NESCO was founded in 2004 and received DOE grant funding in 2010 to serve as the National Electric Sector Cybersecurity Organization. It aims to improve cybersecurity in the electric sector through identifying best practices, analyzing threats, focusing research, and encouraging information sharing between government and industry. NESCO currently has over 500 members and facilitates sharing through meetings, briefings, online forums and repositories. Its goal is to build trust for information exchange through relationships rather than technology alone.
Driving Behavioral Change for Information Management through Data-Driven Gree...
NESCO Overview: Electric Sector Cybersecurity Organization
1. NESCO: A Closer Look
Patrick C Miller, President and CEO
March 8 2011
Spring 2011 AGA/EEI Security Conference
2. History
• 7/2004: EnergySec founded as E-Sec NW
• 1/2008: SANS Information Sharing Award
• 12/2008: Incorporated as EnergySec
• 10/2009: 501(c)(3) nonprofit determination
• 4/2010: EnergySec applied for National
Electric Sector Cybersecurity Organization
(NESCO) FOA
• 7/2010: NESCO grant award from DOE
• 10/2010: NESCO became operational
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 1
3. What Is The NESCO?
• Mission: Lead a broad-based, public-private
partnership to improve electric sector energy
systems cyber security; become the security voice
of the electric industry
• Goals:
– Identify and disseminate common, effective cyber security
practices
– Analyze, monitor and relay infrastructure threat information
– Focus cybersecurity research and development priorities
– Work with federal agencies to improve electric sector cyber
security
– Encourage key electric sector supplier and vendor support
/ interaction
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 2
4. Now And Beyond
• Today: 544 members from 158
organizations
– 74% of US electric distribution
– 60% of US electric generation
• The asset owners are already sharing
• Challenges
– Increase and improve asset-owner sharing
– Establish two-way sharing from the government
and vendor segments
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 3
5. Infosharing Characteristics
US Government Industry
• Deliberate and • Often more ad hoc and
authoritative much more agile
• Often highly • 100% accuracy isn’t
compartmentalized always required
• Classifies threats and • Difficult to handle
incidents for CI/KR classified information
• Holds only some of the • Can share more freely
relevant information without needing
authorization
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 4
6. Public-Private Perceptions
• Government moves too slowly, over-classifies
and narrowly distributes
• Industry can’t protect the shared information and
doesn’t respond appropriately
• Lack of parity in degree and quality of
information shared in both directions
• Differing goals and motivation between
Government and Industry
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 5
7. Different Approach
• NESCO makes every effort to avoid
duplicating already existing successful
programs
• NESCO is not…
– NERC ES-ISAC, CIPIS
– DHS ICSJWG, ICS-CERT
– FBI InfraGard
– National Lab
– Vendor
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 6
8. How Does This Work?
• Sharing requires trust
• Trust is built on relationships
• NESCO fosters trustworthy
relationships
– Bringing people together
– Flexible technology options to extend
and enhance relationships
– Organic growth; birds of a feather
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 7
9. NESCO Outreach
• NESCO outreach programs
– Annual Summit (October 2011, San Diego)
– Town Hall Meetings (April 27, Austin)
– Voice Of The Industry Meetings (everywhere)
– Interest Groups (Workforce
Development, Forensics, etc)
– Webinars, Briefings
– Portal/Forums
– Email distribution lists
– Social media
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 8
10. NESCO Technology
• Email distribution lists
• Secure portal with forums
• Secure instant messaging
• Rapid notification mechanisms
• Web collaboration
• Resource repository
• Most technologies have non-
attribution (anonymous)
options
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 9
11. Resource Repository
• Code snippets
• IDS/attack signatures
• Audit templates
• Reference architectures
• System configurations
• Policy, process, procedure templates
• Compliance practices
• And more…
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 10
12. Industry Collaboration
• What works, what doesn’t
• Informal benchmarking
• Situational (tactical) awareness
• Threat and vulnerability analysis
• Shared/crowd-sourced resources (repository)
• Mentoring
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 11
13. Case Study: Tactical Aid
• “Over the weekend between 13:00 - 15:00 and
19:00 - 20:00 PST we saw significant port
scanning of our edge, originating from;
60.29.244.11…”
– Great discussion of port scanning threats
– Many follow up posts with yes/no indicators
– Dumps of all activity from source address
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 12
14. Case Study: Night Dragon
• 2.9.11:1400 - McAfee reached out to NESCO with
pre-release draft of Night Dragon white paper
• 2.9.11:1747 - NESCO staff completed
analysis, summarized paper and posted to secure
portal
• 2.10.11:0800 - NESCO & McAfee held joint
technical call with over 60 attendees across NA
– Dmitri Alperovitch, McAfee's VP Threat Research
– Technical talk, answered questions from members
• 2.10.11:1200 - McAfee executive public call
• NESCO utilities were reviewing the report over six
hours prior to public release
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 13
15. Case Study: DOE Request
• DOE was interested in getting informal "boots on
the ground” feedback quickly
– Question: Does an FBI report about a terrorist
targeting various critical assets help strengthen the
case for your organization to further improve physical
or cyber security? Does it help the business case?
• NESCO was able to collect responses without
attribution and submit a response to DOE in a
matter of a few days
• DOE stated that this rapid method for informal
questions and answers is very valuable to them
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 14
16. Case Study: Compliance
• Much initial confusion and uncertainty around
Regional compliance audits…
– What is the auditor disposition?
– What was the depth and breadth of questions?
– What did they cover?
– What failed and what succeeded?
• Conference calls with entities willing to share
• Real stories of audits were shared
• Real documentation was shared
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 15
17. Conclusion
• Unique non-profit, independent, public-private
information sharing organization
• Focused on building trust through relationships
• Security collaboration, facilitation and sharing
hub
• Flexible technology facilitates and catalyzes
information and resource sharing efforts
• Security voice of the electric sector
• Supports existing successful programs
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 16
18. Plug In
http://www.energysec.org/join
Next event is the Town Hall meeting, April 27th, Austin
Topic: Obstacles to Information Sharing
http://www.energysec.org/town-hall-ercot
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 17
19. Questions?
Non-profit. Independent. Trusted.
Patrick C Miller, President and CEO
patrick@energysec.org
503-446-1212
The National Electric Sector Cybersecurity Organization
(NESCO) is a DOE-funded EnergySec Program 18