SlideShare a Scribd company logo

CIP Version 5 Immersion Workshop

Download as PPTX, PDF
EnergySec
EnergySec
Technology
1 of 41
CIP Version 5 Immersion EnergySec Summit August 19, 2014 Steven Parker Stacy Bresler
Welcome  Logistics  Workshop format  Introductions  Agenda – Overview of major changes in V5 – Discussion of key definitions – Discussion of key transition issues – Q&A 2
Major Changes  19 new or revised definitions  Bright Line Criteria  BES Cyber Assets/Systems  High/Medium/Low  Requirement Applicability Tables  Guidelines and Technical Basis  New and relocated requirements
Bright Line Criteria  Assigns impact levels to BES Cyber Systems associated with Facilities based on specific criteria  Provides three levels of impact  May depend on 3rd party designations  In practice, not so bright. 4 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Impact Levels  High – Primarily large control centers  Medium – Primarily large generation, critical generation, major substations, and remaining control centers  Low – Everything else that meets the definition of BES 5 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Applicability Tables  New approach to requirements  Each requirement lists in-scope asset types  Requirements vary by impact level and type of asset  EACMS and PACS are directly listed instead of included by reference. 6 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Guidelines and Technical Basis  Provides substantial narrative discussion on the requirements  Provides the SDT’s intent for certain requirements  Discussed the technical basis for certain requirements  Contains some conflicting or unsupported statements  Legal status is uncertain 7 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Definitions CIP version 5 has 19 new or revised definitions to the NERC Glossary. We will review the most pertinent here today 8 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Cyber Assets Programmable electronic devices, including the hardware, software, and data in those devices. • Communication networks have been removed from the definition of Cyber Asset
BES Cyber Assets A Cyber Asset that if rendered unavailable, degraded, or misused would, within 15 minutes of its required operation, misoperation, or non-operation, adversely impact one or more Facilities, systems, or equipment, which, if destroyed, degraded, or otherwise rendered unavailable when needed, would affect the reliable operation of the Bulk Electric System. Redundancy of affected Facilities, systems, and equipment shall not be considered when determining adverse impact. Each BES Cyber Asset is included in one or more BES Cyber Systems. (A Cyber Asset is not a BES Cyber Asset if, for 30 consecutive calendar days or less, it is directly connected to a network within an ESP, a Cyber Asset within an ESP, or to a BES Cyber Asset, and it is used for data transfer, vulnerability assessment, maintenance, or troubleshooting purposes.)
BES Cyber Assets Steve’s Translation: A Cyber Asset that, if pwned, would allow a bad guy to disrupt the operation of a facility that meets the Bright Line criteria.
BES Cyber Systems One or more BES Cyber Assets logically grouped by a responsible entity to perform one or more reliability tasks for a functional entity
BES Cyber System Information Information about the BES Cyber System that could be used to gain unauthorized access or pose a security threat to the BES Cyber System. BES Cyber System Information does not include individual pieces of information that by themselves do not pose a threat or could not be used to allow unauthorized access to BES Cyber Systems, such as, but not limited to, device names, individual IP addresses without context, ESP names, or policy statements. Examples of BES Cyber System Information may include, but are not limited to, security procedures or security information about BES Cyber Systems, Physical Access Control Systems, and Electronic Access Control or Monitoring Systems that is not publicly available and could be used to allow unauthorized access or unauthorized distribution; collections of network addresses; and network topology of the BES Cyber System. 13 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Electronic Access Control or Monitoring Systems Cyber Assets that perform electronic access control or electronic access monitoring of the Electronic Security Perimeter(s) or BES Cyber Systems. This includes Intermediate Devices. 14 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Electronic Access Point A Cyber Asset interface on an Electronic Security Perimeter that allows routable communication between Cyber Assets outside an Electronic Security Perimeter and Cyber Assets inside an Electronic Security Perimeter.  Routable communications only  Refers to interface, not a device  Direction not specified (See External Routable Connectivity)
Electronic Security Perimeter [OLD] The logical border surrounding a network to which Critical Cyber Assets are connected and for which access is controlled. [NEW] The logical border surrounding a network to which BES Cyber Systems are connected using a routable protocol.  Now limited to routable protocols
External Routable Connectivity The ability to access a BES Cyber System from a Cyber Asset that is outside of its associated Electronic Security Perimeter via a bi-directional routable protocol connection.
