Next Generation Information Sharing For The Electric Sector
1. Next Generation Information
Sharing For The Electric
Sector
Patrick C Miller, President and CEO
February 4, 2011
ERCOT CIPWG Meeting
ERCOT Executive and Administrative Center
2. History
• 7/2004: EnergySec founded as E-Sec NW
• 1/2008: SANS Information Sharing Award
• 12/2008: Incorporated as EnergySec
• 10/2009: 501(c)(3) nonprofit determination
• 4/2010: EnergySec applied for National
Electric Sector Cybersecurity Organization
(NESCO) FOA
• 7/2010: NESCO grant award from DOE
• 10/2010: NESCO became operational
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 1
3. Now And Beyond
• Over 460 members from 124 organizations
– 74% of US electric distribution
– 60% of US electric generation
• The asset owners are already sharing
• Challenges
– Increase and improve asset-owner sharing
– Establish two-way sharing from the government
and vendor segments
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 2
4. What Is The NESCO?
Two organizations received
awards:
– EnergySec was selected to form
and lead the National Electric
Sector Cybersecurity Organization
(NESCO)
– The Electric Power Research
Institute (EPRI) was selected as a
research and analysis resource
to the NESCO (NESCOR)
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 3
5. What Is The NESCO?
• Mission: Lead a broad-based, public-private
partnership to improve electric sector energy
systems cyber security; become the security voice
of the electric industry
• Goals:
– Identify and disseminate common, effective cyber security
practices
– Analyze, monitor and relay infrastructure threat information
– Work with federal agencies to improve electric sector cyber
security
– Encourage key electric sector supplier and vendor support
/ interaction
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 4
6. Key Differentiators
• What is the difference between EnergySec and
NESCO?
– NESCO is a DOE-funded program under the
EnergySec non-profit umbrella
• What is the difference between NESCO and
NESCOR?
– NESCO is the lead role, NESCOR is a technical
resource to the NESCO
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 5
7. Key Differentiators
• Is EnergySec a product or service vendor?
– EnergySec has no for-profit products and/or services
• Is NESCO a government agency?
– No; the NESCO is funded by a DOE grant but
managed by EnergySec, a private non-profit 501(c)(3)
organization
• Is NESCO involved in regulation?
– No; the NESCO has no regulatory capacity
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 6
8. Key Differentiators
• What is the difference between NESCO and the
NERC ES-ISAC?
– NESCO: Non-regulatory; participation and reporting
are not required (voluntary); industry funded; supports
ISAC
– NERC ES-ISAC: Regulatory, participation and
reporting is mandatory; statutorily funded
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 7
9. Key Differentiators
• What is the difference between NESCO and the
DHS ICS-CERT?
– NESCO: Electric sector focus; discretionary
classification of information; near real-time; informal
– DHS ICS-CERT: Control systems focus (all sectors);
extended duration before information is classified and
released; formal
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 8
10. Key Differentiators
• Is NESCO another trade association?
– No; NESCO spans all trade associations
• Is NESCO another National Energy Lab?
– No, however NESCO works closely with all National
Labs
• NESCO makes every effort to avoid
duplicating already existing successful
programs
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 9
11. Infosharing Characteristics
US Government Industry
• Deliberate and • Often more ad hoc and
authoritative much more agile
• Often highly • 100% accuracy isn’t
compartmentalized always required
• Classifies threats and • Difficult to handle
incidents for CI/KR classified information
• Holds only some of the • Can share more freely
relevant information without needing
authorization
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 10
12. How Does This Work?
• Sharing requires trust
• Trust is built on relationships
• NESCO fosters trustworthy
relationships
– Bringing people together
– Flexible technology options
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 11
13. NESCO Outreach
• NESCO outreach programs
– Annual Summit
– Town Hall Meetings (April 27th, Austin TX)
– Voice Of The Industry Meeting
– Interest Groups
– Webinars
– Portal/Forums
– Email distribution lists
– Social media
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 12
14. NESCO Technology
• Email distribution lists
• Secure portal with forums
• Secure instant messaging
• Rapid notification mechanisms
• Web collaboration
• Resource repository
• Most technologies have non-
attribution (anonymous)
options
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 13
15. Free Like A Puppy
• NESCO grant contains a
cost-share requirement
– Must be fully funded by
industry after 3 years
• 20/80 Year One
• 40/60 Year Two
• 60/40 Year Three
– DOE has an expectation that
industry will support the
NESCO
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 14
16. Sponsorship Benefits
• Sponsorships are tax deductible
• Less expensive than headcount and/or training
• Access to industry peers
– What works, what doesn’t
– Informal benchmarking
– Situational awareness
– Threat and vulnerability analysis
– Mentoring
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 15
17. Sponsorship Benefits
• Access to Resource Repository [coming soon]
– Code snippets
– IDS signatures
– Audit templates
– Reference architectures
– Attack signatures
– System configurations
– Policy, process, procedure templates
– Compliance practices
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 16
18. Secure Collaboration
Options
Asset Owners
Product
and
Academia
Service
Vendors
Government Entities
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 17
19. Conclusion
• Unique non-profit, independent, public-private
information sharing organization
• Focused on building trust through relationships
• Flexible technology facilitates and catalyzes
information sharing efforts
• Security voice of the electric sector
• NESCO’s success depends on participation and
sponsorship from the asset-owners and vendors
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 18
20. Plug In
www.energysec.org
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 19
21. Questions?
Non-profit. Independent. Trusted.
Patrick C Miller, President and CEO
patrick@energysec.org
503-446-1212
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 20