Cybersecurity and Physical Security

Industry engagement effort boosts public power/E-ISAC relationship

There are a number of significant benefits that can flow from public power participation in the North American Electric Reliability Corporation’s Electricity Information Sharing and Analysis Center (E-ISAC) industry engagement program including new networking opportunities and being able to build trusted relationships, public power officials and an Associate Director with E-ISAC recently said.

The officials made their comments in a webinar held in early November by the American Public Power Association. Webinar participants were Tim Pospisil, Director of Corporate Security & Chief Security Officer at Nebraska Public Power District, and Paul Crist, Chief Technology Officer and Vice President, Technology Services, at Nebraska’s Lincoln Electric System.

Also participating in the webinar were Bluma Sussman, Associate Director, Member Engagement at NERC’s E-ISAC, and Sam Rozenberg, Engineering Services Security Manager at the Association.

Pospisil also serves as the NERC CIP Senior Manager at NPPD. Along with his roles at NPPD, Pospisil is also a member of the Large Public Power Council’s cybersecurity taskforce and he is also a member of the Electricity Subsector Coordinating Council’s Security Executive Working Group.  Crist is the Chief Technology Officer and NERC CIP Senior Manager at LES and represents the MRO region on the NERC critical infrastructure protection committee and supports LES CEO Kevin Wailes, who is co-chair of the ESCC.

The E-ISAC is operated by NERC, which sets mandatory reliability standards for the U.S. electric utility industry. Its offices are at NERC’s headquarters in Washington, but are physically separate from the rest of NERC, and E-ISAC staffers sign a code of conduct preventing them from disclosing any confidential information to others at NERC.

Industry engagement program overview

The IEP is an engagement program for E-ISAC and member asset owners and operators. The program involves in-person three-day sessions held at the E-ISAC offices in Washington, D.C.

“It’s designed to familiarize E-ISAC members with our staff, our programs, products and processes,” Sussman noted during the webinar. There are several sessions held throughout the year, one of which was held in November.

Participants “get to meet with our staff and observe day-to-day operations. They get to spend time on our watch floor, and also talk about the challenges that they face, share best practices and have an opportunity to network, not only with E-ISAC staff but with other colleagues across electric utilities,” Sussman said.

“We launched the IEP as a pilot program early in 2018 in coordination with the LPPC,” she noted.

Public power participants in the pilot programs were: Salt River Project, New York Power Authority, NPPD, Grand River Dam Authority, Sacramento Municipal Utility District, Jacksonville Electric Authority, Los Angeles Department of Water and Power and CPS Energy.

Noting that the IEP is open to all E-ISAC asset owner and operator members, Sussman said that officials who interact with the E-ISAC on a regular basis “are really our ideal candidates.”

Sussman noted that “we’re really striving to have a more diverse set of participants including those from IOUs, munis, co-ops, Canadian participants as well.”

In 2018, the IEP program has held seven sessions, with 21 participants from 16 organizations.

Benefits from IEP participation

Crist, who is one of the newest IEP participants, said that “one of the big things with the IEP is it allowed us to see the benefits of utilizing the E-ISAC and who is working behind the scenes.”

Crist said that “one of the things that we learned is that the ISAC can essentially be an extension of your cyber and physical security teams, especially some of us that have limited resources on staff or we maybe don’t have big teams in those areas. It allows us to leverage the expertise here at the E-ISAC.” The staff is very knowledgeable, he noted.

Crist said that the IEP program “allowed several of us to interact with the staff” to answer questions “regarding the data we report. We learned that maybe some more sharing needs to happen so the E-ISAC can analyze that data. As many of us know, the more data you have and the more data we can share, the better the report outs will be for us. So that’s something we really need to encourage as a public power community to get that information out to share it with each other, as well as sharing it with the E-ISAC.”

The IEP is “not only an engagement program, but it’s also a chance to network with colleagues,” and serves as a professional development program, Crist pointed out. “At the end of the three days, when the training is complete, we get a certificate of training,” which can be used for continuing education hours.

Moreover, the program is cost-effective. “It’s just more or less the travel expenses to get here and to learn about the E-ISAC,” Crist said.  

When asked by Sussman to detail how programs like the IEP can be used to advance information sharing, Pospisil told Sussman that “as much as the industry learns from the E-ISAC and how you do your business to provide us that information, you also get an opportunity to learn about the customers that you’re serving.”

The NPPD official said that “We are all very different. How our companies operate are very different and possibly how we receive that information or can use that information is very different. So being able to understand both sides for the E-ISAC and for us as the utilities or customers of the E-ISAC gives us the opportunity to just provide that much more and better information.” It also helps to build trust, Pospisil said.

Rozenberg noted during the webinar that “we’ve had great success working with the E-ISAC over the past year, year and a half and seen about a 200 percent increase in the number of APPA organizations that have joined the E-ISAC.” He encouraged all of the Association’s members to join the E-ISAC.

2019 IEP dates

In 2019, IEP sessions will be held on the following dates:

  • Jan. 29-31
  • March 26-28
  • May 29-31
  • July 30-Aug. 1
  • Sept. 24-26
  • Dec. 3-5

For more information about the IEP, send an email to: [email protected] and cc: [email protected]