Cyber security solutions for the energy industry in north america israel galvan
•Download as PPT, PDF•
1 like•465 views
A brief report about hardware and software presented in a trade mission to USA about cybersecurity technology
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Cyber security solutions for the energy industry in north america israel galvan
Similar to Cyber security solutions for the energy industry in north america israel galvan (20)
More from Israel Galvan Bobadilla
More from Israel Galvan Bobadilla (8)
Recently uploaded
Recently uploaded (20)
Cyber security solutions for the energy industry in north america israel galvan
- 1. 35 años de investigación, innovando con energía Cyber Security Solutions for the Energy Industry in North America MSc. Israel Galván Bobadilla
- 2. 35 años de investigación, innovando con energía Agenda About this presentation Facts, stats and motivation Cyber Security in North America Government Frameworks Councils Research Solutions Personal thoughts and conclusions
- 3. 35 años de investigación, innovando con energía About this presentation Cybersecurity and Access Control for Utilities Reverse Trade Mission for Mexico and Panama to the United States April 19th – 30th, 2015 SPONSORED BY:
- 4. 35 años de investigación, innovando con energía Facts, stats and motivation
- 5. 35 años de investigación, innovando con energía “Security incidents has increased 66%” Global State of Information Security® Survey 2015, PwC Facts, stats and motivation “83% view cyberattacks as one of top 3 threats business, but only 38% are prepared” Information Systems Audit and Control Association, ISACA “Approximately 60 to 80 percent of network misuse incidents originate from the inside network." Computer Security Institute (CSI) in San Francisco, California
- 6. 35 años de investigación, innovando con energía “Cybersecurity is not optional, is required and mandatory” Why? “The more people, processes and technologies are involved, the more risk we will have…” Facts, stats and motivation
- 7. 35 años de investigación, innovando con energía Government They provide information about how to: Invest in physical and cyber risk management products and plans Educate employees about critical infrastructure security and resilience Plan for business continuity Share threat and incident information Report suspicious activity Prepare for all hazards at home and at work Identifies 16 Critical Infrastructure (CI) sectors, and one of them is: Energy Sector. They provide Assessment Resources such as: Computer-Based Assessment Tool (CBAT) Cyber Security Evaluation Tool (CSET®) On site support Critical Infrastructure Cyber Community C³ Voluntary Program “Adversaries are getting sophisticated”
- 8. 35 años de investigación, innovando con energía Government “Invest in People as well as processes and technology” MITIGATION BASICS: ICSJWG 2015 Spring Meeting The Industrial Control Systems Joint Working Group invites you to Washington, DC June 23 - 24, 2015
- 9. 35 años de investigación, innovando con energía Framework s NIST worked with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure.
- 10. 35 años de investigación, innovando con energía Government USTDA also linked us to: Available resources for cybersecurity Cybersecurity Capability Maturity Model (C2M2) Electricity Subsector (ES-C2M2)
- 11. 35 años de investigación, innovando con energía Government
- 12. 35 años de investigación, innovando con energía Councils Is a global trade association dedicated to creating a favorable business, regulatory, and technological environment for companies that own, manage, or provide critical telecommunications systems in support of their core business. UTC provides information, products and services that help members: Manage their telecommunications and information technology more effectively and efficiently; Voice their concerns to legislators and regulators; Identify and capitalize on opportunities linked to deregulation worldwide; and Network with other telecom and IT professionals.
