It Takes a Village: Why Community Based Compliance Works
-
Upload
energysec -
Category
Technology
-
view
393 -
download
0
description
Transcript of It Takes a Village: Why Community Based Compliance Works
It Takes a Village: Why Community Based Compliance Works - Josh Sandler EnergySec Security Summit – Denver, CO 9/18/13
Agenda
§ Who am I? § NERC CIP Violation Statistics § Is there help? § What can we do? § What else needs to be done? § Questions
2
Who Am I?
§ 10 years of experience in the utility industry with Duke Energy § Electrical Engineer § Controls Engineer § Generation CIP Program Lead § Internal CIP Consultant and Subject Matter Expert
§ North American Generator Forum § Steering Committee § Advisory Committee § Security Practices Working Group Lead
§ Regular participant in many community-based compliance groups
3
NERC CIP Violation Statistics
4
Source: http://www.nerc.com/pa/comp/Compliance%20Violation%20Statistics%20DL/Key%20Compliance%20Trend%20for%20May%20BOTCC-%20FINAL.pdf
NERC CIP Violation Statistics
5
Source: http://www.nerc.com/pa/comp/Compliance%20Violation%20Statistics%20DL/Key%20Compliance%20Trend%20for%20May%20BOTCC-%20FINAL.pdf
NERC CIP Violation Statistics
6
Source: http://www.nerc.com/pa/comp/Compliance%20Violation%20Statistics%20DL/Key%20Compliance%20Trend%20for%20May%20BOTCC-%20FINAL.pdf
NERC CIP Violation Statistics
7
Source: http://www.nerc.com/pa/comp/Compliance%20Violation%20Statistics%20DL/Dec%20Key%20Compliance%20Trends.pdf
IS THERE HELP?!?
8
Is there help?
YES 9
Is there help?
§ Regional Groups (not inclusive) § WECC
§ Critical Infrastructure & Information Management Subcommittee (CIIMS) § Compliance Users Group (CUG) § Critical Infrastructure Protection Users Group (CIPUG) § Western Interconnection Compliance Forum (WICF)
§ SPP § Critical Infrastructure Protection Working Group (CIPWG)
§ RFC § Critical Infrastructure Protection Committee (CIPC) § Compliance Users Group (CUG)
§ SERC § Critical Infrastructure Protection Committee (CIPC)
§ NPCC § Task Force on Infrastructure Security and Technology (TFIST)
§ FRCC § Critical Infrastructure Protection Subcommittee (CIPS)
§ MISO § Critical Infrastructure Protection Users Group (CIPUG)
10
Is there help?
§ National Groups (not inclusive) § NERC CIPC § North American Transmission Forum (NATF)
§ Security Practices Group § Compliance Group
§ North American Generator Forum (NAGF) § Standards Review Team (SRT) § Security Practices Working Group
§ UNITE CIP § UTC Cybersecurity § Trade Organization’s Security Groups (EEI, EPSA, APPA, etc)
11
What can we do?
12
What can we do?
§ PARTICIPATE! § Not about finding a way to participate in all communities, but finding the best fit for you.
§ SHARE! § One thing all these communities have in common is that they thrive off of information sharing.
§ LEARN! § Take away lessons-learned, best practice techniques and deliver to others within your organization.
§ ACT! § Use the influence of the communities to drive change.
13
What else needs to be done?
14
§ Join a community § Form a new community § FERC and NERC are reaching out to the larger communities…shouldn’t you be too? § Use communities to drive positive change
§ Be a voice in the writing of NERC CIP Version 6, Version 7, Version 8, etc… § Assist in the shift from compliance-based security to security-based compliance.
§ You tell me…
15
What else needs to be done?
Questions?
Josh Sandler NERC CIP Standards SME – Duke Energy
Office: 704-382-4504 E-mail: [email protected]
16
17