11 16 2016 welcome mike kraft mro sac member
play

11/16/2016 Welcome Mike Kraft, MRO SAC Member Basin Electric Power - PowerPoint PPT Presentation

11/16/2016 Welcome Mike Kraft, MRO SAC Member Basin Electric Power Cooperative Please submit questions to the meeting moderator. Questions will be answered at the end of the webinar. MRO Security Advisory Council NOTICE The MRO Security


  1. 11/16/2016

  2. Welcome Mike Kraft, MRO SAC Member Basin Electric Power Cooperative Please submit questions to the meeting moderator. Questions will be answered at the end of the webinar. MRO Security Advisory Council

  3. NOTICE The MRO Security Advisory Council is an industry stakeholder committee that includes subject matter experts from MRO member organizations in various technical areas. Any materials, guidance, and views from stakeholder committees are meant to be helpful to industry participants, but should not be considered approved or endorsed by MRO staff or its board of directors unless specified. Reminder: For the duration of this webinar, the MRO Standards of Conduct Policy and MRO Anti-Trust policy are in effect. If you have any questions please refer to the policy document on the MRO website or contact MRO staff. MRO Security Advisory Council

  4. Today’s Presenters Eric Ruskamp Manager of Regulatory Compliance at Lincoln Electric System Darin Hanson Critical Infrastructure Program and Security Manager at North Dakota Department of Emergency Services Lisa Beury-Russo Section Chief, National Cyber Exercise and Planning Program for the U.S. Department of Homeland Security Sherry Farrow Senior Operations Trainer for Southwest Power Pool MRO Security Advisory Council

  5. Midwest Reliability Organization GridEx Lessons Learned Southwest Power Pool Sherry Farrow Senior Operations Trainer Security Advisory Council

  6. Focus Area Breakdown ICS Ops IT Management • Oversight for success • Tabletop Exercise, • Tabletop Exercise, • Tabletop Exercise, included top-down limited functional limited functional limited functional support interactions interactions interactions • Chief Security Officer • Focused on Emergency • Focused on Ops • Focused on IT and Management and procedures Cyber procedures • Business Owner Business Continuity • Procedure specialist • Players were IT Plans • Project Manager was scribe personnel from Markets, • Players were upper Reliability, Cyber • Players were Ops Crew management comprising Security, and IT on training shift the ICS and ICT Supporting Departments MRO Security Advisory Council

  7. Lessons Learned Learned From GridEx III Learned From GridEx IV  Lessons from GridEx III that improved GridEx IV  Lessons learned for future GridEx V ▪ Upper management support and involvement Business continuity ▪  Establish 30 minute status updates between rooms ▪ GridEx leadership team • Were receiving info but not as fast as they wanted  Amber Wallace, Senior EMBC Coordinator ▪ Operations Responsible for Incident Command Structure Injects and •  Allow additional member call-in and inject interactions Exercise Control Room coordination • Since the call center was new, we limited number  Sherry Farrow, Senior Operations Trainer of incoming calls ▪ IT • Responsible for Operations injects and coordination  First team was split between rooms  JJ Weaver, Supervisor Architecture and Integration Team • First team management was in IT room • Responsible for IT injects and coordination • First team shift personnel was in Ops room ▪ Dedicated GridEx link on SPP website Virtually-connected rooms on day of exercise ▪ ▪ Call center for active participating members MRO Security Advisory Council

  8. SPP Employees Role e breakd akdown in GridEx IV 7 Players 38 38 Evals/Scribes 85 85 Observers 20 20 Facilitators MRO Security Advisory Council

  9. Midwest Reliability Organization GridEx Lessons Learned Lincoln Electric System’s Perspective Eric Ruskamp Manager of Regulatory Compliance Security Advisory Council

  10. Lincoln Electric System (LES) | Overview  Serve approximately 200 square miles, including the city of Lincoln  136,000 customers  479 employees  Peak demand 786 MW  NERC Registration: ▪ Generation Owner ▪ Generation Operator ▪ Transmission Owner ▪ Transmission Operator ▪ Transmission Planner ▪ Distribution Provider ▪ Resource Planner MRO Security Advisory Council

