SlideShare a Scribd company logo

Securing Electric Utility Infrastructure

Download as PPTX, PDF
Dragos, Inc.
Dragos, Inc.

A Case Study on Asset Baselining, Threat Detection, and Response - presented by Tim Watkins, Schweitzer Engineering Laboratories, and Matt Cowell, Dragos. The webinar – now available on-demand at https://selinc.com/events/on-demand-webinar/126340/ – provides insights on baselining your operation, building cyber defense, and streamlining ongoing management. SEL and Dragos also shared a case study based on a recent joint effort to address key cybersecurity challenges at a mid-sized US electric utility. Learn more about Dragos at https://dragos.com or follow us at https://twitter.com/dragosinc Learn more about SEL cybersecurity at https://selinc.com/solutions/security-for-critical-infrastructure/ or follow us at https://twitter.com/SEL_news

Technology
1 of 38
© SEL 2019 Securing Electric Utility Infrastructure Case Study on Asset Baselining, Threat Detection, and Response Tim Watkins, Schweitzer Engineering Laboratories, Inc. Matt Cowell, Dragos, Inc.
• Overview of energy control systems • Holistic look at risk • Importance of baselining and defense-in-depth security • Dragos overview and case study • SEL solution components Today’s Webinar
Power – The Most Critical of Critical Control Systems
• Detect and isolate energy system fault • Respond and reconfigure alternate path or source • Recover and restore energy flow Energy Flowing at the Speed of Light
Growing Target 2018 Dragos Engagements Electric industry contributed to 56% of all threat operations 37% of incident responses involved initial vector dating over 365 days of adversary dwell time
Lack of Historical Data Makes It Difficult to Monetize and Prioritize Human Cyber Risk Holistic Risk Natural Technical HumanEnvironmental Operational Low Probability High Impact $
Baseline – What Is Normal? 30,000 SEL Devices Over Large Geographic Area
Defendable by Design
Defense in Depth IT Services SEL Software App Servers L0 – Sensors and Actuators L1 – Protection L2 – Automation L3 – Access L4 – SCADA L5 – DMZ L6 – Remote LAN WAN Corporate IT Services DMZ IT Services DMZ App Servers LAN / WAN Devices Automation Devices IEDs 52 Midpoint Sensor Sitestore IT H2M M2M
How would you know if your systems were being explored and exploited? Plenty of Places to Detect
Dragos WorldView Threat Operations Center Dragos Platform
• Mid-sized U.S. electric utility • Generation, transmission, and distribution networks • Control system manufacturer diversity • Limited team for OT cybersecurity functions • Network infrastructure that supports monitoring • IT and OT SOC convergence Case Study Background
Case Study Objectives Improve visibility of networked OT assets Improve NERC CIP compliance functions Better enable limited OT security team Improve visibility of OT threats
• Passive network monitoring • Sensor- and server-based system • 16 distributed sensors • Centralized monitoring Dragos Platform Architecture Hydro Gas Dragos Platform Wind Solar Coal Sitestore
• 30,000+ assets • Vast volumes of data available • Distribution across hundreds of miles • Some physical network separation Challenge 1 – Asset Visibility Summary
• Asset characterization • Connections and protocols • Zoning • Timeline analysis Solution 1 – Asset Visibility
• NERC CIP • High level of manual effort • Lack of trusted partners Challenge 2 – Compliance Summary
Address specific NERC CIP requirements through technology Solution 2 – Compliance Discuss compliance pains Establish credibility through industry- trusted partners
Challenge 3 – Limited Personnel Summary • Small, dedicated team • Varied experience levels • Many different functions • IT and OT SOC convergence
Solution 3 – Limited Personnel Dragos team experience (leverage through technology) Onsite assistance and ongoing support Training (to empower existing team) IR support escalation through retainer
Challenge 4 – OT Threat Awareness Summary Need better information sharing of industry-wide threats Improve detection based on known TTPs and behaviors Reduce amount of work analysts perform to validate alerts Know how to respond to threats
