southwest power pool, inc. security working group … q2 meeting minutes and... · mr. glunz’s...
TRANSCRIPT
Antitrust: SPP strictly prohibits use of participation in SPP activities as a forum for engaging in practices or communications that violate the antitrust laws. Please avoid discussion of topics or behavior that would result in anti-competitive behavior, including but not limited to, agreements between or among competitors regarding prices, bid and offer practices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that might unreasonably restrain competition.
Southwest Power Pool, Inc.
SECURITY WORKING GROUP MEETING
June 25, 2019 9:00 a.m. to 3:00 p.m.
Hosted at GRDA - Ecosystems and Education Center
420 HWY OK-28, Langley, OK 74350
• Summary of Action Items •
1. Michael Goad to request registration for Q3 September 19th meeting to begin at 8:00am CST,
moving from 9:00am CST
2. Michael Goad to move SECWG Incident Response Procedures Q2 agenda item to Q3 September
19th meeting due to lack of time
3. Eric Ervin will schedule meeting with MOPC staff regarding Security Working Group value and
reporting structure
1 of 67
Antitrust: SPP strictly prohibits use of participation in SPP activities as a forum for engaging in practices or communications that violate the antitrust laws. Please avoid discussion of topics or behavior that would result in anti-competitive behavior, including but not limited to, agreements between or among competitors regarding prices, bid and offer practices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that might unreasonably restrain competition.
Southwest Power Pool, Inc.
SECURITY WORKING GROUP MEETING
June 25, 2019 9:00 a.m. to 3:00 p.m.
Hosted at GRDA - Ecosystems and Education Center
420 HWY OK-28, Langley, OK 74350
• M I N U T E S •
Agenda Item – Administrative Items
Eric Ervin (Evergy) called the 2019 Q2 SPP Security Working Group (SECWG) meeting to order at 9:02 am CST and welcomed all attendees. Major Chris Carlson (GRDA Police) performed safety briefing and Chief Brian Edwards (GRDA Police) welcomed attendees to GRDA Ecosystems and Education Center and Grand Lake. Mr. Ervin welcomed new SECWG Members Jodi Jensen (WAPA) and Ian Anderson (OGE). There were 40 in-person participants and 28 teleconference participants. (Attachment – Attendance List) Michael Goad (SPP) reviewed the Antitrust Reminder and conducted roll call of SECWG Members and Receipt of Proxies. (Attachment – Proxies) Mr. Goad reviewed the Action Items and current status. There were no updates. Mr. Ervin proposed time change to start meetings 8:00am. The group decided to review future meeting start times during the Future Meeting section of Agenda. Group agreed Q3 September meeting to start at 8:00am CST. Mr. Ervin reviewed the proposed agenda with the group. There were minor changes to include correcting presenter’s name. Ron Bender (NPPD) motioned to approve the agenda and Ian Anderson (OGE) seconded. There were no abstentions or opposition. (Attachment – Agenda) The minutes from the February 26, 2019 Q1 SECWG meeting were approved. Steve Arnold (Indep. P&L) motioned to approve the agenda and Phil Clark (AECC) seconded. There were no abstentions or opposition. (Attachment – Meeting Minutes)
2 of 67
Antitrust: SPP strictly prohibits use of participation in SPP activities as a forum for engaging in practices or communications that violate the antitrust laws. Please avoid discussion of topics or behavior that would result in anti-competitive behavior, including but not limited to, agreements between or among competitors regarding prices, bid and offer practices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that might unreasonably restrain competition.
SPP SECWG Minutes June 25, 2019
Agenda Item 4 – MRO SAC Update John Hochevar (ATC) presented overview of MRO Security Advisory Committee (SAC) to include review of purpose, roster and goals. Mr. Hochevar is the current chair of MRO SAC. Important dates are:
Council meetings: September 26th
Security Conference and Training: September 24th and 25th
Regional Security Risk Assessment: September 26th Questions can be directed to Estee J. Kolles at [email protected] Mr. Hochevar’s presentation can be found in meeting materials. Agenda Item 5 – GridEx V Update Amber Wallace (SPP) updated on GridEx V planning and preparations. Nine SPP Members will participate with SPP along with 300 SPP staff. More information can be found on SPP’s website at https://www.spp.org/gridex/ or email [email protected] Agenda Item 6 – Physical Security – Drone Threat Glenn Moore (DHS) presented on DHS Cybersecurity and Infrastructure Security Agency and the threat of flying drones. Mr. Moore discussed drone uses, technology and capabilities. FAA no-fly zone guidelines can be found here: https://www.faa.gov/uas/recreational_fliers Mr. Moore’s presentation can be found in meeting materials. Agenda Item 7 – GRDA Police & Partnership with FBI Lissa Kennedy (FBI) presented on the evolving threat landscape. Ms. Kennedy reviewed tactics and targets of terrorist. She also discussed domestic and global terrorism. Ms. Kennedy is a GRDA officer assigned to the FBI for the Oklahoma FBI Joint Terrorism Task Force. Chris Harper (GRDA PD) presented on local threats and partnership with FBI. Tyler Cooper (GRDA PD) presented on tactics used by police force for investigation. Any follow up questions can be sent to: Lissa Kennedy: [email protected] Chris Harper: [email protected] or Tyler Cooper: [email protected]
3 of 67
Antitrust: SPP strictly prohibits use of participation in SPP activities as a forum for engaging in practices or communications that violate the antitrust laws. Please avoid discussion of topics or behavior that would result in anti-competitive behavior, including but not limited to, agreements between or among competitors regarding prices, bid and offer practices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that might unreasonably restrain competition.
