When we talk about cyber security, we recognize that it is part of a holistic approach to security and critical infrastructure protection. Tools and technology are not enough to ensure that mission critical systems provide capabilities needed for the military, continuity of government and commercial enterprises to continue operations in the face of emerging threats. Recognizing the unique nature of our location on the Hawaiian Islands in the middle of the Pacific, we also understand the importance of collaboration and alignment of critical infrastructure protection among the military, state government, commercial and public stakeholders. A comprehensive approach needs to include innovative capabilities, a thorough analysis of operational dependencies, and the organizational collaboration required to protect critical capabilities. In this session, we will discuss our innovate approach to developing a holistic cyber security approach for critical infrastructure and share a case study to help you think differently about your own approaches for security.
Almost 70 years since the first computer bug was discovered, there has been decades of research done on Information Security theory and practice. Yet, despite vast amounts of money being spent, innumerable academic papers, mainstream media obsession, and entire industries being formed, we are left with the impression that the risk is growing, not receding. Why? Some argue a lack of data, but data clearly exists. We’re likely generating it, in some areas, faster than humans will ever be able to process it. Perhaps, after all of this effort, we’ve managed to box ourselves into metaphors and first principles that might be inappropriately constraining how we think about “Information Security Risk”. In fact, it’s worth noting that we can’t even agree if there is a space between “Cyber” and “Security” when it’s written out. This talk will take an anecdotal look at “Information Security Risk”, “What IS Cyber Security?”, and use that perspective to suggest areas of research that are either lacking or should be made more accessible to the markets, industries, and individuals driving risk management change. In an industry filled with data, perhaps an examination of empty space might be helpful.
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...EnergySec
In our modern world, we’ve learned to take for granted the universal availability of things like running water and electricity, and more recently, the Internet. As technology progresses, we are rapidly approaching a future in which nearly everything is digitally connected to nearly everything else. At the same time, we are learning to accept that all digital devices are broken from a security perspective. How we respond and adapt to this reality could well determine whether our future is utopian or dystopian. In In this interactive session, we will explore novel avenues of attack using digital “soft-targets”, and discuss how we might hold things together in the face of persistent vulnerability.
Slide Griffin - Practical Attacks and MitigationsEnergySec
Over the past few years, penetration testing has gotten easier. What used to take a week of scanning, analysis, and exploit research now happens in one day on average in a common IT environment. The efficiency of compromise has increased based on several factors including increased knowledge sharing, more robust computing, and automated exploitation tools. OT environments are often utilizing the same operating systems and are prone to many of the same attacks. The main differences are the presence of custom protocols, embedded systems, and lack of formal security programs to address the gaps created by two-way data communication networks.
This talk will show the most common attacks which our team currently uses to gain access and control over the networks and systems we test. More importantly, we will discuss the “top 10” things an organization can do to mitigate, remediate, and have active visibility into critical systems.
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
An interactive look at what security research means today and how we got to zero days, bug bounties, and hoodie hackers in the news. What particular skills or talents are most essential to be effective as a security researcher, and how much can we learn from the new digital anthropologist in waiting.
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
When you think of Information Technology (IT) and Operational Technology (OT), which side are you on? You may not feel that you fall on any side of that technological skirmish, but when you stop to carefully consider the differences in these two disciplines, it is nearly impossible to avoid a tendentious leaning.
However, the time may be upon us when the conflicts of IT and OT will be put to rest for the broader purpose of making businesses more agile, efficient, resilient and ultimately, more profitable. We spoke with experts in the field who offered their insights about the challenges facing IT and OT convergence. Here’s what they shared!
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
Presented by: Julie Soutuyo, Tennessee Valley Authority
Abstract: Over the past 40 years, the energy industry has evolved to a position of dependence upon information technology to accomplish its mission. Cyber attacks have become a “way of life”; as the Nation, industry, organizations, and individuals strive to operate safely and securely in cyberspace. Most rely on a compliance-based “whack-a-mole”; approach to cyber defense which presents multiple barriers to hackers, based on the last attack, with efforts to “hit” any that get inside the organization’s defenses. While still valid, this compliance-based approach has significant challenges: stopping intruders, mitigating the problems they create, and positioning an organization to achieve its mission under a cyber attack. Cyber experts across the Nation are increasingly turning to resiliency as a means for fighting through these attacks with the objective of meeting operational and mission requirements in spite of the attacks. This shift is driving organizations to rethink their organizational structures to achieve unity of effort and streamlined decision-making in the face of a fast paced set of operational demands. This presentation will highlight the strategies to promote a cyber resilient organization.
Presented by: John Fleker, HP
Abstract: The cyber threat landscape is continually evolving. More and more, the critical infrastructure of our nation is at risk. Whether by nation-state actors, criminal organizations, hacktivists or any number of hackers looking to prove their skills, our safety and economic prosperity is threatened. There are four things that must be considered in order to address the evolving threats:
1- Becoming more proactive in our cyber defense efforts through intelligence
2- Better user behavior management
3- Assessing risk using meaningful metric
4- Resilience – operating through an intrusion
We need to look at the threat picture differently – in a proactive way – to ensure that CEO’s and CIO/CISO’s are on the same page regarding the threat, to allow those leaders to make better resourcing decisions and to be better prepared to mitigate adversaries when they arrive at the security perimeter. We need to integrate a wider set of intelligence into our thinking. This is critical to taking a more proactive stance in defending your networks. Combined with what you know of your own network, cyber intelligence strategically helps make solid resource planning decisions and functionally, helps your network operators better defend, mitigate and operate through cyber intrusions. The Operational Levels of Cyber Intelligence paper by the Intelligence and National Security Alliance details a better way of using intelligence.
www.insaonline.org/i/d/a/Resources/CyberIntel_WP.aspx
Additionally, we must increase info sharing across the board. Executive Order 13636 - Improving Critical Infrastructure Cybersecurity is leading critical infrastructure that direction.
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
Presented by: Russell Thomas, George Mason University
Abstract: Two aspects of cyber security that everyone struggles with are metrics and business impact. How do we measure it to improve and how do we make it meaningful to business decision makers? This gap appeared again recently in the NIST Cyber Security Framework (CSF) process RFI responses. But there is no need to wait for NIST CSF or anything else because there is a viable method available now that you can use to build your own CSF. Namely the “Balanced Scorecard” method.