• Threat behavior analytics • Query-focused datasets • Investigation playbooks • Threat intelligence reports (provide additional context and details) Solution 4 – OT Threat Awareness
• Many customers are facing similar challenges • IT and OT teams are blending • Solution requires combination of technology and personnel to be effective • Threats are increasing, but defense is doable Case Study Summary Pursue Proactive Threat Hunting vs. Reactive IR
Integrating SEL Innovation Into the Dragos Platform RTAC (SEL-3555) OT SDN (SEL-2740S and SEL-5056) Security Gateway (SEL-3620)
• Minimizes CIP-007-3 R3 or CIP-007-5 R3.1 • Addresses CIP-007 R4 RTAC Security Features Verifying RTAC Application Integrity With exe-GUARD® Refer to SEL Whitepaper, “Leveraging Security – Using the SEL RTAC’s Built-In Security Features,” for more information Syslog Dragos MPSSEL-3555 RTAC
RTAC Security Features Securing Engineering Access Syslog Packet Capture and Syslog Dragos MPSSEL-3555 RTAC Telnet or FTP Engineering Access SEL OT SDN User authenticates and creates SSH or TLS connection to RTAC RTAC determines access level of user to relay RTAC acts as proxy for user to relay Syslog adds context to packet capture
RTAC Security Features Security Auditing – Event Monitoring and Reporting Event Report Syslog Dragos MPSSEL-3555 RTAC SEL OT SDN RTAC collects events RTAC stores and forwards events to data concentrator Certain events trigger Syslog message Packet Capture
RTAC Security Features Relay Settings Monitoring DNP3 Syslog Dragos MPSSEL-3555 RTAC SEL OT SDN RTAC periodically pulls information from relays Important events occur (e.g., new logons, settings or firmware changes, or other new events) Certain events trigger Syslog message Ethernet Tap and Syslog
RTAC Security Features Ethernet and Serial Taps Syslog Ethernet Tap and Syslog Dragos MPSSEL-3555 RTAC Serial Tap SEL OT SDN RTAC can send serial packet captures for visibility
SEL-2740S and SEL-5056 SEL-3355 Engineering AccessDNP3 GOOSE 1 GOOSE 2 SEL-2740S SEL-2740S SEL-2740S SEL-3555 SEL-411L SEL-2740S SEL-411L SEL-5056
SEL-3355-2 SEL-3355 Engineering AccessDNP3 GOOSE 1 GOOSE 2 SEL-2740S SEL-2740S SEL-2740S SEL-411L SEL-2740S SEL-411L SEL-5056 Dragos Midpoint Sensor SEL-3555 SEL OT SDN and Dragos Combined Solution Add context to passive monitoring Selective packet capture flows out multiple ports
SEL-3355-2 SEL-3355 DNP3 GOOSE 1 GOOSE 2 SEL-2740S SEL-2740S SEL-2740S SEL-411L SEL-2740S SEL-411L SEL-5056 Dragos Midpoint Sensor Engineering AccessUnauthorized Device SEL-3555 Instant Visibility Against Baseline Engineering Access Suspicious behavior occurs Unknown packets are sent to Dragos midpoint sensor with a VLAN tag Insider Threat or Compromised System
IPsec VPN Dragos MPS SEL-3620 – Substation Firewall and ESP Boundary SEL-3620 SEL-3620WAN SEL OT SDN User requires remote access to substation to review event reports SEL-3555 RTAC Tap Operations Center Substation Authorized User Unauthorized User IPsec VPN tunnel connects operations center to substation Unauthorized user is stopped by IPsec VPN and firmware rules
SEL-3620 Password Management Centralized Authentication to SEL-3355 With Active Directory or RADIUS Dragos MPS Ethernet Tap SEL-3620 SEL OT SDN User authenticates with centralized credentials SEL-3620 authenticates with relays Each relay has its own complex password Syslog User connects to relay by security gateway proxy
SEL-3620 Password Checkout Ethernet Tap and Syslog SEL OT SDN User authenticates to SEL-3620 and performs a relay checkout Syslog SEL-3620 sets password on relay to an approved password User connects to front serial interface and authenticates Dragos MPS SEL-3620
• OT SDN telemetry data • Dragos using SEL device API or REST interface • Development of Dragos playbooks for SEL systems • Active defense on noncritical devices Future Innovation Ideas SEL and Dragos
SEL-Dragos Solution Combines Expertise of Two Trusted Companies Contact SEL Secure Solutions at secure@selinc.com for more information
Questions?

