Resiliency in the Electricity Subsector: Information Sharing and Exercises against Black Sky Events
Information Sharing and Analysis Centers (ISACs) date back to the late 1990s and were conceived to bridge a gap in sharing data between industry organizations and the government. Dozens of ISACs work with the 16 critical infrastructure sectors in the US to help with cyber and physical security threats and risk. The Electricity ISAC (E-ISAC) focuses on security threats, gathering and analyzing information that can help provide early warning against impacts to operations, as well as receive help in coordinating response and recovery efforts after events impact one or more sectors. In 2010, the US Department of Energy (DOE) and the North American Electric Reliability Corporation (NERC) released a joint report entitled, “High Impact, Low-Frequency Event Risk to the North American Bulk Power System," While the report dates back several years, its points and recommendations are still salient. The large-scale “black sky” events considered in that report include potential impacts from a coordinated cyber and physical attack against the electrical grid. NERC and the E-ISAC developed a grid security exercise series (GridEx), which has grown since 2011 to expand to hundreds of public and private organizations with thousands of participants across North America. The biennial exercise provides an opportunity for utilities to demonstrate how they would respond to and recover from simulated coordinated cyber and physical attacks, and provide input for lessons learned. This talk will highlight the E-ISAC’s role in improving cyber-security of the power grid, specifically through data sharing and cyber-exercises, and how a utility can use shared information and the results of exercises to improve the security of their operations.
Bill Lawrence is the Director of Programs and Engagement at the North American Electric Reliability Corporation (NERC) in the Electricity Information Sharing and Analysis Center (E-ISAC.) He leads the Grid Security Conference and GridEx programs as well as several internal department programs. Prior to joining NERC, he flew F-14 Tomcats and F/A-18F Super Hornets for the Navy, and most recently was the Deputy Director, Character Development & Training Division, at the United States Naval Academy, where he also taught courses in Ethics and Cyber Security. Bill has a Bachelor’s degree in Computer Science from the US Naval Academy, a Master in International Relations from Auburn Montgomery, and a Master of Military Operational Art and Science from the Air Command and Staff College. He holds a Project Management Professional certification.
This seminar series is presented by the Cyber Resilient Energy Delivery Consortium (CREDC), a multi-university research effort. CREDC, a successor to the earlier TCIPG Project, was founded in 2016 with support from the U.S. Department of Energy and the U.S. Department of Homeland Security. It is housed in the Information Trust Institute, University of Illinois at Urbana-Champaign.