next generation information sharing for the electric sector
DESCRIPTION
Presented in February of 2011 at ERCOT CIPWG meeting, this slide deck addresses not only the NESCO program but also points out the information sharing and collaboration required to help improve security in the electric sector.TRANSCRIPT
![Page 1: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/1.jpg)
Next Generation Information Sharing For
The Electric SectorPatrick C Miller, President and CEO
February 4, 2011ERCOT CIPWG Meeting
ERCOT Executive and Administrative Center
![Page 2: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/2.jpg)
2
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
History
• 7/2004: EnergySec founded as E-Sec NW• 1/2008: SANS Information Sharing Award• 12/2008: Incorporated as EnergySec• 10/2009: 501(c)(3) nonprofit
determination• 4/2010: EnergySec applied for National
Electric Sector Cybersecurity Organization (NESCO) FOA
• 7/2010: NESCO grant award from DOE• 10/2010: NESCO became operational
![Page 3: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/3.jpg)
3
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
Now And Beyond
• Over 460 members from 124 organizations– 74% of US electric distribution– 60% of US electric generation
• The asset owners are already sharing
• Challenges– Increase and improve asset-owner sharing– Establish two-way sharing from the
government and vendor segments
![Page 4: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/4.jpg)
4
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
What Is The NESCO?
Two organizations received awards:– EnergySec was selected to
form and lead the National Electric Sector Cybersecurity Organization (NESCO)
– The Electric Power Research Institute (EPRI) was selected as a research and analysis resource to the NESCO (NESCOR)
![Page 5: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/5.jpg)
5
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
What Is The NESCO?
• Mission: Lead a broad-based, public-private partnership to improve electric sector energy systems cyber security; become the security voice of the electric industry
• Goals:– Identify and disseminate common, effective cyber security
practices– Analyze, monitor and relay infrastructure threat information– Work with federal agencies to improve electric sector cyber
security– Encourage key electric sector supplier and vendor support /
interaction
![Page 6: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/6.jpg)
6
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
Key Differentiators
• What is the difference between EnergySec and NESCO?– NESCO is a DOE-funded program under the
EnergySec non-profit umbrella
• What is the difference between NESCO and NESCOR?– NESCO is the lead role, NESCOR is a technical
resource to the NESCO
![Page 7: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/7.jpg)
7
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
Key Differentiators
• Is EnergySec a product or service vendor?– EnergySec has no for-profit products and/or
services
• Is NESCO a government agency?– No; the NESCO is funded by a DOE grant but
managed by EnergySec, a private non-profit 501(c)(3) organization
• Is NESCO involved in regulation?– No; the NESCO has no regulatory capacity
![Page 8: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/8.jpg)
8
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
Key Differentiators
• What is the difference between NESCO and the NERC ES-ISAC?– NESCO: Non-regulatory; participation and
reporting are not required (voluntary); industry funded; supports ISAC
– NERC ES-ISAC: Regulatory, participation and reporting is mandatory; statutorily funded
![Page 9: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/9.jpg)
9
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
Key Differentiators
• What is the difference between NESCO and the DHS ICS-CERT?– NESCO: Electric sector focus; discretionary
classification of information; near real-time; informal
– DHS ICS-CERT: Control systems focus (all sectors); extended duration before information is classified and released; formal
![Page 10: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/10.jpg)
10
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
Key Differentiators
• Is NESCO another trade association?– No; NESCO spans all trade associations
• Is NESCO another National Energy Lab?– No, however NESCO works closely with all
National Labs
• NESCO makes every effort to avoid duplicating already existing successful programs
![Page 11: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/11.jpg)
11
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
Infosharing Characteristics
US Government• Deliberate and
authoritative• Often highly
compartmentalized• Classifies threats and
incidents for CI/KR• Holds only some of the
relevant information
Industry• Often more ad hoc
and much more agile• 100% accuracy isn’t
always required• Difficult to handle
classified information• Can share more freely
without needing authorization
![Page 12: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/12.jpg)
12
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
How Does This Work?
• Sharing requires trust• Trust is built on relationships
• NESCO fosters trustworthy relationships– Bringing people together– Flexible technology options
![Page 13: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/13.jpg)
13
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
NESCO Outreach
• NESCO outreach programs– Annual Summit– Town Hall Meetings (April 27th, Austin TX)– Voice Of The Industry Meeting– Interest Groups– Webinars– Portal/Forums– Email distribution lists– Social media
![Page 14: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/14.jpg)
14
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
NESCO Technology
• Email distribution lists• Secure portal with forums• Secure instant messaging• Rapid notification
mechanisms• Web collaboration• Resource repository• Most technologies have
non-attribution (anonymous) options
![Page 15: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/15.jpg)
15
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
Free Like A Puppy
• NESCO grant contains a cost-share requirement– Must be fully funded by
industry after 3 years• 20/80 Year One• 40/60 Year Two• 60/40 Year Three
– DOE has an expectation that industry will support the NESCO
![Page 16: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/16.jpg)
16
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
Sponsorship Benefits
• Sponsorships are tax deductible• Less expensive than headcount and/or
training• Access to industry peers– What works, what doesn’t– Informal benchmarking– Situational awareness– Threat and vulnerability analysis– Mentoring
![Page 17: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/17.jpg)
17
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
Sponsorship Benefits
• Access to Resource Repository [coming soon]– Code snippets– IDS signatures– Audit templates– Reference architectures– Attack signatures– System configurations– Policy, process, procedure templates– Compliance practices
![Page 18: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/18.jpg)
18
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
Secure Collaboration Options
Asset Owners
Product and
Service Vendors
Government Entities
Academia
![Page 19: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/19.jpg)
19
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
Conclusion
• Unique non-profit, independent, public-private information sharing organization
• Focused on building trust through relationships
• Flexible technology facilitates and catalyzes information sharing efforts
• Security voice of the electric sector• NESCO’s success depends on participation
and sponsorship from the asset-owners and vendors
![Page 20: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/20.jpg)
20
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
Plug In
www.energysec.org
![Page 21: Next Generation Information Sharing for the Electric Sector](https://reader036.vdocuments.site/reader036/viewer/2022070304/54c49bc34a795904788b483d/html5/thumbnails/21.jpg)
21
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
Questions?
Patrick C Miller, President and [email protected]
503-446-1212
Non-profit. Independent. Trusted.