Thursday, November 15, 2018

MISO Tariff Changes Target Cybersecurity Data Sharing

By Amanda Durish Cook

CARMEL, Ind. — MISO has drafted proposed Tariff changes that would allow it to share more information on significant cyberattacks with the federal government.

The revisions, targeted for FERC filing early next year, will permit emergency data sharing with the Department of Homeland Security should MISO experience a cyberattack.

David Rosenthal | © RTO Insider

“Right now, we’re very limited in the information we can share,” David Rosenthal, director of incident response and systems recovery, said during a Nov. 1 Reliability Subcommittee meeting. MISO’s Tariff currently permits data sharing with FERC and the Commodity Futures Trading Commission.

MISO is a Section 9 entity according to President Barack Obama’s 2013 Executive Order 13636, which means it’s on a shortlist of entities with critical infrastructure at greatest risk that the government is interested in protecting.

Last year, President Trump signed Executive Order 13800, which tasked DHS with measures that federal agencies could use to support cybersecurity efforts of Section 9 entities.

MISO is also waiting to see how complicated the new NERC standard CIP-008-6 will be; the rule requires reliability coordinators to report attempts to breach cybersecurity. A comment period for the standard closed on Oct. 22.

In anticipation of these activities, MISO has drawn up Tariff revisions for data sharing with “federal agencies with responsibilities for cybersecurity in response to cyber exigency.”

“Honestly, we truly only plan to use this in a significant event like a blackout or a nuclear event,” Rosenthal said. “MISO hopes to never need to use the additional data-sharing practices.”

Staff said the ambiguity around which federal agencies MISO can share data with is deliberate, providing the RTO the latitude to share information with other federal entities with cybersecurity responsibilities, such as the FBI, in the event that DHS is overloaded following a mass attack.

“We just don’t want to pause while we’re in the middle of an incident to see which federal agencies are listed in the Tariff,” Rosenthal said.

He stressed that the information sharing can only be authorized by MISO’s chief information officer or chief information security officer. The RTO will be authorized to terminate the agreement at any time.

The Tariff revisions will also include a confidentiality request that federal agencies not share MISO’s information with third parties. Rosenthal said this aligns with current information-sharing practices with FERC and CFTC, agencies that also do not guarantee confidentiality, though the RTO nevertheless includes confidentiality requests in those agreements as well. Staff promised to make use of whatever authority available to MISO to limit the spread of its information.

MISO requests feedback on the data-sharing proposal by Nov. 21. Rosenthal said MISO would try to file in January.

Top