Cyber Attack Task Force - Final Report - NERC

More documents

Recommendations

Info

Executive Summary Key Recommendations The CATF has considered what aspects of cybersecurity would be particularly challenged through a coordinated cyber attack and considered options to protect the assets, systems, and networks that are critical to the reliable operation of the bulk power system. The following summarizes the key recommendations of this report that are described in the body of the report in further detail. While some of the recommendations identify areas that require further study coordinated through NERC’s Technical Committees, others recommend that entities take certain actions to enhance their ability to prevent, deter, detect, and respond to a coordinated cyber attack. 1. Continue Work on Attack Trees – A separate working group under NERC’s Critical Infrastructure Protection Committee (CIPC) should be established to further develop attack trees with the goal of populating the nodes, performing detailed analysis, and providing recommendations to industry from this analysis. 2. Continue to Develop Security and Operations Staff Skills to Address Increasingly Sophisticated Cyber Threats – Entities should develop strategies to attract cybersecurity talent and further develop the knowledge, skills, and abilities of existing staff to address increasingly sophisticated cyber threats and technology challenges that accompany grid modernization efforts. 3. Augment Operator Training with Cyber Attack Scenarios – Several cyber attack scenario templates are included in Appendix C of this report. Entities should consider enhancing training to incorporate cyber attacks that raise operator awareness for a coordinated cyber attack. 4. Conservative Operations – The Severe Impact Resilience: Considerations and Recommendations report prepared by the Severe Impact Resilience Task Force offers a number of recommendations regarding conservative operations. Entities should review this report and consider the practices that would apply to a coordinated cyber attack scenario. 5. Conduct Transmission Planning Exercise – Working with Department of Energy’s national labs and a pilot group of electricity utilities, a transmission planning exercise should be coordinated by NERC to simulate a coordinated cyber attack that creates a cascading event and blackout. The event should attempt to 4 Cyber Attack Task Force Report
Executive Summary identify the point at which current transmission planning criteria is exceeded and allow for dynamic resilience and mitigation exercise. 6. Continue to Endorse Existing NERC Initiatives That Help Entities Prepare for and Respond to a Cyber Attack – Entities should consider greater participation and support of NERC’s initiatives that can help the industry with cyber attack identification, defense, and response. Three examples are: • Cyber Readiness Preparedness Assessments (CRPA) • NERC Grid Security Exercise • ES-ISAC portal and collaboration 7. Increase Awareness for Department of Energy Initiatives – The Energy Sector Control Systems Working Group recently released the Roadmap to Achieve Energy Delivery System Cybersecurity. NERC’s Critical Infrastructure Protection Committee should review these initiatives and support further development and implementation of these initiatives to help ensure protection of critical systems supporting bulk power system. 8. Continue to Extend Public / Private Partnership – Entities should review their cyber incident response plans to ensure an appropriate mix of operational, security, technical, and managerial staff are aware of how they need to evaluate, respond, and make timely decisions to slow or stop a coordinated cyber attack. This could include participating in ES-ISAC and government sponsored programs to share security-sensitive or classified information regarding cyber threats and vulnerabilities. In the event standard information sharing protocols are unavailable (e.g. between utilities, ES-ISAC, etc), alternative methods need to be defined. Cyber Attack Task Force Report 5
Page 1 and 2: Cyber Attack Task Force Final Repor
Page 3 and 4: Table of Contents Table of Contents
Page 5: Denial of Service - EMS application
Page 8 and 9: Executive Summary Defining a Coordi
Page 13 and 14: Executive Summary Introduction A hi
Page 15 and 16: Adversaries, Motivations, and Capab
Page 17 and 18: Adversaries, Motivations, and Capab
Page 19 and 20: Low Level Threat Criminals, Hackers
Page 21 and 22: Cyber Threat Group Foreign State Na
Page 23 and 24: What a Coordinated Attack Looks Lik
Page 25 and 26: Expanding each of the two events: S
Page 27 and 28: Detection Capabilities Global Monit
Page 29 and 30: Detection Capabilities Appendix F c
Page 31 and 32: Defensive Capabilities / Deterrence
Page 33 and 34: For example: Defensive Capabilities
Page 39 and 40: Responses to Attack Responses to At
Page 41 and 42: Responses to Attack staff to locati
Page 43: Responses to Attack Entities that u
Page 46 and 47: Recommendations • Continue to dev
Page 48 and 49: Recommendations node attack. At a m
Page 50 and 51: Outreach Outreach Outreach is an im
Page 52 and 53: References References Name Link DOE
Page 54 and 55: References NERC CATF Roster - Contr
Page 56 and 57: Appendix A: Introduction to Attack
Page 58 and 59: Appendix B: Resources Appendix B: R
Page 60 and 61:
Appendix C: Cyber Event Scenarios f
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Appendix D: Acronyms Appendix D: Ac
Page 69 and 70:
Appendix E: Potential Responses to
Page 71 and 72:
Appendix E: Potential Responses to
Page 73 and 74:
Appendix F: Precursors and Local In
Page 75:
Appendix G: Isolation and Survivabi
Page 78 and 79:
Appendix H: Defensive Capabilities
Page 80 and 81:
Appendix I: CRPA Observations and R
Page 82 and 83:
Appendix I: CRPA Observations and R
Page 84 and 85:
Appendix J: Case Studies to underst
Page 86 and 87:
Appendix J: Case Studies Lateral Mo
Page 88:
Appendix K: Task Force Goals and Ob
show all

Cyber Attack Task Force - Final Report - NERC

Create successful ePaper yourself

Delete template?

Save as template?