standards highlights and... · consistency and best practices annual assessment •der models...
TRANSCRIPT
![Page 1: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/1.jpg)
Standards
Howard Gugel, Senior Director of Standards and EducationBoard of Trustees MeetingFebruary 9, 2017
![Page 2: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/2.jpg)
RELIABILITY | ACCOUNTABILITY2
• Reliability Benefits Requirements for Transmission Operators to monitor facilities Requires redundant and diversely routed data exchange capabilities Addresses FERC Order No. 817 directives
• Action Adopt IRO-002-5 Reliability Coordination - Monitoring and Analysis Adopt TOP-001-4 Transmission Operations
Modifications to TOP and IRO Standards
![Page 3: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/3.jpg)
RELIABILITY | ACCOUNTABILITY3
• Reliability Benefits Updated performance criteria for Power System Stabilizers Implements recommendations from FERC-NERC-Regional Entity Joint
Review of Restoration and Recovery Plans Aligns reporting requirements between EOP-004-3 and DOE OE-417 Addresses FERC Directive Implements Periodic Review Team recommendations
• Action Adopt EOP-004-4, EOP-005-3, EOP-006-3, and EOP-008-2
Project 2015-08 Emergency Operations
![Page 4: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/4.jpg)
RELIABILITY | ACCOUNTABILITY4
• Background Order No. 822 directiveso Modify Low Impact External Routable Connectivity (LERC) o Protect transient devices at Low Impact BES Cyber Systems
Reliability Benefitso Revises electronic access controls for Low Impact BES Cyber Systemso Incorporates the concepts of LERC into CIP-003-7o Addresses malware propagation in Low Impact BES Cyber Systems
• Action Adopt CIP-003-7 and its Implementation Plan Adopt definitions of Transient Cyber Asset and Removable Media
CIP-003-7- Cyber Security – Security Management Controls
![Page 5: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/5.jpg)
RELIABILITY | ACCOUNTABILITY5
• Background Alignment with Texas RE Bylaws Replace Standards Committee with Member Representatives Committee Minor revisions to clarify and update language
• Action Approve Texas RE Standards Development Process
Texas RE Standards Development Process
![Page 6: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/6.jpg)
RELIABILITY | ACCOUNTABILITY6
• Reliability Benefits Specify circumstances Power System Stabilizer (PSS) will not provide an
active signal to the Automatic Voltage Regulator PSS in service while synchronized, except during specified circumstances Tune PSS to specific criteria Install and complete start-up testing of a PSS Repair or replace PSS within 24 months failing tuning specifications
• Action Adopt VAR-501-WECC-3
VAR-501-WECC-3
![Page 7: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/7.jpg)
RELIABILITY | ACCOUNTABILITY7
• Background Alignment with Texas RE Bylaws Replace Standards Committee with Member Representatives Committee
• Action Information only
BAL-001-TRE-1 Attachment 2 Revision
![Page 8: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/8.jpg)
RELIABILITY | ACCOUNTABILITY8
![Page 9: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/9.jpg)
Efficiency and Effectiveness MetricMike Walker, Senior Vice President and Chief Financial and Administrative OfficerBoard of Trustees MeetingFebruary 9, 2017
![Page 10: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/10.jpg)
RELIABILITY | ACCOUNTABILITY2
• Approve NERC’s Efficiency and Effectiveness Metric• Includes four measures for 2017: Execution of business plan and budget Implementation of ERO Enterprise technology solutions Implementation of Regional Entity oversight plans and NERC adherence to
the Rules of Procedure Implementation of action plans in response to ERO Enterprise Effectiveness
Survey results
Approve
![Page 11: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/11.jpg)
Distributed Energy Resources Task Force (DERTF) Final ReportRich Hydzik, Avista, NERC DERTF ChairBoard of TrusteesFebruary 9, 2017
![Page 12: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/12.jpg)
RELIABILITY | ACCOUNTABILITY2
• Formed December 2015 • Reports to the Essential Reliability Services Working Group• Membership: representatives from Transmission planning and operations Renewable developers Regulatory organizations Distribution utility Researchers
• Final report to NERC Technical Committees in December 2016 Identify current state Recommendations to NERC, industry, and regulators
DERTF Background
![Page 13: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/13.jpg)
RELIABILITY | ACCOUNTABILITY3
• Operational impacts in areas with high penetration of distributed energy resources
• Recommendation for consistent modeling and assessing Distributed Energy Resources (DER)
• Review existing NERC Reliability Standards and coordinate with IEEE 1547 standard related efforts
• Review the NERC Functional Model, registration categories• Evaluate the need for Reliability Guidelines and/or Standard
Authorization Requests (SAR)
DERTF Scope Tasks
![Page 14: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/14.jpg)
RELIABILITY | ACCOUNTABILITY4
• How should DER be included in planning and operating models?• What level of control is needed for reliable system operations?• What level of visibility do system operators require?• How can DER contribute to the reliability of the bulk power
system? • What does the Electric Reliability Organization (ERO) need to
consider?