The key idea is to focus on performance against measurable objectives in all critical dimensions that, taken together, will lead to better security, privacy, and resiliency outcomes, even in a dynamic and highly uncertain threat environment. In this presentation, we’ll explain the ten critical dimensions of cyber security performance, explain how they are interrelated and feed off each other, show how to create a performance index in each dimension, and describe how the balanced scorecard can be used to drive executive decisions. This presentation should be valuable to managers and executives in every type of organization in the energy sector, including the supply/service chain. Consultants, regulators, and academics should also find it interesting and useful.
Almost 70 years since the first computer bug was discovered, there has been decades of research done on Information Security theory and practice. Yet, despite vast amounts of money being spent, innumerable academic papers, mainstream media obsession, and entire industries being formed, we are left with the impression that the risk is growing, not receding. Why? Some argue a lack of data, but data clearly exists. We’re likely generating it, in some areas, faster than humans will ever be able to process it. Perhaps, after all of this effort, we’ve managed to box ourselves into metaphors and first principles that might be inappropriately constraining how we think about “Information Security Risk”. In fact, it’s worth noting that we can’t even agree if there is a space between “Cyber” and “Security” when it’s written out. This talk will take an anecdotal look at “Information Security Risk”, “What IS Cyber Security?”, and use that perspective to suggest areas of research that are either lacking or should be made more accessible to the markets, industries, and individuals driving risk management change. In an industry filled with data, perhaps an examination of empty space might be helpful.
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...EnergySec
In our modern world, we’ve learned to take for granted the universal availability of things like running water and electricity, and more recently, the Internet. As technology progresses, we are rapidly approaching a future in which nearly everything is digitally connected to nearly everything else. At the same time, we are learning to accept that all digital devices are broken from a security perspective. How we respond and adapt to this reality could well determine whether our future is utopian or dystopian. In In this interactive session, we will explore novel avenues of attack using digital “soft-targets”, and discuss how we might hold things together in the face of persistent vulnerability.
Slide Griffin - Practical Attacks and MitigationsEnergySec
Over the past few years, penetration testing has gotten easier. What used to take a week of scanning, analysis, and exploit research now happens in one day on average in a common IT environment. The efficiency of compromise has increased based on several factors including increased knowledge sharing, more robust computing, and automated exploitation tools. OT environments are often utilizing the same operating systems and are prone to many of the same attacks. The main differences are the presence of custom protocols, embedded systems, and lack of formal security programs to address the gaps created by two-way data communication networks.
This talk will show the most common attacks which our team currently uses to gain access and control over the networks and systems we test. More importantly, we will discuss the “top 10” things an organization can do to mitigate, remediate, and have active visibility into critical systems.
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
An interactive look at what security research means today and how we got to zero days, bug bounties, and hoodie hackers in the news. What particular skills or talents are most essential to be effective as a security researcher, and how much can we learn from the new digital anthropologist in waiting.
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
When you think of Information Technology (IT) and Operational Technology (OT), which side are you on? You may not feel that you fall on any side of that technological skirmish, but when you stop to carefully consider the differences in these two disciplines, it is nearly impossible to avoid a tendentious leaning.
However, the time may be upon us when the conflicts of IT and OT will be put to rest for the broader purpose of making businesses more agile, efficient, resilient and ultimately, more profitable. We spoke with experts in the field who offered their insights about the challenges facing IT and OT convergence. Here’s what they shared!
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
Presented by: Julie Soutuyo, Tennessee Valley Authority
Abstract: Over the past 40 years, the energy industry has evolved to a position of dependence upon information technology to accomplish its mission. Cyber attacks have become a “way of life”; as the Nation, industry, organizations, and individuals strive to operate safely and securely in cyberspace. Most rely on a compliance-based “whack-a-mole”; approach to cyber defense which presents multiple barriers to hackers, based on the last attack, with efforts to “hit” any that get inside the organization’s defenses. While still valid, this compliance-based approach has significant challenges: stopping intruders, mitigating the problems they create, and positioning an organization to achieve its mission under a cyber attack. Cyber experts across the Nation are increasingly turning to resiliency as a means for fighting through these attacks with the objective of meeting operational and mission requirements in spite of the attacks. This shift is driving organizations to rethink their organizational structures to achieve unity of effort and streamlined decision-making in the face of a fast paced set of operational demands. This presentation will highlight the strategies to promote a cyber resilient organization.
Presented by: John Fleker, HP
Abstract: The cyber threat landscape is continually evolving. More and more, the critical infrastructure of our nation is at risk. Whether by nation-state actors, criminal organizations, hacktivists or any number of hackers looking to prove their skills, our safety and economic prosperity is threatened. There are four things that must be considered in order to address the evolving threats:
1- Becoming more proactive in our cyber defense efforts through intelligence
2- Better user behavior management
3- Assessing risk using meaningful metric
4- Resilience – operating through an intrusion
We need to look at the threat picture differently – in a proactive way – to ensure that CEO’s and CIO/CISO’s are on the same page regarding the threat, to allow those leaders to make better resourcing decisions and to be better prepared to mitigate adversaries when they arrive at the security perimeter. We need to integrate a wider set of intelligence into our thinking. This is critical to taking a more proactive stance in defending your networks. Combined with what you know of your own network, cyber intelligence strategically helps make solid resource planning decisions and functionally, helps your network operators better defend, mitigate and operate through cyber intrusions. The Operational Levels of Cyber Intelligence paper by the Intelligence and National Security Alliance details a better way of using intelligence.
www.insaonline.org/i/d/a/Resources/CyberIntel_WP.aspx
Additionally, we must increase info sharing across the board. Executive Order 13636 - Improving Critical Infrastructure Cybersecurity is leading critical infrastructure that direction.
How to Build Your Own Cyber Security Framework using a Balanced ScorecardEnergySec
Presented by: Russell Thomas, George Mason University
Abstract: Two aspects of cyber security that everyone struggles with are metrics and business impact. How do we measure it to improve and how do we make it meaningful to business decision makers? This gap appeared again recently in the NIST Cyber Security Framework (CSF) process RFI responses. But there is no need to wait for NIST CSF or anything else because there is a viable method available now that you can use to build your own CSF. Namely the “Balanced Scorecard” method.
