SlideShare a Scribd company logo

Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Automation

Download as PPTX, PDF
EnergySec
EnergySec

The document discusses cyber threats and opportunities in the electric utility industry arising from increased automation. It notes that while the electric grid has not experienced a significant cyber-related outage, adversaries with the ability to cause outages currently lack motivation. It highlights challenges around securing critical infrastructure systems and controlling access as the industry moves towards cloud-based services, mobile access, and integration of distributed energy resources and smart grid technologies.

TechnologyBusiness
1 of 57
Hype, Hope, and Happenstance: Cyber Threats and Opportunities in an Age of Automation Georgia Distribution and Transmission Automation Group April 2, 2012 Forsyth, GA
A Quote Everybody talks about cybersecurity, but nobody does anything about it. -Mark Twain The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 2
A Question
A Hypothesis We have yet to see a significant cyber related outage in the North American power grid because those who have the ability to cause such, lack the motivation to do so. The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 4
About Me  Security Professional by choice  Nextel Communications 1997-2000  US Bank Information Security 2000-2001  PacifiCorp Security 2001-2009  WECC CIP Auditor 2009-2010  EnergySec (NESCO) 2010 - ?
I am not an Engineer
About EnergySec  7/2004: EnergySec founded as E-Sec NW  1/2008: SANS Information Sharing Award  12/2008: Incorporated as EnergySec  10/2009: 501(c)(3) nonprofit determination  4/2010: EnergySec applied for National Electric Sector Cybersecurity Organization (NESCO) FOA  7/2010: NESCO grant award from DOE  10/2010: NESCO became operational
The System Greatest engineering achievement of 21st century 1 Trillion watts of generation 850 Billion watts of transmission capacity 150,000 miles of high voltage transmission Ubiquitous Average uptime 99.995% (SAIDI = 244) The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 8
Smart Gridtopia The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 9
But what can I do with it? Distributed Generation Demand Response Market pricing at the consumer level Frequency Response (EVs) Renewables integration Micro Grids Energy Storage The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 10
Automation Automated Generation Control Special Protection Systems Synchrophasor Applications Load Shedding Advanced Metering Infrastructures Centralized Control Systems The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 11
There’s an App for That “Get mobile access to your control system via an iPhone, iPad, Android and other smartphones and tablet devices. The Ignition Mobile Module gives you instant access to any HMI / SCADA project created with the Ignition Vision Module.” The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 12
To The Cloud! “Use any standard browser on any device to access HMI. No downloads, no tedious installs, no plug-ins. Login and you have the HMI in your hands wherever you are: factory cafeteria, or parking lot, or on the beach, or even the golf course!” “GoToMyHMI provides Secure, Easy and Fast access from any Browser to InstantHMI 6.0, ready to serve you on the cloud today. Remotely Monitor, ACK Alarms and Control your HMI for one low flat fee.” The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 13
The Double-edged Sword Email Fraud/Phishing Facebook Privacy Online Banking Online Theft Computerized Trading Market Manipulation Smart Grid ??? The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 14
Attack Surface EMS Communication DMS Remote Access DCS Vendor Support E-Tagging Supply Chain Trading [HLWMV]ANs AGC The Cloud ICCP Mobile devices AMI SCADA The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 15
Logical Distance Increasing Clicky-clicky Whirly-whirly The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 16
Today’s Shiny Object Headline presentations at BlackHat/DefCon, DerbyCon, RootedCon, B Sides … Wall Street Journal, National Journal, CNN Too many IT trade publications to name Blockbuster films, prime time TV shows Person-on-the-street, Congress, White House The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 17
March 2012 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 18
From Obscurity to Novelty Smart Meter hacking Hacking cookbooks, fuzzers, sniffers, re versing Metasploit, Core Impact, etc Supply chain attacks Manuals available in all languages on Internet The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 19
Current Events Facebook Social Engineering Attack Strikes NATO http://www.informationweek.com/news/security/government/232602419 "The top military commander in NATO has been targeted by attackers wielding fake Facebook pages.” Teen Exploits Three Zero-Day Vulns for $60K Win in Google Chrome Hack Contest http://www.wired.com/threatlevel/2012/03/zero-days-for-chrome/ "The tall teen, who asked to be identified only by his handle “Pinkie Pie” … spent just a week and a half to find the vulnerabilities and craft the exploit, achieving stability only in the last hours of the contest.” The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 20
…To Name a Few The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 21
TwitBookBlogosphere The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 22
Cybersecurity Landscape The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 23
People are talking 6,750,000 results
Point, Click, Hack “In some scarier than your average security news, thanks to several Program Logic Controllers (PLC) exploits that were added to Metasploit today, "hacking SCADA systems can be push of a button easy," tweeted HD Moore, CSO of Rapid7 and Source: Network World (http://goo.gl/K5xZ7) Chief Architect of Metasploit.” The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 25
Vulnerability Disclosure The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 26
Vulnerabilities
Air-Gaps, Unicorns and Bigfoot The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 28
10,000 Reasons to Worry Source: www.wired.com/threatlevel/2012/01/10000-control-systems-online The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 29
Technology Landscape  A new digital world order  Lingering legacy  Widespread connectivity  Hyper-embeddedness  Cyber-kinetic impacts
