CIO & Smart Grid Master: NERC CEO Testifies at Senate Hearing on Cyber Security

Sunday, May 10, 2009

NERC CEO Testifies at Senate Hearing on Cyber Security

Written Testimony of Rick Sergel, NERC President & CEO Before the U.S. Senate Committee on Energy and Natural Resources Hearing on Joint Staff Draft Related to Cybersecurity and Critical Electricity Infrastructure May 7, 2009

"The cyber security of the bulk power system in North America remains an important concern for our nation. When I last spoke in front of a Congressional committee in September 2008, my organization, the North American Electric Reliability Corporation (NERC), had just launched a major initiative to improve its response to cyber security challenges. I am pleased to report significant progress on this front, which is a clear indication that the framework established under Section 215 of the Federal Power Act is producing results. But I remain firm in the message I communicated nine months ago: the Federal government should be given additional, carefully crafted, emergency authority to address specific, imminent cyber security threats.

"My testimony today will focus on the steps NERC has taken to enhance protection of the North American bulk power system from cyber security threats, and offer NERC’s views on the Joint Staff Draft, which would provide the needed federal authority."

Continue Reading >>

Note:

Rick Sergel and his team have done a great job to accelerate the NERC CIP adoption and verification processes. All utilities are hard at work to be fully compliant, if they are not already.

The real challenge is that we find ourselves balancing the forces of Functionality/Convenience vs. Security vs. Affordability. In the end, my second law of Information Technology says: "When balancing the forces of Functionality/Convenience vs. Security vs. Affordability, one must pick only two forces to drive the project and achieve compliant results." Trying to achieve the three forces at once does not deliver sustainable results. Some grid users feel that Security must trump everything else. While other grid users feel that Functionality/Convenience comes first. And yet other grid users want Affordability to be the focus.

My first law of Information Technology says: "When balancing the forces of Cheaper vs. Faster vs. Better, one must pick only two forces to drive the project and achieve sustainable results."

No comments:

Andres Carvallo BIO

Andres Carvallo is an award winning engineer, speaker, author, and executive. Andres is globally recognized by the IEEE as one of the early developers of the smart grid concept and technology. Andres championed Austin Energy's industry leading smart grid program design and implementation from 2003 – 2010 and he architected the Pecan Street Project in 2009. Andres co-authored the best selling book "The Advanced Smart Grid", has received 34 industry awards since 2005, and is a popular speaker and guest lecturer. Andres is currently the EVP of Energy Solutions and Chief Strategy Officer at Proximetry. Andres has over 27 years of experience in the Energy, Telecommunications, Computer and Software industries. Andres has held since 1992 P&L responsibilities and senior executive titles while being responsible for the strategy, development, and commercialization of over 40 products at six start-ups and leading global companies like Philips Electronics, Digital Equipment, and Borland. Furthermore, Andres started his career as a product manager for Microsoft Windows in Redmond, WA.

How to Run IT as a Business?

It all starts with my focus on the customer as the center of the lifecycle. The Lifecycle rules a discovery, planning, and maturity model process that orchestrates a framework. The framework, called RunITbiz, is made out of the 12 critical elements for Running IT as a Business. The elements are rationalized into demand and supply modules. At the core of the RunITbiz framework is a Service Oriented Architecture that leverages all legacy systems while powering new systems built on new open standards (Web Services, XML, BPEL, etc) including cutting edge Web 2.0 tools (Blogs, Wikis, AJAX, RSS, etc).

My RunITbiz Framework has two main modules. One module focuses on Managing IT Demand as a Business and the second one on Managing IT Supply as a Business. Each module has six critical elements to master. Here are the modules and critical elements:

Running IT Demand As A Business: 1. IT Governance, 2. IT Structure, 3. Portfolio Management, 4. Business Alignment, 5. Financial Management, 6. Marketing & PR

Running IT Supply As A Business: 7. Enterprise Architecture, 8. Vendor Management, 9. Process Management, 10. Project Management, 11. Service Management, 12. Quality Management

I wish you great success in your transformation. And if you have any questions, don't hesitate to reply to any post in this blog or contact me.

