Cyber Attack Task Force - Final Report - NERC
Cyber Attack Task Force - Final Report - NERC
Cyber Attack Task Force - Final Report - NERC
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Responses to <strong>Attack</strong><br />
without affecting operational reliability. This will essentially allow system operators to “fly with<br />
fewer controls.” 27<br />
Identification of those core systems and functions that are essential to maintaining operational<br />
reliability would include:<br />
• EMS (energy management system) – a control system with a suite of applications that<br />
provides decision support capability to monitoring and controlling the transmission system.<br />
o “Model” the heart of the EMS which replicates the portion of the grid the entity is<br />
responsible for operating,<br />
o State Estimation (SE) the way in which the model/EMS can estimate points not<br />
physically monitored (i.e. calculate the readings in the middle of a line with data from<br />
the readings on both ends of the line) and,<br />
o Security Analysis (SA) the more advanced applications of the EMS that conduct the<br />
“What If” contingency analysis so that operators can always position the system in a<br />
conservative/reliable state.<br />
• GMS (generation management system) – the suite of applications that enable an entity to<br />
keep generation and other resources in balance with load.<br />
• Ability to maintain communications control centers and field equipment (i.e. RTUs) to<br />
provide input to EMS/GMS.<br />
• Core skilled workforce availability.<br />
Isolation and Survivability<br />
Survivability involves focusing on protecting those systems and functions that are essential to<br />
maintaining reliable operations. Reliable operations will degrade, over time, resulting in the<br />
gradual reduction in services and functions until essential operations are no longer possible.<br />
The key is trying to maintain reliable operations in a reduced state for as long as possible. This<br />
resilience characteristic is known as graceful degradation of service.<br />
A number of survivability and isolation tactics are outlined in Appendix G.<br />
There are difficulties associated with isolation. Monitoring and situational awareness suffers as<br />
automated processes designed to inform operational staff are systemically severed. This<br />
includes both internal monitoring as well as connectivity with neighboring utilities. Bulk Power<br />
System control centers can pose risks to other BPS control systems via essential communication<br />
links. Internal data corruption, man in the middle scenarios, malicious code injections are all<br />
possible scenarios that must be considered when evaluating the operational impact that one<br />
control system may have on other externally connected control systems. Physically deploying<br />
27 High-Impact Low-Frequency Event Risk to the North American Bulk Power System page 37<br />
28 <strong>Cyber</strong> <strong>Attack</strong> <strong>Task</strong> <strong>Force</strong> <strong>Report</strong>