Cybersecurity & Public Utility Commissions



Similar documents
Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

National Institute of Standards and Technology Smart Grid Cybersecurity

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY

Cybersecurity Framework: Current Status and Next Steps

State Roles in Enhancing the Cybersecurity of Energy Systems and Infrastructure

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

Cyber Security Working Group

Framework for Improving Critical Infrastructure Cybersecurity

The Aviation Information Sharing and Analysis Center (A-ISAC)

Table 12: Availability Of Workers Compensation Insurance Through Homeowner s Insurance By Jurisdiction

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

Cyber Security and Privacy - Program 183

NIST Cybersecurity Framework What It Means for Energy Companies

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, 2014 Utilities Telecom Council

Regional Electricity Forecasting

Update of Financial Incentives for Promoting New and Renewable Energy in the U.S. Cary Bloyd EGNRET-38 Wellington, New Zealand June 18-19, 2012

Billing Code: 3510-EA

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

Tax Practice and Procedure and SBSE Update

PREPARED DIRECT TESTIMONY OF SCOTT KING ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Committees Date: Subject: Public Report of: For Information Summary

How To Write A Cybersecurity Framework

National Cyber Security Strategies: United States

LIMITED LIABILITY COMPANY ORGANIZATION CHART

70% of US Business Will Be Impacted by the Cybersecurity Framework: Are You Ready?

SGIG Cyber Security Program Review Process

RATE FILING METHODS FOR PROPERTY/CASUALTY INSURANCE, WORKERS COMPENSATION, TITLE 11/05

What Risk Managers need to know about ICS Cyber Security

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014

April 8, Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

FOREIGN LIMITED LIABILITY COMPANY REGISTRATION CHART

NAAUSA Security Survey

Motor Carrier Forms Bodily Injury and Property Damage Liability

Including Threat Actor Capability and Motivation in Risk Assessment for Smart Grids

10 Reasons Why Vertex SMB is A Better Way to Handle Your Sales and Use Tax Automation 11:00 11:30. Scott Coleman. Channel Sales Manager

U.S. Department of Housing and Urban Development: Weekly Progress Report on Recovery Act Spending

Hiring and Compensation

Anthony J. Albanese, Acting Superintendent of Financial Services. Financial and Banking Information Infrastructure Committee (FBIIC) Members:

NHIS State Health insurance data

Cyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc.

N-Dimension Solutions Cyber Security for Utilities

TITLE POLICY ENDORSEMENTS BY STATE

State Annual Report Due Dates for Business Entities page 1 of 10

INCO for Cyber Security. PTCIF: 21st Feb 2014

LexisNexis Law Firm Billable Hours Survey Report

Using the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.

Framework for Improving Critical Infrastructure Cybersecurity

Surety Bond Requirements for Mortgage Brokers and Mortgage Bankers As of July 15, 2011

Aged Delinquent Loan Sale Federal Housing Administration. Loan Sale (ADPLS) Sales Results Summary

How To Regulate Cybersecurity In The United States

State Solar Policy: Overview & Trends

1. Does your state automatically adopt each new edition of the NESC?

How To Rate Plan On A Credit Card With A Credit Union

Health Workforce Data Collection: Findings from a Survey of States

Federation of State Boards of Physical Therapy Jurisdiction Licensure Reference Guide Topic: Continuing Competence

Framework for Improving Critical Infrastructure Cybersecurity

Legislative Language

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

NCHRP 20-68A US Domestic Scan Program. Scan Advances In Civil Integrated Management (CIM)

National Student Clearinghouse. CACG Meeting

ehealth Price Index Trends and Costs in the Short-Term Health Insurance Market, 2013 and 2014

DHS, National Cyber Security Division Overview

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

Vocational Rehabilitation

State and Local Sales Tax Revenue Losses from E-Commerce: Estimates as of July 2004

Federation of State Boards of Physical Therapy Jurisdiction Licensure Reference Guide Topic: Continuing Competence

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.

