Electricity Sector Information Sharing and Analysis Center (ES-ISAC)

The Electricity Sector Information Sharing and Analysis Center  (ES-ISAC) shares critical information with industry participants regarding infrastructure protection. Each critical infrastructure industry has established an ISAC to communicate with its members, its government partners, and other ISACs about threat indications, vulnerabilities, and protective strategies. ISACs work together to better understand cross-industry dependencies and to account for them in emergency response planning.

The Electricity Sector Information Sharing and Analysis Center serves the electricity sector by facilitating communications between electricity sector participants, federal governments, and other critical infrastructures. It is the job of the ES-ISAC to promptly disseminate threat indications, analyses, and warnings, together with interpretations, to assist electricity sector participants take protective actions.

 ES-ISAC engages in the following activities: 

• Receives incident data from private and public entities.
• Assists DOE, FERC, and DHS in analyzing event data to determine threat vulnerabilities and trends, as well as interdependencies with other critical infrastructures.
• Facilitates analysis of incident data and prepares information.
• Disseminates threat alerts, warnings, advisories, notices, and vulnerability assessments.
• Maintains a close operating liaison with other private and public government infrastructure information sharing and analysis centers.
• Develops and maintains an awareness of private and government infrastructure interdependencies.
• Maintains a secure Internet site to facilitate messaging among participants.
• Participates in government infrastructure exercises.
• Conducts outreach.

Public Announcements   Title    Body Your Input Needed !  Cybersecurity Procurement Language Update for Energy Delivery Systems The Energy Sector Control Systems Working Group and the Pacific Northwest National Laboratory are leading an effort to promote cybersecurity by design through procurement language tailored to the specific needs of the energy sector. With support from the U.S. Department of Energy’s Office of Electricity Delivery & Energy Reliability and in coordination with the U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team, this effort will build on existing procurement guidance to help stakeholders clearly communicate expectations and requirements.   Energy sector stakeholders will be engaged throughout this effort in order to ensure that all perspectives are included in the procurement language. We are reaching out to you in order to collect some initial information that will be used to guide this effort.   Would you be willing to take a few minutes and respond to the following questions, either via email or a follow-up phone call? We ask that all responses be submitted no later than Wednesday, June 19th. Reponses or questions can be sent to ieRoadmapNews@energetics.com.   ·         Are you aware of cybersecurity-focused procurement language guidance for energy delivery systems?  For example: Department of Homeland Security Cyber Security Procurement Language for Control Systems (2009) EPRI’s Cyber Security Procurement Methodology (2012) or EPRI’s Cyber Security Procurement Methodology for Power Delivery Systems (2012). Werkgroep Instrument Beoorderling (WIB):  Process Control Domain Security Requirements for Vendors (2010).  SA/IEC-62443-2-4 : Security for Industrial Automation and Control Systems: Certification of IACS Supplier Policies ·         Have you used any of these or other cybersecurity guidance products in developing procurement language or responding to procurement requests? Which guidance product(s) or standard(s) have you used?  Why? For which types of technology solutions was this guidance applicable?  Which guidance products have you refrained from using?  Why? ·         What are the most useful elements of the guidance documents you have used and how could they be improved? What portions of the guidance do you find most applicable?   How do you use these? What would you like to see added or changed in the guidance? What were your challenges implementing the guidance? ·         If you have used multiple guidance documents, have you identified any significant differences or contradictions among them? What are some key examples?   ·         Are you willing to discuss your procurement experience with our project team?  If so, please let us know when it would be convenient to call you.      ·         Are you interested in being a reviewer of the energy sector cybersecurity procurement language guidance document?   Please do not hesitate to contact us if you have any questions. We appreciate the time you are taking to review this email, and help us through this process.     Ed Goff, CISSP Enterprise Architect - IT&T Security Duke Energy   2013 CRPA Risk Preparedness Assessments (CRPA) Program Expansion The CRPA delivers an expertise facilitated, technically informed incident response exercise- assessing your organization’s capabilities to: ·         Detect cyber attacks; ·         Prevent cyber attacks; ·         Respond to cyber attacks; ·         Manage electronic systems and electric power assets to minimize potential damage; ·         Communicate and coordinate effectively with internal and external stakeholders.   BPS Asset Owners and Operators are invited to learn more about CRPA and reserve an exercise timeframe- availability is limited.              2013 Cyber Risk Preparedness Assessment Openings*    7/17-19     RESERVED- MCA Pending  8/07-8/9    OPEN  8/14-8/16  OPEN  8/21-8/23  OPEN  8/28-8/30  OPEN  9/04-9/6    OPEN  9/11-9/13  OPEN  9/18-9/20  OPEN   9/25-9/27  OPEN      Oct 2013    RESERVED(1)- Scheduling >>>     Learn more HERE. * - Note: An upfront runway of at least four (4) weeks after signing the  Mutual Confidentiality Agreement (MCA) is required to help ensure quality exercise scenario development and preparation, especially for larger engagements.                   Last updated:  June 11, 2013

ES-ISAC Public Calendar   < June, 2013 >  Sun   Mon   Tue   Wed   Thu   Fri   Sat   26   27   28   29   30   31   1   2   3   4    ES-ISAC Monthly Briefing Conference Call  5   6   7   8   9   10   11   12   13   14   15   16   17   18   19   20   21   22   23   24   25   26   27   28   29   30   1   2    ES-ISAC Monthly Briefing Conference Call  3   4   5   6