Top 20 Geek Blogs

1) Lifehacker - http://www.lifehacker.com/ - Lifehackers' motto says it all: "Don't live to geek, geek to live." This blog offers timesavers of just about every stripe, from Firefox shortcuts to tips from the "Getting things done" faithful.

2) IT Toolbox Blogs - http://blogs.ittoolbox.com/ - IT Toolbox has a number of "in the trenches" IT pros who talk about technology and management issues. There are specialist blogs dealing with security, databases and project management, among other subjects. It's a versatile site.

3) Valleywag - http://valleywag.com/ - Bring in the noise, bring in the snark. Valleywag is for those who believe that the tech industry lives or dies by the scuttlebutt pinging around Silicon Valley. And it's amusing for those of us who prefer that the lotus-eaters of Northern California stick with the dishing and tongue-wagging, leaving the rest of us to get the real work done.

4) Kotaku - http://kotaku.com/ - Kotaku is the snarky, gamer uber-blog. It has everything from reviews and gossip to cheat tips. Just about anything you'll ever need, including which game to buy and how to play it.

5) Danger Room - http://blog.wired.com/defense/ - Wired's military and defense blog writes about some of the coolest and scariest military technologies -- not to mention scandals, debates and other military news. Lots of video and imagery are included.

6) Gizmodo - http://gizmodo.com/ - Gizmodo's got the scoop on all the latest toys and cool and wacky inventions -- from high-def TVs and coffee makers to booze belts and USB drives. You've got to love a site that publishes photos of a solar-powered bathing suit. Yeah, they also blog about serious technology news too.

7) O'Reilly Radar - http://radar.oreilly.com/ - This is where you can read Tim O'Reilly (founder of O'Reilly publishing) and others discuss networking, programming, open source, intellectual property, politics and Web 2.0, emerging technology.

8) Techdirt - http://www.techdirt.com/ - Techdirt is a newsy, "tell it like it is" blog that frequently features debates on the hot issues in the Internet and computer fields. Scandals are a specialty. Simplicity is its hallmark.

9) Groklaw - http://www.groklaw.net/ - Groklaw's raison d'etre is needling SCO in its long-running patent fights against IBM and Novell, but the discussion sometimes veers toward other issues that involve technology, intellectual property, and government regulations.

10) Hack a Day - http://www.hackaday.com/ - Want to learn how to add USB to a cheap Linux router? Create a snake robot? How about an XBox 360 laptop? Hack a Day has these basement projects and many more. This site is for the serious techie. At the same time, it's good for a laugh or a new hobby.

11) Engadget - http://www.engadget.com/ - As Coke is to Pepsi, so Engadget is to Gizmodo. It's all about gear, gossip, techish issues and the occasional rant. It's got great product photos, and the editors have access to pre- and early-release gadgetry. Also, some really funny home-made junk. But we prefer Gizmodo.

12) Feedster - www.feedster.com/feedpapers/Technology - Like drinking from the hose. This Web page brings together blog sites about technology, sports, celebrity gossip, food, personal experiences -- you name it. It also offers a blog search feature that allows you to input words or phrases, and it has a very cool RSS aggregator for news feeds. It also injects some great humor into technology news. An all-around great site.

13) Forever Geek - http://forevergeek.com - Forever Geek is a great site with a myriad blogs on diverse topics, from technology and general interest news to movie and game reviews. Definitely a geek paradise. If you want to learn about the upcoming Iron Man movie or read a review of Photoshop CS3, this is the place to go.

14) Rough Type - http://www.roughtype.com/ - Nick Carr -- of "Does IT Matter?" fame -- has a sharp-minded blog that discusses all manner of issues and trends relating to technology. Always an entertaining read, Rough Type often locks horns with companies, people, technologies and policies that rub Carr the wrong way.

15) Smorgasbord - http://www.smorgasbord.net/ - Billed as a site for gadget- and game-loving geeks, this blog also serves up articles that cross over into the political and celebrity news of the day. The combination of entertainment value and tech news make Smorgasbord a top contender.

16) The Unofficial Apple Weblog (TUAW) - http://www.tuaw.com/ - TUAW offers collection of independent bloggers -- that is independent but not undecided or uninformed. It's a good source for Apple-related news. The only reason it didn't make the top 15 was its singular topic focus.

