NERC Critical Infrastructure Protection Advisory Group CIP AG - PowerPoint PPT Presentation

1 / 28
About This Presentation
Title:

NERC Critical Infrastructure Protection Advisory Group CIP AG

Description:

Each company defines and identifies its own critical facilities and functions. ... Critical Facility ... as on e of the eight critical infrastructures ... – PowerPoint PPT presentation

Number of Views:84
Avg rating:3.0/5.0
Slides: 29
Provided by: detr2
Category:

less

Transcript and Presenter's Notes

Title: NERC Critical Infrastructure Protection Advisory Group CIP AG


1
NERC Critical Infrastructure ProtectionAdvisory
Group(CIP AG)
  • Electric Industry Initiatives
  • Reducing
  • Vulnerability To Terrorism

2
September 11, 2001 Industry Implications
Significant change to the Security
Environment Increased Security focus and
costs Threat of imposed Federal and State
legislation Company over-reaction Company
under-reaction
3
Post 9/11 Reactions
4
CIP AG Overview
5
Security Guidelines
  • Guiding Principles
  • Each company defines and identifies its own
    critical facilities and functions.
  • Each company assesses the usefulness of the
    Guidelines individually and adapts them as
    needed.
  • The Guidelines are living documents, expected to
    change.
  • Implemented and supported by workshops for
    industry

6
Initiatives
  • CIPAG
  • Security Guidelines
  • Threat Conditions and Response
  • FERC Assist
  • Spare Parts Database
  • PKI

7
Security Guidelines
  • Executive Summary
  • The Guidelines describe
  • general approaches
  • considerations
  • practices
  • planning philosophies
  • The Guidelines are NOT a cookbook for
    protection.

8
Security Guidelines
  • Definitions
  • Critical Facility
  • Any facility or combination of facilities, if
    severely damaged or destroyed would
  • have a significant impact on the ability to serve
    large quantities of customers for an extended
    period of time,
  • have a detrimental impact to the reliability or
    operability of the energy grid, or
  • cause significant risk to National security,
    National economic security, or public health and
    safety.

9
Security Guidelines
  • Guideline Topics
  • Vulnerability and Risk Assessment
  • Threat Response
  • Emergency Management
  • Continuity of Business Processes
  • Communications
  • Physical Security
  • IT/Cyber Security
  • Employment Screening
  • Protecting Sensitive Information

10
Security Guidelines
  • Guideline Topics
  • Vulnerability and Risk Assessment
  • Helps identify critical facilities, their
    vulnerabilities, and countermeasures.
  • Threat Response
  • Helps in developing plans for enhanced security.

11
Security Guidelines
  • Guideline Topics
  • Emergency Management
  • Better prepares companies to respond to a
    spectrum of threats, both physical and cyber.
  • Continuity of Business Practices
  • Reduces the likelihood of prolonged
    interruptions and enhances prompt resumption of
    operations after interruptions occur.

12
Security Guidelines
  • Guideline Topics
  • Communications
  • Enhances the effectiveness of threat response,
    emergency management, and business continuity
    plans.
  • Physical /Cyber Security
  • Mitigates the impact of threats through
    deterrence, prevention, detection, limitation,
    and corrective action.

13
Security Guidelines
  • Guideline Topics
  • Employment Screening
  • Provides strategies to mitigate insider
    threats.
  • Protecting Sensitive Information
  • Production, storage, transmission, and disposal
    of both physical and electronic information

14
Security Guidelines
  • Reference Documents
  • An Approach to Action for the Electricity Sector
    (NERC, June 2001)
  • Threat Alert Levels and Physical Response
    Guidelines (NERC, November 2001)
  • Threat Alert Levels and Cyber Response Guidelines
    (NERC, March 2002)

15
ThreatCon and Response Guidelines
  • The Guidelines
  • Define Threat Alert Levels for Alerts issued by
  • ES-ISAC
  • NIPC
  • Other government agencies
  • (Excludes facilities regulated by the NRC)
  • Ensure that electric Threat Alert Levels are
    consistent with information from other sources
  • Provide examples of security measures
  • Supported with workshops

16
ThreatCon and Response Guidelines
  • Threat Alerts / Threat Conditions
  • Can be issued
  • for a specific geographic area
  • for a specific facility
  • by category - such as a specific type of facility

17
Threat Alert Level Definitions
  • THREATCON-NORMAL
  • Applies when no known threat exists.
  • Is equivalent to normal daily conditions.
  • Security measures should be maintainable
    indefinitely.
  • THREATCON-LOW
  • Applies when a general threat exists with no
    specific threat directed against the electric
    industry.
  • Additional security measures are recommended.
  • Added security should be maintainable for an
    indefinite period with minimum impact on the
    organization.

18
Threat Alert Level Definitions
  • THREATCON-MEDIUM
  • Applies with increased or more predictable threat
    to the electric industry.
  • Implementation of additional security measures is
    expected.
  • Increased measures are anticipated to last for a
    defined time.
  • Significant increases in corporate resources will
    be required.
  • THREATCON-HIGH
  • Applies when an incident occurs or a credible
    threat is imminent.
  • Maximum security measures are necessary and are
    expected to
  • cause hardships on personnel,
  • seriously impact normal operations, and
  • may be economically unsustainable for more than a
    short time.

19
FERC Request
  • FERC requested NERC to develop security standards
    for inclusion to Standard Market Design NOPR
  • CIPAG picked-up the Gauntlet
  • NERC BoT approved CIPAG participation on June 14,
    2002

20
FERC Request
  • Minimum Daily Requirements
  • Achievable
  • Granular
  • Cyber focused
  • Inter-connection focused

21
FERC Request
  • Final draft to FERC July 26
  • SMD NOPR released July 31 for general public
    review, comment
  • Final SMD ruling late October or early November
  • Effective date of compliance 2004
  • Annual signed self certification

22
FERC Request
  • All future standards to be developed and
    maintained by NERC
  • All future FERC rule making on standards will
    refer to NERC standards

23
Spare Equipment Database
  • Expanding database created in 1989
  • Spare EHV transformers in case of national
    emergencies
  • Web based on a secure server
  • Other equipment to be included

24
PKI
  • Needed because of the reliance on computer based
    systems and applications
  • Evaluate potential Certificate Authorities
  • Develop an integrated PKI architecture and
    deployment strategy
  • Resolve technical issues
  • Create web based training materials

25
ES ISAC
  • PDD 63 Identified electricity as on e of the
    eight critical infrastructures
  • NERC sector coordinator for electricity
  • IAW Program
  • Website
  • CIPAG oversight body for ISAC
  • Collect, Analyze and Disseminate information

26
Pulling Together
27
Available on the Web
  • www.nerc.com Committees CIPAG Related
    Files

28
One Last Thought!
  • Security is always excessive until its not
    enough
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "NERC Critical Infrastructure Protection Advisory Group CIP AG" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!