CIPC Workplan Update - NERC Highlights... · •May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards

CIPC Workplan Update

Marc A. Child, Great River Energy, CIPC ChairCritical Infrastructure Protection CommitteeJune 5-6, 2018

RELIABILITY | ACCOUNTABILITY2

Executive CommitteeRoss Johnson, Phys SME, Capital Power Marc Child, Chair, Great River Energy Andrea Koch, EEIBrenda Davis, Cyber SME, CPS Energy David Grubbs, Vice Chair, City of Garland (vacant) APPAChuck Abell, Ops SME, Ameren David Revill, Vice Chair, NRECA (vacant) EPSAJeff Fuller, Policy SME, AES Ken McIntyre, Secretary, NERC (vacant) IPC

Physical Security Subcommittee(Ross Johnson)

Cybersecurity Subcommittee(Brenda Davis)

Operating Security Subcommittee

(Chuck Abell)

Policy Subcommittee

(Jeff Fuller)

Physical SecurityWG (PSAG)

(Ross Johnson)

Control Systems Security WG(Mike Mertz)

(Carter Manucy)

Grid Exercise WG

(Tim Conway)

Security Metrics WG

(Larry Bugh)

Compliance Input WG(Paul Crist)

Physical Security Guidelines TF

(Darrell Klimitchek)

Security Training WG(David Godfrey)(Amelia Sawyer)

Supply Chain Working Group

(Mike Meason)

Planning Committee Joint Projects

Operating Committee Joint Projects

CIPC Organizational Chart


# CIPC Deliverable (non-ongoing projects) EstimatedCompletion Date

1 Implications of Voice-over-IP and the CIP Standards Q1 2018

2 Develop CIPC Collaboration Site on NERC.com Q2 2018

3 CIP Implications of Shared Transmission Facilities Q2 2018

4 Key management security guideline Q2 2018

5 Vendor Essential Security Practices Model Q3 2018

6 Security implications of UAVs Q3 2018

7 Update CIPC Website on NERC.com Q3 2018

8 Implications of Cloud Services for CIP Assets Q4 2018

9 Assess the cyber security risk of Fuel Handling SCADA systems for Generation Q1 2019

10 Address Remote Access Security Findings #1-#18 Q3 2019

11 Identification and Reduction of Cyber and Physical Security Risks Q4 2019

12 Legacy system testing coordination with National Labs Q4 2019

13 Annual Security Assessment of the BES Q4 2019

Timeline of Activities


• Budget NERC budget / E-ISAC budget – little discussion or debate NERC down 5 FTE’s – E-ISAC hiring 3 FTE’s

• SERC-RF-WECC ‘CIP Themes & Lessons Learned’ Board of Trustees Compliance Committee briefing by Ken McIntyre ‘Disassociation’ (compliance vs security) ‘Organizational Silos’ CIPC may be asked to help with guidance

• E-ISAC briefing Status of long-term strategic plan Observation: Board members are very pleased with progress

Notes from the Board of Trustees (Board) Meeting


• Commissioner LaFleur (Member Representatives Committee meeting) Large number of Federal Energy Regulatory Commission staff in

attendance Recognized new President & CEO Jim Robb NERC efforts on defining/measuring resiliency are job #1 Standards Efficiency Review is a very worthwhile exercise

• Commissioner Glick Concerned about pipeline security & security jurisdiction

• NERC CEO Jim Robb Security is the ‘number one’ personal area of focus, as well as supporting

the E-ISAC

Notes from the Board of Trustees (Board) Meeting


Roster changes and opportunities


Legislative Update

Kaitlin Brennan, Manager – Cyber and Infrastructure Security, EEICritical Infrastructure Protection Committee Meeting June 5-6, 2018


