IEEE-Northwest Energy Systems Symposium (NWESS)

Similar documents
Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

Cyber Security and Privacy - Program 183

Rebecca Massello Energetics Incorporated

Facilitated Self-Evaluation v1.0

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit

Securing the Grid. Marianne Swanson, NIST Also Moderator Akhlesh Kaushiva (AK), DOE Lisa Kaiser, DHS Leonard Chamberlin, FERC Brian Harrell, NERC

Smart Grid Cybersecurity Lessons Learned

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, 2014 Utilities Telecom Council

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Addressing Dynamic Threats to the Electric Power Grid Through Resilience

Panel Session: Lessons Learned in Smart Grid Cybersecurity

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

Roadmaps to Securing Industrial Control Systems

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.

Smart Grid Cybersecurity

Cyber Security Seminar KTH

Building Security In:

future data and infrastructure

Department of Homeland Security Federal Government Offerings, Products, and Services

STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE

The Comprehensive National Cybersecurity Initiative

Middle Class Economics: Cybersecurity Updated August 7, 2015

ADVANCED DISTRIBUTION MANAGEMENT SYSTEMS OFFICE OF ELECTRICITY DELIVERY & ENERGY RELIABILITY SMART GRID R&D

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator

System Stability through technology

Smart Grid America: Securing your network and customer data. Michael Assante Vice President and Chief Security Officer March 9, 2010

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

Securing the Electric Grid with Common Cyber Security Services Jeff Gooding

Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division

National Institute of Standards and Technology Smart Grid Cybersecurity

DOE Cyber Security Policy Perspectives

Electricity Subsector Cybersecurity Capability Maturity MODEL (ES-C2M2)

NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH

DoD Strategy for Defending Networks, Systems, and Data

Cyber Security focus in ABB: a Key issue. 03 Luglio 2014, Roma 1 Conferenza Nazionale Cyber Security Marco Biancardi, ABB SpA, Power System Division

SCADA Security Training

Help for the Developers of Control System Cyber Security Standards

Cyber security: Practical Utility Programs that Work

The Importance of Cybersecurity Monitoring for Utilities

Cybersecurity Framework: Current Status and Next Steps

Dr. Markus Braendle, Head of Cyber Security, ABB Group 10 Steps on the Road to a Successful Cyber Security Program Asia Pacific ICS Security SUMMIT

McAfee Application Control Change Control Integrity Control

Communication Security Measures for SCADA Systems

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT

Appropriate security measures for smart grids

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Secure Machine to Machine Communication on the example of Smart Grids

Enabling the SmartGrid through Cloud Computing

Risk Management in Practice A Guide for the Electric Sector

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

Practical Steps To Securing Process Control Networks

April 8, Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

Cybersecurity and internal audit. August 15, 2014

Roadmap to Achieve Energy Delivery Systems Cybersecurity

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives

Cybersecurity Risk Assessment in Smart Grids

Cybersecurity Procurement Language for Energy Delivery Systems

NICE and Framework Overview

Working to Achieve Cybersecurity in the Energy Sector

SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS

CS 2 SAT: The Control Systems Cyber Security Self-Assessment Tool

An Overview of Large US Military Cybersecurity Organizations

Update On Smart Grid Cyber Security

How To Protect Your Network From Attack

PREPARED DIRECT TESTIMONY OF SCOTT KING ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY

Obtaining Enterprise Cybersituational

Cybersecurity: Mission integration to protect your assets

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

San Diego Gas & Electric Company FERC Order 717 Transmission Function Employee Job Descriptions June 4, Electric Grid Operations

Public Service Co. of New Mexico (PNM) - PV Plus Storage for Simultaneous Voltage Smoothing and Peak Shifting

The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013.

