What are the risks, vulnerabilities, and potential consequences - - PowerPoint PPT Presentation

what are the risks vulnerabilities and potential
SMART_READER_LITE
LIVE PREVIEW

What are the risks, vulnerabilities, and potential consequences - - PowerPoint PPT Presentation

Nov 06, 2022 264 likes •745 views

What are the risks, vulnerabilities, and potential consequences associated with High Impact Low Frequency events? April 9, 2019 Joshua Rowe, PSP Compliance Auditor, Physical and Cyber Security About the Presenter Joshua Rowe, PSP WECC

slide-1
SLIDE 1

What are the risks, vulnerabilities, and potential consequences associated with High Impact Low Frequency events?

April 9, 2019

Joshua Rowe, PSP Compliance Auditor, Physical and Cyber Security

slide-2
SLIDE 2

About the Presenter

Joshua Rowe, PSP

  • WECC Auditor, Physical and Cyber Security
  • SME CIP-006, CIP-008, CIP-014
  • 15+ years Law Enforcement, Physical Security,

and Critical Infrastructure Experience

  • United States Marine Corps (Retired)
  • Military Police Officer
  • Criminal Investigator
  • Physical Security Program Senior Advisor
  • Installation Physical Security Senior Advisor
  • Physical Security Inspector, USMC Inspector General’s

Office

2

slide-3
SLIDE 3

Agenda

  • Objective
  • Identifying High Impact Low Frequency Events
  • Risk, Vulnerabilities, Consequences
  • Impact
  • Planning for High Impact Low Frequency Events
  • Preparedness
  • Mitigation
  • Response and Recovery
  • Summary
  • Questions & Answers
  • Final thoughts

3

slide-4
SLIDE 4

Objective

Create awareness of the risks, vulnerabilities, and potential consequences associated with High Impact, Low Frequency (HILF) events by creating awareness and encouraging

  • rganizations to develop a preparedness

framework that identifies unique characteristics to their organization that compliments stakeholder’s expectations of BES reliability beyond CIP-008-5.

4

slide-5
SLIDE 5

What is a HILF event?

A high-impact, low frequency event is the realization of a specific hazard that has the potential to produce a high impact on grid operability. Such high- impact events are, by virtue of their rarity, considered low frequency.

5

slide-6
SLIDE 6

New “Normal”

The increase of High Impact, Low Frequency events in the last decade signals the emergence a new “normal.”

The Day After Tomorrow, (2004 Movie). Global warming unleashes a catastrophe in the form of tornados, hurricanes, floods and a tsunami, ushering in a new Ice Age.

  • Hurricane-like super storms
  • Giant hail storm
  • Tornado Outbreak
  • Flooding
  • Instantaneous Freezing of an entire city

This movie will not prepare you for that type of situation, however it should challenge you to think outside of the box when planning for HILF events.

6

slide-7
SLIDE 7

Risk Evolution

Catastrophic events in recent years continue to shape organizational preparedness. It is important to understand the various risks to organizations.

7

slide-8
SLIDE 8

Types of Risk

8

  • Natural Hazards
  • Biological Hazards
  • Human (non-intentional) Hazards
  • Human (malicious) Hazards
slide-9
SLIDE 9

Natural Hazards

9

Meteorological

  • Hurricane
  • Tornado
  • Snowstorm

Geological

  • Seismic
  • Volcanic

Hydrological

  • Coastal Flooding

Space Weather

  • Geomagnetic storm
slide-10
SLIDE 10

Hurricane Maria (Puerto Rico)

10

slide-11
SLIDE 11

Biological Hazards

Biological

  • Pandemic Influenza (Flu)
  • Avian Influenza (Bird Flu)
  • Anthrax
  • Indoor Air Qualify – Mold/Fungi
  • Flood Clean-up
  • Stinging Insects
  • Needlestick and Sharps Injuries

11

slide-12
SLIDE 12

Pandemic Flu (2009)

12

slide-13
SLIDE 13

Human (non-intentional)

  • Operational error
  • Personal error
  • Instrumental error
  • Reagent errors
  • Errors of method
  • Additive or proportional error

13

slide-14
SLIDE 14

Three Mile Island Meltdown (1979)

14

slide-15
SLIDE 15

Human (malicious)

  • Physical attack
  • Cyber-attack
  • Coordinated cyber-physical attack
  • Electromagnetic Pulse (EMP)

15

slide-16
SLIDE 16

Cyber and Physical Attack

16

slide-17
SLIDE 17

When Will it Happen?

The United States has not yet experienced a long-term, large-scale blackout; however, the impact of one could create a dire situation for those reliant on electricity.

17

slide-18
SLIDE 18

Who is at Risk?

Organizations

  • Disruption can cascade across multiple sectors

impacting communities and the economy.

