SlideShare a Scribd company logo

Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill

Download as PPTX, PDF
T
TheAnfieldGroup
TechnologyBusiness
1 of 19
© AlertEnterprise Confidential Information 2012Slide 1 Eliminate Silos to Enhance Critical Infrastructure Protection Jasvir Gill, Founder & CEO AlertEnterprise, Inc.
© AlertEnterprise Confidential Information 2012Slide 2 The “Fire Sale” Is Not Fiction Anymore
© AlertEnterprise Confidential Information 2012Slide 3 AlertEnterprise Delivers a Unique Approach to Addressing Critical Infrastructure and Key Resources
© AlertEnterprise Confidential Information 2012Slide 4 Did you know? Cybersecurity threats against Utilities have grown dramatically making it the #1 Priority for Utility Executives in 2013. (U) Key Findings (U//FOUO) Disgruntled current and former utility-sector employees have successfully used their insider knowledge to damage facilities and disrupt site operations. (U//FOUO) Outsiders have attempted to solicit utility-sector employees to obtain specific information about utility infrastructure site operations and facilities that could be useful in conducting physical and cyber attacks.
© AlertEnterprise Confidential Information 2012Slide 5 Threats • Sensitive Asset Diversion • Cyber Attacks – Critical Infrastructure • Bio Terrorism (Food & Beverage) • Drug Diversion (Pharmaceuticals) • Theft (Retail, Airlines, Airports etc.) • Disgruntled employees/contractors Monitoring both Access and Behavior is a must • Who has access to assets (physical, cyber..) • Any suspicious behavior or activities • Monitoring Privileged Users (guarding the guards) Effective Response, Command and Control • Situational Awareness, Incident Response Complex/Blended Threats Span Across Many Industries
© AlertEnterprise Confidential Information 2012Slide 6 Traditional Security, Incident Management and Response Hard to Scale, Things Get Missed Geographically Dispersed assets/locations • Guards with guns – not cost-effective • Impossible to cover all locations • Putting staff at risk 3 ring binders approach not effective • Organized and State Sponsored Crime • Too long to respond Audit trail of incident management • How incident was handled – learning tool • Protection during emergency • Monitoring First Responders Leveraging investments in technology • Existing security systems • Existing IT/ERP systems, Physical Security Systems
© AlertEnterprise Confidential Information 2012Slide 7 Main Root Cause: Silos (No one has the Big Picture…)
© AlertEnterprise Confidential Information 2012Slide 8 Silos are Costly, Inefficient: Organizations Respond to Threats in Silos - Attackers Don’t think that Way. IT Resources ERP GRC Directory Services Access Management Compliance Security IT Physical Access Access Management Compliance Security PHYSICAL Control Systems Access Management Compliance Security SCADA
© AlertEnterprise Confidential Information 2012Slide 9 Bridge the gaps across silos to have a holistic Security Solution and mitigate blended threats IT Resources Physical Access Control Systems GRC Convergence Platform Identity Risk and Administration Operational Compliance Situational Awareness Incident Response
© AlertEnterprise Confidential Information 2012Slide 10 Unified View of Risk - Unify Logical, Physical and Operational Access Requests in one Screen
© AlertEnterprise Confidential Information 2012Slide 11 Controlling Access to SCADA Operational Systems  OT/SCADA credential management and user provisioning  Active Policy enforcement  Multi-vendor SCADA and OT devices supported
© AlertEnterprise Confidential Information 2012Slide 12 Operational Compliance – Automating NERC Compliance Pre-loaded compliance framework with current version of standards
© AlertEnterprise Confidential Information 2012Slide 13 Access Governance - Software checks work history, access pattern, analyzes past behavior – returns a risk score
© AlertEnterprise Confidential Information 2012Slide 14 Substation and Control Room Monitoring
© AlertEnterprise Confidential Information 2012Slide 15 Smart Grid Security: Continuous Monitoring of Cyber and Insider Threats to Smart Grid Operations
© AlertEnterprise Confidential Information 2012Slide 16 Customer Example: Smart Grid Security (IT/OT convergence is a must - End Point Relay Attack Alerts)
© AlertEnterprise Confidential Information 2012Slide 17 Key to success: Embed Intelligence (retiring workforce)
© AlertEnterprise Confidential Information 2012Slide 18 Recognized by Gartner Research Wall Street Journal, May 02, 2013 “The operational technology (OT) associated with the “Internet of Things” ranges from devices to monitor and control power, gas and water systems to ones that monitor and control advanced medical equipment and manufacturing systems.” “CIOs should ensure that security planning, technology/services procurement, and operations should be integrated and reflect a common IT/OT security program’s vision and mission.” -Earl Perkins, Vice President, Gartner Research, May 02, 2013 Gartner Magic Quadrant on Identity and Access Governance, 17 Dec. 2012, Earl Perkins: “Specific industry focus in energy and utilities, transportation, and other industries with OT security requirements have provided AlertEnterprise with early momentum in the market.” Winner – Most Innovative HANA Application
© AlertEnterprise Confidential Information 2012Slide 19 Jasvir Gill Founder & CEO AlertEnterprise, Inc. Jasvir@AlertEnterprise.com +1 510 798 9613 Mobile vCard