Recommended

Kaedah Pendawaian Soket Alur Keluar
Kaedah Pendawaian Soket Alur KeluarKaedah Pendawaian Soket Alur Keluar
Kaedah Pendawaian Soket Alur Keluar
firdausatul84
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security Controls
BSides Delhi
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
Mohan Jadhav
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
Sarah Cirelli
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
 
A Risk Based Approach to Security Detection and Investigation by Kelby Shelton
A Risk Based Approach to Security Detection and Investigation by Kelby SheltonA Risk Based Approach to Security Detection and Investigation by Kelby Shelton
A Risk Based Approach to Security Detection and Investigation by Kelby Shelton
John Billings CISSP
 
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020
Rahul Boga
 
Fostering a safety culture
Fostering a safety cultureFostering a safety culture
Fostering a safety culture
mohammadzia199424
 

Recommended

Kaedah Pendawaian Soket Alur Keluar
Kaedah Pendawaian Soket Alur KeluarKaedah Pendawaian Soket Alur Keluar
Kaedah Pendawaian Soket Alur Keluar
firdausatul84
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security Controls
BSides Delhi
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
Mohan Jadhav
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
Sarah Cirelli
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
Shah Sheikh
 
A Risk Based Approach to Security Detection and Investigation by Kelby Shelton
A Risk Based Approach to Security Detection and Investigation by Kelby SheltonA Risk Based Approach to Security Detection and Investigation by Kelby Shelton
A Risk Based Approach to Security Detection and Investigation by Kelby Shelton
John Billings CISSP
 
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020
Cyber security awareness booklet for citizens from mahashtra cyber 10 jan2020
Rahul Boga
 
Fostering a safety culture
Fostering a safety cultureFostering a safety culture
Fostering a safety culture
mohammadzia199424
 
What is SOC and why do banks need SOC-as-a-Service?
What is SOC and why do banks need SOC-as-a-Service?What is SOC and why do banks need SOC-as-a-Service?
What is SOC and why do banks need SOC-as-a-Service?
manoharparakh
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)
AlgoSec
 
IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services Overview
Casey Lucas
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Priyanka Aash
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)
Maganathin Veeraragaloo
 
Electrical safety ppt(1)
Electrical safety ppt(1)Electrical safety ppt(1)
Electrical safety ppt(1)
Er Ramgarhia
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
Priyanka Aash
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
EnterpriseGRC Solutions, Inc.
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes Profiling
SABSAcourses
 
Visitor induction & gatepass system
Visitor induction & gatepass systemVisitor induction & gatepass system
Visitor induction & gatepass system
ASK EHS Engineering & Consultants
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
The real cost of a cheap security operations center
The real cost of a cheap security operations centerThe real cost of a cheap security operations center
The real cost of a cheap security operations center
Cyberhat
 
Safety Audit in Chemical Industry
Safety Audit in Chemical IndustrySafety Audit in Chemical Industry
Safety Audit in Chemical Industry
Vishal Patel
 
Elektrik dan factor kuasa
Elektrik dan factor kuasaElektrik dan factor kuasa
Elektrik dan factor kuasa
diego hez
 
Arc Flash Training
Arc Flash TrainingArc Flash Training
Arc Flash Training
Panduit Safety
 
Risk Management Lifecycle Process PowerPoint Presentation Slides
Risk Management Lifecycle Process PowerPoint Presentation SlidesRisk Management Lifecycle Process PowerPoint Presentation Slides
Risk Management Lifecycle Process PowerPoint Presentation Slides
SlideTeam
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
peraturan elektrik1994 dan akta bekalan elektrik 1990.ppt
peraturan elektrik1994 dan akta bekalan elektrik 1990.pptperaturan elektrik1994 dan akta bekalan elektrik 1990.ppt
peraturan elektrik1994 dan akta bekalan elektrik 1990.ppt
MUHAMMADASMAADIROSLA
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric Industry
Dragos, Inc.
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel Talk
Nathan Wallace, PhD, PE
 

More Related Content

What's hot

2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)
AlgoSec
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Risk Management Lifecycle Process PowerPoint Presentation Slides
Risk Management Lifecycle Process PowerPoint Presentation SlidesRisk Management Lifecycle Process PowerPoint Presentation Slides
Risk Management Lifecycle Process PowerPoint Presentation Slides
SlideTeam
 

What's hot (20)

What is SOC and why do banks need SOC-as-a-Service?
What is SOC and why do banks need SOC-as-a-Service?What is SOC and why do banks need SOC-as-a-Service?
What is SOC and why do banks need SOC-as-a-Service?
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)2019 02-20 micro-segmentation based network security strategies (yoni geva)
2019 02-20 micro-segmentation based network security strategies (yoni geva)
 
IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services Overview
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)
 
Electrical safety ppt(1)
Electrical safety ppt(1)Electrical safety ppt(1)
Electrical safety ppt(1)
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes Profiling
 
Visitor induction & gatepass system
Visitor induction & gatepass systemVisitor induction & gatepass system
Visitor induction & gatepass system
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
The real cost of a cheap security operations center
The real cost of a cheap security operations centerThe real cost of a cheap security operations center
The real cost of a cheap security operations center
 
Safety Audit in Chemical Industry
Safety Audit in Chemical IndustrySafety Audit in Chemical Industry
Safety Audit in Chemical Industry
 
Elektrik dan factor kuasa
Elektrik dan factor kuasaElektrik dan factor kuasa
Elektrik dan factor kuasa
 
Arc Flash Training
Arc Flash TrainingArc Flash Training
Arc Flash Training
 
Risk Management Lifecycle Process PowerPoint Presentation Slides
Risk Management Lifecycle Process PowerPoint Presentation SlidesRisk Management Lifecycle Process PowerPoint Presentation Slides
Risk Management Lifecycle Process PowerPoint Presentation Slides
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
peraturan elektrik1994 dan akta bekalan elektrik 1990.ppt
peraturan elektrik1994 dan akta bekalan elektrik 1990.pptperaturan elektrik1994 dan akta bekalan elektrik 1990.ppt
peraturan elektrik1994 dan akta bekalan elektrik 1990.ppt
 

Similar to Securing Electric Utility Infrastructure

Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
David Sidhu
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
AlgoSec
 
Cyber Resiliency 20120420
Cyber Resiliency 20120420Cyber Resiliency 20120420
Cyber Resiliency 20120420
Steve Goeringer
 

Similar to Securing Electric Utility Infrastructure (20)

Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric Industry
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel Talk
 
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Skybox security
Skybox security Skybox security
Skybox security
 
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
3.3_Cyber Security R&D for Microgrids_Stamp_EPRI/SNL Microgrid
 
2-25-2014 Part 1 - NRECA Kickoff Meeting v2
2-25-2014 Part 1 - NRECA Kickoff Meeting v22-25-2014 Part 1 - NRECA Kickoff Meeting v2
2-25-2014 Part 1 - NRECA Kickoff Meeting v2
 
Nreca kickoff meeting
Nreca kickoff meetingNreca kickoff meeting
Nreca kickoff meeting
 
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy ManagementCisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
Cisco ACI & Hybrid Networks - Breaking Down Silos with Central Policy Management
 
Future-proofing Supply Chain against emerging Cyber-physical Threats
Future-proofing Supply Chain against emerging Cyber-physical ThreatsFuture-proofing Supply Chain against emerging Cyber-physical Threats
Future-proofing Supply Chain against emerging Cyber-physical Threats
 
[Webinar Presentation] Best Practices for IT/OT Convergence
[Webinar Presentation] Best Practices for IT/OT Convergence[Webinar Presentation] Best Practices for IT/OT Convergence
[Webinar Presentation] Best Practices for IT/OT Convergence
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
 
Incident Handling in a BYOD Environment
Incident Handling in a BYOD EnvironmentIncident Handling in a BYOD Environment
Incident Handling in a BYOD Environment
 
02 ibm security for smart grids
02 ibm security for smart grids02 ibm security for smart grids
02 ibm security for smart grids
 
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational Awareness
 
NIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric UtilitiesNIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric Utilities
 
Reference Architecture for Electric Energy OT.pdf
Reference Architecture for Electric Energy OT.pdfReference Architecture for Electric Energy OT.pdf
Reference Architecture for Electric Energy OT.pdf
 
Cyber Resiliency 20120420
Cyber Resiliency 20120420Cyber Resiliency 20120420
Cyber Resiliency 20120420
 
SDN-ppt-new
SDN-ppt-newSDN-ppt-new
SDN-ppt-new
 
Industrial_Cyber_Security
Industrial_Cyber_SecurityIndustrial_Cyber_Security
Industrial_Cyber_Security
 

More from Dragos, Inc.

How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI)
Dragos, Inc.
 
