It Takes a Village: Why Community Based Compliance Works

716 views

Published on

Presented by: Josh Sandler, Duke Energy

Abstract: Do you find compliance challenging? Do you feel blindsided by auditor interpretations of regulations? Do you spend countless hours debating the meaning of the language of a standard internally? You are not alone. Help is out there.

There are multiple communities out there that are composed of people just like you. But which one is the best fit? This presentation will explore the benefits that these communities can offer. The benefits can be seen at the individual, company, and industry level. The presentation will explore the communities that exist today and will also discuss the communities that may not even exist yet, but should. Information sharing can be key in driving community-driven solutions. Additionally, communities can be a big influence to the future of security-based compliance.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
716
On SlideShare
0
From Embeds
0
Number of Embeds
213
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

It Takes a Village: Why Community Based Compliance Works

  1. 1. It Takes a Village: Why Community Based Compliance Works - Josh Sandler EnergySec Security Summit – Denver, CO 9/18/13
  2. 2. Agenda §  Who am I? §  NERC CIP Violation Statistics §  Is there help? §  What can we do? §  What else needs to be done? §  Questions 2
  3. 3. Who Am I? §  10 years of experience in the utility industry with Duke Energy §  Electrical Engineer §  Controls Engineer §  Generation CIP Program Lead §  Internal CIP Consultant and Subject Matter Expert §  North American Generator Forum §  Steering Committee §  Advisory Committee §  Security Practices Working Group Lead §  Regular participant in many community-based compliance groups 3
  4. 4. NERC CIP Violation Statistics 4 Source: http://www.nerc.com/pa/comp/Compliance%20Violation%20Statistics%20DL/Key%20Compliance%20Trend%20for%20May%20BOTCC-%20FINAL.pdf
  5. 5. NERC CIP Violation Statistics 5 Source: http://www.nerc.com/pa/comp/Compliance%20Violation%20Statistics%20DL/Key%20Compliance%20Trend%20for%20May%20BOTCC-%20FINAL.pdf
  6. 6. NERC CIP Violation Statistics 6 Source: http://www.nerc.com/pa/comp/Compliance%20Violation%20Statistics%20DL/Key%20Compliance%20Trend%20for%20May%20BOTCC-%20FINAL.pdf
  7. 7. NERC CIP Violation Statistics 7 Source: http://www.nerc.com/pa/comp/Compliance%20Violation%20Statistics%20DL/Dec%20Key%20Compliance%20Trends.pdf
  8. 8. IS THERE HELP?!? 8
  9. 9. Is there help? YES 9
  10. 10. Is there help? §  Regional Groups (not inclusive) §  WECC §  Critical Infrastructure & Information Management Subcommittee (CIIMS) §  Compliance Users Group (CUG) §  Critical Infrastructure Protection Users Group (CIPUG) §  Western Interconnection Compliance Forum (WICF) §  SPP §  Critical Infrastructure Protection Working Group (CIPWG) §  RFC §  Critical Infrastructure Protection Committee (CIPC) §  Compliance Users Group (CUG) §  SERC §  Critical Infrastructure Protection Committee (CIPC) §  NPCC §  Task Force on Infrastructure Security and Technology (TFIST) §  FRCC §  Critical Infrastructure Protection Subcommittee (CIPS) §  MISO §  Critical Infrastructure Protection Users Group (CIPUG) 10
  11. 11. Is there help? §  National Groups (not inclusive) §  NERC CIPC §  North American Transmission Forum (NATF) §  Security Practices Group §  Compliance Group §  North American Generator Forum (NAGF) §  Standards Review Team (SRT) §  Security Practices Working Group §  UNITE CIP §  UTC Cybersecurity §  Trade Organization’s Security Groups (EEI, EPSA, APPA, etc) 11
  12. 12. What can we do? 12
  13. 13. What can we do? §  PARTICIPATE! §  Not about finding a way to participate in all communities, but finding the best fit for you. §  SHARE! §  One thing all these communities have in common is that they thrive off of information sharing. §  LEARN! §  Take away lessons-learned, best practice techniques and deliver to others within your organization. §  ACT! §  Use the influence of the communities to drive change. 13
  14. 14. What else needs to be done? 14
  15. 15. §  Join a community §  Form a new community §  FERC and NERC are reaching out to the larger communities…shouldn’t you be too? §  Use communities to drive positive change §  Be a voice in the writing of NERC CIP Version 6, Version 7, Version 8, etc… §  Assist in the shift from compliance-based security to security-based compliance. §  You tell me… 15 What else needs to be done?
  16. 16. Questions? Josh Sandler NERC CIP Standards SME – Duke Energy Office: 704-382-4504 E-mail: josh.sandler@duke-energy.com 16
  17. 17. 17

×