Interactive Remote Access User-initiated access by a person employing a remote access client or other remote access technology using a routable protocol. Remote access originates from a Cyber Asset that is not an Intermediate Device and not located within any of the Responsible Entity’s Electronic Security Perimeter(s) or at a defined Electronic Access Point (EAP). Remote access may be initiated from: 1) Cyber Assets used or owned by the Responsible Entity, 2) Cyber Assets used or owned by employees, and 3) Cyber Assets used or owned by vendors, contractors, or consultants. Interactive remote access does not include system-to- system process communications.
Interactive Remote Access User-initiated access by a person employing a remote access client or other remote access technology using a routable protocol. Remote access originates from a Cyber Asset that is not an Intermediate Device and not located within any of the Responsible Entity’s Electronic Security Perimeter(s) or at a defined Electronic Access Point (EAP).  IRA must be controlled pursuant to CIP-005 R2  ESP to ESP access is not covered by this definition  By definition, does not include non-routable protocols access  Encryption and intermediate devices are required
Intermediate System A Cyber Asset or collection of Cyber Assets performing access control to restrict Interactive Remote Access to only authorized users. The Intermediate System must not be located inside the Electronic Security Perimeter. 20 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Questions
Top 10 Issues 1. Asset Identification 2. BES Cyber System grouping 3. Impact level assessment 4. New ESP Definitions 5. Detection of Malicious Communications 6. Interactive Remote Access 7. Patch Management 8. Handling of BES Cyber System Information 22 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Top 10 Issues 9. Protection of Physical I/O Ports A. Low Impact Assets B. New Definitions C. Data Preservation During Recovery D. Baseline Configurations E. Vulnerability Assessments F. Security Event Monitoring 10.Documentation Updates 23 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Asset Identification  15 minute criteria  BROS  Inventory  Not your father’s RBAM 24 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
BES Cyber System Grouping  Definition  Logical or not?  Considerations – Location – Connectivity – Impact Ratings 25 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Impact Level Assessment  Bright Lines  Impact ratings are applied to BES Cyber Systems, NOT assets or Facilities  Not based on connectivity  High includes location consideration  Medium does NOT include location  Associated with  Low Impact 26 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
New ESP Definitions  Routable protocols only  External Routable Connectivity – ESP? – Cyber System? – Cyber Asset?  Non-programmable network elements  Non-routable connections 27 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Detection of Malicious Communications  New requirement  Many ways to skin the cat  Functional requirement  Plausibly effective 28 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Interactive Remote Access  New Requirements  Intermediate Systems  Technical Architecture – Placement of IS – Multi-factor auth – Encryption 29 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Patch Management  Source identification  Must implement or mitigate  New timelines  Windows XP  TFEs 30 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Handling of BES Cyber System Information  New Definition  Storage  Use  Transit  BCSI Repositories  Disposal and redeployment 31 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Low Impact Assets  Implementation of policies  Uncertainty on V6  External routable protocol paths  Lists vs. inventory 32 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Baseline Configurations  New requirements  Specific attributes to be collected  Broad applicability  Change management of configurations 33 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Vulnerability Assessments  Not well defined  Paper vs. active  Not a pen test  Documentation and follow up requirements 34 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Security Event Monitoring  Functional requirements  Plausibly effective  Guidance and technical basis comments 35 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Data Preservation During Recovery  Recovery plans need to address preservation of forensics evidence  Timelines 36 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Protection of Physical I/O Ports  Control centers only  Does not need to be preventative  Device configuration can suffice 37 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Documentation Updates  New terminology  Renumbered and relocated requirements  Cybersecurity policy requirements expanded  Nearly all requirements require documented processes 38 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
New Definitions and Terminology  Time to relearn the language  READ THE GLOSSARY! 39 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
Questions
Thank You Steven H Parker President, EnergySec steve@energysec.org 503.905.2923 (desk) @es_shp (twitter) www.energysec.org

