1 / 47

April 9, 2019

What are the risks, vulnerabilities, and potential consequences associated with High Impact Low Frequency events?. April 9, 2019. Joshua Rowe, PSP Compliance Auditor, Physical and Cyber Security. About the Presenter. Joshua Rowe, PSP WECC Auditor, Physical and Cyber Security

jin
Download Presentation

April 9, 2019

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What are the risks, vulnerabilities, and potential consequences associated with High Impact Low Frequency events? April 9, 2019 Joshua Rowe, PSP Compliance Auditor, Physical and Cyber Security

  2. About the Presenter Joshua Rowe, PSP • WECC Auditor, Physical and Cyber Security • SME CIP-006, CIP-008, CIP-014 • 15+ years Law Enforcement, Physical Security, and Critical Infrastructure Experience • United States Marine Corps (Retired) • Military Police Officer • Criminal Investigator • Physical Security Program Senior Advisor • Installation Physical Security Senior Advisor • Physical Security Inspector, USMC Inspector General’s Office

  3. Agenda • Objective • Identifying High Impact Low Frequency Events • Risk, Vulnerabilities, Consequences • Impact • Planning for High Impact Low Frequency Events • Preparedness • Mitigation • Response and Recovery • Summary • Questions & Answers • Final thoughts

  4. Objective Create awareness of the risks, vulnerabilities, and potential consequences associated with High Impact, Low Frequency (HILF) events by creating awareness and encouraging organizations to develop a preparedness framework that identifies unique characteristics to their organization that compliments stakeholder’s expectations of BES reliability beyond CIP-008-5.

  5. What is a HILF event? A high-impact, low frequency event is the realization of a specific hazard that has the potential to produce a high impact on grid operability. Such high-impact events are, by virtue of their rarity, considered low frequency.

  6. New “Normal” The increase of High Impact, Low Frequency events in the last decade signals the emergence a new “normal.” The Day After Tomorrow, (2004 Movie). Global warming unleashes a catastrophe in the form of tornados, hurricanes, floods and a tsunami, ushering in a new Ice Age. • Hurricane-like super storms • Giant hail storm • Tornado Outbreak • Flooding • Instantaneous Freezing of an entire city This movie will not prepare you for that type of situation, however it should challenge you to think outside of the box when planning for HILF events.

  7. Risk Evolution Catastrophic events in recent years continue to shape organizational preparedness. It is important to understand the various risks to organizations.

  8. Types of Risk • Natural Hazards • Biological Hazards • Human (non-intentional) Hazards • Human (malicious) Hazards

  9. Natural Hazards Meteorological • Hurricane • Tornado • Snowstorm Geological • Seismic • Volcanic Hydrological • Coastal Flooding Space Weather • Geomagnetic storm

  10. Hurricane Maria (Puerto Rico)

  11. Biological Hazards Biological • Pandemic Influenza (Flu) • Avian Influenza (Bird Flu) • Anthrax • Indoor Air Qualify – Mold/Fungi • Flood Clean-up • Stinging Insects • Needlestick and Sharps Injuries

  12. Pandemic Flu (2009)

  13. Human (non-intentional) • Operational error • Personal error • Instrumental error • Reagent errors • Errors of method • Additive or proportional error

  14. Three Mile Island Meltdown (1979)

  15. Human (malicious) • Physical attack • Cyber-attack • Coordinated cyber-physical attack • Electromagnetic Pulse (EMP)

  16. Cyber and Physical Attack

  17. When Will it Happen? The United States has not yet experienced a long-term, large-scale blackout; however, the impact of one could create a dire situation for those reliant on electricity.

  18. Who is at Risk? Organizations • Disruption can cascade across multiple sectors impacting communities and the economy. Customers • Society is deeply dependent upon electricity for day to day standard of living. At what point in time does it become unbearable?

  19. Risk Reduction • Resilient technologies • Mandatory backup power requirements • Sufficient reserves • Continuous planning activities • Coordination efforts at local, state, and federal level • Organizational/Personal preparedness

  20. How Vulnerable Are We? The bulk power system is highly redundant and planned with sufficient resources to accommodate expected loads, including a contingency/reserve margin to meet balancing and regulating needs. There are still failure points and hazards that pose a sizeable risk to the BES.

  21. Potential Impacts affecting the Electric Grid

  22. How Bad Could it Get? • Casualties • Property damage • Business interruption • Loss of customers • Financial loss • Environmental contamination • Loss of confidence in the organization • Fines and penalties • Lawsuits

  23. Potential Consequences

  24. Largest Electrical Blackout India blackouts 2012 • Labeled the largest power failure in history • Affected 22 of 28 states in India Cause • Human (non-intentional) Impact • 620 million people affected 30-31 July, 2012 • $400 Billion (USD) overhaul of India’s Power Grid • Mass transit became inoperable

  25. Major Power Outages

  26. Why This Matters CIP 008-5 To mitigate the risk to the reliable operation of the BES as the result of a Cyber Security Incident by specifying incident response requirements.

