The Guardian of Electric Utilities
By Bill Lawrence, NERC Vice President, Chief Security Officer, and Director of the Electricity Information Sharing and Analysis Center
The Electricity Information Sharing and Analysis Center (E-ISAC), run by the North American Electric Reliability Corporation,is using twokey tools to reduce cyber and physical security risk to the enterprise systems of electric utilities. The Cybersecurity Risk Information Sharing Program (CRISP) and the Cyber Automated Information Sharing System (CAISS) are a key part of how the E-ISAC networks utilities that participate voluntarily into global threat awareness envelop.
Through collaboration with and support from the industry’s Electricity Subsector Coordinating Council and the Department of Energy (DOE), the E-ISAC commercialized CRISP in 2014. Today, utilities participating in CRISP serve more than 80 percent of U.S. electricity consumers. The purpose of CRISP is to facilitate the timely sharing of classified and unclassified threat information, enhance situational awareness and better protect critical infrastructure. The E-ISAC manages the program and DOE’s Pacific Northwest National Lab is the technical partner installing network monitoring equipment at utilities and supporting E-ISAC analysis.
CRISP participants benefit from the program through improved cyber security information exchange and collaboration within industry and government. The quantity, quality and timeliness of the information exchange allow operators to better protect and defend themselves against cyber threats. The broader electricity industry benefits from unattributed information and data gathered for CRISP is shared with all users of the secure E-ISAC portal. CRISP is consistent our philosophy that operators know their systems best and are better able to protect it when provided with actionable threat information.
As a complement to CRISP, CAISS facilitates the automated exchange of detailed cyber security information between the networks of participating utilities. The program, which is currently inthe technology pilot phase and is comprised of 10 utilities, enables owners and operators to better protect their networks from sophisticated cyber threats by automatic, machine-speed information sharing. The underlying technology for CAISS is based on the federally developed technologies of Structured Threat Information eXpression and Trusted Automated eXchange of Indicator Information. CAISS exchanges information that can be used to identify potential indicators of compromise, such as suspicious IP addresses and phrases found in phishing emails.
"The quantity, quality and timeliness of the information exchange allow operators to better protect and defend themselves against cyber threats"
CAISS offers a secure, online platform through the E-ISAC portal for E-ISAC members to collaborate within and among their own threat intelligence and cyber security teams. The platform allows users to aggregate, normalize and share cyber threat information from a wide variety of private and public sector sources.
CRISP and CAISS are among several dozen products and services that the E-ISAC has developed for industry. The programs are two ways that the E-ISAC provides unique insights, leadership and collaboration to reduce cyber and physical security risks to the electricity industry across North America.
While securing the enterprise networks of critical infrastructure owners and operators is essential, the E-ISAC and DOE recognize that threat actors are increasingly interested in utilities’ operations networks as evidenced by 2015 and 2016 attacks on the Ukrainian power grid. That is why the E-ISAC and DOE are in discussions to create an operations technology program that, in conjunction with CRISP and CAISS, would provide a comprehensive suite of network tools and strengthen grid security in North America.
The mission of the E-ISAC is toreduce cyber and physical security risk to the electricity industry across North America by providing unique insights, leadership, and collaboration, and to be a world-class, trusted source for the quality analysis and rapid sharing of electricity industry security information. Programs like CRISP and CAISS help assure that goal is reached.