NERC Physical Security Breakout Session - PowerPoint PPT Presentation

Loading...

PPT – NERC Physical Security Breakout Session PowerPoint presentation | free to view - id: 1fdee4-NjFmY



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

NERC Physical Security Breakout Session

Description:

Determine effectiveness of existing physical security measures: ... Assessment (guards, cameras) Response (guards, local law enforcement agencies) ... – PowerPoint PPT presentation

Number of Views:268
Avg rating:3.0/5.0
Slides: 58
Provided by: northameri5
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: NERC Physical Security Breakout Session


1
NERC Physical Security Breakout Session
  • George T. Miserendino

2
Table of Contents NERC Physical Security
Breakout Sessions
  • Vulnerability Assessment
  • Threat Response
  • Physical Security
  • Countermeasures


2
3
NERC Vulnerability Assessment

4
Vulnerability And Risk Assessment Guideline
  • Purpose
  • Identify and prioritize critical facilities and
    impacts of loss .
  • Identify countermeasures to mitigate
    vulnerabilities of critical facilities.

4
5
Applicability
  • All companies should perform 5-step vulnerability
    assessment on Critical Facilities.
  • Focus is on facilities meeting the threshold
    definition for CRITICAL.

5
6
Implementation Considerations Best Practices
  • Use team approach Subject matter experts
    knowledgeable of system (brainstorming
    session)
  • Security/Facilities/Safety
  • Operations, Maintenance and Logistics
  • Engineering
  • I.T.

6
7
Best Practices, cont.
  • Employ risk assessment worksheet process
  • Identify assets (critical facilities) and loss
    impact.
  • Identify and characterize the threat.
  • Identify and analyze vulnerabilities
  • Consider interdependencies.
  • Asses risk (subjectively) and determine
    priorities.
  • Identify countermeasures, costs and trade-offs.

7
Source DOE
8
Vulnerability and Risk Assessment Step 1
Identification of Critical Facilities
  • Based on WEIGHTEDcriticality criteria
  • Determine if facility meets CRITICALITY
    THRESHOLD
  • Rank assets


8
9
Facility List -- Chart A
10
Criticality Criteria Chart B
Answer Yes/No Rate the Item
11
Facility List -- Chart C
12
Step 2 Identify and Characterize Threats
  • Intelligence information
  • Defines Threat…Law Enforcement
  • Identifies Potential Adversaries
  • Brainstorming
  • Assess intentions, motivations and capabilities
  • What does a potential adversary look like?
  • What resources does he have?
  • Develop Threat Scenarios
  • Is the threat credible?


12
13
Threat Analysis Chart D
Relative Ranking for Motivation Capability
100High, 1Low
14
Step 3 Identify and Analyze Vulnerabilities
  • Assess susceptibility from scenarios
  • Insider
  • Outsider
  • Identify possible exposure and weaknesses
  • Consider interdependencies
  • Apply RELATIVE RANKING for vulnerability


14
15
Vulnerability Analysis Chart E
Relative Ranking for Vulnerability 50 High,
1 Low
16
Step 4 Assess Risk and Prioritize
  • Subjectively Quantify risk value for each
    CRITIAL FACILITY
  • Assigned to Each
  • Threat
  • Consequence
  • Vulnerability
  • Prioritize Risks


16
17
Risk Values Chart F
18
Step 5 Identify Countermeasures, Costs and
Trade-offs
  • Perform physical security survey
  • Specific Weaknesses Identified
  • Identify countermeasures and costs to implement
  • Conduct cost-benefit analysis
  • Prioritize options and recommend to decision
    makers.


18
19
Critical Facility Risk Value Table
19

20
Step 5, cont.

20
Source DOE VRAP
21
Implementation Process Examine setting
  • History of security incidents
  • Neighborhood
  • Type of facility (operations, function)
  • Visibility (High profile, Publicized)
  • Identify assets
  • Determine critical assets
  • Prioritize assets


21
22
Identify threats (Spectrum of Threats)
  • Weather - unintentional, natural, accidental
  • Vandalism - intentional
  • Activism - intentional
  • Criminal - intentional
  • Terrorism - intentional


22
23
Determine potential risks
  • Prioritize consequences
  • Cost impact
  • Impact on the Company (based on Business Unit
    definition)
  • Psychological impact (shock, fear, panic,
    perceived danger, adverse publicity)


23
24
Determine effectiveness of existing physical
security measures
  • Access control (keys/locks, electronic card
    access system, ID cards, personnel)
  • Physical barriers (fence, gates, walls, doors,
    windows, vents, vehicular barriers)
  • Intrusion detection (perimeter sensors, interior
    sensors, annunciation)
  • Assessment (guards, cameras)
  • Response (guards, local law enforcement agencies)
  • Deterrents (signs, lighting, environmental
    design, training)


