information sharing
play

INFORMATION SHARING IN THE ELECTRICITY SUB-SECTOR SEPTEMBER 20, - PowerPoint PPT Presentation

Jun 24, 2023 •7 likes •197 views

ANNUAL INDUSTRY WORKSHOP NOVEMBER 6-7, 2013 INFORMATION SHARING IN THE ELECTRICITY SUB-SECTOR SEPTEMBER 20, 2013 SCOTT R. MIX, CISSP CIP TECHNICAL MANAGER, NERC TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.ORG 1 UNIVERSITY

  1. ANNUAL INDUSTRY WORKSHOP NOVEMBER 6-7, 2013 INFORMATION SHARING IN THE ELECTRICITY SUB-SECTOR SEPTEMBER 20, 2013 SCOTT R. MIX, CISSP CIP TECHNICAL MANAGER, NERC TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.ORG 1 UNIVERSITY OF ILLINOIS | DARTMOUTH COLLEGE | UC DAVIS | WASHINGTON STATE UNIVERSITY FUNDING SUPPORT PROVIDED BY DOE-OE AND DHS S&T

  2. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G • The views and opinions expressed in this presentation are those of the presenter, and do not represent those of the North American Electric Reliability Corporation 2

  3. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G EXECUTIVE ORDER (EO) 13636 AND PRESIDENTIAL POLICY DIRECTIVE (PPD) - 21 • In February 2013, the President announced two new policies: – EO 13636: Improving Critical Infrastructure Cybersecurity • Develop a technology-neutral cybersecurity framework • Promote and develop incentives for the adoption of cybersecurity practices • Enhance cybersecurity information sharing • Strengthen privacy and civil liberties protections 3

  4. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G EO 13636 AND PPD-21 – PPD-21: Critical Infrastructure Security and Resilience • Develop a near real-time situational awareness capability • Evaluate and mature the public-private partnership • Update the National Infrastructure Protection Plan (NIPP) • Develop a comprehensive research and development plan 4

  5. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G EO 13636 AND PPD-21 • NERC and industry experts represent the Electricity Sub- sector on all implementation working groups: – Stakeholder Engagement – Cyber-Dependent Infrastructure Identification (CDII) – Planning and Evaluation – Situational Awareness and Information Exchange (SAIE) – Incentives – Framework Collaboration – Assessments: Privacy and Civil Rights and Civil Liberties – Research and Development (R&D) 5

  6. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G EO 13636 AND PPD-21 WORKING GROUPS • Cybersecurity Framework Development – Work with the National Institute of Standards and Technology (NIST) to develop a voluntary, repeatable cybersecurity framework consisting of industry standards, guidelines, and best practices to promote the protection of critical infrastructure • Industry contribution via Requests for Information (RFI), workshops, and working group meetings • Status: Final draft was released on October 22; NIST will open a 45-day public comment period on the Preliminary Framework and plans to release the official framework in February 2014 6

  7. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G EO 13636 AND PPD – 21 WORKING GROUPS • CDII – Collaborate with industry and the Department of Energy to identify critical infrastructure where a cyber incident could result in catastrophic effects • Status: The Department of Homeland Security (DHS) will notify selected entities in fall 2013 that they have cyber dependent infrastructure and provide procedures for appeals from such designation 7

  8. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G EO 13636 AND PPD – 21 WORKING GROUPS • Planning and Evaluation – Update the NIPP to coordinate public-private efforts to improve infrastructure security and resiliency • Address international cooperation and interdependencies, develop policies for coordination, and address global issues such as foreign investment and supply chains • Industry contribution via RFIs, writing sessions, and draft comments • Status: Final draft was released on October 22; final document will go to the White House on November 8 8

  9. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G EO 13636 AND PPD – 21 WORKING GROUPS • Incentives – Direct the study of incentives for participating in the voluntary critical infrastructure cybersecurity program • Status: In June 2013, the Department of Treasury, the Department of Commerce, and DHS issued a report that recommended the Administration analyze six incentive categories to encourage industry participation in the cybersecurity program • DHS and Sector-Specific Agencies will socialize incentive recommendations with the revised NIPP and Cybersecurity Framework 9