Recommended

Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramEnergySec
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
 
From Air Gap to Air Control
From Air Gap to Air ControlFrom Air Gap to Air Control
From Air Gap to Air ControlEnergySec
 
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...EnergySec
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkNathan Wallace, PhD, PE
 
Analytics for Smart Grid Cyber security
Analytics for Smart Grid Cyber securityAnalytics for Smart Grid Cyber security
Analytics for Smart Grid Cyber securityBoston Global Forum
 
Power System Cybersecurity: Threats, Challenges, and Barriers
Power System Cybersecurity: Threats, Challenges, and Barriers Power System Cybersecurity: Threats, Challenges, and Barriers
Power System Cybersecurity: Threats, Challenges, and Barriers Nathan Wallace, PhD, PE
 

Recommended

Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramEnergySec
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
 
From Air Gap to Air Control
From Air Gap to Air ControlFrom Air Gap to Air Control
From Air Gap to Air ControlEnergySec
 
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...An Approach to Closing the Gaps between Physical, Process Control, and Cybers...
An Approach to Closing the Gaps between Physical, Process Control, and Cybers...EnergySec
 
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkNathan Wallace, PhD, PE
 
Analytics for Smart Grid Cyber security
Analytics for Smart Grid Cyber securityAnalytics for Smart Grid Cyber security
Analytics for Smart Grid Cyber securityBoston Global Forum
 
Power System Cybersecurity: Threats, Challenges, and Barriers
Power System Cybersecurity: Threats, Challenges, and Barriers Power System Cybersecurity: Threats, Challenges, and Barriers
Power System Cybersecurity: Threats, Challenges, and Barriers Nathan Wallace, PhD, PE
 
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...University of Southern California
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Nathan Wallace, PhD, PE
 
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 ComplianceFeldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 ComplianceCoreTrace Corporation
 
Malicious Software Prevention for NERC CIP-007 Compliance:
Malicious Software Prevention for NERC CIP-007 Compliance:Malicious Software Prevention for NERC CIP-007 Compliance:
Malicious Software Prevention for NERC CIP-007 Compliance:CoreTrace Corporation
 
02 ibm security for smart grids
02 ibm security for smart grids02 ibm security for smart grids
02 ibm security for smart gridsIBM Italia Web Team
 
Veena kakati
Veena kakatiVeena kakati
Veena kakativeena kakati
 
SGSB Webcast 4: Smart Grid Security Standards in Mid 2010
SGSB Webcast 4: Smart Grid Security Standards in Mid 2010SGSB Webcast 4: Smart Grid Security Standards in Mid 2010
SGSB Webcast 4: Smart Grid Security Standards in Mid 2010Andy Bochman
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationEnergySec
 
Network Audit
Network AuditNetwork Audit
Network AuditMichael Cohen
 
Presentation1 160729072733
Presentation1 160729072733Presentation1 160729072733
Presentation1 160729072733SIVA SASTHRI
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Leonardo ENERGY
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Dave Darnell
 
Light sec for utilities and critical infrastructure white paper
Light sec for utilities and critical infrastructure white paperLight sec for utilities and critical infrastructure white paper
Light sec for utilities and critical infrastructure white paperGeorge Wainblat
 
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...Nur Shiqim Chok
 
Cyber Security of Power grids
Cyber Security of Power grids Cyber Security of Power grids
Cyber Security of Power grids Jishnu Pradeep
 
Smart grid chinedu opara(m00560830)
Smart grid chinedu opara(m00560830)Smart grid chinedu opara(m00560830)
Smart grid chinedu opara(m00560830)Chinedu Opara
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C KNarinrit Prem-apiwathanokul
 
SGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securitySGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securityAndy Bochman
 
