Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
NESCO/NESCOR Joint Overview
1. National Electric Sector Cybersecurity
Organization & Resource
(NESCO/NESCOR) Joint Overview
Patrick C Miller, President and CEO, EnergySec
Erfan Ibrahim, PhD, Technical Executive, EPRI
March 23 2011
2. NESCO/NESCOR Partnership
• EnergySec = National Electric
Sector Cybersecurity
Organization (NESCO)
• EPRI = National Electric Sector
Cybersecurity Organization
Resource (NESCOR)
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
1
3. Complementary Programs
NESCO (EnergySec) NESCOR (EPRI)
Primary grant recipient; “EnergySec R&D Partner; “EPRI led team will provide
will form the organization to be a research and analysis resource for
known as NESCO” NESCO to mitigate risks from imminent
threats and vulnerabilities”
Emphasis on information and EPRI led team will harmonize
resource sharing, collaboration, cybersecurity requirements from NIST
situational/tactical awareness, rapid CSWG, DHS ICS JWG, NERC and
notification, forensics and applied OpenSG Utilisec and assess
research cybersecurity posture of standards and
technologies (including lab testing)
Asset owner participation is primary EPRI led team includes 17 partners from
vehicle, supplemented by SME research labs, academia and other SMEs
contractors
Both organizations focus on near and long term issues
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
2
4. NESCO/NESCOR Projects
1 2
Industry Research
Request
NESCO Project
Summary
NESCO
Asset
Project
R Threat and
Owners Validation, Input Vulnerability
Assessment and
4 & Tracking 3
Government Mitigation Group
Project Project
Approval Project Estimate Cyber Security
NERC 5 Management
6 Tech. Testing &
Validation Group
Trade Orgs Project Cyber Security
Standardization Requirements and
8 and Delivery
7 Standards
Vendors Project Delivery Project Delivery Assessment Group
Other Other
research industry
paths projects
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
3
6. EnergySec History
• 7/2004: EnergySec founded as E-Sec NW
• 1/2008: SANS Information Sharing Award
• 12/2008: Incorporated as EnergySec
• 10/2009: 501(c)(3) nonprofit determination
• 4/2010: EnergySec applied for National
Electric Sector Cybersecurity Organization
(NESCO) FOA
• 7/2010: NESCO grant award from DOE
• 10/2010: NESCO became operational
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
5
7. EnergySec Membership Stats
547 members from 161 organizations
US Nameplate Generation US Residential Distribution
74% 60%
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
6
8. NESCO Background
• Mission: Lead a broad-based, public-private
partnership to improve electric sector energy
systems cyber security
• Goals:
– Identify and disseminate common, effective cyber security
practices
– Analyze, monitor and relay infrastructure threat information
– Focus cybersecurity research and development priorities
– Work with federal agencies to improve electric sector cyber
security
– Encourage key electric sector supplier and vendor support
/ interaction
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
7
9. Public-Private Perceptions
• Government moves too slowly, over-
classifies and narrowly distributes
• Industry can’t protect the shared information
and doesn’t respond appropriately
• Lack of parity in degree and quality of
information shared in both directions
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
8
10. How Does This Work?
• Sharing requires trust
• Trust is built on relationships
• NESCO fosters trustworthy
relationships
– Bringing people together
– Flexible technology options to
extend and enhance relationships
– Organic growth; birds of a feather
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
9
11. Support, Not Duplicate
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
10
12. Collaboration Initiatives
• What works, what doesn’t
• Benchmarking
• Situational (tactical) security awareness
• Threat and vulnerability analysis
• Shared/crowd-sourced resources
(repository)
• Mentoring
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
11
13. NESCO Outreach
• Annual Summit – October, San Diego
• Town Hall Meetings – April 27, Austin
• Voice Of The Industry Meetings
• Interest Groups:
– Open Source, Intrusion
Detection, Forensics, Security
Architecture, Workforce
Development, Threat Assessment
• Webinars, Briefings
• Social media
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
12
14. Technology Portfolio
• Email distribution lists
• Secure portal with forums
• Secure instant messaging
• Rapid notification mechanisms
• Web collaboration
• Resource repository
• Most technologies have non-
attribution (anonymous)
options
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
13
15. Resource Repository
• Code snippets
• IDS/attack signatures
• Audit templates
• Reference architectures
• System configurations
• Policy, process, procedure templates
• Compliance practices
• And more…
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
14
17. NESCOR Background
DOE issued a Funding Opportunity Notice (FOA DE 0000245) in
April 2010 to establish the National Electric Sector Cyber Security
Organization (NESCO) as a public private partnership to:
– Evaluate cyber security posture for legacy systems
– Evaluate deployability of emerging cyber security technologies
– Collaborate and coordinate to identify cyber security requirements
– Perform use case analysis for risk identification, assessment, and
development of risk mitigation strategies
– Develop cyber security best practices and metrics
– Establish and operate a Cyber Incident Data Center (CIDC)
An EPRI Led Team with Support from PDU Executive Committee Members
Responded to DOE FOA
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
16
18. NESCOR Team
National/Commer Focus Areas
cial Research Other Subject
•Review NIST, DHS, NERC
Labs Academia Matter Experts and other cyber security
• Oak Ridge • University of • N-Dimension requirements and results
National Lab Houston • Inguardians •Assess existing power
• Sandia National • UCLA • Arc Technical system and cyber security
Lab • UC Berkeley • EnerNex standards to meet the
security requirements of
• Idaho National • University of • Xanthus
the power system
Lab Minnesota Consulting
• National Smart Grid International •Identify vulnerabilities,
Renewable Consortium • TLI Inc (Texas develop risk mitigation
strategies, best practices
Energy Lab A&M and metrics in collaboration
• Palo Alto University) with NESCO
Research
•Test security technologies
Center in labs and pilot projects
• SRI
• Telcordia
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
17
19. NESCOR Vision
• Strategic focus: Provide a focal point for bringing together
utilities, federal agencies, regulators, and researchers to
address the electric sector security threats
• Program objectives:
–Develop risk mitigation strategies, best practices and metrics
–Test security technologies in labs and pilot projects
–Harmonize security requirements across bodies of work from
DHS, NIST, NERC, etc.
–Assess existing power system and cyber security standards
to meet the security requirements of the power system
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
18
20. NESCOR Program
Structure
EPRI will create
and lead three
Threat and
working groups: Vulnerability
Assessment and
Mitigation Group
Cyber Security
Requirements and Cyber Security
Standards Technology Testing &
Assessment Group Validation Group
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
19
21. NESCOR Program
Structure
Working groups
populated by National Each WG collaborates
Labs, Universities, and with IOUs, Muni’s, Co-
Threat and Ops, and ISOs
Subject Matter Experts Vulnerability
Assessment and
Mitigation Group
Cyber Security
Requirements and Cyber Security
Standards Technology Testing &
Assessment Group Validation Group
Program advised by Industry Advisory Board composed of
industry groups, federal agencies, and regulators
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
20
22. Technology Readiness
Level
Interoperability testing
Developing vulnerability
mitigations
Testing emerging
security technologies
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
21
23. NESCOR Program
Structure
NESCOR seeds • Solutions to
projects for the current
Threat and vulnerabilities
EPRI Cyber Vulnerability
Security Assessment and
Program Mitigation Group
Cyber Security
Requirements and Cyber Security
Standards Technology Testing &
Assessment Group Validation Group
• Developing • Transferring
solutions for technology to
security gaps industry
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
22
24. NESCOR Outreach
• Need representation from cyber security subject matter
experts at IOUs, Municipals and Coops on the three technical
working groups conference calls and technical deliberations
– 90 minutes every other week on conference calls for each
task group starting Mid April 2011
– Background technical work to collect info and apply project
results (5 – 10 hours per month)
• Populate the NESCOR Advisory Board with senior executives
from various industry stakeholder groups for project direction
setting
• Get the word out for increased collaboration
• Project Duration: October 2010 – September 2013
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
23
25. Questions?
Non-profit. Independent. Trusted.
Patrick C Miller Erfan Ibrahim, PhD
President and CEO Technical Executive, NESCOR Lead
patrick@energysec.org eibrahim@epri.com
503-446-1212 925-785-5967
The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program
24