SPP SECWG Minutes June 25, 2019
Agenda Item 8 – IT/OT Convergence Discussion Pat Glunz, (NPPD) presented on NPPD’s IT/OT convergence process to include challenges and successes of convergence. Mr. Glunz discussed the importance of multiple groups participating in process and getting buy-in of all groups involved. Mr. Glunz’s presentation can be found in meeting materials. Agenda Item 9 – CIPC Update (CIP-008-02 / FERC Order 848 Update) Eric Ervin (Evergy) presented high-level notes on NERC CIPC Meeting held June 4th – 5th in Orlando, FL. John Breckenridge (Evergy) provided an update on Project 2018-02 Modifications of CIP-008. Mr. Breckenridge updated on June 20th approval and highlighted entities need to define attempt to compromise. Mr. Breckenridge is on the 2018-02 SDT. CIPC Agenda can be found in meeting materials. CIPC Meeting Presentations can be found here: https://www.nerc.com/comm/CIPC/Agendas%20Highlights%20and%20Minutes%202013/CIPC_Meeting_Presentations_June_2019.pdf Agenda Item 10 – SECWG Incident Response Procedures Agenda Item moved to Q3 September 19th meeting. Agenda Item 11 – SECWG value/reporting to MOPC Eric Ervin (Evergy) led discussion on SECWG value and reporting to MOPC. The group discussed options such as quarterly reports to MOPC or reporting on current threats in CIP industry. The group agreed no report is needed and value of Working Group is in presentations and networking. Mr. Ervin will schedule meeting with MOPC staff. Agenda Item 12 – Action Items Michael Goad (SPP) reviewed action items captured during meeting.
4 of 67
Antitrust: SPP strictly prohibits use of participation in SPP activities as a forum for engaging in practices or communications that violate the antitrust laws. Please avoid discussion of topics or behavior that would result in anti-competitive behavior, including but not limited to, agreements between or among competitors regarding prices, bid and offer practices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that might unreasonably restrain competition.
SPP SECWG Minutes June 25, 2019
Agenda Item 13 – SECWG Future Meetings Eric Ervin (Evergy) reviewed upcoming SECWG meeting dates and locations.
Q3 September 19, 2019 Dallas, TX hosted by SPP Q4 December 17, 2019 Virtual WebEx
Phil Clark (AECC) motioned to adjourn open session and move to Executive session, Daniel Moore (WFEC) seconded. Eric Ervin (Evergy) adjourned the meeting at 12:28pm. Executive Session Agenda Items – Round Table Discussion A “pens down” roundtable discussion was conducted. This is an opportunity for meeting attendees to bring up any comments, experiences, or other topics for discussion with an expectation that the discussion will not leave the room. Eric Ervin (Evergy) adjourned the Executive Session at 2:48pm. Respectfully submitted, Michael P. Goad, SECWG Staff Secretary
5 of 67
6 of 67
7 of 67
WebEx Call-In Summary
Participants:
Steve Kerrin (Jun 25, 2019 10:40 am - Jun 25, 2019 11:31 am)
Amber Tate (Jun 25, 2019 8:57 am - Jun 25, 2019 11:39 am)
John Allen (Jun 25, 2019 8:57 am - Jun 25, 2019 12:07 pm)
Josh Powers (Jun 25, 2019 10:41 am - Jun 25, 2019 12:08 pm)
Troy Hlavaty(LES) (Jun 25, 2019 9:04 am - Jun 25, 2019 12:31 pm)
Kelly Crist (EDPR_ (Jun 25, 2019 9:56 am - Jun 25, 2019 12:44 pm)
Allen Kent (Jun 25, 2019 9:14 am - Jun 25, 2019 12:34 pm)
Steen Fjalstad (MRO) (Jun 25, 2019 9:16 am - Jun 25, 2019 12:34 pm)
Mike Kraft (BEPC) (Jun 25, 2019 8:55 am - Jun 25, 2019 12:34 pm)
Nita Dickerson (Jun 25, 2019 8:55 am - Jun 25, 2019 12:34 pm)
Gary Burget (Jun 25, 2019 9:21 am - Jun 25, 2019 12:35 pm)
Mike Buyce (SPRM) (Jun 25, 2019 10:00 am - Jun 25, 2019 12:33 pm)
Shonda McCain (Jun 25, 2019 8:54 am - Jun 25, 2019 12:44 pm)
Michael Goad (Jun 25, 2019 8:43 am - Jun 25, 2019 12:44 pm)
Amber Wallace (Jun 25, 2019 8:53 am - Jun 25, 2019 12:44 pm)
Mike Fitzpatrick (Jun 25, 2019 8:55 am - Jun 25, 2019 12:44 pm)
David Heins (Jun 25, 2019 8:55 am - Jun 25, 2019 12:44 pm)
Troy Hlavaty(LES) (Jun 25, 2019 9:02 am - Jun 25, 2019 9:04 am)
Josh Powers (Jun 25, 2019 8:44 am - Jun 25, 2019 9:55 am)
John Hochevar, ATC (Jun 25, 2019 8:51 am - Jun 25, 2019 10:02 am)
Mike Johnson (Jun 25, 2019 9:02 am - Jun 25, 2019 10:30 am)
Steve Kerrin (Jun 25, 2019 9:01 am - Jun 25, 2019 10:34 am)
Janet Wise (Jun 25, 2019 8:57 am - Jun 25, 2019 12:44 pm)
Ted (Jun 25, 2019 8:59 am - Jun 25, 2019 12:44 pm)
Mike Johnson (Jun 25, 2019 11:15 am - Jun 25, 2019 12:44 pm)