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAndy Taylor
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachEnergySec
 

More Related Content

What's hot

Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...University of Southern California
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Nathan Wallace, PhD, PE
 
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 ComplianceFeldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 ComplianceCoreTrace Corporation
 
Malicious Software Prevention for NERC CIP-007 Compliance:
Malicious Software Prevention for NERC CIP-007 Compliance:Malicious Software Prevention for NERC CIP-007 Compliance:
Malicious Software Prevention for NERC CIP-007 Compliance:CoreTrace Corporation
 
SGSB Webcast 4: Smart Grid Security Standards in Mid 2010
SGSB Webcast 4: Smart Grid Security Standards in Mid 2010SGSB Webcast 4: Smart Grid Security Standards in Mid 2010
SGSB Webcast 4: Smart Grid Security Standards in Mid 2010Andy Bochman
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationEnergySec
 
Presentation1 160729072733
Presentation1 160729072733Presentation1 160729072733
Presentation1 160729072733SIVA SASTHRI
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Leonardo ENERGY
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Dave Darnell
 
Light sec for utilities and critical infrastructure white paper
Light sec for utilities and critical infrastructure white paperLight sec for utilities and critical infrastructure white paper
Light sec for utilities and critical infrastructure white paperGeorge Wainblat
 
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...Nur Shiqim Chok
 
Cyber Security of Power grids
Cyber Security of Power grids Cyber Security of Power grids
Cyber Security of Power grids Jishnu Pradeep
 
Smart grid chinedu opara(m00560830)
Smart grid chinedu opara(m00560830)Smart grid chinedu opara(m00560830)
Smart grid chinedu opara(m00560830)Chinedu Opara
 
SGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securitySGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securityAndy Bochman
 
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAndy Taylor
 

What's hot (20)

Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
Cyber security for the smart grid, Clifford Neuman, Information Sciences Inst...
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges
 
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 ComplianceFeldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
Feldman-Encari: Malicious Software Prevention For NERC CIP-007 Compliance
 
Malicious Software Prevention for NERC CIP-007 Compliance:
Malicious Software Prevention for NERC CIP-007 Compliance:Malicious Software Prevention for NERC CIP-007 Compliance:
Malicious Software Prevention for NERC CIP-007 Compliance:
 
02 ibm security for smart grids
02 ibm security for smart grids02 ibm security for smart grids
02 ibm security for smart grids
 
Veena kakati
Veena kakatiVeena kakati
Veena kakati
 
SGSB Webcast 4: Smart Grid Security Standards in Mid 2010
SGSB Webcast 4: Smart Grid Security Standards in Mid 2010SGSB Webcast 4: Smart Grid Security Standards in Mid 2010
SGSB Webcast 4: Smart Grid Security Standards in Mid 2010
 
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and EducationOpen Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and Education
 
Network Audit
Network AuditNetwork Audit
Network Audit
 
Presentation1 160729072733
Presentation1 160729072733Presentation1 160729072733
Presentation1 160729072733
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16
 
Light sec for utilities and critical infrastructure white paper
Light sec for utilities and critical infrastructure white paperLight sec for utilities and critical infrastructure white paper
Light sec for utilities and critical infrastructure white paper
 
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...
[Cisco Connect 2018 - Vietnam] 1. lam doan introducing cisco dna assurance-...
 
Cyber Security of Power grids
Cyber Security of Power grids Cyber Security of Power grids
Cyber Security of Power grids
 
Smart grid chinedu opara(m00560830)
Smart grid chinedu opara(m00560830)Smart grid chinedu opara(m00560830)
Smart grid chinedu opara(m00560830)
 
S C A D A Security Keynote C K
S C A D A Security Keynote C KS C A D A Security Keynote C K
S C A D A Security Keynote C K
 
SGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securitySGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data security
 
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
 

Viewers also liked

Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachEnergySec
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...EnergySec
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...EnergySec
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network ArchitecturesEnergySec
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?EnergySec
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...EnergySec
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleEnergySec
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!EnergySec
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueEnergySec
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...EnergySec
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementEnergySec
 

