c The CIP Report

c

Fe

NE

SC

ES

Blu

Cy

Sta

DO

Rid

Cy

Re

Go

John McExecutiv

Emily FryAssociat

Kevin “KAssociatResearcResearc

MeredithCIP LawArchivistOutreach

RebeccaCIP ProjExecutiv

George BInterim DJMU Instand Infor

Ken NewJMU OutJMU CIP

Contact:703-993-

The CIP Report
VOLUME 1, ISSUE 6 DECEMBER 2002
This issue of The CIP Reportfocuses on the Electricity Sector.The amount of change in thissector during the past severalyears is staggering. Industrial andcommercial customers, trying tosustain competitiveness in aglobal market place, arepressuring suppliers of electricityto reduce prices; at the same time,the demand for and use ofelectricity has grown to supportmore sophisticated servicedelivery and manufacturingprocesses at higher speed andaccuracy.

Congress, the Administration, andrelevant stakeholder communitiesare working closely to discussstandard market design (SMD)proposals – and this dialogue willprofoundly impact multiplecritical infrastructure issues andchallenges. Participation inwholesale activity will require anappropriate level of security,which includes a cyber-securitycomponent to supporttransmission integrity across thegrid.

The Electricity Sector has takenvery seriously the responsibilityof protecting systems andproviding reliable servicedelivery. The North AmericanElectric Reliability Council(NERC), designated byPresidential Decision Directive 63as the Sector Coordinator, hasworked closely with itsdesignated Sector Liaison, theDepartment of Energy, and with

the Federal Energy RegulatoryCommission (FERC), theNational Infrastructure ProtectionCenter (NIPC), and a broadspectrum of other organizations todevelop security-relatedprograms. NERC has outlined,developed, and disseminatedcomplex critical infrastructurepolicy materials – covering threatand vulnerability assessments,information sharing analysis, andindications & warning. This issueprovides information on NERC’s Critical InfrastructureProtection Advisory Group.Readers will benefit fromreviewing an impressive portfolioof accomplishments.

Similarly, government agencies,especially the FERC, the NationalInfrastructure Simulation andAnalysis Center, the Office ofEnergy Assurance at theDepartment of Energy, and theNIPC have developed importantcritical infrastructure initiativesfocused specifically on electricpower. We include many of theseprograms in this issue to highlightachievements as well as modelsfor other infrastructure sectors.

Electricity Sector Issue

deral Energy Reg Cmsn 2

RC Security Activities 3

ADA Systems 5

-ISAC 7

e Cascades Report 9

ber Security Standards 10

ndard Market Design 10

E's Security and Assurance 11

ge on Private Sector Collab 12

ber Defenders Exercise 13

quest for Comments Notice 13

v. Warner Speaks at GMU 14

CIP Project Staff

Carthye Director

ee Director, Legal Programs

ip” Thomase Director,h Programs/h Associate Professor

Gilchrest and Policy Research/ Program Manager

Luriaect Administrator /e Assistant

akerirectoritute for Infrastructuremation Assurance

boldreach Coordinator / Project Liaison

[email protected]

http://techcenter.gmu.edu

The CIP Report, December 2002

Discussion with Alison Silverstein – Special Advisor to the Chair of the FERC

.

Alison SilversteinSpecial Advisor to

the Chair

Secret to Success at the FERCin CIP activities:

"Highly focused, strategic,performance and results oriented – and

the best and the brightest people."

Education

MBA Stanford UniversityMSE Systems Analysis and

EconomicsThe John Hopkins University

BA EconomicsThe Johns Hopkins University

The Federal Energy RegulatoryCommission (FERC) has becomeone of the most dynamic Federalgovernment agencies inpromoting national criticalinfrastructure goals. In adiscussion with the GMU CIPProject, Alison Silverstein,Special Advisor to the Chair ofthe FERC, outlined the agency’soperating philosophy as well asprogrammatic accomplishmentssince she signed on just one weekafter the 9/11 attacks. Thefollowing four activities are partof the strategic programs andaccomplishments developed bythe FERC in the aftermath of the9/11 attacks.

• Facilitating Security CostRecovery – Safeguarding ourEnergy Infrastructure

Cost recovery in the electricpower sector has always been acritical concern. This isespecially so with regard tocapital investments in the areas ofsecurity and infrastructurereliability. In order to addressthese concerns, the FERC hasestablished a cost recoveryprogram for security-relatedinvestments. On September 14,2001, the FERC issued itsStatement of Policy onExtraordinary ExpendituresNecessary to Safeguard NationalEnergy Supplies. This policyoffers assurances that the FERCwill approve applications torecover “prudently incurred costsnecessary to further safeguard thereliability and security of our

energy supply infrastructure inresponse to the heightened stateof alert.”

• Accessing Critical EnergyInfrastructure Information:Balancing Freedom ofInformation with CriticalInfrastructure and SecurityConcerns

The FERC has developed one ofthe most progressive publicaccess and freedom ofinformation policies andprograms since the 9/11 attacks.First, the FERC immediatelyremoved from easy public accesscertain documents; FERCchanged its policy in order torestrict general and unfetteredpublic access to certain sensitiveinformation – such as detailedinfrastructure maps – that couldundermine protection of thenation’s energy infrastructure.

Working through the FederalRegister process, the FERCdefined Critical EnergyInfrastructure Information (CEII)as information already exemptunder the FOIA and is in theprocess of finalizing regulationsto balance open access withgreater protection of CEIIinformation. These FERCpolicies and rules are beingexamined by other Federalagencies as a model for openaccess to sensitive infrastructureinformation.

• Collaboration with NERCon Cyber Security-Enhancing TransmissionIntegrity

The FERC-lead process ofdefining a Standard MarketDesign includes cyber securitystandards developed by thecontinued on page 8►


Activities Undertaken by the Electricity Sector to AddressPhysical and Cyber Security

Lou Leffler is the Manager-Critical InfrastructureProtection for NERC, and hasthe responsibility to facilitatethe work of NERC’s CriticalInfrastructure ProtectionAdvisory Group. Mr. Leffler isa member of the ES-ISAC team,and is the Sector Coordinator.

