This guide was created to help you discover more information about the E-ISAC. Read this document to learn more about the E-ISAC:
- Leadership and Staff
- Products, Programs, Tools and Services
- Types of information to share with the E-ISAC in both physical and cyber areas.
- How to share with the E-ISAC
This document was last updated on 01/19/17. We encourage you to use the feedback form to provide us with your comments and concerns. Questions regarding this document or the E-ISAC can be answered by emailing email@example.com
This engaging guide provides you with details on how to engage with the E-ISAC including:
- Who the E-ISAC is
- How we operate
- What to Share with the E-ISAC
- Benefits to Sharing
Questions regarding this document should be directed to our firstname.lastname@example.org email.
The North American Electric Reliability Corporation had its quarterly Board of Trustees meeting on May 11. One issue the meeting focused on was NERC’s long-term strategic efforts with the Electricity Information Sharing and Analysis Center (E-ISAC). John McAvoy, chair of the Electricity Subsector Coordinating Council’s Member Executive Committee, addressed the Board in support of the E-ISAC Long-Term Strategic Plan, saying security is an integral part of industry operations and we live in a dynamic threat environment. In order to continue evolving, we must improve cross-sector collaboration and information sharing. The long-term plan will help the E-ISAC reach its goals, he added. Some of the plan’s action items include:
- Replacing the current web portal with a new “platform” that will enable automatic information sharing, the creation of private discussion groups, data visualization, among other features;
- Increasing the E-ISAC’s capability to collect security intelligence;
- Hiring specialized analysts;
- Acquiring additional data storage, management, and sharing technologies; and
- Increasing the E-ISAC’s access to classified networks and facilities.
The plan, which was developed working closely with NERC leadership and the Member Executive Committee, builds on the ESCC’s 2015 recommendations and discusses improvements needed in 2017 to address current threats, a look at the mid-term range of 2018-2022 to address emerging threats, and what the E-ISAC might look like beyond 2023 if the forecasted issues continue to develop. The NERC Board of Trustees accepted the plan at the May 11 quarterly meeting.
The April 2013 sniper attack on Pacific Gas and Electric’s Metcalf substation has been described as a “wake-up call” or an alarm for the electric utility industry to apply closer scrutiny to the vulnerability of key infrastructure to various kinds of attack – whether physical, as in the Metcalf shooting, or in the form of cyber-attacks that might impair physical operations.
The white paper goes into detailed discussion of three major topics. The first is about identifying a process for the prioritization of strategic electrical facilities and determining appropriate security measures or approaches to ensuring resiliency of the system. The second discusses establishing practices for the exchange of highly-confidential or “sensitive” information between utilities and the Commission. The last topic goes into confirming whether existing incident reporting requirements are adequate. These three subject areas are examined with an eye toward ensuring appropriate regulatory oversight of jurisdictional utility operational performance, and providing a mechanism for entities not subject to CPUC ratemaking authority to identify their own most appropriate measures.
NERC conducted its fourth biennial (once every two years) grid security and emergency response exercise, GridEx IV, from November 15–16, 2017. With 6,500 individuals and 450 organizations participating across industry, law enforcement, and government agencies, GridEx IV consisted of a two-day distributed play exercise and a separate executive tabletop on the second day. The exercise provided an opportunity for various stakeholders in the electricity sector to respond to simulated cyber and physical attacks that affect the reliable operation of the grid, fulfilling NERC’s mission to assure the effective and efficient reduction of risks to the reliability and security of the BPS. Led by NERC’s E-ISAC, GridEx IV was the largest geographically distributed grid security exercise to date. Electric utilities continue to use the planning materials for separate exercises with NERC, government, and consultant support.