Advantage: Adversaries Intelligent, adaptive adversaries exist, and they don’t follow the rules or compliance checklists
Advantage: Adversaries  Google search for “APT” – 34 hits in Jul 09 – 169 hits in Jan 10 – 1.2M+ hits June 11  Google search for “cyberwar” – 416 hits Dec 09 – 1.4M hits Feb 10 – 3.4M+ hits June 11  Welcome to the cyberarms race 9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 32
What to do? The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 33
Nothing New Under The Sun  Mature security practices; highly refined – Defense in Depth – Principle of Least Privilege – Segregation of Duties – Need to Know – Availability, Integrity and Confidentiality  No Silver Bullet, 100%, Total Security  Strong protection has never been easy, inexpensive or quick to implement (pick two) The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 34
Compliance The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 35
There ought to be a Law…???  Laws are reactionary, not visionary.
Regulatory Landscape  Posse Comitatus Act, 18 U.S.C. 1385  Antitrust Laws  Sherman Antitrus Act, 15 U.S.C. 1-7  Wilson Tariff Act 15, U.S.C. 8-11    Clayton Act 5 of the Federal Trade Commission (FTC), 15 U.S.C. 12-27 Clayton Act 5 of the Federal Trade Commission (FTC), 15 U.S.C. 45(a) National Institute of Standards and Technology (NIST), Act (p. 13) 15 U.S.C. 271 Yes, this is an eye-  chart to make a Radio Act of 1912  Federal Power Act (p. 13), 16 U.S.C. 791a et seq., 824 et seq.  Radio Act of 1927  Communications Act of 1934 (p.14), 47 U.S.C. 151 et seq.    National Security Act of 1947 (p. 15), 50 U.S.C. 401 et seq. US Information and Educational Exchange Act of 1948 (Smith-Mundt Act) (p. 15), 22 U.S.C. 1431 et seq. Defense Production Act of 1950, 50 U.S.C. App. 2061 et seq. point  State Department Basic Authorities Act of 1956 (p. 17), 22 U.S.C. 2651a  Brooks Automatic Data Processing Act  Freedom of Information Act (FOIA) (p. 17), 5 U.S.C. 552  Omnibus Crime Control and Safe Streets Act of 1968 (p. 19), 42 U.S.C. Chapter 46, 3701 to 3797ee-1  Racketeer Influenced and Corrupt Organizations Act (RICO) (p. 19), 18 U.S.C. Chapter 96, 1961-1968  Federal Advisory Committee Act (p. 20), 5 U.S.C. App., 1-16  War Powers Resolution, 50 U.S.C. Chapter 33, 1541-1548.  Privacy Act of 1974 (p. 20), 5 U.S.C. 552a  Foreign Intelligence Surveillance Act of 1978 (FISA), 18 U.S.C. 2511, 2518-9,  Foreign Intelligence Surveillance Act of 1978 (FISA), 50 U.S.C. Chapter 36, 1801-1885c  Privacy Protection Act of 1980, 42 U.S.C. Chapter 21A, 2000aa-5 to 2000aa-12  Counterfeit Access Device and Computer Fraud and Abuse Act of 1984 (p. 21), 18 U.S.C. 1030  Computer Fraud and Abuse Act of 1986, 18 U.S.C. 1030  Electronic Communications Privacy Act of 1986 (ECPA) (p. 22), 18 U.S.C. 2510- 2522, 2701-2712, 3121-3126  Department of Defense Appropriations Act, 1987 (p. 24), 10 U.S.C. 167  Computer Security Act of 1987, 15 U.S.C. 272, 278g-3, 278g-4, 278h  Computer Matching and Privacy Protection Act of 1988, 5 U.S.C. 552a  High Performance Computing Act of 1991 (p. 24), 15 U.S.C. Chapter 81  Communications Assistance for Law Enforcement Act (CALEA) of 1994 (p. 26), 47 U.S.C. 1001 et seq.  Source: Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions, Eric A. Fischer, Senior Specialist in Science and Technology December 22, 2011 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 37
Regulation is Futile Regulation kills creativity, innovation, a nd passion, all of which are needed to achieve success in cybersecurity.
NERC CIP in 30 Seconds CIP-002 - Figure out what needs to be protected CIP-003 - Establish policy and programs CIP-004 - Address personnel issues CIP-005 - Create electronic perimeters CIP-006 - Create physical perimeters CIP-007 - Provide system level security CIP-008 - Figure out how to respond to incidents CIP-009 - Figure out how to recover from TM EnergySec The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 3 9
Action vs. Attitude You can prescribe action, but not attitude
Activity vs. Outcome Are we doing/requiring the right things?
Backwards?… Maybe so Compliance spending increasing sharply while security spending is increasing slowly. Companies find $$ for compliance while cutting other critical areas.
Leverage NERC CIP CIP spending 25% of IT security budgets Get Smarter about spending Integrate Decisions (IT- Ops– Compliance) Secure solutions + Compliance
Misthinking It Can’t Happen
It Can’t Happen  This is nearly always FALSE  Attackers are always seeking (and finding) new ways to compromise technology  Obscurity is not a defense.
DNS Exfiltration If you can resolve a DNS name on a system… Technique is being actively used in the wild In many cases, detection is the only defense
Flank Attacks RSA – Stolen 2-factor auth token data Industrial Espionage/Supply Chain Certificate Authorities Corporate Networks Partner Networks The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 47
Organized Attackers Underground markets Criminal infrastructure Botnets Attackers for hire The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 48
It Won’t Happen  It most cases, this is TRUE, but we don’t know which ones  Somebody WILL be compromised.  Everybody MIGHT be compromised  We are becoming a target
The Wildebeest Defense Yes, there are lions, but there are so many of us that the chances I’ll get eaten are small Can effective against isolated threats, but doesn’t help against common maladies Doesn’t work if you’re slow or weak
There may be more lions than you think  HBGary  RSA  Sony  Lockheed Martin  NASDAQ
It won’t matter Kinetic impacts Economic impacts Reputational impacts Others?
What is Critical?
Culturing Security Treat security like safety The basics shouldn’t be magic Distribute the load Security is everyone’s job Social engineering is a waste of time Focus on the solution: training & awareness The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 54
No 100% Prevention The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 55
And Finally “The rumors of my death have been greatly exaggerated.” -Mark Twain The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 56
Thank You! Steven H Parker V.P. Technology Research and Projects, EnergySec Co-Principal Investigator, National Electric Sector Cybersecurity Organization steve@energysec.org 503.446.1214 (desk) @es_shp (twitter) www.energysec.org The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 57