Jamie Strickland (Jun 25, 2019 9:02 am - Jun 25, 2019 12:44 pm)
Bret Hammer (Jun 25, 2019 9:13 am - Jun 25, 2019 12:44 pm)
Ron Bender (Jun 25, 2019 9:16 am - Jun 25, 2019 12:44 pm)
John Biasi (Jun 25, 2019 9:28 am - Jun 25, 2019 12:44 pm)
Call-in numbers:
4025525641, 2625068935, 2207, 4025525645, 5805813039, 4178639000, 9188583896, 9187823382,
8168968902
8 of 67
SPP SECWG Members-Proxies Meeting Date June 25, 2019
FIRST LAST MEMBER PROXY ATTENDANCE
Amanda Gray Member Grand River Dam Authority Present
Chad Wasinger Member Sunflower Electric Power Corporation Present
Daniel Moore Member Western Farmers Electric Cooperative Present
David Trojan Member ITC Present
Eric Ervin Chair Evergy Present
Ian Anderson Member Oklahoma Gas and Electric Present
Jodi Jensen Member Western Area Power Admin. Present
Michael Goad Staff Secretary Southwest Power Pool Present
Mike Buyce Member City Utilities of Springfield Present
Mike Fitzpatrick Member Omaha Public Power District Present
Nita Dickerson Member Goff & Herrington PC representing NE Texas Electric Coop. Present
Paul Sprague Member Board of Public Utilities of Kansas City, KS Robert Gray Present
Phil Clark Vice Chair Arkansas Electric Cooperative Corporation Present
Ron Bender Member Nebraska Public Power District Present
Shawn Eck Member Empire District Electric Present
Steve Arnold Member Independence Power & Light Present
Ted Bowen Member AEP/PSO Present
9 of 67
Antitrust: SPP strictly prohibits use of participation in SPP activities as a forum for engaging in practices or communications that violate the antitrust laws. Please avoid discussion of topics or behavior that would result in anti-competitive behavior, including but not limited to, agreements between or among competitors regarding prices, bid and offer practices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that might unreasonably restrain competition.
Southwest Power Pool, Inc.
SECURITY WORKING GROUP MEETING
June 25, 2019 9:00 a.m. to 3:00 p.m.
Hosted at GRDA - Ecosystems and Education Center
420 HWY OK-28, Langley, OK 74350
• A G E N D A •
ADMINISTRATIVE ITEMS
1. Call to Order and Welcome ………………………….……….……………………….. Eric Ervin, Evergy (25 min)
Host Welcome and Safety Update - Amanda Gray, GRDA
Antitrust Reminder & Notice of Observers - Michael Goad, SPP
Receipt of Proxies - Michael Goad, SPP
Review of Past Action Items - Michael Goad, SPP
Future Logistics & Scheduling – Eric Ervin, Evergy
2. Review 2019 Q1 Minute Meetings (Approval Item) …………..…………….. Eric Ervin, Evergy (2 min)
3. Review of Agenda (Approval Item) …………………………..……..………………. Eric Ervin, Evergy (2 min)
AGENDA ITEMS
4. MRO SAC Update …………………….…….……………………….………………… John Hochevar, ATC (20 min)
5. GridEx V Update ………………….…….… John Breckenridge, Evergy & Amber Wallace, SPP (15 min)
6. Physical Security – Drone Threat ……………..…….………..……………..….. Glenn Moore, DHS (30 min)
7. GRDA Police & Partnership with FBI ... Lissa Kennedy, Chris Harper & Tyler Cooper, GRDA (60 min)
8. IT/OT Convergence Discussion ……………...….…..……………………….………. Pat Glunz, NPPD (30 min)
9. NERC CIPC Update ………..……………………..….……………………….……………… Eric Ervin, Evergy (5 min)
10. SECWG Incident Response Procedures …….… Eric Ervin, Evergy & Michael Goad, SPP (10 min)
11. SECWG value/reporting to MOPC …….…………………………..………..…… Eric Ervin, Evergy (15 min)
SUMMARY OF ACTION ITEMS
12. Action Items …………………………..….………………………………….…..……….. Michael Goad, SPP (2 min)
FUTURE MEETINGS
13. Future Meetings and adjournment .................................................... Eric Ervin, Evergy (1 min)
Q3 September 19, 2019 Dallas, TX hosted by SPP
Q4 December 17, 2019 Virtual WebEx
EXECUTIVE SESSION (SPP Staff and SPP Member Companies Only)
14. Additional Topics & Round Table Discussions …………………………………………………................ All
15. Adjournment ................................................................................................ Eric Ervin, Evergy
10 of 67
Antitrust: SPP strictly prohibits use of participation in SPP activities as a forum for engaging in practices or communications that violate the antitrust laws. Please avoid discussion of topics or behavior that would result in anti-competitive behavior, including but not limited to, agreements between or among competitors regarding prices, bid and offer practices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that might unreasonably restrain competition.