• H.R. 5174 Energy Emergency Leadership Act • H.R. 5239 The “CyberSense” Act• H.R. 5240 Enhancing Grid Security through Public-Private Partnerships Act• H.R. 5175 Pipeline and LNG Facility Cybersecurity Act• S. 79 Securing Energy Infrastructure Act • S. 2392 Cyber SAFETY Act of 2018• Other possibilities: Expanding background investigations of critical utility personnel S. 1460 - The Energy and Natural Resources Act H.R. 4036 - Active Cyber Defense Certainty Act S. 536 - Cybersecurity Disclosure Act of 2017 Data breach legislation

Legislative Update


Electricity Subsector Coordinating Council Update

Kaitlin Brennan, Manager – Cyber and Infrastructure Security, EEICritical Infrastructure Protection Committee MeetingJune 5-6, 2018


•2018 Schedule: May 7, in Washington, DC July 11-12, at Idaho National Laboratories October 9-10 in the Washington, DC / Baltimore, MD area

•Puerto Rico Response•ESCC-Government Engagement•Research & Development Strategic Committee•Cross-Sector Coordination

ESCC Update


CIPC RISC Update

Marc A. Child, Great River Energy, CIPC ChairCritical Infrastructure Protection CommitteeJune 5-6,


Executive CommitteeRoss Johnson, Phys SME, Capital Power Marc Child, Chair, Great River Energy Andrea Koch, EEIBrenda Davis, Cyber SME, CPS Energy David Grubbs, Vice Chair, City of Garland (vacant) APPAChuck Abell, Ops SME, Ameren David Revill, Vice Chair, NRECA (vacant) EPSAJeff Fuller, Policy SME, AES Ken McIntyre, Secretary, NERC (vacant) IPC

Physical Security Subcommittee(Ross Johnson)

Cybersecurity Subcommittee(Brenda Davis)

Operating Security Subcommittee

(Chuck Abell)

Policy Subcommittee

(Jeff Fuller)

Physical SecurityWG (PSAG)

(Ross Johnson)

Control Systems Security WG(Mike Mertz)

(Carter Manucy)

Grid Exercise WG

(Tim Conway)

Security Metrics WG

(Larry Bugh)

Compliance Input WG(Paul Crist)

Physical Security Guidelines TF

(Darrell Klimitchek)

Security Training WG(David Godfrey)(Amelia Sawyer)


(Mike Meason)

Planning Committee Joint Projects

Operating Committee Joint Projects



•Resiliency Primary area of focus Framework nearing completion CIPC added ‘detect’ to the definition of Resourcefulness

•CIPC Representation Chuck Abell will provide updates on future actions/activities

Reliability Issues Steering Committee


Supply Chain Activities

Howard Gugel, Senior Director of Standards and Education, NERCCritical Infrastructure Protection Committee MeetingJune 5-6, 2018


• Support effective and efficient implementation (e.g. CIP V5 transition)

• Supply chain risk study• Communicate supply chain risks to industry • Forum and Association white papers• Plan to evaluate effectiveness of supply chain standards

Board Resolution


• NERC created a supply chain standard webpage• Critical Infrastructure Protection Committee (CIPC) to establish

advisory task force Advise on activities to support standard implementation Develop schedule for webinars, workshops, and technical conferences in

coordination with NERC and the Regional Entities Document existing risks and develop security guidelines

• NERC and Regions to conduct small group advisory sessions• NERC and Regions to offer outreach and readiness evaluations

Effective and Efficient Implementation


• NERC to use EPRI to conduct risk study Assessment of product/manufacturer types used on the BES Analysis & applicability to BES Cyber Assets Analysis of best practices and standards in other industries to mitigate

supply chain risks Analysis of generalized vendor practices and approaches used to mitigate

supply chain risks

• NERC to recruit industry experts and vendors to participate in supply chain risk study

• E-ISAC to engage Department of Energy and Department of Homeland Security to explore information sharing opportunities and future supply chain risk assessment activities

Supply chain risk study


• NERC and E-ISAC to continue utilizing NERC Alerts to communicate supply chain risks

