The National Electric Sector Cybersecurity Organization (NESCO) was established by the U.S. Department of Energy to enhance cybersecurity information sharing in the electric sector. NESCO is operated by EnergySec, a nonprofit, and provides members with tools like a collaboration portal, rapid notification system, and Tactical Analysis Center. NESCO has grown significantly since its inception and aims to be fully industry-funded after an initial seed period supported by the Department of Energy.
Patrick Miller, NESCO's Principal Investigation, presented the current state of the NESCO program. This presentation covered the various outreach efforts we have planned this year and into 2013; the goals of the NESCO program project management plan; the new NESCO website and the community-based wiki activities; and, the NESCO organizational membership opportunity.
Bridging the Gap: Between Operations and ITEnergySec
This presentation delivers some concepts related to the gaps between operations and IT that exist. Addressing the various business needs for consistency and the possible real-world purposes of inconsistency is the premise of this slide deck.
Patrick Miller, NESCO's Principal Investigation, presented the current state of the NESCO program. This presentation covered the various outreach efforts we have planned this year and into 2013; the goals of the NESCO program project management plan; the new NESCO website and the community-based wiki activities; and, the NESCO organizational membership opportunity.
Bridging the Gap: Between Operations and ITEnergySec
This presentation delivers some concepts related to the gaps between operations and IT that exist. Addressing the various business needs for consistency and the possible real-world purposes of inconsistency is the premise of this slide deck.
At the 2012 Technologies for Security and Compliance Summit, Patrick Miller provides an overview of various industry specific related cybersecurity topics focusing on information sharing.
Next Generation Information Sharing for the Electric SectorEnergySec
Presented in February of 2011 at ERCOT CIPWG meeting, this slide deck addresses not only the NESCO program but also points out the information sharing and collaboration required to help improve security in the electric sector.
NESCO Overview: Emerson Ovation User Group BOD MeetingEnergySec
Patrick Miller presented a brief overview of the NESCO program and a deeper dive into various cyber security concerns related to industrial control environments at an Emerson User Group Board of Director meeting.
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...EnergySec
Steve Parker presents to the Georgia Distribution and Transmission Automation Group starting off with a ficticious quote from Mark Twain and ending with a real one. Mr. parker's presentation hinges on his hyposthese: "We have yet to see a significant cyber related outage in the North American power grid because those who have the ability to cause such, lack the motivation to do so."
On July 26, 2013 The Solar Foundation, through the support of the DOE Solar Outreach Partnership, participated in a panel on sustainable schools and presented ways to deploy solar energy on schools around the nation at the 2013 National Convening of the Young Elected Officials.
At the 2012 Technologies for Security and Compliance Summit, Patrick Miller provides an overview of various industry specific related cybersecurity topics focusing on information sharing.
Next Generation Information Sharing for the Electric SectorEnergySec
Presented in February of 2011 at ERCOT CIPWG meeting, this slide deck addresses not only the NESCO program but also points out the information sharing and collaboration required to help improve security in the electric sector.
NESCO Overview: Emerson Ovation User Group BOD MeetingEnergySec
Patrick Miller presented a brief overview of the NESCO program and a deeper dive into various cyber security concerns related to industrial control environments at an Emerson User Group Board of Director meeting.
Hype, Hope and Happenstance: Cyber Threats and Opportunities in an Age of Aut...EnergySec
Steve Parker presents to the Georgia Distribution and Transmission Automation Group starting off with a ficticious quote from Mark Twain and ending with a real one. Mr. parker's presentation hinges on his hyposthese: "We have yet to see a significant cyber related outage in the North American power grid because those who have the ability to cause such, lack the motivation to do so."
On July 26, 2013 The Solar Foundation, through the support of the DOE Solar Outreach Partnership, participated in a panel on sustainable schools and presented ways to deploy solar energy on schools around the nation at the 2013 National Convening of the Young Elected Officials.
