|
|
|
|
|
Homeland Security IssuesUtilities are no strangers to the idea of threats to our nation’s security and the vulnerabilities of our critical infrastructures. However, the often-tragic events of recent years have led UTC members to conduct signficant efforts to identify weaknesses and bolster the security of their key systems, including vital IT and telecom networks. UTC's Homeland Security Steering Committee works with the Public Policy Division to educate policymakers about the nation’s critical infrastructures' reliance on telecom and to help in homeland security efforts aimed at strengthening CI systems. This includes work with several Congressional committees, among several federal agencies and with state utility commissions. Links below should provide additional resources. Please do not hesitate to contact the UTC staff with any CI-related Homeland Security questions or issues you may have. In addition, you may participate in the HSSC BBS.
ICSJWG Calls for Fall Conference PapersJune 22, 2009: The Industrial Control Systems Joint Working Group (ICSJWG) that falls under the Department of Homeland Security’s National Cyber Security Division has put out a call for papers for its Fall Conference. The group asks for papers that discuss cyber security issues and their impact on critical infrastructure control systems. The conference is scheduled for Nov 3-5 in Idaho Falls, Idaho. More information on the conference can be found here - https://secure.inl.gov/icsjwg-conference. Please contact the ICSJWG program office at icsjwg@dhs.gov if you have any questions about the conference or submission process.
NERC Announcements (updated July 30, 2009)
Final Ballot Results Now available at: https://standards.nerc.net/Ballots.aspx Project 2008-14: Violation Severity Levels (VSLs) for Standards CIP-002-1 through CIP-009-1 The recirculation ballot for VSLs for NERC critical infrastructure protection (CIP) standards CIP-002-1 through CIP-009-1 ended July 17, 2009. Project Background Standards CIP-002-1 through CIP-009-1 were originally filed with “Levels of Non-Compliance” instead of “Violation Severity Levels.” The Federal Energy Regulatory Commission (FERC) in Order 706 (Mandatory Reliability Standards for Critical Infrastructure Protection — issued January 18, 2008) approved these Version 1 CIP reliability standards and directed NERC to develop modifications to the reliability standards CIP-002 through CIP-009 to address specific concerns. Included in Order 706 was a directive for NERC to file VSLs for reliability standards CIP-002-1 through CIP-009-1 before compliance audits begin on July 1, 2009. Project page: http://www.nerc.com/filez/standards/Project2008-14_Cyber_Security_VSLDT.html --
Ballot Pool and Pre-ballot Window (with Comment Period) July 20–August 14, 2009
Comments: http://www.nerc.com/filez/standards/Cyber_Security_Order706B_Nuclear_Plant_Implementation_Plan.html Cyber Security — Order 706B Nuclear Plant Implementation Plan A draft implementation plan for Version 1 critical infrastructure protection (CIP) Reliability Standards CIP-002-1 through CIP-009-1 for Nuclear Power Plants has been posted for a simultaneous pre-ballot review and comment period. In order to be responsive to the September 15, 2009 filing deadline and as a reflection of the significant involvement of the nuclear community in the development of this proposal, the NERC Standards Committee approved the team to shorten the comment period and hold the comment period at the same time as the pre-ballot review period, and if necessary, offer changes to the proposal based on the comments received before proceeding to ballot. -- Request for Informal Industry Comment Regarding the Approaches in the concept paper ‘categorizing cyber systems – an approach based on BES reliability functions’ Due Date and Submittal Information:
The informal comment period is open until 8 p.m. EDT on September 4, 2009. Please use this Word form to submit comments. If you experience any difficulties in using the Word form, please contact http://www.nerc.com/filez/standards/Project_2008-06_Cyber_Security.html Chairman Thompson Hosts Summit on Doing Business with the Department of Homeland SecurityRelease March 16, 2009 - On Saturday, March 28, 2009 Rep. Bennie G. Thompson (D-MS), Chairman of the House Committee on Homeland Security, will host a Summit at Tougaloo College in Mississippi entitled Continuing America’s Promise: Doing Business with the Department of Homeland Security. Attendees will learn to navigate the Department of Homeland Security procurement process, meet prime contractors for potential subcontracting opportunities at the Department, and hear how to best position their company for business opportunities.
AMI-SEC Task Force - AMI System Security Requirements
(2009) This document provides the utility industry and vendors with a set of security requirements for Advanced Metering Infrastructure (AMI). These requirements are intended to be used in the procurement process, and represent a superset of requirements gathered from current cross industry accepted security standards and best practice guidance documents. 2009 National Infrastructure Protection Program (NIPP) The National Infrastructure Protection Plan provides the unifying structure for the integration of a wide range of efforts for the enhanced protection and resiliency of the nation's critical infrastructure and key resources (CIKR) into a single national program.
UTC is involved with the Communications Sector Coordinating Council in compliance with NIPP guidelines. In February 2009, DHS announced its 2009 NIPP document that is available here. The 2009 NIPP replaces the 2006 version and reflects changes and updates to program elements and concepts
DHS Control System Security Program CSSP Control Systems Security Program Control System Vulnerability The Infrastructure Protection Division of DHS issued the following alert concerning a particular SCADA product vulnerability which may be of concern to UTC members.
Other Control Systems Security Products
Federal Government Links
Legislation & Congressional Testimony Presidential Documents
Other Useful Links |