• E-ISAC included supply chain risk topic in GridEx IV• NERC to capture supply chain standard resources on webpage• NERC and Regions to include supply chain topic at planned

workshops and seminars in 2018 NERC to conduct additional webinars and technical conferences

• CIPC to develop supply chain security guidelines• NERC and CIPC to partner with National Laboratory group to

conduct current equipment supply chain risk evaluation

Communicate supply chain risks


• Forums and Associations developing white papers First drafts completed Final review and publish Q3 2018

• NERC to post white papers on supply chain standard webpage• NERC, Forums and Associations to jointly present papers to

industry

Forums and Associations


• NERC and Regions to develop effectiveness evaluation plan in Q4 2018 Evaluation plan dependent on FERC approval Plan to consider standard effective date and associated implementation

plan

• CIPC advisory task force to provide feedback to ERO Enterprise and industry on supply chain standard effectiveness

• NERC and Regions to continue small group advisory sessions throughout supply chain implementation to obtain feedback on outcomes and standard effectiveness

• ERO Enterprise auditor observations and feedback on standard effectiveness

Plan to evaluate standard effectiveness


NATF UpdateNERC CIPC Meeting

June 5-6, 2018

Ken KeelsNATF Director, Practices and Initiatives

[email protected]; 704-945-1950

Open DistributionCopyright © 2018 North American Transmission Forum. Not for sale or commercial use. All rights reserved.

Community Confidentiality Candor Commitment

mailto:[email protected]

Topics

• Update on NATF Compliance Implementation Guidance• NATF Work on Supply Chain Cybersecurity Risk Management• NATF Member Security Practices Sharing and Development• NATF Member Security Practices Workshop

Open Distribution 2

Endorsed Compliance Implementation Guidance

• CIP-010-3, R1.6 (Software Integrity & Authenticity)• Cyber security supply chain risk management

• CIP-014-2, R4 Practices Document (Threat and Vulnerability Evaluations)

• CIP-014-2, R5 Practices Document (Physical Security Plans)

Open Distribution 3

Non-Endorsed Compliance Implementation Guidance

NATF projects teams working on revisions to these two guidance documents:

• CIP-010-2, R4 Implementation and Use of Transient Cyber Assets (TCA)

• CIP-005-6, R2.4 and R2.5 (Vendor Remote Access)• Cyber security supply chain risk management

Open Distribution 4

Supply chain risk management

Completed NATF Activities/Products• Compliance Implementation Guidance – available to public!

• CIP-010-3, R1.6 (Software Integrity & Authenticity) – ERO Endorsed• CIP-005-6, R2.4 and R2.5 (Vendor Remote Access) – Not Endorsed

Under Development NATF Activities/Products• White Paper – future public availability!

• Cyber Security Supply Chain Risk Management Guidance• Compliance Implementation Guidance – future public

availability!• CIP-013 (Reliance on Independent Assessments of Vendors)

Open Distribution

NATF Supply Chain Cyber Security Risk Management Approach

Procurement Specifications Vendor Requirements

Existing Equipment

Open Distribution

Supply Chain Cyber Security Risk Management Plan

• Recommends establishment of cross-functional team within company to develop and implement plan

• Describes approach for assessing risk• Identifies supply chain cyber security criteria, drawn from

existing security frameworks (e.g., NIST, SOC2, ISO)• Suggests defining process/responsibility within company to

approve “exceptions”

Open Distribution

Common Approach and Criteria

Open Distribution

Established Cyber Security Criteria and Frameworks

8

Cyber Security Criteria for BES Entities

Open Distribution

Draft NATF Paper

Partner Sharing

NERC Sharing

Fine Tune/Finalize Documents and

Additional Socialization

Industry Publication

Circulate draft with EEI, APPA, NRECA, ISO/RTO, NAGF, EPRI, NERC, NERC CIPC, UTC

NERC BOT –Overview/Update

NATF board approval for open distribution

Feb/Mar

Apr

May

June/July

August

NERC BOT –Whitepaper Presentation

Further industry collaboration

Public Posting

NATF Timeline

FUTURE:Additional practices; white papers; industry alignment on approach and criteria

