NERC publishes roadmap for integrating cybersecurity into transmission planning activities
The NERC (North American Electric Reliability Corporation) has released a white paper introducing a cyber-informed transmission planning framework, which offers a roadmap for integrating cybersecurity into transmission planning activities to strengthen grid resilience. The roadmap is intended to drive investments in cybersecurity where warranted and can be used by various entities, including the NERC, regional entities, industry stakeholders, regulators, and policymakers to conduct reliability studies. This will help uncover unacceptable risks to the BPS (bulk power system) that should be addressed with appropriate mitigations.
The agency outlined that incorporating cyber-informed transmission planning approaches to mitigate reliability impacts that could result from cyber attacks is a key tenet of NERC’s Security Integration Strategy and one of NERC’s 2023 work plan priorities. By incorporating security where it has traditionally not been considered, the industry will be able to better ensure the effective reduction of risks to the reliability and security of the bulk power system.
NERC announced in December the Security Integration Strategy, which is focused on risk identification and validation, prioritization, and development of possible mitigations. It further outlines ERO priorities to enhance security integration through working collaboratively with electricity sector stakeholders.
“The ERO Enterprise team worked closely together to develop this critical framework,” Mark Lauby, NERC’s senior vice president and chief engineer, said in a media statement. “The framework sets the stage to plan for a more resilient and secure system, addressing the risk in the long-term planning horizon rather than attempting to bolt on security later in the future. It also seeks to reduce the number of critical stations on the bulk power system through integrated transmission and cybersecurity enhancements.”
The white paper introduces the cyber-informed transmission planning framework for including cybersecurity threats, particularly from coordinated attacks, in transmission planning studies that are most commonly conducted by transmission planners (TPs) and planning coordinators (PCs). TPs and PCs are responsible for assessing the long-term reliability of the BPS within their respective planning footprints while coordinating their plans with other TPs and PCs within the larger Interconnection.
The roadmap intends to serve as a foundational cornerstone for the future incorporation of security concepts into transmission planning practices in a more holistic manner. It is intended to lay the groundwork for establishing cybersecurity risk scenarios that should be modeled, studied, and mitigated, where applicable, as part of BPS planning assessments.
The white paper explores resilience measures that complement security controls by studying, identifying, and reducing the number of critical facilities and their attack exposure. The white paper also advocates for enhancing security controls where unacceptable reliability risks are identified. Some of the key focus areas that are vital to the successful integration of security concepts into transmission planning practices and processes and are covered in this white paper, include aligning terminology and definitions across security and engineering disciplines, and mapping cybersecurity threats, vulnerabilities, and impacts to conventional transmission planning contingency definitions.
The white paper also focuses on analyzing the current state of cyber and physical security considerations (both implicit and explicit) in long-term planning studies and recommending enhancements to existing standards. It also works on introducing the cyber-informed transmission planning framework and the thought processes for integrating cybersecurity concepts into transmission planning practices and processes and outlines a high-level roadmap for cybersecurity integration with long-term transmission planning practices, including recommendations for the next steps.
The ERO Enterprise suggests piloting the cyber-informed transmission planning framework in collaboration with industry stakeholders to demonstrate its value while deriving insights for iterative improvement and refinement of the framework. Based on the technical foundation provided by the white paper, recommendations to make changes to NERC standards, particularly TPL-001, are to ensure that a broader set of reliability risks can be appropriately mitigated with transmission network upgrades and/or additional cybersecurity controls. These recommendations will be further informed and refined based on lessons learned from pilot projects conducted using the framework.
The adaptable cyber-informed transmission planning framework in which planning engineers performing long-term planning assessments can engage with cyber security professionals and design engineering teams to study and analyze cybersecurity risks and any possible compromises that could occur and lead to outages of BPS elements. One goal is to establish a clear level of reliability that the BPS is designed for, which is more inclusive of potential cyber security risks that could adversely affect BPS reliability. Beyond this design basis, security professionals and network operators will need to rely predominantly on recovery and restoration rather than prevention.
At a high level, the framework is made up of five steps. The ‘Define Coordinated Attack Scenarios’ defines the scenarios that TPs can use to develop contingencies in their planning studies. In particular, the aggregate risk of multiple affected elements caused by common security control gaps is of primary concern. In the ‘Translate Attack Scenario to Planning Assessments’ step, the TPs can collaboratively work with design engineers and security professionals to determine possible affected BPS elements for each attack scenario considered by using them similarly to conventional planning contingencies.
