EnergySec & NESCO Overview
Upcoming SlideShare
Loading in...5
×
 

EnergySec & NESCO Overview

on

  • 589 views

At the 2012 Technologies for Security and Compliance Summit, Patrick Miller provides an overview of various industry specific related cybersecurity topics focusing on information sharing.

At the 2012 Technologies for Security and Compliance Summit, Patrick Miller provides an overview of various industry specific related cybersecurity topics focusing on information sharing.

Statistics

Views

Total Views
589
Views on SlideShare
589
Embed Views
0

Actions

Likes
0
Downloads
1
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

EnergySec & NESCO Overview EnergySec & NESCO Overview Presentation Transcript

  • EnergySec & National Electric Cyber Security Organization (NESCO) Overview2012 Technologies for Security and Compliance Summit The Anfield Group August 1-2 2012 Barton Creek Resort – Austin, TX
  • New, New Security Model  Nation State quality adversaries  Fear the auditor more than attacker  Regulatory avalanche forecast  Constant compromise  Ecosystem of organizations  Information sharing is holy grail The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 2
  • Info-Share to the Rescue!  What does Information Sharing really mean? – Taking vs. Sharing – Secrecy for secrecy’s sake – Government doesn’t share well (yet)  Very useful approach, but not a panacea  Comes with trade-offs… The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 3 View slide
  • Information Sharing Reality Some Pros… Some Cons…  What works, what  Classification and doesn’t handling, both Gov  Benchmarking and Corporations  Situational  Lawyers, awareness agreements and  Tactical threat and contracts vulnerability analysis  Community-sourcing  Consumers will always outnumber  Regulatory sharers compliance  Mentoring  Trust; n parties9/1/2012  Doesn’t scale well The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 4 View slide
  • Who is EnergySec?  Unique, non-profit, independent, public- private information sharing organization  Borne from Energy Sector  Bottom-up vs. top-down  TRUSTED – By the industry, for the industry – Non-profit 501(c)(3) – Independent, private – 10+ years of information sharing experience9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 5
  • EnergySec Background  10.2001: Precursor to E-Sec NW formed  7.2004: E-Sec NW formalized and “founded” – Asset owner/operator ONLY; all volunteer  1.2008: SANS Information Sharing Award  12.2008: Incorporated E-Sec NW as EnergySec  10.2009: 501(c)(3) nonprofit determination  4.2010: EnergySec applied for NESCO DOE FOA  7.2010: EnergySec awarded NESCO FOA  10.2010: NESCO became operational The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 6
  • What EnergySec Is NOT…  Not a lobbyist  Not a vendor  Not a consultant  Not government agency  Not a regulator The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 7
  • EnergySec Staff  Extensive applied sector experience – Many years employment at asset owners – Operations, security, audit, Sr mgmt, OT, IT – Regional Entity leadership – Independent consulting; big firms and boutiques – Built several successful companies – EnergySec founders, Info-sharing pioneers – Certified, trusted, highly connected, dedicated The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 8
  • EnergySec Programs  NESCO: Information Sharing & Best Practices  Advisory Service  EnergySec University – Education/Workforce Development  LIGHTS: Security in a box (turnkey) – Independent board – Partnership with ICS-ISAC The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 9
  • EnergySec Nonprofit Umbrella EnergySec NESCO Advisory University Other… The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 10
  • EnergySec Advisory  Customized agenda; facilitated discussion  Examine current and horizon energy sector specific cyber security legislation  Explore methods to meet compliance obligations and enhance security posture  Present threat, vulnerability and impact landscape to executives and staff  Highest concentration of advisors with unique and hard-to-find combination of experience The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 11
  • EnergySec University  Professional/workforce development path – Internal expertise as instructors – Open faculty roster from best and brightest – Courses in all IT/OT security-related disciplines  Internship matchmaking – coming soon  Working closely with National Board of Information Security Examiners (NBISE) The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 12
  • What Is NESCO?  R. 3183 “...the Secretary shall establish an independent national energy sector cyber security organization...” – Department Of Energy issued FOA on March 31, 2010  Purpose is to “establish a National Electric Sector Cyber Security Organization that has the knowledge, capabilities, and experience to protect the electric grid and enhance integration of smart grid technologies that are adequately protected against cyber attacks.”  “This organization will serve as a focal point to bring together domestic and international experts, developers, and users who will assess and test the security of novel technology, architectures, and applications.”9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 13
  • NESCO Objectives  Organize, lead and implement a public-private partnership  Focus cybersecurity research and development priorities  Identify and disseminate security best practices  Organize the collection, analysis and dissemination of infrastructure vulnerabilities and threats  Work cooperatively with the DOE and other Federal Agencies  Enhance cybersecurity of the bulk power grid and electric infrastructure9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 14
  • Who Is NESCO? • IOU • Product • Muni • Service • Coop Asset Owners Vendor Govt Academia/Research • Non-Reg • Public • Regulatory • Private • Fed, State… The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 15
  • Connect & Support Utility Asset Owners9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 16
  • Membership Growth The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 17
  • Member Demographics Membership by Individual Membership by Organization Academic Academic 2% 5% Vendor/Other 22% Vendor/Other 35% Govt/Regulatory 12% Asset Owner Asset Owner 49% 64% Govt/Regulatory 11% 1,050 Individual members 363 unique organizations Predominately Asset Owner Driven Membership Base The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 18
  • Membership Overview  NESCO Members of Sept 30 2011 (1 year) – 788 NESCO members – 278 unique organizations  NESCO Members as of July 12 2012: – 1050 individuals – 363 unique organizations Note: This represents a nearly 50% annual growth rate The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 19
  • Social Media Outreach  NESCO mailing list: 3536  NESCO Twitter followers: 2635  NESCO LinkedIn group members: 535 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 20
  • Direct Outreach  3 Town Hall meetings  19 Voice of the Industry (VOI) meetings  82 TAC notices; 149 follow up threads  71 presentations/panels  94 event participation  37 blog mentions  43 interviews and article citations The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 21
  • Engage, Equip & Empower  Sharing requires trust  Trust is built on relationships  Our approach… – Bringing people together – Flexible technology options and solutions to extend and enhance relationships – Organic growth; birds of a feather The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 22
  • NESCO Is Technology  Secure collaboration portal – Wiki – Working groups – Discussion forums – Email distribution lists  Rapid Notification System  Social Media – LinkedIn, Twitter, Facebook The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 23
  • NESCO Tools  Email distribution lists  Secure collaboration wiki  Secure instant messaging  Rapid notification mechanisms  Resource repository  Most technologies have non- attribution (anonymous) options9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 24
  • NESCO Resource Repository  Best/common practices  Policy, process, procedure  Compliance approaches  Document Templates  Code snippets, scripts  System configurations  Links to useful security sites  And more…9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 25
  • NESCO Tactical Analysis Center  Supports ES-ISAC and ICS-CERT  Open & private source intelligence  Asset owner volunteer handler SMEs with virtual “dashboards”  Rapid, community-sourced analysis  Secure communications  Rapid notification system  Daily diaries, trending  Quarterly & annual reports9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 26
  • ES-ISAC, ICS-CERT and TAC  An analogy… triage and long term care  Basic differences of the TAC – Operated by an independent non-profit org – Not associated with a federal regulatory agency • DOE partner is non-regulatory • Funding expires in 2014, only “seed” money provided • Funding model involves cost-share, so industry bears cost throughout entire effort – Electric sector specific – Provides feeds, when requested to NERC & DHS &… The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 27
  • ES-ISAC, ICS-CERT and TAC  Basic differences of the TAC – Covers all entities, not just Registered Entities under the NERC Functional Model • Not just Bulk Electric w/ CA and CCA • Includes smart grid, distribution, QF generation – NESCO staff work alongside industry handlers – RNS has direct access to security staff – Volunteer reporting structure, not mandatory – Private position offers unique vendor relationships – Anonymized pass through for bi-directional sharing The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 28
  • NESCO Products  Whitepapers – DNS Exfiltration – Security Logging Best Practices and Capability Maturity Models – Public Key Infrastructure, Automated Metering Infrastructure and Industrial Control Systems – DOE Electric Sector Cybersecurity Capability Maturity Model (ES-C2M2) – coming soon! – What else would you like to see? The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 29
  • NESCO Products  Rapid Notification System – Night Dragon webcast – Duqu webcast – Multiple TAC notices The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 30
  • NESCO Success Stories …is fantastic that [DOE produces] a document that deals with a subject so technical and that it makes available to the public. http://goo.gl/0xiWp The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 31
  • NESCO Success Stories  Spearphishing notices from asset owner shared with DHS for action – Result: DHS ICS-CERT advisory issued  Accounts from service contractor posted to Internet reviewed for asset owner data – Result: Direct contact warning to specific parties The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 32
  • NESCO Success Stories  Exposed control systems posted on Internet matched to asset owners – Result: Direct contact warning to specific parties  EnergySec spearphishing attempt – Result: Cross-organization comparison with general industry advisory; IOCs published The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 33
  • NESCO Success Stories  Industry and [some] Regional Entities seeking to modify process for Technical Feasibility Exceptions to maximize security benefit – Result: NESCO provided independent and impartial discussion forum, webinar and industry feedback loop for proposed change to process The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 34
  • NESCO Success Stories The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 35
  • NESCO Funding Model  Department of Energy FOA  Cooperative agreement  Cost-share is ~40%, ramps over life of 3.5 year “seed” window  At end of seed window, NESCO is fully funded by industry  Supported by underwriters and TAC subscriptions The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 36
  • NESCO Summary  Focused on building trust through relationships to further security collaboration and sharing  Flexible technology facilitates and catalyzes information/resource sharing efforts  Supports existing successful programs  Security voice of the electric sector9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 37
  • Get Connected  EnergySec Summit: September 25-28 – NESCO Town Hall – CISO Forum – Policy and Technical Tracks  EnergySec University Courses – NERC CIP Training: Las Vegas 10/25 – NERC CIP Training: Sacramento 12/4 – Cybersecurity for Operations: Nashville 11/7  NESCO Voice of the Industry (VOI) Meetings The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 38
  • Get Connected  www.energysec.org  www.energysec.org/join  www.energysec.org/tac-subscription- service  TAC@energysec.org  New NESCO website soon! The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 39
  • Questions? Patrick C Miller Principal Investigator, National Electric Sector Cybersecurity Organization President & CEO, EnergySec patrick.miller@energysec.org 503.446.1212 (desk) @patrickcmiller (twitter) www.energysec.org The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 40