The North American ElectricReliability Council (NERC) is anot-for-profit organization formedafter the Northeast Blackout in1965 to promote the reliability ofthe bulk electric systems thatserve North America. NERCcomprises ten RegionalReliability Councils that accountfor virtually all of the electricitysupplied in the United States,Canada, and a portion of BajaCalifornia Norte, Mexico. Inaddition to its job of “keeping thelights on,” NERC serves as theelectric industry’s contact andcoordinator in the United Statesand Canada for bulk electricsystem security matters andoperates the Electricity Sector’sInformation Sharing and AnalysisCenter (see page 7).

Critical InfrastructureProtection Advisory Group

Following issuance of thePresident’s Commission onCritical Infrastructure ProtectionReport in 1997 and thePresident’s Decision Directive 63in 1998, the Secretary of the U.S.Department of Energy requestedNERC to accept the role asElectricity Sector Coordinator forCritical Infrastructure Protection.NERC President and CEO,Michehl Gent, with approval ofthe Board of Trustees, acceptedthis assignment as a logicalextension of NERC’s mission.NERC established a study andaction group--which is now theElectricity Sector CriticalInfrastructure Protection AdvisoryGroup (CIPAG) with a direct

reporting relationship to theNERC Board. Essential toprogress in efforts to enhancesecurity of the Electricity Sectoris the cooperation of all segmentswithin the Sector. The CIPAGbrings together the generation andtransmission providers, public andinvestor-owned utilities, powermarketers, regional transmissionorganizations and independentsystem operators, electric powerassociations, and governmentagencies. Both Canadian andUnited States entities participate.

Indications, Analysis, andWarning Program

After the CIPAG established itsrelationship with the SectorLiaison, the U.S. Department ofEnergy (DOE), the advisory

group and representatives of theDOE met with the NationalInfrastructure Protection Center(NIPC). From this has emerged aclose security workingrelationship that resulted in thedevelopment of the ElectricitySector – NIPC Indications,Analysis, and Warning Program(IAW Program).

The IAW Program providesseveral reporting mechanisms toenable reliable and securecommunications betweenElectricity Sector entities and theNIPC. The IAW ProgramStandard Operating Procedures(SOP) contains event criteria andthresholds with report timing fornine physical/operational and sixcyber/social engineering “eventtypes.” Those events to bereported include thoseoccurrences to an ElectricitySector entity that are either ofknown malicious intent or are ofunknown origin. Events includecontinued on page 4►

Michehl R. GentPresident and CEO

NERC


•

•

From the Indications, Analysis,and Warning Program:

This SOP (Standard OperatingProcedure) establishes voluntaryprocedures for implementing theinformation reporting, analysis andwarning provisions of the NationalInfrastructure Protection Center’s(NIPC) national level Indications,Analysis & Warning program forelectric power. This program hasbeen established to enable the NIPCto provide timely, accurate, andactionable warning for bothoperational and cyber threats orattacks on the national electric powerinfrastructure.

NERC, continued from page 3such things as the loss of a keyelement of an electric powersystem or telecommunicationscritical to system operations,announced threats, intelligencegathering (surveillance), computersystem intrusion (each event typecontains specificity as to level ofactual or potential impact onoperations of the reportingelectric entity). Note that electric“entities” include generation,transmission, distribution, overallsystem reliability coordination,and power marketing.

The power of the IAW Programlies in the fusion of incidentinformation from many sources(government and private sectors)in one place for continuous

Organization of the CIPAG:

CIP ADevelPeer R

APPA SecurityCommittee

CEA SecurityCommittee

EEI SecurityCommittee

NRECASecurity

Committee

BoTru

CIP SDirecTeamProcePractiDevel

Professional ReviewRecommendationsPractices

APPACEA EEINRECA

analysis and promptdissemination of threat andpossible vulnerability informationback to the sectors. The IAWProgram was approved forvoluntary use by the ElectricitySector in July 2000. Over the nextseveral months, NERC and NIPCconducted three workshopsdesigned to raise the Sector’sawareness to the security issuesand to introduce the IAWProgram. The program is in usecurrently.

Other Security-RelatedActivities

Following are other activitiesundertaken by NERC:• Published an Approach to

Action for the Electricity
•
ThavaISA h h

ThconPlasyneledisfloemsabeleprohigcomseg

dvisory Groupopment Needs

eview

ard ofstees

NERCStandingCommitteesAwarenessStandards

elfted Worksss andcesopment

ES-ISACAnalysisCommuni-cations

American Public Power AssociationCanadian Electricity AssociationEdison Electric InstituteNational Rural Electric CooperativeAssociation

SectorPublished Security Cases forAction for the ElectricitySectorDeveloped and maintains setof Security GuidelinesDeveloped a Threat AlertSystem for the ElectricitySector that coordinates withthe Homeland SecurityAdvisory System (HSAS)

e above documents areilable via the NERC and ES-C Internet sites:

ttp://www.nerc.comttp://www.esisac.com

e electric industry operates in astant state of preparedness.nning, training, and operatingchronous grids prepares thectric industry for naturalasters such as earthquakes,ods, tornadoes, energyergencies and attacks ofotage or terrorism. NERC hasvated critical infrastructuretection to be the focus of ah-level advisory groupprised of all ownership

ments in the electric industry.

http://www.esisac.com/

http://www.nerc.com


based control systereferred to as superand data acquisitiosystems. SCADA evolved from the teevent-alarm systemthe early days of uthave three major co

1. Remote sensorsdevices (referreterminal units oacquire data anoperator comm

2. Supporting twocommunicationto transmit the telephone, micror satellite circthe master contthe RTUs

3. Master control sensor informamemory and dicentral computenabling operatsystem status/pSCADA enablecontrol of systeeither automatiinitiated by opecommands.

Supervisory Control and Data Acquisition (SCADA) SystemsDr. George Baker and Mr. Allan Berg

Our criticalnationalinfrastructuresystems havebecomealmostuniversallydependentuponcomputer-

ms technicallyvisory controln (or SCADA)systemslemetry ands developed inilities. Theymponents:

and controld to as remoter RTUs) whichd respond toands

-way system linksdata viaowave, cable,

uits betweenrol station and

stations wheretion is stored insplayed oner screensors to track theroblems.s remotem operationcally orrator

Infrastructures that are heavilydependent on SCADA includeelectric power generation anddistribution, water distribution, oiland gas pipelines,telecommunications, railroads,and food processing. SCADA isemployed worldwide and oftencrosses national boundaries. Asan example, pipeline companiesuse SCADA to monitor andcontrol the flow of billions ofcubic feet of natural gas everyday. RTUs along the pipelinesmeasure and transmit data onpipeline pressure, flow rates andthe open/closed state of flow-controlling switches and valves.The master control stationoperator interfaces incorporatesophisticated software used byoperators to instantaneously viewthe status of pipeline operationand enables them to open andclose valves to control gas flowhundreds of miles away.