The key idea is to focus on performance against measurable objectives in all critical dimensions that, taken together, will lead to better security, privacy, and resiliency outcomes, even in a dynamic and highly uncertain threat environment. In this presentation, we’ll explain the ten critical dimensions of cyber security performance, explain how they are interrelated and feed off each other, show how to create a performance index in each dimension, and describe how the balanced scorecard can be used to drive executive decisions. This presentation should be valuable to managers and executives in every type of organization in the energy sector, including the supply/service chain. Consultants, regulators, and academics should also find it interesting and useful.
NESCO Town Hall Workforce Development PresentationEnergySec
Moderated and Presented by Andy Bochman
Discussion Topic: Workforce Development in the ICS WorkPlace
Discussion Abstract: Ask anyone working in the field at an electric utility about cybersecurity and the conversation will inevitably turn to the shortage of a qualified security staff with knowledge of our industry. The need to comply with NERC CIP standards, secure the rapidly proliferating smart grid technologies, and defend against the threat of cyber attacks targeting control systems, makes the short supply of cybersecurity talent is a critical issue.
Cyber risk isn't new, but the stakes grow higher every day. An incident is no longer likely to be an isolated event, but a sustained and persistent campaign. There is no single solution that will offer protection from an attack, but a Cyber Resilience strategy can provide a multi-layered approach that encompasses people, processes and technology. Pete's presentation talks about eliminating the gap between IT and the business to present a united front against threats. This is a paradigm shift that uses security intelligence to guide decisions and support agility.
This presentation goes through a higher level overview of understanding cyber resilience, important concepts, the difference between cybersecurity and cyber resilience, and frameworks aimed at achieving or assessing an organizations cyber resilience.
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
Presented by: Gib Sorebo, SAIC
Abstract: For the last few years, energy companies, particularly electric utilities, have been scrambling to meet the onslaught of cybersecurity regulations. However, hackers don’t follow regulations, so the need to rapidly address evolving threats is imperative to meet expectations of senior leadership, board members, and shareholders. This session will discuss how a mature governance structure and a cybersecurity strategy based on a comprehensive understanding of business risk can be used to address threats, comply with regulations, and obtain support from company stakeholders.
Integrating Cyber Security Alerts into the Operator DisplayEnergySec
Presented by: Michael Toecker, Digital Bond
Abstract: Control Systems are responsible for the safe and reliable governing of physical processes, and are designed to report conditions that could affect reliable operations to operators for action. These conditions may vary in their severity, from minor inconveniences to those that can bring the process to a full halt. While engineers have predicted certain events and consequences, others are “unknown unknowns”, and may only be detected due to variances from normal function.
Cyber security conditions are similar in nature. Cyber security conditions can vary in severity and cyber security professionals can classify and alert on some, but not all cyber security events. In this presentation, Michael Toecker will discuss cyber security conditions that are known, and that could be integrated into the operational display.
Treating cyber security events as analogous to control system events has many benefits and drawbacks, and Toecker will expand on criteria for determining what is appropriate for an operator display, and what is not. The purpose of this presentation is to demonstrate that cyber security can have a place in operational decisions, so long as conditions are carefully analyzed and response actions developed beforehand.
Cybersecurity 2014: The Impact of Policies and Regulations on Companies by Andrea Almeida from the First Semi-Annual Cyber Security Conference in Plano, Texas held September 26-27, 2014.
Ted Gruenloh, Director of Operations, ECONET
The Role of Threat Intelligence and Layered Security for Intrusion Prevention
The term 'Threat Intelligence' is getting a lot of buzz these days, but what does it mean? And, more importantly, how can it help protect your network? In this presentation, we will attempt to answer these questions within the context of a layered security approach that integrates Threat Intelligence with existing security methodologies. We also attempt to demonstrate how Threat Intelligence can improve a network's defenses at the perimeter and allow administrators to gain more visibility on the inside.
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
Presented by: Nadya Bartol, Utility Telecom Council
Abstract: A variety of recent breaches and vulnerabilities demonstrate that software and hardware supply chain is a serious concern in the ICS space. Asset owners/operators and suppliers are in a symbiotic relationship – acquirers cannot conduct business without the supplier products and services. Where do the subcomponents come from and what do we know about their contents? Which code libraries were used by the sub-supplier? Why do we need to know? Several solution sets have emerged over the last 6 years, developed in IT/communications, defense, and ICS space. These include soon-to-be-published ISO and IEC standards, NIST documents, certification framework, Common Criteria extensions, and efforts by software industry consortium. The presentation will survey ICT supply chain security problem space, provide an overview of available solutions developed to date, and recommend how to use these solutions in the ICS context
With more than 50,000 new malware created every day organisations can no longer afford to risk the financial and reputational impacts of a security or data breach, which can be too much for a business to recover from. Because of this, IT managers face increasing scrutiny and pressure from CEOs, managing directors and boards to prove that they are keeping the organisation secure.
The changing threat landscape means organisations need to be vigilant and smarter about security. While businesses still face threats from infected devices and malware, attackers have also moved beyond that. For example, there is an increasing number of targeted email attacks with cyber criminals spending time to monitor communications so they can imitate emails that are so sophisticated that even relatively savvy users will open them.
This webinar will explore the building blocks required to ensure you have the roadmap required to best protection against cyber attacks. We will provide you with a high level view of the following topics:
· Audit and discovery – What are your weaknesses and are you compliant?
· Education – Do your employees know when not to open that attachment?
· Policy – Do you have the right policies for your industry?
· Technology – Where to start and what has changed?
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
Information Security
1.Why the need to think about it?
2.What exactly are we talking about?
3.How do we go about doing something about it?
4.Is there a one-size-fits-all framework?
Presented by Patrick Miller, The Anfield Group and Jason Ile, Tripwire
Abstract: This presentation emphasis the importance of building an environment where compliance is a natural byproduct of effective security controls. The presenters discuss how to establish info security controls that reinforce a culture of controls, by being plugged into the daily operational processes of IT operations, software and service development, project management and Internal audit.