  10. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G EO 13636 AND PPD-21 WORKING GROUPS The remaining working groups continue to meet, but are less active at this time: • SAIE is tasked with identifying functional relationships across the Federal Government and developing a situational awareness capability for critical infrastructure • R&D is tasked with developing a critical infrastructure security and resilience R&D plan – Revised NIPP and the Cybersecurity Framework will contribute to this plan – Initial plan will be released in early 2014 • Assessments: Privacy and Civil Rights and Civil Liberties coordinates with representatives from across the interagency to assess civil rights and civil liberties impacts (government only) • Stakeholder Engagement coordinates outreach to stakeholders throughout the implementation process • Voluntary Programs supports the adoption of the Cybersecurity Framework by owners and operators of critical infrastructure and any other interested entities 10

  11. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G IMPROVING INFORMATION SHARING • NERC Critical Infrastructure Protection Committee (CIPC) Electricity Sector Information Sharing Task Force (ESISTF) report – Approved by NERC CIPC June 11, 2013 – Endorsed by Electricity Sub-sector Coordinating Council July 11, 2013 – Accepted by NERC Board of Trustees August 15, 2013 – http://www.nerc.com/comm/CIPC/Electricity%20Secto r%20Information%20Sharing%20Task%20For1/Electr icity%20Sector%20Information%20Sharing%20Task %20Force%20Report.pdf 11

  12. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G INFORMATION SHARING REPORT: PATHS 12

  13. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G INFORMATION SHARING REPORT: RECOMMENDATIONS 1. Cultivate a trusting information-sharing environment 2. Promote recognition of the Electricity Sector Information Sharing and Analysis Center (ES- ISAC) role as the Electricity Sub- sector’s central hub for physical and cyber threat information sharing 3. Reduce complexity and redundancy of the reporting system 4. Implement technology to encourage unattributed information sharing 5. Improve information aggregation and collaborative analysis at the ES-ISAC 13

  14. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G ES-ISAC ACTIVITIES: COLLABORATION AND COORDINATION Government Partners ES-ISAC Other ISACs 14

  15. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G ES-ISAC ACTIVITIES: THE PORTAL IOC Notice AOO Newsfeed, Reports, Weekly Watchlist Entries, Updates, Aggregated Lists, Webinar Notes, Anonymously Blacklists NERC Alerts share security (repost) incident File download information, links for auto- generates informing your report for your security use, VERIS controls with framework regular updates (beta) Auto- notice updates via Email 15

  16. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G ES-ISAC ACTIVITIES: INDEX AND AOO Wider audience, including US Limited to Asset Owner & ES- and Canadian Government ISAC Staff agencies, regions, etc “Read/Write” “Read Only” Actionable Information News-worthy Information VS Explicit Information Handling Expectations 16

  17. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G ES-ISAC ACTIVITIES: BACK END WORKFLOW CIB Storage & Portal Processing WASP gephi OpenIOC/ MongoDB / blocklists STIX etc BSON Industry Looking reports Glass Node / edge CSVs OSInt , model etc (relationships) OpenIOC/ STIX etc 17

  18. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G ES-ISAC ACTIVITIES: CONTACT INFORMATION ES-ISAC Portal Are your security points of contact signed up? Asset Owners and Operators personnel may register a portal user account by visiting https://www.esisac.com/register.aspx Please share malicious activity information via EST (beta) on the portal and further advising via esisac@nerc.com Orlando Stevenson, ES-ISAC Cyber Security Specialist- Critical Infrastructure Office: 202-644-8077, Mobile: 202-360-2365 Orlando.Stevenson@nerc.net 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AML & Fraud Information Sharing Sean OMalley Money Laundering and Information Sharing

AML & Fraud Information Sharing Sean OMalley Money Laundering and Information Sharing

AML & Fraud Information Sharing Sean OMalley Money Laundering and Information Sharing Magnitude of Money Laundering Suspicious Activity Report (SAR) filings Information Sharing Mechanisms Challenges and Possible Solutions

518 views • 13 slides
UTSA Information Sharing and Coordination Initiatives collaboration and coordination to

UTSA Information Sharing and Coordination Initiatives collaboration and coordination to

Secure Information and Resource Sharing in Cloud Infrastructure as a Service Cyber Incident Response Models for Information and Resource Sharing Amy(Yun) Zhang, Ram Krishnan, Ravi Sandhu Institute for Cyber Security University of Texas at San

219 views • 17 slides
Information Session Ag Agenda 1. SME information 2. Ministry Sharing Background Overview of

Information Session Ag Agenda 1. SME information 2. Ministry Sharing Background Overview of

