Adjustments to Tariff to Facilitate Emergency Data Sharing ... RSC Item 08 DHS...Nov 01, 2018 ·...
Transcript of Adjustments to Tariff to Facilitate Emergency Data Sharing ... RSC Item 08 DHS...Nov 01, 2018 ·...
November 1, 2018
Adjustments to Tariff to Facilitate Emergency Data Sharing at a
Time of Cyber Attack and Responsiveness to Reliability
Authorities
1
Objectives for today:
• Discuss federal government and electric industry
developments regarding responses to possible
cyber attack
• Highlight MISO proposed adjustments to Tariff
provisions
• Request feedback/comments on MISO proposed
adjustments by November 21, 2018
2
Industry-Government Data Sharing
Backdrop to Proposed Tariff Changes – What is Section 9?
• Presidential Executive Order 13636, Improving Critical
Infrastructure Cybersecurity, is comprised of 12 sections:
o Section 9 covers: Identification of Critical Infrastructure at Greatest Risk
o MISO has been identified as critical infrastructure entity per Department of
Homeland Security (DHS) and Sector Specific Agencies (SSAs)
• Presidential Executive Order 13800, Strengthening the
Cybersecurity of Federal Networks and Critical Infrastructure,
tasked DHS to:
o Identify authorities and capabilities that agencies could employ to support
cybersecurity efforts of “Section 9” critical infrastructure entities.
o Engage “Section 9” entities and solicit input around capabilities
o Provide a report to President on addressing counterterrorism
4
Executive Order 13636 Section 9: “Identification of Critical Infrastructure at Greatest Risk”
Section 9 Engagement
5
5
► Executive Order 13636, Improving
Critical Infrastructure Cybersecurity
(2013)
► Section 9 directs DHS and SSA’s to develop “a risk-based approach to identify critical infrastructure where a cybersecurity incident could reasonably result in catastrophic
regional or national effects…” (2017)
► Requires DHS and the SSAs to identify authorities and capabilities that agencies can employ to support the cybersecurity efforts of Section 9 entities
► DHS, DOE, and interagency partners focus on delivering and enhancing useful capabilities and resources to these entities in the following areas:
► Supply Chain Working Group
► Incident Response Working Group
Section 9 – Cyber Incident Response Working Group
6
6
6
► The private sector and
government agencies have
complementary roles and
capabilities that can all be
brought to bear on cyber
incidents.
► The team developed a
Information Exchange
Checklist that will be used
during a cyber event.
Industry-Government Information Exchange Checklist
Section 9 – Cyber Incident Response Working Group
7
7
7
Industry-Government Information Exchange Checklist
7
► ISSUE: MISO and CAISO,
Working Group members, must
adjust tariffs to permit information
sharing.
► The RTO chooses when to
engage and disengage
► Only for a MAJOR cyber event
– “exigent* circumstances” –
such as blackout.
*Exigent: Urgent & requiring great effort
Section 9 – Cyber Incident Response Working Group
8
8
8
Industry-Government Information Exchange Checklist
8
Shifting Gears: Incident Response per CIP-008
9
9
9 9
• FERC Order 848 - FERC Requires Expanded Cyber Security
Incident Reporting for CIP-008-5
o FERC order requires the reporting of Cyber Security Incidents that
compromise, or attempt to compromise a responsible entity's Electronic
Security Perimeter (ESP) or associated Electronic Access Control or
Monitoring Systems (EACMs).