The EnergyTech conference series began in 2010 through productive dialog and interaction between technology and systems engineers / professionals within INCOSE, IEEE, and NASA GRC. The 2015 conference addresses the changing dynamics and emerging technologies in Energy, and also deals with some of the most significant, consequential risks and issues in our critical infrastructure, posing major threats to civilized existence.
Clean Energy Overview - Pecan Street Project_BeceiroJohn Thornton
Austin’s Pecan Street Project: One model for integrating the Smart Grid into a comprehensive sustainable development strategy
Jose Beceiro, Board Member, Austin’s Pecan Street Project, and Director of Clean Energy Economic Development, Austin Chamber of Commerce
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
EnergySec & National Electric Cyber Security Organization (NESCO) Overview by Patrick Miller, EnergySec
1. EnergySec & National
Electric Cyber Security
Organization (NESCO)
Overview
2012 Technologies for Security and Compliance Summit
The Anfield Group
August 1-2 2012
Barton Creek Resort – Austin, TX
2. New, New Security Model
Nation State quality adversaries
Fear the auditor more than
attacker
Regulatory avalanche forecast
Constant compromise
Ecosystem of organizations
Information sharing is holy grail
2
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
3. Info-Share to the Rescue!
What does Information Sharing
really mean?
– Taking vs. Sharing
– Secrecy for secrecy’s sake
– Government doesn’t share well
(yet)
Very useful approach, but not a
panacea
Comes with trade-offs…
3
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
4. Information Sharing Reality
Some Pros…
What works, what
doesn’t
Benchmarking
Situational
awareness
Tactical threat and
vulnerability analysis
Community-sourcing
Regulatory
compliance
Mentoring
4
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
Some Cons…
Classification and
handling, both Gov
and Corporations
Lawyers,
agreements and
contracts
Consumers will
always outnumber
sharers
Trust; n parties
Doesn’t scale well
5. Who is EnergySec?
Unique, non-profit, independent, public-
private information sharing organization
Borne from Energy Sector
Bottom-up vs. top-down
TRUSTED
– By the industry, for the industry
– Non-profit 501(c)(3)
– Independent, private
– 10+ years of information sharing experience
5
7/31/201
3
The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy
6. EnergySec Background
10.2001: Precursor to E-Sec NW formed
7.2004: E-Sec NW formalized and “founded”
– Asset owner/operator ONLY; all volunteer
1.2008: SANS Information Sharing Award
12.2008: Incorporated E-Sec NW as
EnergySec
10.2009: 501(c)(3) nonprofit determination
4.2010: EnergySec applied for NESCO DOE
FOA
7.2010: EnergySec awarded NESCO FOA
10.2010: NESCO became operational
6
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy.
7. What EnergySec Is NOT…
Not a lobbyist
Not a vendor
Not a consultant
Not government agency
Not a regulator
7
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
8. EnergySec Staff
Extensive applied sector experience
– Many years employment at asset owners
– Operations, security, audit, Sr mgmt, OT, IT
– Regional Entity leadership
– Independent consulting; big firms and
boutiques
– Built several successful companies
– EnergySec founders, Info-sharing pioneers
– Certified, trusted, highly connected, dedicated
8
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy.
9. EnergySec Programs
NESCO: Information Sharing &
Best Practices
Advisory Service
EnergySec University
– Education/Workforce
Development
LIGHTS: Security in a box
(turnkey)
– Independent board
– Partnership with ICS-ISAC
9
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
10. EnergySec Nonprofit
Umbrella
EnergySec
NESCO Advisory University Other…
10
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
11. EnergySec Advisory
Customized agenda; facilitated discussion
Examine current and horizon energy
sector specific cyber security legislation
Explore methods to meet compliance
obligations and enhance security posture
Present threat, vulnerability and impact
landscape to executives and staff
Highest concentration of advisors with
unique and hard-to-find combination of
experience
11
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
12. EnergySec University
Professional/workforce development path
– Internal expertise as instructors
– Open faculty roster from best and brightest
– Courses in all IT/OT security-related
disciplines
Internship matchmaking – coming soon
Working closely with National Board of
Information Security Examiners (NBISE)
12
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
13. What Is NESCO?
R. 3183 “...the Secretary shall establish an
independent national energy sector cyber security
organization...”