Recommended

EnergySec & NESCO Overview
EnergySec & NESCO OverviewEnergySec & NESCO Overview
EnergySec & NESCO OverviewEnergySec
 
Emerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEmerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEnergySec
 
EnergySec and the NESCO overview
EnergySec and the NESCO overviewEnergySec and the NESCO overview
EnergySec and the NESCO overviewEnergySec
 
CT IRP Grid Security 9 20 11rev1
CT IRP Grid Security 9 20 11rev1CT IRP Grid Security 9 20 11rev1
CT IRP Grid Security 9 20 11rev1jgordes
 
Don't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampDon't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampEnergySec
 
White House Smart Grid Strategy for 21st Century
White House Smart Grid Strategy for 21st CenturyWhite House Smart Grid Strategy for 21st Century
White House Smart Grid Strategy for 21st CenturyUCSD-Strategic-Energy
 
One Security Device to Rule Them All
One Security Device to Rule Them AllOne Security Device to Rule Them All
One Security Device to Rule Them AllInnoTech
 
Fortune Smart Grid Final
Fortune Smart Grid FinalFortune Smart Grid Final
Fortune Smart Grid Finalhtepper
 

Recommended

EnergySec & NESCO Overview
EnergySec & NESCO OverviewEnergySec & NESCO Overview
EnergySec & NESCO OverviewEnergySec
 
Emerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEmerson Ovation User Group BOD Meeting
Emerson Ovation User Group BOD MeetingEnergySec
 
EnergySec and the NESCO overview
EnergySec and the NESCO overviewEnergySec and the NESCO overview
EnergySec and the NESCO overviewEnergySec
 
CT IRP Grid Security 9 20 11rev1
CT IRP Grid Security 9 20 11rev1CT IRP Grid Security 9 20 11rev1
CT IRP Grid Security 9 20 11rev1jgordes
 
Don't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampDon't Get Hacked! Cybersecurity Boot Camp
Don't Get Hacked! Cybersecurity Boot CampEnergySec
 
White House Smart Grid Strategy for 21st Century
White House Smart Grid Strategy for 21st CenturyWhite House Smart Grid Strategy for 21st Century
White House Smart Grid Strategy for 21st CenturyUCSD-Strategic-Energy
 