o FERC order demonstrates the need to report more cyber security attempts to
compromise reliability functions due to increased cyber threats
• MISO has taken an active role to formulate CIP-008-6 Cyber
Security Incident Reporting Standard
o MISO chairing NERC Standard Drafting Team (Dave Rosenthal)
o CIP-008-6 will require additional information sharing with NERC
9
► CIP-008 demonstrates importance of information sharing during a critical cyber event
Shifting Gears: Incident Response per CIP-008
10
10
10 10 10
• FERC Order 848 - FERC Requires Expanded Cyber Security
Incident Reporting for CIP-008-5 to include:
o Attack Vector (e.g. malware and use of stolen credentials)
o Functional Impact (e.g. situational awareness, dynamic response, ability to perform real-
time assessments, or real-time monitoring)
o Level of Intrusion (e.g. whether the compromise or attempt to compromise occurred on
Applicable Systems outside the Electronic Security Perimeter (ESP), at the ESP, or inside the
ESP)
• The new CIP-008-6 will also drive the required Tariff update
o FERC Order 848 requires information sharing to Industrial Control Systems Cyber
Emergency Response Team (ICS-CERT)
• With the addition of ICS-CERT, the Tariff change supports the new CIP-008-6
proposed standard
• Tariff change will ensure CIP-008-6 information sharing requirements will not
violate our Tariff
10
Data Sharing Implementation
11
11
11 11 11
• MISO hopes to never need to use the additional data
sharing practices
• MISO may request help from DHS and/or other
federal agencies with cyber security responsibilities
• Authorized solely by MISO Corporate Information
Officer (CIO) or Corporate Information Security
Officer (CISO)
• Other MISO utilities are engaged with DHS
• MISO can terminate the agreement with DHS at
anytime
11
MISO Proposed Tariff Adjustments
Tariff Adjustment Proposal – A, B, Cs and D
13
13
13 13 13
• Information sharing with federal agencies – “a”
o Primary location of Tariff adjustment is Sec. 38.9.3, which permits
data sharing with:
• FERC (or its staff)
• Commodity Futures Trading Commission (CFTC) (or its staff), which
will both continue (Sec. 38.9.3.a(i))
o MISO proposes to expand the applicability of the existing provision
to include additional entities:
• Federal agencies with responsibilities for cyber security in response to
cyber exigency (Sec. 38.9.3.a(ii))
• Reliability entities (NERC and Regional Entities, Sec. 38.9.3.a(iii))
– Responsive to the proposed CIP-008-6
– Repositions provision for data sharing from Sec. 38.9.1
13
Relevant Tariff Section – Section 38.9.3 (related 38.9.1)
Tariff Adjustment Proposal – A, B, Cs and D
14
14
14 14 14
• Reconciliation Adjustments – “b” and “c”
o Existing provision for requesting confidential treatment for shared
data by FERC and the CFTC – “b”
• Located in Sec. 38.9.1.b
• Generalized to cover added agencies/organizations
• MISO will use any available support for desired confidentiality (federal
rules, but also other authorities such as NERC rules)
o Existing provision for notification of data owner upon request by
FERC or the CFTC to share information with third parties – “c”
• Placed in Sec. 38.9.1.c
• Generalized to cover added agencies/organizations who share
information with third parties other than an agency/organization of the
U.S. Government
14
Relevant Tariff Section – Section 38.9.3
Tariff Adjustment Proposal – A, B, Cs and D
15
15
15 15 15
• Non-Substantive Adjustments (Clean Up) – “d”
o “Electronic Delivery of Confidential and Non-Public Data to the
Commission” repositioned as Sec. 38.9.3.d (Section 38.9.3(A)
deleted) – “d”
o Add titles and other adjustments to Sections 38.9.1, 38.9.2, and
38.9.3 for unified appearance
o Adjustments for readability purposes
15
Relevant Tariff Section – Section 38.9.1 , .2, .3, and .3(A)
Feedback Requested
Feedback Request
17
17
17 17 17
• Interested in feedback regarding proposed Tariff change
o Feedback requested by November 21
o All feedback requests will be posted to the Stakeholder Feedback
Page, and stakeholder comments should be submitted through the
feedback tool
• Remember in your feedback:
o Information on cyber security attacks will only be shared if there is
a significant cyber event affecting MISO and the reliability of grid
operations
o MISO intends to engage DHS, with the engagement managed by
the MISO CIO or CISO
17
Proposed Timeline
18
18
18 18 18
18
November 21, 2018
• Stakeholders submit comments/feedback on the redlines
December 2018
• Review stakeholder feedback on Tariff revisions at Reliability Subcommittee
January 2019
• Tariff Filing during January 2019