17) Elliot Back's blog - http://elliottback.com/wp/ - A self-professed computer scientist, Elliot posts everything from his opinions on why XML sucks, to the Titanic's passenger list and reviews of movies like 300. This site is diverse and well composed, offering great tips on topics such as increasing system performance and blocking spam.

18) Ed Foster's Gripelog - http://www.gripe2ed.com/scoop/ - There is a new crop of blogs that highlight poor customer service for consumer electronics, bad UIs and outright rip-offs, but Ed Foster has been doing it longer than anyone else. Check out these recent topics: Defective DRM, tricky warranties on plasma TVs and bad mobile phone service.

19) Gadgetell - http://www.gadgetell.com/ - This is a great site if you want to get the latest gadget and game news along with some topical opinion pieces.

20) 4sysops - http://4sysops.com/ - This is a very useful with well-written tips and how-to's for Windows admins.

Favorite Books

Blink - Malcolm Gladwell
Building the Real-Time Enterprise - Michael Hugos
Built to Last - Jim Collins
Crossing The Chasm - Geoffrey Moore
Dealing With Darwin - Geoffrey Moore
Earth: The Sequel - Fred Krupp
Freakonomics - Steven Levitt
Good to Great - Jim Collins
Hot, Flat, and Crowded - Thomas Friedman
Information Revolution - Jim Davis
Jack - Jack Welch
Perfect Power - Robert Galvin
Player Manager - Joy Palmer
Synchronocity - Joseph Jaworski
The Tipping Point - Malcom Gladwell
The World is Flat - Thomas Friedman
Transparent IT - Jack Wilson

About Proximetry

Proximetry develops and commercializes AirSync™, a comprehensive communications network and device management software platform for the energy industry. AirSync delivers secure, scalable, closed-loop control, and policy-based management of devices to build and manage large complex networks built upon multiple vendor platforms that incorporate a vast array of communications technologies. AirSync™ provides the essential tools for energy organizations to provision and manage mission-critical devices and networks. Founded in 2005, Proximetry is privately held, headquartered in San Diego, California, and backed by Munich Venture Partners, Aeris Capital, Investec, and Rembrandt Venture Partners. For more information, please visit www.proximetry.com

Cisco on Proximetry

Why is AirSync Better?

1) ALL other NMS/OSS products in the market use only SNMP to provide monitoring and alarms for devices, AirSync supports SNMP and it also uses a lightweight protocol (pre-CoAP) to manage devices with closed-loop control and policy-based functionality via an agent. AirSync’s pre-CoAP protocol solves the disadvantages of SNMP for the Smart Grid (i.e. too chatty, non-stop polling, and no integrated firmware management).

2) All other NMS/OSS products are focused on telecom WAN management only (i.e. routers, switches in telco domain) while AirSync can manage the WAN and its elements, it also can go deeper into the FAN, LAN, and PAN (including the AMI network). Furthermore, AirSync manages all devices hanging on those networks(e.g. electric/gas/water meters, inverters, IDEs, RTUs, Programmable Logic Controllers, premise gateways, premise routers, and sensors in general). It is important to note that All other NMS/OSS products in the market do not manage smart meters and/or any sensors on the edge of a FAN, LAN, or PAN, but AirSync does.

3) All other NMS/OSS products in the market do NOT provide any firmware management capabilities or if they do it is very limited. And they DO NOT support FANs, LANs, and PANs. And they DO NOT provide closed-loop control of any edge devices from any vendor on any network using any topology. AirSync delivers all of the above.

4) AirSync has unique features to manage ALL networks with many configurable enhancements like shaping the traffic and QoS management by having an agent on the device side unlike All other NMS/OSS products in the market which depend only on SNMP and lack such an ability.

Bottom line: All other NMS/OSS products in the market deliver only classical and limited WAN NMS/OSS capabilities. AirSync delivers all that far better and it can also support FAN/LAN/PAN/device/firmware management functions and help manage deeper into all the networks. AirSync has a well-defined NBI that can be used to interface with any NMS/OSS and provide the utility with an integrated management system with the utility's preferred GUI but with all the advantages of AirSync.