Role for Electric Sector in Critical Infrastructure Protection R - PowerPoint PPT Presentation


PPT – Role for Electric Sector in Critical Infrastructure Protection R PowerPoint presentation | free to view - id: 7dbe2-ZDc1Z


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Role for Electric Sector in Critical Infrastructure Protection R


Role for Electric Sector in Critical Infrastructure Protection R&D. Presented to NERC CIPC ... The NERC Critical Infrastructure Protection Committee's ... – PowerPoint PPT presentation

Number of Views:50
Avg rating:3.0/5.0
Slides: 14
Provided by: txuwillia


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Role for Electric Sector in Critical Infrastructure Protection R

Role for Electric Sector in Critical
Infrastructure Protection RD
Public Release
Presented to NERC CIPC Washington D.C. June 9,
2005 Bill Muston
  • What is the role of RD in the electric sector to
    assure its protection as a critical
  • What is the role of the electric sector in
    defining RD requirements, articulating those to
    the government, and in funding and conducting RD
  • What would be a good organizational framework for
    sector-wide RD coordination on CIP, and what
    role should CIPC fill?

Role of RD to Support Critical Infrastructure
  • Technological needs of the electric sector that
    can help mitigate security risks can be
  • RD needs so identified should be prioritized,
    and programs should be developed to accomplish
    those needs where the risk is judged to be high
  • RD needs might consist of needs that are unique
    to the electric sector
  • eg. Recovery transformer
  • RD needs might also include opportunities to
    adapt technology from other sectors or co-develop
    applications with other sectors
  • eg. Low cost sensors communications for
    intrusion detection

The Need for a Coordinating Role for RD
  • Present clear industry-consensus priorities to
    the U.S. Government regarding uses of federal
    funds for RD related to Electric Sector CIP
  • Clarify or establish our own role as an industry
    in funding RD, advising the government, hosting
  • Example Recovery transformer, as conceived in
    EPRI ISI, may represent a major opportunity for
    our industry in terms of critical
    vulnerabilities. Federal funding could
    substantially advance the effort. DHS recently
    advised our sector that it could not fund this.
    Is this truly a high-risk matter? Does the
    recovery transformer need to proceed? Should it
    have federal funding, or should it be
    accomplished by industry alone? What is the next
    industry action?
  • Example Cyber security of SCADA recognized
    area of emerging importance for further
    development. But what specific RD is important?
    What does our industry think are the roles of
    national labs, EPRI, private consultants,
    transmission owner/operators?

Role of CIPC Electric Sector Coordinating
Interim NIPP
  • The United States Government, through DHS, is
    asking the electric sector, as well as other
    critical infrastructures, to develop Sector
    Coordinating Councils
  • One of the roles envisioned for these Councils is
    to define the requirements for research and
  • The NERC Critical Infrastructure Protection
    Committees Executive Committee plus Mike Gent,
    the head of NERC, will constitute the Electric
    Sector Coordinating Council.

Sector Coordinating Councils
Interim NIPP
  • Concept established by DHS in the Interim NIPP
    February 2005
  • To be established by the Private Sector, not
  • Provide the framework for CI owners operators
    throughout a sector to --
  • Facilitate inclusive organization coordination
    of policy development, infrastructure-protection
    planning, and plan implementation activities
    within the sector
  • Identify and support the information-sharing
    mechanisms and capabilities (eg. ISACs) deemed
    most appropriate for the sector.
  • Provide a focused means for each CI to engage DHS
    and the Sector-Specific Agencies and to
    collaborate with them.

Sector Coordinating Councils -- Detailed
Interim NIPP
  • Facilitate inclusive organization and
    coordination of the policy development,
    infrastructure-protection planning, and plan
    implementation activities within the sector.
    Such activities include
  • broad-based planning
  • development of suggested practices and evolution
    of these practices over time to best-practice
  • promulgation of programs and plans and
  • development of requirements for
  • effective information sharing,
  • research and development, and
  • cross-sector coordination.
  • Identify and support the information-sharing
    mechanisms and capabilities (e.g., ISACs) deemed
    most appropriate for the sector
  • The core function of these information-sharing
    mechanisms and capabilities is to deliver alerts,
    warnings, and advisories to the sector and to
    share back with DHS and the SSAs information on
    both threats and incidents.

Uses for a Set of RD Requirements
  • Provide guidance to Congress, DHS, DOE, and other
    governmental organizations regarding appropriate
    uses of federal funds for RD for the electric
  • Means to reach industry consensus on what our own
    industry should do
  • Establish prioritized plans for collective action
  • Transmission owner/operators
  • ISOs RTOs
  • Reliability councils
  • Distribution owner/operators
  • Generation owner/operators
  • RD Organizations such as EPRI, CERTS, others
  • Universities, vendors, consultants
  • Utilize requirements to educate regulatory and
    legislative bodies
  • Costs cost recovery

Process to Establish RD Requirements
  • NERC CIPC provides an overall focal point
  • NERC CIPC provides a means for inclusive action
  • Utilize committee committee process
  • With regional councils and owner/operators via
    CIPC membership
  • Input from EPRI other industry RD entities
  • Input from vendors consultants

Stages of Security Actions
  • The National Infrastructure Protection Plan and
    National Response Plan define 7 stages of the
    NIPP process
  • Deterrence
  • Prevention
  • Protection
  • Preparedness
  • Manage Crisis and Respond
  • Recovery
  • Restoration
  • RD Requirements may span across all stages

Example of RD Requirements Across Stages
  • Substation Intruder Damages HV-to-MV
    Transformer SCADA Elements
  • Deter Design substation perimeter to deter an
    intruder from even attempting
  • Prevention Detect an intrusion to allow timely
  • Protection Design equipment to protect it from
    harm by an intruder, such as via a pipe bomb
  • Preparedness Standardized equipment design
  • Manage crisis respond Outage detected
    automatically. Problem identified automatically
    as being at the substation, not on feeders.
  • Recovery Feeders are switched to alternate
    sources to restore power to customers via remote
  • Restoration Standardized equipment processes
    are deployed to replace equipment and restore
    normal operation at this substation

Types of Risk to Consider is Establishing RD
  • Physical threats
  • Cyber threats
  • Personnel threats
  • Potential results from risk
  • Financial
  • Revenue loss, threat to financial stabilityt
  • Regulatory/legislative impact if perceived lack
    of preparedness
  • Societal Risk Power outage impacts
  • Direct impacts on customers
  • Direct impacts on other critical infrastructures
  • Eg. Telecom, water, law enforcement, banking
  • Impacts to the economy, if outage either
    widespread or prolonged

Summary Why CIPC?
  • Why place a new RD role on CIPC?
  • DHS request to Sector Coordinating Councils
  • Need opportunity to provide sector input to DHS
  • Need for industry view, not just views of
    individual companies
  • CIPC as inclusive organization