Viewers also liked (14)

Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
 
Unidirectional Network Architectures
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWsExplore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleNERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
 
Where Cyber Security Meets Operational Value
Where Cyber Security Meets Operational ValueWhere Cyber Security Meets Operational Value
Where Cyber Security Meets Operational Value
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementLessons Learned For NERC CIPv5 Compliance & Configuration Change Management
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
 

Similar to CIP Version 5 Immersion Workshop

Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilitiesNirmal Thaliyil
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)Ivan Carmona
 
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati
 
NIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric UtilitiesNIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric UtilitiesDr Dev Kambhampati
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
 
NERC v6.0 for ESM Solution Guide
NERC v6.0 for ESM Solution GuideNERC v6.0 for ESM Solution Guide
NERC v6.0 for ESM Solution Guideprotect724rkeer
 
Wide area protection-and_emergency_control (1)
Wide area protection-and_emergency_control (1)Wide area protection-and_emergency_control (1)
Wide area protection-and_emergency_control (1)Alaa Eladl
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security FrameworkNorbi Hegedus
 
Secure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingSecure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingAnita D'Amico
 
Cyber security regulation strictly regulated by nrc feb 2013
Cyber security regulation strictly regulated by nrc feb 2013Cyber security regulation strictly regulated by nrc feb 2013
Cyber security regulation strictly regulated by nrc feb 2013Yury Chemerkin
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesNJVC, LLC
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorKaspersky
 
Cloud computing security- critical infrastructures
Cloud computing security- critical infrastructuresCloud computing security- critical infrastructures
Cloud computing security- critical infrastructuresMohammed Saqib
 
Tucson Electric Power Commissions Secunia's Vulnerability Intelligence Manage...
Tucson Electric Power Commissions Secunia's Vulnerability Intelligence Manage...Tucson Electric Power Commissions Secunia's Vulnerability Intelligence Manage...
Tucson Electric Power Commissions Secunia's Vulnerability Intelligence Manage...Flexera
 
Eidws 107 information assurance
Eidws 107 information assuranceEidws 107 information assurance
Eidws 107 information assuranceIT2Alcorn
 
Cyber security for manufacturers umuc cadf-ron mcfarland
Cyber security for manufacturers umuc cadf-ron mcfarlandCyber security for manufacturers umuc cadf-ron mcfarland
Cyber security for manufacturers umuc cadf-ron mcfarlandHighervista
 

Similar to CIP Version 5 Immersion Workshop (20)

Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
 
White paper scada (2)
White paper scada (2)White paper scada (2)
White paper scada (2)
 
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational Awareness
 
NIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric UtilitiesNIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric Utilities
 
Power station monitoring and cyber security
Power station monitoring and cyber securityPower station monitoring and cyber security
Power station monitoring and cyber security
 
RF_NEC
RF_NECRF_NEC
RF_NEC
 
Cyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control SystemsCyber-Defensive Architecture for Networked Industrial Control Systems
Cyber-Defensive Architecture for Networked Industrial Control Systems
 
NERC v6.0 for ESM Solution Guide
NERC v6.0 for ESM Solution GuideNERC v6.0 for ESM Solution Guide
NERC v6.0 for ESM Solution Guide
 
Wide area protection-and_emergency_control (1)
Wide area protection-and_emergency_control (1)Wide area protection-and_emergency_control (1)
Wide area protection-and_emergency_control (1)
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security Framework
 
Secure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security SensemakingSecure Decisions - Cyber Security Sensemaking
Secure Decisions - Cyber Security Sensemaking
 
Cyber security regulation strictly regulated by nrc feb 2013
Cyber security regulation strictly regulated by nrc feb 2013Cyber security regulation strictly regulated by nrc feb 2013
Cyber security regulation strictly regulated by nrc feb 2013
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military Agencies
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy Sector
 
Cloud computing security- critical infrastructures
Cloud computing security- critical infrastructuresCloud computing security- critical infrastructures
Cloud computing security- critical infrastructures
 
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
 
Tucson Electric Power Commissions Secunia's Vulnerability Intelligence Manage...
Tucson Electric Power Commissions Secunia's Vulnerability Intelligence Manage...Tucson Electric Power Commissions Secunia's Vulnerability Intelligence Manage...
Tucson Electric Power Commissions Secunia's Vulnerability Intelligence Manage...
 
Utilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA NetworksUtilization of Encryption for Security in SCADA Networks
Utilization of Encryption for Security in SCADA Networks
 
Eidws 107 information assurance
Eidws 107 information assuranceEidws 107 information assurance
Eidws 107 information assurance
 
Cyber security for manufacturers umuc cadf-ron mcfarland
Cyber security for manufacturers umuc cadf-ron mcfarlandCyber security for manufacturers umuc cadf-ron mcfarland
Cyber security for manufacturers umuc cadf-ron mcfarland
 

More from EnergySec

Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyEnergySec
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsEnergySec
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherEnergySec
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherEnergySec
 
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...EnergySec
 
Sea Changes, Strategic Implications, Board Cyber Perspectives
Sea Changes, Strategic Implications, Board Cyber PerspectivesSea Changes, Strategic Implications, Board Cyber Perspectives
Sea Changes, Strategic Implications, Board Cyber PerspectivesEnergySec
 
Red Teaming and Energy Grid Security
Red Teaming and Energy Grid SecurityRed Teaming and Energy Grid Security
Red Teaming and Energy Grid SecurityEnergySec
 
CIP-014-1: Next Steps from an Auditor’s Perspective
CIP-014-1: Next Steps from an Auditor’s PerspectiveCIP-014-1: Next Steps from an Auditor’s Perspective
CIP-014-1: Next Steps from an Auditor’s PerspectiveEnergySec
 
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...EnergySec
 
Event Correlation Applications for Utilities
Event Correlation Applications for UtilitiesEvent Correlation Applications for Utilities
Event Correlation Applications for UtilitiesEnergySec
 

More from EnergySec (12)

Jack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, AnecdotallyJack Whitsitt - Yours, Anecdotally
Jack Whitsitt - Yours, Anecdotally
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
 
Industrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With ScissorsIndustrial Technology Trajectory: Running With Scissors
Industrial Technology Trajectory: Running With Scissors
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working Together
 
What the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each OtherWhat the Department of Defense and Energy Sector Can Learn from Each Other
What the Department of Defense and Energy Sector Can Learn from Each Other
 
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...
 
Sea Changes, Strategic Implications, Board Cyber Perspectives
Sea Changes, Strategic Implications, Board Cyber PerspectivesSea Changes, Strategic Implications, Board Cyber Perspectives
Sea Changes, Strategic Implications, Board Cyber Perspectives
 
Red Teaming and Energy Grid Security
Red Teaming and Energy Grid SecurityRed Teaming and Energy Grid Security
Red Teaming and Energy Grid Security
 
CIP-014-1: Next Steps from an Auditor’s Perspective
CIP-014-1: Next Steps from an Auditor’s PerspectiveCIP-014-1: Next Steps from an Auditor’s Perspective
CIP-014-1: Next Steps from an Auditor’s Perspective
 
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
 
Event Correlation Applications for Utilities
Event Correlation Applications for UtilitiesEvent Correlation Applications for Utilities
Event Correlation Applications for Utilities
 

