SlideShare a Scribd company logo

Securing The Smart City

Download as PPTX, PDF
K
Kyle Chambers

Data Handling Controls for sensitive data.

Data & Analytics
1 of 19
SECURING THE SMART CITY Kyle Chambers – Security Analyst
WHAT DO YOU KNOW ABOUT YOUR AMI DATA?
SMART METERS • Smart Meters increase frequency of reporting • They don’t know more, they just talk now • It’s not more columns, it’s more rows
HEURISITCS  You want smart load shed events  You want faults detected quicker  Your bill goes down as theft is eliminated You probably don’t like us having heuristics of your daily schedule, but…
• DataRaker analyzes electric meter data and account attributes daily for AE’s entire customer base • Deployed algorithms addressing Meter Operations and Revenue Protection use cases • AE reviews algorithm output for actionable results and issues work orders accordingly A couple of scenarios… AUSTIN ENERGY AND DATARAKER
REVENUE PROTECTION: INACTIVE WITH CONSUMPTION ALGORITHM Purpose: • Identify meters with unexpected consumption Outcomes: • Identifies process errors and tampering • Recovered $1.2 million in unaccounted for revenue within first 6 months, including 4 tamper events.
INACTIVE WITH CONSUMPTION SAMPLE RESULT
DYING POWER OUT ALGORITHM • Purpose: The number of times a meter issues a null report per minute is indicative of failing meters. • Analytics • Dying Power Out algorithm runs & prioritizes results: • < 10 power outages reported by the meter in past 10 days • ≥10 and < 25 power outages in past 10 days • ≥ 25 and < 100 power outages in past 10 days • ≥ 100 power outages in past 10 days Start Logic
DYING POWER OUT: SAMPLE RESULT
• AMI data is combined with ______ for billing? • Texas Business and Commerce Code http://www.statutes.legis.state.tx.us/Docs/BC/htm/BC.521.htm • NIST SP 800-122 http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-122.pdf • FACTA https://www.ftc.gov/enforcement/statutes/fair-accurate-credit-transactions-act-2003 WHAT CONTROLS?
• Find the Information Assurance Manager or a data owner, or it's on you • It matters more to know ALL the risks and the mitigations place than to have a clean sheet of paper. • Mitigations become risks more often than desired WHO’S IN CHARGE HERE?
• Technical controls > Administrative controls TAKING CONTROL(S) City policy says to throw this on the ground. • You wont get every technical control or log • Decline. Every. Single. Gift.
• Legal Does legal lose their ability for recourse if a breach happens in a foreign country? • HR Do you know the current workforce requirements? • NetOps Remote and/or local network access language probably already exists. • Compliance For matching controls to regulatory language, they may high five you. DEVELOPING CONTROLS: EVERYONE HAS A PART
Scrutinize your controls more than the others If your controls double the price, you may get of them, Business will win, every time. BO-RING Follow established guidance – NIST may read funny, but it has an accepted meaning.
• Get Everything in Writing • SAVE ALL OF THE THINGS!!! ALL OF THE THINGS! Controls were the easy part - now audit…
AUDITS • If you can't audit the controls, 100% your fault. A right to audit should be standard. What you think you’ll look like • How you audit the controls and method of delivery can vary greatly • Provision and deliverables should be contractual
WHAT TO AUDIT  Database and OS logs/attestations  Physical access logs/attestations What you Really Look Like  Procedures for the physical and digital destruction of media  Change control for modifications to the environment  Environment for tenancy and status of certifications (e.g. SSAE SOC)
SHOW ME WHAT YOU GOT • Are you getting any feeds into your SIEM from cloud solutions? • Would you be able to see anomalous activity like rogue DBA login or large exfil? • Are you seeing logs from the applications that access the environment? • What would you expect from similar internal deployments, why is this different?
People do what you inspect, not what you expect. -Louis V. Gerstner, Jr.

Recommended

Top Benefits Order Processing Automation
Top Benefits Order Processing AutomationTop Benefits Order Processing Automation
Top Benefits Order Processing AutomationEsker, Inc.
 