Customers

  • Society is deeply dependent upon electricity

for day to day standard of living. At what point in time does it become unbearable?

18

slide-19
SLIDE 19

Risk Reduction

  • Resilient technologies
  • Mandatory backup power requirements
  • Sufficient reserves
  • Continuous planning activities
  • Coordination efforts at local, state, and federal

level

  • Organizational/Personal preparedness

19

slide-20
SLIDE 20

How Vulnerable Are We?

The bulk power system is highly redundant and planned with sufficient resources to accommodate expected loads, including a contingency/reserve margin to meet balancing and regulating needs. There are still failure points and hazards that pose a sizeable risk to the BES.

20

slide-21
SLIDE 21

Potential Impacts affecting the Electric Grid

21

slide-22
SLIDE 22

How Bad Could it Get?

  • Casualties
  • Property damage
  • Business interruption
  • Loss of customers
  • Financial loss
  • Environmental contamination
  • Loss of confidence in the organization
  • Fines and penalties
  • Lawsuits

22

slide-23
SLIDE 23

Potential Consequences

23

slide-24
SLIDE 24

Largest Electrical Blackout

India blackouts 2012

  • Labeled the largest power failure in history
  • Affected 22 of 28 states in India

Cause

  • Human (non-intentional)

Impact

  • 620 million people affected 30-31 July, 2012
  • $400 Billion (USD) overhaul of India’s Power Grid
  • Mass transit became inoperable

24

slide-25
SLIDE 25

Major Power Outages

Total Affected Location Dates Risk Event India Blackout 620 Million India 30-31 July 2012 Human (non- intentional) Northeast Blackout 55 Million United States/Canada 14-15 Aug 2003 Human (non- intentional) Southern Brazil Blackout 97 Million Brazil 11 Mar 1999 Natural Hazard (Lightning) Italy Blackout 56 Million Italy/Switzerlan d 28 Sept 2003 Natural Hazard (Lightning) Northeast Blackout 30 Million United States/Canada 9 Nov 1965 Human (non- intentional) Venezuelan Blackout 30 Million Venezuela 7-15 Mar 2019 Natural (Overgrown Vegetation) /Human (non- intentional)

25

slide-26
SLIDE 26

Why This Matters CIP 008-5

To mitigate the risk to the reliable

  • peration of the BES as the result of a

Cyber Security Incident by specifying incident response requirements.

26

slide-27
SLIDE 27

CIP-008-5 R1

R1

  • Identify, classify, and response to Cyber Security

Incidents (Part 1.1)

  • One or more processes to determine if a Cyber

Security Incident (CSI) is a bonified Reportable Cyber Security Incident (RCSI) (Part 1.2)

  • Roles and Responsibilities of Cyber Security

incident response groups or individuals (Part 1.3)

  • Incident handling procedures (Part 1.4)

27

slide-28
SLIDE 28

CIP-008-5 R2

R2

  • Test each CSIRP at least once every 15 calendar

months: (Part 2.1)

  • Use the CSIRP under R1 when responding to a

RCSI or performing an exercise of a RCSI (Part 2.2)

  • Retain records related to RCSI (Part 2.3)

28

slide-29
SLIDE 29

CIP-008-5 R3

R3

  • No later than 90 calendar days after completion of

RCSI test or bonified incident response: (Part 3.1)

  • No later than 60 calendar days after a change to the

roles and responsibilities of CSIRP groups, individuals, or technology that would impact the ability to execute the CSIRP: (Part 3.2)

29

slide-30
SLIDE 30

Is This Enough?

Regulatory Compliance

  • A well constructed CIP-008-5 program may result in compliance.
  • CIP-008-5 addresses High-Impact and Medium Impact BES Cyber Systems
  • CIP-003-6 addresses Low Impact BES Cyber Systems

Above and Beyond

  • A comprehensive high-impact, low frequency event plan that addresses a

multi-hazard risk environment assists the organization to prepare for potential unforeseen events.

  • Fosters surrounding community involvement
  • Strengthens readiness and continuity of business
  • Improves the organizations commitment to a reliable BES

30

slide-31
SLIDE 31

Planning

“Failing to plan is planning to fail”

–Benjamin Franklin

31

slide-32
SLIDE 32

Types of Plans

Comprehensive Plan

  • Policy oriented and deals with a wide range of

issues, to include post-disaster and emergency management

Post-disaster Plan

  • Focuses on actions taken after an event has
  • ccurred

Emergency Management Plan

  • Based on a four-prong approach of preparation,

response, recovery, and mitigation phases.

32

slide-33
SLIDE 33

HILF Event Plans

Comprehensive

  • Multi-hazard
  • Multi-objective
  • Long-Term
  • Internally Consistent

Cost Effective

  • Environmentally Sound
  • Readable

Organizations should choose the appropriate plan type that best suits their capabilities.

