Panel Session: Best Practices in Cybersecurity TCIPG Industry Workshop October 31, 2012 Paul Skare Chief Cyber Security Program Manager Advanced Power and Energy Systems Pacific Northwest National Laboratory (509) 372-4210 paul.skare@pnnl.gov October 31, 2012 PNNL-SA-91586 1
Outline Best practices from: • The U.S. Department of Energy’s (DOE) Cybersecurity for Energy Delivery Systems (CEDS) / National SCADA Test Bed (NSTB) projects at PNNL • The Electric Sector Cybersecurity Capability Maturity Model (ES-C2M2) The work is defined to follow: • National Infrastructure Protection Plan (NIPP) • Sector-Specific Plans (SSP) • Roadmap to Achieve Cybersecurity for Energy Delivery Systems October 31, 2012 2
CEDS Research Project Examples at PNNL
Other CEDS Activities IEC 61850 Cybersecurity Acceleration Purpose: Work with vendors to accelerate IEC 61850 cyber security solutions to market. Broadcast GOOSE messaging has not been secured due to issues with the IEC 62351 approach. Technical Approach: Work with vendors to create holistic IEC 61850 security approach with network design and configuration management; support cybersecurity interoperability tests with tools. Secure Coding for the Energy Sector Purpose: Work with vendors to promote uniform support of secure coding techniques across electric infrastructure. Numerous computer technologies and vendors with differing strategies. Approach: Work with market leaders to leverage Carnegie Mellon University secure coding practices in the energy arena, help strengthen supply chain support. October 31, 2012 PNNL-SA-91586 4
Alignment with emerging Smart Grid Architecture Modeling NIST / SGIP Smart Grid Architecture Council (SGAC) European Union M/490 Smart Grid Mandate Reference Architecture Working Group (RAWG) IEC TC57 WG19 Reference Architecture Combines SGAC TOGAF approach with RAWG 3-D model of IEC TC57 Smart Grid standards – allows cybersecurity review of architecture October 31, 2012 PNNL-SA-91586 5
Sponsored by: Electricity Subsector Cybersecurity Capability Maturity Model ( ES- C2 M2 ) Participating Organizations: PNNL-SA-91586
The Model at a Glance X 1 Maturity Indicator Level that is reserved for future use 4 Maturity Indicator Levels: Defined progressions of practices 3 2 Each cell contains the defining practices for the domain at that maturity indicator level 1 0 DEPENDENCIES WORKFORCE RESPONSE SITUATION SHARING ACCESS THREAT CYBER ASSET RISK 10 Domains: Logical groupings of cybersecurity practices October 31, 2012 PNNL-SA-91586 8
Concluding Remarks The DOE is supporting the creation of a rich suite of research and reference materials for electric utilities and their supply chain to leverage when building and enhancing their own best practices. October 31, 2012 PNNL-SA-91586 9
Recommend
More recommend
