13 - CIPC Brief (Harrell Conway Mar 2013) V2
Post on 14-Apr-2018
227 Views
Preview:
Transcript
7/29/2019 13 - CIPC Brief (Harrell Conway Mar 2013) V2
1/13
GridEx II / GridSecCon UpdateGrid Security Exercise / Grid Security Conference 2013
Brian M. Harrell, Associate Director of CIP Programs
CIPC
March 6, 2013
7/29/2019 13 - CIPC Brief (Harrell Conway Mar 2013) V2
2/13
RELIABILITY | ACCOUNTABILITY2
GridEx II Overview
NERC will host GridEx 2013 on November 13-14, 2013 North American wide distributed-play exercise
Executive policy trigger table top exercise on 14 November
7/29/2019 13 - CIPC Brief (Harrell Conway Mar 2013) V2
3/13
RELIABILITY | ACCOUNTABILITY3
Identify potential improvements in physical and cybersecurity
plans, programs, and responder skills
Assess, test, and validate existing command, control and
communication plans and tools for NERC and its stakeholders
Validate the current readiness of the electricity industry to
respond to a security incident, incorporating lessons learned from
GridEx 2011
1
2
3
GridEx II Objectives
Evaluate senior leadership policy doctrine and triggers in response
to major grid reliability issues
4
GridEx II Objectives
7/29/2019 13 - CIPC Brief (Harrell Conway Mar 2013) V2
4/13
RELIABILITY | ACCOUNTABILITY4
Core group of approximately 10 planners committed to a sustained scenariodevelopment effort
Available for planning conferences and regular exercise design
teleconferences
CIPC Grid Exercise
Working Group
Players that will be fully engaged in the exercise, responding to all relevant
injects and coordinating activities across the player set
Fully player organizations generally engage in the planning process with
sufficient time to orient players
Full Players
Entities that are not fully engaged in the GridEx planning process but express
an interest in participating and gaining visibility into the exercise
Monitor/Respond entities can receive injects, exercise internal processes and
participate in coordination calls
Monitor/Respond
Players
Planners
Leaders of full player organizations that attend planning conferences,
provide scenario feedback and orient players
Provided opportunity to shape after action findings
GridEx II Participants
7/29/2019 13 - CIPC Brief (Harrell Conway Mar 2013) V2
5/13
RELIABILITY | ACCOUNTABILITY5
Given the diverse player
set, the scenario shouldhave far-reaching
application that can
exercise the plans and
processes of all players
Must test policy
implications
Broad Relevance and
Application
Scenario must feature
cyber & physical attacksthat engage a range of
security staff
Feature prolonged black-
out, potentially to be
played in TTX
Cyber and Physical
Vectorswith Extended
Conditions
Must feature current
concerns and challengesfacing industry
To avoid one-size-fits-
all, can craft several
scenario workstreams for
entities to select from
Highlights Timely
Vulnerabilities and Issues
Scenario Imperatives
CIPC Grid Exercise Working Group
7/29/2019 13 - CIPC Brief (Harrell Conway Mar 2013) V2
6/13
RELIABILITY | ACCOUNTABILITY6
Kick-Off
Initial
Planning
Phase
Mid-term
Planning
Phase
Final
Planning
Phase
ConductAfter
Action
Confirm
goal &
objectives
Finalize
timeline
Discuss
outreachgoals/plan
Initiate
outreach
Shape
scenario
themes
Confirm
exercisemechanics
Craft
scenario
narrative
Develop
materials
Confirm
participation
Oversee
distributed
play
Facilitate
senior TTX
Capture player
actions and
findings
Analyze
findings and
lessons
learned
Draft After
Action
Report and
Briefing
Finalize MSEL
Conduct
training
Distribute
player
materials
Set up venue
and logistics
C&O Meeting
(February)
IPC
(March 26)
MPC
(June 4)
FPC(October 1)
Execute GridEx II(November 13-14)
Deliver Final Report
(Q1 2014)
GridEx II Timeline
7/29/2019 13 - CIPC Brief (Harrell Conway Mar 2013) V2
7/13RELIABILITY | ACCOUNTABILITY7
Operational and Discussion Based Play
Oversees
exercise play &facilitates
interactions
between
exercise
modules
Executive TTX (1/2 Day)Distributed Exercise (2 days)
Utilities
Regional
Entities
Federal
Agencies
NERC BPSA
&ES-ISAC
Control
System
Vendors
Players across the stakeholder
landscape will participate from
their local geographies
Discussion-based construct
engages senior decision
makers in assessing
distributed play and
exploring policy triggers
Executive TTX
Exercise Control
Injects and
info sharing
by email and
phone
7/29/2019 13 - CIPC Brief (Harrell Conway Mar 2013) V2
8/13RELIABILITY | ACCOUNTABILITY8
Scenario Narrative:Mature scenario in written form that
features key events, timing and
expected player actions
Inject #1
11/16: 0830
Inject #2
11/16: 0900
Inject #3
11/16: 0915
Players respond to injects through
info sharing efforts, interaction with
ExCon and other players
Exercise Play
ExCon and C/Es observe and capture
interactions and craft dynamic
injects as needed
Developed by CIPC Working Groupto meet objectives and engage
player set
Individual injects (or pieces of
information) derived from scenario
narrative for release to players
7/29/2019 13 - CIPC Brief (Harrell Conway Mar 2013) V2
9/13RELIABILITY | ACCOUNTABILITY9
Current level of interest
7/29/2019 13 - CIPC Brief (Harrell Conway Mar 2013) V2
10/13RELIABILITY | ACCOUNTABILITY10
Compliance Concern
If we play and identify a weaknessdue to non-compliance
If we do not perform an expectedplayer action that is in ourprocedures do we self report
Legal teams not comfortable withsubmittal of data to NERC, ES-ISAC, law enforcement
Possible Benefits
PER training credits for operatorsCIP-008 exercise opportunity of
Incident Response Plan
Possible CIP-009 test opportunityPossible EOP-008 test opportunityCIP-001 exercise opportunity of
reporting to local and state FBIEOP-004 procedure test opportunityOE-417 test reporting opportunity
Utilize lessons learned to performannual updates
Test internal communications andnotification lists
7/29/2019 13 - CIPC Brief (Harrell Conway Mar 2013) V2
11/13RELIABILITY | ACCOUNTABILITY11
Event
Transmission OperationsGeneration OperationsEnergy tradingField operations
Tech serviceCommunication & controlOT teamsCorporate ITPhysical Security
Major AccountsExecutive LeadershipCorporate communicationsState and local law enforcement
Large conference room 40 50 Players 4-5 planners on site to
coordinate and facilitate
Utilize tools, DTS, QAS,Communications tools,
reporting, IRP, physical
security
Utilize scenario activitygaps to whiteboard current
status (war room simulation
activity)
Project and display
scenario videos, all playerinjects and talk about how
your organization would
have seen the injects and
who they would have
communicated to.
7/29/2019 13 - CIPC Brief (Harrell Conway Mar 2013) V2
12/13
RELIABILITY | ACCOUNTABILITY12
Grid Security Conference 2013
October 15-17, 2013
J acksonville, Florida
Day 1
Full day of training covering emerging topics Cyber and physical security
Day 2-3
Full agenda highlighting recent policy changes,cyber attacks, security convergence and
response/recovery
GridSecCon 2013
7/29/2019 13 - CIPC Brief (Harrell Conway Mar 2013) V2
13/13
RELIABILITY | ACCOUNTABILITY13
top related