33

slide-34
SLIDE 34

Elements of the Plan

  • Rationale/Statement of the Problem
  • Basic Studies
  • Hazard Identification and Definition
  • Probability Analysis
  • Vulnerability Analysis
  • Capability Analysis
  • Conclusions/Acceptability
  • Goals
  • Objectives
  • Alternate Means of Achieving Goals and

Objectives

34

slide-35
SLIDE 35
  • Plans, Policies, and Programs
  • Adoption and Implementation
  • Monitoring, Evaluating, and Updating Plans

Organizations should leverage their CIP-008- 5/CIP-003-6 Cyber Security Incident Response Plan(s) to build from as they have mandated requirements to monitor, evaluate, and update every 15 and 36 calendar months respectively

35

Elements of the Plan

slide-36
SLIDE 36

Key Preparation Elements

36

Coordination

The organization cannot complete a comprehensive plan without participation from adjacent organizations, local community leaders, law enforcement, and personnel whom may inherit responsibilities within the plan

Monitoring and Evaluation

It is important to continually track the applicability of the plan and identify if vulnerability has decreased as part of the mitigation elements

As conditions change the organization must be ready to meet the new challenges

  • Stress-tests
  • Red-teaming HILF events
  • Sharing best practices
slide-37
SLIDE 37

Additional Plans

Organizations should encourage their employees to develop individual plans in the event of an HILF event. Personnel involved with initial assessment, response, or recovery may have additional responsibilities to their families. In the event a HILF event affects the local area, the organization must be cognizant of personnel conflicts.

37

slide-38
SLIDE 38

Risk Calculation

Let’s start by performing some small risk calculations to determine our planning requirements.

  • Pik(j) =Σr(i,j) 0∫∞ Cir(Lr) dLr Lr∫∞ Qik(j)r(Lr') dLr' + Cross Terms
  • Tk(j)(B) = i=1ΠN Pik(j). i=N+1ΠN+M (1-Pik(j)).
  • Bi = 1 if asset Ai fails
  • Bi = 0 if Ai survives.

38

slide-39
SLIDE 39

Group Activity

Prepare an example planning framework among table members and be prepared to discuss 10 Minutes

39

slide-40
SLIDE 40

Key Mitigation Strategies

Mitigation is every action taken to prevent a disruption from occurring or minimizing its impact.

  • Early identification
  • Communication
  • Applying resources to greatest risks and

vulnerabilities

  • Resiliency
  • Contingency Operations

40

slide-41
SLIDE 41

Response and Recovery Framework

Response

The capabilities necessary to disrupt or minimize the immediate impact

  • f the HILF event

Crisis Response Teams:

  • An organization may employ a crisis response team to handle situations that require

a pre-determined response to a HILF.

  • Responses should be rehearsed to ensure effectiveness

Recovery

The action of restoring services and identifying failure points to prevent future outages. Identify the new normal:

  • Lessons learned
  • Review and revise plans

41

slide-42
SLIDE 42

Communication with Customers

A long-term power outage is likely to impact the community and potentially the economy. Efforts to communicate with the community can include:

  • Planning for an electrical outage
  • Surviving during an electrical outage
  • Safety after the power is restored

External planning can lessen the impact on the community and best practices are readily available on a variety of websites.

42

slide-43
SLIDE 43

Organizational Readiness

Current Plans

  • Does the plan coincide with local, state, and federal plans?
  • Are they updated?
  • Do we have the required resources?
  • Does everyone know their responsibilities?

Future Plans

  • Community Involvement
  • Stakeholder Awareness

Event Rehearsal

  • First responders
  • Neighboring utilities

NERC/Industry Working Groups

43

slide-44
SLIDE 44

Review

  • Organizations must align their HILF preparedness

activities with their regulatory responsibilities to the BES

  • Risk can be reduced but never eliminated with

HILF events

  • HILF planning requires a paradigm shift to

develop potential scenarios outside a normal hazard identification approach

  • Coordination is key to response and recovery
  • Swift response and recovery efforts lessen the

impact to those affected

44

slide-45
SLIDE 45

Final Thoughts

It is not about why an incident will occur, but how organizations prepare and react to its

  • ccurrence.

Imagine spending thousands of hours and millions of dollars preparing for “the big one” that’s never going to happen. Take satisfaction that you will be prepared when it does. “There is no harm in hoping for the best as long as you prepare for the worst” –Stephen King

45

slide-46
SLIDE 46

46

For CIP Questions

slide-47
SLIDE 47

Contact:

Joshua Rowe, PSP Compliance Auditor, Physical and Cyber Security

jrowe@wecc.org

47