The third step is the ‘Conduct Planning Studies’ that uses defined contingency definitions (attack scenarios) and contingency lists (affected assets) so that TPs can use planning models, study tools, and conventional planning criteria to analyze the performance of the BPS quantitatively.
In the next step, ‘Identify Corrective Action Plan,’ TPs, design engineers, and cybersecurity professionals can work collaboratively to analyze the outcomes of the planning studies and determine if any mitigations are necessary for identified reliability issues. This could involve implementing additional cybersecurity controls at specific locations or it may involve building additional infrastructure to eliminate the criticality of specific BPS facilities.
The last step focuses on ‘Implement Risk Mitigations’ enabling cybersecurity and design engineering teams to work together to implement necessary security controls to mitigate identified risks. Unacceptable quantified risks to the BPS should be mitigated with ‘defense-in-depth’ strategies that may involve security controls beyond the minimum requirements established in NERC CIP standards. Mitigations can be shared with the planning department to eliminate the credibility (or feasibility) of possible attack scenarios (i.e., contingencies) in future studies.
The white paper also outlined that repeated use of the cyber-informed transmission planning framework should result in iterative improvements to the overall process across multiple departments in the organization, which is the overall intent of ‘security integration.’ Likewise, documenting risk mitigations and lessons learned from the cyber-informed transmission planning framework will be crucial to ensuring success.
The white paper further described how TPs can work collaboratively with engineering design and security teams to determine appropriate corrective action plans where needed. It describes additional opportunities for security integration into existing transmission planning standards, the adequate level of reliability (ALR) definition, and regional coordination activities.
ALR is the state that the design, planning, and operation of the BES (bulk electric system) will achieve when the five defined reliability performance objectives are met. While one of the ALR performance objectives does mention ‘cyber security events’ and ‘malicious acts, the white paper said that the ERO Enterprise believes that the ALR definition should be expanded to further integrate security as a critical component to BPS reliability given the omnipresent and rapidly evolving cyber and physical security threat landscape.
While many cybersecurity-related activities already occur currently in support of ALR despite not being represented in the current definition, a couple of updates to the ALR definition are proposed. Cybersecurity events should not be considered ‘low probability’ given the current and projected future threat landscape. ALR performance objectives should support BES owners and operators to apply economically justified and practical measures to mitigate the adverse reliability impact on the BES from cyber threats.
Secondly, the reduction of the number of critical BPS facilities is a viable strategy to mitigate the overall impact of cyber and physical security threats on the reliability of the BPS. This concept applies to both physical and cyber security threats posed to the BPS.
Thirdly, a new ALR performance objective should be added to ensure that adverse reliability impacts on the BES from physical and cyber security events are managed to an appropriate level through mitigating security controls. The proposed performance outcome of this objective is to manage security vulnerabilities of the people, processes, and technology that support the operation of the BES.
Lastly, the white paper said that a new ALR assessment objective should be added that reflects the security incident response capability to determine the operational readiness of the BES for cyber and physical attack preparation, detection, containment, eradication, and restoration. In the case of region-wide physical and cyber security incidents, there is a need for incident response efforts at both the individual entity level as well as a coordinated multi-organizational level (i.e., through E-ISAC, and county, state, or other regional coordination).
The white paper said that the rationale for ALR assessment objectives should be updated to reflect what security professionals working in support of the BES might need for the resulting assessment data. It added that the update of the ALR definition to more thoroughly encompass cyber and physical security will ensure alignment with NERC Reliability Standards enhancements as well as risk mitigation activities within the NERC technical committees.
The white paper also provides recommendations and the applicable entities to address each recommendation. The goal is to outline steps needed to advance cyber-informed transmission planning as part of the NERC Security Integration Strategy. This includes collaborative efforts across the electricity ecosystem, including the ERO Enterprise, registered entities, and other supporting organizations, such as service providers, hardware and software vendors, and security organizations.
In February, NERC presented its 2022 Annual Report underscoring that the electricity ecosystem is going to have to come to grips with cost-effectively protecting lower-impact assets from physical and cyber threats. The alert comes as cybersecurity remains at the forefront of addressing reliability risks.
Related
