Presented in February of 2011 at ERCOT CIPWG meeting, this slide deck addresses not only the NESCO program but also points out the information sharing and collaboration required to help improve security in the electric sector.
Next Generation Information Sharing for the Electric Sector
1. Next Generation Information
Sharing For The Electric
Sector
Patrick C Miller, President and CEO
February 4, 2011
ERCOT CIPWG Meeting
ERCOT Executive and Administrative Center
2. History
• 7/2004: EnergySec founded as E-Sec NW
• 1/2008: SANS Information Sharing Award
• 12/2008: Incorporated as EnergySec
• 10/2009: 501(c)(3) nonprofit determination
• 4/2010: EnergySec applied for National
Electric Sector Cybersecurity Organization
(NESCO) FOA
• 7/2010: NESCO grant award from DOE
• 10/2010: NESCO became operational
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 1
3. Now And Beyond
• Over 460 members from 124 organizations
– 74% of US electric distribution
– 60% of US electric generation
• The asset owners are already sharing
• Challenges
– Increase and improve asset-owner sharing
– Establish two-way sharing from the government
and vendor segments
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 2
4. What Is The NESCO?
Two organizations received
awards:
– EnergySec was selected to form
and lead the National Electric
Sector Cybersecurity Organization
(NESCO)
– The Electric Power Research
Institute (EPRI) was selected as a
research and analysis resource
to the NESCO (NESCOR)
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 3
5. What Is The NESCO?
• Mission: Lead a broad-based, public-private
partnership to improve electric sector energy
systems cyber security; become the security voice
of the electric industry
• Goals:
– Identify and disseminate common, effective cyber security
practices
– Analyze, monitor and relay infrastructure threat information
– Work with federal agencies to improve electric sector cyber
security
– Encourage key electric sector supplier and vendor support
/ interaction
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 4
6. Key Differentiators
• What is the difference between EnergySec and
NESCO?
– NESCO is a DOE-funded program under the
EnergySec non-profit umbrella
• What is the difference between NESCO and
NESCOR?
– NESCO is the lead role, NESCOR is a technical
resource to the NESCO
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 5
7. Key Differentiators
• Is EnergySec a product or service vendor?
– EnergySec has no for-profit products and/or services
• Is NESCO a government agency?
– No; the NESCO is funded by a DOE grant but
managed by EnergySec, a private non-profit 501(c)(3)
organization
• Is NESCO involved in regulation?
– No; the NESCO has no regulatory capacity
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 6
8. Key Differentiators
• What is the difference between NESCO and the
NERC ES-ISAC?
– NESCO: Non-regulatory; participation and reporting
are not required (voluntary); industry funded; supports
ISAC
– NERC ES-ISAC: Regulatory, participation and
reporting is mandatory; statutorily funded
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 7
9. Key Differentiators
• What is the difference between NESCO and the
DHS ICS-CERT?
– NESCO: Electric sector focus; discretionary
classification of information; near real-time; informal
– DHS ICS-CERT: Control systems focus (all sectors);
extended duration before information is classified and
released; formal
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 8
10. Key Differentiators
• Is NESCO another trade association?
– No; NESCO spans all trade associations
• Is NESCO another National Energy Lab?
– No, however NESCO works closely with all National
Labs
• NESCO makes every effort to avoid
duplicating already existing successful
programs
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 9
11. Infosharing Characteristics
US Government Industry
• Deliberate and • Often more ad hoc and
authoritative much more agile
• Often highly • 100% accuracy isn’t
compartmentalized always required
• Classifies threats and • Difficult to handle
incidents for CI/KR classified information
• Holds only some of the • Can share more freely
relevant information without needing
authorization
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 10
12. How Does This Work?
• Sharing requires trust
• Trust is built on relationships
• NESCO fosters trustworthy
relationships
– Bringing people together
– Flexible technology options
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 11
13. NESCO Outreach
• NESCO outreach programs
– Annual Summit
– Town Hall Meetings (April 27th, Austin TX)
– Voice Of The Industry Meeting
– Interest Groups
– Webinars
– Portal/Forums
– Email distribution lists
– Social media
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 12
14. NESCO Technology
• Email distribution lists
• Secure portal with forums
• Secure instant messaging
• Rapid notification mechanisms
• Web collaboration
• Resource repository
• Most technologies have non-
attribution (anonymous)
options
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 13
15. Free Like A Puppy
• NESCO grant contains a
cost-share requirement
– Must be fully funded by
industry after 3 years
• 20/80 Year One
• 40/60 Year Two
• 60/40 Year Three
– DOE has an expectation that
industry will support the
NESCO
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 14
16. Sponsorship Benefits
• Sponsorships are tax deductible
• Less expensive than headcount and/or training
• Access to industry peers
– What works, what doesn’t
– Informal benchmarking
– Situational awareness
– Threat and vulnerability analysis
– Mentoring
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 15
17. Sponsorship Benefits
• Access to Resource Repository [coming soon]
– Code snippets
– IDS signatures
– Audit templates
– Reference architectures
– Attack signatures
– System configurations
– Policy, process, procedure templates
– Compliance practices
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 16
18. Secure Collaboration
Options
Asset Owners
Product
and
Academia
Service
Vendors
Government Entities
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 17
19. Conclusion
• Unique non-profit, independent, public-private
information sharing organization
• Focused on building trust through relationships
• Flexible technology facilitates and catalyzes
information sharing efforts
• Security voice of the electric sector
• NESCO’s success depends on participation and
sponsorship from the asset-owners and vendors
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 18
20. Plug In
www.energysec.org
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 19
21. Questions?
Non-profit. Independent. Trusted.
Patrick C Miller, President and CEO
patrick@energysec.org
503-446-1212
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 20