Emerson Ovation User Group BOD Meeting
Upcoming SlideShare
Loading in...5
×
 

Emerson Ovation User Group BOD Meeting

on

  • 502 views

 

Statistics

Views

Total Views
502
Views on SlideShare
502
Embed Views
0

Actions

Likes
0
Downloads
4
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Emerson Ovation User Group BOD Meeting Emerson Ovation User Group BOD Meeting Presentation Transcript

    • National Electric SectorCybersecurity Organization Patrick C Miller, President and CEO April 14 2011 Emerson Ovation User Group Board of Directors Meeting
    • ELECTRIC SECTORSECURITY: CURRENT STATE
    • Advantage: Adversaries• Security approaches favor new installations, legacy environments are still vulnerable• Very difficult to replace/patch in-service devices• Isolation has diminishing security value• Security products vs. buying secure products• Engineering (N-1) and Security are different – Nature may be sophisticated, but it isn’t malicious• Hackers don’t use a compliance checklist – Following a compliance checklist won’t make you secureThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 2
    • Advantage: Attackers• Intelligent, adaptive adversaries exist• Cyberwar: – Stuxnet is a game changer, sets the new bar• Espionage: – Project, market and customer data• Organized crime: – Same old tricks, new platformThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 3
    • Advantage: Adversaries• Google search for “APT” – 34 hits in Jul 09 – 169 hits in Jan 10 – 1.4M+ today• Google search for “cyber war” – 416 hits Dec 09 – 1.4M hits Feb 10 – 2.7M+ hits today• Welcome to the cyberarms raceThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 4
    • SHODAN, ERIPP, ETCThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 5
    • SHODAN, ERIPP, ETC Berkeley Cyclotron HMI imagesThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 6
    • The “Air-Gap” MythThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 7
    • TwitBookBlogosphereThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 8
    • There’s An App For That• “Get mobile access to your control system via an iPhone, iPad, Android and other smartphones and tablet devices. The Ignition Mobile Module gives you instant access to any HMI / SCADA project created with the Ignition Vision Module.”The National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 9
    • HMI In The Cloud“Use any standard browser on anydevice to access HMI. Nodownloads, no tedious installs, noplug-ins. Login and you have theHMI in your hands wherever youare: factory cafeteria, or parkinglot, or on the beach, or even thegolf course!”“GoToMyHMI provides Secure, Easy and Fast accessfrom any Browser to InstantHMI 6.0, ready to serve youon the cloud today. Remotely Monitor, ACK Alarms andControl your HMI for one low flat fee.”The National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 10
    • Public DomainThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 11
    • Research and Disclosure46 zero-day SCADA vulnerabilities issued a two-weekspanThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 12
    • Research and Disclosure• October 24, 2010, 12:39PM, Threat Post – SCADA Vendors Still Need Security Wake Up Call • http://threatpost.com/en_us/blogs/scada-vendors-still-need-security-wake-call-102410 – “Please don’t waste my time”• October 28, 2010: ICSJWG Seattle Meeting – Invensys, IOActive, ICS-CERT presented on case study on Wonderware vulnerability• Disclosure positions are hotly debatedThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 13
    • From Obscurity To Novelty• Smart Meter hacking• Hacking cookbooks• Metasploit, Core Impact, etc• Fuzzers• Supply chain attacks• Manuals available in all languages on InternetThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 14
    • Shiny Object• Shiny object for the mass media• 60 minutes• Wall Street Journal, National Journal, CNN• Too many IT trade publications to name• Blockbuster films• Prime time television shows• Social Media (blogosphere, Twitter)The National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 15
    • Economic Drivers• Recession economy brings unique challenges• Decreased participation working groups and conferences• Static or shrinking headcount; increased workload• Downsizing, pay freezes, etc increase insider threat• Decreased spending on new equipment• Older products extended beyond intended lifespanThe National Electric Sector Cybersecurity Organization• Security more expensive for customers and(NESCO) is a DOE-funded EnergySec Program 16
    • People Problem• Humans are the weakest link in any security system – Passwords for candy; Social engineering• Humans are also the strongest link – The Aware Person System (APS) – ICS culture shift is very slow, but powerful• Danger: untrained operators of power tools can cause significant damage – Increasing complexity = training treadmillThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 17
    • Back In The Good Old Days• Pneumatic, electromechanical, analog• Telephone meant POTS or “bat phone” – no VoIP• No Internet• Less automation• Less complexity• Proprietary• Long life spanThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 18
    • ICS Gen-X• Automation, more complexity• Internet Protocol (TCP/UDP/etc)• Data, more data and even more data• Processing power, memory, bandwidth• Interconnected business• Migration from flat to segmented networks• COTS software and hardware• Increasingly shorter lifespansThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 19
    • Millennium Systems• Highly digital, highly complex• Highly interconnected, highly layered• Bitflocking, dynamic emergent behavior• New protocols• New interdependencies• Homogenization• Innovation treadmill; constant lifespan fluxThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 20
    • Current Landscape• Regulatory compliance is stealing the show• Mixing legacy and bleeding edge tech is difficult• Logical distance between kinetic endpoint and HMI is exponentially increasing; “hyperembeddedness”• Many vendors are forced to put features ahead of security due to market conditions• Researchers and hackers know all of this and more• Sufficient motive, means and opportunity exist toThe National Electric Sector Cybersecurity Organization take the threat seriously(NESCO) is a DOE-funded EnergySec Program 21