24
25
Determine mitigating strategies
  • Contingency plans
  • Alternate plans
  • Recovery plans
  • Redundancies
  • Emergency response and recovery
  • Business continuity plans
  • Critical spares


25
26
Recommend security enhancements
  • Cost projections
  • Cost-benefit analysis
  • Recommendations
  • Prudent baseline security measures (deterrence)
  • Enhanced security measures


26
27
Key Considerations Its not just the grid thats
critical.
  • Computer Centers
  • Control Centers
  • Call Centers
  • Treasury Department
  • Mail Processing Facilities
  • Equipment Storage Facilities
  • Transportation Centers
  • Each play a major roll in sustaining and
    restoring operations and should not be
    overlooked.


27
28
Critical Facilities Change
  • A process of evaluating critical facilities on an
    ongoing basis should be in place.
  • Recommend…..an Annual re-evaluation.


28
29
NERC Threat Response Guideline

30
Homeland Security Advisory System
SEVERE Severe Risk of Terrorist Attacks
HIGH High Risk of Terrorist Attacks
ELEVATED Significant Risk of Terrorist Attacks
GUARDED General Risk of Terrorist Attacks
LOW Low Risk of Terrorist Attacks

Source Office of Homeland Security
30
31
DHS Advisory System Low Condition - Green
  • Definition
  • No known threat exists of terrorist activity
  • General concern about criminal activity
  • Security measures … maintainable indefinitely
  • Response
  • Normal security operations procedures
  • Occasional workforce messages
  • Annually review all security, threat and disaster
    recovery plans
  • Focus … deterrence


31
32
DHS Advisory System, cont. Guarded Condition -
Blue
  • Definition
  • General threat exists for terrorist or criminal
    activity
  • Additional security measures recommended
  • Maintainable for an indefinite period of time
  • Response
  • Workforce awareness messages … Observe and
    Report
  • Review all security plans
  • Focus … deterrence


32
33
DHS Advisory System, cont. Elevated Condition -
Yellow
  • Definition
  • General threat exists for terrorist or criminal
    activity directed against the electric industry
  • Response
  • Implementation of additional security measures is
    expected
  • Measures to last for an indefinite period of time
  • Increase surveillance
  • Coordinate emergency plans with Law Enforcement
  • Notify key responders and on-call personnel
  • Focus … deterrence and response


33
34
DHS Advisory System, cont. High Condition - Orange
  • Definition
  • Credible threat exists of terrorist or criminal
    activity directed against the electric industry
  • Response
  • Ensure all gates and doors are locked and
    monitored
  • Enhance security screening for all personnel,
    deliveries and packages
  • Conduct table-top exercises
  • Review all plans response, recovery, and
    business continuity
  • Focus … Prevention


34
35
DHS Advisory System, cont. Severe Condition - Red
  • Definition
  • Incident occurs or credible intelligence
    information is received targeting electric
    industry
  • Attack is imminent or has occurred
  • Response
  • Send non-essential personnel home
  • Stop all non-alert tours and visits
  • Stop all mail and package deliveries directly to
    the site
  • Inspect all vehicle entering sites
  • Brief and review all emergency plans with all key
    personnel on their responsibilities
  • Focus … Prevention


35
36
Threat Condition Factors
  • Is the threat credible?
  • Is the threat corroborated?
  • Is the threat specific or imminent?
  • How grave is the threat?


36
37
DHS Threat Conditions
  • May apply
  • Regionally
  • By Sector
  • Potential Target
  • Response actions are cumulative as threats
    increase in severity
  • Actions are intended to
  • Reduce Vulnerability
  • Deter or Prevent Incidents
  • Improve Recovery


37
38
Implementation Considerations
  • Integrate NERC threat levels in all security and
    emergency response plans
  • Notify local law enforcement (County Sheriff) of
    threat level changes.
  • Company security awareness briefings should
    address
  • The NERC Threat Response procedures and their
    responsibilities
  • Vigilance
  • Observe and report


38
39
Recommendations
  • Subscribe to the Critical Infrastructure Open
    Source Daily Report through NERC
  • Register to be a participant in the ESISACs
    Critical Infrastructure Protection Information
    System (CIPIS)


