130 likes | 346 Views
Public Release. CIPC Executive Committee Update. CIPC Meeting Denver CO September 29, 2005 Stuart Brindley CIPC Chair. CIPC Executive Committee. Chair Stuart Brindley (IESO, CEA) Vice-Chair Larry Bugh (ECAR) Vice-Chair Pat Laird (Exelon) Cyber Jamey Sample (Cal-ISO)
E N D
Public Release CIPC Executive Committee Update CIPC Meeting Denver CO September 29, 2005 Stuart Brindley CIPC Chair
CIPC Executive Committee Chair Stuart Brindley (IESO, CEA) Vice-Chair Larry Bugh (ECAR) Vice-Chair Pat Laird (Exelon) Cyber Jamey Sample (Cal-ISO) Physical Bob Canada (Southern Co.) Operations Roger Lampila (NY-ISO) Policy Barry Lawson (NRECA) Secretary Lou Leffler (NERC) • Executive Committee 2-year terms end December 2005 • Need to “refresh” commitments of all CIPC members - letter to NERC Regional Managers later this year • opportunity for greater Owner/Operator involvement
CIPC Executive Committee Activities • NERC Board • Highlights – Aug 1 Stakeholder meeting and Aug 2 Board of Trustees meeting • Electricity Sector Coordinating Council (ESCC) and the Government Coordinating Council (GCC) • Sector-Specific NIPP, Electricity Sector goals • Legal framework for providing advice to government • CIPC membership review by Regional Managers and Associations
NERC Board Highlights Board of Trustees August 2, 2005
NERC Board Highlights CIPC items: • No formal CIPC items for approval • CIPC Update: • Significance of having established the Electricity Sector Coordinating Council with DOE and DHS • Key issues: sharing lists of critical assets and vulnerabilities with government • Also providing input to Canadian government regarding CIP strategy under development
Other NERC Business • Energy Bill and establishing the ERO • 2006 Business Plan approved (increase in CIP budget) • Status – Aug-03 Blackout recommendations • Extension of UA Standard approved • Reliability compliance continues to be prominent
DHS Plan for Sector Engagement Electricity
ESCC and GCC • Met April 20, June 8, September 7 • ESCC: CIPC Executive Committee • GCC: De Alvarez, Friedman, Kenchington, Caverly, Carrier plus ~10 others (DOE is lead) Topics: • Provided comments on the National Infrastructure Protection Plan - Energy Sector-Specific plan • Developing Goals for the Electricity Sector • Developing the legal framework for providing private sector advice to government (recognize Federal Advisory Committee Act) • Suggestions to improve cleared briefings
ESCC Comments on the Sector-Specific NIPP July 22/05 letter from Mike Gent to Kevin Kolevar, DOE (ref. CIPC private files on web) • Too detailed – needs to be strategic • Too much focus on “protect/prevent”, not enough on “mitigate/respond/recover” • Clarify government and private sector accountabilities • Significant concern with providing lists of critical assets • Need to understand government needs for info, how it will be used, shared, protected • Concerns with usefulness of lists, adequacy of PCII • VA assessments • Do not support government performing VAs on private sector or specifying which methodology is best suited
ESCC Goals DHS sponsoring development of Goals, as part of Sector-Specific NIPP (useful for CIPC Business Plan). Some initial ideas: • Partnership: Develop clear roles for government and industry • Prevention: Secure physical and cyber assets in practical ways recognizing justifiable business case • Awareness: Improve industry’s understanding of threats facing the industry • Protection: Understand interdependencies with other sectors • Response: Provide robust & coordinated response (eg. ESISA) • Recovery: Develop restoration strategies under extreme scenarios
Sector Partnership Model WG • Working Group under the National Infrastructure Advisory Council • Task: Recommend formal, legal framework for how sector coordinating councils provide advice to government. • Electricity reps: Stuart Brindley, Pat Laird, Bill Muston (NIAC), Lyman Shaffer (Dams) • Should we be subject to Federal Advisory Committee Act? If so, should we seek a FACA exemption from DHS Secretary? • Consensus amongst all sectors: “Yes” and “Yes” • FOIA still a challenge; need to enhance PCII
Suggestions to Improve Cleared Briefings CIPC Exec Ctee provided input to DHS following June briefing: • General threat assessment – physical and cyber • Focus on energy and chemical sectors, but include lessons-learned from other sectors if applicable. • Minimize information that is otherwise available from open source • Greater focus on case studies • Nature of incident (without compromising information sources or evidence) • Describe actual impact, assessment or potential impact • Assess impact on other sectors • Describe communications flow - reporting by asset-owner to law enforcement, other government entities, ESISAC, etc • Incident timeline • Status of investigation • Lessons-learned from the incident