NATF Member Security Practices Sharing and Development

• Future Practice:• Managing data and applications in a “cloud” environment

• Topic Specific Webinars:• Cyber Kill Chain• Defense in Depth

• Focus Groups:• Emerging Issues White Papers Working Group

• Creating a Security Benchmarking Program• Phishing - How not to get caught by the Social Engineering Fisherman

• Configuration Management Users Group (New)• Tools Working Group

Open Distribution 10

NATF Member Security Practices WorkshopCyber Security Break Out Focus• Audit experience - CIP-007 patching • Patch evaluation • Tracking security patch mitigation

plans • Tools for automated patching • Security patch authenticity • How to build an effective and

efficient patch management program


Physical Security Break Out Focus• Physical Security Maturity Model • Social Engineering & Investigative

Stories • Red Teaming / Penetration Testing • Situation Awareness / Security

Analysis • Crisis Communications• Low Impact Physical Security • Incident Command

Questions?


Technical Rationale

Howard Gugel, Senior Director of Standards and EducationCIPC MeetingJune 5-6, 2018


• Reliability Standards template has included Guidelines and Technical Basis (GTB) section

Provides SDT mechanism to: (i) explain technical basis for Standard/Requirements; and

Provides technical guidance to apply Standard

• May 2015 – MRC and BOT formed “Compliance Guidance Team” to consider how to best provide guidance for implementing standards and develop policy for the purpose, development, use and maintenance of guidance

• Team identified two purposes for guidance:

Assist registered entities w/ implementing standards; and

To provide direction to ERO Enterprise CMEP staff

• Team Established principles for developing guidance and recommended

Implementation Guidance (IG)

CMEP Practice Guides

“One-stop shop” on website for guidance info on a Standard

Background


Principles for Developing Guidance:

• Guidance documents cannot change scope or purpose of Standard

• Contents not only way to comply

• Compliance expectations made clear through Standards development process, minimizing the need for guidance after final approval of standard

• Forms of guidance should not conflict

• Guidance developed collaboratively and posted on NERC website

• Finite/limited set of guidance tools; Well understood; Organized to facilitate use and implementation

• All guidance related to same standard coordinated and collected in one location

BOT Compliance Guidance Policy – Nov. 2015


• Standards template currently has GTB section to: Explain technical basis for Standard/ Requirements; and Provide technical guidance to help support effective application of Standard

• In response to BOT Compliance Guidance Policy, NERC Standards personnel and SC leadership drafted Technical Rationale for Reliability Standards document Goal: clarify difference between IG and Technical Rationale Presented to SC in June 2017

What about Guidelines & Technical Basis?


• June 2017 – SC endorsed Technical Rationale for Reliability Standards document

Standards template no longer will include GTB section

Existing GTB replaced by Technical Rationale or Implementation Guidance (IG) (as appropriate)

Technical Rationale should:

o Create a separate document clearly marked Technical Rationale for Reliability Standard XXX-XXX-X;

o Provide stakeholders & ERO Enterprise an understanding of technical Requirements

o Avoid compliance approach(es) to implement a Reliability Standard

• SC created and charged Technical Rationale Advisory Group (TRAG) w/ developing an plan to implement Technical Rationale for Reliability Standards

Background: Technical Rationale Documents


• TRAG members Chris Gowder – FMPA, Sean Bodkin – Dominion Energy, Andrew Gallo – Austin Energy, Howard Gugel

– NERC, Chris Larson – NERC, Steve Noess – NERC, Nasheema Santos – NERC, Shamai Elstein - NERC

• Conducted meetings to address questions & issues• Primary Goals & Considerations

o Communication with stakeholders on reasons for projecto Effective & efficient transition to Technical Rationaleo Identification of compliance approaches for evaluation as Implementation Guidance (IG)o Transparencyo Stakeholder involvement

TRAG Work


Frequently Asked Questions on Technical Rationale Project Page• Examples of FAQs: Why do we need to change the current approach? What are some of the benefits of this project? What are some considerations or risks associated with this project? How will you ensure Registered Entities know a Technical Rationale document is associated with a

particular Standard? How will you ensure Technical Rationale documents get updated as needed when a Standard is

revised? Will Registered Entities be able to provide input on Technical Rationale documents? Will new Technical Rationale content or future changes be balloted?