3 types of monitoring for 2020
3 types of monitoring for 20203 types of monitoring for 2020
3 types of monitoring for 2020T. Alexander Lystad
 
Datavend Presentation
Datavend PresentationDatavend Presentation
Datavend PresentationRebecca Richardson
 
Ahmed
AhmedAhmed
AhmedAhmed Abd Elhamed
 
Leading Healthcare in New Jersey trusts OpManager LEE
Leading Healthcare in New Jersey trusts OpManager LEELeading Healthcare in New Jersey trusts OpManager LEE
Leading Healthcare in New Jersey trusts OpManager LEEManageEngine, Zoho Corporation
 
Invoice & AP Automation: Improving Cash Flow Management
Invoice & AP Automation: Improving Cash Flow ManagementInvoice & AP Automation: Improving Cash Flow Management
Invoice & AP Automation: Improving Cash Flow ManagementNet at Work
 
Endurance Consultancy
Endurance ConsultancyEndurance Consultancy
Endurance ConsultancyMayankumar Shah
 
IoT Smart System Technology 2020
IoT Smart System Technology 2020IoT Smart System Technology 2020
IoT Smart System Technology 2020FernandoMarimba
 

Recommended

Top Benefits Order Processing Automation
Top Benefits Order Processing AutomationTop Benefits Order Processing Automation
Top Benefits Order Processing AutomationEsker, Inc.
 
3 types of monitoring for 2020
3 types of monitoring for 20203 types of monitoring for 2020
3 types of monitoring for 2020T. Alexander Lystad
 
Datavend Presentation
Datavend PresentationDatavend Presentation
Datavend PresentationRebecca Richardson
 
Ahmed
AhmedAhmed
AhmedAhmed Abd Elhamed
 
Leading Healthcare in New Jersey trusts OpManager LEE
Leading Healthcare in New Jersey trusts OpManager LEELeading Healthcare in New Jersey trusts OpManager LEE
Leading Healthcare in New Jersey trusts OpManager LEEManageEngine, Zoho Corporation
 
Invoice & AP Automation: Improving Cash Flow Management
Invoice & AP Automation: Improving Cash Flow ManagementInvoice & AP Automation: Improving Cash Flow Management
Invoice & AP Automation: Improving Cash Flow ManagementNet at Work
 
Endurance Consultancy
Endurance ConsultancyEndurance Consultancy
Endurance ConsultancyMayankumar Shah
 
IoT Smart System Technology 2020
IoT Smart System Technology 2020IoT Smart System Technology 2020
IoT Smart System Technology 2020FernandoMarimba
 
Abila MIP Accounts Payable Module
Abila MIP Accounts Payable ModuleAbila MIP Accounts Payable Module
Abila MIP Accounts Payable ModuleNet at Work
 
Safety Inspection Software
Safety Inspection SoftwareSafety Inspection Software
Safety Inspection SoftwareIMEC Technologies
 
APM for Enterprise WhitePaper from New Relic
APM for Enterprise WhitePaper from New RelicAPM for Enterprise WhitePaper from New Relic
APM for Enterprise WhitePaper from New RelicNew Relic
 
Datavend presentation 2014
Datavend presentation 2014Datavend presentation 2014
Datavend presentation 2014Rebecca Richardson
 
Clio accounting seminar on March 27 2014
Clio accounting seminar on March 27 2014Clio accounting seminar on March 27 2014
Clio accounting seminar on March 27 2014Omar Ha-Redeye
 
MONITORING AND ALERT SYSTEM FOR SENSITIVE COLD STORAGES
MONITORING AND ALERT SYSTEM FOR SENSITIVE COLD STORAGESMONITORING AND ALERT SYSTEM FOR SENSITIVE COLD STORAGES
MONITORING AND ALERT SYSTEM FOR SENSITIVE COLD STORAGESvackerdxb
 
PHONE CALL ALERT SYSTEM FOR COLD STORAGES/FREEZERS
PHONE CALL ALERT SYSTEM FOR COLD STORAGES/FREEZERSPHONE CALL ALERT SYSTEM FOR COLD STORAGES/FREEZERS
PHONE CALL ALERT SYSTEM FOR COLD STORAGES/FREEZERSvackerdxb
 
