Written Statement of Richard Dewey Executive Vice President New York Independent System Operator



Similar documents
April 8, Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

AURORA Vulnerability Background

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology

Addressing Dynamic Threats to the Electric Power Grid Through Resilience

Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR

September 28, MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

Testimony of. Doug Johnson. New York Bankers Association. New York State Senate Joint Public Hearing:

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

The Aviation Information Sharing and Analysis Center (A-ISAC)

What are you trying to secure against Cyber Attack?

Report on CAP Cybersecurity November 5, 2015

Department of Homeland Security

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

NERC CIP Compliance with Security Professional Services

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

North American Electric Reliability Corporation (NERC) Cyber Security Standard

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

INFORMATION SECURITY STRATEGIC PLAN

Preventing and Defending Against Cyber Attacks November 2010

San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions August 10, Electric Grid Operations

NH!ISAC"ADVISORY"201.13" NATIONAL"CRITICAL"INFRASTRUCTURE"RESILIENCE"ANALYSIS"REPORT""

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

Smart Grid America: Securing your network and customer data. Michael Assante Vice President and Chief Security Officer March 9, 2010

Why you should adopt the NIST Cybersecurity Framework

IEEE-Northwest Energy Systems Symposium (NWESS)

San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions June 4, Electric Grid Operations

Legislative Language

Dealer Member Cyber-security

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

No. 33 February 19, The President

All. Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization, and Protection, and as they relate to the NRF.

Testimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security

The Comprehensive National Cybersecurity Initiative

Actions and Recommendations (A/R) Summary

Cyber security: Practical Utility Programs that Work

Middle Class Economics: Cybersecurity Updated August 7, 2015

2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP

Response to NIST: Developing a Framework to Improve Critical Infrastructure Cybersecurity

Cyber Security and Privacy - Program 183

Standing together for financial industry cyber resilience Quantum Dawn 3 after-action report. November 23, 2015

Matthew M. Blizard. Page 1. Matthew M. Blizard

Panel Session: Lessons Learned in Smart Grid Cybersecurity

Regulatory Compliance Management for Energy and Utilities

Confrontation or Collaboration?

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the

Challenges in Cybersecurity. Major General Bret Daugherty, The Adjutant General, Washington Army and Air National Guard

BUSINESS CONTINUITY PLANNING

Why you should adopt the NIST Cybersecurity Framework

Preventing and Defending Against Cyber Attacks June 2011

Water Security in New Jersey: Partnership and Services

Cybersecurity Enhancement Account. FY 2017 President s Budget

TESTIMONY OF DANIEL DUFF VICE PRESIDENT - GOVERNMENT AFFAIRS AMERICAN PUBLIC TRANSPORTATION ASSOCIATION BEFORE THE

El Camino College Homeland Security Spring 2016 Courses

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope

Cybersecurity: Authoritative Reports and Resources

Supplemental Tool: NPPD Resources to Support Vulnerability Assessments

PREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team. National Cybersecurity and Communications Integration Center

Statement of Gil Vega. Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer. U.S. Department of Energy

The U.S. Department of Homeland Security s Response to Senator Franken s July 1, 2015 letter

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

Infrastructure Protection Gateway

NASCIO 2014 State IT Recognition Awards

FERC, NERC and Emerging CIP Standards

Top Ten Compliance Issues for Implementing the NERC CIP Reliability Standard

Cybersecurity: Authoritative Reports and Resources

Cybersecurity: Mission integration to protect your assets

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

How To Protect Yourself From Cyber Crime

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

Transcription:

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman Senate Standing Committee on Codes Senator Michael F. Nozzolio, Chairman Senate Standing Committee on Consumer Protection Senator Michael Venditto, Chairman Public Hearing To Address New York State s Cyber Security Infrastructure May 20, 2015 I. INTRODUCTION My name is Richard Dewey. I am Executive Vice President of the New York Independent System Operator. The NYISO is an independent not-for-profit corporation that carries out three key functions relating to the electric system serving New York State. We are responsible for the reliable operation of New York s bulk electric system in accordance with all national, regional and state reliability requirements. We administer and monitor competitive wholesale electricity markets to satisfy electrical demand, providing benefits to consumers. We plan for the reliability and power demands of the future and participate as technical advisor and 1

non-voting member of the New York State Energy Planning Board. As an independent resource, we provide authoritative information and objective analysis to market participants, regulators and policymakers. The NYISO is governed by an independent Board of Directors and a shared governance structure comprised of representatives from every industry sector, including consumer interests, generators, transmission owners, municipalities, and environmental interests. The New York State Department of Public Service, the New York State Utility Intervention Unit, the New York Power Authority, the Long Island Power Authority and the New York State Energy Research and Development Authority actively participate in the NYISO s shared governance process. I joined the NYISO in 2000. In my role, I am responsible for overseeing grid and market operations, system planning, information technology, and market structures. Until January 2015, I served as Senior Vice President and Chief Information Officer. The NYISO s Information Technology group delivers products and services to evolve the wholesale electricity markets; develops, supports, and secures all NYISO software, systems, and computing infrastructure; and manages the NYISO s physical facilities and enterprise security. I have a Master of Science in Computer Engineering from Syracuse University and a Bachelor of Science in Electrical and Computer Engineering from Clarkson University in Potsdam, New York. II. Fifteen Years of Competitive Markets & Continued Evolution of the Grid New York s 19 million consumers today enjoy benefits made possible by the decisions by policymakers in Albany and Washington in the 1990s to reinvent the electricity marketplace. Competitive markets have sustained and enhanced the vital reliability of the electric system in New York. Markets encourage investment where it is most needed to meet reliability needs and 2

markets support the development of cleaner, greener, more economically efficient power resources. Several regulatory entities provide guidance and oversight on operation of our energy markets and the operation of New York s high-voltage grid including the Federal Energy Regulatory Commission (FERC), the New York State Public Service Commission (PSC), the North American Electric Reliability Council (NERC), the Northeast Power Coordinating Council (NPCC), and the New York State Reliability Council (NYSRC). In support of its mission, the NYISO maintains strict compliance with the rules and standards set forth by these entities. II. IMPROVING CRITICAL ENERGY INFRASTRUCTURE CYBERSECURITY The entities that own and operate America s critical infrastructure recognize the criticality of mature cybersecurity practices to protect the assets and systems that enable American life. As well-organized threats evolve and security breaches increase, nimble and multi-faceted defenses are essential. The electric industry is at the forefront of developing standards and best practices for protecting critical information and communication systems. Enacted in response to the August 2003 Blackout that affected New York and the Northeastern United States, the Energy Policy Act of 2005 empowered FERC to oversee the development of mandatory, enforceable reliability standards to protect bulk electric systems nationwide. FERC certified NERC as the Electric Reliability Organization for the United States. Since 2006, NERC has promulgated reliability standards including critical infrastructure protection (CIP) cybersecurity standards. In 2016, NERC will begin enforcing Version 5 of the CIP standards. CIP Version 5 requires that entities conduct an in-depth, risk-based analysis to identify, classify and protect the cyber systems and cyber assets that support physical 3

