november 2, 2006 lessons from 2003-04 cipag 1 lessons from 2003-04 critical infrastructure group...
TRANSCRIPT
LESSONS FROM 2003-04 CIPAG 1 November 2, 2006
Lessons from 2003-04 Critical Infrastructure Group
Bill BojorquezNovember 2, 2006
LESSONS FROM 2003-04 CIPAG 2 November 2, 2006
2003-04 CIP Advisory Group Purpose2003-04 CIP Advisory Group Purpose
Purpose:
A collaborative effort to bring together owners and operators of critical physical and cyber assets for securing the Texas electric sector.
Channel security information from Local authorities Regional authorities Federal authorities
Discuss security solutions
Share information
Communicate and clarify NERC security standards
Assist in security standards implementation
LESSONS FROM 2003-04 CIPAG 3 November 2, 2006
2004 CIPAG Proposed Structure
“ERCOT CIPAG will be sanctioned by the ERCOT board of directors for the purpose of monitoring compliance with defined NERC standards. In addition, the group may offer security advisory services, assist market participants in developing stakeholder standards and will assist in communicating and clarifying critical information from federal and state agencies.”
LESSONS FROM 2003-04 CIPAG 4 November 2, 2006
2004 CIPAG Proposed Structure (cont.)
CIPAG: Will serve as an expert advisory panel to the ERCOT Board of
Directors and subcommittees Will establish security standards for interfacing with ERCOT systems. Will not set stakeholder security standards but can assist in developing
standards.• These security standards may be more stringent or specific than
NERC’s and must be approved through the reliability subcommittee (ROS)
Will establish and maintain an information reporting procedure for critical infrastructure protection among industry segments and with federal and state government agencies.
Will conduct forums and workshops related to the scope of CIPAG. ERCOT staff will lead the CIPAG and manage an open stakeholder
forum.
LESSONS FROM 2003-04 CIPAG 5 November 2, 2006
Department of Energy NERC/
CIPAG
ISO CIO Security Committee
ERCOTERCOT
Members
State Agency
Educate on best practices / standards Coordinate security Incidents Distributing information from federal and state agencies Solicit federal and state funding where appropriate Represent ERCOT market’s interest to federal and state agencies
Issue 1: Reach is too BroadIssue 1: Reach is too Broad
Department of Homeland Security
Federal Bureau of
Investigation
U.S. Secret Service
LESSONS FROM 2003-04 CIPAG 6 November 2, 2006
Issue 2: Significant Resource Burden
CIPAGPhysicalCyber
Operations
SubcommitteesTAC
ReliabilityRMS, WMS
SubcommitteesTAC
ReliabilityRMS, WMS
ERCOT Board of Directors
ERCOT Board of Directors
FederalStateNERC
Agencies
FederalStateNERC
Agencies
MarketParticipants
MarketParticipants
PUCTPUCT
Will establish and maintain an information reporting procedure for critical infrastructure protection among industry segments and with federal and state government agencies.
ERCOT staff will lead the CIPAG and manage an open stakeholder forum.
LESSONS FROM 2003-04 CIPAG 7 November 2, 2006
What Could be Helpful from the 2004 CIPAG?What Could be Helpful from the 2004 CIPAG?
Draft charter Proposed Governance Model
LESSONS FROM 2003-04 CIPAG 8 November 2, 2006
2004 CIPAG Governance2004 CIPAG Governance
Steering Committee
Drafts charter and proposes the governance structure for review and approval by the ERCOT Board of Directors
Companies who volunteer resources to the Steering Group: TXU Reliant BP
Governance Committee
Elected by Market Segments
Proposed Members: Generators (6), Transmission (2), QSE (4), ERCOT (1)
Reports to the Board of Directors
Chaired by ERCOT Director of Security
Vice Chair and Secretary elected by Committee Members
Working task groups created from group membership
CenterPointLCRAERCOT
LESSONS FROM 2003-04 CIPAG 9 November 2, 2006
2004 CIPAG Governance (cont.)2004 CIPAG Governance (cont.)
Communications and Initial Distribution:
All QSEs (65)
All Transmission Service Providers (17)
PGCs with total generation over 800MW (30)
Others can participate by subscribing to open exploder list.