    • NATIONAL ELECTRIC SECTORCYBERSECURITYORGANIZATION
    • History• 7/2004: EnergySec founded as E-Sec NW• 1/2008: SANS Information Sharing Award• 12/2008: Incorporated as EnergySec• 10/2009: 501(c)(3) nonprofit determination• 4/2010: EnergySec applied for National Electric Sector Cybersecurity Organization (NESCO) FOA• 7/2010: NESCO grant award from DOE• 10/2010: NESCO became operationalThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 23
    • What Is The NESCO?• Mission: Lead a broad-based, public-private partnership to improve electric sector energy systems cyber security; become the security voice of the electric industry• Goals: – Identify and disseminate common, effective cyber security practices – Analyze, monitor and relay infrastructure threat information – Focus cybersecurity research and development priorities – Work with federal agencies to improve electric sector cyber security – Encourage key electric sector supplier and vendor support / interactionThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 24
    • Participant Statistics 651 members from 167 organizations US Nameplate Generation US Residential Distribution 74% 60%The National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 25
    • Holy Grail: Info Sharing• Many asset owners are already sharing• Challenges: – Increase and improve asset-owner sharing – Establish two-way sharing from the government and vendor segments – Connect/harmonize all of the existing cybersecurity efforts and minimize duplication – Turn the tide of negative perception on industry security postureThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 26
    • Connect and SupportThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 27
    • Public-Private Perceptions• Government moves too slowly, over-classifies and narrowly distributes• Industry can’t protect the shared information and doesn’t respond appropriately• Lack of parity in degree and quality of information shared in both directions• Differing goals and motivation between Government and IndustryThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 28
    • How Does This Work? • Sharing requires trust • Trust is built on relationships • NESCO fosters trustworthy relationships – Bringing people together – Flexible technology options to extend and enhance relationships – Organic growth; birds of a featherThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 29
    • NESCO Outreach• NESCO outreach programs – Annual Summit (October 2011, San Diego) – Town Hall Meetings (April 27, Austin) – Voice Of The Industry Meetings (everywhere) – Interest Groups (Workforce Development, Forensics, etc) – Webinars, Briefings – Portal/Forums – Email distribution lists – Social mediaThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 30
    • NESCO Technology• Email distribution lists• Secure portal with forums• Secure instant messaging• Rapid notification mechanisms• Web collaboration• Resource repository*• Most technologies have non- attribution (anonymous) optionsThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 31
    • Resource Repository• Code snippets• IDS/attack signatures• Audit templates• Reference architectures• System configurations• Policy, process, procedure templates• Compliance practices• And more…The National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 32
    • Industry Collaboration• What works, what doesn’t• Informal benchmarking• Situational (tactical) awareness• Threat and vulnerability analysis• Shared/crowd-sourced resources (repository)• MentoringThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 33
    • Case Study: Tactical Aid• “Over the weekend between 13:00 - 15:00 and 19:00 - 20:00 PST we saw significant port scanning of our edge, originating from; 60.29.244.11…” – Great discussion of port scanning threats – Many follow up posts with yes/no indicators – Dumps of all activity from source addressThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 34
    • Case Study: Night Dragon• 2.9.11:1400 - McAfee reached out to NESCO with pre-release draft of Night Dragon white paper• 2.9.11:1747 - NESCO staff completed analysis, summarized paper and posted to secure portal• 2.10.11:0800 - NESCO & McAfee held joint technical call with over 60 attendees across NA – Dmitri Alperovitch, McAfees VP Threat Research – Technical talk, answered questions from members• 2.10.11:1200 - McAfee executive public call• NESCO utilities were reviewing the report over six hours prior to public releaseThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 35
    • Case Study: DOE Request• DOE was interested in getting informal "boots on the ground” feedback quickly – Question: Does an FBI report about a terrorist targeting various critical assets help strengthen the case for your organization to further improve physical or cyber security? Does it help the business case?• NESCO was able to collect responses without attribution and submit a response to DOE in a matter of a few days• DOE stated that this rapid method for informal questions and answers is very valuable to themThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 36
    • Case Study: Compliance• Much initial confusion and uncertainty around Regional compliance audits… – What is the auditor disposition? – What was the depth and breadth of questions? – What did they cover? – What failed and what succeeded?• Conference calls with entities willing to share• Real stories of audits were shared• Real documentation was sharedThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 37
    • NESCO Summary• Unique non-profit, independent, public-private information sharing organization• Focused on building trust through relationships• Security collaboration, facilitation and sharing hub• Flexible technology facilitates and catalyzes information and resource sharing efforts• Security voice of the electric sector• Supports existing successful programsThe National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 38
    • Questions? Non-profit. Independent. Trusted. Patrick C Miller, President and CEO patrick@energysec.org 503-446-1212The National Electric Sector Cybersecurity Organization(NESCO) is a DOE-funded EnergySec Program 39