Smart grid security analysis

Preventing and Defending Against Cyber Attacks June 2011

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, CASE: Implementation of Cyber Security for Yara Glomfjord

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014

Transcription:

IEEE-Northwest Energy Systems Symposium (NWESS) Paul Skare Energy & Environment Directorate Cybersecurity Program Manager Philip Craig Jr National Security Directorate Sr. Cyber Research Engineer

The Pacific Northwest National Laboratory is a DOE Office of Science laboratory in Richland, WA. Operated since 1965 by Battelle, a global non-profit research and development organization committed to science and technology for the greater good. Mission: Transform the world through courageous discovery and innovation. Vision: PNNL science and technology inspires and enables the world to live prosperously, safely, and securely. Values: Integrity, creativity, collaboration, impact and courage provide the foundation for all we do. PNNL employs nearly 5,000 staff and has an annual operating budget of $1.1 billion. PNNL has over 100 people working in Electric Infrastructure over 50 Power System Engineers.

PNNL draws upon core capabilities, facilities, and investments in Electric Infrastructure Staff Capabilities Physical Control Center (EIOC) Cyber Security / Resilience Center (EICC) Future Power Grid Initiative Power system operation, planning and security Power markets Demand response Renewable integration Advanced analytic methods, HPCbased simulations, visualization Live PMU data from all three interconnections PMU data archive PowerNET lab EMS/DMS displays T&D-level data displays Platform for tool evaluation, operator training Live security data streams Visual analytics Co-located with classified assets that accelerate threat recognition and appropriate response Emergency Response Public / Private Networking and data management Advanced analytic methods and HPC approaches for realtime modeling and simulation Visualization and decision support Next Generation EMS Next Generation Simulation

PNNL facilities and unique technologies accelerate innovation and impact Our strength is derived from applying R&D results to support operational missions Systems Engineering Facility Computational Sciences Facility Cyber Innovation & Operations Center Electricity Information & Operations Center

Abstract From business needs, to initial planning, procurement, receiving, deployment, operation, maintenance, to retirement, an overview of the entire control system lifecycle, and how cyber security fits into each phase. Compliance has improved many aspects of our nation electric utility cyber security posture, but what about where compliance does not apply? What resources are there for stakeholders to turn to, like the Electricity Subsector Cybersecurity Capability Maturity Model (ES- C2M2), and how can I use them today?

Control Systems Security Vulnerability assessments for SCADA and other control systems Unique systems architectures, experimentation, modeling and simulation Secure protocols to authenticate communication Reverse engineering and specialized equipment Partnerships with government and industry

Power: Inventory of U.S. Electrical Infrastructure Assets Inputs Distributed Generation Generation Transmission Distribution End Use Residential Customers 110M Commercial Customers 15M 1,400 Large Plants 159,000 Miles High Voltage Lines More than 4,700 generation plants in the U.S. 4,500 Large Substations 1,400 are greater than 100 MW and generate 95% of the electricity More than 350,000 miles of transmission lines in the U.S. 159,000 miles are greater than 230 kv More than 21,600 substations in the U.S. 4,500 are larger than 230 kv Industrial Customers 610K

CI / KR Control Systems Commercialized Security Technology Internal Investments Trusted Security Paradigms Next Generation Control System Simulation

Trends Impacting Control System Security Open Protocols Open industry standard protocols are replacing vendor-specific proprietary communication protocols General Purpose Computing Equipment and Software Standardized computational platforms increasingly used to support control system applications Interconnected to Other Systems Connections with enterprise networks to obtain productivity improvements and information sharing Reliance on External Communications Increasing use of public telecommunication systems, the Internet, and wireless for control system communications Increased Capability of Field Equipment Smart sensors and controls with enhanced capability and functionality KEY: COMMUNICATONS/CONNECTIVITY

Power Grid Transformation Department of Energy-Office of Emergency Operations- Electricity Delivery and Energy Reliability, Recovery $3,672,233,727 50% Cost share = Approx$8B infrastructure upgrades, improvements, research SMART GRID INVESTMENT TOPIC AREAS Equipment Manufacturing Customer Systems Advanced Metering Infrastructure Electric Distribution Systems Electric Transmission Systems Integrated and/or Crosscutting Systems