One Security Device to Rule Them All
One Security Device to Rule Them AllOne Security Device to Rule Them All
One Security Device to Rule Them AllInnoTech
 
Fortune Smart Grid Final
Fortune Smart Grid FinalFortune Smart Grid Final
Fortune Smart Grid Finalhtepper
 
David Goodman - IEEE VTS UKRI - Can cellular networks keep up with the growth...
David Goodman - IEEE VTS UKRI - Can cellular networks keep up with the growth...David Goodman - IEEE VTS UKRI - Can cellular networks keep up with the growth...
David Goodman - IEEE VTS UKRI - Can cellular networks keep up with the growth...Keith Nolan
 
Eaton U.S. Blackout Tracker 2011 Annual Report
Eaton U.S. Blackout Tracker 2011 Annual ReportEaton U.S. Blackout Tracker 2011 Annual Report
Eaton U.S. Blackout Tracker 2011 Annual ReportMike DeCamp
 
Power the Fight-Microgrid Report__Fall 2012
Power the Fight-Microgrid Report__Fall 2012Power the Fight-Microgrid Report__Fall 2012
Power the Fight-Microgrid Report__Fall 2012milosexp
 
Wireless power through magnetic induction
Wireless power through magnetic inductionWireless power through magnetic induction
Wireless power through magnetic inductionNathan Baughman
 
Electro Sensitivity Briefing by Cell Wellbeing
Electro Sensitivity Briefing by Cell WellbeingElectro Sensitivity Briefing by Cell Wellbeing
Electro Sensitivity Briefing by Cell WellbeingNaturally Healthy Wellness
 
Smart grid technology selection for islands in indonesia
Smart grid technology selection for islands in indonesiaSmart grid technology selection for islands in indonesia
Smart grid technology selection for islands in indonesiaKonservasi Beduatekae
 
Adaptive Energy_Future of Electic Utility
Adaptive Energy_Future of Electic UtilityAdaptive Energy_Future of Electic Utility
Adaptive Energy_Future of Electic UtilityPaul Evans
 
Bridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITBridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITEnergySec
 
TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription WebinarEnergySec
 
The Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsThe Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsEnergySec
 
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...EnergySec
 
NESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingNESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingEnergySec
 
NESCO Year 2 Overview
NESCO Year 2 OverviewNESCO Year 2 Overview
NESCO Year 2 OverviewEnergySec
 
EISS Cybersecurity Briefing
EISS Cybersecurity BriefingEISS Cybersecurity Briefing
EISS Cybersecurity BriefingEnergySec
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...TheAnfieldGroup
 
Interoperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveInteroperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveEnergySec
 
Next Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorNext Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorEnergySec
 
Next Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorNext Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorEnergySec
 
NESCO: A Closer Look
NESCO: A Closer LookNESCO: A Closer Look
NESCO: A Closer LookEnergySec
 
seminar ppt.pptx
seminar ppt.pptxseminar ppt.pptx
seminar ppt.pptxSuprithC2
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C KNarinrit Prem-apiwathanokul
 
Capstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid SecurityCapstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid Securityreuben_mathew
 

More Related Content

What's hot

David Goodman - IEEE VTS UKRI - Can cellular networks keep up with the growth...
David Goodman - IEEE VTS UKRI - Can cellular networks keep up with the growth...David Goodman - IEEE VTS UKRI - Can cellular networks keep up with the growth...
David Goodman - IEEE VTS UKRI - Can cellular networks keep up with the growth...Keith Nolan
 
Eaton U.S. Blackout Tracker 2011 Annual Report
Eaton U.S. Blackout Tracker 2011 Annual ReportEaton U.S. Blackout Tracker 2011 Annual Report
Eaton U.S. Blackout Tracker 2011 Annual ReportMike DeCamp
 
Power the Fight-Microgrid Report__Fall 2012
Power the Fight-Microgrid Report__Fall 2012Power the Fight-Microgrid Report__Fall 2012
Power the Fight-Microgrid Report__Fall 2012milosexp
 
Wireless power through magnetic induction
Wireless power through magnetic inductionWireless power through magnetic induction
Wireless power through magnetic inductionNathan Baughman
 
Electro Sensitivity Briefing by Cell Wellbeing
Electro Sensitivity Briefing by Cell WellbeingElectro Sensitivity Briefing by Cell Wellbeing
Electro Sensitivity Briefing by Cell WellbeingNaturally Healthy Wellness
 
Smart grid technology selection for islands in indonesia
Smart grid technology selection for islands in indonesiaSmart grid technology selection for islands in indonesia
Smart grid technology selection for islands in indonesiaKonservasi Beduatekae
 
Adaptive Energy_Future of Electic Utility
Adaptive Energy_Future of Electic UtilityAdaptive Energy_Future of Electic Utility
Adaptive Energy_Future of Electic UtilityPaul Evans
 

What's hot (7)

David Goodman - IEEE VTS UKRI - Can cellular networks keep up with the growth...
David Goodman - IEEE VTS UKRI - Can cellular networks keep up with the growth...David Goodman - IEEE VTS UKRI - Can cellular networks keep up with the growth...
David Goodman - IEEE VTS UKRI - Can cellular networks keep up with the growth...
 