THUM'S UP! : Wireless Troubleshooting of Intermittent Upsets
THUM'S UP! : Wireless Troubleshooting of Intermittent UpsetsTHUM'S UP! : Wireless Troubleshooting of Intermittent Upsets
THUM'S UP! : Wireless Troubleshooting of Intermittent UpsetsEmerson Exchange
 
EAM & CMMS - Introduction to Transcendent
EAM & CMMS - Introduction to TranscendentEAM & CMMS - Introduction to Transcendent
EAM & CMMS - Introduction to TranscendentTranscendent
 
Remote HVAC service presentation
Remote HVAC service presentationRemote HVAC service presentation
Remote HVAC service presentationVicky Ashkenazi
 
Self-Aware Buildings - Leading the way for the future
Self-Aware Buildings - Leading the way for the futureSelf-Aware Buildings - Leading the way for the future
Self-Aware Buildings - Leading the way for the futureIGBC Green Building Congress
 
Semi-Real Time Inclinometer readings using Wireless Technologies
Semi-Real Time Inclinometer readings using Wireless TechnologiesSemi-Real Time Inclinometer readings using Wireless Technologies
Semi-Real Time Inclinometer readings using Wireless TechnologiesRekaNext Capital
 
PTI Mountain West General Line Card
PTI Mountain West General Line CardPTI Mountain West General Line Card
PTI Mountain West General Line CardProcess Technology, Inc.
 
Document Capture: Never Touch a Document Again
Document Capture: Never Touch a Document AgainDocument Capture: Never Touch a Document Again
Document Capture: Never Touch a Document AgainNet at Work
 
DCBADD2015 public sector agile
DCBADD2015 public sector agileDCBADD2015 public sector agile
DCBADD2015 public sector agileIIBADCBADD
 
Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingIts Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingAtif Ghauri
 
NARCA Presentation - IT Best Practice
NARCA Presentation - IT Best PracticeNARCA Presentation - IT Best Practice
NARCA Presentation - IT Best PracticeBrenda Majewski
 
CAAT_Outa_Bag
CAAT_Outa_BagCAAT_Outa_Bag
CAAT_Outa_BagJennifer Goines, ACDA
 
How to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat DetectionHow to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat DetectionAlienVault
 
Transactional Streaming: If you can compute it, you can probably stream it.
Transactional Streaming: If you can compute it, you can probably stream it.Transactional Streaming: If you can compute it, you can probably stream it.
Transactional Streaming: If you can compute it, you can probably stream it.jhugg
 
Acculink systems end user presentation
Acculink systems end user presentationAcculink systems end user presentation
Acculink systems end user presentationArt Morrison
 
NZS-4555 - IT Analytics Keynote - IT Analytics for the Enterprise
NZS-4555 - IT Analytics Keynote - IT Analytics for the EnterpriseNZS-4555 - IT Analytics Keynote - IT Analytics for the Enterprise
NZS-4555 - IT Analytics Keynote - IT Analytics for the EnterpriseIBM z Systems Software - IT Service Management
 

More Related Content

What's hot

Abila MIP Accounts Payable Module
Abila MIP Accounts Payable ModuleAbila MIP Accounts Payable Module
Abila MIP Accounts Payable ModuleNet at Work
 
APM for Enterprise WhitePaper from New Relic
APM for Enterprise WhitePaper from New RelicAPM for Enterprise WhitePaper from New Relic
APM for Enterprise WhitePaper from New RelicNew Relic
 
Clio accounting seminar on March 27 2014
Clio accounting seminar on March 27 2014Clio accounting seminar on March 27 2014
Clio accounting seminar on March 27 2014Omar Ha-Redeye
 
MONITORING AND ALERT SYSTEM FOR SENSITIVE COLD STORAGES
MONITORING AND ALERT SYSTEM FOR SENSITIVE COLD STORAGESMONITORING AND ALERT SYSTEM FOR SENSITIVE COLD STORAGES
MONITORING AND ALERT SYSTEM FOR SENSITIVE COLD STORAGESvackerdxb
 
