Energy & Utilities IndustryCyber Security - a Point of View October 17, 2012                                   © 2012 IBM ...
What is involved in a smarter energy infrastructure?                                              © 2012 IBM Corporation  ...
The “Ideal” Governance, Risk, and Compliance Model      Energy & Utilities Industry          © 2012 IBM Corporation       ...
Secure-by-Design Framework (Example)                         Smart Grid Security Strategy and Roadmap                     ...
Security Strategy & Roadmap                     Smart Grid Security Strategy and Roadmap    Key Considerations:     The r...
Security Risk Management                             Key Considerations:                              Develop Threat Scen...
End-to-End Risk Assessment Approach        Magnitude of Impact         Impact Definition                                  ...
Security Architecture                             Key Considerations:                              Security Design Princi...
AMI Security Reference Architecture w/Cyber Security Solutions –Example                                                   ...
Integrated Operations Center - a Risk and Compliance Management View                                                      ...
And… Not only improve internal communications and                      customer communications, but also adopt a Unified I...
THANK YOU!Energy & Utilities Industry   © 2012 IBM Corporation                                                       12
Upcoming SlideShare
Loading in...5
×

2012 ReEnergize the Americas 3B: Gene Rodriguez

184

Published on

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
184
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Objective of this chart is to highlight the two types of security event and information management functions. The chart also serves to differentiate between the two. The function on the left serves the IT Security Operations Center, by reporting correlated threats, events and incidents in real-time. In large enterprises, a major challenge is finding and focusing on the critical threat/attacks to the infrastructure. Without a robust event reporting engine, managing operational risk is difficult for the following reasons…. Disparate point products that are widely distributed Multi-vendor point products without common formats or communications Inadequate time to manually examine critical logs No business-relevant context to the data No inherent link between attack data and host susceptibility Lack of automation Security Operations Management product- Tivoli Security Operations Manager (TSOM) offers: IT Threat Mgmt : Ability to manage security attacks on your networks and server infrastructure by alerting operational incidents Aggregation, Correlation: Ability to establish relationships between abnormal events and report them collectively with causality. Real-time Threat & Incident Handling: SOC dashboard: Offers a dashboard that automatically determines an event’s source location and plots it geographically with an enhanced set of 3D views and projections. These maps offer detailed coordinate data and a security analyst can drill down for details. Operational reports: Provides meaningful reports of historic violations or attacks within the infrastructure. ===================== The management function on the right serves the Audit and management community to manage compliance reporting for periodic audit purposes. The solution serves to answer the typical questions that an Auditor may ask, such as: Breach of privacy: Are DBAs accessing confidential information? Are trusted users abusing HR data? Did a disgruntled administrator engage in identity theft? Violation of system policies: Were unauthorized system changes made? Did any root users turn off auditing? When did OS administrators clear the audit logs? Who stopped key system processes without permission? Administrators violating segregation of duties: Did anyone initiate and approve transactions on applications? Did an admin create and approve identity/privileges in system? The Security Internal Audit management solution offered by Tivoli Compliance Insight Manager (TCIM) provides the following functions: Log Continuity: All user information and security events (and ALL logs of any kind) come into the Log Management layer of Consul InSight. Here they are collected and stored. You can perform Google-like search on the depot and retrieve any of the logs. Finally, rich reports on log collection – such as Consul’s Log Continuit Report – are available to prove to auditors that you’re collecting. Privileged User Activity Monitoring: monitors the behavior of People, like Privileged and Trusted Users, Outsourcers and Consultants. Policy Evaluation and enforcement: Translation of user logs from multiple sources into a common, normalized format for analysis, compliance violations against policy modules checked Compliance Dashboard: Answers the questions- what are users doing on my network- are they violating any of my policies? one Enterprise Audit Dashboard can display all activities on the system. Historical Analysis: Allows you to peer over past user activities and analyze violations, provide non-repudiated evidence. Audit reports, exception alerts: Helps audit activity to be conducted from one tool for across the enterprise servers, networks, databases.
  • Transcript of "2012 ReEnergize the Americas 3B: Gene Rodriguez"