DOE Cyber Mission for ARRA CYBERSECURITY Cyber/Physical Security Controls Cybersecurity plan Scale Impacts to projects Sustainable

Alignment with emerging Smart Grid Architecture Modeling

Basics: What You Need To Know About The Electric Utility Organizational Processes Maturity Indicator Levels Risk Management (Analyze Risk) Defined progressions of goals Asset 3 Configuration Management (Inventory, Architecture, Software Upgrades Managed 2 Identity and Access Management Each (Role cell contains Based Access the defining for Application practices and by Physical goal Access) Performed for the domain at that maturity indicator level Threat and Vulnerability Management (New IT, OT Technologies) 1 Situational Initiated Awareness (Monitoring / Intrusion Detection Tools) 0 Information Sharing and Communications Not Performed Event and Incident Response (Detect and Respond) RISK ASSET ACCESS THREAT SITUATION Supply Chain and External Dependencies Management Workforce Management SHARING 10 Domains: Logical groupings of cybersecurity goals RESPONSE DEPENDENCIES WORKFORCE CYBER 13

Utility Resources: How To Get There RISK ASSET ACCESS THREAT SITUATION SHARING RESPONSE DEPENDENCIES WORKFORCE CYBER DOE RMP, NIST SP800-30, NRECA Guide to Developing a Cyber Security & Risk Mitigation Plan, ISO 27005:2011, SCADA AU RMF ISO/IEC 27002:2005, NISTIR 7628 Vol. 1, NERC CIP-002 NISTIR 7628 Vol 1., NERC CIP-002/004/005/007, NIST SP800-53 NIST SP800-40, NERC ES-ISAC, DHS ICS-CERT, CRISP, NVE, Vendors, NERC CIP-005/007 NIST SP800-137, NRECA Guide to Developing a Cyber Security & Risk Mitigation Plan, NERC RTSA NERC Security Guideline: Information Protection, NERC ES-ISAC, FERC CEII, DHS PCII NSIT SP800-40/61/82/83/86, NERC ES-ISAC, DHS ICS-CERT, NERC GridEx DOE OE Cybersecurity Procurement Language for Energy Delivery Systems, NRECA Security Questions for Vendors, NISTIR 7622, MIT SCMM, ISO 28001:2007, Filsinger 2012 NERC CIP-004, CERT RMM, PM/HRM/OTA, NIST SP800-16/35/50/53/82, DOE OE Secure Power Systems Professional (SPSP), NERC GridEx NERC CIP-001/002/003/004/005/006/007/008/009, NIST SP800-35/53/64/82

Measuring the Maturity of Cybersecurity Capability ES-Cybersecurity Maturity Model (ES-C2M2) Support ongoing development and measurement of cybersecurity capabilities within the electricity subsector through the following four objectives: Strengthen cybersecurity capabilities in the electricity subsector Enable utilities to effectively and consistently evaluate and benchmark cybersecurity capabilities Share knowledge, best practices, and relevant references within the subsector as a means to improve cybersecurity capabilities Enable utilities to prioritize actions and investments to improve cybersecurity http://energy.gov/oe/cybersecurity-capability-maturity-model-c2m2-program

Basics: What You Need To Know about Risk Management Basically, security is Risk Management This allows financial investment for security to be targeted where it is needed most Considerations: Threats Vulnerabilities Impacts Risk = Threats x Vulnerabilities x Impact Return on Investment has been a long standing holy grail Logging events to show possible attacks is one of the approaches to show ROI 16

Tools to get there: Risk Management Process Risk Management Process The electricity subsector1 cybersecurity Risk Management Process (RMP) guideline has been developed by a team of government and industry representatives to provide a consistent and repeatable approach to managing cybersecurity risk across the electricity subsector http://energy.gov/oe/cybersecurity-capability-maturity-model-c2m2-program