  11. Lincoln Electric System (LES) | Participation  Active Player (2017), Observer (2015, 2013)  Exercise Involvement: ▪ 32 LES players participated  3 Executives ▪ 1 LES board member observed ▪ 4 State of Nebraska observed  Senator and the Lt. Governor ▪ 3 Law enforcement participated  FBI, NE State Patrol, Lancaster County Sheriff ▪ 2 Nebraska Energy Office observed  Player Roles: Transmission, Generation, Cyber-Security, Physical Security, Telecommunications, Substation, Corporate Communications, Energy Marketing, SCADA Support, IT Support & Executives MRO Security Advisory Council

  12. Lincoln Electric System (LES) | Suggestions  Emphasize that players will not have all of the answers  Collect observations and lessons learned  Force communication, look for breakdowns  Customize injects MRO Security Advisory Council

  13. Lincoln Electric System (LES) | Lessons Learned  Start planning early ▪ Joint injects with neighbor-TOPs and RC  Involve non-player SMEs in inject development  Involve Transmission Operators (not just management)  Work with E-ISAC on use of SimDeck MRO Security Advisory Council

  14. Lincoln Electric System (LES) | Lessons Learned  Corporate communication Go Kit  Review 24-hour coverage plans  Investigate unexpected losses when corporate network is down, PA system  Streamline purchasing process in an emergency  Sufficient number of Government Emergency Telecommunications Service (GETS) cards and Wireless Priority Service (WPS) cards  Process to quickly suspend controls from SCADA while maintaining RTU scanning MRO Security Advisory Council

  15. Midwest Reliability Organization GridEx Lessons Learned North Dakota Department of Emergency Management and the North Dakota State & Local Intelligence Center (Fusion Center) Darin Hanson Critical Infrastructure Program & Security Manager Security Advisory Council

  16. Partnership  Both Emergency Management and Fusion Centers want to be partners ▪ Planning for Emergencies  Emergency Management at the local or state levels can provide assistance with creating and reviewing emergency plans  We don’t know what we don’t know ▪ Exercising plans  Partnering with Emergency Management and Fusion Centers on exercises can help to work out the bugs ▪ Particularly in communication  “A plan that has not been tested is just a theory” MRO Security Advisory Council

  17. Fusion Center Reporting  Every Fusion Center is different ▪ Get to know what your center’s capabilities are ▪ Every center should have a list of information requirements  Often called Priority Intelligence Requirements or Standing Information Needs  This will help to determine the thresholds for reporting  In general ▪ Fusion Centers have strict limits on what information they can collect as it relates to U.S. citizens ▪ Any adversarial incident, whether confirmed or suspected, should be reported MRO Security Advisory Council

  18. Information Sharing Private Sector Government  Pre-identify points of contact (POCs)  Pre-identify points of contact (POCs) ▪ Are they authorized to share? ▪ What are their information requirements?  If there isn’t a relationship built in ▪ Don’t assume someone else is providing the advance, sharing is unlikely information ▪ What’s in it for them?  Government would rather hear it twice  What do they need? than not at all  What can we provide?  Plan for periodic updates  Government is interested in impacted people more than load MRO Security Advisory Council

  19. Incident Command System  Emergency Management recommends private sector stakeholders become trained in the Incident Command System (ICS) ▪ Ensures a common terminology can be used between agencies ▪ Formalizes hierarchy within organizations during an incident  Ensures that workload gets distributed more evenly  Clarifies who can make decisions  Allows for “non - essential” staff to be folded into other response roles MRO Security Advisory Council

  20. Midwest Reliability Organization GridEx Lessons Learned Department of Homeland Security, National Cybersecurity and Communications Integration Center Lisa Beury-Russo Section Chief, National Cyber Exercise and Planning Program Security Advisory Council

  21. DHS Participation in GridEx  Participated in both physical and cyber elements of GridEx play, primarily through: ▪ National Infrastructure Coordination Center (NICC) ▪ National Cybersecurity and Communications Integration Center (NCCIC)  NCCIC play included: ▪ Service desk ▪ NCCIC Duty Officers (NDOs) ▪ Hunt and Incident Response Team (HIRT) ▪ Operations Planning and Coordination (OPC) ▪ Cyber Threat Detection and Analysis (CTDA) ▪ National Coordinating Center for Communications (NCC) ▪ Liaison officers  Seniors participated in the ESCC call and Executive TTX MRO Security Advisory Council

Recommend


More recommend