Cyber Security Regulation in Brazilian Electric Power System

Diversity of the sector in the Brazilian electric power system, regulatory problems, and desired goals to enhance cybersecurity. Focus on minimizing impacts of incidents, implementing policies, promoting risk management, and fast response procedures.

• Cybersecurity
• Electricity Sector
• Regulation
• Brazilian Power System

chapdelaine_m Follow

Uploaded on Mar 12, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Cyber Security Cyber Security Regulation in Brazilian Electric Power System. Bruno Daniel Mazeto Regulatory specialist SRT Bras lia, March 24th of 2021

2. Diversity of the sector Distribution, Generation, Transmission Type of services; Monopoly vs. competition; State owned versus private companies. Commercialization Trading sector. CCEE, ONS (ISO - Independent System Operator) e EPE Several entities.

3. Diversity of the sector Distribution Largest with more than 11 million consumers Smallest with 1,000 consumers Transmission: Largest with revenue of R$ 2 billion Smallest with revenue of R$ 1.1 million Generation 5 MW to 14 GW Itaipu

4. Chronology Review of Grid Procedures, that included the cyber policies Operational requirement included in December 2016 2nd Public Hearing (with the RIA)* 1st Public Hearing in May/2020 ABRATE s Framework 2016 | 2017 | 2018 | 2019 | 2020 | 2021 ONS proposal dec/2019 ONS and Agent centers must have (...) technological resources to protect against cyber attacks. ONS Updated the Roadmap for Cybersecurity Evolution ANEEL Workshop in aug/2020 * CP 7/2021, opened until April 26th

5. Regulatory Problem, causes and consequences Risk of cybersecurity incidents in the Electric Power System. Causes: malicious and cybercriminal agents; lack of adequate security; connectivity; lack of specialized human resources. Consequences: supply disruption; inability to carry out technical, commercial or billing operations; Data loss.

6. General and specific objectives Minimize the impacts of cybersecurity incidents on the electric power system. Specific objectives: to implement cybersecurity policies; to encourage information sharing; to promote the management, assessment and treatment of cybersecurity risks; to accomplish cybersecurity maturity; to adopt segmentation policies among operating, corporate and other relevant networks, with Internet access control; to establish fast response procedures to contain cyber incidents.

7. Desired goals Increased resilience of ONS (Brazilian ISO) systems and agents connected to the Operator; maintenance of continuity in the provision of services; improvement in the management of cybersecurity incidents and in the sharing of information about those incidents; improving the governance of critical or relevant data; application of minimum technical cybersecurity standards.

8. Alternative solutions Alternative 1 (A1): Do not regulate; Alternative 2 (A2): To guide and disseminate cybersecurity best practices to industry players; Alternative 3 (A3): To regulate cybersecurity policy; Alternative 4 (A4): To regulate more prescriptive requirements for cybersecurity.

9. Alternative Choice Analysis Risk matrix Risk of cybersecurity incidents in the Electric Power System Muito Alta Very high A1 A2 Alta High Probabilidade Probability Moderada Moderate A3 A4 Baixa Low Muito Baixa Very low Baixo Low Muito Alto Very high Muito Baixo Very low Moderado Moderate Alto High Impacto Impact

10. Alternative choice analysis Evaluation Criteria Implementation time Degree of effort A2 Simplification A3 Administrative burden (89,5) Regulatory impact A1 (88,0) Applicability A4 Society acceptance (84,5) Political acceptance (70,9) Available technology Available knowledge Available resources

11. Decision matrix Alternatives Alternative 1 Alternative 2 Alternative 3 Alternative 4 Risk Analysis Position 4 3 1 1 Criteria Evaluation Position 3 1 2 4

12. Bruno Daniel Mazeto Regulatory specialist SRT Address: SGAN 603 M dulos I e J - Bras lia/DF Zip Code: 70830-110 Phone: 061 2192 8020 Help desk:167