Recently uploaded

Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

CIP Version 5 Immersion Workshop

  • 1. CIP Version 5 Immersion EnergySec Summit August 19, 2014 Steven Parker Stacy Bresler
  • 2. Welcome  Logistics  Workshop format  Introductions  Agenda – Overview of major changes in V5 – Discussion of key definitions – Discussion of key transition issues – Q&A 2
  • 3. Major Changes  19 new or revised definitions  Bright Line Criteria  BES Cyber Assets/Systems  High/Medium/Low  Requirement Applicability Tables  Guidelines and Technical Basis  New and relocated requirements
  • 4. Bright Line Criteria  Assigns impact levels to BES Cyber Systems associated with Facilities based on specific criteria  Provides three levels of impact  May depend on 3rd party designations  In practice, not so bright. 4 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 5. Impact Levels  High – Primarily large control centers  Medium – Primarily large generation, critical generation, major substations, and remaining control centers  Low – Everything else that meets the definition of BES 5 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 6. Applicability Tables  New approach to requirements  Each requirement lists in-scope asset types  Requirements vary by impact level and type of asset  EACMS and PACS are directly listed instead of included by reference. 6 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 7. Guidelines and Technical Basis  Provides substantial narrative discussion on the requirements  Provides the SDT’s intent for certain requirements  Discussed the technical basis for certain requirements  Contains some conflicting or unsupported statements  Legal status is uncertain 7 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 8. Definitions CIP version 5 has 19 new or revised definitions to the NERC Glossary. We will review the most pertinent here today 8 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 9. Cyber Assets Programmable electronic devices, including the hardware, software, and data in those devices. • Communication networks have been removed from the definition of Cyber Asset
  • 10. BES Cyber Assets A Cyber Asset that if rendered unavailable, degraded, or misused would, within 15 minutes of its required operation, misoperation, or non-operation, adversely impact one or more Facilities, systems, or equipment, which, if destroyed, degraded, or otherwise rendered unavailable when needed, would affect the reliable operation of the Bulk Electric System. Redundancy of affected Facilities, systems, and equipment shall not be considered when determining adverse impact. Each BES Cyber Asset is included in one or more BES Cyber Systems. (A Cyber Asset is not a BES Cyber Asset if, for 30 consecutive calendar days or less, it is directly connected to a network within an ESP, a Cyber Asset within an ESP, or to a BES Cyber Asset, and it is used for data transfer, vulnerability assessment, maintenance, or troubleshooting purposes.)
  • 11. BES Cyber Assets Steve’s Translation: A Cyber Asset that, if pwned, would allow a bad guy to disrupt the operation of a facility that meets the Bright Line criteria.
  • 12. BES Cyber Systems One or more BES Cyber Assets logically grouped by a responsible entity to perform one or more reliability tasks for a functional entity
  • 13. BES Cyber System Information Information about the BES Cyber System that could be used to gain unauthorized access or pose a security threat to the BES Cyber System. BES Cyber System Information does not include individual pieces of information that by themselves do not pose a threat or could not be used to allow unauthorized access to BES Cyber Systems, such as, but not limited to, device names, individual IP addresses without context, ESP names, or policy statements. Examples of BES Cyber System Information may include, but are not limited to, security procedures or security information about BES Cyber Systems, Physical Access Control Systems, and Electronic Access Control or Monitoring Systems that is not publicly available and could be used to allow unauthorized access or unauthorized distribution; collections of network addresses; and network topology of the BES Cyber System. 13 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 14. Electronic Access Control or Monitoring Systems Cyber Assets that perform electronic access control or electronic access monitoring of the Electronic Security Perimeter(s) or BES Cyber Systems. This includes Intermediate Devices. 14 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 15. Electronic Access Point A Cyber Asset interface on an Electronic Security Perimeter that allows routable communication between Cyber Assets outside an Electronic Security Perimeter and Cyber Assets inside an Electronic Security Perimeter.  Routable communications only  Refers to interface, not a device  Direction not specified (See External Routable Connectivity)
  • 16. Electronic Security Perimeter [OLD] The logical border surrounding a network to which Critical Cyber Assets are connected and for which access is controlled. [NEW] The logical border surrounding a network to which BES Cyber Systems are connected using a routable protocol.  Now limited to routable protocols
  • 17. External Routable Connectivity The ability to access a BES Cyber System from a Cyber Asset that is outside of its associated Electronic Security Perimeter via a bi-directional routable protocol connection.