With the widespread use ofSCADA systems, computers havebecome the “basis element” for

much of our critical infrastructure.As a consequence, the disruptionof controlling computer terminalsand networks due to naturaldisasters, electric power failure,accidents, or hostile activity canhave catastrophic consequences.Hostile activity is of highestconcern. Because of computercontrol, critical infrastructureservices can be disruptedremotely -- common hackertactics can be used to destroy real-world lives and property.Attackers may insert maliciouscode, such as viruses, TrojanHorses, and/or logic bombs todestroy databases required forSCADA management ofcommunications systems orindustrial process systemsinvolved in distributingelectricity, fuel, or water.Attackers can also break intoSCADA systems and take overreal-time control of criticalprocesses. In a recent incident,hackers were able to open andclose the flood gates of acontinued on page 6►

Dr. George Baker


SCADA, continued from page 5hydroelectricdam bybreakinginto theresidentSCADAsystem. It isconceivablethat similar

attacks could occur on electricgeneration and distributionsystems and the public switchednetwork. Information on SCADAsystems and how to program themturned up on al Qaeda computersseized this year.1

Physical attacks on SCADAsystems can also have seriousconsequences. Physicaldestruction of control facilitiesand cutting the lines ofcommunication by severingcables or jamming microwavelinks are possible means of attack.One problematic aspect ofSCADA systems is that whenthey fail, in many cases thecontrolled process continues toexecute the last command beforefailure. Thus open valves stayopen and running motors continueto run with potentiallycatastrophic consequences. Anattack on an Australian watertreatment SCADA in 2000resulted in sewageoverflows into a public watersystem. In Washington State,authorities cited improperSCADA performance as acontributing factor in a 1999gasoline pipeline rupture and firethat killed three.

SCADA system protection posesmany challenges. SCADA

Mr. Allan Berg

systems are very different amongand within critical infrastructuresystems--one protection techniquedoes not fit all. Deregulation hasmilitated against protectionmeasures. To reduce costs,SCADA systems have replacedmany line maintenance personnelfamiliar with controlled systemoperation and able to keep thesystems running manually in theevent of major failures. Manyutilities have not yet realized thattheir systems are accessible viathe Internet. SCADAadministrators often believe thatsince their SCADA systems arenot connected to corporate LANsthey are immune to outsideattacks. But since RTUs oftentransmit and receive throughlowest cost third party data linkssuch as the public switchednetwork, leased microwave links,or satellite relays, they are stillsusceptible to intruders.

The recent National Academiesreport on the role of science andtechnology in counteringterrorism2, identified SCADAprotection as one of the mostimportant near term technicalinitiatives that can beaccomplished by applyingexisting technologies. As a firststep, computer security guidelinesshould be strictly enforced forSCADA computer networks.Legal incentives need to bedeveloped to encourage utilities toimplement protection measures.Companies need to encouragecommunication and teamworkamong IT security and industrialautomation personnel. Riskassessments and red teamevaluation of critical

infrastructure control systems bytechnical experts will beimportant to identify problemsand countermeasures. Industryshould improve physical securityand protection of critical SCADAand RTU locations. Effectivegovernment assistance andincentives will be important toencourage implementation ofsecurity improvements.Universities can assist bydeveloping education and trainingprograms on SCADA systemoperation, susceptibilities, andprotection measures.

The CIP Project is developinglegal and technical solutions thatwill improve our ability to assessand protect critical SCADAsystems. JMU is developing arisk assessment model thatfocuses on network security forcritical infrastructure systems.GMU is investigating legal andpolicy measures to energizeinfrastructure owners andoperators to protect their criticalnetworks. Results of both effortswill be applicable to ensuringreliable SCADA systemoperation.

1 Barton Gellman, “Cyber-Attacks by AlQaeda Feared,” Washington Post, June 2720022 Committee on Science and Technology forCountering Terrorism, Making the NationSafer, National Research Council, NationalAcademies Press, 2002 <www.nap.edu>

Dr. George Baker is the InterimDirector of the Institute forInfrastructure and InformationAssurance.

Allan Berg is the Associate Directorof the Institute for Infrastructure andInformation Assurance.


Electricity Sector Information Sharing and Analysis Center (ES-ISAC)

The North American ElectricReliability Council announced theES-ISAC in October 2000. TheES-ISAC was formed to:

• Obtain security informationrelated to possible threats orsuspicious activity, or actualmalicious or terrorist actsagainst the Electricity Sectorand to assure that thisinformation is provided to theNIPC for analysis.

• Assist the NIPC in its analysisof the actual or potential

impact of threat to orvulnerabilities of theElectricity Sector. Subjectmatter expertise may beprovided directly by ISACpersonnel or through contactwith Sector people arrangedvia the ISAC.

• Immediately disseminatethreat and vulnerabilitywarnings on a Sector,geographic, facility type,specific facility basis asappropriate.

• Provide ongoing Sector

awareness to the ever-changing security landscape.

The ES-ISAC is staffed by NERCpersonnel who consult withparticular subject matter expertsthroughout the Sector. The CIPAdvisory Group providesfunctional oversight to the ES-ISAC, which is funded as part ofthe NERC budget. There are nofees for participating ElectricitySector entities.

ReliabilityAuthorities

ControlAreas

TransmissionProviders

GenerationProviders

PowerMarketers

AmericanPub PowerAssociation

CanadianElectricity

Association

EdisonElectricInstitute

ElectricPow SupplyAssociation

Natl RuralElectr CoopAssociation

NERCBoard

NERCCIPAG

U.S. Department of Energy

National InfrastructureProtection Center

Other GovernmentAgencies

Other Sector ISACs(Private and Government)

ElectricitySector

InformationSharing andAnalysisCenter


Pat Wood, IIIChairman

FERC

FERC, continued from page 2

industry in the North AmericanElectric Reliability Council,Critical Infrastructure ProtectionAdvisory Group (NERC CIPAG).In collaborating closely with theNERC, the FERC has focused oncreating cyber security standardsas a “generic and least commondenominator” – not industry bestpractices. The FERC has focusedon the importance of creating aminimum level of protection forparticipants in wholesaletransmissions.