– Department Of Energy issued FOA on March 31, 2010
Purpose is to “establish a National Electric Sector
Cyber Security Organization that has the knowledge,
capabilities, and experience to protect the electric
grid and enhance integration of smart grid
technologies that are adequately protected against
cyber attacks.”
“This organization will serve as a focal point to bring
together domestic and international experts,
developers, and users who will assess and test the
security of novel technology, architectures, and
applications.”
13
7/31/201
3
The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy
14. NESCO Objectives
Organize, lead and implement a public-private
partnership
Focus cybersecurity research and development
priorities
Identify and disseminate security best practices
Organize the collection, analysis and dissemination of
infrastructure vulnerabilities and threats
Work cooperatively with the DOE and other Federal
Agencies
Enhance cybersecurity of the bulk power grid and
electric infrastructure
14
7/31/201
3
The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy
15. Who Is NESCO?
15
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy.
• Public
• Private
• Non-Reg
• Regulatory
• Fed, State…
• Product
• Service
• IOU
• Muni
• Coop
Asset Owners Vendor
Academia/Research
Govt
16. Connect & Support
16
7/31/201
3
The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy
Utility
Asset
Owners
17. Membership Growth
17
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
18. Member Demographics
18
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
Academic
5%
Asset Owner
49%
Govt/Regulatory
11%
Vendor/Other
35%
Membership by Organization
Academic
2%
Asset Owner
64%
Govt/Regulatory
12%
Vendor/Other
22%
Membership by Individual
363 unique organizations1,050 Individual members
Predominately Asset Owner Driven Membership Base
19. Membership Overview
NESCO Members of Sept 30 2011 (1
year)
– 788 NESCO members
– 278 unique organizations
NESCO Members as of July 12 2012:
– 1050 individuals
– 363 unique organizations
Note: This represents a nearly 50% annual
growth rate
19
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
20. Social Media Outreach
NESCO mailing list: 3536
NESCO Twitter followers: 2635
NESCO LinkedIn group members: 535
20
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
21. Direct Outreach
3 Town Hall meetings
19 Voice of the Industry (VOI)
meetings
82 TAC notices; 149 follow up
threads
71 presentations/panels
94 event participation
37 blog mentions
43 interviews and article citations
21
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
22. Engage, Equip & Empower
22
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
Sharing requires trust
Trust is built on relationships
Our approach…
– Bringing people together
– Flexible technology options and
solutions to extend and enhance
relationships
– Organic growth; birds of a feather
23. NESCO Is Technology
Secure collaboration portal
– Wiki
– Working groups
– Discussion forums
– Email distribution lists
Rapid Notification System
Social Media
– LinkedIn, Twitter, Facebook
23
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy.
