What are the risks, vulnerabilities, and potential consequences associated with High Impact Low Frequency events? April 9, 2019 Joshua Rowe, PSP Compliance Auditor, Physical and Cyber Security
About the Presenter Joshua Rowe, PSP • WECC Auditor, Physical and Cyber Security • SME CIP-006, CIP-008, CIP-014 • 15+ years Law Enforcement, Physical Security, and Critical Infrastructure Experience • United States Marine Corps (Retired) • Military Police Officer • Criminal Investigator • Physical Security Program Senior Advisor • Installation Physical Security Senior Advisor • Physical Security Inspector, USMC Inspector General’s Office 2
Agenda • Objective • Identifying High Impact Low Frequency Events • Risk, Vulnerabilities, Consequences • Impact • Planning for High Impact Low Frequency Events • Preparedness • Mitigation • Response and Recovery • Summary • Questions & Answers • Final thoughts 3
Objective Create awareness of the risks, vulnerabilities, and potential consequences associated with High Impact, Low Frequency (HILF) events by creating awareness and encouraging organizations to develop a preparedness framework that identifies unique characteristics to their organization that compliments stakeholder’s expectations of BES reliability beyond CIP-008-5. 4
What is a HILF event? A high-impact, low frequency event is the realization of a specific hazard that has the potential to produce a high impact on grid operability. Such high- impact events are, by virtue of their rarity, considered low frequency. 5
New “Normal” The increase of High Impact, Low Frequency events in the last decade signals the emergence a new “normal.” The Day After Tomorrow, (2004 Movie). Global warming unleashes a catastrophe in the form of tornados, hurricanes, floods and a tsunami, ushering in a new Ice Age. • Hurricane-like super storms • Giant hail storm • Tornado Outbreak • Flooding • Instantaneous Freezing of an entire city This movie will not prepare you for that type of situation, however it should challenge you to think outside of the box when planning for HILF events. 6
Risk Evolution Catastrophic events in recent years continue to shape organizational preparedness. It is important to understand the various risks to organizations. 7
Types of Risk • Natural Hazards • Biological Hazards • Human (non-intentional) Hazards • Human (malicious) Hazards 8
Natural Hazards Meteorological • Hurricane • Tornado • Snowstorm Geological • Seismic • Volcanic Hydrological • Coastal Flooding Space Weather • Geomagnetic storm 9
Hurricane Maria (Puerto Rico) 10
Biological Hazards Biological • Pandemic Influenza (Flu) • Avian Influenza (Bird Flu) • Anthrax • Indoor Air Qualify – Mold/Fungi • Flood Clean-up • Stinging Insects • Needlestick and Sharps Injuries 11
Pandemic Flu (2009) 12
Human (non-intentional) • Operational error • Personal error • Instrumental error • Reagent errors • Errors of method • Additive or proportional error 13
Three Mile Island Meltdown (1979) 14
Human (malicious) • Physical attack • Cyber-attack • Coordinated cyber-physical attack • Electromagnetic Pulse (EMP) 15
Cyber and Physical Attack 16
When Will it Happen? The United States has not yet experienced a long-term, large-scale blackout; however, the impact of one could create a dire situation for those reliant on electricity. 17
Who is at Risk? Organizations • Disruption can cascade across multiple sectors impacting communities and the economy. Customers • Society is deeply dependent upon electricity for day to day standard of living. At what point in time does it become unbearable? 18
Risk Reduction • Resilient technologies • Mandatory backup power requirements • Sufficient reserves • Continuous planning activities • Coordination efforts at local, state, and federal level • Organizational/Personal preparedness 19
How Vulnerable Are We? The bulk power system is highly redundant and planned with sufficient resources to accommodate expected loads, including a contingency/reserve margin to meet balancing and regulating needs. There are still failure points and hazards that pose a sizeable risk to the BES. 20
Potential Impacts affecting the Electric Grid 21
How Bad Could it Get? • Casualties • Property damage • Business interruption • Loss of customers • Financial loss • Environmental contamination • Loss of confidence in the organization • Fines and penalties • Lawsuits 22
Potential Consequences 23