• Dam Safety and Security

The FERC has quietly engagedowners and operators of thenation’s dams in developing moreenhanced security and safety

The Federal Energy Regulatory C

FERC Websitehttp://www.ferc.gov/

Electric Power Regulationhttp://www.ferc.gov/Electric/electric.

Enabling Legislation and Regulationhttp://www.ferc.gov/informational/en

Links to Electric Energy Sites:http://www.ferc.gov/Electric/electrics

Testimony on Energy Infrastructure http://www.ferc.gov/news/congressi7-24-02.pdf

programs. In addition to workingdirectly with industry owners, theFERC has also partnered acrossgovernment with other experts –such as the Army Corps ofEngineers and the Department ofthe Interior. The FERC hasformed a hydro security teamfocusing on hydroelectric powerprojects. The FERC offersguidance to licensees on -

o Risk assessment materialsand initial assessments

o Integration of securityenhancements withemergency action plans

o Rapid alert notificationand disseminationmethods

o Training

Mr. Wood was nominated to theCommission by President GeorgeW. Bush and confirmed by theSenate in 2001. His term expiresJune 30, 2005. Before joining theCommission, Mr. Wood wasChairman of the Public UtilityCommission of Texas. He hasworked as an engineer with ArcoIndonesia and as an attorney withthe Baker & Botts law firm inWashington, DC. He also servedas legal counsel to the Chairmanof the Texas RailroadCommission. In the early 1990s,he was legal advisor to FERCCommissioner Jerry J. Langdon.Throughout his career, he hasworked to advance a pro-customer, market-oriented visionof utility regulation

ommission: Other Useful Links

htm

:able1.htm

ites.htm

by the Chair, Pat Wood, III:onaltestimony/WoodTestimony0

http://www.ferc.gov/

http://www.ferc.gov/Electric/electric.htm

http://www.ferc.gov/informational/enable1.htm

http://www.ferc.gov/Electric/electricsites.htm

http://www.ferc.gov/news/congressionaltestimony/WoodTestimony07-24-02.pdf

http://www.ferc.gov/news/congressionaltestimony/WoodTestimony07-24-02.pdf


BLUE CASCADESInfrastructure Interdependencies Exercise

Dr. Paula Scalingi

More than 150 representativesfrom 70 private and public sectororganizations attended the first ofits kind multi-jurisdiction, cross-border tabletop infrastructureinterdependencies exercise. Theexercise was conducted by thePacific NorthWest EconomicRegion (PNWER) and co-sponsored by the U.S. Navy,Federal Emergency ManagementAgency (FEMA Region 10), andthe Canadian Office of CriticalInfrastructure Protection andEmergency Preparedness(OCIPEP).

BLUE CASCADES was thesecond in a series of activities thatare elements of a unique initiative— the Partnership for RegionalInfrastructure Security —launched by PNWER in late 2001with the goal of developing acooperative preparedness strategyusing a risk-based approach toenhance the security of criticalsystems region-wide.

PNWER, chartered in 1991,brings together public and privatesector interests with the aim ofenhancing the economicdevelopment of its eight U.S. andCanadian member jurisdictions:Alaska, Alberta, BritishColumbia, Idaho, Oregon,Montana, Washington, and theYukon Territory. The firstactivity was the Partnership kick-off meeting on Nov. 30, 2001 inSpokane, Washington, attended

by over 120 private and publicsector organizations from all thejurisdictions that comprisePNWER.

The exercise focused on thelinkages between and amonginfrastructures that could make thePacific Northwest vulnerable tocascading impacts in the event ofan attack or disruption, and whichcould complicate expeditiousresponse and recovery. Criticalinfrastructures participating in theexercise included energy (electricpower, oil, and natural gas),telecommunications,transportation, water supplysystems, banking and finance,emergency services, andgovernment services. Federal,state/provincial, and localgovernment agencies, includingemergency managementorganizations, were also well-represented.

BLUE CASCADES wasexpressly designed to helpstakeholders assess the currentstate of their understanding andpreparedness, particularly fromthe perspective of infrastructureinterdependencies. It also wasaimed at identifying their needs,priorities, and resourcerequirements for incorporationinto an Action Plan to assist theeight jurisdictions within PNWERto become a disaster-resistant/resilient region.

During the exercise, playersaddressed a challenging scenariothat was developed by a group ofstakeholders representing privateand public sectors from PNWER’sjurisdictions. Organizationscontributing to the scenarioincluded Bonneville PowerAdministration, BC Gas, BCHydro, Boeing, Duke Energy,PG&E, Williams Gas Pipeline,Puget Sound Energy, Port ofSeattle, Idaho Bureau of DisasterServices, U.S. Navy, the NationalInfrastructure Protection Center,Telus, Verizon, Qwest, FEMA,BC Provincial EmergencyProgram, and OCIPEP.

The scenario reflected thosethreats that the exerciseparticipants were most concernedabout — both deliberate and“non-deliberate,” with particularemphasis on the type of high-profile terrorist threat that isdominating today’s headlines andwhich could cause cascading,long-term impacts. The terroristattacks, physical in nature anddirected at disrupting the region'selectric power, caused region-wide power outages that quicklyspread to other western states.There were follow-on disruptionsof the region’stelecommunications and naturalgas distribution, as well as athreat to a major municipal watersystem and to the region’s ports.The attacks and disruptions ofcontinued on page 15►

http://www.pnwer.org


•

•

con

As part of a landmark Notice ofProposed Rulemaking issued thissummer (see box below), theFERC has published proposedcyber security “standards” forpublic utilities servicing“wholesale electric gridoperations.” The proposed cybersecurity rules, prepared in largepart by the NERC, are set to gointo effect in January 2004, buthave not been finalized.

This is the first-ever securityregulation relating to reliabilityand assurance of a criticalinfrastructure service. The cyber-security proposal covers the

following elements:

• Application: The newregulations will apply topublic utilities as well ascertain other serviceproviders; currently bothindustry and government areexamining just how broadlythe rules should apply.

• Governance: The rulesinclude a risk and securitygovernance component –focused on accountability insenior management.

• Asset Classification: Securityprograms must include aprocess to identify critical

assets and functions and toprioritize protection andassurance of those assets.Personnel and AccessControls: Social engineeringand personnel security are partof the definition of “CyberSecurity” in the proposedrules.Systems Management:Comprehensive systemssecurity includes software,hardware, and testing. Thestandards include a range ofinformation and systemsecurity guidelines that areacceptable, such as NIST

tinued on page 18►

Cyber Security Standards in the Electricity SectorLee M. Zeichner, Esq.

