Smart Grid America: Securing your network and customer data. Michael Assante Vice President and Chief Security Officer March 9, 2010



Similar documents
Cyber security: Practical Utility Programs that Work

Panel Session: Lessons Learned in Smart Grid Cybersecurity

AD FERC Technical Conference February 8, 2011 Statement of Ron Litzinger. President, Southern California Edison Company

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE

SMART GRID. David Mohler Duke Energy Vice President and Chief Technology Officer Technology, Strategy and Policy

Georgia Tech ARPA-E: Energy Internet

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator

IEEE-Northwest Energy Systems Symposium (NWESS)

April 8, Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

Regulatory Compliance Management for Energy and Utilities

Cyber Security and Privacy - Program 183

Summary of CIP Version 5 Standards

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit

Jim Sheppard, Director of Business Processes CenterPoint Energy, Texas, USA

Power System review W I L L I A M V. T O R R E A P R I L 1 0,

Cyber Security The Leadership Opportunity for Joint Action Agencies APPA Joint Action Workshop

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, 2014 Utilities Telecom Council

CIP Physical Security. Nate Roberts CIP Security Auditor I

Cyber Security Compliance (NERC CIP V5)

Allen Goldstein NIST Synchrometrology Lab Gaithersburg, MD

GRADUATE RELIABILITY TRAINING PROGRAM. Initiation Date: September 2012

NERC-CIP S MOST WANTED

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Steve Lusk Alex Amirnovin Tim Collins

EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013

SEC STATEMENT OF POLICY ON MODERNIZATION OF ELECTRICITY GRID.

Information Bulletin

NIST Cybersecurity Framework What It Means for Energy Companies

White Paper. Convergence of Information and Operation Technologies (IT & OT) to Build a Successful Smart Grid

NERC CIP VERSION 5 COMPLIANCE

Hype Cycle for Intelligent Grid Technologies

North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)

Renewable Energy Interconnection Requirements for the US. IEEE PES Meeting Denver, CO July 26-30, 2015 J. Charles Smith, Executive Director, UVIG

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Smart Grid: Concepts and Deployment

Preparing for Distributed Energy Resources

Renewable and Alternative Energy Outlook

NIST Coordination and Acceleration of Smart Grid Standards. Tom Nelson National Institute of Standards and Technology 8 December, 2010

San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions August 10, Electric Grid Operations

About Southern California Edison

Dealer Member Cyber-security

Before the Department of Energy Washington, D.C Smart Grid RFI: Addressing Policy and Logistical Challenges

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Cyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc.

Securing the Grid. Marianne Swanson, NIST Also Moderator Akhlesh Kaushiva (AK), DOE Lisa Kaiser, DHS Leonard Chamberlin, FERC Brian Harrell, NERC

Hearing on Oversight of Federal Efforts to Address Electromagnetic Risks. May 17, 2016

Digital Infrastructure - A Model For Success

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Barriers to Grid Modernization

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.

Demand Response Management System Smart systems for Consumer engagement By Vikram Gandotra Siemens Smart Grid

Protect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies

U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW. November 12, 2012 NASEO

The Electric Reliability Council of Texas (ERCOT) manages the flow of electric power to approximately 22 million Texas customers representing 85

Integrating Renewable Electricity on the Grid. A Report by the APS Panel on Public Affairs

April 28, Dear Mr. Chairman:

Agenda do Mini-Curso. Sérgio Yoshio Fujii. Ethan Boardman.

Verve Security Center

NERC CIP Compliance with Security Professional Services

Keeping the Lights On: Security Priorities for the 21 st Century. Harvard Energy Policy Group June 13, 2014 Tamara Linde Vice President Regulatory

Energy Storage: Utility View. NARUC Winter Conference February 15, 2009

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR

San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions June 4, Electric Grid Operations

INFORMATION SECURITY STRATEGIC PLAN

Designing Compliant and Sustainable Security Programs 1 Introduction

FERC, NERC and Emerging CIP Standards

NERC Cyber Security Standards

Smart Grid Security: A Look to the Future

future data and infrastructure

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

2012 Smart Grid Peer Review Meeting San Diego, CA. Los Angeles Department of Water and Power Smart Grid Regional Demonstration Program

An Oracle White Paper May Smart Grid Basics. Turning Information into Power

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

Asset Management Challenges and Options, Including the Implications and Importance of Aging Infrastructure

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

Agenda: Secure Power Systems Specialist. Challenges Project description Outcomes & findings. Phase I briefing, August 27, 2012

San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions. Electric Grid Operations

Alberta Reliability Standard Cyber Security Physical Security of BES Cyber Systems CIP-006-AB-5

New York State 2100 Commission Report: Energy

How To Write A Cybersecurity Framework

Plans for CIP Compliance

Lessons from Defending Cyberspace

Cyber Security in EU: ENISA approach

Addressing Dynamic Threats to the Electric Power Grid Through Resilience

Job Descriptions. Job Title Reports To Job Description TRANSMISSION SERVICES Manager, Transmission Services. VP Compliance & Standards

Grid of the Future. Integration of Renewables Energy Storage Smart Grid. Presentation by David Hawkins Lead Renewables Power Engineer Grid Operations

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Top 10 Compliance Issues for Implementing Security Programs