Basics: What You Need To Know About Software Development Lifecycle Secure Coding Guidelines must be pervasive http://www.corporatewebbing.com/sdl/sdl.jpg 18

Utility Resources: How to Get There www.cert.org/secure-coding The CERT C Coding Standard: 98 Rules for Developing Safe, Reliable, and Secure Systems, Second Edition Java Coding Guidelines CERT Oracle Secure Coding Standard for Java Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions Source Code Analysis Laboratory (SCALe) Secure Coding Initiative Secure Design Patterns PNNL-210141

Information Sharing U.S. Electric Grid /w Smart Sensors Western (U.S.) Interconnecti on Insider Threat Eastern (U.S.) Interconnec tion ERCOT PNNL-210141

Cybersecurity Risk Information Sharing Project (CRISP) CRISP builds on the successes of the DOE Cooperative Protection Program (CPP) to deliver an energy sector situational awareness capability for infrastructure protection. U.S. Electric Grid Western (U.S.) Interconnecti on Eastern (U.S.) Interconnec tion ERCOT CRISP is an industry led wide-area situational awareness capability enables a real-time operational response to active cyber threats. Volunteer sites deploy the technology to provide robust situational awareness tailored to meet the needs of the energy sector. Data is shared to gain insights into adversary motives enabling rapid response to emerging threats.

Strategy: DOE-OE Control Systems Roadmap (R&D) CEDS/NSTB (OE10) Research Agenda Original Roadmap 2006, updated 2011 www.controlsystemsroadmap.net Challenges: Address Roadmap with partnered research leading to commercial solutions Influencing Supply Chain Advanced Persistent Threat Advanced Operators behind the threat utilize the full spectrum of intelligence gathering techniques. Persistent Operators give priority to a specific task over time, rather than opportunistically seeking to achieve the defined objectives. Threat Means that operators have a specific objective and are skilled, motivated, organized and well funded. In 10 years, control systems for critical applications will be designed, installed, operated, and maintained to survive an intentional cyber assault with no loss of critical function. 22

Cybersecurity for Energy Delivery Systems (CEDS) Roadmap Framework for Collaboration Energy Sector s synthesis of critical control system security challenges, R&D needs, and implementation milestones Provides strategic framework to align activities to sector needs coordinate public and private programs stimulate investments in control systems security Roadmap Vision By 2020, resilient energy delivery systems are designed, installed, operated, and maintained to survive a cyber incident while sustaining critical functions. For more information go to: www.controlsystemsroadmap.net

National Electric Grid Cyber Exercises Evolving Goals Identify and exercise processes, procedures, relationships, mechanisms that address a cyber incident; Examine the role of DHS and its National Cyber Incident Response Plan (NCIRP); Assess information sharing issues; Examine coordination and decision-making mechanisms; and Practically apply elements of ongoing cyber initiatives and findings from past exercises. 24

NERC GridEX-II 09:30-11:30 11:30 14:40

GridEx-II: Day 1 Summary by Organization Green Utility Orange Gov Blue Vendor Yellow - NERC

GridEX-II (2014) Exercise after-action report Grid-Ex I 2011 Table Top (Executive) Grid-Ex II 2014 Highly Expanded to on-site stakeholders Grid-Ex III 2015 More advanced exercise enabled with structured communications, collaboration Grid-Ex IV 2017 Future? http://www.nerc.com/pa/ci/cipoutreach/pages/gridex.aspx

Discussion Paul Skare Program Manager Desk 509.372.4210 paul.skare@pnnl.gov Carl Imhoff Sector Manager Desk 509.375-4328 carl.imhoff@pnnl.gov Dale King Project Management Office Desk 509.375.2503 dale.king@pnnl.gov Phil Craig Deputy Desk 509.375-4464 philip.craig@pnnl.gov

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information