Eaton U.S. Blackout Tracker 2011 Annual Report
Eaton U.S. Blackout Tracker 2011 Annual ReportEaton U.S. Blackout Tracker 2011 Annual Report
Eaton U.S. Blackout Tracker 2011 Annual Report
 
Power the Fight-Microgrid Report__Fall 2012
Power the Fight-Microgrid Report__Fall 2012Power the Fight-Microgrid Report__Fall 2012
Power the Fight-Microgrid Report__Fall 2012
 
Wireless power through magnetic induction
Wireless power through magnetic inductionWireless power through magnetic induction
Wireless power through magnetic induction
 
Electro Sensitivity Briefing by Cell Wellbeing
Electro Sensitivity Briefing by Cell WellbeingElectro Sensitivity Briefing by Cell Wellbeing
Electro Sensitivity Briefing by Cell Wellbeing
 
Smart grid technology selection for islands in indonesia
Smart grid technology selection for islands in indonesiaSmart grid technology selection for islands in indonesia
Smart grid technology selection for islands in indonesia
 
Adaptive Energy_Future of Electic Utility
Adaptive Energy_Future of Electic UtilityAdaptive Energy_Future of Electic Utility
Adaptive Energy_Future of Electic Utility
 

Similar to Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Automation

Bridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITBridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITEnergySec
 
TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription WebinarEnergySec
 
The Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsThe Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsEnergySec
 
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...EnergySec
 
NESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingNESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingEnergySec
 
NESCO Year 2 Overview
NESCO Year 2 OverviewNESCO Year 2 Overview
NESCO Year 2 OverviewEnergySec
 
EISS Cybersecurity Briefing
EISS Cybersecurity BriefingEISS Cybersecurity Briefing
EISS Cybersecurity BriefingEnergySec
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...TheAnfieldGroup
 
Interoperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveInteroperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveEnergySec
 
Next Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorNext Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorEnergySec
 
Next Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorNext Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorEnergySec
 
NESCO: A Closer Look
NESCO: A Closer LookNESCO: A Closer Look
NESCO: A Closer LookEnergySec
 
seminar ppt.pptx
seminar ppt.pptxseminar ppt.pptx
seminar ppt.pptxSuprithC2
 
Capstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid SecurityCapstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid Securityreuben_mathew
 
Thursday Sponsor Conf
Thursday Sponsor Conf Thursday Sponsor Conf
Thursday Sponsor Conf Bessie Wang
 
Uniken Presentation for IT Minister @iSPIRT Event - Conclave for India as Pro...
Uniken Presentation for IT Minister @iSPIRT Event - Conclave for India as Pro...Uniken Presentation for IT Minister @iSPIRT Event - Conclave for India as Pro...
Uniken Presentation for IT Minister @iSPIRT Event - Conclave for India as Pro...ProductNation/iSPIRT
 

Similar to Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Automation (20)

Bridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and ITBridging the Gap: Between Operations and IT
Bridging the Gap: Between Operations and IT
 
TAC Subscription Webinar
TAC Subscription WebinarTAC Subscription Webinar
TAC Subscription Webinar
 
The Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity RequirementsThe Expanding Web of Cybersecurity Requirements
The Expanding Web of Cybersecurity Requirements
 
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
What's "Smart" Got to Do With It?: A technical overview of Advanced Metering ...
 
NESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD MeetingNESCO Overview: Emerson Ovation User Group BOD Meeting
NESCO Overview: Emerson Ovation User Group BOD Meeting
 
NESCO Year 2 Overview
NESCO Year 2 OverviewNESCO Year 2 Overview
NESCO Year 2 Overview
 
EISS Cybersecurity Briefing
EISS Cybersecurity BriefingEISS Cybersecurity Briefing
EISS Cybersecurity Briefing
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
 
Interoperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business PerspectiveInteroperability, Standards and Cybersecurity: A Business Perspective
Interoperability, Standards and Cybersecurity: A Business Perspective
 
Next Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric SectorNext Generation Information Sharing for the Electric Sector
Next Generation Information Sharing for the Electric Sector
 
Next Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric SectorNext Generation Information Sharing For The Electric Sector
Next Generation Information Sharing For The Electric Sector
 