- 13. 35 años de investigación, innovando con energía Research “The Health approach, anomalies & Context-Based Analytics” INSTITUTE FOR ELECTRONIC GOVERNMENT
- 14. 35 años de investigación, innovando con energía Solutions The BIG picture
- 15. 35 años de investigación, innovando con energía “One Size DOES NOT fit all..” Personal thoughts “Invest more money on technology for humans…” “Cybersecurity culture is still being an issue, evangelization is needed...” “There is a lack of cybersecurity specialists and there is a lot of job that must be done...” “Education and awareness are key elements ...” “The visibility dilemma: ‘You can’t hack/protect what you can’t see’… ”
- 16. 35 años de investigación, innovando con energía EU has a lot of solutions for advanced cybersecurity problems for the short and medium term. This solutions should be tested and evaluated, in order to identify where they fit better in our smartgrids. There is a lot of best practices, lessons learned, successful policies and models from FERC-NERC, NIST, Homeland Security that we should adopt and maybe adapt to Mexico’s needs. LATAM is still facing old security problems and new problems! There are no small players on cybersecurity, safety and resilience is everybody responsibility. Conclusions
- 17. 35 años de investigación, innovando con energía MSc. Israel Galván Bobadilla ELECTRICAL RESEARCH INSTITUTE Enabling Technologies Division Information Technology Department igalvan@iie.org.mx +52 (777) 3 62 38 11 Ext. 7526 Thank you! “We are not in the contest era, we are on the collaboration era… A great era by the way…”
- 18. 35 años de investigación, innovando con energía Just in case Extra slides
- 19. 35 años de investigación, innovando con energía Solutions Cybersecurity “Big Data” analytics, policy, planning, implementation and emergency preparedness. A cloud-based, open architecture analytical platform for harnessing data. Provides customizable methodologies for solving the complex analytic challenges of managing “Big Data” in most data formats. FEATURES: Intelligent linkages among disparate data sources Web-enabled, infrastructure independent Flexible and extensible tools for analysis and relationship mapping Data type independent and open source access Quick and easy to deploy Intuitive, with little user training required Delivered at a fraction of the cost of legacy, monolithic data analysis toolsets
- 20. 35 años de investigación, innovando con energía Solutions Incident management and monitoring systems, video surveillance and sensors, Cybersecurity risk management, preparedness and integration services, Biometric, electronic badge, smart card and proximity sensor technologies. “You Can’t Hack What You Can’t See”
- 21. 35 años de investigación, innovando con energía Solutions Incident management and monitoring systems, video surveillance and sensors, Cybersecurity risk management, preparedness and integration services, Biometric, electronic badge, smart card and proximity sensor technologies. “You Can’t Hack What You Can’t See”
- 22. 35 años de investigación, innovando con energía Solutions Provides an open infrastructure to connect sensor-based data, operations and people to enable real-time intelligence. PI System, enables your business to capture and leverage sensor- based data across the enterprise to improve efficiency, sustainability, quality and safety.
Editor's Notes
- 254 incidents reported on 2015: 9% natural gas, 9% Petroleum, 11% Electricity Training on: Operational Security for control systems & cybersecurity C3: Cybersecurity Education & Awarness (CE&A), Centers of Academic Excellence (CAE), Integrated Cybersecurity Education Communities (ICEC), National Cybersecurity workforce Framework, Cyber Information sharing and collaboration They have a knowledge base and a Joint Working Group (1,700 members, bi-annual meetings, webinars)
- ICS-CERT coordinates control systems-related security incidents and information sharing with Federal, State, and local agencies and organizations, the intelligence community, and private sector constituents, including vendors, owners and operators, and international and private sector CERTs. The focus on control systems cybersecurity provides a direct path for coordination of activities among all members of the critical infrastructure stakeholder community.
- Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, the President issued Executive Order 13636, Improving Critical Infrastructure Cybersecurity, in February 2013. It directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure. The Framework, created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk. The Department of Homeland Security's Critical Infrastructure Cyber Community C³ Voluntary Program helps align critical infrastructure owners and operators with existing resources that will assist their efforts to adopt the Cybersecurity Framework and manage their cyber risks. Learn more about the C³ Voluntary Program by visiting the C3 Web site. NIST is also pleased to issue a companion Roadmap that discusses NIST's next steps with the Framework and identifies key areas of cybersecurity development, alignment, and collaboration.
- USTDA releases Major Infrastructure Projects in Mexico resource guide, providing valuable insight for U.S. industry on priority infrastructure projects throughout Mexico. - See more at: http://www.ustda.gov/news/pressreleases/2014/LAC/Mexico/MexicoResourceGuide_103114.asp#sthash.oSuEx0cR.dpuf The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) Version 1.1, which allows electric utilities and grid operators to assess their cybersecurity capabilities and prioritize their actions and investments to improve cybersecurity, combines elements from existing cybersecurity efforts into a common tool that can be used consistently across the industry. The Maturity Model was developed as part of a White House initiative led by the Department of Energy in partnership with the Department of Homeland Security (DHS) and involved close collaboration with industry, other Federal agencies, and other stakeholders.