Largest Electrical Blackout India blackouts 2012 • Labeled the largest power failure in history • Affected 22 of 28 states in India Cause • Human (non-intentional) Impact • 620 million people affected 30-31 July, 2012 • $400 Billion (USD) overhaul of India’s Power Grid • Mass transit became inoperable 24
Major Power Outages Total Affected Location Dates Risk Event India Blackout 620 Million India 30-31 July 2012 Human (non- intentional) Northeast 55 Million United 14-15 Aug 2003 Human (non- Blackout States/Canada intentional) Southern Brazil 97 Million Brazil 11 Mar 1999 Natural Hazard Blackout (Lightning) Italy Blackout 56 Million Italy/Switzerlan 28 Sept 2003 Natural Hazard d (Lightning) Northeast 30 Million United 9 Nov 1965 Human (non- Blackout States/Canada intentional) Venezuelan 30 Million Venezuela 7-15 Mar 2019 Natural Blackout (Overgrown Vegetation) /Human (non- intentional) 25
Why This Matters CIP 008-5 To mitigate the risk to the reliable operation of the BES as the result of a Cyber Security Incident by specifying incident response requirements. 26
CIP-008-5 R1 R1 • Identify, classify, and response to Cyber Security Incidents (Part 1.1) • One or more processes to determine if a Cyber Security Incident (CSI) is a bonified Reportable Cyber Security Incident (RCSI) (Part 1.2) • Roles and Responsibilities of Cyber Security incident response groups or individuals (Part 1.3) • Incident handling procedures (Part 1.4) 27
CIP-008-5 R2 R2 • Test each CSIRP at least once every 15 calendar months: (Part 2.1) • Use the CSIRP under R1 when responding to a RCSI or performing an exercise of a RCSI (Part 2.2) • Retain records related to RCSI (Part 2.3) 28
CIP-008-5 R3 R3 • No later than 90 calendar days after completion of RCSI test or bonified incident response: (Part 3.1) • No later than 60 calendar days after a change to the roles and responsibilities of CSIRP groups, individuals, or technology that would impact the ability to execute the CSIRP: (Part 3.2) 29
Is This Enough? Regulatory Compliance • A well constructed CIP-008-5 program may result in compliance. • CIP-008-5 addresses High-Impact and Medium Impact BES Cyber Systems • CIP-003-6 addresses Low Impact BES Cyber Systems Above and Beyond • A comprehensive high-impact, low frequency event plan that addresses a multi-hazard risk environment assists the organization to prepare for potential unforeseen events. • Fosters surrounding community involvement • Strengthens readiness and continuity of business • Improves the organizations commitment to a reliable BES 30
Planning “Failing to plan is planning to fail” –Benjamin Franklin 31
Types of Plans Comprehensive Plan • Policy oriented and deals with a wide range of issues, to include post-disaster and emergency management Post-disaster Plan • Focuses on actions taken after an event has occurred Emergency Management Plan • Based on a four-prong approach of preparation, response, recovery, and mitigation phases. 32
HILF Event Plans Comprehensive • Multi-hazard • Multi-objective • Long-Term • Internally Consistent Cost Effective • Environmentally Sound • Readable Organizations should choose the appropriate plan type that best suits their capabilities. 33
Elements of the Plan Rationale/Statement of the Problem Basic Studies • Hazard Identification and Definition • Probability Analysis • Vulnerability Analysis • Capability Analysis • Conclusions/Acceptability Goals Objectives Alternate Means of Achieving Goals and Objectives 34
Elements of the Plan Plans, Policies, and Programs Adoption and Implementation Monitoring, Evaluating, and Updating Plans Organizations should leverage their CIP-008- 5/CIP-003-6 Cyber Security Incident Response Plan(s) to build from as they have mandated requirements to monitor, evaluate, and update every 15 and 36 calendar months respectively 35
Key Preparation Elements Coordination The organization cannot complete a comprehensive plan without participation from adjacent organizations, local community leaders, law enforcement, and personnel whom may inherit responsibilities within the plan Monitoring and Evaluation It is important to continually track the applicability of the plan and identify if vulnerability has decreased as part of the mitigation elements As conditions change the organization must be ready to meet the new challenges Stress-tests Red-teaming HILF events Sharing best practices 36
Recommend
More recommend