Reassessing the 2016 CRASHOVERRIDE Cyber Attack
Reassessing the 2016 CRASHOVERRIDE Cyber AttackReassessing the 2016 CRASHOVERRIDE Cyber Attack
Reassessing the 2016 CRASHOVERRIDE Cyber Attack
Dragos, Inc.
 
Neighborhood Keeper - Introduction
Neighborhood Keeper - Introduction Neighborhood Keeper - Introduction
Neighborhood Keeper - Introduction
Dragos, Inc.
 
Dressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDressing up the ICS Kill Chain
Dressing up the ICS Kill Chain
Dragos, Inc.
 
Consequence Informed Cyber Security
Consequence Informed Cyber Security Consequence Informed Cyber Security
Consequence Informed Cyber Security
Dragos, Inc.
 
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos, Inc.
 
Industrial Control Systems Cybersecurity Technology Selection
Industrial Control Systems Cybersecurity Technology SelectionIndustrial Control Systems Cybersecurity Technology Selection
Industrial Control Systems Cybersecurity Technology Selection
Dragos, Inc.
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Dragos, Inc.
 
How Long to Boom: Understanding and Measuring ICS Hacker Maturity
How Long to Boom: Understanding and Measuring ICS Hacker MaturityHow Long to Boom: Understanding and Measuring ICS Hacker Maturity
How Long to Boom: Understanding and Measuring ICS Hacker Maturity
Dragos, Inc.
 
Debunking the Hacker Hype: The Reality of Widespread Blackouts
Debunking the Hacker Hype: The Reality of Widespread BlackoutsDebunking the Hacker Hype: The Reality of Widespread Blackouts
Debunking the Hacker Hype: The Reality of Widespread Blackouts
Dragos, Inc.
 

More from Dragos, Inc. (20)

How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI) How to Increase ICS Cybersecurity Return on Investment (ROI)
How to Increase ICS Cybersecurity Return on Investment (ROI)
 
Dragos 2019 ICS Year in Review
Dragos 2019 ICS Year in ReviewDragos 2019 ICS Year in Review
Dragos 2019 ICS Year in Review
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations Center
 
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack FrameworkDragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
Dragos S4X20: Mapping ICS Incidents to the MITRE Attack Framework
 
Reassessing the 2016 CRASHOVERRIDE Cyber Attack
Reassessing the 2016 CRASHOVERRIDE Cyber AttackReassessing the 2016 CRASHOVERRIDE Cyber Attack
Reassessing the 2016 CRASHOVERRIDE Cyber Attack
 
Purple Teaming ICS Networks
Purple Teaming ICS NetworksPurple Teaming ICS Networks
Purple Teaming ICS Networks
 
Rising Cyber Escalation US Iran Russia ICS Threats and Response
Rising Cyber Escalation US Iran Russia ICS Threats and Response Rising Cyber Escalation US Iran Russia ICS Threats and Response
Rising Cyber Escalation US Iran Russia ICS Threats and Response
 
Neighborhood Keeper - Introduction
Neighborhood Keeper - Introduction Neighborhood Keeper - Introduction
Neighborhood Keeper - Introduction
 
Dressing up the ICS Kill Chain
Dressing up the ICS Kill ChainDressing up the ICS Kill Chain
Dressing up the ICS Kill Chain
 
Consequence Informed Cyber Security
Consequence Informed Cyber Security Consequence Informed Cyber Security
Consequence Informed Cyber Security
 
Dragos year in review (yir) 2018
Dragos year in review (yir) 2018Dragos year in review (yir) 2018
Dragos year in review (yir) 2018
 
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
Dragos & SRP, PI World 2019: Utilizing Operations Data for Enhanced Cyber Thr...
 
2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity Groups2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity Groups
 
Insights To Building An Effective Industrial Cybersecurity Strategy For Your ...
Insights To Building An Effective Industrial Cybersecurity Strategy For Your ...Insights To Building An Effective Industrial Cybersecurity Strategy For Your ...
Insights To Building An Effective Industrial Cybersecurity Strategy For Your ...
 