Frequently Asked Questions

https://www.nerc.com/pa/Stand/Pages/TechnicalRationaleforReliabilityStandards.aspx


• Additional examples of FAQs: Will the information contained in the Technical Rationale document be available during the

development of the associated standard? What consideration or weight will be afforded to the Technical Rationale documents during

monitoring and enforcement activities? How are Technical Rationale and Implementation Guidance related to SPM Section 11 documents, if

at all? Can you clarify the difference between “SAR technical rationale” and Reliability Standard Technical

Rationale? How will GTB that is considered neither Technical Rationale nor Implementation Guidance be

handled? Is there a third option such as submitting a SAR?

Frequently Asked Questions


• Guidelines and Technical Basis: A tool for a SDT to provide technical information or explain development

Rationales developed to explain SDT basis for Requirements

Created during the standards development process

• Technical Rationale: Provide SDT a way to explain technical rationale/justification for Standard and provide other relevant technical info

Not compliance approaches; Not endorsed/approved by ERO; Not mandatory/enforceable

• (Compliance) Implementation Guidance: Provide stakeholders a tool to provide compliance approaches

Developed and vetted by industry

Endorsed by ERO Enterprise; CMEP staff gives deference to approved IG approaches

Only an example for achieving compliance; Not the only approach to implementing Standard

Entities may choose alternative approaches

Technical Rationale Terms


Track 1: GTB w/ no: (1) modification of technical info or (2) compliance examples/approaches

Step 1: Identify Standards (not under current SAR) w/ GTB or other info considered technical rationale

Step 2: Form GTB Review Teams (RT)

• RTs identify GTB w/ only technical guidance/rationale and no compliance examples

• RTs divided by:

o CIP

o Ops/Data Exchange – BAL, INT, IRO, TOP

o Personnel/Emergency Planning – COM, EOP, PER

o Modeling/Long-term Planning – FAC, MOD, NUC, TPL

o System Performance – PRC, VAR

• SC solicits nominations and appoints RTs

GTB w/ No Compliance Examples/Approaches


Track 1: (continued)

Step 3: RT ensures GTB has no compliance examples/approaches and no technical modification needed

Else goes to Track 2

Step 4: GTB language removed/moved verbatim to TR named “Technical Rationale for Reliability Standard XXX-XXX-X” per following process:

• TR posted for comment/non-binding poll to confirm suitable for TR as is

• All comment forms ask: “Are you aware of any reason GTB should not transition to TR document?”

• If passes non-binding poll (using criteria from Sec. 4 of SPM), SC endorses TR

If comments indicate GTB should go to Track 2, SC may seek input from Technical Committee(s) or other resources re: whether to endorse TR



Track 1: (continued)

Step 4 (cont’d)

• If SC endorses TR:

Posted to NERC website on “Related Information” page for Standard

Link TR to one-stop shop

BOT and FERC approval not required

• If SC does not endorse TR, SC decides whether to address comments and re-post or send to Track 2

• If TR fails non-binding poll, goes to Track 2



Track 2: Three Scenarios1. GTB not eligible for Track 1; 2. TR fails non-binding poll; or3. TR not endorsed by SC• If any above, change goes through Standards Development Process• Info in GTB will transition to TR or IG (where appropriate) next time Standard goes

through standards development project or Periodic Review

Transition to TR through Development


• SDT may develop TR w/ Standard per SPM•Existing TR revised only when associated Standard under review/revisionHelps ensure version numbers match

•Because TR stands separate from Standard, it will continue to contain technical info developed w/ previous versions and still accurate/relevant (per SDT)