  • 18. Interactive Remote Access User-initiated access by a person employing a remote access client or other remote access technology using a routable protocol. Remote access originates from a Cyber Asset that is not an Intermediate Device and not located within any of the Responsible Entity’s Electronic Security Perimeter(s) or at a defined Electronic Access Point (EAP). Remote access may be initiated from: 1) Cyber Assets used or owned by the Responsible Entity, 2) Cyber Assets used or owned by employees, and 3) Cyber Assets used or owned by vendors, contractors, or consultants. Interactive remote access does not include system-to- system process communications.
  • 19. Interactive Remote Access User-initiated access by a person employing a remote access client or other remote access technology using a routable protocol. Remote access originates from a Cyber Asset that is not an Intermediate Device and not located within any of the Responsible Entity’s Electronic Security Perimeter(s) or at a defined Electronic Access Point (EAP).  IRA must be controlled pursuant to CIP-005 R2  ESP to ESP access is not covered by this definition  By definition, does not include non-routable protocols access  Encryption and intermediate devices are required
  • 20. Intermediate System A Cyber Asset or collection of Cyber Assets performing access control to restrict Interactive Remote Access to only authorized users. The Intermediate System must not be located inside the Electronic Security Perimeter. 20 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 22. Top 10 Issues 1. Asset Identification 2. BES Cyber System grouping 3. Impact level assessment 4. New ESP Definitions 5. Detection of Malicious Communications 6. Interactive Remote Access 7. Patch Management 8. Handling of BES Cyber System Information 22 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 23. Top 10 Issues 9. Protection of Physical I/O Ports A. Low Impact Assets B. New Definitions C. Data Preservation During Recovery D. Baseline Configurations E. Vulnerability Assessments F. Security Event Monitoring 10.Documentation Updates 23 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 24. Asset Identification  15 minute criteria  BROS  Inventory  Not your father’s RBAM 24 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 25. BES Cyber System Grouping  Definition  Logical or not?  Considerations – Location – Connectivity – Impact Ratings 25 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 26. Impact Level Assessment  Bright Lines  Impact ratings are applied to BES Cyber Systems, NOT assets or Facilities  Not based on connectivity  High includes location consideration  Medium does NOT include location  Associated with  Low Impact 26 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 27. New ESP Definitions  Routable protocols only  External Routable Connectivity – ESP? – Cyber System? – Cyber Asset?  Non-programmable network elements  Non-routable connections 27 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 28. Detection of Malicious Communications  New requirement  Many ways to skin the cat  Functional requirement  Plausibly effective 28 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 29. Interactive Remote Access  New Requirements  Intermediate Systems  Technical Architecture – Placement of IS – Multi-factor auth – Encryption 29 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 30. Patch Management  Source identification  Must implement or mitigate  New timelines  Windows XP  TFEs 30 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 31. Handling of BES Cyber System Information  New Definition  Storage  Use  Transit  BCSI Repositories  Disposal and redeployment 31 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 32. Low Impact Assets  Implementation of policies  Uncertainty on V6  External routable protocol paths  Lists vs. inventory 32 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 33. Baseline Configurations  New requirements  Specific attributes to be collected  Broad applicability  Change management of configurations 33 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 34. Vulnerability Assessments  Not well defined  Paper vs. active  Not a pen test  Documentation and follow up requirements 34 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 35. Security Event Monitoring  Functional requirements  Plausibly effective  Guidance and technical basis comments 35 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 36. Data Preservation During Recovery  Recovery plans need to address preservation of forensics evidence  Timelines 36 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 37. Protection of Physical I/O Ports  Control centers only  Does not need to be preventative  Device configuration can suffice 37 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 38. Documentation Updates  New terminology  Renumbered and relocated requirements  Cybersecurity policy requirements expanded  Nearly all requirements require documented processes 38 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 39. New Definitions and Terminology  Time to relearn the language  READ THE GLOSSARY! 39 The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec with funding assistance from the U.S. Department of Energy
  • 41. Thank You Steven H Parker President, EnergySec steve@energysec.org 503.905.2923 (desk) @es_shp (twitter) www.energysec.org