On July 31, 2002 the FederalEnergy Regulatory Commission(FERC) announced wide-ranging proposals to remedyundue discrimination in the useof the interstate transmissionsystem and give the nation thebenefits of a truly competitivebulk power system. In alandmark Notice of ProposedRulemaking (NOPR) the FERCissued a blueprint for changedesigned to create genuinewholesale competition, efficienttransmission systems, the rightpricing signals for investment intransmission, generationfacilities and demand reduction,and more customer options.Market monitoring and marketpower mitigation proposals arealso critical parts of the

proposals for standardized powermarket rules.

Standard market design (SMD) ispart of a series of initiatives bythe FERC to harness the benefitsof competitive markets. SMDprovides a framework wholesaleelectric markets to remedyremaining undue discriminationin transmission services andestablish a more level playingfield between competinggenerators, loads, andtechnologies. Under SMD, amajority of the nation's powerwill continue to be purchasedunder long-term bilateralcontracts, while the rest will beexchanged in organized spotmarkets for energy and ancillaryservices. SMD lays out the rulesfor how those markets willoperate, with day-ahead and real-time markets for energy and

ancillary services that are linkedto the feasibility of actual gridoperational capabilities andsecurity.

SMD also defines a new,flexible transmission service,establishes a congestionmanagement system to assurethat the grid is managedeffectively and that usersrecognize the true value of theirenergy use, lays out new rules toassure that all transmissionowners and operators recovertheir costs, establishes newmarket mitigation andmonitoring requirements, andsets out long-term planning andresource adequacy requirementsto assure that infrastructureneeds are recognized and metwithout wasteful, dangerous"boom and bust" cycles.

Standard Market Design


DOE's Energy Security and Assurance ProgramFrom Testimony by Mr. James McDonnellDirector, Energy Security and Assurance Program

The Secretary of Energy has theresponsibility as the lead federalagency to coordinate protectionactivities in the Energy Sector.Presidential Decision Directive 63assigned this responsibility toDOE and the Secretary expectsthe Homeland Security NationalStrategy to continue thatassignment of responsibility. TheOffice of Energy Assurance wasestablished at the Department tobetter protect against severeenergy disruptions in closecollaboration with State and localgovernments and the privatesector and, where possible, toassist with emergency responseefforts.

The Office provides technicalexpertise and managementoversight to identify energysystem critical components andinterdependencies, identify threatsto the system, recommend actionsto correct or mitigatevulnerabilities, plan for responseand recovery to systemdisruption, and provide technicalresponse support during energyemergencies. As originallyconceived, the Office has fourprinciple areas of management,which are:

1. Energy ReliabilityThe Office of Energy Assurancecoordinates Department ofEnergy policy development andintergovernmental, interagencyactivities related to the protectionand reliability of the nationalenergy infrastructure. The Officewill utilize longstandingrelationships with governmentand industry representatives todevelop a national strategy forenergy assurance and establish anational tracking and reportingprocess to assess the ongoingeffectiveness of the nationalstrategy, identifies shortfalls anddevelops corrective action plans;and coordinates efforts to expandcooperation on national energyinfrastructure with friendlynations, internationalorganizations and multinationalcorporations.

2. Energy EmergenciesThe Office of Energy Assuranceensures we are prepared tosupport states and industry effortsto plan for, respond to andmitigate actions that disrupt thenation’s energy supplies. ThisOffice’s primary missions aretwofold; first is the identificationof potential threats to the nationalenergy infrastructure, includingnatural disasters and industrialaccidents, and deliberate acts ofterror, sabotage. The Officemaintains an effectivecommunications and liaisonnetwork with the energy sector tofacilitate information flow duringemergencies and communicate

potential and actual threats to theappropriate authorities.

The second mission is to assist inthe development of federal energyemergency response plans. Incarrying out this function, OEAwill provide technical andprofessional assistance to statesand industries for thedevelopment of local and regionalresponse plans and conductreadiness exercises with statesand industry to assist inidentifying shortfalls prior toactual emergencies. Followingsuch exercises, the Office willcompile lessons learned duringthe conduct of emergencies andexercises for broad disseminationamong relevant industries andfacilities.

3. Energy InfrastructureThe Energy Assurance Teamworks with the companies whoseresources comprise the nation’senergy sector to improve theprotection of critical energyfacilities. The InfrastructureOffice works with the energysector to introduce new securitypractices into the energy sector.The Office also interfaces withthe DOE laboratory community tohelp identify and speedcommercialization of newtechnologies designed to enhancethe protection of sensitivefacilities.

4. InfrastructureInterdependenciesThe Office of Energy Assurancecontinued on page 13►


Governor Tom Ridge on Working with the Private Sector for Homeland Security

MR. SESNO: Governor, I'mdoing some work with GeorgeMason University's criticalinfrastructure project, and 85percent of the criticalinfrastructure of which you speakis owned by the private sector.How is this new department goingto work in different ways, onceyou pull it together, with theprivate sector, whether it's achemical plant someplace or anInternet service provider?

GOVERNOR RIDGE: We areclose to completing a strategy todeal with -- well, strategy doesn'tmean much to folks, so let me justdistill it. We've got a way forwardso that we can work with theprivate sector to assess howthey're vulnerable, to share bestpractices, to reduce theirvulnerability. And it will be oneof the primary functions of thisnew department because we'regoing to get a lot of informationin, a lot of threat information.We're going to have analystsworking -- not only inWashington -- but elsewhere,whose responsibility will be towork with the private sector toshore up those vulnerabilities.

The notion behind the President'sinitiative -- the notion behind thePresident's initiative was, first ofall we got to map thevulnerabilities in this country.And one of the provisions in thenew -- the legislation that createdthe department was a freedom ofinformation exemption. So thatwhen we're working with theprivate sector and we're asking

them -- and they work veryclosely with us -- but we need toknow where you view yourselvesas most vulnerable. That's notexactly information we want toshare with the rest of the world.So we have that Freedom ofInformation Act exemption.