DERTF Report – Key Areas of Focus
![Page 15: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/15.jpg)
RELIABILITY | ACCOUNTABILITY5
• DER penetration is rapidly increasing and altering the load mix • Technical and engineering challenges of integrating DERs on
distribution system are well understood, but the reliability implications on the Bulk Electric System are less so
• DERs will increasingly have capabilities for active power control and reliability services
• Fundamental changes to modeling, planning and operations and conventional assumptions
Key Findings
![Page 16: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/16.jpg)
RELIABILITY | ACCOUNTABILITY6
• Reliability Guidelines Technical committee actions for load modeling, operations
• Data Sharing Potential enhancement to NERC Reliability Standards Continue to monitor in Long-Term Reliability Assessment
• System Modeling Consistency and best practices Annual assessment
• DER Models• Definitions• Industry Collaboration IEEE, national laboratories, inverter manufacturers, software vendors
Recommendations for Next Steps
![Page 17: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/17.jpg)
RELIABILITY | ACCOUNTABILITY7
• Submitted for approval to the NERC Board of Trustees
Next Steps for the Report
![Page 18: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/18.jpg)
RELIABILITY | ACCOUNTABILITY8
![Page 19: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/19.jpg)
FERC Data Access – UpdateSharing GADS, TADS, and Misoperations data
James Merlo, Vice President, Reliability Risk Management Board of Trustees MeetingFebruary 9, 2017
![Page 20: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/20.jpg)
RELIABILITY | ACCOUNTABILITY2
• FERC order No. 824 directed NERC to give FERC access to certain NERC databases Generator Availability Data System (GADS) Transmission Availability Data System (TADS) Misoperations database (MISOPS)
• Mandatory data fields• US entities only
FERC Order 824
![Page 21: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/21.jpg)
RELIABILITY | ACCOUNTABILITY3
• FERC will treat information downloaded from NERC databases as non-public
• FERC clarified that downloaded data would be treated as CEII• Further evaluation from FERC as to whether data should be
designated as CEII in response to a request for information or FERC determination to disclose
FERC Order 833
![Page 22: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/22.jpg)
RELIABILITY | ACCOUNTABILITY4
• NERC is establishing a temporary secure site for FERC access • FERC is developing a Structured Query Language (SQL) server for
data exchange• Future access will be secure SQL server to SQL server providing
the required data to FERC staff
Process underway
![Page 23: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/23.jpg)
RELIABILITY | ACCOUNTABILITY5
![Page 24: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/24.jpg)
U.S. Government Relations - New Administration Appointments
Janet Sena, Senior Vice President, Director of Policy and External AffairsBoard of Trustees MeetingFebruary 9, 2017
![Page 25: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/25.jpg)
RELIABILITY | ACCOUNTABILITY2
Transition Update
• Overview of transition team • Key positions of interest• Outreach and tracking
![Page 26: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/26.jpg)
RELIABILITY | ACCOUNTABILITY3
Transition Team
• Chairman Vice President-Elect Mike Pence• Executive Director Rick Dearborn• Sector Team Leads
![Page 27: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/27.jpg)
RELIABILITY | ACCOUNTABILITY4
4,000 Plus Jobs to Fill
• 4,013 Total number of appointments 1,242 presidential appointees who need Senate approval 472 presidential appointees who don’t need Senate approval 761 non-career Senior Executive Service positions 1,538 Schedule C appointments
• Energy Department 138 positions 22 appointees who need Senate approval 83 non-career Senior Executive Service positions 33 Schedule C appointment
• Independent Agencies, including FERC – 1,153 positions
![Page 28: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/28.jpg)
RELIABILITY | ACCOUNTABILITY5
Key Energy Positions
• Rick Perry – Secretary of Energy• Chairman of FERC• Commissioner of FERC• Commissioner of FERC