The Current ICS Threat Landscape
The Current ICS Threat LandscapeThe Current ICS Threat Landscape
The Current ICS Threat Landscape
 
Industrial Control Systems Cybersecurity Technology Selection
Industrial Control Systems Cybersecurity Technology SelectionIndustrial Control Systems Cybersecurity Technology Selection
Industrial Control Systems Cybersecurity Technology Selection
 
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
Intelligence-Driven Industrial Security with Case Studies in ICS Attacks
 
How Long to Boom: Understanding and Measuring ICS Hacker Maturity
How Long to Boom: Understanding and Measuring ICS Hacker MaturityHow Long to Boom: Understanding and Measuring ICS Hacker Maturity
How Long to Boom: Understanding and Measuring ICS Hacker Maturity
 
Debunking the Hacker Hype: The Reality of Widespread Blackouts
Debunking the Hacker Hype: The Reality of Widespread BlackoutsDebunking the Hacker Hype: The Reality of Widespread Blackouts
Debunking the Hacker Hype: The Reality of Widespread Blackouts
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Recently uploaded (20)

WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 

Securing Electric Utility Infrastructure

  • 1. © SEL 2019 Securing Electric Utility Infrastructure Case Study on Asset Baselining, Threat Detection, and Response Tim Watkins, Schweitzer Engineering Laboratories, Inc. Matt Cowell, Dragos, Inc.
  • 2. • Overview of energy control systems • Holistic look at risk • Importance of baselining and defense-in-depth security • Dragos overview and case study • SEL solution components Today’s Webinar
  • 3. Power – The Most Critical of Critical Control Systems
  • 4. • Detect and isolate energy system fault • Respond and reconfigure alternate path or source • Recover and restore energy flow Energy Flowing at the Speed of Light
  • 5. Growing Target 2018 Dragos Engagements Electric industry contributed to 56% of all threat operations 37% of incident responses involved initial vector dating over 365 days of adversary dwell time
  • 6. Lack of Historical Data Makes It Difficult to Monetize and Prioritize Human Cyber Risk Holistic Risk Natural Technical HumanEnvironmental Operational Low Probability High Impact $
  • 7. Baseline – What Is Normal? 30,000 SEL Devices Over Large Geographic Area
  • 9. Defense in Depth IT Services SEL Software App Servers L0 – Sensors and Actuators L1 – Protection L2 – Automation L3 – Access L4 – SCADA L5 – DMZ L6 – Remote LAN WAN Corporate IT Services DMZ IT Services DMZ App Servers LAN / WAN Devices Automation Devices IEDs 52 Midpoint Sensor Sitestore IT H2M M2M
  • 10. How would you know if your systems were being explored and exploited? Plenty of Places to Detect
  • 12. • Mid-sized U.S. electric utility • Generation, transmission, and distribution networks • Control system manufacturer diversity • Limited team for OT cybersecurity functions • Network infrastructure that supports monitoring • IT and OT SOC convergence Case Study Background
  • 13. Case Study Objectives Improve visibility of networked OT assets Improve NERC CIP compliance functions Better enable limited OT security team Improve visibility of OT threats
  • 14. • Passive network monitoring • Sensor- and server-based system • 16 distributed sensors • Centralized monitoring Dragos Platform Architecture Hydro Gas Dragos Platform Wind Solar Coal Sitestore
  • 15. • 30,000+ assets • Vast volumes of data available • Distribution across hundreds of miles • Some physical network separation Challenge 1 – Asset Visibility Summary
  • 16. • Asset characterization • Connections and protocols • Zoning • Timeline analysis Solution 1 – Asset Visibility
  • 17. • NERC CIP • High level of manual effort • Lack of trusted partners Challenge 2 – Compliance Summary
  • 18. Address specific NERC CIP requirements through technology Solution 2 – Compliance Discuss compliance pains Establish credibility through industry- trusted partners
  • 19. Challenge 3 – Limited Personnel Summary • Small, dedicated team • Varied experience levels • Many different functions • IT and OT SOC convergence
  • 20. Solution 3 – Limited Personnel Dragos team experience (leverage through technology) Onsite assistance and ongoing support Training (to empower existing team) IR support escalation through retainer