Recommended

The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protection
EnclaveSecurity
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
Dan Michaluk
 
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Ignyte Assurance Platform
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with Aegify
flashnewsrelease
 
Professional designations in it governance
Professional designations in it governanceProfessional designations in it governance
Professional designations in it governance
jkllee
 
Cybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT NetworksCybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT Networks
Yokogawa1
 
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
Nandita Nityanandam
 

Recommended

The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protection
EnclaveSecurity
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
Dan Michaluk
 
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus Enabling a Total Healthcare IT Transformation to Deliver the Future of ...
ePlus
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Ignyte Assurance Platform
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with Aegify
flashnewsrelease
 
Professional designations in it governance
Professional designations in it governanceProfessional designations in it governance
Professional designations in it governance
jkllee
 
Cybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT NetworksCybersecurity for Field IIoT Networks
Cybersecurity for Field IIoT Networks
Yokogawa1
 
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
3 Reasons Why Manufacturing Companies are Moving to Dynamics 365FO
Nandita Nityanandam
 
Protecting Critical Infrastructure in the Design-Build Framework...A Focus on...
Protecting Critical Infrastructure in the Design-Build Framework...A Focus on...Protecting Critical Infrastructure in the Design-Build Framework...A Focus on...
Protecting Critical Infrastructure in the Design-Build Framework...A Focus on...
crmcg2007
 
Energy Sector Security Metrics - June 2013
Energy Sector Security Metrics - June 2013Energy Sector Security Metrics - June 2013
Energy Sector Security Metrics - June 2013
Andy Bochman
 
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionProactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
Mike Wons
 
IT Service & Asset Management Better Together
IT Service & Asset Management Better TogetherIT Service & Asset Management Better Together
IT Service & Asset Management Better Together
Ivanti
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
ControlCase
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In Cybersecurity
HackerOne
 
Assessing IT Security and Compliance Risk for Acquisitions and Mergers
Assessing IT Security and Compliance Risk for Acquisitions and MergersAssessing IT Security and Compliance Risk for Acquisitions and Mergers
Assessing IT Security and Compliance Risk for Acquisitions and Mergers
Melanie Brandt
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
PECB
 
Cisa 2013 ch3
Cisa 2013 ch3Cisa 2013 ch3
Cisa 2013 ch3
Aladdin Dandis
 
Information security governance
Information security governanceInformation security governance
Information security governance
Koen Maris
 
Business RISKS From IT
Business RISKS From IT Business RISKS From IT
Business RISKS From IT
Sanjiv Arora
 
What has changed in Corporate Cybersecurity?
What has changed in Corporate Cybersecurity?What has changed in Corporate Cybersecurity?
What has changed in Corporate Cybersecurity?
Nixu Corporation
 
Cyber Security in Smart Buildings
Cyber Security in Smart Buildings Cyber Security in Smart Buildings
Cyber Security in Smart Buildings
GAURAV. H .TANDON
 
Cisa 2013 ch5
Cisa 2013 ch5Cisa 2013 ch5
Cisa 2013 ch5
Aladdin Dandis
 
Getting More Value Out of Your Data
Getting More Value Out of Your DataGetting More Value Out of Your Data
Getting More Value Out of Your Data
InnoTech
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael
Priyanka Aash
 
02 ibm security for smart grids
02 ibm security for smart grids02 ibm security for smart grids
02 ibm security for smart grids
IBM Italia Web Team
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
InfinIT - Innovationsnetværket for it
 
Advanced Analytics to Attain Risk Insights and Reduce Threat
Advanced Analytics to Attain Risk Insights and Reduce ThreatAdvanced Analytics to Attain Risk Insights and Reduce Threat
Advanced Analytics to Attain Risk Insights and Reduce Threat
Tripwire
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
jwpiccininni
 
Technologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTechnologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, Ercot
TheAnfieldGroup
 
Power Grid Identity Management addressed with NIST 1-800
Power Grid Identity Management addressed with NIST 1-800Power Grid Identity Management addressed with NIST 1-800
Power Grid Identity Management addressed with NIST 1-800
David Sweigert
 

