NESCO: A Closer Look

326 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

NESCO: A Closer Look

  1. 1. NESCO: A Closer Look Patrick C Miller, President and CEO March 8 2011Spring 2011 AGA/EEI Security Conference
  2. 2. History• 7/2004: EnergySec founded as E-Sec NW• 1/2008: SANS Information Sharing Award• 12/2008: Incorporated as EnergySec• 10/2009: 501(c)(3) nonprofit determination• 4/2010: EnergySec applied for National Electric Sector Cybersecurity Organization (NESCO) FOA• 7/2010: NESCO grant award from DOE• 10/2010: NESCO became operationalThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 1
  3. 3. What Is The NESCO?• Mission: Lead a broad-based, public-private partnership to improve electric sector energy systems cyber security; become the security voice of the electric industry• Goals: – Identify and disseminate common, effective cyber security practices – Analyze, monitor and relay infrastructure threat information – Focus cybersecurity research and development priorities – Work with federal agencies to improve electric sector cyber security – Encourage key electric sector supplier and vendor support / interactionThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 2
  4. 4. Now And Beyond• Today: 544 members from 158 organizations – 74% of US electric distribution – 60% of US electric generation• The asset owners are already sharing• Challenges – Increase and improve asset-owner sharing – Establish two-way sharing from the government and vendor segmentsThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 3
  5. 5. Infosharing CharacteristicsUS Government Industry• Deliberate and • Often more ad hoc and authoritative much more agile• Often highly • 100% accuracy isn’t compartmentalized always required• Classifies threats and • Difficult to handle incidents for CI/KR classified information• Holds only some of the • Can share more freely relevant information without needing authorizationThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 4
  6. 6. Public-Private Perceptions• Government moves too slowly, over-classifies and narrowly distributes• Industry can’t protect the shared information and doesn’t respond appropriately• Lack of parity in degree and quality of information shared in both directions• Differing goals and motivation between Government and IndustryThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 5
  7. 7. Different Approach• NESCO makes every effort to avoid duplicating already existing successful programs• NESCO is not… – NERC ES-ISAC, CIPIS – DHS ICSJWG, ICS-CERT – FBI InfraGard – National Lab – VendorThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 6
  8. 8. How Does This Work? • Sharing requires trust • Trust is built on relationships • NESCO fosters trustworthy relationships – Bringing people together – Flexible technology options to extend and enhance relationships – Organic growth; birds of a featherThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 7
  9. 9. NESCO Outreach• NESCO outreach programs – Annual Summit (October 2011, San Diego) – Town Hall Meetings (April 27, Austin) – Voice Of The Industry Meetings (everywhere) – Interest Groups (Workforce Development, Forensics, etc) – Webinars, Briefings – Portal/Forums – Email distribution lists – Social mediaThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 8
  10. 10. NESCO Technology• Email distribution lists• Secure portal with forums• Secure instant messaging• Rapid notification mechanisms• Web collaboration• Resource repository• Most technologies have non- attribution (anonymous) optionsThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 9
  11. 11. Resource Repository• Code snippets• IDS/attack signatures• Audit templates• Reference architectures• System configurations• Policy, process, procedure templates• Compliance practices• And more…The National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 10
  12. 12. Industry Collaboration• What works, what doesn’t• Informal benchmarking• Situational (tactical) awareness• Threat and vulnerability analysis• Shared/crowd-sourced resources (repository)• MentoringThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 11
  13. 13. Case Study: Tactical Aid• “Over the weekend between 13:00 - 15:00 and 19:00 - 20:00 PST we saw significant port scanning of our edge, originating from; 60.29.244.11…” – Great discussion of port scanning threats – Many follow up posts with yes/no indicators – Dumps of all activity from source addressThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 12
  14. 14. Case Study: Night Dragon• 2.9.11:1400 - McAfee reached out to NESCO with pre-release draft of Night Dragon white paper• 2.9.11:1747 - NESCO staff completed analysis, summarized paper and posted to secure portal• 2.10.11:0800 - NESCO & McAfee held joint technical call with over 60 attendees across NA – Dmitri Alperovitch, McAfees VP Threat Research – Technical talk, answered questions from members• 2.10.11:1200 - McAfee executive public call• NESCO utilities were reviewing the report over six hours prior to public releaseThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 13
  15. 15. Case Study: DOE Request• DOE was interested in getting informal "boots on the ground” feedback quickly – Question: Does an FBI report about a terrorist targeting various critical assets help strengthen the case for your organization to further improve physical or cyber security? Does it help the business case?• NESCO was able to collect responses without attribution and submit a response to DOE in a matter of a few days• DOE stated that this rapid method for informal questions and answers is very valuable to themThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 14
  16. 16. Case Study: Compliance• Much initial confusion and uncertainty around Regional compliance audits… – What is the auditor disposition? – What was the depth and breadth of questions? – What did they cover? – What failed and what succeeded?• Conference calls with entities willing to share• Real stories of audits were shared• Real documentation was sharedThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 15
  17. 17. Conclusion• Unique non-profit, independent, public-private information sharing organization• Focused on building trust through relationships• Security collaboration, facilitation and sharing hub• Flexible technology facilitates and catalyzes information and resource sharing efforts• Security voice of the electric sector• Supports existing successful programsThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 16
  18. 18. Plug In http://www.energysec.org/join Next event is the Town Hall meeting, April 27th, Austin Topic: Obstacles to Information Sharing http://www.energysec.org/town-hall-ercotThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 17
  19. 19. Questions? Non-profit. Independent. Trusted. Patrick C Miller, President and CEO patrick@energysec.org 503-446-1212The National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 18

×