CANCELLED | Cybersecurity: Threats, Best Practices, and Improving the Regulatory Framework
For information about this event, please contact:
- Lynn CostantiniManager of Cybersecurity Compliance & OversightNew Jersey Board of Public Utilities
- Gerry CotellesseSupervisory Special AgentFBI
- Willliam HedermanSenior FellowKleinman Center for Energy Policy
- Dr. Erfan IbrahimDirector of Cyber Physical Security and Resilience SystemsNREL
- Steve KunsmanDirector of Product DevelopmentABB Grid
- Jonathon MonkenSenior Director of System ResiliencePJM
- Maggy PowellNERC Compliance ManagerExelon
- Vinny SakoreChief Technology OfficerNetDiligence
- Tobias WhitneyPrincipal for Critical Infrastructure ProtectionNERC
- Greg WitteSenior Security Engineer for G2NIST
DUE TO INCLEMENT WEATHER, THIS EVENT HAS BEEN CANCELLED.
Energy Policy Roundtable in the PJM Footprint #9
Presented by Raab Associates
Three quarters of utility executives in North America believe that a major cyber attack is likely to occur within the next five years. A recent survey of utility professionals found cyber and physical security to be the most pressing issues facing the industry.
Recall that a 2015 cyber attack on Ukraine's power grid blacked out over 100 cities and towns. Closer to home, in 2017, hackers targeted critical energy infrastructure, breaching computer networks of various U.S. power plants, including the Wolf Creek nuclear station. More frequently, ransomware attacks are targeting the utility industry.
FERC's new resiliency NOPR is exploring how RTOs/ISOs identify and plan for low frequency, high impact events, including cyber attacks. FERC also has a NOPR pending which would require enhanced reporting of attempted cyber attacks. Meanwhile, state policy makers and utility regulators are establishing their own cyber-related policies and requirements, exploring critical questions about risks and costs. w
Please join us in exploring these timely and thorny issues as we examine current and future threats, as well as the emerging utility industry and regulatory best practices in confronting them.
Registration is required***. Rates are $100 for general registration and $50 for employees of Sponsoring Organizations, government or non-profit employees, students, retirees, & low-income individuals. Registration for Web-Streaming Only: $50 for non-Sponsors and Free for Sponsors.
***The Kleinman Center has a limited number of seats reserved for Penn colleagues and students. If you are a member of the Penn community and interested in attending, please contact Bill Cohen: firstname.lastname@example.org.
First Panel: Emerging Industry Best Practices on Cybersecurity in the Utility (Electric and Gas) Industry
- Jonathon Monken, Senior Director of System Resilience at PJM, presenting a bulk power system perspective
- Dr. Erfan Ibrahim, Director of Cyber Physical Security and Resilience Systems at the National Renewable Energy Labs (NREL), providing a distributed energy resources perspective
- Steve Kunsman, Director of Product Development at ABB
- Grid, sharing a vendor perspective
- Maggy Powell, NERC Compliance Manager at Exelon, offering a distribution and integrated utility perspective
This panel will be guest moderated by Kleinman Center Senior Fellow William Hederman, who was a senior advisor to U.S. DOE Secretary of Energy Ernest Moniz, and is currently advising Edison Electric Institute (EEI) on cyber issues.
Key Questions for this Panel: What threats do we see now in the utility industry and what can we reasonably expect in the future? How does the growth of the "smart grid" and of distributed energy resources impact the cybersecurity landscape? What are the current best practices in designing, implementing, and evolving our defenses and responses?
Second Panel (after the networking break): Improving the Regulatory Framework for Cybersecurity in the Utility Industry.
- Tobias Whitney, Principal for Critical Infrastructure Protection at NERC (North American Electric Reliability Corporation), will discuss NERC's Critical Infrastructure Protection (CIP) requirements for the utility industry.
- Greg Witte, Senior Security Engineer for G2 at NIST (National Institute of Standards & Technology), will lay out NIST's risk-based Cybersecurity Framework, which can supplement NERC requirements.
- Vinny Sakore, Chief Technology Officer at NetDiligence, will describe the firm's work in helping companies assess and manage risks.
- Lynn Costantini, New Jersey Board of Public Utilities' Manager of Cybersecurity Compliance & Oversight, will discuss NJ's development of a cutting-edge state regulatory cyber strategy and framework for its utilities, as well as its leadership role on NARUC's Critical Infrastructure Committee.
Key Questions for this Panel: How should regulators, utilities, and other energy stakeholders prioritize cyber investments, and what are the relative roles of requirement vs. risk-based approaches? What are the likely costs, and how should those costs be recovered? What strategies and frameworks should FERC, NERC, and state PUCs put in place to facilitate cyber best practices, including continuous improvement?