Additional, the presenters explore the various benefits of continuous monitoring and how to achieve it through a step-by-step practice.
Michael Johnson of the University of Minnesota shares the risks of cyber security and the measure you should be taking to ensure your company's safety.
Building Human Intelligence – Pun IntendedEnergySec
Presented by: Rohyt Belani, Phishme
Abstract: In the physical world, the human brain has evolved to avoid danger. The threat of physical pain triggers fear – and we have learned to avoid behavior that causes pain. In the electronic world of email, however, this concept doesn’t translate. Clicking on a malicious link or opening an attachment laced with malware doesn’t cause pain, and often a user won’t even notice anything is wrong after doing it. How then, can we teach fear perception in the electronic world? Is it even possible? In this presentation I’ll discuss how immersive training can key on psychological triggers to teach people to become skeptical email users who not only avoid undesired security behavior but can aid intrusion detection by reporting suspicious emails, helping to mitigate one of the most serious problems in security: slow incident detection times. According to reports from Mandiant and Verizon, average detection time for an incident is in the hundreds of days. A properly trained workforce is not only resilient to phishing attacks, but can improve detection times as well.
A brief run-through of the economics of controls, threats and how attackers and defenders think. Following an introduction to the current and next generation security analytics.
Wireless Sensor Networks: Nothing is Out of ReachEnergySec
Presenter: Daniel Lance, Layered Integration
After years of installing wireless sensor networks in homes and businesses we are now faced with a question “How is this all secure? Or is it?” A look into WSN (Wireless Sensor Networks) history and original design concepts that paved the road to us using these in our every day life.
This presentation will be a deep dive into wireless and reveal new challenges we have in protecting our perimeter when all of our core monitoring devices are riding a wave into the public space as most industrial control providers look to capitalize on fast installation times and inexpensive adaptive solutions. This research shows us start to finish how anyone with a laptop and SDR (Software Defined Radio) can hack into and take control of WSN’s from outside the front gate.
The presentation will demonstrate how a device inside your facility might reveal itself through spectrum analysis than how a hacker might flank the security of the device and own the network with very simple replay attacks that can grant them physical access, and how social engineering pre-installation and post-installation will cause you to disregard warning signs that someone is tampering with the network. A high level understanding of radio is no longer needed for packet analysis with open source tools, proper implementation has never been more important as even a encrypted device can be compromised by the last mile before installation. We will talk about the tools security professionals are lacking from the manufactures of these devices to scan for a compromised device and what can be done in the future to protect WSN’s.
Presenter: Chris Sistrunk
Why haven’t we seen more ICS-focused attacks? Perhaps it’s because we’re not looking for them. The current state of security in Industrial Control Systems is a widely publicized issue, but fixes to ICS security issues are long cycle, with some systems and devices that will unfortunately never have patches available.
In this environment, visibility into security threats to ICS is critical, and almost all of ICS monitoring has been focused on compliance, rather than looking for indicators/evidence of compromise. The non-intrusive nature of Network Security Monitoring (NSM) is a perfect fit for ICS. This presentation looks at using NSM as part of an incident response strategy in ICS, various options for implementing NSM, and some of the capabilities that NSM can bring to an ICS cyber security program.
NESCO Town Hall Workforce Development PresentationEnergySec
Moderated and Presented by Andy Bochman
Discussion Topic: Workforce Development in the ICS WorkPlace
Discussion Abstract: Ask anyone working in the field at an electric utility about cybersecurity and the conversation will inevitably turn to the shortage of a qualified security staff with knowledge of our industry. The need to comply with NERC CIP standards, secure the rapidly proliferating smart grid technologies, and defend against the threat of cyber attacks targeting control systems, makes the short supply of cybersecurity talent is a critical issue.
Cyber risk isn't new, but the stakes grow higher every day. An incident is no longer likely to be an isolated event, but a sustained and persistent campaign. There is no single solution that will offer protection from an attack, but a Cyber Resilience strategy can provide a multi-layered approach that encompasses people, processes and technology. Pete's presentation talks about eliminating the gap between IT and the business to present a united front against threats. This is a paradigm shift that uses security intelligence to guide decisions and support agility.
This presentation goes through a higher level overview of understanding cyber resilience, important concepts, the difference between cybersecurity and cyber resilience, and frameworks aimed at achieving or assessing an organizations cyber resilience.
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
Presented by: Gib Sorebo, SAIC
Abstract: For the last few years, energy companies, particularly electric utilities, have been scrambling to meet the onslaught of cybersecurity regulations. However, hackers don’t follow regulations, so the need to rapidly address evolving threats is imperative to meet expectations of senior leadership, board members, and shareholders. This session will discuss how a mature governance structure and a cybersecurity strategy based on a comprehensive understanding of business risk can be used to address threats, comply with regulations, and obtain support from company stakeholders.
Integrating Cyber Security Alerts into the Operator DisplayEnergySec
Presented by: Michael Toecker, Digital Bond
Abstract: Control Systems are responsible for the safe and reliable governing of physical processes, and are designed to report conditions that could affect reliable operations to operators for action. These conditions may vary in their severity, from minor inconveniences to those that can bring the process to a full halt. While engineers have predicted certain events and consequences, others are “unknown unknowns”, and may only be detected due to variances from normal function.
Cyber security conditions are similar in nature. Cyber security conditions can vary in severity and cyber security professionals can classify and alert on some, but not all cyber security events. In this presentation, Michael Toecker will discuss cyber security conditions that are known, and that could be integrated into the operational display.
Treating cyber security events as analogous to control system events has many benefits and drawbacks, and Toecker will expand on criteria for determining what is appropriate for an operator display, and what is not. The purpose of this presentation is to demonstrate that cyber security can have a place in operational decisions, so long as conditions are carefully analyzed and response actions developed beforehand.
Cybersecurity 2014: The Impact of Policies and Regulations on Companies by Andrea Almeida from the First Semi-Annual Cyber Security Conference in Plano, Texas held September 26-27, 2014.
Ted Gruenloh, Director of Operations, ECONET
The Role of Threat Intelligence and Layered Security for Intrusion Prevention
The term 'Threat Intelligence' is getting a lot of buzz these days, but what does it mean? And, more importantly, how can it help protect your network? In this presentation, we will attempt to answer these questions within the context of a layered security approach that integrates Threat Intelligence with existing security methodologies. We also attempt to demonstrate how Threat Intelligence can improve a network's defenses at the perimeter and allow administrators to gain more visibility on the inside.