PHONE CALL ALERT SYSTEM FOR COLD STORAGES/FREEZERS
PHONE CALL ALERT SYSTEM FOR COLD STORAGES/FREEZERSPHONE CALL ALERT SYSTEM FOR COLD STORAGES/FREEZERS
PHONE CALL ALERT SYSTEM FOR COLD STORAGES/FREEZERSvackerdxb
 
THUM'S UP! : Wireless Troubleshooting of Intermittent Upsets
THUM'S UP! : Wireless Troubleshooting of Intermittent UpsetsTHUM'S UP! : Wireless Troubleshooting of Intermittent Upsets
THUM'S UP! : Wireless Troubleshooting of Intermittent UpsetsEmerson Exchange
 
EAM & CMMS - Introduction to Transcendent
EAM & CMMS - Introduction to TranscendentEAM & CMMS - Introduction to Transcendent
EAM & CMMS - Introduction to TranscendentTranscendent
 
Remote HVAC service presentation
Remote HVAC service presentationRemote HVAC service presentation
Remote HVAC service presentationVicky Ashkenazi
 
Self-Aware Buildings - Leading the way for the future
Self-Aware Buildings - Leading the way for the futureSelf-Aware Buildings - Leading the way for the future
Self-Aware Buildings - Leading the way for the futureIGBC Green Building Congress
 
Semi-Real Time Inclinometer readings using Wireless Technologies
Semi-Real Time Inclinometer readings using Wireless TechnologiesSemi-Real Time Inclinometer readings using Wireless Technologies
Semi-Real Time Inclinometer readings using Wireless TechnologiesRekaNext Capital
 
Document Capture: Never Touch a Document Again
Document Capture: Never Touch a Document AgainDocument Capture: Never Touch a Document Again
Document Capture: Never Touch a Document AgainNet at Work
 

What's hot (14)

Abila MIP Accounts Payable Module
Abila MIP Accounts Payable ModuleAbila MIP Accounts Payable Module
Abila MIP Accounts Payable Module
 
Safety Inspection Software
Safety Inspection SoftwareSafety Inspection Software
Safety Inspection Software
 
APM for Enterprise WhitePaper from New Relic
APM for Enterprise WhitePaper from New RelicAPM for Enterprise WhitePaper from New Relic
APM for Enterprise WhitePaper from New Relic
 
Datavend presentation 2014
Datavend presentation 2014Datavend presentation 2014
Datavend presentation 2014
 
Clio accounting seminar on March 27 2014
Clio accounting seminar on March 27 2014Clio accounting seminar on March 27 2014
Clio accounting seminar on March 27 2014
 
MONITORING AND ALERT SYSTEM FOR SENSITIVE COLD STORAGES
MONITORING AND ALERT SYSTEM FOR SENSITIVE COLD STORAGESMONITORING AND ALERT SYSTEM FOR SENSITIVE COLD STORAGES
MONITORING AND ALERT SYSTEM FOR SENSITIVE COLD STORAGES
 
PHONE CALL ALERT SYSTEM FOR COLD STORAGES/FREEZERS
PHONE CALL ALERT SYSTEM FOR COLD STORAGES/FREEZERSPHONE CALL ALERT SYSTEM FOR COLD STORAGES/FREEZERS
PHONE CALL ALERT SYSTEM FOR COLD STORAGES/FREEZERS
 
THUM'S UP! : Wireless Troubleshooting of Intermittent Upsets
THUM'S UP! : Wireless Troubleshooting of Intermittent UpsetsTHUM'S UP! : Wireless Troubleshooting of Intermittent Upsets
THUM'S UP! : Wireless Troubleshooting of Intermittent Upsets
 
EAM & CMMS - Introduction to Transcendent
EAM & CMMS - Introduction to TranscendentEAM & CMMS - Introduction to Transcendent
EAM & CMMS - Introduction to Transcendent
 