  27. CIP-008-5 R1 R1 • Identify, classify, and response to Cyber Security Incidents (Part 1.1) • One or more processes to determine if a Cyber Security Incident (CSI) is a bonified Reportable Cyber Security Incident (RCSI) (Part 1.2) • Roles and Responsibilities of Cyber Security incident response groups or individuals (Part 1.3) • Incident handling procedures (Part 1.4)

  28. CIP-008-5 R2 R2 • Test each CSIRP at least once every 15 calendar months: (Part 2.1) • Use the CSIRP under R1 when responding to a RCSI or performing an exercise of a RCSI (Part 2.2) • Retain records related to RCSI (Part 2.3)

  29. CIP-008-5 R3 R3 • No later than 90 calendar days after completion of RCSI test or bonified incident response: (Part 3.1) • No later than 60 calendar days after a change to the roles and responsibilities of CSIRP groups, individuals, or technology that would impact the ability to execute the CSIRP: (Part 3.2)

  30. Is This Enough? Regulatory Compliance • A well constructed CIP-008-5 program may result in compliance. • CIP-008-5 addresses High-Impact and Medium Impact BES Cyber Systems • CIP-003-6 addresses Low Impact BES Cyber Systems Above and Beyond • A comprehensive high-impact, low frequency event plan that addresses a multi-hazard risk environment assists the organization to prepare for potential unforeseen events. • Fosters surrounding community involvement • Strengthens readiness and continuity of business • Improves the organizations commitment to a reliable BES

  31. Planning “Failing to plan is planning to fail” –Benjamin Franklin

  32. Types of Plans Comprehensive Plan • Policy oriented and deals with a wide range of issues, to include post-disaster and emergency management Post-disaster Plan • Focuses on actions taken after an event has occurred Emergency Management Plan • Based on a four-prong approach of preparation, response, recovery, and mitigation phases.

  33. HILF Event Plans Comprehensive • Multi-hazard • Multi-objective • Long-Term • Internally Consistent Cost Effective • Environmentally Sound • Readable Organizations should choose the appropriate plan type that best suits their capabilities.

  34. Elements of the Plan • Rationale/Statement of the Problem • Basic Studies • Hazard Identification and Definition • Probability Analysis • Vulnerability Analysis • Capability Analysis • Conclusions/Acceptability • Goals • Objectives • Alternate Means of Achieving Goals and Objectives

  35. Elements of the Plan • Plans, Policies, and Programs • Adoption and Implementation • Monitoring, Evaluating, and Updating Plans Organizations should leverage their CIP-008-5/CIP-003-6 Cyber Security Incident Response Plan(s) to build from as they have mandated requirements to monitor, evaluate, and update every 15 and 36 calendar months respectively

  36. Key Preparation Elements • Coordination • The organization cannot complete a comprehensive plan without participation from adjacent organizations, local community leaders, law enforcement, and personnel whom may inherit responsibilities within the plan • Monitoring and Evaluation • It is important to continually track the applicability of the plan and identify if vulnerability has decreased as part of the mitigation elements • As conditions change the organization must be ready to meet the new challenges • Stress-tests • Red-teaming HILF events • Sharing best practices

  37. Additional Plans Organizations should encourage their employees to develop individual plans in the event of an HILF event. Personnel involved with initial assessment, response, or recovery may have additional responsibilities to their families. In the event a HILF event affects the local area, the organization must be cognizant of personnel conflicts.

  38. Risk Calculation Let’s start by performing some small risk calculations to determine our planning requirements. • Pik(j) =Σr(i,j) 0∫∞ Cir(Lr) dLrLr∫∞ Qik(j)r(Lr') dLr' + Cross Terms • Tk(j)(B) = i=1ΠN Pik(j). i=N+1ΠN+M (1-Pik(j)). • Bi = 1 if asset Ai fails • Bi = 0 if Ai survives.

  39. Group Activity Prepare an example planning framework among table members and be prepared to discuss 10 Minutes

  40. Key Mitigation Strategies Mitigation is every action taken to prevent a disruption from occurring or minimizing its impact. • Early identification • Communication • Applying resources to greatest risks and vulnerabilities • Resiliency • Contingency Operations

  41. Response and Recovery Framework Response The capabilities necessary to disrupt or minimize the immediate impact of the HILF event Crisis Response Teams: • An organization may employ a crisis response team to handle situations that require a pre-determined response to a HILF. • Responses should be rehearsed to ensure effectiveness Recovery The action of restoring services and identifying failure points to prevent future outages. Identify the new normal: • Lessons learned • Review and revise plans

  42. Communication with Customers A long-term power outage is likely to impact the community and potentially the economy. Efforts to communicate with the community can include: • Planning for an electrical outage • Surviving during an electrical outage • Safety after the power is restored External planning can lessen the impact on the community and best practices are readily available on a variety of websites.

  43. Organizational Readiness Current Plans • Does the plan coincide with local, state, and federal plans? • Are they updated? • Do we have the required resources? • Does everyone know their responsibilities? Future Plans • Community Involvement • Stakeholder Awareness Event Rehearsal • First responders • Neighboring utilities NERC/Industry Working Groups

  44. Review • Organizations must align their HILF preparedness activities with their regulatory responsibilities to the BES • Risk can be reduced but never eliminated with HILF events • HILF planning requires a paradigm shift to develop potential scenarios outside a normal hazard identification approach • Coordination is key to response and recovery • Swift response and recovery efforts lessen the impact to those affected

  45. Final Thoughts It is not about why an incident will occur, but how organizations prepare and react to its occurrence. Imagine spending thousands of hours and millions of dollars preparing for “the big one” that’s never going to happen. Take satisfaction that you will be prepared when it does. “There is no harm in hoping for the best as long as you prepare for the worst” –Stephen King

  46. For CIP Questions

  47. Joshua Rowe, PSP Compliance Auditor, Physical and Cyber Security JRowe@wecc.org

More Related