1 / 35

Cyber Security working Group November 2010

Cyber Security working Group November 2010. Marianne Swanson Marianne.swanson@nist.gov November 30, 2010. Agenda. Industry Update: NESCO (Rhonda Dunfee) Subgroup Updates (Subgroup Leads). November 30-December 3, 2010. 2. The NESCO Group: EnergySec + EPRI. Rhonda Dunfee

oded
Download Presentation

Cyber Security working Group November 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Security working GroupNovember 2010 Marianne Swanson Marianne.swanson@nist.gov November 30, 2010

  2. Agenda • Industry Update: NESCO (Rhonda Dunfee) • Subgroup Updates (Subgroup Leads) November 30-December 3, 2010 2

  3. The NESCO Group: EnergySec + EPRI Rhonda Dunfee Rhonda.Dunfee@hq.doe.gov November 30-December 3, 2010 3

  4. Roadmap Updated to Include Smart Grid • Published in January 2006, updated Roadmap in development • Energy Sector’ssynthesis of critical control system security challenges, R&D needs, and implementation milestones • Provides strategic framework to • align activities to sector needs • coordinate public and private programs • stimulate investments in control systems security Roadmap Vision In 10 years, control systems for critical applications will be designed, installed, operated, and maintained to survive an intentional cyber assault with no loss of critical function.

  5. The NESCO Group • Mission: Lead a broad-based, public-private partnership to improve electric sector energy systems cyber security • Vision: An industry owned and operated group that supports electric sector response efforts to address cyber events • Goals: • Identify and disseminate cyber security best practices to the sector • Analyze, monitor and relay infrastructure weakness and threat information • Work with federal agencies to improve electric sector cyber security • Encourage key electric sector supplier and vendor support / interaction

  6. The NESCO Group Funding • $16.2M Cost-sharing award ($10M Federal) • EnergySec – NESCO (Total $9,752,730) • EPRI – NESCOR a research and analysis resource for NESCO (Total $6,662,500)

  7. Activities To Date • Sep 30: Completed • Internal DOE meeting to discuss expectations and roles • Meetings with EnergySec and EPRI discussing roles/responsibilities • Definitized EnergySec agreement awarded (eff. Oct 1) • Undefinitized EPRI agreement awarded (expected definitization Dec 31) • Nov 2-3: Visit with ICS-CERT at Idaho National Laboratory • Nov 3-4: Participation in the TCIPG Industry Workshop • Nov 17: Kickoff Meeting for NESCO/NESCOR • Identify key milestones and deliverables • Discuss expectations • Nov 18: Informational Briefing for Federal Partners in DC • Dec 1: Participation in the CIP Congress at the National Harbor • Dec 8-9: Participation in CIPC in Tampa

  8. NESCO - EnergySec SGIP GridInterOp, November 30-December 3, 2010

  9. EnergySec • 501(c)(3) non-profit organization • 401 active portal users from 108 unique organizations • Organizations represent 54.92% U.S. generation and 66.79% electric distribution • Current board of directors and advisory team consist of industry professionals in information security, physical security, engineering, plant operations, disaster recover, telecommunications, etc. • First deliverable complete: Closed mailing list to replace the general EnergySec Forum and enable participants to more easily interact

  10. Strengthen the Cyber Security Posture of the Electric Sector • Establish a broad-based public-private partnership for collaboration and cooperation • Develop NESCO membership • Conduct Town Hall Meetings • Improve collaboration with government • Reach out to other industry groups, academia and organizations • For example, ES-ISAC, ICSJWG, NERC • Encourage vendor and manufacturer involvement in collaboration

  11. EnergySec Portal

  12. Enhance Electric Infrastructure Reliability and Cyber Security Solutions Development • Coordinate “end user” testing opportunities for projects and research requiring broad industry adoption for success • Create code and best practices repository • Create working groups to evaluate incidents and best practices

  13. Provide a Path for Rapid Information Dissemination • Establish a rapid notification system • Develop situational awareness information dissemination system for threat and vulnerability information • Enhance collaboration web portal • Institute the capability to share information, best practices, resources, and solutions to and from domestic and international electric sector participants