Remote HVAC service presentation
Remote HVAC service presentationRemote HVAC service presentation
Remote HVAC service presentation
 
Self-Aware Buildings - Leading the way for the future
Self-Aware Buildings - Leading the way for the futureSelf-Aware Buildings - Leading the way for the future
Self-Aware Buildings - Leading the way for the future
 
Semi-Real Time Inclinometer readings using Wireless Technologies
Semi-Real Time Inclinometer readings using Wireless TechnologiesSemi-Real Time Inclinometer readings using Wireless Technologies
Semi-Real Time Inclinometer readings using Wireless Technologies
 
PTI Mountain West General Line Card
PTI Mountain West General Line CardPTI Mountain West General Line Card
PTI Mountain West General Line Card
 
Document Capture: Never Touch a Document Again
Document Capture: Never Touch a Document AgainDocument Capture: Never Touch a Document Again
Document Capture: Never Touch a Document Again
 

Similar to Securing The Smart City

DCBADD2015 public sector agile
DCBADD2015 public sector agileDCBADD2015 public sector agile
DCBADD2015 public sector agileIIBADCBADD
 
Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingIts Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingAtif Ghauri
 
NARCA Presentation - IT Best Practice
NARCA Presentation - IT Best PracticeNARCA Presentation - IT Best Practice
NARCA Presentation - IT Best PracticeBrenda Majewski
 
How to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat DetectionHow to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat DetectionAlienVault
 
Transactional Streaming: If you can compute it, you can probably stream it.
Transactional Streaming: If you can compute it, you can probably stream it.Transactional Streaming: If you can compute it, you can probably stream it.
Transactional Streaming: If you can compute it, you can probably stream it.jhugg
 
Acculink systems end user presentation
Acculink systems end user presentationAcculink systems end user presentation
Acculink systems end user presentationArt Morrison
 
The Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyThe Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your Technologynerdsonsite
 
Acculink systems end user presentation
Acculink systems end user presentationAcculink systems end user presentation
Acculink systems end user presentationArt Morrison
 
The Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyThe Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyKevin Lloyd
 
TACOM 2014: Back To Basics
TACOM 2014: Back To BasicsTACOM 2014: Back To Basics
TACOM 2014: Back To BasicsJoel Cardella
 
How to know if your business needs an enterprise app
How to know if your business needs an enterprise appHow to know if your business needs an enterprise app
How to know if your business needs an enterprise appJourneyApps
 
Observability – the good, the bad, and the ugly
Observability – the good, the bad, and the uglyObservability – the good, the bad, and the ugly
Observability – the good, the bad, and the uglyTimetrix
 
Sage Fixed Assets Accounting for Sage 100
Sage Fixed Assets Accounting for Sage 100Sage Fixed Assets Accounting for Sage 100
Sage Fixed Assets Accounting for Sage 100Net at Work
 
Mobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons LearnedMobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons LearnedNimonik
 
Brighttalk high scale low touch and other bedtime stories - final
Brighttalk high scale low touch and other bedtime stories - finalBrighttalk high scale low touch and other bedtime stories - final
Brighttalk high scale low touch and other bedtime stories - finalAndrew White
 
Top 5 Java Performance Metrics, Tips & Tricks
Top 5 Java Performance Metrics, Tips & TricksTop 5 Java Performance Metrics, Tips & Tricks
Top 5 Java Performance Metrics, Tips & TricksAppDynamics
 
Customer-centric Metrics
Customer-centric MetricsCustomer-centric Metrics
Customer-centric MetricsMark McBride
 
Webinar Slides - How KeyBank Liberated its IT Ops from Rules-Based Event Mana...
Webinar Slides - How KeyBank Liberated its IT Ops from Rules-Based Event Mana...Webinar Slides - How KeyBank Liberated its IT Ops from Rules-Based Event Mana...
Webinar Slides - How KeyBank Liberated its IT Ops from Rules-Based Event Mana...Moogsoft
 

Similar to Securing The Smart City (20)

DCBADD2015 public sector agile
DCBADD2015 public sector agileDCBADD2015 public sector agile
DCBADD2015 public sector agile
 
Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingIts Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples Counseling
 
NARCA Presentation - IT Best Practice
NARCA Presentation - IT Best PracticeNARCA Presentation - IT Best Practice
NARCA Presentation - IT Best Practice
 
CAAT_Outa_Bag
CAAT_Outa_BagCAAT_Outa_Bag
CAAT_Outa_Bag
 
How to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat DetectionHow to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat Detection
 
Transactional Streaming: If you can compute it, you can probably stream it.
Transactional Streaming: If you can compute it, you can probably stream it.Transactional Streaming: If you can compute it, you can probably stream it.
Transactional Streaming: If you can compute it, you can probably stream it.
 
Acculink systems end user presentation
Acculink systems end user presentationAcculink systems end user presentation
Acculink systems end user presentation
 
NZS-4555 - IT Analytics Keynote - IT Analytics for the Enterprise
NZS-4555 - IT Analytics Keynote - IT Analytics for the EnterpriseNZS-4555 - IT Analytics Keynote - IT Analytics for the Enterprise
NZS-4555 - IT Analytics Keynote - IT Analytics for the Enterprise
 
The Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyThe Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your Technology
 
Acculink systems end user presentation
Acculink systems end user presentationAcculink systems end user presentation
Acculink systems end user presentation
 
The Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your TechnologyThe Benefits of Having Nerds On Site Monitoring Your Technology
The Benefits of Having Nerds On Site Monitoring Your Technology
 
TACOM 2014: Back To Basics
TACOM 2014: Back To BasicsTACOM 2014: Back To Basics
TACOM 2014: Back To Basics
 
How to know if your business needs an enterprise app
How to know if your business needs an enterprise appHow to know if your business needs an enterprise app
How to know if your business needs an enterprise app
 
Observability – the good, the bad, and the ugly
Observability – the good, the bad, and the uglyObservability – the good, the bad, and the ugly
Observability – the good, the bad, and the ugly
 
Sage Fixed Assets Accounting for Sage 100
Sage Fixed Assets Accounting for Sage 100Sage Fixed Assets Accounting for Sage 100
Sage Fixed Assets Accounting for Sage 100
 
Mobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons LearnedMobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons Learned
 
Brighttalk high scale low touch and other bedtime stories - final
Brighttalk high scale low touch and other bedtime stories - finalBrighttalk high scale low touch and other bedtime stories - final
Brighttalk high scale low touch and other bedtime stories - final
 
Top 5 Java Performance Metrics, Tips & Tricks
Top 5 Java Performance Metrics, Tips & TricksTop 5 Java Performance Metrics, Tips & Tricks
Top 5 Java Performance Metrics, Tips & Tricks
 
Customer-centric Metrics
Customer-centric MetricsCustomer-centric Metrics
Customer-centric Metrics
 
Webinar Slides - How KeyBank Liberated its IT Ops from Rules-Based Event Mana...
Webinar Slides - How KeyBank Liberated its IT Ops from Rules-Based Event Mana...Webinar Slides - How KeyBank Liberated its IT Ops from Rules-Based Event Mana...
Webinar Slides - How KeyBank Liberated its IT Ops from Rules-Based Event Mana...
 

Recently uploaded

Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusTimothy Spann
 
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxolyaivanovalion
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...amitlee9823
 
Zuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptxZuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptxolyaivanovalion
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfRachmat Ramadhan H
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionfulawalesam
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptxAnupama Kate
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfMarinCaroMartnezBerg
 
Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxolyaivanovalion
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxolyaivanovalion
 
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxBPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxMohammedJunaid861692
 
Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...shambhavirathore45
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Researchmichael115558
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023ymrp368
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecurePooja Nehwal
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Valters Lauzums
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...amitlee9823
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 

Recently uploaded (20)

Generative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and MilvusGenerative AI on Enterprise Cloud with NiFi and Milvus
Generative AI on Enterprise Cloud with NiFi and Milvus
 
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptx
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
Zuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptxZuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptx
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interaction
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
 
Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFx
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFx
 