More Related Content

What's hot

Assessing IT Security and Compliance Risk for Acquisitions and Mergers
Assessing IT Security and Compliance Risk for Acquisitions and MergersAssessing IT Security and Compliance Risk for Acquisitions and Mergers
Assessing IT Security and Compliance Risk for Acquisitions and Mergers
Melanie Brandt
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
PECB
 

What's hot (19)

Protecting Critical Infrastructure in the Design-Build Framework...A Focus on...
Protecting Critical Infrastructure in the Design-Build Framework...A Focus on...Protecting Critical Infrastructure in the Design-Build Framework...A Focus on...
Protecting Critical Infrastructure in the Design-Build Framework...A Focus on...
 
Energy Sector Security Metrics - June 2013
Energy Sector Security Metrics - June 2013Energy Sector Security Metrics - June 2013
Energy Sector Security Metrics - June 2013
 
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionProactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
 
IT Service & Asset Management Better Together
IT Service & Asset Management Better TogetherIT Service & Asset Management Better Together
IT Service & Asset Management Better Together
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In Cybersecurity
 
Assessing IT Security and Compliance Risk for Acquisitions and Mergers
Assessing IT Security and Compliance Risk for Acquisitions and MergersAssessing IT Security and Compliance Risk for Acquisitions and Mergers
Assessing IT Security and Compliance Risk for Acquisitions and Mergers
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 
Cisa 2013 ch3
Cisa 2013 ch3Cisa 2013 ch3
Cisa 2013 ch3
 
Information security governance
Information security governanceInformation security governance
Information security governance
 
Business RISKS From IT
Business RISKS From IT Business RISKS From IT
Business RISKS From IT
 
What has changed in Corporate Cybersecurity?
What has changed in Corporate Cybersecurity?What has changed in Corporate Cybersecurity?
What has changed in Corporate Cybersecurity?
 
Cyber Security in Smart Buildings
Cyber Security in Smart Buildings Cyber Security in Smart Buildings
Cyber Security in Smart Buildings
 
Cisa 2013 ch5
Cisa 2013 ch5Cisa 2013 ch5
Cisa 2013 ch5
 
Getting More Value Out of Your Data
Getting More Value Out of Your DataGetting More Value Out of Your Data
Getting More Value Out of Your Data
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael
 
02 ibm security for smart grids
02 ibm security for smart grids02 ibm security for smart grids
02 ibm security for smart grids
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
 
Advanced Analytics to Attain Risk Insights and Reduce Threat
Advanced Analytics to Attain Risk Insights and Reduce ThreatAdvanced Analytics to Attain Risk Insights and Reduce Threat
Advanced Analytics to Attain Risk Insights and Reduce Threat
 

Viewers also liked

Technologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTechnologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, Ercot
TheAnfieldGroup
 
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
Jackson Shaw
 
2014 NAC candidate orientation presentation
2014 NAC candidate orientation presentation 2014 NAC candidate orientation presentation
2014 NAC candidate orientation presentation
MedCouncilCan
 
Network Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionNetwork Access Control as a Network Security Solution
Network Access Control as a Network Security Solution
Conor Ryan
 

Viewers also liked (20)

Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
 
Technologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, ErcotTechnologies for Security and Compliance by Ken McIntyre, Ercot
Technologies for Security and Compliance by Ken McIntyre, Ercot
 
Power Grid Identity Management addressed with NIST 1-800
Power Grid Identity Management addressed with NIST 1-800Power Grid Identity Management addressed with NIST 1-800
Power Grid Identity Management addressed with NIST 1-800
 
MESA workshop ARC Europe Industry Forum 2016
MESA workshop ARC Europe Industry Forum 2016MESA workshop ARC Europe Industry Forum 2016
MESA workshop ARC Europe Industry Forum 2016
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey Results
 
DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1DSS ITSEC Conference 2012 - Forescout NAC #1
DSS ITSEC Conference 2012 - Forescout NAC #1
 
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
 
Why NAC and Why Not NAC
Why NAC and Why Not NACWhy NAC and Why Not NAC
Why NAC and Why Not NAC
 
ForeScout: Our Approach
ForeScout: Our ApproachForeScout: Our Approach
ForeScout: Our Approach
 
Frost & Sullivan Report
Frost & Sullivan ReportFrost & Sullivan Report
Frost & Sullivan Report
 
The Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereThe Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's Here
 
NAC - Network Acess Control
NAC - Network Acess ControlNAC - Network Acess Control
NAC - Network Acess Control
 
Report to the NAC
Report to the NACReport to the NAC
Report to the NAC
 
[Webinar Presentation] Best Practices for IT/OT Convergence
[Webinar Presentation] Best Practices for IT/OT Convergence[Webinar Presentation] Best Practices for IT/OT Convergence
[Webinar Presentation] Best Practices for IT/OT Convergence
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)
 
Operational and Information Technology convergence in asset intensive organis...
Operational and Information Technology convergence in asset intensive organis...Operational and Information Technology convergence in asset intensive organis...
Operational and Information Technology convergence in asset intensive organis...
 