  • 21. Challenge 4 – OT Threat Awareness Summary Need better information sharing of industry-wide threats Improve detection based on known TTPs and behaviors Reduce amount of work analysts perform to validate alerts Know how to respond to threats
  • 22. • Threat behavior analytics • Query-focused datasets • Investigation playbooks • Threat intelligence reports (provide additional context and details) Solution 4 – OT Threat Awareness
  • 23. • Many customers are facing similar challenges • IT and OT teams are blending • Solution requires combination of technology and personnel to be effective • Threats are increasing, but defense is doable Case Study Summary Pursue Proactive Threat Hunting vs. Reactive IR
  • 24. Integrating SEL Innovation Into the Dragos Platform RTAC (SEL-3555) OT SDN (SEL-2740S and SEL-5056) Security Gateway (SEL-3620)
  • 25. • Minimizes CIP-007-3 R3 or CIP-007-5 R3.1 • Addresses CIP-007 R4 RTAC Security Features Verifying RTAC Application Integrity With exe-GUARD® Refer to SEL Whitepaper, “Leveraging Security – Using the SEL RTAC’s Built-In Security Features,” for more information Syslog Dragos MPSSEL-3555 RTAC
  • 26. RTAC Security Features Securing Engineering Access Syslog Packet Capture and Syslog Dragos MPSSEL-3555 RTAC Telnet or FTP Engineering Access SEL OT SDN User authenticates and creates SSH or TLS connection to RTAC RTAC determines access level of user to relay RTAC acts as proxy for user to relay Syslog adds context to packet capture
  • 27. RTAC Security Features Security Auditing – Event Monitoring and Reporting Event Report Syslog Dragos MPSSEL-3555 RTAC SEL OT SDN RTAC collects events RTAC stores and forwards events to data concentrator Certain events trigger Syslog message Packet Capture
  • 28. RTAC Security Features Relay Settings Monitoring DNP3 Syslog Dragos MPSSEL-3555 RTAC SEL OT SDN RTAC periodically pulls information from relays Important events occur (e.g., new logons, settings or firmware changes, or other new events) Certain events trigger Syslog message Ethernet Tap and Syslog
  • 29. RTAC Security Features Ethernet and Serial Taps Syslog Ethernet Tap and Syslog Dragos MPSSEL-3555 RTAC Serial Tap SEL OT SDN RTAC can send serial packet captures for visibility
  • 30. SEL-2740S and SEL-5056 SEL-3355 Engineering AccessDNP3 GOOSE 1 GOOSE 2 SEL-2740S SEL-2740S SEL-2740S SEL-3555 SEL-411L SEL-2740S SEL-411L SEL-5056
  • 31. SEL-3355-2 SEL-3355 Engineering AccessDNP3 GOOSE 1 GOOSE 2 SEL-2740S SEL-2740S SEL-2740S SEL-411L SEL-2740S SEL-411L SEL-5056 Dragos Midpoint Sensor SEL-3555 SEL OT SDN and Dragos Combined Solution Add context to passive monitoring Selective packet capture flows out multiple ports
  • 32. SEL-3355-2 SEL-3355 DNP3 GOOSE 1 GOOSE 2 SEL-2740S SEL-2740S SEL-2740S SEL-411L SEL-2740S SEL-411L SEL-5056 Dragos Midpoint Sensor Engineering AccessUnauthorized Device SEL-3555 Instant Visibility Against Baseline Engineering Access Suspicious behavior occurs Unknown packets are sent to Dragos midpoint sensor with a VLAN tag Insider Threat or Compromised System
  • 33. IPsec VPN Dragos MPS SEL-3620 – Substation Firewall and ESP Boundary SEL-3620 SEL-3620WAN SEL OT SDN User requires remote access to substation to review event reports SEL-3555 RTAC Tap Operations Center Substation Authorized User Unauthorized User IPsec VPN tunnel connects operations center to substation Unauthorized user is stopped by IPsec VPN and firmware rules
  • 34. SEL-3620 Password Management Centralized Authentication to SEL-3355 With Active Directory or RADIUS Dragos MPS Ethernet Tap SEL-3620 SEL OT SDN User authenticates with centralized credentials SEL-3620 authenticates with relays Each relay has its own complex password Syslog User connects to relay by security gateway proxy
  • 35. SEL-3620 Password Checkout Ethernet Tap and Syslog SEL OT SDN User authenticates to SEL-3620 and performs a relay checkout Syslog SEL-3620 sets password on relay to an approved password User connects to front serial interface and authenticates Dragos MPS SEL-3620
  • 36. • OT SDN telemetry data • Dragos using SEL device API or REST interface • Development of Dragos playbooks for SEL systems • Active defense on noncritical devices Future Innovation Ideas SEL and Dragos
  • 37. SEL-Dragos Solution Combines Expertise of Two Trusted Companies Contact SEL Secure Solutions at secure@selinc.com for more information