  14. Provide Data Analysis and Forensics Capabilities to Assess Cyber-Related Threats and Events • Provide on-demand service to conduct forensics for cyber security breaches through external organizations who are forensics leaders • Design and implement a data analysis program

  15. Additional Tasks • Project management • Assist in developing strategies to protect the energy infrastructure • Stimulate support and interaction with key electric sector suppliers and vendors

  16. NESCOR - EPRI SGIP GridInterOp, November 30-December 3, 2010

  17. Electric Power Research Institute • Independent nonprofit organization • Conducts R&D relating to the generation, delivery and use of electricity • Members represent more than 90% of the electricity generated and delivered in the U.S. • International partnership includes 40 countries

  18. Collaborate and provide input to NESCO • Support NESCO in enhancing collection and dissemination of threat and vulnerability information to industry • Assist NESCO and others in developing strategies to identify and prepare for immediate and future challenges to grid reliability, resiliency, and security • Review and assess existing cyber security standards to meet requirements and identify gaps in cyber security capabilities • Conduct cost-benefit analyses of graded risk management approach • Develop testing methodologies and facilitate testing

  19. Discussion SGIP GridInterOp, November 30-December 3, 2010

  20. Information Sharing Approach • Building on EnergySec’s past successes • Keys have been proficiency, familiarity and trust • Built relationships at the operations, management, and executive levels among companies within the energy sector • Provided trusted and effective forums for obtaining mutual assistance on issues related to critical infrastructure protection • Developed trust within the industry in order to develop, promote, and support new information sharing technologies that provide both confidentiality and impartiality • Focused on the industry • Emphasized timeliness as demanded by the current threat and risk landscape

  21. Issues/Concerns • Constraints to NESCO • Staged Cost-sharing leading to self-sustainability in 3 years • Large sector size • Diverse stakeholders (asset owners/operators; generation, transmission and distribution; end users, vendors) • Collaboration with Federal agencies and Industry organizations • Avoiding duplication of effort and establishing roles/responsibilities • Information sharing • Government  NESCO • Industry  NESCO

  22. Rhonda Dunfee Infrastructure Security & Energy Restoration Division Office of Electricity Delivery & Energy Reliability DOE Rhonda.Dunfee@hq.doe.gov

  23. CSWG Subgroup Updates Subgroup Leads November 30-December 3, 2010 23

  24. Subgroup Updates • AMI Security (Darren Highfill) • Design Principles (Daniel Thanos) • Privacy (Tanya Brewer) • Testing & Certification (Sandy Bacik) November 30-December 3, 2010 24

  25. AMI Sec • Twiki: http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CsCTGAMI • Meetings: Tuesdays at 13:00 Eastern • Dial-in Information: 866-793-6322 X3836162# • Mailing list: csctgami@nist.gov • To join the mailing list contact tanya.brewer@nist.gov • Co-Chair contact information • Darren Highfill (darren@utilisec.org) • Ed Beroset (edward.j.beroset@us.elster.com) November 30-December 3, 2010 25

  26. AMI Security Subgroup – Scope • Back-office components that have metering as primary focus • E.g.: MDMS is in scope, CIS is not • Through the electric meter or utility-owned/operated gateway • Water meters, gas meters, and customer-owned/operated devices are not explicitly in scope • Interface-Oriented Projection of Requirements: Devices wishing to communicate using AMI must meet certain capabilities and follow certain behavior to be allowed on the network • May develop “classes” of device requirements to account for highly heterogeneous resource constraints (i.e.: home EMS vs. gas meter) • All layers of communications stack • Challenge in finding appropriate SDO to work with • Consensus from St. Louis: benefits of unified document addressing AMI in the manner it is procured outweigh challenges

  27. AMI Security Subgroup – PAP Proposal • Consensus: Propose a Priority Action Plan to standardize a set of requirements for AMI security • Proposal is stronger if we know which SDO/SSO we want to work with • Current draft: http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/AMISecurityRequirements • Linked on CSCTGAMI and Priority Action Plans pages • Criteria for selecting SDO/SSO • Industry acceptance • Expertise in power systems, especially advanced metering • Expertise in communications, networking, and security • Openness to interaction with AMI Security Subgroup and the SGIP • Ability to work quickly • Cost of final product (i.e. purchase price of standard) • Nominated SDOs/SSOs • ANSI, IEC, IEEE, IETF, ISA, and NEMA • AMI Security Subgroup to produce and distribute RFI

