/smartgrid Cyber Security Working Group Lead: Marianne Swanson (marianne.swanson@nist.gov) NIST Support: Tanya Brewer (tanya.brewer@nist.gov) Cyber Security Twiki site http://collaborate.nist.gov/twikisggrid/bin/view/smartgrid/cybersecurityctg 23

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information