•During development, NERC staff will post proposed TR on project page w/ Standard

• Following approval of Standard, TR posted to NERC website on “Related Information” page + link to TR in one-stop-shop

Future TR Development


Next steps

• Webinar recording made available• GTB Review Team Nominations in progress• GTB Review Team(s) formed

https://www.nerc.com/pa/Stand/Technical%20Rationale%20fro%20Reliability%20Standards/2018-01_GTB_Solicit_Word_Announcement_March2018.pdf


• Technical Rationale Project Page Technical Rational Transition Plan GTB Review Team Nominations Frequently Asked Questions Technical Rationale for Reliability Standards, June 14 SC Meeting, agenda item 12

• BOT Compliance Guidance Policy, November 5, 2015• Implementation Guidance Website• Questions? [email protected]

Resources

https://www.nerc.com/pa/Stand/Pages/TechnicalRationaleforReliabilityStandards.aspx

https://www.nerc.com/pa/Stand/Technical%20Rationale%20fro%20Reliability%20Standards/Technical%20Rationale%20Transition%20Plan.pdf

https://www.nerc.com/pa/Stand/Technical%20Rationale%20fro%20Reliability%20Standards/2018-01_GTB_Solicit_Word_Announcement_March2018.pdf

https://www.nerc.com/comm/SC/Agenda%20Highlights%20and%20Minutes/SC%20Agenda%20Package_June142017.pdf

https://www.nerc.com/pa/comp/Resources/ResourcesDL/Compliance_Guidance_Policy_FINAL_Board_Accepted_Nov_5_2015.pdf

https://www.nerc.com/pa/comp/guidance/Pages/default.aspx

mailto:[email protected]?subject=Technical%20Rationale


Security Training Working Group

June 2018New Orleans, LA

2 RELIABILITY | ACCOUNTABILITY

Security Training WG

1. CharterCIPC will provide meeting attendees with an opportunity to participate in physical, cyber, and operational security training, as well as, educational outreach opportunities.

2. Current MembersTim Conway, Tom Hofstetter, Ross Johnson, Carl Herron, Jake Schmitter, Bill Lawrence, John Gasstrom, Michele Wright, Amelia S. Anderson and David Godfrey.



3. Latest Activitiesa. Continue to have monthly conference calls.

4. June 2018 Training Reviewa. June 2018 – Supply Chain Security - What are suppliers doing address the

issue/standards, and what do suppliers expect from Asset Owners when the standards are in effect?

Speakers: Mike Meason – WFEC, Supply Chain WG (Chair) Jim Waters – Black and Veatch Dennis Gammel - Schweitzer Engineering Laboratories Brenda Truhe – PPL, North American Transmission Forum



4. June 2018 Training Review – (continued)

Panel Discussion: Jim Waters - Black and Veatch Dennis Gammel - Schweitzer Engineering Laboratories Brenda Truhe – PPL (represting NATF) Paul Ackerman - Exelon Corporation (representing EEI) Lonnie Ratliff – NERC (Small Group Advisory Session) Mike Meason from Western Farmers Electric Cooperative, SCWG Chair (Moderator)



5. 2018 Training Schedulea. September 2018 – Supply Chain Security (Part – 2) or Transient Cyber Asset(s) -

(Panel Discussion)

6. Next Stepsa. The SWTG is looking for training topic recommendations for 2019 CIPC Meetings,

please contact a STWG Member with your ideas.b. We continue to seek and secure volunteer speakers.

