Public Power Daily Logo

NERC plans major new initiative on cybersecurity information sharing

From the August 29, 2014 issue of Public Power Daily

Originally published August 29, 2014

By Robert Varela
Editorial Director
The North American Electric Reliability Corp.’s 2015 budget proposal includes a major new cybersecurity initiative, the Cybersecurity Risk Information Sharing Program (CRISP). NERC is proposing an overall 2015 budget of $66.65 million, an increase of $10.26 million (18.2 percent) over the 2014 budget. CRISP will cost about $8.94 million, but other participants in the program will pay the vast majority of NERC’s 2015 costs for CRISP. 

CRISP is a public-private partnership whose purpose is to facilitate timely information sharing of cyber threat information and to develop situation awareness tools that enhance the electricity sector’s ability to protect its critical infrastructure, NERC said in its budget proposal to the Federal Energy Regulatory Commission. CRISP will provide near-real-time capability for critical infrastructure owners and operators to voluntarily share cyber threat data, analyze the data, and receive machine-to-machine mitigation measures. 

Passive sensors called information-sharing devices (ISDs) that are installed on participants’ networks will send encrypted data to a CRISP analysis center operated by the Pacific Northwest National Laboratory (PNNL), which will analyze the data and send alerts and mitigation measures to CRISP participants through a secure network, NERC said. 

CRISP provides the ability to integrate other cyber-related threat information provided through governmental sources with the cyber threat information gathered by the ISDs installed on participants’ networks, NERC said. CRISP also provides the ability to look across organizations within the electricity subsector to identify correlation and trends.

The Electricity Sector Information Sharing and Analysis Center (ES-ISAC) will assume the role of program manager for CRISP and will be responsible for providing certain services to the participating utilities, including oversight of the installation of ISDs and associated analytical services, NERC said. ES-ISAC will provide a central point for coordination and be the hub for collaborative analysis of CRISP data. 

In its proposed budget, NERC said its 2015 strategic goals and objectives are focused on the areas of (i) continuing to implement its risk-based strategy, with a focus on a set of current high-priority risk projects; (ii) physical and cyber security of the bulk power system; (iii) continuing to implement its Reliability Assurance Initiative; (iv) implementing the revised bulk electric system definition that FERC has approved; (v) developing and implementing a risk-based registration system; and (vi) transforming the NERC Reliability Standards "to a steady state."


Be the first to rate this item!

Please Sign in to rate this.


  Add Your Comment

(1000 of 1000 characters remaining)

Vice President, Integrated Media and Communications
Meena Dayak

Editorial Director
Robert Varela

Editor, Public Power Daily
Jeannine Anderson

Communications Assistant
Fallon W. Forbush

Manager, Integrated Media 
David L. Blaylock

Integrated Media Editor 
Laura D’Alessandro