24. NESCO Tools
24
7/31/201
3
The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy
Email distribution lists
Secure collaboration wiki
Secure instant messaging
Rapid notification
mechanisms
Resource repository
Most technologies have non-
attribution (anonymous)
options
25. NESCO Resource Repository
25
7/31/201
3
The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy
Best/common practices
Policy, process, procedure
Compliance approaches
Document Templates
Code snippets, scripts
System configurations
Links to useful security sites
And more…
26. NESCO Tactical Analysis
Center
Supports ES-ISAC and ICS-CERT
Open & private source intelligence
Asset owner volunteer handler
SMEs with virtual “dashboards”
Rapid, community-sourced analysis
Secure communications
Rapid notification system
Daily diaries, trending
Quarterly & annual reports
26
7/31/201
3
The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy
27. ES-ISAC, ICS-CERT and TAC
An analogy… triage and long term care
Basic differences of the TAC
– Operated by an independent non-profit org
– Not associated with a federal regulatory agency
• DOE partner is non-regulatory
• Funding expires in 2014, only “seed” money provided
• Funding model involves cost-share, so industry bears
cost throughout entire effort
– Electric sector specific
– Provides feeds, when requested to NERC & DHS
& …
27
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
28. ES-ISAC, ICS-CERT and TAC
Basic differences of the TAC
– Covers all entities, not just Registered Entities
under the NERC Functional Model
• Not just Bulk Electric w/ CA and CCA
• Includes smart grid, distribution, QF generation
– NESCO staff work alongside industry handlers
– RNS has direct access to security staff
– Volunteer reporting structure, not mandatory
– Private position offers unique vendor
relationships
– Anonymized pass through for bi-directional
sharing
28
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
29. NESCO Products
Whitepapers
– DNS Exfiltration
– Security Logging Best Practices and
Capability Maturity Models
– Public Key Infrastructure, Automated Metering
Infrastructure and Industrial Control Systems
– DOE Electric Sector Cybersecurity Capability
Maturity Model (ES-C2M2) – coming soon!
– What else would you like to see?
29
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy.
30. NESCO Products
Rapid Notification System
– Night Dragon webcast
– Duqu webcast
– Multiple TAC notices
30
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
31. NESCO Success Stories
31
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy.
…is fantastic
that [DOE
produces] a
document that
deals with a
subject so
technical and
that it makes
available to
the public.
http://goo.gl/0xiWp
32. NESCO Success Stories
Spearphishing notices from asset owner
shared with DHS for action
– Result: DHS ICS-CERT advisory issued
Accounts from service contractor posted to
Internet reviewed for asset owner data
– Result: Direct contact warning to specific
parties
32
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy.
33. NESCO Success Stories
Exposed control systems posted on
Internet matched to asset owners
– Result: Direct contact warning to specific
parties
EnergySec spearphishing attempt
– Result: Cross-organization comparison with
general industry advisory; IOCs published
33
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
34. NESCO Success Stories
Industry and [some] Regional Entities
seeking to modify process for Technical
Feasibility Exceptions to maximize security
benefit
– Result: NESCO provided independent and
impartial discussion forum, webinar and
industry feedback loop for proposed change
to process
34
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
35. NESCO Success Stories
35
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
36. NESCO Funding Model
Department of Energy FOA
Cooperative agreement
Cost-share is ~40%, ramps
over life of 3.5 year “seed”
window
At end of seed
window, NESCO is fully
funded by industry
Supported by underwriters
and TAC subscriptions
36
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
37. NESCO Summary
Focused on building trust through
relationships to further security
collaboration and sharing
Flexible technology facilitates and
catalyzes information/resource sharing
efforts
Supports existing successful programs
Security voice of the electric sector
37
7/31/201
3
The National Electric Sector Cybersecurity Organization is partially funded by the US Department of Energy
38. Get Connected
EnergySec Summit: September 25-28
– NESCO Town Hall
– CISO Forum
– Policy and Technical Tracks
EnergySec University Courses
– NERC CIP Training: Las Vegas 10/25
– NERC CIP Training: Sacramento 12/4
– Cybersecurity for Operations: Nashville 11/7
NESCO Voice of the Industry (VOI)
Meetings
38
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
39. Get Connected
www.energysec.org
www.energysec.org/join
www.energysec.org/tac-subscription-
service
TAC@energysec.org
New NESCO website soon!
39
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
40. Questions?
40
7/31/201
3
The National Electric Sector Cybersecurity Organization (NESCO) is operated by EnergySec
with funding assistance from the U.S. Department of Energy
Patrick C Miller
Principal Investigator, National Electric Sector Cybersecurity Organization
President & CEO, EnergySec
patrick.miller@energysec.org
503.446.1212 (desk)
@patrickcmiller (twitter)
www.energysec.org