Metric Challenges Bheshaj Krishnappa Risk Analysis & Mitigation
About RF ReliabilityFirst preserves and enhances bulk power system reliability and security across 13 states and the District of Columbia. The Boundaries of ReliabilityFirst include all of New Jersey, Delaware, Pennsylvania, Maryland, District of Columbia, West Virginia, Ohio, Indiana, Lower Michigan and portions of Upper Michigan, Wisconsin, Illinois, Kentucky, Tennessee and Virginia. 2 Forward Together • ReliabilityFirst
Data sets and Metrics approach -1 NERC CIP and O&P standards • NERC Standards CIP-002 through CIP-014 covering areas of BES Cyber System Categorization, Security Management Controls, Personnel & Training, Electronic Security Perimeter(s), Physical Security of BES Cyber Systems, Systems Security Management, Incident Reporting and Response Planning, Recovery Plans for BES Cyber Systems, Configuration Change Management and Vulnerability Assessments, Information Protection and Physical Security CIP standard violations (representative chart) 14 12 12 10 9 8 6 6 5 4 4 2 2 1 1 0 CIP-002 - Critical CIP-003 - CIP-004 - CIP-005 - CIP-006 - CIP-007 - CIP-008 - CIP-009 - Cyber Asset Security Personnel and Electronic Physical Security Systems Security Incident Recovery Plans Identification Management Training Security Management Reporting and for Critical Cyber Controls Perimeter(s) Response Assets Planning 3 Forward Together • ReliabilityFirst
Data sets and Metrics approach -2 DOE Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) • A maturity model to evaluate, prioritize, and improve cybersecurity capabilities. The areas assessed are Cybersecurity Program Management (CYBER), Asset, Change, and Configuration Management (ASSET), Information Sharing and Communications (SHARING), Identity and Access Management (ACCESS), Threat and Vulnerability Management (THREAT), Event and Incident Response, Continuity of Operations (RESPONSE), Risk Management (RISK), Situational Awareness (SITUATION), Workforce Management (WORKFORCE) Comparison chart of ES C2M2 domains in RFC region against all of NERC (representative chart) 3000 2692 2611 2465 2465 2500 2378 2000 CIP VIolations 1685 1500 1309 RFC 1085 NERC 1000 686 657 591 550 550 515 500 344 333 275 162 0 Risk Management Identity and Access Situational Awareness Event and Incident Cybersecurity (RISK) Management (SITUATION) Response, Continuity Program (ACCESS) of Operations Management (RESPONSE) (CYBER) 4 Forward Together • ReliabilityFirst
Challenges to Resilience metrics Point in time data • Compliance statistics ‒ Violation history based on audits ‒ Cyber assets and vulnerabilities Lack of Incident Response metrics • Dwell time, Containment time, Remediation time Lack of benchmark data for "Mean Time To Repair" or "Mean Time To Restore“ to measure resilience Lack of adoption of NIST CSF and availability of real-time data to assess Prevent, Detect, Respond, and Recover capabilities 5 Forward Together • ReliabilityFirst
Resilience metrics - Opportunities Research on measurement of resilience indicators • Share existing methods of cyber resilience measurement/ approaches • Engage larger or targeted stakeholders to pilot projects and build upon Explore centralized data store and access • ICS CERT, Assets database, threats and vulnerability database, etc., Explore NIST Cybersecurity Framework / CERT Resilience Management Model to derive resilience metrics 6 Forward Together • ReliabilityFirst
Questions & Answers Forward Together ReliabilityFirst 7 Forward Together • ReliabilityFirst
Recommend
More recommend
