The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 

WARNING: SIGN-IN

You need to be a member of Energy Central to access some features and content. Please or register to continue.

Post

Building Resilience into our Utilities, Regardless of Crisis

image credit: © Leowolfert | Dreamstime.com

This item is part of the Cybersecurity - Special Issue - 04/2020, click here for more

Reliable power is a service we often take for granted, as we rarely stop to think about what enables our American way of life. Under “business as usual” circumstances, these services are expected to run smoothly. But, what happens during emergencies? How do we ensure utilities and other services continue to operate uninterrupted? How does the federal government work with public and private sector partners to enable the continuity of operations even in times of crisis?

The Cybersecurity and Infrastructure Security Agency (CISA), as the nation’s risk advisor, is at the forefront of building public-private sector partnerships and addressing these questions through a holistic approach. CISA works with businesses, communities, and government at every level to help make the nation’s critical infrastructure more resilient to cyber and physical threats. Since 2018, NERC’s Electricity Information Sharing and Analysis Center (E-ISAC) has been embedded with CISA operations, benefitting both organizations and producing a sharper focus on specific threats that target, or could target, the energy sector.

The COVID-19 pandemic has shown that, when strong relationships and information-sharing capabilities are already in place when a crisis begins, services to the American people can continue unabated. The key is to prepare, train and exercise under blue-sky conditions to ensure the response is timely and efficient during an emergency.

Understanding the hybrid threat we face is the first step in preparing for an effective response. There are very few cyber-only or physical-only incidents. When one company or network experiences a disruption, impacts can quickly ripple across the rest of the sector and other interdependent sectors as well. Our world is extremely interconnected and CISA is at the crossroads of that convergence, providing a risk management approach to understanding the national critical functions whose interruption may have a cascading effect across sectors. For example, as part of the response to COVID-19, CISA has released guidance to assist state and local governments determine which workers are essential when crafting stay-at-home orders. This allows utilities and other critical services to continue while keeping the community safe.

CISA works closely with the private sector to share information, provide cybersecurity tools, incident response services and assessment capabilities that safeguard networks essential to operations. The maturing, strategic partnership between the Electricity Sector Coordinating Council (ESCC), E-ISAC, and CISA has yielded a new operational level of public-private sector cooperation on combatting cyber threats and vulnerabilities. If left unmitigated, these threats and vulnerabilities could impact supervisory control and data acquisition systems as well as industrial control systems in the North American bulk power system. Additionally, CISA’s Cyber Information Sharing and Collaboration Program helps the E-ISAC strengthen its long-standing coordination with sectors that share interdependencies with electricity – including natural gas, water and finance.  

CISA also conducts cyber and physical exercises to enhance the security and resilience of critical infrastructure. NERC’s Grid Security Exercise (GridEx) is an outstanding example of the public-private partnership and an opportunity for utilities to demonstrate how they would respond to and recover from simulated coordinated cyber and physical security threats and incidents, strengthen their crisis communications relationships, and provide input for lessons learned.  GridEx showcases the way the critical infrastructure owners and operators, E-ISAC, the Federal interagency, and our state and local partners all work together to address an incident. The response is a shared responsibility and every organization has a role, unique authorities, resources, and expertise to bring to the table. By proactively testing our plans and processes, and following-up on the lessons learned, we strengthen the country’s critical infrastructure security and resilience.

These combined efforts can help inform risk mitigation activities and the development of new resources within the critical infrastructure community in the long run. They also embody CISA’s vision of defending against today’s threats and working to secure tomorrow.

Brian Harrell's picture

Thank Brian for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.

Discussions

Richard Brooks's picture
Richard Brooks on Apr 30, 2020 8:23 pm GMT

I agree 100% with this statement, Mr. Director: "If left unmitigated, these threats and vulnerabilities could impact supervisory control and data acquisition systems as well as industrial control systems in the North American bulk power system. "

The risks become a "stark reality" when you dig deeper into the software supply chain that's providing software to the bulk electric system; it was a real eye-opener for me. Here are some of the risks I found working on NERC CIP-010-3 software verification control functions: https://energycentral.com/c/iu/understanding-software-supply-chain-risks

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »