Your SlideShare is downloading. ×
0
EnergySec & National     Electric Cyber Security     Organization (NESCO)            Overview2012 Technologies for Securit...
New, New Security Model        Nation State quality adversaries        Fear the auditor more than         attacker      ...
Info-Share to the Rescue!               What does Information Sharing                really mean?                      – ...
Information Sharing Reality       Some Pros…                                                Some Cons…        What works,...
Who is EnergySec?        Unique, non-profit, independent, public-         private information sharing organization       ...
EnergySec Background        10.2001: Precursor to E-Sec NW formed        7.2004: E-Sec NW formalized and “founded”      ...
What EnergySec Is NOT…          Not a lobbyist          Not a vendor          Not a consultant          Not government...
EnergySec Staff        Extensive applied sector experience           – Many years employment at asset owners           – ...
EnergySec Programs             NESCO: Information Sharing &              Best Practices             Advisory Service    ...
EnergySec Nonprofit                        Umbrella                            EnergySec           NESCO              Advi...
EnergySec Advisory        Customized agenda; facilitated discussion        Examine current and horizon energy         se...
EnergySec University        Professional/workforce development path           – Internal expertise as instructors        ...
What Is NESCO?        R. 3183 “...the Secretary shall establish an         independent national energy sector cyber secur...
NESCO Objectives        Organize, lead and implement a public-private         partnership        Focus cybersecurity res...
Who Is NESCO?           • IOU                                                                      • Product           • M...
Connect & Support                                                                                                  Utility...
Membership Growth           The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/20...
Member Demographics                  Membership by Individual                                                     Membersh...
Membership Overview        NESCO Members of Sept 30 2011 (1         year)           – 788 NESCO members           – 278 u...
Social Media Outreach        NESCO mailing list: 3536        NESCO Twitter followers: 2635        NESCO LinkedIn group ...
Direct Outreach        3 Town Hall meetings        19 Voice of the Industry (VOI)         meetings        82 TAC notice...
Engage, Equip & Empower                  Sharing requires trust                  Trust is built on relationships        ...
NESCO Is Technology        Secure collaboration portal           – Wiki           – Working groups           – Discussion...
NESCO Tools        Email distribution lists        Secure collaboration wiki        Secure instant messaging        Ra...
NESCO Resource Repository          Best/common practices          Policy, process, procedure          Compliance approa...
NESCO Tactical Analysis                    Center        Supports ES-ISAC and ICS-CERT        Open & private source inte...
ES-ISAC, ICS-CERT and TAC        An analogy… triage and long term care        Basic differences of the TAC           – O...
ES-ISAC, ICS-CERT and TAC        Basic differences of the TAC           – Covers all entities, not just Registered Entiti...
NESCO Products        Whitepapers           – DNS Exfiltration           – Security Logging Best Practices and           ...
NESCO Products        Rapid Notification System           – Night Dragon webcast           – Duqu webcast           – Mul...
NESCO Success Stories                                                                                                     ...
NESCO Success Stories        Spearphishing notices from asset owner         shared with DHS for action           – Result...
NESCO Success Stories        Exposed control systems posted on         Internet matched to asset owners           – Resul...
NESCO Success Stories        Industry and [some] Regional Entities         seeking to modify process for Technical       ...
NESCO Success Stories             The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec...
NESCO Funding Model        Department of Energy FOA        Cooperative agreement        Cost-share is ~40%, ramps      ...
NESCO Summary        Focused on building trust through         relationships to further security         collaboration an...
Get Connected        EnergySec Summit: September 25-28           – NESCO Town Hall           – CISO Forum           – Pol...
Get Connected        www.energysec.org        www.energysec.org/join        www.energysec.org/tac-subscription-        ...
Questions?                                                                        Patrick C Miller           Principal Inv...
Upcoming SlideShare
Loading in...5
×

EnergySec & NESCO Overview

336

Published on

At the 2012 Technologies for Security and Compliance Summit, Patrick Miller provides an overview of various industry specific related cybersecurity topics focusing on information sharing.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
336
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "EnergySec & NESCO Overview"

