Strong public and private sector information sharing was the focus of the ninth grid security conference, GridSecCon. More than 600 security experts from across North America attended the two-day conference to discuss the evolution of the grid security environment and the future of cyber and physical security.
The conference, hosted by the North American Electric Reliability Corporation (NERC) and the SERC Reliability Corporation, emphasized the programs necessary to protect the grid from constantly changing cyber and physical security threats. Conference participants represented a cross-section of industry and government partners in North America, who gathered to share information that included best practices and lessons learned. GridSecCon takes place each October to call attention to National Cybersecurity Awareness Month, which was started by the Department of Homeland Security 16 years ago.
“Security and reliability are inextricably linked and respect no geographic boundaries,” said Jim Robb, NERC’s president and chief executive officer (CEO), in his opening remarks. “Events like GridSecCon help us plan and prepare for contingencies through training, information sharing and lessons learned. Better grid security across North America depends on our strong partnerships to stay ahead of adversaries and mitigate a dynamic set of emerging threats.”
Other keynotes included:
• Karen Evans, assistant secretary, Office of Cybersecurity, Energy Security and Emergency Response, Department of Energy
• Brian Harrell, assistant director, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security
• Tom Fanning, chair, president and CEO, Southern Company
• Brian Thumm, vice president, Performance Improvement and Risk Management, SERC
“We know our industry is strong and takes security risks seriously; however, we must remain vigilant as our adversaries continue to develop more sophisticated campaigns that place the North American grid at risk,” Thumm said. “Regional Entities within the Electric Reliability Organization (ERO) Enterprise work directly with industry members to enhance and improve our security posture and events like GridSecCon help further that collaboration.”
During the conference, panel discussions focused on trade associations and grid security advocacy; assessing potential physical security threats; responding to drone threats; the nexus between physical and cyber security threats; cyber supply chain threats; and potential emerging threats. Prior to the start of the conference, a day of training sessions were offered that covered a range of topics, including physical security, threat intelligence, human error and supply chain.
A tribute, emceed by Tim Conway of SANS, was planned during the conference to remember Mike Assante and his outstanding contributions to the security of the grid. Assante, who passed away in July, was instrumental in establishing NERC’s Electricity Information Sharing and Analysis Center and also worked for SANS.
“We cannot ensure reliability without also ensuring the security of the North American bulk power system. GridSecCon is one way that the ERO Enterprise fosters a learning environment that supports this common goal,” Robb said. “Determined, capable adversaries require constant agility, vigilance and information sharing from experts at all levels of industry and government.”