Southwest Power Pool, Inc.
SECURITY WORKING GROUP MEETING
February 26, 2019 9:00 a.m. to 3:00 p.m.
Hosted at Evergy
1200 Main Street Kansas City, MO 64105
• Summary of Action Items •
1. No Action Items recorded
11 of 67
Antitrust: SPP strictly prohibits use of participation in SPP activities as a forum for engaging in practices or communications that violate the antitrust laws. Please avoid discussion of topics or behavior that would result in anti-competitive behavior, including but not limited to, agreements between or among competitors regarding prices, bid and offer practices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that might unreasonably restrain competition.
Southwest Power Pool, Inc.
SECURITY WORKING GROUP MEETING
February 26, 2019 9:00 a.m. to 3:00 p.m.
Hosted at Evergy
1200 Main Street Kansas City, MO 64105
• M I N U T E S •
Agenda Item 1 – Administrative Items
Eric Ervin (Evergy) called the 2019 Q1 SPP Security Working Group (SECWG) meeting to order at 9:01 am and welcomed all attendees. John Breckenridge (Evergy) performed safety briefing. There were 53 in-person participants and 27 teleconference participants. (Attachment – Attendance List) Michael Goad (SPP) reviewed the Antitrust Reminder and conducted roll call of SECWG Members and Receipt of Proxies. (Attachment – Proxies) Mr. Ervin welcomed two new SECWG Members, Ted Bowen (AEP/PSO) and David Trojan (ITC). Mr. Ervin reviewed the proposed agenda with the group. There were minor changes to include adjusting agenda item order. Ron Bender (NPPD) motioned to approve the agenda and Chad Wasinger (Sunflower) seconded. There were no abstentions or opposition. (Attachment – Agenda) The minutes from the December 18, 2018 Q4 SECWG meeting were approved. Daniel Moore (WFEC) motioned to approve the agenda and Mike Buyce (City Utilities) seconded. There were no abstentions or opposition. (Attachment – Meeting Minutes) Mr. Goad reviewed the Action Items and current status.
1. Michael Goad (SPP) will send out email to solicit nominations for vacant SECWG Member seat. COMPLETED. 2. Michael Goad (SPP) will send out email communication to SECWG Members regarding moving 2019 Q1 meeting from March 12th to February 26th. Time and location will remain the same. COMPLETED. 3. Michael Goad (SPP) will provide 2019 MRO Security Conference dates as part of Meeting Materials. COMPLETED.
12 of 67
Antitrust: SPP strictly prohibits use of participation in SPP activities as a forum for engaging in practices or communications that violate the antitrust laws. Please avoid discussion of topics or behavior that would result in anti-competitive behavior, including but not limited to, agreements between or among competitors regarding prices, bid and offer practices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that might unreasonably restrain competition.
SPP SECWG Minutes February 26, 2019
Agenda Item 2 – Evergy Cyber Threat Operations Center Melissa Spicer & Paul Schmiege (Evergy) presented on Evergy’s Cyber Threat Operations Center (CTOC). Ms. Spicer gave an overview of the CTOC. Mr. Schmiege presented on the design and implementation of the TOC. He then discussed staffing, procedures and toolsets. Mr. Schmiege recommended SAN MGT517 as a guidance when building out a SOC/TOC to include developing a charter prior to creating responsibilities. No presentation slides provided. Any comments or questions can be emailed to Paul Schmiege, Evergy, at [email protected] Agenda Item 3 – Physical Security Discussion Steve Arnold (IP&L) and John Breckenridge (Evergy) lead group in open discussion on physical security controls. Mr. Breckenridge presented on physical security concepts and strategies to include video of controls protecting as expected. Presentation slides included in Meeting Material. Any follow up questions or further discussions can be emailed to Steve Arnold at [email protected] and/or Brock Kelley at [email protected] Agenda Item 4 – Optiv Threat Briefing David Cardwell (Optiv) presented on Cybersecurity’s Future. Presentation included the reality of today, evolution of threats and initiative to make us successful. Presentation slides included in Meeting Material. Any questions or comments email David Cardwell, Optiv, at [email protected] Agenda Item 5 – SEEDS SPARTAN Program Philip Huff & Dr. Qinghua Li (Univ. of Arkansas System) presenting on the SEEDS SPARTAN Automated Security Vulnerability and Patch Management Tool and partnership with Dept. Of Energy. Mr. Huff gave an overview of the SPARTAN and how it saves time and resources. Dr. Li discussed the technical overview of tool and the machine learning approach taken. Contact either to find out how to get involved. No presentation slides provided. Any questions or comments email Philip Huff at [email protected] and/or Dr. Li at [email protected]
13 of 67
Antitrust: SPP strictly prohibits use of participation in SPP activities as a forum for engaging in practices or communications that violate the antitrust laws. Please avoid discussion of topics or behavior that would result in anti-competitive behavior, including but not limited to, agreements between or among competitors regarding prices, bid and offer practices, availability of service, product design, terms of sale, division of markets, allocation of customers or any other activity that might unreasonably restrain competition.