2014 NAC candidate orientation presentation
2014 NAC candidate orientation presentation 2014 NAC candidate orientation presentation
2014 NAC candidate orientation presentation
 
Paper review about NAC & SDN
Paper review about NAC & SDNPaper review about NAC & SDN
Paper review about NAC & SDN
 
Demystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISEDemystifying TrustSec, Identity, NAC and ISE
Demystifying TrustSec, Identity, NAC and ISE
 
Network Access Control as a Network Security Solution
Network Access Control as a Network Security SolutionNetwork Access Control as a Network Security Solution
Network Access Control as a Network Security Solution
 

Similar to Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill

Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
Schneider Electric
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
IBM Security
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
SolarWinds
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
EnergySec
 
CNL Software PSIM Presentation - Information Management within Physical Security
CNL Software PSIM Presentation - Information Management within Physical SecurityCNL Software PSIM Presentation - Information Management within Physical Security
CNL Software PSIM Presentation - Information Management within Physical Security
Adlan Hussain
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analytics
CA Technologies
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
SolarWinds
 

Similar to Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill (20)

How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
 
2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
 
CNL Software PSIM Presentation - Information Management within Physical Security
CNL Software PSIM Presentation - Information Management within Physical SecurityCNL Software PSIM Presentation - Information Management within Physical Security
CNL Software PSIM Presentation - Information Management within Physical Security
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the Outside
 
IBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajanIBM security systems overview v1.0 - rohit nagarajan
IBM security systems overview v1.0 - rohit nagarajan
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analytics
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
 
Infosec lecture-final
Infosec lecture-finalInfosec lecture-final
Infosec lecture-final
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
 

More from TheAnfieldGroup

Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
TheAnfieldGroup
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
TheAnfieldGroup
 
Cyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott MixCyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott Mix
TheAnfieldGroup
 
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
TheAnfieldGroup
 

More from TheAnfieldGroup (8)

Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
Leveraging Technology to Enhance Security, Reliability & NERC-CIP Ver.5 Compl...
 
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
Multi-Cloud, Multi-Network Cyber Awareness, Monitoring and Management by Fran...
 
Cyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott MixCyber Security Standards Update: Version 5 by Scott Mix
Cyber Security Standards Update: Version 5 by Scott Mix
 
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
Collaborative Threat Mitigation or (Collective Self Defense) by Scott Pinkert...
 
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rival...
 
Synchrophasor Timing Security
Synchrophasor Timing SecuritySynchrophasor Timing Security
Synchrophasor Timing Security
 
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by...
 
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS EnergyIntegration of Technology & Compliance Presented by John Heintz, CPS Energy
Integration of Technology & Compliance Presented by John Heintz, CPS Energy
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 