infrastructure. These CIP standards set forth holistic security requirements such as access control, physical and electronic security perimeters for assets critical to system reliability, recovery plans, well-documented change management and information protection programs, security monitoring and alerting, and employee training and background checks. Additionally, NERC standards require incident management programs that support mandatory reporting of cyber and physical security incidents. Beyond mandatory standards, the electric industry is engaged with voluntary efforts led by the White House and federal agencies such as the Department of Energy (DOE), Department of Homeland Security (DHS), and Federal Bureau of Investigation (FBI) to improve sector-wide resilience for cyber threats. For instance, the industry and the NYISO have supported federal response to Executive Order 13636 and Presidential Policy Directive 21. Issued in March 2013, they represent an effort led by DHS to secure our nation s critical infrastructure by working with infrastructure asset owners and operators to prepare for, prevent, mitigate, and respond to threats. In response to EO 13636 and PPD 21, the federal government and industry are partnering to bolster cyber security by, among other things, promoting and incentivizing cybersecurity best practices and updating the National Infrastructure Protection Plan. The electric industry also devotes substantial resources to information sharing for enhanced security awareness. For instance, the Electricity Sector Information Sharing and Analysis Center (ES-ISAC) receives and shares physical, operational and cybersecurity threat indications, analyses and warnings. Finally, the electric industry conducts sector-wide grid security exercises that execute the electricity sector s crisis response to simulated coordinated cybersecurity and physical security threats and incidents. These GridEx exercises strengthen utilities crisis response functions and support continuous improvement through lessons learned. 4

The NYISO, working with its stakeholders, peer Independent System Operators and Regional Transmission Organizations, and the broader electricity industry, strives to be a leader in addressing cybersecurity issues related to the protection of critical infrastructure. To that end, the NYISO regularly participates in standards development processes, including development of the NERC CIP Version 5 standards. The NYISO works closely with industry groups and standards organizations, and engages in regional, national, and international planning initiatives addressing future technology and security integration. Keeping the lights on is always the primary focus for the NYISO. Cybersecurity is critical to that effort. The NYISO s own cyber security posture is premised on continuous evaluation of its assets, vulnerabilities, and threats. Situational awareness enables real-time effective security risk assessment. The NYISO employs a defense in depth strategy that relies on processes, technologies, and people to protect our assets. Cutting-edge security technology and processes are critical; NYISO works with its developers, security professionals and vendors to identify the best and most responsive technical resources to support security and maintain reliability. Yet technology and processes are only as good as the employees and vendors that deploy them. Accordingly, the NYISO is always focused on maintaining a well-trained work force and carefully screening its vendors and employees to counter the risk of insider threats. III. LEVERAGING GOVERNMENT PARTNERSHIPS While the energy industry is a leader in self-driven cybersecurity advances, partnerships with federal and state governments are essential to timely detecting and identifying threats as they occur and deploying effective responses. 5

As noted above, at the federal and national level the NYISO is engaged with the Electricity Subsector Information Sharing and Advisory Center (ES-ISAC), DOE, DHS, FBI and private vendors and partners such as Center For Internet Security (CIS), as well as its regulators FERC and NERC. In addition to supporting the policy and standard development advanced by these agencies, the NYISO relies on its collaborative relationships with them for classified briefings and real-time cybersecurity information sharing and threat detection. On a state level, the NYISO works regularly and collaboratively on security initiatives with a number of state and local agencies including the Department of Public Service, Division of Homeland Security and Emergency Services, New York State Police, New York City Police Department SHIELD, and the New York Fusion Center. Given its commitment to ensuring reliable electric supply for all New Yorkers, the NYISO must rely on and strongly supports a well-coordinated local response to cyber threats. To that end, on October 22-23, 2014 the NYISO hosted the DOE-sponsored New York State Critical Infrastructure Cybersecurity Exercise. More than 120 participants from 13 electric and gas utilities, industry organizations, federal, state, local, tribal and neighboring territorial government entities participated. The Exercise walked participants through a facilitated scenario involving a cyber attack on critical infrastructure that led to both cyber and physical consequences for energy delivery systems. The Exercise tested incident response and demonstrated the need for, among other improvements, enhanced collaboration with and among New York state agencies in response to cybersecurity incidents, such as by formation of a New York or regional decision tree for incident response and information sharing. The NYISO, along with various New York utilities and in conjunction with government partners, are forming a New York State Security Working Group to address identified needs and hold future similar exercises. 6

IV. CONCLUSION In support of its mission to serve New York and enhance reliability, the NYISO looks forward to supporting this Committee s efforts to enhance New York s cybersecurity infrastructure. Thank you for the opportunity to provide this testimony. 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information