SPP SECWG Minutes February 26, 2019
Agenda Item 6 – SECWG Future Meetings Eric Ervin (Evergy) reviewed upcoming SECWG meeting dates and locations.
Q2 June 25, 2019 Langley, OK hosted by GRDA Q3 September 19, 2019 Dallas, TX hosted by SPP Q4 December 17, 2019 Virtual WebEx
Agenda Item 7 – CIP-008-02 / FERC Order 848 Update John Breckenridge (Evergy) provided an update on Project 2018-02 Modifications of CIP-008. Mr. Breckenridge updated awaiting FERC approval and then expected timeline of 18 months. Mr. Breckenridge in on the 2018-02 SDT. Further information can be found on NERC website: https://www.nerc.com/pa/Stand/Pages/Project-2018-02-Modifications-to-CIP-008-Cyber-Security-Incident-Reporting.aspx Eric Ervin (Evergy) adjourned the meeting at 12:38pm. Executive Session Agenda Items – Round Table Discussion A “pens down” roundtable discussion was conducted. This is an opportunity for meeting attendees to bring up any comments, experiences, or other topics for discussion with an expectation that the discussion will not leave the room. Eric Ervin (Evergy) adjourned the Executive Session at 2:22pm. Respectfully submitted, Michael P. Goad, SECWG Staff Secretary
14 of 67
MRO Security Advisory Council
(SAC)
2019 Update
John Hochevar, American Transmission Company
MRO SAC Chair
June 25th, 2019
15 of 67
Charter - Purpose
The Midwest Reliability Organization Security Advisory Council (MRO SAC) is an MRO Organizational Group that provides advice and counsel to MRO's Board of Directors, staff, members, and registered entities regarding:
(1) Cybersecurity;
(2) Physical Security; and
(3) SCADA, EMS, substation and generation control systems.
The MRO SAC provides outreach and promotes awareness in these three key security areas.
16 of 67
Organizational Structure
17 of 67
2019 MRO SAC Roster
18 of 67
Goals and Guiding PrinciplesGoals
• Be accountable to the MRO Organizational Group Oversight Committee (OGOC)
• Serve as a topical expert to primary constituents
• Provide outreach to primary constituents
• Increase awareness pf security related resources to primary constituents
Guiding Principles
19 of 67
What have we done so far in 2019?
Webinars
• Introduction to Neighborhood Keeper, February 15, 2019 - Rob Lee, Dragos
• Suspicious Packages and Bomb Threat Considerations, May 30, 2019 - John Breckenridge, MRO SAC
Member
Newsletters
• Suspicious Packages and Bomb Threat Considerations - John Breckenridge
• Security Advisory Council Weekly Threat Call Update - Mike Kraft, MRO SAC member
• Leveraging Relationships Among Electric Utilities and Law Enforcement - Chris Carlson, MRO SAC
Member
• Save the Date for the MRO SAC Security Conference - John Hochevar, MRO SAC Chair
20 of 67
What have we done so far in 2019?Monthly Emails
21 of 67
What have we done so far in 2019?
Weekly Threat Call
• Currently 153 participants covering 53 organizations
• 18% increase in membership since the beginning of the year
Approved two CIPC nominations
• John Breckenridge, Physical Security (Voting)
─ Replaces Paul Crist (Physical voting member – term expiration)
• Paul Crist, Cybersecurity (Alternate)
─ Replaces John Hochevar (Cybersecurity alternate – term expiration)
22 of 67
What’s left for 2019?Webinars
• A Tale of Two Phishing Programs – Seth Bross, OGE Energy Corporation, Tammy Retzlaff and Jamie Arndt, American
Transmission Company, to be hosted on July 11, 2019 from 1:00 p.m. to 2:00 p.m., Registration is open
• Leveraging Relationships Among Electric Utilities and Law Enforcement – Chris Carlson, MRO SAC Member on July
25, 2019 from 10:00 a.m. to 11:00 a.m., Registration is open
• Threat Intelligence and Hunting – Jamie Buening, MISO, August 21, 2019, Registration is NOT open, but Event
Announcement will be sent out when it becomes available
• ICS Cyber Defense – Dean Parsons, SANS Instructor and Joe Petaski, MRO SAC Member, on November 20, 2019
from 1:00 p.m. to 2:00 p.m., Registration is NOT open, but Event Announcement will be sent out when it becomes
available
Newsletters
• Security Perspectives from the Gaming Industry
• (Tentative) Communicating International Energy Industry Incidents as Part of your Security Awareness Program
• (Tentative) Reflection from the Annual Security Conference
23 of 67
What’s left for 2019?