  1. 1. EnergySec & National Electric Cyber Security Organization (NESCO) Overview2012 Technologies for Security and Compliance Summit The Anfield Group August 1-2 2012 Barton Creek Resort – Austin, TX
  2. 2. New, New Security Model  Nation State quality adversaries  Fear the auditor more than attacker  Regulatory avalanche forecast  Constant compromise  Ecosystem of organizations  Information sharing is holy grail The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 2
  3. 3. Info-Share to the Rescue!  What does Information Sharing really mean? – Taking vs. Sharing – Secrecy for secrecy’s sake – Government doesn’t share well (yet)  Very useful approach, but not a panacea  Comes with trade-offs… The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 3
  4. 4. Information Sharing Reality Some Pros… Some Cons…  What works, what  Classification and doesn’t handling, both Gov  Benchmarking and Corporations  Situational  Lawyers, awareness agreements and  Tactical threat and contracts vulnerability analysis  Community-sourcing  Consumers will always outnumber  Regulatory sharers compliance  Mentoring  Trust; n parties9/1/2012  Doesn’t scale well The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy 4
  5. 5. Who is EnergySec?  Unique, non-profit, independent, public- private information sharing organization  Borne from Energy Sector  Bottom-up vs. top-down  TRUSTED – By the industry, for the industry – Non-profit 501(c)(3) – Independent, private – 10+ years of information sharing experience9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 5
  6. 6. EnergySec Background  10.2001: Precursor to E-Sec NW formed  7.2004: E-Sec NW formalized and “founded” – Asset owner/operator ONLY; all volunteer  1.2008: SANS Information Sharing Award  12.2008: Incorporated E-Sec NW as EnergySec  10.2009: 501(c)(3) nonprofit determination  4.2010: EnergySec applied for NESCO DOE FOA  7.2010: EnergySec awarded NESCO FOA  10.2010: NESCO became operational The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 6
  7. 7. What EnergySec Is NOT…  Not a lobbyist  Not a vendor  Not a consultant  Not government agency  Not a regulator The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 7
  8. 8. EnergySec Staff  Extensive applied sector experience – Many years employment at asset owners – Operations, security, audit, Sr mgmt, OT, IT – Regional Entity leadership – Independent consulting; big firms and boutiques – Built several successful companies – EnergySec founders, Info-sharing pioneers – Certified, trusted, highly connected, dedicated The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 8
  9. 9. EnergySec Programs  NESCO: Information Sharing & Best Practices  Advisory Service  EnergySec University – Education/Workforce Development  LIGHTS: Security in a box (turnkey) – Independent board – Partnership with ICS-ISAC The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 9
  10. 10. EnergySec Nonprofit Umbrella EnergySec NESCO Advisory University Other… The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 10
  11. 11. EnergySec Advisory  Customized agenda; facilitated discussion  Examine current and horizon energy sector specific cyber security legislation  Explore methods to meet compliance obligations and enhance security posture  Present threat, vulnerability and impact landscape to executives and staff  Highest concentration of advisors with unique and hard-to-find combination of experience The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 11
  12. 12. EnergySec University  Professional/workforce development path – Internal expertise as instructors – Open faculty roster from best and brightest – Courses in all IT/OT security-related disciplines  Internship matchmaking – coming soon  Working closely with National Board of Information Security Examiners (NBISE) The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 12
  13. 13. What Is NESCO?  R. 3183 “...the Secretary shall establish an independent national energy sector cyber security organization...” – Department Of Energy issued FOA on March 31, 2010  Purpose is to “establish a National Electric Sector Cyber Security Organization that has the knowledge, capabilities, and experience to protect the electric grid and enhance integration of smart grid technologies that are adequately protected against cyber attacks.”  “This organization will serve as a focal point to bring together domestic and international experts, developers, and users who will assess and test the security of novel technology, architectures, and applications.”9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 13
  14. 14. NESCO Objectives  Organize, lead and implement a public-private partnership  Focus cybersecurity research and development priorities  Identify and disseminate security best practices  Organize the collection, analysis and dissemination of infrastructure vulnerabilities and threats  Work cooperatively with the DOE and other Federal Agencies  Enhance cybersecurity of the bulk power grid and electric infrastructure9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 14
  15. 15. Who Is NESCO? • IOU • Product • Muni • Service • Coop Asset Owners Vendor Govt Academia/Research • Non-Reg • Public • Regulatory • Private • Fed, State… The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 15
  16. 16. Connect & Support Utility Asset Owners9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 16
  17. 17. Membership Growth The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 17
  18. 18. Member Demographics Membership by Individual Membership by Organization Academic Academic 2% 5% Vendor/Other 22% Vendor/Other 35% Govt/Regulatory 12% Asset Owner Asset Owner 49% 64% Govt/Regulatory 11% 1,050 Individual members 363 unique organizations Predominately Asset Owner Driven Membership Base The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 18
  19. 19. Membership Overview  NESCO Members of Sept 30 2011 (1 year) – 788 NESCO members – 278 unique organizations  NESCO Members as of July 12 2012: – 1050 individuals – 363 unique organizations Note: This represents a nearly 50% annual growth rate The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 19
  20. 20. Social Media Outreach  NESCO mailing list: 3536  NESCO Twitter followers: 2635  NESCO LinkedIn group members: 535 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 20