Eliminate Silos to Enhance Critical Infrastructure Protection by Jasvir Gill

  • 1. © AlertEnterprise Confidential Information 2012Slide 1 Eliminate Silos to Enhance Critical Infrastructure Protection Jasvir Gill, Founder & CEO AlertEnterprise, Inc.
  • 2. © AlertEnterprise Confidential Information 2012Slide 2 The “Fire Sale” Is Not Fiction Anymore
  • 3. © AlertEnterprise Confidential Information 2012Slide 3 AlertEnterprise Delivers a Unique Approach to Addressing Critical Infrastructure and Key Resources
  • 4. © AlertEnterprise Confidential Information 2012Slide 4 Did you know? Cybersecurity threats against Utilities have grown dramatically making it the #1 Priority for Utility Executives in 2013. (U) Key Findings (U//FOUO) Disgruntled current and former utility-sector employees have successfully used their insider knowledge to damage facilities and disrupt site operations. (U//FOUO) Outsiders have attempted to solicit utility-sector employees to obtain specific information about utility infrastructure site operations and facilities that could be useful in conducting physical and cyber attacks.
  • 5. © AlertEnterprise Confidential Information 2012Slide 5 Threats • Sensitive Asset Diversion • Cyber Attacks – Critical Infrastructure • Bio Terrorism (Food & Beverage) • Drug Diversion (Pharmaceuticals) • Theft (Retail, Airlines, Airports etc.) • Disgruntled employees/contractors Monitoring both Access and Behavior is a must • Who has access to assets (physical, cyber..) • Any suspicious behavior or activities • Monitoring Privileged Users (guarding the guards) Effective Response, Command and Control • Situational Awareness, Incident Response Complex/Blended Threats Span Across Many Industries
  • 6. © AlertEnterprise Confidential Information 2012Slide 6 Traditional Security, Incident Management and Response Hard to Scale, Things Get Missed Geographically Dispersed assets/locations • Guards with guns – not cost-effective • Impossible to cover all locations • Putting staff at risk 3 ring binders approach not effective • Organized and State Sponsored Crime • Too long to respond Audit trail of incident management • How incident was handled – learning tool • Protection during emergency • Monitoring First Responders Leveraging investments in technology • Existing security systems • Existing IT/ERP systems, Physical Security Systems
  • 7. © AlertEnterprise Confidential Information 2012Slide 7 Main Root Cause: Silos (No one has the Big Picture…)
  • 8. © AlertEnterprise Confidential Information 2012Slide 8 Silos are Costly, Inefficient: Organizations Respond to Threats in Silos - Attackers Don’t think that Way. IT Resources ERP GRC Directory Services Access Management Compliance Security IT Physical Access Access Management Compliance Security PHYSICAL Control Systems Access Management Compliance Security SCADA
  • 9. © AlertEnterprise Confidential Information 2012Slide 9 Bridge the gaps across silos to have a holistic Security Solution and mitigate blended threats IT Resources Physical Access Control Systems GRC Convergence Platform Identity Risk and Administration Operational Compliance Situational Awareness Incident Response
  • 10. © AlertEnterprise Confidential Information 2012Slide 10 Unified View of Risk - Unify Logical, Physical and Operational Access Requests in one Screen
  • 11. © AlertEnterprise Confidential Information 2012Slide 11 Controlling Access to SCADA Operational Systems  OT/SCADA credential management and user provisioning  Active Policy enforcement  Multi-vendor SCADA and OT devices supported
  • 12. © AlertEnterprise Confidential Information 2012Slide 12 Operational Compliance – Automating NERC Compliance Pre-loaded compliance framework with current version of standards
  • 13. © AlertEnterprise Confidential Information 2012Slide 13 Access Governance - Software checks work history, access pattern, analyzes past behavior – returns a risk score
  • 14. © AlertEnterprise Confidential Information 2012Slide 14 Substation and Control Room Monitoring
  • 15. © AlertEnterprise Confidential Information 2012Slide 15 Smart Grid Security: Continuous Monitoring of Cyber and Insider Threats to Smart Grid Operations
  • 16. © AlertEnterprise Confidential Information 2012Slide 16 Customer Example: Smart Grid Security (IT/OT convergence is a must - End Point Relay Attack Alerts)
  • 17. © AlertEnterprise Confidential Information 2012Slide 17 Key to success: Embed Intelligence (retiring workforce)
  • 18. © AlertEnterprise Confidential Information 2012Slide 18 Recognized by Gartner Research Wall Street Journal, May 02, 2013 “The operational technology (OT) associated with the “Internet of Things” ranges from devices to monitor and control power, gas and water systems to ones that monitor and control advanced medical equipment and manufacturing systems.” “CIOs should ensure that security planning, technology/services procurement, and operations should be integrated and reflect a common IT/OT security program’s vision and mission.” -Earl Perkins, Vice President, Gartner Research, May 02, 2013 Gartner Magic Quadrant on Identity and Access Governance, 17 Dec. 2012, Earl Perkins: “Specific industry focus in energy and utilities, transportation, and other industries with OT security requirements have provided AlertEnterprise with early momentum in the market.” Winner – Most Innovative HANA Application
  • 19. © AlertEnterprise Confidential Information 2012Slide 19 Jasvir Gill Founder & CEO AlertEnterprise, Inc. Jasvir@AlertEnterprise.com +1 510 798 9613 Mobile vCard

Editor's Notes

  1. So then, one of the complains the customers have was all the control risk repositories, libraries was too complicated for customers to understand, to configure. So we made it very powerful we made it very intuitive that any business person can understand- how the risk is defined, what kind of controls is it related to and again you know having English controls; English like risk libraries. And then doing all the heavy lifting by the software itself. So again hiding complexity and bringing in a lot more automation.
  2. Via the SCADA interface the application detects unauthorized disabling of 2-levels of protection by disabling protective relays at a generation facility. The application delivers a geo-spatial view delivering situational awareness. In this slide we can view that an alert has been received and the user can confirm and initiate the remedial action scripts workflow.