NESCO: A Closer Look
NESCO: A Closer LookNESCO: A Closer Look
NESCO: A Closer Look
 
seminar ppt.pptx
seminar ppt.pptxseminar ppt.pptx
seminar ppt.pptx
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C K
 
Capstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid SecurityCapstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid Security
 
Capstone Paper
Capstone PaperCapstone Paper
Capstone Paper
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issues
 
Thursday Sponsor Conf
Thursday Sponsor Conf Thursday Sponsor Conf
Thursday Sponsor Conf
 
Mechatriks 2014 Projects "Mad 2014"
Mechatriks 2014 Projects "Mad 2014"Mechatriks 2014 Projects "Mad 2014"
Mechatriks 2014 Projects "Mad 2014"
 
Uniken Presentation for IT Minister @iSPIRT Event - Conclave for India as Pro...
Uniken Presentation for IT Minister @iSPIRT Event - Conclave for India as Pro...Uniken Presentation for IT Minister @iSPIRT Event - Conclave for India as Pro...
Uniken Presentation for IT Minister @iSPIRT Event - Conclave for India as Pro...
 

More from EnergySec

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...EnergySec
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyEnergySec
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...EnergySec
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementEnergySec
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachEnergySec
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!EnergySec
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleEnergySec
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsEnergySec
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...EnergySec
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...EnergySec
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueEnergySec
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?EnergySec
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherEnergySec
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherEnergySec
 

More from EnergySec (20)

Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
 
Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With Scissors
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational Value
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working Together
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each Other
 

Recently uploaded

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 

Recently uploaded (20)