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
Presented by: Nadya Bartol, Utility Telecom Council
Abstract: A variety of recent breaches and vulnerabilities demonstrate that software and hardware supply chain is a serious concern in the ICS space. Asset owners/operators and suppliers are in a symbiotic relationship – acquirers cannot conduct business without the supplier products and services. Where do the subcomponents come from and what do we know about their contents? Which code libraries were used by the sub-supplier? Why do we need to know? Several solution sets have emerged over the last 6 years, developed in IT/communications, defense, and ICS space. These include soon-to-be-published ISO and IEC standards, NIST documents, certification framework, Common Criteria extensions, and efforts by software industry consortium. The presentation will survey ICT supply chain security problem space, provide an overview of available solutions developed to date, and recommend how to use these solutions in the ICS context
With more than 50,000 new malware created every day organisations can no longer afford to risk the financial and reputational impacts of a security or data breach, which can be too much for a business to recover from. Because of this, IT managers face increasing scrutiny and pressure from CEOs, managing directors and boards to prove that they are keeping the organisation secure.
The changing threat landscape means organisations need to be vigilant and smarter about security. While businesses still face threats from infected devices and malware, attackers have also moved beyond that. For example, there is an increasing number of targeted email attacks with cyber criminals spending time to monitor communications so they can imitate emails that are so sophisticated that even relatively savvy users will open them.
This webinar will explore the building blocks required to ensure you have the roadmap required to best protection against cyber attacks. We will provide you with a high level view of the following topics:
· Audit and discovery – What are your weaknesses and are you compliant?
· Education – Do your employees know when not to open that attachment?
· Policy – Do you have the right policies for your industry?
· Technology – Where to start and what has changed?
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
Information Security
1.Why the need to think about it?
2.What exactly are we talking about?
3.How do we go about doing something about it?
4.Is there a one-size-fits-all framework?
Presented by Patrick Miller, The Anfield Group and Jason Ile, Tripwire
Abstract: This presentation emphasis the importance of building an environment where compliance is a natural byproduct of effective security controls. The presenters discuss how to establish info security controls that reinforce a culture of controls, by being plugged into the daily operational processes of IT operations, software and service development, project management and Internal audit.
Additional, the presenters explore the various benefits of continuous monitoring and how to achieve it through a step-by-step practice.
Michael Johnson of the University of Minnesota shares the risks of cyber security and the measure you should be taking to ensure your company's safety.
Building Human Intelligence – Pun IntendedEnergySec
Presented by: Rohyt Belani, Phishme
Abstract: In the physical world, the human brain has evolved to avoid danger. The threat of physical pain triggers fear – and we have learned to avoid behavior that causes pain. In the electronic world of email, however, this concept doesn’t translate. Clicking on a malicious link or opening an attachment laced with malware doesn’t cause pain, and often a user won’t even notice anything is wrong after doing it. How then, can we teach fear perception in the electronic world? Is it even possible? In this presentation I’ll discuss how immersive training can key on psychological triggers to teach people to become skeptical email users who not only avoid undesired security behavior but can aid intrusion detection by reporting suspicious emails, helping to mitigate one of the most serious problems in security: slow incident detection times. According to reports from Mandiant and Verizon, average detection time for an incident is in the hundreds of days. A properly trained workforce is not only resilient to phishing attacks, but can improve detection times as well.
A brief run-through of the economics of controls, threats and how attackers and defenders think. Following an introduction to the current and next generation security analytics.
Wireless Sensor Networks: Nothing is Out of ReachEnergySec
Presenter: Daniel Lance, Layered Integration
After years of installing wireless sensor networks in homes and businesses we are now faced with a question “How is this all secure? Or is it?” A look into WSN (Wireless Sensor Networks) history and original design concepts that paved the road to us using these in our every day life.
This presentation will be a deep dive into wireless and reveal new challenges we have in protecting our perimeter when all of our core monitoring devices are riding a wave into the public space as most industrial control providers look to capitalize on fast installation times and inexpensive adaptive solutions. This research shows us start to finish how anyone with a laptop and SDR (Software Defined Radio) can hack into and take control of WSN’s from outside the front gate.
The presentation will demonstrate how a device inside your facility might reveal itself through spectrum analysis than how a hacker might flank the security of the device and own the network with very simple replay attacks that can grant them physical access, and how social engineering pre-installation and post-installation will cause you to disregard warning signs that someone is tampering with the network. A high level understanding of radio is no longer needed for packet analysis with open source tools, proper implementation has never been more important as even a encrypted device can be compromised by the last mile before installation. We will talk about the tools security professionals are lacking from the manufactures of these devices to scan for a compromised device and what can be done in the future to protect WSN’s.
Presenter: Chris Sistrunk
Why haven’t we seen more ICS-focused attacks? Perhaps it’s because we’re not looking for them. The current state of security in Industrial Control Systems is a widely publicized issue, but fixes to ICS security issues are long cycle, with some systems and devices that will unfortunately never have patches available.
In this environment, visibility into security threats to ICS is critical, and almost all of ICS monitoring has been focused on compliance, rather than looking for indicators/evidence of compromise. The non-intrusive nature of Network Security Monitoring (NSM) is a perfect fit for ICS. This presentation looks at using NSM as part of an incident response strategy in ICS, various options for implementing NSM, and some of the capabilities that NSM can bring to an ICS cyber security program.
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...EnergySec
Innovative and disruptive technologies are enhancing and invading our traditional industrial business model. Future organizations will need more data to operate efficiently and succeed in the brave new interconnected world. The diversity of new technologies and data will fuel more diversity in business opportunity. Everyone expects more OT, more IoT, and more IT – and all of it is supposed to be highly reliable and secure. These factors (and more) lead to a landscape shift for the mission-critical cybersecurity risk profile.
In this session, hear ways to recognize the problems and gain some clarity on possible solutions through historic lessons, made up words, and practical front-line experience.
