Tuesday, December 18, 2018

NERC Parts Ways with Chief Security Officer

Sachs Forced Out, Sources Say

By Rich Heidorn Jr.

Just days after losing its CEO, NERC has seen another senior management departure.

NERC Chief Security Officer Marcus Sachs

Sachs | © RTO Insider

Senior Vice President and Chief Security Officer Marcus Sachs, one of seven direct reports to NERC’s CEO, “resigned” effective Nov. 27, the organization said in a statement.

However, three sources knowledgeable about the matter said Sachs was forced to leave. One former NERC staffer said Sachs was ousted because of concerns by industry officials on the Electricity Subsector Coordinating Council (ESCC) that he lacked the background to lead the planned expansion of the Electricity Information Sharing and Analysis Center (E-ISAC).

“The ESCC didn’t have confidence in him taking the ISAC forward,” the former staffer said. “I don’t know if it was GridEx-related; I don’t know if it was storm-related or that Marc came from a communications background.”

Sachs joined NERC in May 2015 from Verizon, where he was vice president of national security policy. Prior to Verizon, he was deputy director of the computer science lab at SRI International and the founder of a computer security consultancy. He also worked for several months as cyber program director at the U.S. Department of Homeland Security and served more than 20 years in the U.S. Army. He has degrees in civil engineering and computer science in addition to a Ph.D. in public policy.

A second former NERC official said he was told Sachs was fired out but that he didn’t know the reason. “All I heard was that NERC forced him out,” the ex-staffer said. “My understanding is his departure was very sudden.”

But the first ex-staffer said the resignation “was supposed to be in the works before” Cauley’s Nov. 10 arrest on domestic abuse charges.

NERC did not respond to a request for comment Monday.

Sachs has joined Ridge-Lane LP, a merchant bank co-founded by former Homeland Security Secretary and Pennsylvania Gov. Tom Ridge. In an email, Sachs called his departure from NERC “a strategic move for me, which will allow me to assist other companies and organizations as they grow and develop.”

“I look forward to the next chapter of my career, and to be able to give back to others many of the lessons I have learned,” he added.

The ESCC, which serves as a liaison between industry and the federal government, is dominated by CEOs of investor-owned utilities.

Tim Roxey, a NERC vice president who serves as chief operations officer for the E-ISAC, was named interim chief security officer with responsibility for overseeing the E-ISAC and directing security risk assessment and mitigation activities. Bill Lawrence, a senior director with the E-ISAC who led GridEx IV last month, will assume day-to-day management of the center. (See Ukraine Attacks, ‘Fake News’ Color NERC GridEx IV Drill.)

MidAmerican Energy CEO William Fehrman, vice chair of the NERC Members Executive Committee, will provide “strategic counsel and guidance” on the E-ISAC’s expansion during the search for Sachs’ replacement, NERC said. Fehrman referred an interview request to NERC.

The E-ISAC is the primary security communications channel for the electricity sector, helping grid operators and others prepare for and respond to cyber and physical threats.

NERC’s 2018 Business Plan calls for improving the E-ISAC’s “technical and analytical capabilities with a goal of becoming the electricity industry’s leading, trusted source for analysis and sharing of security information.” The E-ISAC’s staffing will increase to 29 full-time equivalent employees from less than 20, funded by a $21.9 million budget, a $3.3 million increase from 2017.

“The long-term strategic plan is to transform the E-ISAC into a world-class intelligence collecting and analytical capability for the electricity industry,” according to the plan.

NERC General Counsel Charles Berardesco, who was appointed interim CEO following the Nov. 20 resignation of former CEO Gerry Cauley, said in a statement that he was “confident the E-ISAC, under Tim and Bill’s leadership, will continue to effectively carry out its responsibilities.” (See Cauley Resigns; NERC Launches Search for Replacement.)

Ridge-Lane says it sponsors “public-private partnerships to finance social infrastructure and advance modern urban developments across the U.S., as well as specialty venture capital and corporate development services to commercialize and scale innovative technology companies.”

The company did not respond to a request for comment.