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxBPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
 
Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 
Sampling (random) method and Non random.ppt
Sampling (random) method and Non random.pptSampling (random) method and Non random.ppt
Sampling (random) method and Non random.ppt
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
 

Securing The Smart City

  • 1. SECURING THE SMART CITY Kyle Chambers – Security Analyst
  • 2. WHAT DO YOU KNOW ABOUT YOUR AMI DATA?
  • 3. SMART METERS • Smart Meters increase frequency of reporting • They don’t know more, they just talk now • It’s not more columns, it’s more rows
  • 4. HEURISITCS  You want smart load shed events  You want faults detected quicker  Your bill goes down as theft is eliminated You probably don’t like us having heuristics of your daily schedule, but…
  • 5. • DataRaker analyzes electric meter data and account attributes daily for AE’s entire customer base • Deployed algorithms addressing Meter Operations and Revenue Protection use cases • AE reviews algorithm output for actionable results and issues work orders accordingly A couple of scenarios… AUSTIN ENERGY AND DATARAKER
  • 6. REVENUE PROTECTION: INACTIVE WITH CONSUMPTION ALGORITHM Purpose: • Identify meters with unexpected consumption Outcomes: • Identifies process errors and tampering • Recovered $1.2 million in unaccounted for revenue within first 6 months, including 4 tamper events.
  • 8. DYING POWER OUT ALGORITHM • Purpose: The number of times a meter issues a null report per minute is indicative of failing meters. • Analytics • Dying Power Out algorithm runs & prioritizes results: • < 10 power outages reported by the meter in past 10 days • ≥10 and < 25 power outages in past 10 days • ≥ 25 and < 100 power outages in past 10 days • ≥ 100 power outages in past 10 days Start Logic
  • 9. DYING POWER OUT: SAMPLE RESULT
  • 10. • AMI data is combined with ______ for billing? • Texas Business and Commerce Code http://www.statutes.legis.state.tx.us/Docs/BC/htm/BC.521.htm • NIST SP 800-122 http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-122.pdf • FACTA https://www.ftc.gov/enforcement/statutes/fair-accurate-credit-transactions-act-2003 WHAT CONTROLS?
  • 11. • Find the Information Assurance Manager or a data owner, or it's on you • It matters more to know ALL the risks and the mitigations place than to have a clean sheet of paper. • Mitigations become risks more often than desired WHO’S IN CHARGE HERE?
  • 12. • Technical controls > Administrative controls TAKING CONTROL(S) City policy says to throw this on the ground. • You wont get every technical control or log • Decline. Every. Single. Gift.
  • 13. • Legal Does legal lose their ability for recourse if a breach happens in a foreign country? • HR Do you know the current workforce requirements? • NetOps Remote and/or local network access language probably already exists. • Compliance For matching controls to regulatory language, they may high five you. DEVELOPING CONTROLS: EVERYONE HAS A PART
  • 14. Scrutinize your controls more than the others If your controls double the price, you may get of them, Business will win, every time. BO-RING Follow established guidance – NIST may read funny, but it has an accepted meaning.
  • 15. • Get Everything in Writing • SAVE ALL OF THE THINGS!!! ALL OF THE THINGS! Controls were the easy part - now audit…
  • 16. AUDITS • If you can't audit the controls, 100% your fault. A right to audit should be standard. What you think you’ll look like • How you audit the controls and method of delivery can vary greatly • Provision and deliverables should be contractual
  • 17. WHAT TO AUDIT  Database and OS logs/attestations  Physical access logs/attestations What you Really Look Like  Procedures for the physical and digital destruction of media  Change control for modifications to the environment  Environment for tenancy and status of certifications (e.g. SSAE SOC)
  • 18. SHOW ME WHAT YOU GOT • Are you getting any feeds into your SIEM from cloud solutions? • Would you be able to see anomalous activity like rogue DBA login or large exfil? • Are you seeing logs from the applications that access the environment? • What would you expect from similar internal deployments, why is this different?
  • 19. People do what you inspect, not what you expect. -Louis V. Gerstner, Jr.