Asset Management Challenges and Options, Including the Implications and Importance of Aging Infrastructure

Privacy and Security in Healthcare

The ACO Model/Capabilities Framework and Collaborative. Wes Champion Senior Vice President Premier Healthcare Alliance

Federation of State Boards of Physical Therapy Jurisdiction Licensure Reference Guide Topic: PTA Supervision Requirements

OEB Smart Grid Advisory Committee

Westlaw Journal. What is the Cybersecurity Framework? Risk Management Process And Pathway to Corporate Liability? Expert Analysis

Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order Improving Critical Infrastructure Cybersecurity

NIST Cybersecurity Framework. ARC World Industry Forum 2014

No. 33 February 19, The President

Transcription:

Cybersecurity & Public Utility Commissions November 12, 2014 TCIPG Ann McCabe, Commissioner Illinois Commerce Commission

NARUC (National Association of Regulatory Utility Commissioners) Cybersecurity Primer for State Regulators 2.0, Feb 2013 http://www.naruc.org/grants/documents/naruc%20cybersecurity%20primer%202. 0.pdf Background Prioritizing systems and networks over components Ensuring that human factors are considered Deploying defense-in-depth Promoting system resilience Sample questions for regulators to ask utilities Workshops completed for 35 PUCs Special briefings, sharing best practices at NARUC meetings Resilience workshops & Resilience in Regulated Utilities paper Nov 2013, http://www.naruc.org/news/default.cfm?pr=399

State PUC Issues, Challenges Oversee utilities reliable operations and distribution Interest in third party audits, penetration testing Don t want information or plans that can t be protected (liability, confidentiality, FOIA) Emerging area: evaluating cyber-related expenses in rate cases Internet of Things is making the once air gapped ICS an easier target Often have limited technical knowledge, expertise Water/Energy nexus one of many vulnerabilities Need public/private partnership that can meet current needs, flexible to meet evolving threats, bridge federal/state efforts

State PUCs Overview Have adopted new rules and regulations Undergone education and training Had meetings and briefings with companies Opened dockets Consider cybersecurity in context of Advanced Metering Initiatives (AMI) - smart grid and smart meter Several states require cyber plans, e.g., AR, NY, PA Some require 3 rd party audits, e.g., NY, TX Many dockets on access to customer data (e.g., AMI), both privacy and cybersecurity concerns

State PUC Actions WA asks for voluntary CI Security Report, including physical and cyber, with specifics on electric utility s CI security team, training and occurrences IN held meetings with utilities, going on-site, hiring specialist DC, IN have been able to exempt certain info from FOIA PA goes on site to review practices, cyber plans; plans to do exercises on interoperability of CI CA has staff expertise, privacy initiatives and asks utilities how CI protected TX involved in response to threats

State, Regional Efforts FL small mgt audit group reviewing physical security of 4 IOUs and what they re doing vis-à-vis CIP 5 (report in Nov) OH met with major energy & water utilities and partner security agencies (state & federal) CT report to Governor urges third party audits IL requires submission of security plans Middle Atlantic Cybersecurity Collaborative NJ, DC, PA, MD, DE, OH, NY Goal: set forth best practices for state commission to effectively exercise their regulatory responsibilities over cyber security asked NRRI to gather state info, report soon

State PUCs Cybersecurity considerations by PUCs thus far have been limited but continue to expand Approximately 15 commissions have adopted cybersecurity rules or opened cybersecurity dockets The focus on cybersecurity: system protection, reliability and/or resiliency Understand that Cyber security is intrinsic to reliability Compliance does not mean security

Questions for PUCs NARUC suggests questions in 5 areas: planning, standards, procurement practices, personnel and policies, and systems and operations Can your commission keep security information confidential? Do your reliability standards include cybersecurity considerations? Can you join incident response exercises by your utilities or Emergency Services Agency? Is there education that will enable staff to make prudency evaluations and recommendations re expenditures? Is there training/education available to enable staff to evaluate the effectiveness of utility cybersecurity plans?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information