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 

Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Automation

  • 1. Hype, Hope, and Happenstance: Cyber Threats and Opportunities in an Age of Automation Georgia Distribution and Transmission Automation Group April 2, 2012 Forsyth, GA
  • 2. A Quote Everybody talks about cybersecurity, but nobody does anything about it. -Mark Twain The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 2
  • 4. A Hypothesis We have yet to see a significant cyber related outage in the North American power grid because those who have the ability to cause such, lack the motivation to do so. The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 4
  • 5. About Me  Security Professional by choice  Nextel Communications 1997-2000  US Bank Information Security 2000-2001  PacifiCorp Security 2001-2009  WECC CIP Auditor 2009-2010  EnergySec (NESCO) 2010 - ?
  • 6. I am not an Engineer
  • 7. About EnergySec  7/2004: EnergySec founded as E-Sec NW  1/2008: SANS Information Sharing Award  12/2008: Incorporated as EnergySec  10/2009: 501(c)(3) nonprofit determination  4/2010: EnergySec applied for National Electric Sector Cybersecurity Organization (NESCO) FOA  7/2010: NESCO grant award from DOE  10/2010: NESCO became operational
  • 8. The System Greatest engineering achievement of 21st century 1 Trillion watts of generation 850 Billion watts of transmission capacity 150,000 miles of high voltage transmission Ubiquitous Average uptime 99.995% (SAIDI = 244) The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 8
  • 9. Smart Gridtopia The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 9
  • 10. But what can I do with it? Distributed Generation Demand Response Market pricing at the consumer level Frequency Response (EVs) Renewables integration Micro Grids Energy Storage The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 10
  • 11. Automation Automated Generation Control Special Protection Systems Synchrophasor Applications Load Shedding Advanced Metering Infrastructures Centralized Control Systems The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 11
  • 12. There’s an App for That “Get mobile access to your control system via an iPhone, iPad, Android and other smartphones and tablet devices. The Ignition Mobile Module gives you instant access to any HMI / SCADA project created with the Ignition Vision Module.” The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 12
  • 13. To The Cloud! “Use any standard browser on any device to access HMI. No downloads, no tedious installs, no plug-ins. Login and you have the HMI in your hands wherever you are: factory cafeteria, or parking lot, or on the beach, or even the golf course!” “GoToMyHMI provides Secure, Easy and Fast access from any Browser to InstantHMI 6.0, ready to serve you on the cloud today. Remotely Monitor, ACK Alarms and Control your HMI for one low flat fee.” The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 13
  • 14. The Double-edged Sword Email Fraud/Phishing Facebook Privacy Online Banking Online Theft Computerized Trading Market Manipulation Smart Grid ??? The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 14
  • 15. Attack Surface EMS Communication DMS Remote Access DCS Vendor Support E-Tagging Supply Chain Trading [HLWMV]ANs AGC The Cloud ICCP Mobile devices AMI SCADA The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 15
  • 16. Logical Distance Increasing Clicky-clicky Whirly-whirly The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 16
  • 17. Today’s Shiny Object Headline presentations at BlackHat/DefCon, DerbyCon, RootedCon, B Sides … Wall Street Journal, National Journal, CNN Too many IT trade publications to name Blockbuster films, prime time TV shows Person-on-the-street, Congress, White House The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 17
  • 18. March 2012 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 18
  • 19. From Obscurity to Novelty Smart Meter hacking Hacking cookbooks, fuzzers, sniffers, re versing Metasploit, Core Impact, etc Supply chain attacks Manuals available in all languages on Internet The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 19
  • 20. Current Events Facebook Social Engineering Attack Strikes NATO http://www.informationweek.com/news/security/government/232602419 "The top military commander in NATO has been targeted by attackers wielding fake Facebook pages.” Teen Exploits Three Zero-Day Vulns for $60K Win in Google Chrome Hack Contest http://www.wired.com/threatlevel/2012/03/zero-days-for-chrome/ "The tall teen, who asked to be identified only by his handle “Pinkie Pie” … spent just a week and a half to find the vulnerabilities and craft the exploit, achieving stability only in the last hours of the contest.” The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 20
  • 21. …To Name a Few The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 21
  • 22. TwitBookBlogosphere The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 22
  • 23. Cybersecurity Landscape The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 23
  • 24. People are talking 6,750,000 results
  • 25. Point, Click, Hack “In some scarier than your average security news, thanks to several Program Logic Controllers (PLC) exploits that were added to Metasploit today, "hacking SCADA systems can be push of a button easy," tweeted HD Moore, CSO of Rapid7 and Source: Network World (http://goo.gl/K5xZ7) Chief Architect of Metasploit.” The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 25
  • 26. Vulnerability Disclosure The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 26
  • 28. Air-Gaps, Unicorns and Bigfoot The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 28
  • 29. 10,000 Reasons to Worry Source: www.wired.com/threatlevel/2012/01/10000-control-systems-online The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 29
  • 30. Technology Landscape  A new digital world order  Lingering legacy  Widespread connectivity  Hyper-embeddedness  Cyber-kinetic impacts
  • 31. Advantage: Adversaries Intelligent, adaptive adversaries exist, and they don’t follow the rules or compliance checklists
  • 32. Advantage: Adversaries  Google search for “APT” – 34 hits in Jul 09 – 169 hits in Jan 10 – 1.2M+ hits June 11  Google search for “cyberwar” – 416 hits Dec 09 – 1.4M hits Feb 10 – 3.4M+ hits June 11  Welcome to the cyberarms race 9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 32
  • 33. What to do? The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 33