Presenter: Mikael Vingaard, EnergiNet.dk
The goal of having a Honeypot (a fake ‘vulnerable’ IT-system/ service) is to learn more about your attackers and the methods they will use to breach your ICS/SCADA systems – but how can the Energy Sector actual benefit from using a Honeypot?
The Danish information security researcher, Mikael Vingaard has taken various free open source software to deploy ICS/SCADA Honeypot systems, and will share his experiences from the research and present interesting findings from the collected informations.
The talk will be discuss the pros and cons of honeypots, how to use honeypots as an early-warning system and add some interesting points seen from the energy sector of using Honeypot systems.
The presentation will showcase that gaining access to actual ICS threat intelligence can be done – even in budget constrained organizations.
Compromising Industrial Facilities From 40 Miles AwayEnergySec
Presented by: Lucas Apa and Carlos Mario Penagos, IOActive
Abstract: The evolution of wireless technologies has allowed industrial automation and control systems (IACS) to become strategic assets for companies that rely on processing plants and facilities. When sensors and transmitters are attacked, remote sensor measurements on which critical decisions are made might be modified, this could lead to unexpected, harmful, and dangerous consequences.
This presentation demonstrates attacks that exploit key distribution vulnerabilities we recently discovered in every wireless device made by three leading industrial wireless automation solution providers. We will review the most commonly implemented key distribution schemes, their weaknesses, and how vendors can more effectively align their designs with key distribution solutions.
Presenter: Mike Firstenberg, Waterfall Security Solutions
NIST, NERC CIP, the ISA/IEC and other authorities are adjusting their advice for secure industrial networks to include at least one layer of hardware-enforced unidirectional communications. Many security practitioners are familiar with specific applications of Unidirectional Security Gateway technology, but fewer have seen how widely the technology is being deployed throughout the electric sector.
Join us to review comprehensive unidirectional network architectures for generation, transmission, distribution, high-voltage substations, and control centers/TSO’s/balancing authorities. In each vertical we review use cases, examine NERC CIP compliance implications and cost savings, and compare the strength of each architecture with legacy firewall-based designs.
Explore the Implicit Requirements of the NERC CIP RSAWsEnergySec
Regulated entities should consider the RSAW templates when preparing evidence of compliance with the NERC CIP Standards. There are a number of implicit requirements in CIP v5 which an entity needs to fulfill to be compliant, which are not specifically identified in the actual requirements.
In this webinar, our experts will discuss such implicit requirements. Key learning's from this session would be:
RSAW format
Implicit requirements of CIP RSAWs
Leveraging technology for RSAW management
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...EnergySec
Presenters: Robert Landavazo, PNM Resources and Katherine Brocklehurst, Tripwire
With countless hours of work to go, PNM was far from ready for its coming audit in just 18 months. Confidence levels in its existing manual, and incomplete security controls, were at an all-time low; and the visibility into control center environments for quantifying its status and progress towards compliance was immeasurable.
With Tripwire, PNM’s preparation of the looming CIPv3 audit noticeably improved. With efficient reporting and automation, PNM’s now positioned to hold itself accountable for CIP auditable compliance of more than 3,500 explicit and supporting control points, satisfying CIP-002-3, CIP-004-3, CIP-005-3, CIP-007-3 and CIP-009-3. In addition, enhanced visibility and better control gave PNM the ability to effectively communicate meaningful and measurable initiatives to executive teams – resulting in increased support for their funding needs.
In this session, PNM – New Mexico’s largest electricity provider – will share a case study on its journey towards achieving continuous NERC CIP compliance despite a highly limited headcount, how it saved countless hours of labor-intensive manual effort, and the essential role that automation played in its success.
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s RoleEnergySec
Presenter: Joseph Loomis, Southwest Research Institute (SwRI)
Asset Owners face challenges as they strive towards implementing the NERC-CIP V5 requirements. Meeting the requirements often require documentation and technical knowledge of how an asset operates that can only be provided by a Vendor. Vendors, likewise, may be unclear about how the NERC-CIP requirements affect them, and are unsure about how to meet the technical requirements. In this presentation we detail the lessons learned from a recent project where SwRI worked with a Vendor to determine how the requirements apply to them and what the Vendor needs to have to help support an Asset Owner in an audit.
From Zero to Hero - Centralized Logging with Logstash & ElasticsearchSematext Group, Inc.
Originally presented at DevOpsDays Warsaw 2014. How to set up centralized logging either using ELK stack - Logstash, Elasticsearch, and Kibana or using Logsene.
Where Cyber Security Meets Operational ValueEnergySec
Presenter: Damiano Bolzoni, SecurityMatters
What if cyber attacks were not the most prominent threat to industrial networks and systems? Although malware is still a major point of interest, the sword of Damocles for industrial networks is represented by insider threats such as system misuse performed by disgruntled employees, contractors and vendors, unintentional operator mistakes, as well as network and system misconfiguration and uncontrolled configuration changes; all this could lead to the divergence or failure of critical processes.
In this talk we reshape the concept of ICS security and demonstrate through case studies in different critical infrastructure sectors that the real value of industrial network monitoring goes beyond the detection of cyber attacks, but includes above all the need to maintain awareness about network and process operations, and obtain actionable intelligence that allows to preserve their overall health. We will show how the use of innovative network monitoring approaches can support security, operations, and network managers to:
Gain IT visibility of OT networks and full situational awareness of the network and process
Detect complex and advanced cyber attacks against industrial networks
Mitigate operational mistakes and misconfiguration
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...EnergySec
Presenter: David Zahn, PAS
Industrial control systems represent the brass ring for hackers who want to disrupt plant operations and negatively impact safety and productivity. The problem for cybersecurity professionals is that plants have highly vulnerable proprietary control systems where configuration data is not visible via standard WMI or SNMP calls. Yet, it is this same configuration data, such as I/O cards, firmware, installed software, and more, that hackers work hard to attain as it aids them in gaining control over industrial systems within plants.
As the saying goes, “you can’t manage what you can’t measure.” Taking inventory of this hidden configuration data and doing so for all control assets is difficult. Plants as a result fall short of achieving centralized, automated inventory – a cybersecurity best practice and a necessary precursor to effective change management. So how do you address change management when important security data is kept locked within each vendor’s distributed control systems, programmable logic controllers, and remote terminal units?