Ministry Sharing Information Session Ag Agenda 1. SME information 2. Ministry Sharing Background Overview of Ministry Sharing Options Discussion Questions & Answers Mi Mini nistry Sha y Shari ring ng Why You Might Consider

324 views • 17 slides
INFORMATION SHARING (The role, if any, of s.8 of the Charter) By: Michael Fawcett Crown

INFORMATION SHARING (The role, if any, of s.8 of the Charter) By: Michael Fawcett Crown

INFORMATION SHARING (The role, if any, of s.8 of the Charter) By: Michael Fawcett Crown Counsel Crown Law Office Criminal Michael Lacy Brauti Thorning Zibarras LLP WHAT IS INFORMATION SHARING? Information sharing means the

912 views • 38 slides
UPDATE Crisis and Situational Awareness Work Group (CASAWG) Creating An Information Sharing

UPDATE Crisis and Situational Awareness Work Group (CASAWG) Creating An Information Sharing

UPDATE Crisis and Situational Awareness Work Group (CASAWG) Creating An Information Sharing Environment A Federated Approach to Information Sharing May 6 SCP meeting CASAWG presented a plan of action to incorporate information sharing

159 views • 11 slides
s rsrt Case study: information sharing

s rsrt Case study: information sharing

s rsrt Case study: information sharing in incident response Tyler Moore Phishing attacks Challenges of information sharing To combat phishing attacks, defenders take down the

913 views • 13 slides
Sharing and non sharing of work related information amongst scholars within the field of

Sharing and non sharing of work related information amongst scholars within the field of

2012 03 28 Sharing and non sharing of work related information amongst scholars within the field of design research ola.pilerot@hb.se 1 2012 03 28 COMPILATION THESIS Where Where is my is my project project located

341 views • 9 slides
Information Sharing: The Paradox Andrew Cormack Chief Regulatory Adviser, Janet Privacy needs

Information Sharing: The Paradox Andrew Cormack Chief Regulatory Adviser, Janet Privacy needs

Information Sharing: The Paradox Andrew Cormack Chief Regulatory Adviser, Janet Privacy needs help The information sharing paradox Sharing information protects privacy Prevents/mitigates privacy invasion by phishers, crackers,

362 views • 18 slides
Information Sharing with Police Seamus Watson PHE DI Frankie Westoby Insert Presentation

Information Sharing with Police Seamus Watson PHE DI Frankie Westoby Insert Presentation

Information Sharing with Police Seamus Watson PHE DI Frankie Westoby Insert Presentation Title 1 History and Importance of Information Sharing Multi organisational process - links between people, care and treatment, objects and

358 views • 7 slides
Preventing cross-border bribery within the ASEAN Economic Community Information Sharing AIM

Preventing cross-border bribery within the ASEAN Economic Community Information Sharing AIM

Preventing cross-border bribery within the ASEAN Economic Community Information Sharing AIM Introduction to the practical aspects of intelligence and information sharing through formal (bilateral Mutual Legal Assistance agreements and

205 views • 8 slides
Information Sharing Protecting and using information responsibly to deliver better outcomes and

Information Sharing Protecting and using information responsibly to deliver better outcomes and

Privacy and Responsible Information Sharing Protecting and using information responsibly to deliver better outcomes and services to the community September 2019 Welcome to Country The Department of the Premier and Cabinet acknowledges the

565 views • 19 slides
Research Overview SBA Research Edgar R. Weippl Secure Information Sharing & Self Monitoring

Research Overview SBA Research Edgar R. Weippl Secure Information Sharing & Self Monitoring

Research Overview SBA Research Edgar R. Weippl Secure Information Sharing & Self Monitoring Amin Anjomshoaa, Vo Sao Khue, Nick Amirreza Tahamtan, Edgar Weippl Resource Sharing Resource Sharing Resource Sharing Integration with data

836 views • 45 slides
Challenges & Developments in Data Sharing & Linking Nicky Tarry, Information Governance

Challenges & Developments in Data Sharing & Linking Nicky Tarry, Information Governance

Challenges & Developments in Data Sharing & Linking Nicky Tarry, Information Governance and Security Directorate Barriers to data sharing Explicit legislation to limit data sharing and impose penalties, e.g. section 123 of the

230 views • 9 slides
Information Sharing and User Privacy in the Third-party Identity Management Landscape Anna

Information Sharing and User Privacy in the Third-party Identity Management Landscape Anna

