next generation information sharing for the electric sector

Next Generation Information Sharing For

The Electric SectorPatrick C Miller, President and CEO

February 4, 2011ERCOT CIPWG Meeting

ERCOT Executive and Administrative Center

2

The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program

History

• 7/2004: EnergySec founded as E-Sec NW• 1/2008: SANS Information Sharing Award• 12/2008: Incorporated as EnergySec• 10/2009: 501(c)(3) nonprofit

determination• 4/2010: EnergySec applied for National

Electric Sector Cybersecurity Organization (NESCO) FOA

• 7/2010: NESCO grant award from DOE• 10/2010: NESCO became operational

3


Now And Beyond

• Over 460 members from 124 organizations– 74% of US electric distribution– 60% of US electric generation

• The asset owners are already sharing

• Challenges– Increase and improve asset-owner sharing– Establish two-way sharing from the

government and vendor segments

4


What Is The NESCO?

Two organizations received awards:– EnergySec was selected to

form and lead the National Electric Sector Cybersecurity Organization (NESCO)

– The Electric Power Research Institute (EPRI) was selected as a research and analysis resource to the NESCO (NESCOR)

5


What Is The NESCO?

• Mission: Lead a broad-based, public-private partnership to improve electric sector energy systems cyber security; become the security voice of the electric industry

• Goals:– Identify and disseminate common, effective cyber security

practices– Analyze, monitor and relay infrastructure threat information– Work with federal agencies to improve electric sector cyber

security– Encourage key electric sector supplier and vendor support /

interaction

6


Key Differentiators

• What is the difference between EnergySec and NESCO?– NESCO is a DOE-funded program under the

EnergySec non-profit umbrella

• What is the difference between NESCO and NESCOR?– NESCO is the lead role, NESCOR is a technical

resource to the NESCO

7


Key Differentiators

• Is EnergySec a product or service vendor?– EnergySec has no for-profit products and/or

services

• Is NESCO a government agency?– No; the NESCO is funded by a DOE grant but

managed by EnergySec, a private non-profit 501(c)(3) organization

• Is NESCO involved in regulation?– No; the NESCO has no regulatory capacity

8


Key Differentiators

• What is the difference between NESCO and the NERC ES-ISAC?– NESCO: Non-regulatory; participation and

reporting are not required (voluntary); industry funded; supports ISAC

– NERC ES-ISAC: Regulatory, participation and reporting is mandatory; statutorily funded

9


Key Differentiators

• What is the difference between NESCO and the DHS ICS-CERT?– NESCO: Electric sector focus; discretionary

classification of information; near real-time; informal

– DHS ICS-CERT: Control systems focus (all sectors); extended duration before information is classified and released; formal

10


Key Differentiators

• Is NESCO another trade association?– No; NESCO spans all trade associations

• Is NESCO another National Energy Lab?– No, however NESCO works closely with all

National Labs

• NESCO makes every effort to avoid duplicating already existing successful programs

11


Infosharing Characteristics

US Government• Deliberate and

authoritative• Often highly

compartmentalized• Classifies threats and

incidents for CI/KR• Holds only some of the

relevant information

Industry• Often more ad hoc

and much more agile• 100% accuracy isn’t

always required• Difficult to handle

classified information• Can share more freely

without needing authorization

12


How Does This Work?

• Sharing requires trust• Trust is built on relationships

• NESCO fosters trustworthy relationships– Bringing people together– Flexible technology options

13


NESCO Outreach

• NESCO outreach programs– Annual Summit– Town Hall Meetings (April 27th, Austin TX)– Voice Of The Industry Meeting– Interest Groups– Webinars– Portal/Forums– Email distribution lists– Social media

14


NESCO Technology

• Email distribution lists• Secure portal with forums• Secure instant messaging• Rapid notification

mechanisms• Web collaboration• Resource repository• Most technologies have

non-attribution (anonymous) options

15


Free Like A Puppy

• NESCO grant contains a cost-share requirement– Must be fully funded by

industry after 3 years• 20/80 Year One• 40/60 Year Two• 60/40 Year Three

– DOE has an expectation that industry will support the NESCO

16


Sponsorship Benefits

• Sponsorships are tax deductible• Less expensive than headcount and/or

training• Access to industry peers– What works, what doesn’t– Informal benchmarking– Situational awareness– Threat and vulnerability analysis– Mentoring

17


Sponsorship Benefits

• Access to Resource Repository [coming soon]– Code snippets– IDS signatures– Audit templates– Reference architectures– Attack signatures– System configurations– Policy, process, procedure templates– Compliance practices

18


Secure Collaboration Options

Asset Owners

Product and

Service Vendors

Government Entities

Academia

19


Conclusion

• Unique non-profit, independent, public-private information sharing organization

• Focused on building trust through relationships

• Flexible technology facilitates and catalyzes information sharing efforts

• Security voice of the electric sector• NESCO’s success depends on participation

and sponsorship from the asset-owners and vendors

20


Plug In

www.energysec.org

http://www.energysec.org/join

21


Questions?

Patrick C Miller, President and [email protected]

503-446-1212

Non-profit. Independent. Trusted.