Shedding Light on Smart Grid & Cyber Security

Like this? Share it with your network


Shedding Light on Smart Grid & Cyber Security

Uploaded on

If the bulk electric system (BES) in North America suffered a cyber attack, the consequences could be serious-cities and entire states could suffer blackouts, commerce could come to a standstill,......

If the bulk electric system (BES) in North America suffered a cyber attack, the consequences could be serious-cities and entire states could suffer blackouts, commerce could come to a standstill, and the door could be opened for looting and even terrorist attacks. Realizing these consequences, the energy industry pressured the North American Electricity Reliability Corporation (NERC) to take a long, hard look at why the Critical Infrastructure Protection (CIP) standards have not been protecting the BES as intended. To address these shortcomings and today's changing IT environment and threats, NERC proposed additional CIP standards, NERC CIP 10 and 11.

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 2 2

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • Tripwire VIA delivers intelligent threat control by providing…Visibility across your infrastructure to know what is happening at all times.Intelligence to know which changes or events are suspect and may put your infrastructure and data at risk of compromise.Automation to help you to categorize high risk changes and events, remediate certain conditions, and automate compliance requirements such as reporting.


  • 1. Shedding Light onSmart Grid& Cyber Security
  • 2. James Stanton Paul Reymann Cindy ValladaresSenior Energy Consultant CEO Compliance Solutions ManagerReymannGroup, Inc. ReymannGroup, Inc. Tripwire, Inc.
  • 3. We will cover…Energy Industry Inverted Security ModelRound 1 & 2 of CIP AuditsNext Practices for Security & ComplianceVisibility, Intelligence, and Automation are Key
  • 4. Congress Acted
  • 5. The Game is Changing FERC Policy Statement on Compliance (Docket PL09-1000 at paragraph 10)
  • 6. Open to Cyber-Threats
  • 7. Protect Protect Critical Electronic Cyber Access to Assets Control Systems Self Certifications & AuditsNew CIP Standards
  • 8. Round Round 1 Initial Self- 2 CIP Version 4 Assessments in 4Q10 & Audits Consider Requests for potential effect Clarifications on reliability, if compromised Applies to all Focused on users of the Critical Cyber Bulk Electric Assets Only System
  • 9. Examples ID account types, e.g., individual, group, shared, guest, system, and admin. ID use restrictions for wireless technologies Document all communication paths that transmit or receive digital information external to each BES Cyber System. Deny access by default and allow explicitly authorized communication. Develop an inventory of (its) physical or virtual BES Cyber System Components (excluding software running on the component), including its physical location. Authorize and document changes to the BES Cyber System that deviate from the existing inventory within 30 days of the change being completed. Document: • A process for classifying events as Cyber Security Incidents • Roles and responsibilities of Cyber Security Incident response teams, Cyber Security Incident handling procedures, and communication plans. • A Process for reporting Cyber Security Incidents to the Electricity Sector Information Sharing and Analysis Center (ES-ISAC) either directly or through an intermediary. Review the incident response plan at least once every 12 months
  • 10. Next Practices for Security & CompliancePerform a risk-based assessment – This will change!Identify systems, services, devices, data, people of critical assets.Categorize all assets (i.e., High, Medium, or Low Impact).Control limited need to know access.Validate security controls.Document all steps & corrective actions.Continuously manage and monitor.Collect and retain data to identify & respond to security incidents
  • 11. Visibility Intelligence Automation••••
  • 12. Tripwire Solutions
  • 13. change auditing, configuration control logmanagement SCADA and other mission critical systems monitor and review logs on a number of different platforms:  AIX PowerPC 5.3 systems  Windows 2003 servers  HP-UX (PA-RSIC) v11 systems  Win XP Desktops  Red Hat Linux  Windows 2003 and Active  Solaris SPARC Directory domain controllers  SuSE Linux systems  Windows Server 2000
  • 14. Critical Cyber Asset IdentificationSecurity Management ControlsElectronic Security PerimetersSystems Security Management
  • 15. Critical Cyber Asset Identification• Security Management Controls•• Electronic Security Perimeters••• Systems Security Management•••••
  • 16. No Visibility DriftingDesired State High-risk Temporary Success Time
  • 17. MaintainDesired State Non-stop monitoring & collection Dynamic analysis to find suspicious activities Assess & Achieve Alert on impact to policy Remediate options to speed remedy Time
  • 18. Correlate toSuspicious Events
  • 19. Correlate to Correlate toBad Changes Suspicious Events
  • 20. • Summarizes key points• Describes the affect of CIP compliance vs. noncompliance• Offers a Due Diligence Checklist• Complimentary copy
  • 21. Questions Paul Reymann James Stanton (410) 956-7336 (410) 956 7334 Cindy Valladares
  • 22. Cindy