Information Sharing and User Privacy in the Third-party Identity Management Landscape Anna Vapen, Niklas Carlsson, Anirban Mahanti, Nahid Shahmehri Linkping University, Sweden NICTA, Australia 2 Information Sharing and User

246 views • 24 slides
CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom

CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom

CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom Austin San Jos State University Secret Sharing: Motivation Goal: make secret available, but make it hard to peek. Divide secret among

731 views • 48 slides
The Distributed File System (DFS) The sharing of stored information is perhaps the most important

The Distributed File System (DFS) The sharing of stored information is perhaps the most important

The Distributed File System (DFS) The sharing of stored information is perhaps the most important aspect of distributed resource sharing Introducing DFSs The design of large-scale wide-area read-write file storage systems poses problems of

1k views • 21 slides
The Sustainability of State and Local Government Pensions: A Public Finance Approach Jamie

The Sustainability of State and Local Government Pensions: A Public Finance Approach Jamie

The Sustainability of State and Local Government Pensions: A Public Finance Approach Jamie Lenney, Bank of England Byron Lutz, Federal Reserve Board of Governors Louise Sheiner, Brookings Institution September 2019 Disclaimers Federal Reserve

551 views • 29 slides
Science and Technology in Disasters Opportunities Revealed by Sandy CCICADA/DIMACS Workshop

Science and Technology in Disasters Opportunities Revealed by Sandy CCICADA/DIMACS Workshop

Department of Homeland Security Science & Technology Science and Technology in Disasters Opportunities Revealed by Sandy CCICADA/DIMACS Workshop on S&T Innovations in Hurricane Sandy Research Dr. Mitchell Erickson Interagency Office

397 views • 21 slides
World Bank Group Establishing effective state- business relations and measuring impact on

World Bank Group Establishing effective state- business relations and measuring impact on

World Bank Group Establishing effective state- business relations and measuring impact on governance & competitiveness Title goes here Subtitle goes here UNU WIDER Conference on LC2 Learning to compete: Industrial Development and

359 views • 20 slides
Bug Hunting with Structural Code Search Rijnard van Tonder @rvtond grep Regular expression

Bug Hunting with Structural Code Search Rijnard van Tonder @rvtond grep Regular expression

Bug Hunting with Structural Code Search Rijnard van Tonder @rvtond grep Regular expression search for plain text Good for bug hunting 2 grep example on libssh2 ALLOC\([^,]*,[^;]*[*][^;]*\); 3 [1]

1.03k views • 66 slides
Asymptotic Bayesian Generalization Error when Training and Test Distributions are Different

Asymptotic Bayesian Generalization Error when Training and Test Distributions are Different

Asymptotic Bayesian Generalization Error when Training and Test Distributions are Different Keisuke Yamazaki 1) Motoaki Kawanabe 2) Sumio Watanabe 1) Masashi Sugiyama 1) Klaus-Robert Mller 2), 3) 1) Tokyo Institute of Technology 2)

604 views • 37 slides
Design Techniques for Scalable, Sub-pJ/b Serial I/O Transceivers Samuel Palermo

Design Techniques for Scalable, Sub-pJ/b Serial I/O Transceivers Samuel Palermo

Design Techniques for Scalable, Sub-pJ/b Serial I/O Transceivers Samuel Palermo spalermo@tamu.edu Analog & Mixed-Signal Center Texas A&M University Outline Motivation Power-Scalable I/O Techniques Low-Power Clocking

675 views • 50 slides
Executive Order 13636 & Presidential Policy Directive 21 Ed Goff, Duke Energy Melanie

Executive Order 13636 & Presidential Policy Directive 21 Ed Goff, Duke Energy Melanie

Executive Order 13636 & Presidential Policy Directive 21 Ed Goff, Duke Energy Melanie Seader, EEI Agenda Executive Order 13636 Presidential Policy Directive 21 Nation Infrastructure Protection Plan Cybersecurity Framework

560 views • 18 slides
Accretion Disk Matt Coleman Institute for Advanced Study Boundary Layers mcoleman@ias.edu UNLV

Accretion Disk Matt Coleman Institute for Advanced Study Boundary Layers mcoleman@ias.edu UNLV

Accretion Disk Matt Coleman Institute for Advanced Study Boundary Layers mcoleman@ias.edu UNLV - Athena++ User Meeting - 3/20/19 The Boundary Layer P disk, ram > P , mag Where the disk meets the star MRI doesnt work How

305 views • 14 slides

More recommend