Office of Cybersecurity, Energy Security and Emergency Response NASEO 2019 Southeast Regional Meeting Energy Security Roundtable: Comparing and Sharing Emerging Planning, Preparedness, and Response Solutions April 2019 OFFICIAL USE ONLY
Cyber Threats and National Cyber Strategy “China has the ability to launch cyber attacks that cause localized, temporary disruptive effects on critical infrastructure — such as disruption of a natural gas pipeline for days to weeks — in the United States .” “Federal departments and agencies, in cooperation with state, local, tribal, and territorial government entities, play a critical role in detecting, preventing, disrupting, and investigating cyber threats to our Nation .” “ Russia has the ability to execute cyber attacks in the United States that generate localized, temporary disruptive effects on critical infrastructure — such as disrupting an electrical distribution network for at least a few hours — similar to those demonstrated in Ukraine in 2015 and 2016 .” 2 OFFICIAL USE ONLY
DOE’s Sector Specific Agency (SSA) Authorities FAST Act (2015) Codified DOE’s SSA Role PPD-21 – Establishes a s hared responsibility PPD-41 – Federal Government’s among the Federal government, SLTT response to any cyber incident involving entities, and public and private owners and government or private sector entities operators for CI security and resilience U.S. Department of Energy (DOE) Office of CESER Infrastructure Security and Energy Restoration (ISER) Division State, Local, Oil and Natural Electricity Energy Emergency Tribal, and Gas Subsector Subsector Government Support Territorial Coordinating Coordinating Coordinating Function Governments Council Council (ESCC) Council (EGCC) #12 – Energy (SLTT) (ONG SCC) 3 OFFICIAL USE ONLY
CESER Collaboration Across the Energy Sector State, Local, Tribal and Territorial (SLTT) Program • Tom Fanning, Southern 2019 Company 2019 • Tamara Lance, Atmos Energy Leadership • Kevin Wailes, Lincoln Electric Leadership • Jillian Sulley, Devon Energy • Duane Highley, Tri-State Owner and • APPA, Canadian Electricity • AXPC, AFPM, AGA, API, APGA, AOPL, Steering Association, EEI, EPRI, EPSA, Operator ESC, GPA, IPAA, IADC, ILTA, INGAA, Committee NIAC, NRECA, NERC, ISO/RTO Trade NACS, NOIA, NPGA, OMSA, OOC, Council PMAA, SIGMA, TXOGA, and USOGA Associations • Vision and Planning Associate • Threat Information Sharing • Canadian Association of Petroleum Working Member Producers • Industry-Government Groups Coordination • Canadian Energy Pipeline Association Trade • Research & Development Associations • Cross-Sector Liaisons 4 OFFICIAL USE ONLY
Cyber Analytics Techniques and Tools (CATT™) 2.0 Concept ONG Pilot CyOTE TM DOE funded tool + 30 Pilot development for Oil and Natural Gas situational DOE funded awareness Two-way data sharing expansion of CRISP and analysis within the OT environment CRISP CATT TM 2.0 Energy Sector DOE developed tool for Company/ IT and OT compatible NERC E-ISAC IT framework for situational infrastructure Vendor Sensors awareness and actionable situational awareness analytics collaboration Downstream Natural Gas Electricity ISAC Oil & Natural Gas ISAC ISAC Energy Sector 5 OFFICIAL USE ONLY
State Energy Security Preparedness and Response • NARUC Cyber Manual Toolkit • EEAC Calls and Emails • NASEO Guidance for States on Petroleum • Incident Calls Shortage Response Planning • Situational Awareness (EAGLE-I) • NCSL Hardening the Grid Report • DOE Situation Reports • LBNL Cybersecurity Cost-Recovery Support for Reports Response and Tools Effort Workshops Technical and Assistance Exercises • Regional Cybersecurity Training State Energy Security Planning and • Viking Shadow Workshop 2018 Strategies • Petroleum Shortage Workshop 2019 NASEO Energy Security Accelerator • USVI Preparedness Workshop Energy Security Online Training (under development) 6 OFFICIAL USE ONLY
Exercises and Workforce Development and Training Liberty Eclipse Clear Path Cyber Strike Cyber Force 7 OFFICIAL USE ONLY
Options for States • Clarify state agency roles and responsibilities for cybersecurity • Meet with the State Homeland Security Advisor • Consider cybersecurity in all-hazard energy security planning • Protect critical energy infrastructure data and information by working with the state information security officer • Collaborate with public utility commissioners to explore the adoption and deployment of new technologies or processes • Participate in cyber response exercises • Leverage the National Guard 8 OFFICIAL USE ONLY
State Energy Offices Checklist ▪ Emergency Response Planning Functions ✓ Update the Energy Assurance Plan regularly (and share with ISERnet) ✓ Understand state roles’ and responsibilities prior, during, and after an energy emergency response ✓ Know the federal role and federal support that is available to states ▪ Emergency Response Logistics ✓ Check EAGLE-I Login Information: https://eagle-i.doe.gov/login ✓ Check Energy Emergency Assurance Coordinator (EEAC) contact information in ISERnet: https://www.oe.netl.doe.gov/ISERNET/login.aspx ✓ Consult the Energy Waiver Library: https://www.energy.gov/ceser/energy-waiver-library ✓ Track DOE Situation Reports during a major disruption: https://energy.gov/ceser ✓ Know your DOE Regional Coordinator: See map and email energyresponsecenter@hq.doe.gov for contact information. 9 OFFICIAL USE ONLY
CESER Contact Information Kate Marks Sector Engagement Kate.Marks@hq.doe.gov 202-586-9842 Kirsten Verclas Fellow Kirsten.Verclas@hq.doe.gov 202-586-0162 10 OFFICIAL USE ONLY
Recommend
More recommend