  28. Design Principles • Twiki: http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CSWGDesignPrinciples • Meetings: Fridays 15:30 Eastern • Dial-in Information: 800-728-9607 X4570752# • Mailing list: cswgdesign@nist.gov • To join the mailing list contact tanya.brewer@nist.gov • Chair contact information • Daniel Thanos (daniel.thanos@ge.com) November 30-December 3, 2010 28

  29. Privacy • Twiki: http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CSCTGPrivacy • Meetings: Thursdays, 11:00 Eastern • Dial-in Information: 866-802-3515 X2817109# • Mailing list: csctgprivacy@nist.gov • To join the mailing list contact tanya.brewer@nist.gov • Chair contact information • Rebecca Herold (rebeccaherold@rebeccaherold.com) November 30-December 3, 2010 29

  30. Smart Grid Privacy Group Scope/Mission To identify and clearly describe privacy concerns within the Smart Grid and opportunities for their mitigation. In addition, the group strives to clarify privacy expectations, practices, and rights with regard to the Smart Grid by: • Identifying potential privacy problems and encouraging the use of relevant existing fair information practices • Seeking the input of and educating Smart Grid entities, subject matter experts, and the public on options for protecting privacy of, and avoiding misuse of, personal information used within the Smart Grid • Providing recommendations for coordinating activities of relevant local, state, and federal agencies regarding Smart Grid privacy related issues • Making recommendations and providing information to organizations developing privacy policies and practices that promote and protect the interest of Smart Grid consumers and organizations

  31. Smart Grid Privacy Group Scope/Mission Try to answer questions such as those received informally: • “How will information about my energy consumption (days, times, amounts, and other use profile information) be used shared with business partners?” • “Will there be any public way to verify addresses or names of clients of the grid?” • “Any and all PII will be considered private and confidential I hope. Or will they make the mistakes of so many others in the past of doing reverse lookups based on meter numbers or neighborhood consumption reports?” • “Do the Fair Information Practice principles (“FIPs”) provide a sound and adaptable framework for addressing consumer privacy concerns or are they just the baseline?” • “How secure are the meters, HAN and other communication devices (secure in the means of protecting customer information)?” • “What types of "click and consent" models will be used?” • “How will information be shared and used, and how will it be protected?” • “What kind privacy protections will be in place prior to allowing third party access?”

  32. Group Demographics • The NIST Smart Grid Privacy Subgroup currently includes: • Energy and Utilities Industry Experts • State Public Utilities Commission Representatives • Information Security Experts • Privacy Experts • Attorneys and Legal Experts • University Professors and Students • Other technical, operational and privacy experts, from all regions, are welcome to join the group!

  33. Work Going Forward • Address privacy issues for businesses (commercial, institutional, industrial) • Expand upon PEV issues • Discuss National Strategy for Trusted IDs in Cyber Space (NSTIC) impact on privacy in the Smart Grid • Address privacy issues related to energy generation • Add more privacy use cases to what is in NISTIR 7628 • Add more discussion of opt-in versus opt-out: what real choices are possible to allow Smart Grid functioning and what is not? • Expand upon data collection endpoints/paths (e.g., private internetworks, storage media devices, etc.) that will be part of the Smart Grid • Expand upon Internet- and wireless-related issues

  34. Work Going Forward

  35. Wrap-up • Thank you to everyone for your contributions and support • On Wednesday, • Annabelle Lee, FERC, will provide us with an update on the FERC standards review • CSWG PAP liaisons and their involvement in the PAPs will be discussed • CSWG Standards subgroup lead will provide a review of what the standards subgroup has accomplished and the standard template the CSWG uses for the standard review process • Preview of the CSWG 3-year plan • Twiki: http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CyberSecurityCTG November 30-December 3, 2010 35

More Related