7. CIPC Actionsa. Questions and/or suggestions for today’s discussion

Supply Chain WG Update

Michael Meason, Western Farmers Electric CooperativeCritical Infrastructure Protection Committee Meeting June 5-6, 2018




• High Level Objectives Identify known supply chain risks and address through guidance and input Partner with National Labs to identify vulnerabilities in legacy systems and

develop mitigation strategies Assist where possible with the E-ISAC and DOE, to explore information

sharing and supply chain risk assessments Provide input and feedback associated with development and execution of

supply chain risk study Coordinate with NATF to ensure requirements are clearly articulated



• Work Items Work item #1: Inclusion into the CIPC Strategic Plano Possible start June 2018

Work item #2: Conference Calls and Face-to-Face Meetingo First conference call May 14, 2018o Seeking time slot at next CIPC

Work item #3: Trainingo First training hosted by STWG prior to today’s meetingo Perhaps a second round of training



• Work Items II Work item #4: NATF Collaborationo Coordinated a conference call with NATF to discuss their guidance document

April 2018 Work item #5: Open letter to vendorso Possible start June 2018

Work item #6: Develop a process for requestso Possible start August 2018

Supply Chain Workgroup


• Look Forward Todayo Approve charter

Next 30 dayso Begin drafting open letter to supplierso Integration into CIPC strategic plano Conference calls

Next 90 dayso Support NATF guidanceo More training (if needed)o Develop a process for requests



Physical Security Advisory Group“Skating to where the puck is going – Wayne Gretzsky

John Breckinridge, KCPL, PSAG ChairCritical Information Protection Committee Meeting June 5-6, 2018


PSAG - Mission

• From the charter; The PSAG will assist the E-ISAC on the analysis of physical security threats.

The industry will benefit from advice on operational plans, policy and procedure, evolving and “state of the art” security technology, training, incident response and management. Provide seasoned expertise to advise the industry on threat mitigation strategies to enhance bulk power system (BPS) physical security and reliability.


PSAG - Objectives

• Advise the E-ISAC, CIPC and industry on physical security incidents with the potential of impacting the security and reliability of the Bulk Power System of North America

• Advise the E-ISAC on a physical security portal build out and suggest information content to share timely threat or suspicious incidents to enhance information sharing within the industry;

• Assist the Department of Energy (DOE) in development of the Physical Security Capability Maturity Model (PSCM2);

• Advise the CIPC Executive Committee and CIPC Physical Security Subcommittee with advice on initiatives, projects and on physical security guidelines, roundtable topics and training needed by the industry;

• Liaison with physical security technology providers and government to enhance their understanding of evolving and “state of art” technologies;

• Create and publish whitepapers and opinions through the E-ISAC to the Electricity Sub-sector, as needed, related to physical security programs, incident response, technology reviews, training and periodic exercises and/or testing;

• Volunteer physical security expertise to liaise, advise and coordinate with the industry to conduct, upon request, on-site peer to peer confidential reviews and provide feedback on observations for improving security at the entity.


PSAG - Members and Structure

• The PSAG will report to the E-ISAC Director, E-ISAC Operations and will be the executive sponsor. The staff support will be delegated to the Manager of Physical Security Members of the PSAG will be selected by the E-ISAC and are recognized

expertise from the following:Subject matter experts in physical security operationsSubject matter experts in physical security technologySubject matter experts in security training, drills and testingSubject matter experts in security programs and developmentSubject matter experts in vulnerability assessmentSubject matter experts in threat assessmentSubject matter experts in intelligence gatheringNERC staff


PSAG - Activities

• Past activities/products: Design Basis Threat (DBT) and DBT Implementation Guide Transmission Line Corridor security issues White Paper Insider Threat template Drone threat/mitigation research and concepts Security Management in the Electricity Sector guideline SERC Physical Security Professional (PSP) Prep Course

• Current/Future activities/products: Eco-terrorism/Protests workshop and products Threat intelligence/open source media scraping tools analysis Mass Notification tools analysis

• And we will continue to……


PSAG

• Liaison with other Physical Security groups-Government Partners, Law Enforcement, Other Critical Infrastructure, Industry Organizations, Trade Organizations, etc.

• Produce White Papers re; PS Issues, P&P, Methods, Technologies, that can lead to…….

• Quick, simple Guidelines• Continue to work with the E-ISAC and CIPC.


• Test Testo Test

– Test