We need to do a nationaloverview of our infrastructure,map vulnerabilities, then setpriorities, and then work with theprivate sector to reduce thevulnerabilities based on ourpriorities. One of the challengesthat I think we have -- if you don'tmind, Frank, let me just digresshere, just a for a minute -- all ofus, and we have to fulfill ourmission together, all of us -- thereis no conceivable way that thiscountry can harden every target,do everything humanly andtechnologically possible withregard to every person that comesacross the border, every piece ofcargo that comes across theborder, every potentialvulnerability in the private sectoror the public sector. We can't

Governor Tom Ridge

possibly do that. We're too open.We're too diverse. We're toolarge. It cannot be done. So theapproach that we have to take --all of us -- is manage the risk.Manage the risk based onvulnerabilities and consequence,manage the risk based on threatinformation that we receive --either generated within thiscountry or other sources that wehave around the world. There willbe a lot of very difficult andchallenging decisions that we'regoing to have to make in this newdepartment. But we have tomanage the risk. And we'll do thatusing your judgment, using thebest scientific analysis that wecan get. We'll use it doingmodeling.

One of the pieces of the newdepartment provides for us to beable to set up some modeling atnational labs or academic labs sowe can make differentassessments about different kindsof vulnerabilities and differentkinds of consequences if one ofthose vulnerabilities is hit. So,again, we're going to manage therisk. We can do it. But I think wejust have to remind ourselves thatwe are a large, open, diverse,trusting country, and we shouldn'tkid ourselves as to our capacity ofbeing able to be immune foreverfrom everything. I think we allunderstand that.

One thing we do know about howthe terrorists act, though, you startmoving to protect a particularsector or building or target, they'llcontinued on page 18►


DEPARTMENT OF THETREASURY:

Study of the Impact of Threatof Terrorism on

Availability of Group LifeInsurance

SUMMARY: Recently enactedterrorism insurance legislationrequires the Secretary of theTreasury (Treasury) to study, onan expedited basis, whetheradequate and affordablecatastrophe reinsurance for acts ofterrorism is available to lifeinsurers in the United States thatissue group life insurance, and theextent to which the threat ofterrorism is reducing theavailability of group lifeinsurance for consumers in theUnited States. To assist in thisstudy, the Treasury is solicitingcomments on a number ofquestions listed on page 76209 ofthe December 11, 2002 issue ofthe Federal Register. Commentsmust be in writing and receivedby January 10, 2003.

CYBER DEFENDERS – An Exercise to EducateTomorrow’s Corporate Leaders

by Gerald Martin, Chief, Technical Analysis Branch, JTF-CNO

A crippling cyber attack on thenation’s energy infrastructure, adevastating cyber intrusion in theFinancial Services Sector….couldit have been prevented, how couldthe sectors have detected it?Those are the issues at the verycore of the cybersecurityconundrum.

Scarcely over two years ago, theUnited States service academiesrecognized this ominous threat inthe cyber arena and designed aCyber Defense Exercise toenhance the InformationAssurance curriculum. WithNational Security Agencysponsorship, the exercisechallenged cadets by teachinginformation assurance conceptsand by preparing undergraduatesto “defend the network” againstprofessional security evaluators,known as Red Teams. Theexercise required them to not onlylearn and put into practice the

defense in depth concept but alsoto study and analyze hackers’tools and procedures. Given avariety of platforms and operatingsystems, the cadets investigatedand implemented defensivemeasures to protect their assets.After a preparatory period, theRed Team attacked theirimplementations using a pre-determined scoring system anddeclared the US MilitaryAcademy victorious both years.

The Department of Defense(DoD) is not the only network atrisk. The private sector and, infact, DoD, depends enormouslyon the Internet backbone. It maybe prudent for America’s collegesand universities to address thecritical shortage of informationsecurity specialists, indicated bynumerous studies and surveys,and what better way than toreplicate the enormouslysuccessful Cyber DefenseExercise model.

From the Federal Register:

DOE, continued from page 11has been designated to providefederal oversight to the NationalInfrastructure Simulation andAnalysis Center as a collaborativeeffort between the NationalLaboratories, the Office of EnergyAssurance, and other federalagencies. The NISAC, once fullyoperational, will provide afundamentally new technicalplanning and decision supportenvironment for the analysis ofcritical infrastructures, theirinterdependencies, vulnerabilities,and complexities for policy

analysis and emergency planning.NISAC will use distributedinformation systems architecturesto provide virtual analysiscapabilities that willaccommodate a large number ofproviders and a large number ofusers. Tasking for the NISAC willbe developed through aninteragency planning processchaired by the Department’sNISAC Administrator, whichincludes representatives of thelaboratories and industry and willensure the NISAC is truly anational asset meet national

strategy.

The Department of HomelandSecurity

The President’s legislativeproposal creating the Departmentof Homeland Security includesmoving the management of theNational Infrastructure Simulationand Analysis Center (NISAC) andother functions of the Office ofEnergy Assurance from DOE toDHS.

continued on page 14►


Governor Warner Announces Anti-Terrorism andSecurity Legislation at the CIPP

The Critical InfrastructureProtection Project hosted a pressconference given by VirginiaGovernor Mark Warner onDecember 9th. Governor Warnerannounced his anti-terrorism andsecurity legislation, which heplans to propose to the 2003General Assembly. CongressmanJim Moran and CongressmanTom Davis were also inattendance. The legislation is partof the Governor’s overall reformagenda for 2003 and it includesspecific securityrecommendations from his SecureVirginia Panel. "The security ofour citizens, our economic well-being and the stability of societydepend on our ability to adjust to21st-century threats," GovernorWarner said. “Fewresponsibilities of government aremore important than ensuringpublic safety and we are movingforward on a number of fronts toput common sense reforms inplace.”

The legislation includes broadrecommendations to enhanceVirginia’s security in a number ofways. Governor Warnerproposed enhanced informationsharing between the private sectorand the government to ensurecontinued operation of criticalinfrastructure in the event of anemergency. Data related to theprotection of private and publiccritical infrastructures would thusbe exempted from public release.Second, he proposed improvingmedical response in the event ofan emergency through thedevelopment and maintenance ofa database of VA medicalprofessionals, liability protectionsfor healthcare providers in theevent of a terrorist incident, anddrug distribution to citizens on alarge-scale. In addition, GovernorWarner’s plan includesimprovements for school safetyand enhanced background checksfor employees in sensitivepositions. Finally, a plan for theleadership of Virginia in a crisissituation is included. This wouldexpand the line of succession inthe event that the top leaders wereunable to govern.

The Critical Infrastructure Projectat George Mason was anappropriate site for GovernorWarner to announce his proposedlegislation. The Governor’sinitiatives to enhance security inVirginia are closely aligned withthe Project’s mission ofaddressing critical infrastructureissues.