  • 34. Nothing New Under The Sun  Mature security practices; highly refined – Defense in Depth – Principle of Least Privilege – Segregation of Duties – Need to Know – Availability, Integrity and Confidentiality  No Silver Bullet, 100%, Total Security  Strong protection has never been easy, inexpensive or quick to implement (pick two) The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 34
  • 35. Compliance The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 35
  • 36. There ought to be a Law…???  Laws are reactionary, not visionary.
  • 37. Regulatory Landscape  Posse Comitatus Act, 18 U.S.C. 1385  Antitrust Laws  Sherman Antitrus Act, 15 U.S.C. 1-7  Wilson Tariff Act 15, U.S.C. 8-11    Clayton Act 5 of the Federal Trade Commission (FTC), 15 U.S.C. 12-27 Clayton Act 5 of the Federal Trade Commission (FTC), 15 U.S.C. 45(a) National Institute of Standards and Technology (NIST), Act (p. 13) 15 U.S.C. 271 Yes, this is an eye-  chart to make a Radio Act of 1912  Federal Power Act (p. 13), 16 U.S.C. 791a et seq., 824 et seq.  Radio Act of 1927  Communications Act of 1934 (p.14), 47 U.S.C. 151 et seq.    National Security Act of 1947 (p. 15), 50 U.S.C. 401 et seq. US Information and Educational Exchange Act of 1948 (Smith-Mundt Act) (p. 15), 22 U.S.C. 1431 et seq. Defense Production Act of 1950, 50 U.S.C. App. 2061 et seq. point  State Department Basic Authorities Act of 1956 (p. 17), 22 U.S.C. 2651a  Brooks Automatic Data Processing Act  Freedom of Information Act (FOIA) (p. 17), 5 U.S.C. 552  Omnibus Crime Control and Safe Streets Act of 1968 (p. 19), 42 U.S.C. Chapter 46, 3701 to 3797ee-1  Racketeer Influenced and Corrupt Organizations Act (RICO) (p. 19), 18 U.S.C. Chapter 96, 1961-1968  Federal Advisory Committee Act (p. 20), 5 U.S.C. App., 1-16  War Powers Resolution, 50 U.S.C. Chapter 33, 1541-1548.  Privacy Act of 1974 (p. 20), 5 U.S.C. 552a  Foreign Intelligence Surveillance Act of 1978 (FISA), 18 U.S.C. 2511, 2518-9,  Foreign Intelligence Surveillance Act of 1978 (FISA), 50 U.S.C. Chapter 36, 1801-1885c  Privacy Protection Act of 1980, 42 U.S.C. Chapter 21A, 2000aa-5 to 2000aa-12  Counterfeit Access Device and Computer Fraud and Abuse Act of 1984 (p. 21), 18 U.S.C. 1030  Computer Fraud and Abuse Act of 1986, 18 U.S.C. 1030  Electronic Communications Privacy Act of 1986 (ECPA) (p. 22), 18 U.S.C. 2510- 2522, 2701-2712, 3121-3126  Department of Defense Appropriations Act, 1987 (p. 24), 10 U.S.C. 167  Computer Security Act of 1987, 15 U.S.C. 272, 278g-3, 278g-4, 278h  Computer Matching and Privacy Protection Act of 1988, 5 U.S.C. 552a  High Performance Computing Act of 1991 (p. 24), 15 U.S.C. Chapter 81  Communications Assistance for Law Enforcement Act (CALEA) of 1994 (p. 26), 47 U.S.C. 1001 et seq.  Source: Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions, Eric A. Fischer, Senior Specialist in Science and Technology December 22, 2011 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 37
  • 38. Regulation is Futile Regulation kills creativity, innovation, a nd passion, all of which are needed to achieve success in cybersecurity.
  • 39. NERC CIP in 30 Seconds CIP-002 - Figure out what needs to be protected CIP-003 - Establish policy and programs CIP-004 - Address personnel issues CIP-005 - Create electronic perimeters CIP-006 - Create physical perimeters CIP-007 - Provide system level security CIP-008 - Figure out how to respond to incidents CIP-009 - Figure out how to recover from TM EnergySec The National Electric Sector Cybersecurity Organization (NESCO) is a DOE-funded EnergySec Program 3 9
  • 40. Action vs. Attitude You can prescribe action, but not attitude
  • 41. Activity vs. Outcome Are we doing/requiring the right things?
  • 42. Backwards?… Maybe so Compliance spending increasing sharply while security spending is increasing slowly. Companies find $$ for compliance while cutting other critical areas.
  • 43. Leverage NERC CIP CIP spending 25% of IT security budgets Get Smarter about spending Integrate Decisions (IT- Ops– Compliance) Secure solutions + Compliance
  • 45. It Can’t Happen  This is nearly always FALSE  Attackers are always seeking (and finding) new ways to compromise technology  Obscurity is not a defense.
  • 46. DNS Exfiltration If you can resolve a DNS name on a system… Technique is being actively used in the wild In many cases, detection is the only defense
  • 47. Flank Attacks RSA – Stolen 2-factor auth token data Industrial Espionage/Supply Chain Certificate Authorities Corporate Networks Partner Networks The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 47
  • 48. Organized Attackers Underground markets Criminal infrastructure Botnets Attackers for hire The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 48
  • 49. It Won’t Happen  It most cases, this is TRUE, but we don’t know which ones  Somebody WILL be compromised.  Everybody MIGHT be compromised  We are becoming a target
  • 50. The Wildebeest Defense Yes, there are lions, but there are so many of us that the chances I’ll get eaten are small Can effective against isolated threats, but doesn’t help against common maladies Doesn’t work if you’re slow or weak
  • 51. There may be more lions than you think  HBGary  RSA  Sony  Lockheed Martin  NASDAQ
  • 52. It won’t matter Kinetic impacts Economic impacts Reputational impacts Others?
  • 54. Culturing Security Treat security like safety The basics shouldn’t be magic Distribute the load Security is everyone’s job Social engineering is a waste of time Focus on the solution: training & awareness The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy. 54
  • 55. No 100% Prevention The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 55
  • 56. And Finally “The rumors of my death have been greatly exaggerated.” -Mark Twain The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 56
  • 57. Thank You! Steven H Parker V.P. Technology Research and Projects, EnergySec Co-Principal Investigator, National Electric Sector Cybersecurity Organization steve@energysec.org 503.446.1214 (desk) @es_shp (twitter) www.energysec.org The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec 9/1/2012 with funding assistance from the U.S. Department of Energy 57

Editor's Notes

  1. We don’t prevent the weather, we prepare for it. Likewise, cybersecurity is not a problem to be solved, it is a risk to be managed.
  2. Which is it? Is the cyber threat overhyped, or under appreciated? The truth is probably somewhere in the middle.
  3. Background is to provide context for my commentsTechnology since childhoodSecurity since 1996, officially since 2000Broad background across many technologiesGive brief description of each jobIntroduce background on EnergySec and NESCO
  4. Everything is being made with a digital component.
  5. Answer is 5.