In this session, we’ll explore the types of inventory data that comprise a best practices cyber security plan. Next, we will dive into cost effective, accurate automation opportunities for inventory discovery and maintenance of heterogeneous proprietary and non-proprietary control assets. Finally, we’ll present a case study for implementing best practices for hardening ICS cyber security and automating management of change.
Agenda:
Building and Maintaining an Accurate ICS Inventory
Best Practices in Inventory Automation
Case Study
Lessons Learned For NERC CIPv5 Compliance & Configuration Change ManagementEnergySec
The NERC CIPv5 deadline is fast approaching, and it’s not too late to be prepared. Join Mark Prince, Manager Operational Technology Fossil, from Entergy, Karl Perman, VP Member Services from EnergySec and Tim Erlin, Director from Tripwire to discuss achieving and maintaining NERC CIPv5 compliance in a fossil generation plant. We’ll cover some of the challenges that Entergy has experienced in their NERC CIPv5 compliance journey. Specifically, we will discuss configuration change management and how to leverage technologies for these requirements and consider what life would be without them.
Many information security systems rely on cryptographic schemes that need truly random numbers be secure. In recent months there have been several high profile news stories about weaknesses or potential compromises in both software and hardware random number generators. A compromised random number generator is difficult to catch because it can output random looking data that is predictable to an attacker only. In this talk I describe how to go from knowledge of a weakness in a random number generator to a full security compromise.
We will look at examples including how to fully decrypt a TLS stream, how to compromise a bitcoin wallet by looking at the ECDSA signatures on the public block chain, how to factor improperly generated RSA keys, and more. There will be live demos and discussions of interesting ways to pull off these attacks.
8242015 Combating cyber risk in the supply chain Print Art.docxevonnehoggarth79783
8/24/2015 Combating cyber risk in the supply chain Print Article SC Magazine
http://www.scmagazine.com/combatingcyberriskinthesupplychain/printarticle/381050/ 1/2
Daryk Rowland, director of risk
management, Guidance Software,
Inc.
Daryk Rowland, director of risk management, Guidance Software, Inc.
November 11, 2014
Combating cyber risk in the supply chain
Share this article:
facebook
twitter
linkedin
google
Comments
Email
Print
Security threats within the supply chain have been a concern of purchasing,
information security and risk and compliance teams for many years. What's
new is the rapid increase in targeted attacks on a less welldefended area for
most corporations the confidential data now commonly shared with
supply chain vendors and partners.
In research released in 2013, the Information Security Forum (ISF) found
that, “of all the supply chain risks, information risk is the least well
managed,” and that, “forty percent of the datasecurity breaches experienced
by organizations arise from attacks on their suppliers.” The Target breach
began with a simple login to its corporate network—a login seen as normal
by its security systems because the user name and password were valid. The
problem, of course, was that these login credentials were stolen—yet they
were also authorized for access, so they went unchallenged by Target's
authentication system.
Consider the fact that the recent Dragonfly/Energetic Bear hack of U.S. and
European energy companies began with a spearphishing campaign against
senior employees in energy sector companies. Those senior employees took
the bait and enabled the hackers to compromise legitimate software used by
industrial control system (ICS) manufacturers, inserting malware into
software updates sent from the ICS manufacturers to their clients.
Everyone involved with vendor management — from legal and risk/compliance teams to information security and
purchasing specialists — should now develop a common, collaborative security strategy (or program) that includes
layering new protections onto processes and policies to defend against information risk in the supply chain. Adding the
following practices to your existing security controls can help you collaborate productively for a targeted approach to
supply chain cybersecurity.
Map locations of sensitive data: Collaborate across all relevant teams to determine which data—intellectual property,
employee records, financial information, credit card data — is considered sensitive by your organization. Security
teams should audit for all locations of that sensitive data on your network, as well as for the locations of copies of that
data that may be accessible to members of your supply chain.
Evaluate risk by vendor: Assess and rank vendors and partners with access to your network—or any who retain
copies of your data—according to their risk to information security. Two helpful templates for this are the annotated
ICT Supply Chain Risk Manageme.
Chapter 9 Health Economics in a Health Policy Context.docxmccormicknadine86
Chapter 9
Health Economics in a Health Policy Context
Chapter OverviewProvides a basic overview of economics and why it is important for health policymakers to be familiar with basic economic conceptsFocuses on:How economists make decisionsSupplyDemandMarkets
*
Economic Decision MakingEconomists believe that people are rational actors who will never purposely choose to make themselves worse off.People seek to maximize utility.Given the scarcity of resources, decisions need to be made about the production, distribution, and consumption of healthcare resources.Consider individual preference and efficiency.
*
Demand
(1 of 2)Demand—the quantity of goods and services that a consumer is willing and able to purchase over a specified timeCommon demand shiftersPrice of the original good, price of a substitute good, and price of a complementary goodIncomeQuality (actual or perceived)
Demand
(2 of 2)Price elasticity of demand—the percentage change in the quantity demanded resulting from a 1% change in priceIf a product is elastic, a change in price will result in an equivalent or greater change in demand.If a product is inelastic, demand for the good is not sensitive to a change in price.
*
Health Insurance and DemandHealth insurance acts as a buffer between the consumer and cost of healthcare goods and services.Goods and services cost the consumer less than the charged price because of the presence of health insurance.Moral hazardBecause a consumer does not pay the full cost of a good, the consumer may purchase more goods than he or she would otherwise purchase without insurance.
*
Supply
(1 of 3)Supply—the amount of goods and services that producers are able and willing to sell at a given price over a given period of time.Common supply shiftersInput costsSale priceNumber of sellersChange in technology
Supply
(2 of 3)Supply elasticity—the percentage change in quantity supplied resulting from a 1% increase in the price (or other variables, such as inputs) of buying the good.If a product is elastic, a change in price (or other variables) will result in an equivalent or greater change in supply.If a product is inelastic, supply of the good is not sensitive to a change in price (or other variables).
*
Supply
(3 of 3)Suppliers are driven to maximize profit.In a competitive market, profit is maximized at the level of output where marginal cost equals price.Equilibrium exists in the market when there is a balance between the quantity supplied and the quantity demanded.