39
40
NERC Physical Security

41
Elements of Physical Security
Signs, Patrols, Lighting, Fencing
Deter
Barriers, Security Officers, Police
Sensors, Patrols, Door Alarms
Delay Respond
Detect
Assess Communicate
Cameras, Central Alarm Station Monitoring
41
42
Implementation Strategy… Physical Security Site
Survey
  • Document Status … critical facilities
  • NERC Guidelines
  • Security plans
  • Assists in I.D. priorities for security projects
  • Checklist format
  • Sample Topics for Survey Checklist
  • Access Controls (entry exit)
  • Key control, signage
  • Visitor policies
  • Badging
  • Signage
  • Escort policies

42
43
Physical Security Site Survey, cont.
  • Barriers
  • Walls, fences, gates, locks, etc
  • Yard areas and vehicle parking
  • Lighting
  • Perimeter and gates
  • Facility entrances
  • Policies and Procedures
  • Pre-employment
  • Evacuation
  • Bomb threats
  • Mail room
  • Deliveries
  • Property control

43
44
Physical Security Site Survey, cont.
  • Closed Circuit Television (CCTV) and Recording
  • Alarms and Surveillance Systems
  • Testing
  • Maintenance
  • Communications
  • Liaison with Police Agencies
  • Incident Reporting
  • I.T./Cyber Security
  • Control Rooms

44
45
Physical Security Site Survey, cont.
  • Security Operations and Procedures
  • Guard force … Supervision, policies, training,
    etc.
  • Policies and procedures
  • Security Awareness Programs
  • Vulnerability Assessment and Risk Mitigation
  • Threat definitions
  • I.D. of critical assets
  • Emergency planning
  • Recovery plans
  • Critical spares
  • Countermeasures

45
46
Implementation Strategy… Critical Substation
  • Company Developed Standard … addresses
  • Perimeter Security
  • Masonry walls
  • Micro-mesh fencing
  • Razor ribbon
  • Heavy gates
  • Access Control
  • Proximity badges for site access
  • Access cards integrated with
  • Perimeter alarm
  • Intrusion alarm on control house
  • CCTV
  • Keys … only for Emergency Access
  • Very limited distribution
  • High security cores
  • Controlled key blanks

46
47
Critical Substation, cont.
  • Perimeter Alarm System
  • Microwave IDS
  • Integrated with card access and CCTV
  • Control building entrances
  • Door contact switches
  • CCTV System
  • Monitors
  • Vehicle entrances
  • Building entrances
  • Substation yards
  • Communication and Recording … Security operations
    center
  • Digital recording
  • Video streaming on computer monitors
  • 24X7 security operations center
  • Proprietary
  • Subcontract

47
48
Critical Substation, cont.
  • System Monitoring … Card access, alarms and CCTV
  • Provides Assessment
  • Assures notification
  • Implements response
  • Site Security Staffing
  • Employees trained to observe and report
  • Roving patrols
  • Police
  • Subcontract service

48
49
NERC Considerations for Countermeasures

50
Mitigation and Countermeasures for
Vulnerabilities
  • Security Countermeasures
  • Badging System
  • Visitor Escorting
  • Electronic Card Keys
  • Locking Procedures
  • CCTV (Recorded)
  • Vehicle Control and Accountability
  • Alarms


51
Law Enforcement
  • System Orientation
  • Patrol Support
  • Response Plan Inclusion
  • Key Telephone Numbers (7x24)
  • Facility Orientation


51
52
Annual Plan Review and Orientation
  • Business Continuity
  • Emergency Response
  • Security Plan (Physical and Cyber)
  • Control Room Procedures

52

53
Security Awareness Program
  • Observe and Report Suspicious Activity
  • Vigilance at Critical Facilities
  • Protection of Company Assets
  • Security Procedures
  • Threat Response (Bomb, Letter, Package, Etc.)
  • Security Threat Response Levels


53
54
Proper First Response Training
  • HAZMAT
  • Explosion
  • Security / Law Enforcement Coordination
  • Routine and Scheduled Maintenance of Security
    Equipment
  • Lighting
  • Fencing
  • Alarms
  • CCTV
  • Access Equipment


54
55
  • Assessing Spare Parts
  • Identify Critical Components
  • Properly Secured in Storage
  • Periodically inventoried
  • Key Personnel and Responders
  • Orientation on Notification Procedures
  • Wallet Card
  • Knowledgeable of All Emergency Plans, Assessments
    and Surveys.


55
56
Recovery and Restoration
  • Mutual Assistance Agreements
  • Business Continuity Plans
  • Annual Review and Testing of Response Plans
  • Documenting Lessons Learned after an incident
  • Critical Spares Inventory

56

57
Pre-Employment Screening
  • Mitigates Insider Threat
  • Serves as a Deterrent


57
About PowerShow.com