Alliant Energy Corporation

1
Alliant Energy Corporation
DOE Infrastructure Assurance Outreach
Program Alliant Energys Experience DOE
Energy Assurance Conference Dec. 12-13, 2001,
Washington, DC Herman Green
2
Are You Sure You Want To Get Into This?
Realities Will have to spend money More work
after assessment FOIA.
3
Motivated Us

• To take actions that we would not have normally
  taken.
• Probably accomplished more than
• regulations
• industry standards
• market forces
• could have hoped for.
• We accomplished these things
• With a sense of confidence that company
  information was
• protected during the assessment and destroyed
  afterwards.
• Without having to identify specific critical
  assets prior
• to doing the assessment.

4
Value Proposition

• Did Alliant Energy get value from this program?
  Yes.
• However,
• We believe it was a great DOE investment
• in the electric industry.
• Recommend,
• DOE shouldnt stop here.
• Industry needs a critical mass of awareness.
• 20-30 industry assessments might achieve this.

5
Actions Taken

• Promoted a new dialogue about risk
• (and its cousin, the budget)
• Motivated management to review security
  responsibilities
• (new position, VP of Infrastructure Security)
• Acquired new tools and new ways to use them
• (e.g. war dialer, and necessary skills too)
• Conducted internal training and awareness
  efforts
• (Technology A,B,Cs are important)

6
Lesson Learned

• Further validated our interest/concerns about
  accelerating
• interconnectedness.
• An organization can strive for perfect security,
• but not survive if the collective is not
  protective.
• Cant fix the problem by adding more of the
  problem.
• The solution is the larger good of the whole,
• rather than the best good of the individual
  part.

7
Most Important Lesson Learned

• We have security features better than most.
  But
• New task added to security project
• Enhance security awareness in industry
• Two methods
• Share assessment results
• Get involved in security forums

8
Sharing Efforts
Cyber Security The Shift From Fiction to
Non-Fiction By Erroll Davis, CEO Alliant
Energy CEO Meetings
Plus
9
Bottom Line
We learned new things, despite previous
assessments

• Key drivers
• Broad nature of assessment approach
• Skills and perspective of DOE Lab personnel

10
A Few Suggestions

• Work with critical providers as a group
• Electric industry key groups
• EEI (Edison Electric Institute)
• NERC (North American Electric Reliability
  Council)
• EPRI (Electric Power Research Institute)
• Consider tools that first take a broad-brush
  review
• Critical Target Assessment Model Iowa Homeland
  Security
• Red, Gray, Blue Model Foreign Military Studies
  Ofc, US Army
• Consider sharing assessment tool with critical
  provider
• Have provider do blind assessment

11
We Recognize

• The enemy-threat paradigm has shifted.
• 16 acres in NY used to depress the world
  economy.
• Dont look at terrorists past events to predict
  future possibilities.
• Better to be looking at their strengths and your
  vulnerabilities.
• The sons of bin Ladenmore technology minded.

Richard Clarke
12
Questions
Thanks