![Page 29: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/29.jpg)
RELIABILITY | ACCOUNTABILITY6
Other Key Positions of Interest
• General John Kelly – Secretary of Homeland Security• General James Mattis – Secretary of Defense• Rep. Mike Pompeo – Director, Central Intelligence Agency• Rex Tillerson – Secretary of State• Scott Pruitt – EPA Administrator• Mick Mulvaney – Director of the Office of Management and
Budget
![Page 30: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/30.jpg)
RELIABILITY | ACCOUNTABILITY7
Key White House Staff and Advisors
• White House Chief of Staff Reince Priebus• Chief Strategist Steve Bannon• Counselor to the President Kellyanne Conway• Press Secretary Sean Spicer• Cyber czar• Special Advisor to the President on Regulatory Reform Carl Icahn• Cyber Security Advisor Rudy Giuliani
![Page 31: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/31.jpg)
RELIABILITY | ACCOUNTABILITY8
NERC Outreach
• President and CEO Cauley presentation to ESCC – Energy transition lead in attendance
• President and CEO Cauley request for meeting to transition team
• Meeting with Energy transition team • Ongoing Policy & External Affairs outreach with
transition team
![Page 32: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/32.jpg)
RELIABILITY | ACCOUNTABILITY9
![Page 33: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/33.jpg)
[INSERT APPLICABLE REGIONAL ENTITY NAME/LOGO]
Reliability Assurance Project of the Western Interconnection Assurance Activity Briefing
February 9, 2017
Ken McIntyre, VP Standards and ComplianceMelanie Frye, VP Reliability Planning and Performance AnalysisBoard of Trustees Meeting
Agenda Item 5fBoard of Trustees MeetingFebruary 9, 2017
![Page 34: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/34.jpg)
RELIABILITY | ACCOUNTABILITY2
Assurance Project
• Evaluate reliability in the Western Interconnection Follow-up activity from September 8, 2011 event
• Confidential effort focused on understanding practices Joint effort Voluntary participation Visited 15 entities (Reliability Coordinator and Transmission Operators) Discussions with frontline personnel
• Findings provided to senior management Public report posted December 2, 2016* Follow up discussion with entities
* https://www.wecc.biz/_layouts/15/WopiFrame.aspx?sourcedoc=/Reliability/Reliability Assurance Project of the Western Interconnection Findings.pdf&action=default
![Page 35: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/35.jpg)
RELIABILITY | ACCOUNTABILITY3
Assess Key Operational Areas
• Data sharing and communications• Situational Awareness• Operator authority
![Page 36: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/36.jpg)
RELIABILITY | ACCOUNTABILITY4
Areas for Improvement
• Reactive versus Proactive approach• Real Time Contingency Analysis• Next-Day Studies• Path Operator Authority• Outage Coordination• System Visualization
![Page 37: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/37.jpg)
RELIABILITY | ACCOUNTABILITY5
Next Steps
Joint Assurance Project
Public Report
WECC RPPA Reliability Assurance Activities
Gather Information
• Interviews• Entity Visits
Analyze Data• Performance
Data• Surveys
Conduct Outreach
• Workshops• Entity Feedback
Partner with Stakeholders
• Expertise • Public Reports
WECC Compliance and Enforcement Activities
Conduct Outreach
• Compliance Workshops
• WICF• New Standards
Implementation
Risk Assessment Process
• Inherent Risk Assessment
• CMEP Tools
![Page 38: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/38.jpg)
RELIABILITY | ACCOUNTABILITY6
Reliability Workshop
• March 22, 2017• Stakeholder conversation on 3 issues: Next-day studies Approaches to identifying elements to include in system studies Control room design
![Page 39: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/39.jpg)
RELIABILITY | ACCOUNTABILITY7
Real Time Contingency Analysis
• Q1-Q2: conduct outreach on new TOP-001-3 R13 WECC committee meetings Webinars WECC Compliance Workshop
• Q2-Q3: visit 5 to 7 entities to discuss RTCA
![Page 40: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/40.jpg)
RELIABILITY | ACCOUNTABILITY8
![Page 41: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/41.jpg)
1
E-ISAC Update
Marcus Sachs, Senior VP & Chief Security OfficerBoard of TrusteesFebruary 9, 2017
![Page 42: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/42.jpg)
