The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
EnergySec and the NESCO overview
1. EnergySec
and the NESCO
Steven Parker
The National Electric Sector Cybersecurity Organization EPRI/NESCOR Weekly Meeting
a DOE-funded EnergySec program
TM
2 December 2010
2. EnergySec Overview
• Started in 2005 as ESEC-NW
• Received SANS Information Sharing award, 2008
• Over 350 members from 104 organizations
• 67% of US electric distribution
• 55% of US electric generation
• Goals:
• Information sharing
• Security analysis and best practices
• Rapid, informal dissemination of relevant information
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
3. We’ve Been Busy
2010
• Dec 2008: Incorporation
• Oct 2009: 501(c)(3) determination
• April 2010: NESCO FOA submission
• July 2010: NESCO Award!
2009
2008
2007
EnergySec membership growth
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
4. National Electric Sector
Cybersecurity Organization
• R. 3183 “...the Secretary shall establish an independent
national energy sector cyber security organization...”
• Department Of Energy issued FOA on March 31, 2010
• Two organizations received awards:
• EnergySec was selected to form the National Electric
Sector CyberSecurity Organization (NESCO)
• The Electric Power Research Institute (EPRI) was
selected as a research and analysis resource to this
organization (NESCOR)
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
5. National Electric Sector
Cybersecurity Organization
• Purpose is to “establish a National Electric Sector Cyber
Security Organization that has the knowledge,
capabilities, and experience to protect the electric grid
and enhance integration of smart grid technologies that
are adequately protected against cyber attacks.”
• “This organization will serve as a focal point to bring
together domestic and international experts, developers,
and users who will assess and test the security of novel
technology, architectures, and applications.”
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
6. National Electric Sector
Cybersecurity Organization
• Mission: Lead a broad-based, public-private partnership
to improve electric sector energy systems cyber
security; become the security voice of the industry
• Vision: An industry owned and operated group that
supports electric sector response efforts to address
cyber events
• Goals:
• Identify and disseminate common, effective cyber
security practices to the sector
• Analyze, monitor and relay infrastructure weakness
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
7. Key Differentiators
• What is the difference between EnergySec and NESCO?
• NESCO is a DOE-funded program under the
EnergySec non-profit umbrella
• What is the difference between NESCO and NESCOR?
• NESCO is the primary role, NESCOR is the resource
• Is EnergySec/NESCO a product or service vendor?
• No; EnergySec is a non-profit 501(c)(3) organization
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
8. Key Differentiators
• Is EnergySec or NESCO a government agency?
• No; EnergySec is a non-profit 501(c)(3) organization
• Is EnergySec/NESCO involved in regulation?
• No; EnergySec/NESCO has no regulatory authority
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
9. Key Differentiators
• What is the difference between EnergySec/NESCO and
the NERC ES-ISAC?
• EnergySec/NESCO: Non-regulatory; participation and
reporting are not required (voluntary); industry
funded; supports ISAC
• NERC ES-ISAC: Regulatory, participation and reporting
is mandatory; statutorily funded
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
10. Key Differentiators
• What is the difference between EnergySec/NESCO and
the DHS ICS-CERT?
• EnergySec/NESCO: Energy sector focus; discretionary
classification of information; near real-time; informal
• DHS ICS-CERT: Control systems focus (all sectors);
extended duration before information is classified and
released; formal
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
11. Conflicting Goals
• US Government • Industry
• Reliability, survivability • Reliability and
and resiliency availability
• National and economic • Compliance
security • Cost savings
• Public order;
confidence
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
12. Information Sharing
Characteristics
• US Government • Industry
• Deliberate and • Often more ad hoc and
authoritative much more agile
• Often highly • 100% accuracy isn’t
compartmentalized and always required
classified • Difficult to handle
• Over-classifies threats classified information
and incidents for CI/KR • Can share more freely
• Holds only some of the without needing
relevant information authorization
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
13. Public-Private Environment
Perceptions
• Government cannot provide information to the private
sector fast enough or broadly enough to be useful
because of concerns about information sensitivity and
control
• Industry cannot protect the information that is shared,
except under contracts or special legal situations (e.g.
Defense Industrial Base)
• Lack of parity in degree/quality of information shared
• Differing goals and motivation between Government and
Industry
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
14. Collaborative Focus Areas
• Industry-specific Problems
• Smart Grid
• Situational Awareness, Data Analysis
• Threats and Vulnerabilities
• Security Solutions R&D
• Incident Response, Forensics
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
15. Building Relationships
• Building relationships is our purpose
• Annual Summit
• Semi-annual town hall meetings
• Regional meetings
• Collaborative projects
• Workgroups
• Webinars
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
16. Programs
• Solutions development
• Working groups
• Forensics
• Data analysis
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
17. Technology
• Portal
• WebEx
• Instant messaging
• Email; listserv
• Code repository
• Rapid notification system
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
18. portal.energysec.org
• In use since 2008
• Secure communications portal
• ICSJWG
• HYDRA
• Critical Intelligence
• Version 3 with new functionality in 2011
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
20. share.energysec.org
• Currently in concept stage
• Source code repository
• System configurations
• Reference architectures
• Attack signatures
• Whatever else the community dreams up
• Beta in 1h11; go live 2h11
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
21. Rapid Notification System
• Concept stage: Technology to be determined
• Targeted at security operations staff
• The goal is rapid dissemination of alerts
• Multiple notification vehicles:
• SMS
• Phone
• Email
• XMPP (Instant Messaging)
• Other
The National Electric Sector Cybersecurity Organization
a DOE-funded EnergySec program
TM
22. Putting The Pieces Together
• Government
• Asset Owners
• Vendors and Suppliers
• Academia
• Researchers
• Security Groups
Steve Parker
Vice President, EnergySec
The National Electric Sector Cybersecurity Organization steve@energysec.org
a DOE-funded EnergySec program
TM
503.446.1214
Hinweis der Redaktion
\n
\n
Place holder for bibliographic information\n\n
\n
We’re flattered to be the group that DOE has chosen to lead cybersecurity efforts for the electric industry.\n
\n
\n
\n
\n
\n
\n
\n
\n
So if we are going to work together, what are some of the key areas we can collaborate in?\n\n
Highlights of how EnergySec build relationships\n\n
Coordinate “end user” testing opportunities for projects and research requiring broad industry adoption for success\n Create working groups to evaluate incidents and best practices.\n Establish trusted partner relationships with organizations who lead the forensics space.\n Design and implement effective data analysis program.\n
close: I want to touch on a couple of innovative collaboration methods we’ve developed for the industry.\n
\n
\n
Platform for community projects\nCurrently in concept stage.\n\n
This is intended to provide near real-time notifications for cyber security events.\n\n
We’re announcing a formal sponsorship program this week.\nIncludes academia\n