6th annual MRO Security Conference and Training
• Covers Executive, Physical Security, Cybersecurity, and Operational Security topics
• Presentations from representatives of Target, Palo Alto, Dragos, Lofty Perch, MRO, E-
ISAC and SANS (tentative)
• Training by MISO and TBD
3rd Annual MRO Regional Security Risk Assessment
• Input into the SAC’s annual work plan
• Results get added to the MRO Regional Risk Assessment
Roundtables
• Two in the planning stages
24 of 67
2019 CalendarCouncil meetings
• September 26th Prior to Regional Security Risk Assessment – In person
and Virtual
• November 6th - Virtual
Security Conference and Training
• September 24th and 25th – MRO Offices
• In person required for training
• Webex available for conference
Regional Security Risk Assessment
• September 26th – In person only
25 of 67
Opportunities to get involved
Weekly threat call
Mailing list
Security conference
Webinars and Newsletters
Regional Security Risk Assessment
26 of 67
More information
https://www.mro.net/committees/SAC/Pages/default.aspx
Estee Kolles – MRO Security Administrator –[email protected]
Steen Fjalstad – MRO SAC Staff Liaison –[email protected]
John Hochevar – SAC Chair – [email protected] of 67
28 of 67
29 of 67
30 of 67
Small Unmanned Aerial Systems (sUAS)31 of 67
Definitions• Small Unmanned Aerial Systems (sUAS)
• Typically under 55 lbs.
• May be multi-rotor (quadcopter, hexacopter, octacopter)
• May be fixed wing (plane)
• Operated by Hobbyists, Government, and Commercial users
• May be powered by electricity or fuel based engines
• Certificate of Authorization (COA)
• A letter of authorization similar to a license issued by the FAA for government use of sUAS.
• Part 107
• A license endorsement for certified pilots to fly sUAS.
• A license for non-certified pilots to fly sUAS.
• Required for commercial operation of sUAS and some government use too.32 of 67
Definition (cont.)
• Hobbyist• Strictly for personal not for profit flights• Must operate within community based standards• Must have an operator registration (currently $5
registration online)• Must not operate within 5 miles of airport• Must yield right of way to other aircraft• Must not exceed 400 feet above ground level and cannot
fly at night33 of 67
sUAS uses•Missing Persons•Wildfires•Flooding•Critical Infrastructure Security Checks•Structure Fires•Special Events
34 of 67
Other Potential Uses
•Hazardous materials scenes
•Accident scenes
•Damage assessments
•Mapping
•Tactical situations
35 of 67
Certifications
• Most receive a Certificate of Authorization (COA) from the FAA to operate a sUAS program within their jurisdictional boundaries• Restricted to Class B, D, and G airspaces
• Most operations will be conducted in Class G airspace
• Requires waivers to operate at night
• Operations under the COA requires a Pilot in Command (PIC) and a Visual Observer (VO)
• Requires Notice to Airmen (NOTAM) be filed 30 minutes prior to flight unless exigent circumstances exist
• Unable to fly to heights exceeding 400 ft Above Ground Level (AGL) regardless of obstacles
36 of 67
Certifications (cont.)
•FAA Part 107 Commercial Licensed Pilots.•Under Part 107 a sUAS can be operated by a PIC only•Does not require NOTAMs be filed prior to flight•Allows for flights above 400 ft. AGL to avoid obstacles•Requires waiver to operate at night
37 of 67
Authorization required to fly
38 of 67
Technology
The Toy
39 of 67
Technology
The Tool
40 of 67
Technology
The Threat
41 of 67
Aircraft and Capabilities
• sUAS come in all shapes, sizes, and capabilities. • In general most aircraft can be operated by a single operator.
• Quad Copters and Hex Copters are the most common types.
• Most aircraft have approximately 20 minute flight time but could be greater than an hour depending on the aircraft type.
• Most aircraft have some form of photo and/or video transmission capability.
• Some aircraft have payload delivery capability.
42 of 67
Limitations
• Range• Range is limited by technology and regulation.• Flying beyond visual line of sight (VLOS) requires FAA waivers.
• Visibility• Pilots must maintain VLOS which can be difficult due to aircraft design and
environmental conditions.
• Weather• Most sUAS are not rated for all weather environments. High winds or rain/snow can
prevent aircraft operation.
• Durability• Aircraft construction varies in design and materials. Most are not designed to the
same material standards as regular aircraft.
43 of 67
Limitations (cont.)
• Regulation• VLOS, flying over people, altitude regulation, airspace,
night operation, TFRs, etc.
• Operations Locations• Environmental factors such as overhead obstruction,
magnetic fields, Pilot Safety, etc.
44 of 67
Privacy Concerns
• A sUAS shall not be intentionally used for the purpose of viewing, recording or transmitting images and/or video in a criminal investigation or prosecution at any location or upon any property at which a person has a reasonable expectation of privacy unless: • A warrant or court order has been approved for the search of the property;
• A right-of-way has previously been established.