2
• Sharing and reporting 265 E-ISAC staff posts to the portal (+29% from Q3)
57 member posts to the portal (+20%)
35 calls to the E-ISAC hotline (-17%)
275 new portal accounts (+30%)
• Engagement (monthly average during the quarter) 296 webinar attendees (+12%)
416 downloads of the daily report (+0.4%)
Summary of Q4 2016
![Page 43: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/43.jpg)
3
Sharing by Region – Q4 2016
![Page 44: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/44.jpg)
4
• GridSecCon 2016 (October) Quebec City Over 400 participants
• NERC Level 2 Alert on the Internet of Things (October)• GridEx IV Initial Planning Meeting (November) First opportunity to provide input into scenario development Exercise scheduled for November 15-16, 2017
• Portal improvements (November)• Launched CAISS – the STIX/TAXII pilot (December)• Two cyber events (December) Second Ukraine incident Vermont incident
Significant Activities
![Page 45: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/45.jpg)
5
• Explosive growth of “smart devices” in the past two years Things that can communicate over the Internet Security cameras, digital video recorders, alarms, light switches, coffee
pots, refrigerators
• Most are not designed to be secure against unauthorized access Can be hijacked by malicious actors Are being used to attack other systems
• Three attacks on October 21, 2016, against an Internet service provider Caused hundreds of popular websites to be unavailable
• E-ISAC issued TLP-AMBER, TLP-GREEN, and TLP-WHITE advisories at the end of October
Internet of Things Issue
![Page 46: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/46.jpg)
6
• “Internet of Things (IoT) Used For High Bandwidth Distributed Denial of Service (DDoS) Attacks” Issued on October 11, 2016 with responses due in 90 days
• Seven recommendations and four questions1. Have you used a tool to identify Internet-facing devices within your entity’s
network and performed a risk assessment of discovered devices?2. Have you reviewed the use of default passwords for these types of
devices? 3. Do you implement the Principle of Least Privilege in your Internet-facing
networks to include devices, such as security cameras, DVRs, video monitors, printers, etc.?
4. Do you have a vulnerability management process to ensure a strong security posture is maintained for Internet-facing networks and devices?
NERC Level 2 Recommendation
![Page 47: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/47.jpg)
7
• CAISS is a technology proof-of-concept project Based on STIX/TAXII technology Requested in 2015 ESCC recommendations Results of the pilot will be integrated into future platform Ten initial participants—more have joined since the beginning of 2017
• NERC pays for back-end services Participants pay for any hardware or software needed at users’ sites
• Two complimentary technologies: ThreatConnect – Front-end GUI for analysis and STIX package creation Soltra Edge – Back-end, machine-to-machine communications TAXII server
(Soltra Edge was sold to NC4 in November 2016)
Cyber Automated Information Sharing System (CAISS)
STIX = Structured Threat Information eXpressionTAXII = Trusted Automated Exchange of Indicator Information
![Page 48: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/48.jpg)
8
• All CRISP data currently flows to PNNL CRISP participants use Information Sharing Devices to collect and send
data PNNL provides system to “write up” to classified networks for analysis E-ISAC currently relies on PNNL for analysis of CRISP data and reports
• New capability gives E-ISAC analysts the ability to store and analyze unclassified data locally Up to 200 TB storage array installed at the E-ISAC Three stand-alone analyst workstations in place Currently evaluating new analytical tools Initial operating capability reached in January 2017
• At maturity, the E-ISAC will be able to query and analyze unclassified CRISP data with minimal PNNL involvement
CRISP Unclassified Data Center
![Page 49: Standards highlights and... · Consistency and best practices Annual assessment •DER Models •Definitions ... server for data exchange •Future access will be secure SQL server](https://reader030.vdocuments.site/reader030/viewer/2022040911/5e85e8853679556ffd6fe7c6/html5/thumbnails/49.jpg)
9