- If you operate any entity within the bulk electric system (BES), you have become aware of the many regulatory changes in recent years. The standards proposed by the North American Electric Reliability Corporation (NERC), accepted and regulated by the Federal Energy Regulatory Commission (FERC), are intended to ensure the security and reliability of systems within the generation, transmission, and distribution of electric power throughout North America. A thorough knowledge of how FERC and NERC operate and enforce these standards will help you to provide a reliable utility service while avoiding millions of dollars in fines for non-compliance. Definitions: The Difference Between FERC and NERC FERC is an independent government agency that regulates the transmission of electric and fossil-based power utilities between states. In addition to oversight of wholesale and corporate transactions, FERC is responsible for ensuring safety and reliability in the distribution and transportation of electricity, oil, and natural gas. The agency may enforce its regulatory standards through various means, including civil penalties of millions of dollars per day, per violation. NERC is a non-profit organization that seeks to ensure the reliability and security of the bulk power system. Overseen by FERC as well as authorities in Canada and part of Mexico, NERC identifies and addresses risks in the power system in order to promote reliability through education and proposed standards for a more secure system. FERC and NERC have worked together to create the set of Security and Reliability Standards that all entities in the bulk electric system must comply with. These standards are intended to protect utilities from a wide variety of industrial accidents and attacks to the hardware and information systems of power utility companies. In an age of technological advancement, these regulations are constantly being updated to meet the needs of the industry and its consumers. http://versify.com/FERC_And_NERC.html
- We expect our electricity (for heat, air conditioning, and lights), water, and other utilities to be available whenever we want them. But our everyday essentials have become the target of our adversaries. Exacerbating the situation, when a part of the grid fails, we don’t know whether it is from natural causes or the actions of bad actors. Regardless, the failure needs to be fixed.Despite our diligence in the creation of new electric grid standards, these standards are not sufficient to address the urgent cyber threats and challenges that critical infrastructures now face. The lack of electric grid standard granularity can result in a failure. There are also several other factors at play: Complexity and sophistication of a smart grid Large number of electric grid components Wide variety of involved actors Lack of time stamp standardization among grid components An assortment of smart grid standards, such as the International Electrotechnical Commission (IEC) and the Institute of Electrical and Electronics Engineers (IEEE), allow a viable approach vector to insert disinformation into the grid via a myriad of threat vectors. Innovative analytic approaches are required for the detection of one type of threat, known as misinformation or disinformation or astroturfing. This paper proposes a strategy that combines contextual analytics for version verification (current component state, component history, graphical knowledge of grid connectedness, a decay function for impact of other components), predictive modeling, and a computing model assessment using edge computing. This IBM® Redguide™ publication describes the various issues that can impact the energy grid and provides examples of grid failures. It discusses the value and possibilities of a smart grid and how analytics can play a key role in the overall solution. It also introduces the combination of Irwin technology from Mehta Tech, Inc. and the IBM Watson™ cognitive system, which form a technology stack to monitor the electric grid.
- The Aveshka Homeland Security team serves as a bridge between the public and private sectors in the development of homeland security solutions and provides hypothesis-driven, fact-based analysis coupled with strategic advice based on deep experience in the Homeland Security Enterprise. Since its inception, Aveshka has provided support to both U.S. and international Government departments and agencies, and to private sector entities seeking policy, strategy, implementation, and operational support. Currently, Aveshka supports numerous components of the Department of Homeland Security, including the Federal Emergency Management Agency, the Office of Critical Infrastructure Protection, the Office of Policy, and the Office of Cybersecurity and Communications, as well as components of the Departments of Defense and Justice. Aveshka homeland security personnel previously held a variety of senior roles in Federal, State, and local governments and are well-recognized experts in a broad set of homeland security disciplines, including emergency management, public safety, critical infrastructure protection, cybersecurity, border and transportation security, public health, counterterrorism, and CBRNE. Our exceptional team of subject matter experts provides services in the following primary areas: policy development; strategic planning; program management; organizational design; exercise design, conduct, and evaluation; risk analysis, assessment, and research; and cybersecurity and information technology.
- The Unisys Stealth Solution Suite helps organizations address a growing number of cybersecurity attacks and hacker incidents. These solutions use patented and patent pending security techniques designed to cloak data communication end points, such as end user devices, data center servers and applications, to become invisible on the network and therefore removed as targets for hackers.
- The Unisys Stealth Solution Suite helps organizations address a growing number of cybersecurity attacks and hacker incidents. These solutions use patented and patent pending security techniques designed to cloak data communication end points, such as end user devices, data center servers and applications, to become invisible on the network and therefore removed as targets for hackers.
- “Trust are the bits on your computer” (integrity) His software is based on the Microsoft Best Secure Coding Practices “Data is a Business asset” Unleash Your Infrastructure Sensors are everywhere and the availability of process data across operations is critical to drive operational excellence. Hidden in the data are insights to help improve quality, energy efficiency, asset health, regulatory compliance, safety, and process efficiencies. To unlock the potential requires an infrastructure to empower data, assets, people, and decisions. The Power of Connection The physical and digital worlds are colliding every second, creating an imperative within the operational organization to connect people and systems to create awareness and intelligence. Data is the empowering thread - creating the digital infrastructure for a city, establishing context to data with geospatial mapping and real-time events, and sharing of data both within organizations and beyond traditional boundaries in real-time so every individual can make informed decision.