  21. 21. Direct Outreach  3 Town Hall meetings  19 Voice of the Industry (VOI) meetings  82 TAC notices; 149 follow up threads  71 presentations/panels  94 event participation  37 blog mentions  43 interviews and article citations The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 21
  22. 22. Engage, Equip & Empower  Sharing requires trust  Trust is built on relationships  Our approach… – Bringing people together – Flexible technology options and solutions to extend and enhance relationships – Organic growth; birds of a feather The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 22
  23. 23. NESCO Is Technology  Secure collaboration portal – Wiki – Working groups – Discussion forums – Email distribution lists  Rapid Notification System  Social Media – LinkedIn, Twitter, Facebook The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 23
  24. 24. NESCO Tools  Email distribution lists  Secure collaboration wiki  Secure instant messaging  Rapid notification mechanisms  Resource repository  Most technologies have non- attribution (anonymous) options9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 24
  25. 25. NESCO Resource Repository  Best/common practices  Policy, process, procedure  Compliance approaches  Document Templates  Code snippets, scripts  System configurations  Links to useful security sites  And more…9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 25
  26. 26. NESCO Tactical Analysis Center  Supports ES-ISAC and ICS-CERT  Open & private source intelligence  Asset owner volunteer handler SMEs with virtual “dashboards”  Rapid, community-sourced analysis  Secure communications  Rapid notification system  Daily diaries, trending  Quarterly & annual reports9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 26
  27. 27. ES-ISAC, ICS-CERT and TAC  An analogy… triage and long term care  Basic differences of the TAC – Operated by an independent non-profit org – Not associated with a federal regulatory agency • DOE partner is non-regulatory • Funding expires in 2014, only “seed” money provided • Funding model involves cost-share, so industry bears cost throughout entire effort – Electric sector specific – Provides feeds, when requested to NERC & DHS &… The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 27
  28. 28. ES-ISAC, ICS-CERT and TAC  Basic differences of the TAC – Covers all entities, not just Registered Entities under the NERC Functional Model • Not just Bulk Electric w/ CA and CCA • Includes smart grid, distribution, QF generation – NESCO staff work alongside industry handlers – RNS has direct access to security staff – Volunteer reporting structure, not mandatory – Private position offers unique vendor relationships – Anonymized pass through for bi-directional sharing The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 28
  29. 29. NESCO Products  Whitepapers – DNS Exfiltration – Security Logging Best Practices and Capability Maturity Models – Public Key Infrastructure, Automated Metering Infrastructure and Industrial Control Systems – DOE Electric Sector Cybersecurity Capability Maturity Model (ES-C2M2) – coming soon! – What else would you like to see? The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 29
  30. 30. NESCO Products  Rapid Notification System – Night Dragon webcast – Duqu webcast – Multiple TAC notices The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 30
  31. 31. NESCO Success Stories …is fantastic that [DOE produces] a document that deals with a subject so technical and that it makes available to the public. http://goo.gl/0xiWp The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 31
  32. 32. NESCO Success Stories  Spearphishing notices from asset owner shared with DHS for action – Result: DHS ICS-CERT advisory issued  Accounts from service contractor posted to Internet reviewed for asset owner data – Result: Direct contact warning to specific parties The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy. 32
  33. 33. NESCO Success Stories  Exposed control systems posted on Internet matched to asset owners – Result: Direct contact warning to specific parties  EnergySec spearphishing attempt – Result: Cross-organization comparison with general industry advisory; IOCs published The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 33
  34. 34. NESCO Success Stories  Industry and [some] Regional Entities seeking to modify process for Technical Feasibility Exceptions to maximize security benefit – Result: NESCO provided independent and impartial discussion forum, webinar and industry feedback loop for proposed change to process The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 34
  35. 35. NESCO Success Stories The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 35
  36. 36. NESCO Funding Model  Department of Energy FOA  Cooperative agreement  Cost-share is ~40%, ramps over life of 3.5 year “seed” window  At end of seed window, NESCO is fully funded by industry  Supported by underwriters and TAC subscriptions The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 36
  37. 37. NESCO Summary  Focused on building trust through relationships to further security collaboration and sharing  Flexible technology facilitates and catalyzes information/resource sharing efforts  Supports existing successful programs  Security voice of the electric sector9/1/2012 The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy 37
  38. 38. Get Connected  EnergySec Summit: September 25-28 – NESCO Town Hall – CISO Forum – Policy and Technical Tracks  EnergySec University Courses – NERC CIP Training: Las Vegas 10/25 – NERC CIP Training: Sacramento 12/4 – Cybersecurity for Operations: Nashville 11/7  NESCO Voice of the Industry (VOI) Meetings The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 38
  39. 39. Get Connected  www.energysec.org  www.energysec.org/join  www.energysec.org/tac-subscription- service  TAC@energysec.org  New NESCO website soon! The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 39
  40. 40. Questions? Patrick C Miller Principal Investigator, National Electric Sector Cybersecurity Organization President & CEO, EnergySec patrick.miller@energysec.org 503.446.1212 (desk) @patrickcmiller (twitter) www.energysec.org The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec9/1/2012 with funding assistance from the U.S. Department of Energy 40
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×