National Institute of Standards and Technology Smart Grid Cybersecurity

SmartGrids SRA Summary of Priorities for SmartGrids Research Topics

146 FERC 61,166 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION

NIST Cybersecurity Framework & A Tale of Two Criticalities

RESEARCH CALL TO DOE/FEDERAL LABORATORIES. Cybersecurity for Energy Delivery Systems Research Call RC-CEDS-2015

Naperville Smart Grid Initiative

ISACA North Dallas Chapter

LogRhythm and NERC CIP Compliance

Transcription:

Smart Grid America: Securing your network and customer data Michael Assante Vice President and Chief Security Officer March 9, 2010

About NERC The electric industry s self-regulatory organization for reliability Balances the interests of all stakeholders Represents industry consensus Independently acts in the best interest of reliability The regulator s electric reliability organization International charter lending government support and oversight to NERC activities, ensuring that the best interests of society-at-large are represented

CIP-002 002-009-44 Standards Development NERC & stakeholders discussed framework limitations of the current CIP-002 approach FERC Order 706 Cyber Security Order 706 Standard Drafting Team posted revised version 4 of CIP-002 for comment (December 29, 2009) Develop and post the entire family of standard revisions Version 4 is targeted for submission to the NERC BoT by end of the year 2010

CIP-002 002-44 DRAFT for informal comment DRAFT Highlights: Comment period concludes February 12, 2010 Includes criteria for evaluating potential impact on functions critical to the reliable operation of the BPS, organized in high, medium, and low impact categories Bright Line categorization (attachment 1) serves as the basis for applying security requirements (CIP- 003-009 Version 4) Shift from a one-size fits all approach to cyber security application to one that is better aligned with a strategy of risk management

BPS CIP Policy Statement NERC in consultation with the ESSG drafted initial policy statement for discussion purposes Purpose is to provide guidance on critical infrastructure protection, as well as response and restoration, and will serve to set expectations within NERC and its technical committees Used in communicating expectations with government partners

BPS CIP Policy Statement (Cont.) Places sharp focus on the following: Define and properly scope CIP concerns Reinforce the need to think differently about intelligent threats Policy will not be enforceable, but serve as a guide for NERC activities including potential standards setting Intend to recommend for board approval after opportunity for broad stakeholder comment

CIP Policy Statement Significant electric reliability concern is the potential for simultaneous impact to large portions of the bulk power system, from which restoration and recovery may be challenging and prolonged. Scope of concern (not all attacks/incidents) NERC and its members are committed to aligning current and future CIP protection efforts to minimize the risk of various cyber, physical, and blended scenarios from achieving these unacceptable outcomes.

BPS CIP Policy Statement (Cont.) Expectation of policy: Recognition that not all assets have the same protection priorities Should help bulk power system entities set expectations Properly balance increased security investments and cost of service Establish reasonable security protection goals. DHS QHSR Review: Understand and prioritize risks to critical infrastructure: Identify, attribute, and evaluate the most dangerous threats to critical infrastructure and those categories of critical infrastructure most at risk. Further develop an industry strength by practicing system recover & restoration

Smart Grid System Benefits Enhanced flexibility and control Balancing variable demand & resources (storage, PHEV, etc.) Demand response integration Large deployment of sensor & automation technologies (wide-area situational awareness) Voltage stability (transient & post-transient stability) Frequency regulation, oscillation damping Disturbance data monitoring/recording Integrating increased amounts of distribution-level assets (residential solar panels, PHEV, etc.) 9

Smart Grid Reliability Considerations Coordination of controls and protection systems Cyber security in planning, design, and operations Ability to maintain voltage and frequency control Disturbance ride-through (& intelligent reconnection) System inertia maintaining system stability Modeling harmonics, frequency response, controls Device interconnection standards Increased reliance on distribution-level assets to meet bulk system reliability requirements 10

Common Challenges Plug-In Hybrid Electric Vehicles / Storage Demand Response reliability Wind & Variable Generation Demand smart grid Conventional & Hydro Generation Energy Efficiency Nuclear Rooftop Solar / Local Wind Development cyber security Cyber security is one of the most important concerns for the 21 st century grid and must be central to policy 11and strategy. The potential for an attacker to access the system extends from meter to generator.

The Smart Grid Landscape The aggregate impacts of Smart Grid on the distribution system may impact the reliability of the bulk power system. Pass-through attacks from the distribution system may also present a threat to bulk power system reliability. AGGREGATE IMPACTS increasing uncertainty end users increasing maturity CFL HAN PHEV Smart Appliances AMI DG/DER DSM distribution PASS-THROUGH ATTACKS DSCADA IFM DSTATCOM PLC approx. 100 kv SHN DTM SST RTR BPS Bulk Power System utility-scale generation 12

Smart Grid Task Force Scope Identify and explain any BPS reliability issues and/or concerns of the Smart Grid Assess Smart Grid reliability characteristics Determine the cyber security and critical infrastructure protection implications Identify how the integration of Smart Grid technologies affects BPS planning, design and operational processes and the tools needed to maintain reliability Determine which existing NERC Reliability Standards may apply Provide recommendations for areas where Reliability Standards development work may be needed 13

Summary Policy level goals and scope for physical and cybersecurity protection of the bulk power system Proactive mitigation of security risks by the industry Minimum bright line criteria for identifying critical bulk power system assets Work with government to ensure availability of actionable information on security threats Promote incident reporting and conducting analysis to understand risk and develop lessons learned Communicate collective industry efforts to the government and public

Questions? Michael Assante Michae.assante@nerc.net 609-273-0836 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information