DOE, continued from page 13The NISAC capability, onceestablished, will provide a uniquetool for planning and decision-making. The complexities of thephysical and cyberinterdependencies associated withthe national energy infrastructureare vast by themselves. Oncethose complexities are overlaidwith the other infrastructures,such as telecommunications, theinterdependency complexities riseto a level that they become anissue that must be addressed at anational level. The transfer of theNISAC into the Department ofHomeland Security will ensurethat requirements developmentand programmatic tasking forNISAC meet national priorities.DOE is planning to transferfunding and two staff members toDHS to provide programoversight for NISAC. DOE willcontinue to be a customer ofNISAC, seeking to utilize thisnational capability to supportEnergy Sector analysis.The transfer of the NISACadministrative functions with theOffice of Energy Assurance intoDHS will provide the newDepartment with an integratedmanagement structure to conductactivities associated withprotecting the National EnergyInfrastructure. The Office alsomanages a robust vulnerabilityassessment program that utilizesexpertise from the private sectorand the National Laboratorycomplex, plans for and supportsrestoration and recovery effortsfollowing natural disaster or actsof terrorism, assists states andindustry in all aspects of energyemergency planning and supportscontinued on page 18►


•

•

•

C•

•

•

c

Blue Cascades, continued from page 9critical services and relatedresponse and recovery actionsimpacted other interdependentinfrastructures, includingtransportation, emergencyservices—hospitals, mass care—and law enforcement. Cross-border issues and challenges werehighlighted. Relevant operationalinformation provided by aScenario Design Group made thescenario as realistic as possible.

The scenario provided an impetusfor participants to discussinfrastructure interdependenciesand infrastructure protection,mitigation, response, and recoveryrequirements across governmentagencies and the private sector.Participants grappled with a seriesof questions that enabled them toexplore how a complete disruptionor a service curtailment in oneinfrastructure could causecascading effects on otherinfrastructures, and howinfrastructure interdependenciescould exacerbate repair andrestoration efforts.

Overall, participants found thatBLUE CASCADES had met itsobjectives and were grateful forPNWER’s leadership andfacilitation role in identifying thechallenges raised by infrastructureinterdependencies. They foundthe exercise was particularlyeffective in illuminating what theyknow and don’t know aboutregional interdependencies, andthe preparedness gaps they needto address to create a disasterresistant/resilient region.Participants expressed the needfor further such multi-jurisdiction,

cross-national activities.

Key Findings

Infrastructure Interdependencies• Organizations represented

demonstrated at best a surface-level understanding ofinterdependencies and littleknowledge of the critical assetsof other infrastructures,vulnerabilities, and operationaldynamics of these regionalinterconnections, particularlyduring longer-term disruptions.

• Many participants initiallyassumed their organization’scontingency plans foraddressing natural disasters orisolated emergencies would beadequate in responding tosignificant terrorist attacks anddisruptions and multiple events.However, they came to realizethat interdependencies couldvoid or negate thoseassumptions.

• There was little recognition ofthe overwhelming dependencyupon IT-related resources tocontinue business operationsand execute recovery plans, andthe need for contingency plansin the event of loss or damage toelectronic systems.

Cooperation and Coordination• There was minimal coordination

of activities and little or nounderstanding of otherorganizations’ interests,response plans, or restorationpriorities.

• There was no region-widestrategy to strengthen security,enhance preparedness, orcoordinate emergency responsewithin and across sector and

jurisdictional boundaries. Law enforcement andindustry/private sectorcooperation and coordinationwere limited, with no forum tobring together key lawenforcement and securitypersonnel to share informationand discuss matters of mutualconcern.

U.S. and Canadian cooperationwas seen as limited in the areasof law enforcement, responseand recovery and informationsharing; at the same time, therewas a lack of understanding ofwhat cooperation does exist.

The range of services thatfederal civilian and defenseagencies could provide duringregional emergencies was notclear. Also, information waslacking on how regionalnational defense facilities, withsignificant dependencies oncommercial infrastructures,would coordinate with theseinfrastructures.

ommunications Participants had difficultyenvisioning a situation in whichthey would lose telephonic andinternet communication andlacked contingency plans towork around the problem.

Although many organizationshad radio back-up, it wasunclear how often these systemswere tested. Based on exercisediscussions, there would belittle if any interoperability withother stakeholdercommunications systems.

Law enforcement lacked aneffective way to disseminateand receive threat-related

ontinued on page 16►


•

•

C•

•

•

•

P•

c

Distinguished CIP ProjectScholar Vernon L. Smithreceiving his Nobel Prize inEconomics from His Majestythe King at the StockholmConcert Hall. George MasonUniversity is the only schoolin the Commonwealth ofVirginia with two NobelPrize winners. James M.Buchanan, Jr., DistinguishedProfessor Emeritus ofEconomics, was the 1986Nobel Laureate inEconomics.

Blue Cascades, continued from page 15information from private sectororganizations and utilities.

• There are no establishedprotocols or regional networksto facilitate rapid and reliabledissemination of outage-relatedinformation to criticalcommunity organizations andinfrastructures.

Resources• All sectors faced resource

constraints to various degrees,including critical componentsand equipment, and skilledpersonnel for recoveryactivities.

• Participants did not take intoaccount the demand on the partof other organizations andbusinesses to secure scarceadditional back-up powergeneration, including fuel forgenerators. They also did notappreciate the need to prioritizethose demands.

Reporting and Analysis• There is no common, continent-

wide alert system with threatlevels that have a correspondingset of actions required.

• The new color-coded alertsystem established by the U.S.Office of Homeland Securityappeared to be little understood,and conflicted withinfrastructure sector threatlevels.

• There is no mechanism forcross-border sharing of U.S. andCanadian threat- levelinformation or a common color-coded terrorist alert system.

• There are few, if any, regionalor industry-sectorclearinghouses for threat orincident-related information that

can be used for planning andresponse.

There are no dedicatedcommunication channels forinfrastructure stakeholders touse to report information tofederal, state/provincial, andlocal government agencies toprevent being swamped byrequests for status reports.

Modeling and simulationcapabilities do not yet existthat can help assess economicand other damage fromprolonged regionaldisruptions.

ommand and Control Roles and missions of thevarious government authoritiesat all levels in a large-scaleregional terrorist attack ordisruption were unclear.

