EnergySec and the NESCO overview
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

EnergySec and the NESCO overview

  • 407 views
Uploaded on

This presentation provided an overview of the EnergySec and the NESCO program in the first few months of operations at an EPRI Weekly Meeting.

This presentation provided an overview of the EnergySec and the NESCO program in the first few months of operations at an EPRI Weekly Meeting.

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
407
On Slideshare
407
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
2
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • \n
  • \n
  • Place holder for bibliographic information\n\n
  • \n
  • We’re flattered to be the group that DOE has chosen to lead cybersecurity efforts for the electric industry.\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • So if we are going to work together, what are some of the key areas we can collaborate in?\n\n
  • Highlights of how EnergySec build relationships\n\n
  • Coordinate “end user” testing opportunities for projects and research requiring broad industry adoption for success\n Create working groups to evaluate incidents and best practices.\n Establish trusted partner relationships with organizations who lead the forensics space.\n Design and implement effective data analysis program.\n
  • close: I want to touch on a couple of innovative collaboration methods we’ve developed for the industry.\n
  • \n
  • \n
  • Platform for community projects\nCurrently in concept stage.\n\n
  • This is intended to provide near real-time notifications for cyber security events.\n\n
  • We’re announcing a formal sponsorship program this week.\nIncludes academia\n

Transcript

  • 1. EnergySec and the NESCO Steven ParkerThe National Electric Sector Cybersecurity Organization EPRI/NESCOR Weekly Meeting a DOE-funded EnergySec program TM 2 December 2010
  • 2. EnergySec Overview • Started in 2005 as ESEC-NW • Received SANS Information Sharing award, 2008 • Over 350 members from 104 organizations • 67% of US electric distribution • 55% of US electric generation • Goals: • Information sharing • Security analysis and best practices • Rapid, informal dissemination of relevant informationThe National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 3. We’ve Been Busy 2010 • Dec 2008: Incorporation • Oct 2009: 501(c)(3) determination • April 2010: NESCO FOA submission • July 2010: NESCO Award! 2009 2008 2007 EnergySec membership growthThe National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 4. National Electric Sector Cybersecurity Organization • R. 3183 “...the Secretary shall establish an independent national energy sector cyber security organization...” • Department Of Energy issued FOA on March 31, 2010 • Two organizations received awards: • EnergySec was selected to form the National Electric Sector CyberSecurity Organization (NESCO) • The Electric Power Research Institute (EPRI) was selected as a research and analysis resource to this organization (NESCOR)The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 5. National Electric Sector Cybersecurity Organization • Purpose is to “establish a National Electric Sector Cyber Security Organization that has the knowledge, capabilities, and experience to protect the electric grid and enhance integration of smart grid technologies that are adequately protected against cyber attacks.” • “This organization will serve as a focal point to bring together domestic and international experts, developers, and users who will assess and test the security of novel technology, architectures, and applications.”The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 6. National Electric Sector Cybersecurity Organization • Mission: Lead a broad-based, public-private partnership to improve electric sector energy systems cyber security; become the security voice of the industry • Vision: An industry owned and operated group that supports electric sector response efforts to address cyber events • Goals: • Identify and disseminate common, effective cyber security practices to the sector • Analyze, monitor and relay infrastructure weaknessThe National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 7. Key Differentiators • What is the difference between EnergySec and NESCO? • NESCO is a DOE-funded program under the EnergySec non-profit umbrella • What is the difference between NESCO and NESCOR? • NESCO is the primary role, NESCOR is the resource • Is EnergySec/NESCO a product or service vendor? • No; EnergySec is a non-profit 501(c)(3) organizationThe National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 8. Key Differentiators • Is EnergySec or NESCO a government agency? • No; EnergySec is a non-profit 501(c)(3) organization • Is EnergySec/NESCO involved in regulation? • No; EnergySec/NESCO has no regulatory authorityThe National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 9. Key Differentiators • What is the difference between EnergySec/NESCO and the NERC ES-ISAC? • EnergySec/NESCO: Non-regulatory; participation and reporting are not required (voluntary); industry funded; supports ISAC • NERC ES-ISAC: Regulatory, participation and reporting is mandatory; statutorily fundedThe National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 10. Key Differentiators • What is the difference between EnergySec/NESCO and the DHS ICS-CERT? • EnergySec/NESCO: Energy sector focus; discretionary classification of information; near real-time; informal • DHS ICS-CERT: Control systems focus (all sectors); extended duration before information is classified and released; formalThe National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 11. Conflicting Goals • US Government • Industry • Reliability, survivability • Reliability and and resiliency availability • National and economic • Compliance security • Cost savings • Public order; confidenceThe National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 12. Information Sharing Characteristics • US Government • Industry • Deliberate and • Often more ad hoc and authoritative much more agile • Often highly • 100% accuracy isn’t compartmentalized and always required classified • Difficult to handle • Over-classifies threats classified information and incidents for CI/KR • Can share more freely • Holds only some of the without needing relevant information authorizationThe National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 13. Public-Private Environment Perceptions • Government cannot provide information to the private sector fast enough or broadly enough to be useful because of concerns about information sensitivity and control • Industry cannot protect the information that is shared, except under contracts or special legal situations (e.g. Defense Industrial Base) • Lack of parity in degree/quality of information shared • Differing goals and motivation between Government and IndustryThe National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 14. Collaborative Focus Areas • Industry-specific Problems • Smart Grid • Situational Awareness, Data Analysis • Threats and Vulnerabilities • Security Solutions R&D • Incident Response, ForensicsThe National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 15. Building Relationships • Building relationships is our purpose • Annual Summit • Semi-annual town hall meetings • Regional meetings • Collaborative projects • Workgroups • WebinarsThe National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 16. Programs • Solutions development • Working groups • Forensics • Data analysisThe National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 17. Technology • Portal • WebEx • Instant messaging • Email; listserv • Code repository • Rapid notification systemThe National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 18. portal.energysec.org • In use since 2008 • Secure communications portal • ICSJWG • HYDRA • Critical Intelligence • Version 3 with new functionality in 2011The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 19. portal.energysec.orgThe National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 20. share.energysec.org • Currently in concept stage • Source code repository • System configurations • Reference architectures • Attack signatures • Whatever else the community dreams up • Beta in 1h11; go live 2h11The National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 21. Rapid Notification System • Concept stage: Technology to be determined • Targeted at security operations staff • The goal is rapid dissemination of alerts • Multiple notification vehicles: • SMS • Phone • Email • XMPP (Instant Messaging) • OtherThe National Electric Sector Cybersecurity Organization a DOE-funded EnergySec program TM
  • 22. Putting The Pieces Together • Government • Asset Owners • Vendors and Suppliers • Academia • Researchers • Security Groups Steve Parker Vice President, EnergySecThe National Electric Sector Cybersecurity Organization steve@energysec.org a DOE-funded EnergySec program TM 503.446.1214