I spoke with Bob Cummings yesterday in the airport.  Apparently, he has been working with DoE on a security project that he expects will be funded by them.  I believe this will be the digital certificate type of security the OSC has talked about in the past (the E-Marc proposal).  Instead of being used as originally intended to provide authentication functions for reservations and scheduling, it looks like it is being considered for securing informational items as well.  From what I understand, Pacific Northwest National Labs and Lockheed Martin have been in discussions with NERC about providing service under this DoE initiative.

He also stated that NERC plans to limit access to more data soon - perhaps as much as the entire NERC website, so that viewers must be registered with NERC, in order to do background checks and such before giving access. 

One caveat - Bob sometimes likes to inflate his work to make himself appear more important (check me out, I'm talking to DoE and big contractors), so this may really be a few casual phone calls and general statements, rather than any sort of formal project.  But given the action we've seen lately, it may be a real project we should be investigating further.  I expect that once the board gives the go ahead, NERC plans to run this through as quickly as possible and rush for a quick implementation.  

I would guess the likely approach is going to be, following an approving board decision, a relatively quick lockdown of their site, to be followed by a priority-one security infrastructure project like the one described in my first paragraph.  I would not be surprised if they also encourage other entities to lockdown their systems more tightly.  

I don't know if there is any real action we can take right now, but obviously, this draws more attention to the issue as we move forward into next week.  Obviously, please be discreet in mentioning these details, as I don't want Bob to get skittish.  These issues may not be confidential, but then again, they might.

Please also note that I did not include Dick Ingersoll on this communiqu?.  I am not sure under what disclosure policies he is still bound (if any).

Andy Rodriquez
Regulatory Affairs - Enron Corp.
andy.rodriquez@enron.com
713-345-3771 

 -----Original Message-----
From: 	Yeung, Charles  
Sent:	Friday, October 12, 2001 1:35 PM
To:	Shapiro, Richard; Steffes, James D.; Cromley, David
Cc:	Bestard, Jose; Ingersoll, Richard; Rodriquez, Andy
Subject:	Excerpt From MSNBC Article

WEB SITES REMOVE DOCUMENTS
U.S. government departments and agencies also have been stripping a wide range of documents from Web sites in recent days because of perceived threats to such critical systems as pipelines, water supply stations and power plants. 
The Nuclear Regulatory Commission, for instance, took down its entire Web site Thursday to review its content for "information that might be useful to adversaries," said spokeswoman Rosetta Virgilio. 
She said many other federal agencies also appeared to be in the process of removing such information from their sites. 
The Transportation Department's Bureau of Transportation Statistics has cut off public access to databases used for mapping because of stepped-up concern about U.S. transportation infrastructure. 
The Environmental Protection Agency has dismantled its risk-management Web site, which contains general information about emergency plans and chemicals used at 15,000 sites nationwide.