Participants expressed concernover whether law enforcement

should take precedence overrestoration, citing designation ofcritical assets as crime scenesand failure to take into accounteconomic impacts ofcounterterrorism actions.

There is a general lack ofguidelines on preservation ofevidence within private sectororganizations.

Lines of authority were unclearamong the FBI and other U.S.and Canadian federal,state/provincial, and local lawenforcement entities, includingthe role of national defense.This was seen as particularlyproblematical regarding portsecurity.

ublic Information Coordination and disseminationof public information emergedas one of the greatest challenges



•

•

•

•

•

•

•

•

•

•

•

•

c

Blue Cascades, continued from page 16in a regional infrastructuredisaster that involved terrorism.

• Little attention was paid to theall-important “human factor”—that people will panic andbelieve rumors in the absence ofaccurate, instructiveinformation.

Selected Recommendations• Improve Understanding of

Regional Interdependenciesby undertaking region-wideidentification of what assetsare most critical, conductingphysical and cybervulnerability assessments, andidentifying/assessinginterdependencies.

• Develop a regional threatassessment approach thattakes into accountinternational and domesticadversaries, critical regionalassets, and vulnerabilities;leverage work done for Y2Kby jurisdictions and the privatesector.

• State/provincial and localgovernments should review,with private sector input,emergency response plans andmutual aid agreements toassure that terrorism andinterdependencies-relatedchallenges are addressed.

• Develop training modules;hold targeted workshops andexercises to further addressinterdependencies issuesraised in BLUE CASCADES(e.g., port security; protectionof the industrial base).

• Develop a secure, regionalclearinghouse forinterdependencies issues andrelated preparedness

information, including data onall regional exercises andtraining opportunities.

Undertake the development ofanalytic tools to providecredible damage assessmentsfor use in preparednessplanning and to assist inresponse and recovery.

Develop a regionalnuclear/radiologicalpreparedness program thattakes into account private andpublic sector security andresponse/remediation needs.

Utilize the Partnership forRegional InfrastructureSecurity to develop a commonterminology and preparednessplan for the region, facilitateexchange of information andmonitor the progress ofimplementation.

Consider the need for aUtilities Regional SecurityAssociation (URSA) underthe auspices of the PacificNorthwest Economic Regionmodeled along the lines of theCalifornia Utilities EmergencyAssociation. URSA wouldprovide a list of regionalpoints-of-contact in allstate/provincial, local, lawenforcement organizations andutilities, as well as a forum forplanning and coordination.

Establish a Maritime SecurityCoalition as part of a PortSecurity initiative to bring keystakeholders together andaddress unique port securityneeds

Foster development of jointU.S.-Canadian protocols,MOUs and collaborativeactivities to address significantlaw enforcement and

consequence managementissues, including research anddevelopment of analytic toolsand technologies to assessregional impacts and mitigatevulnerabilities.

Identify the range of federalcivilian and defense resourcesthat can be brought to bear toaddress regional response andrecovery needs.

Seek legislative support fornecessary policies andtechnical assistance programsto meet regional protection,mitigation, response andrecovery needs, includingtraining, exercises; also,information sharing (e.g.,relief from freedom ofinformation act and sunshinelaw requirements).

Explore options for, andestablish, a secure, region-wide commoncommunications network withsufficient redundancy andalternative systems.

Develop procedures tofacilitate the dissemination ofoutage-related informationexpeditiously to keyinfrastructures.

Establish stockpiles andprocedures for prioritizedaccess to electric powergenerators, other emergencyback-up equipment, and alsocritical components that wouldbe difficult to obtain in theshort-term.

Work with appropriategovernment organizations toput in place a common, public-private sector, continent- wide,alert system with threat levelsthat have standardized actions



The CIP Report is published by LegaWorks Incorporated focuses on the dliability, risk management, national sgovernment and industry officials on

If you would like to be added to the

Frank SesnoCIP Project Fellow

Blue Cascades, continued from page 17required.

• Set up a region-wide, cross-border threat informationexchange mechanism and threatdata repository.

• Delineate roles and missions ofgovernment authorities inregional terrorist-initiateddisruptions.

• Develop guidelines for lawenforcement and private sectororganizations outlining crisis andconsequence managementprocedures and priorities.

• Develop guidelines for effectiveand expeditious dissemination tothe public of information aboutoutages, including duration,resulting safety factors, andproviding instructions on whatthey should and should not do.Development of such proceduresshould take the “human factor”into account.

• Establish a mechanism tocoordinate public informationduring regional emergencies.

Standards, continued from page 10guidance and ISO 17,799.

• Security Planning: A programto enhance cyber securityplanning must now be part ofthe business process.

• Incident Response & BusinessContinuity: Seamlessrestoration of service – alwayspart of the businessenvironment – is now a corerequirement in the evolvingsecurity framework.

The FERC and the NERC havestructured rules to be enforcedthrough a “self-certification”process. According to theproposed rules, companies mustbegin to self-certify by February1, 2004. Absent the certification,customers will not be able toreceive transmission services, sonon-compliance is linked directlyto business drivers. The FERC isworking with relevant energysector stakeholders to develop aplan for enforcement of thecertification process. NERC hasproposed that budgetaryconstraints will not permit “morethan substantial compliance” byFY 2004 and has proposed a FY2005 deadline for robustcompliance expectations.

lNet Works, Inc. on behalf of the CIP Projeevelopment of information security laws anecurity, regulatory compliance, and privacy legal and policy reform in these complex ar

distribution list for The CIP Report, please s

DOE, continued from page 14the development of strategicenergy policies. The newDepartment of HomelandSecurity will thus have the abilityto directly access the expertiseassociated with the Office ofEnergy Assurance and thenational laboratories forassessments of the energy sector.In addition, the new HomelandSecurity Centers for Excellencewill provide the Department withdirect access to the capabilitiescurrently resident in the nationallaboratories for research andanalysis in other areas of thenation’s critical infrastructure.

Ridge, continued from page 12pull back. And we're going tohave to start thinking internallylike terrorists from time to time.But around this whole enterpriseis the notion of all of us workingtogether to manage the risk.

(From Remarks at a Town HallMeeting for Future Employees of theDepartment of Homeland Securityheld December 17, 2002 inWashington, DC)

ct. Formed in 1996, LegalNetd regulations with an emphasis on. LegalNet consults botheas.

end an e-mail to [email protected].

c The CIP Report

Documents

Transcript of c The CIP Report