    1. 1. Energy & Utilities IndustryCyber Security - a Point of View October 17, 2012 © 2012 IBM Corporation
    2. 2. What is involved in a smarter energy infrastructure? © 2012 IBM Corporation 2
    3. 3. The “Ideal” Governance, Risk, and Compliance Model Energy & Utilities Industry © 2012 IBM Corporation 3
    4. 4. Secure-by-Design Framework (Example) Smart Grid Security Strategy and Roadmap High-level and High-level and Risk Risk Security Security Security Detailed Designs Detailed Designs Assessment Assessment Requirements Requirements Architecture Architecture and Testing and Testing Security Frameworks (Models and Methods)  NIST Framework and Roadmap for Smart Grid Interoperability Standards  FERC, NERC CIP, ISO 27001/2  Common Control Framework (e.g., UCF)  NISTIR 7628, DHS Guidelines, etc. Energy & Utilities Industry © 2012 IBM Corporation 4
    5. 5. Security Strategy & Roadmap Smart Grid Security Strategy and Roadmap Key Considerations:  The requirements  The regulations  The data  The standards  Security principles  Security services (e.g., CIA)  Governance, Risk, and Compliance (GRC)  Enterprise solutions vs. point solutions  The schedule  Sustainability Energy & Utilities Industry © 2012 IBM Corporation 5
    6. 6. Security Risk Management Key Considerations:  Develop Threat Scenarios  Identify Assets  Assess Threats  Assess Vulnerabilities  Calculate Risk  Determine Impact  Countermeasure Determination  Countermeasure Implementation  Residual Risk Documentation Energy & Utilities Industry © 2012 IBM Corporation 6
    7. 7. End-to-End Risk Assessment Approach Magnitude of Impact Impact Definition The vulnerability, if exploited may result in the highly costly loss of major tangible assets or resources; may significantly violate, Major harm or impede an organization’s ability to meet its mission, it’s reputation or other interests; or, may result in death or serious injury. The vulnerability, if exploited may result in the costly loss of tangible assets or resources; may violate, harm or impede an Moderate organization’s ability to meet its mission, it’s reputation or other interests; or, may result in injury. The vulnerability, if exploited may result in the loss of some tangible assets or resources; may noticeably affect an Minor organization’s ability to meet its mission, its reputation or interests. Threat Scenarios Mapped to Relative Risk Insignificant Minor Moderate Major Catastrophic Almost T16 T11 T4 T2,T3 T1 Certain Likely T19 T17 T13, T14 T5 T6 Possible T20 T18 T15 T7,T12 T8 Unlikely T22,23 T21,T22 T9, T10 Rare T24,25 Energy & Utilities Industry © 2012 IBM Corporation 7
    8. 8. Security Architecture Key Considerations:  Security Design Principles & Objectives  Security Architecture Overview  Security Zones Overview  Subsystems and Components  Security Architecture Roadmap  High Level Solution Design  Detail Level Solution Design  Identity & Access Management  Security Compliance Management  Security Policy Governance Management  SOA Security Services  Messaging Security  Data Centric Security Energy & Utilities Industry © 2012 IBM Corporation 8
    9. 9. AMI Security Reference Architecture w/Cyber Security Solutions –Example Application AMI Applications Vulnerability Customer (Work Mgmt, Meter Billing, Scanning Self Demand Response, Internet Care Apps Load Mgmt, Outage Mgmt) SSO Intranet Reverse Intranet Internet SSO Proxy Web Reverse Web Portal Proxy Portal Security Services Gateway B2C (Security Enforcement) Apps XML Head Firewall End Enterprise Service Bus Internal Employee /Contractor Web Svcs Repository MDMS Registry Customer HTTP Traffic User Mgmt Policy Identity, Federation Repository Web Services Traffic Authoring & & Access Policy Distribution Management Management Identity provisioning System Systems Log data collection Logging and Compliance Monitoring System Firewalls Energy & Utilities Industry Vendor dependent (Web Svcs assumed) © 2012 IBM Corporation 9
    10. 10. Integrated Operations Center - a Risk and Compliance Management View MGMT GRC, INCIDENT REPORTING, VISUALIZATION Business-IT LOB SLA Integrated Correlation Visualization Tracking NOC/SOC Products Service Management Platform Health Dashboards Dashboard Dashboards NERC-CIP / Service CPNI Reports Help Desk Desk CONTROL CORRELATION, ANALYTICS & EVENT LOGGING, DEDUPLICATION, Security KPI / KRIs Business Continuity KPI / KRIs Selective Event Correlation Audit Log Mgmt Security Ops Products Event & Compliance Products Intelligence Forwarding Enrichment Console Console Engine SOC NOCSecurity Fault, Availability & Performance Security Audit Log BUSINESSIncidents Security Events Situations DATA EVENT COLLECTION MONITORING & ENFORCEMENT, POLICY MGMT, Security Services Infrastructure, Application Products Products Policy Management, Resource Discovery, Identity Mgmt, Access Control, Fault Monitoring Message, Data Protection, Services Systems Mgmt. Tools Security Event generation IT / OT Assets …Network Tipping Cisco WIN Datapower Informix / Meters, Datapower CREZ Cisco Other& VPNs Point Firewalls RHEL & Tibco Oracle Collectors SOA GE CGR-2010 OT Gear.. IPS Solaris ESBs Databases & Headend Appliances Junglemux CSR-2010 AIX Energy & Utilities Industry © 2012 IBM Corporation 10
    11. 11. And… Not only improve internal communications and customer communications, but also adopt a Unified Incident Command and Decision Support (UICDS) solution to communicate with other emergency response organizations• Distributed Cores• Scalable Mobile to National• Sharing Agreements• Web Services Utility A Utility Ops B Ops Energy & Utilities Industry © 2012 IBM Corporation 11
    12. 12. THANK YOU!Energy & Utilities Industry © 2012 IBM Corporation 12

    ×