• Consent by the owner or person responsible for the property is obtained; or
• Exigent circumstances exist, to include emergency response, active fire/search and rescue operations, etc.
45 of 67
To fly a drone as a commercial pilot in the state of Oklahoma (i.e. for work / business purposes) you are required to follow the requirements of the FAA’ FAA’s Part 107 Small UAS Rule (Part 107), which includes passing the FAA’s Aeronautical Knowledge Test to obtain a Remote Pilot Certificate.
To fly a drone as a hobbyist in the state of Oklahoma (i.e. for fun / pleasure) you are required to register your drone with the FAA and follow the FAA’s Special Rule for Model Aircraft
To fly a drone as a government employee in the state of Oklahoma (i.e., for a police or fire department) you may either operate under the FAA’s Part 107 rule or obtain a federal Certificate of Authorization (COA)Certificate of Authorization (COA)
46 of 67
According to the Oklahoma Department of Transportation and the Oklahoma Legislature Oklahoma has one state-wide law concerning the use of drones in the state.
HB 2559 // 2016This law prohibits the operation of UAS within 400 feet of any critical infrastructure facility.
According to the Oklahoma Department of Transportation and the Oklahoma Legislature, Oklahoma has one state-wide law concerning the use of drones in the state.HB 2559 // 2016This law prohibits the operation of UAS within 400 feet of any critical infrastructure facility.
47 of 67
Operations and Training
48 of 67
49 of 67
50 of 67
51 of 67
52 of 67
53 of 67
54 of 67
http://webserver1.lsb.state.ok.us/cf_pdf/2015-16%20ENR/hB/HB2599%20ENR.PDF
55 of 67
IT / OT Convergence@
Pat GlunzCIP Operations & Business Continuity Manager
June 25, 2019 SPP Security Working Group56 of 67
A More Integrated NPPD
•Physical Security
•Operations Security
•Information Security
•Nuclear Security
•Telecommunication Security
257 of 67
IT / OT Convergence @ NPPD• Challenges
• Compliance – achieving it and maintaining it• Work Management
• OT utilizes SAP for everything• IT utilizes SAP for some work
• Coordinating work – PMs and upgrades• Best Practices
• IT – reliable is (5 – 9s, 5.26 min/year)• Patch immediately• Outages after hours
• OT – secure was not the 1st priority• No need for anti virus • Patch annually if at all• Was “if it isn't broke, don’t fix it”• Outages based on season load
• Supportability – IT processes don’t support OT availability requirements• Such as:
• Automatic reboots• Patching cycles• Automatic AV pushes
58 of 67
IT / OT Convergence @ NPPD
• Opportunities• Corporate IT
• Cyber Security
• Telecom
• Substation
• Power Plant ICS
• Transmission Control Centers
• Distribution Control Centers
59 of 67
IT / OT Convergence @ NPPD
• Instruments to facilitate CONVERGENCE• Multi disciplinary reviews
• Facility Protection Committee meetings, 28 days (Medium Impact BES Cyber Systems)• Control Center change mgt. meetings, 2x weekly (High Impact BES Cyber Systems)• Change management review of Low Impact EAC rules, adhoc
• New positions created• Corp. Security Operation Analysts• Substation compliance coordinator• Created IR drill coordinator position• Manager of Business Cont. & CIP Operations
• Create new department of Business Cont. & CIP Operations• Expand incidence response• Full participation in GridEx
60 of 67
IT / OT Convergence @ NPPD
• Instruments to facilitate CONVERGENCE (cont.)• C2M2 Evaluations
• Cyber Asset Security Assessment Teams
• Cyber Vulnerability Assessments of OT equipment
• Training• Cyber Security
• Human performance
• Compliance
61 of 67
IT / OT Convergence @ NPPD
• Successes• Idaho National Labs ICS Cybersecurity 301 Class
• Attendees from Corp. Security, Control Center staff, OAs, Power Plant, Substation, & Engineering groups
• Engineers and OAs working together weekly
• We have seen all OT groups display a better questioning attitude towards security and compliance
• Better security
• Better compliance controls
62 of 67
Agenda Critical Infrastructure Protection Committee Meeting June 4, 2019 | 1:00 p.m. – 5:00 p.m. Eastern June 5, 2019 | 8:00 a.m. – 12:00 p.m. Eastern Hyatt Regency Orlando International Airport 9300 Jeff Fuqua Boulevard Orlando, FL 32827
Call to Order
NERC Antitrust Compliance Guidelines, Public Announcement, and Participant Conduct Policy
Introduction and Chair’s Remarks
1. Administrative Items - Tom Hofstetter, NERC Staff, CIPC Secretary
a. Safety Briefing and Emergency Precautions - Hyatt Regency hotel staff
b. Welcoming Remarks - Ken Zambito, VP of Transmission, Orlando Utilities Commission
c. Declaration of CIPC Quorum
d. Parliamentary Procedures - In the absence of specific provisions in the CIPC charter, the committee shall conduct its meetings guided by the most recent edition of Robert’s Rules of Order, Newly Revised.
e. Introductions
f. CIPC Roster
Consent Agenda - Chair Marc Child, Great River Energy
2. Minutes*
a. March 5-6, 2019 Meeting - (Approve) Regular Agenda
3. Remarks and Reports - Chair Child
a. Work Plan*
b. Nominating Committee
4. CIPC Charter update* - (Approve)
5. Agency Updates
64 of 67
Agenda – Critical Infrastructure Protection Committee Meeting – June 4-5, 2019 2
a. Federal Energy Regulatory Commission - Justin Kelly, FERC; Simon Slobodnik, FERC
b. Department of Energy
c. Department of Homeland Security* - Ron Keen, DHS
d. Public Safety Canada
6. NERC Update
a. Compliance - Lonnie Ratliff, NERC Staff
b. Supply Chain* - Howard Gugel, NERC Staff
7. Reliability Issues Steering Committee Update (RISC)* - Chuck Abell, Ameren
a. Survey results
8. E-ISAC Update
a. E-ISAC programs and planning Strategic plan, GridSecCon, and GridEx Updates* - Sam Chanoski, E-ISAC
b. Cyber Security - Philip Daigle, E-ISAC Staff
c. Physical Security* - Kristen Bove, E-ISAC Staff
d. E-ISAC Physical Security Advisory Group (PSAG) - Ross Johnson, PSAG Co-chair
9. National Laboratory Updates
a. Argonne National Laboratory - James Kavicky, ANL
b. Pacific Northwest National Laboratory* - Scott Mix, PNNL
c. Idaho National Laboratory - Andrew Bochman, INL
10. Legislative Update* - Andrea Koch, EEI
11. EPRI Update* - Jim Stewart, EPRI
12. North American Transmission Forum* - Ken Keels, NATF
13. North American Generator Forum - Venona Greaff, Oxy
CIP Low Impact Procedure Sharing*
14. CIP Standards Development Update - Jay Cribb, Southern Company
15. Policy Working Groups - Chair Jeffrey Fuller, AES Corporation
a. Security Metrics Working Group (SMWG) Update - Chair Larry Bugh, ReliabilityFirst
i. SMWG Scope update* - (Approve)
b. Compliance Input Working Group (CIWG) Update* - Chair Paul Crist, Lincoln Electric System
i. CIWG Scope update* - (Approve)
ii. Cloud Implementation Guidance
65 of 67
Agenda – Critical Infrastructure Protection Committee Meeting – June 4-5, 2019 3
(1) Federal Risk and Authorization Management Program (FedRAMP)
(2) Bulk Electric System Cyber System Information (BCSI)
(3) Tabletops
c. TOP Data Exchange Requirements Task Force - Chair Srinivas Kappagantula, PJM
Data Exchange Infrastructure Requirements Task Force (DEIRTF) Update*
16. Operating Security Working Groups - Chair Chuck Abell, Ameren
a. Grid Exercise Working Group (GEWG) Update - Chair Jake Schmitter, E-ISAC Staff; Vice Chair Stuart Brindley, S. J. Brindley Consulting, Inc.
i. GEWG Scope update* - (Approve)
b. Supply Chain Working Group (SCWG) Update* - Chair Tony Eddleman, NPPD
i. SCWG Scope update* - (Approve)
17. Cyber Security Working Groups - Chair Brenda Davis, CPS Energy
a. Control Systems Security Working Group (CSSWG) Update - Chair Carter Manucy, Florida Municipal Power Agency; Vice-chair Tobias Whitney, EPRI
i. CSSWG Scope update* - (Approve)
b. Security Training Working Group (STWG) Update - Chair Amelia Anderson, CenterPoint Energy
i. STWG Scope update* - (Approve)
ii. Security Training Session Agenda* - (Review)
18. Physical Security Working Groups - Chair Ross Johnson, Bridgehead Security Consulting, Inc.
a. Physical Security Working Group (PSWG) Update
i. PSWG Scope update* - (Approve)
b. Physical Security Guidelines Task Force (PSGTF) Update - Chair Darrell Klimitchek, South Texas Electric Cooperative
i. Physical Security Guideline for the Electricity Sector: Extreme Events Security Considerations, High Impact Control Centers* - Vote status/results
c. Other updates - Chair Johnson
Alberta Provincial Physical Security Projects
19. Roundtable - Discussion
20. Schedule of Important Dates
66 of 67
Agenda – Critical Infrastructure Protection Committee Meeting – June 4-5, 2019 4
Dates Time Type Location Hotel
September 17-18, 2019 12:00 p.m. - 5:00 p.m.
8:00 a.m. - Noon CIPC Meeting
Minneapolis, MN
Intercontinental Minneapolis – St. Paul Airport
November 13-14, 2019 N/A GridEx N/A N/A
December 10-11, 2019 12:00 p.m. - 5:00 p.m.
8:00 a.m. - Noon CIPC Meeting Atlanta, GA
Intercontinental Buckhead
December 11-12, 2019 TBD IEEE Workshop Atlanta, GA TBD
21. Closing Remarks and Action Items
22. Adjournment
*Background materials included.
Attendees - TBD
67 of 67