Health Insurance and SupplyThe presence of health insurance may impact a provider’s willingness to supply goods and services.Competing concernsProviders act as patient’s agent and act in patient’s best interest.Providers may have a financial incentive to act or refrain from acting in a certain way due to insurance arrangements or the lack of insurance.Supplier-induced demand is the provider version of moral hazard.Providers create a demand beyond ...
Chapter 9 Health Economics in a Health Policy Context.docxtiffanyd4
Chapter 9
Health Economics in a Health Policy Context
Chapter OverviewProvides a basic overview of economics and why it is important for health policymakers to be familiar with basic economic conceptsFocuses on:How economists make decisionsSupplyDemandMarkets
*
Economic Decision MakingEconomists believe that people are rational actors who will never purposely choose to make themselves worse off.People seek to maximize utility.Given the scarcity of resources, decisions need to be made about the production, distribution, and consumption of healthcare resources.Consider individual preference and efficiency.
*
Demand
(1 of 2)Demand—the quantity of goods and services that a consumer is willing and able to purchase over a specified timeCommon demand shiftersPrice of the original good, price of a substitute good, and price of a complementary goodIncomeQuality (actual or perceived)
Demand
(2 of 2)Price elasticity of demand—the percentage change in the quantity demanded resulting from a 1% change in priceIf a product is elastic, a change in price will result in an equivalent or greater change in demand.If a product is inelastic, demand for the good is not sensitive to a change in price.
*
Health Insurance and DemandHealth insurance acts as a buffer between the consumer and cost of healthcare goods and services.Goods and services cost the consumer less than the charged price because of the presence of health insurance.Moral hazardBecause a consumer does not pay the full cost of a good, the consumer may purchase more goods than he or she would otherwise purchase without insurance.
*
Supply
(1 of 3)Supply—the amount of goods and services that producers are able and willing to sell at a given price over a given period of time.Common supply shiftersInput costsSale priceNumber of sellersChange in technology
Supply
(2 of 3)Supply elasticity—the percentage change in quantity supplied resulting from a 1% increase in the price (or other variables, such as inputs) of buying the good.If a product is elastic, a change in price (or other variables) will result in an equivalent or greater change in supply.If a product is inelastic, supply of the good is not sensitive to a change in price (or other variables).
*
Supply
(3 of 3)Suppliers are driven to maximize profit.In a competitive market, profit is maximized at the level of output where marginal cost equals price.Equilibrium exists in the market when there is a balance between the quantity supplied and the quantity demanded.
Health Insurance and SupplyThe presence of health insurance may impact a provider’s willingness to supply goods and services.Competing concernsProviders act as patient’s agent and act in patient’s best interest.Providers may have a financial incentive to act or refrain from acting in a certain way due to insurance arrangements or the lack of insurance.Supplier-induced demand is the provider version of moral hazard.Providers create a demand beyond .
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEIJNSA Journal
As a result of the increased dependency on obtaining information and connecting each computer together for ease of access/communication, organizations risk being attacked and losing private information through breaches or insecure business activities. To help protect organizations and their assets, companies need to develop a strong understanding of the risks imposed on their company and the security solutions designed to prevent/minimize vulnerabilities. To reduce the impact threats have on a network, organizations need to: design a defense layer system that provides multiple instances of protection to prevent unauthorized access to core information, implement a strong network hardware/intrusion prevention system, and create all-inclusive network/security policies that detail user rules and company rights. In order to enhance the overall security of a basic infrastructure, this paper will provide a detailed look into gathering the organizational requirements, designing and implementing a secure physical network layout, and selecting the standards needed to prevent unauthorized access.
Health IT Summit Beverly Hills 2014 – “A Use Case…Thoughts on How to Leverage your Technology and The Cloud” with Raymond Lowe, Senior Director, Information Technology, Dignity Health
Breaking down the cyber security framework closing critical it security gapsIBM Security
Cyber crime is pervasive and here to stay. Whether you work in the Public Sector, Private Sector, are the CEO for a Fortune 500 Company or trying to sustain a SMB everyone is under attack. This February, President Obama, issued an executive order aimed at protecting critical business and government infrastructure due to the scale and sophistication of IT security threats that have grown at an explosive rate. Organizations and Government agencies have to contend with industrialized attacks, which, in some cases, rival the size and sophistication of the largest legitimate computing efforts. In addition, they also have to guard against a more focused adversary with the resources and capabilities to target highly sensitive information, often through long-term attack campaigns. Many security executives are struggling to answer questions about the most effective approach.
Evalueserve and McAfee conducted this study in 2011 to highlight how IT decision-makers view the challenges of risk and compliance management in a highly regulated and increasingly complex global business environment. The research investigates how organizations address both risk and compliance, which are so inextricably interrelated. Research was aimed to forward looking, revealing companies’ plans for refining and automating their programs in 2011 and beyond. Significant portions of IT budgets is being spent on risk and compliance management and the spending is only expected to grow in the future.
Booz Allen Hamilton’s proven methodologies and deliverables in the areas of assessments, compliance tools, and project execution allow our clients to effectively plan future vulnerability testing programs, remediation schedules, supply chain strategies, and incident response initiatives.
5 Steps to Securing Your Company's Crown JewelsIBM Security
Today's critical business data is under constant threat, which is why enterprises must apply adequate data protection for their data security measures. Companies that fail to make data protection an everyday priority run the risk of losing money, losing business and destroying their reputations.
Similar to Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense (20)
Industrial Technology Trajectory: Running With ScissorsEnergySec
Presenter: Patrick Miller, EnergySec (President Emeritis)
Innovative and disruptive technologies are enhancing and invading our traditional industrial business model. Future infrastructure organizations will need more data to operate efficiently and succeed in the brave new interconnected world. The diversity of new technologies and data will fuel more diversity in business opportunity. Everyone expects more OT, more IOT, and more IT – and all of it is supposed to be highly reliable and secure. These factors (and more) lead to a landscape shift for the industrial cybersecurity risk profile. In this session, hear ways to recognize the problems and gain some clarity on possible solutions through historic lessons, made up words, and practical front-line experience.
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
After a brief introduction by Mr. Humphreys, Henry Bailey will talk a few minutes about SAP’s roadmap for utilities. This will be followed by a discussion led by Chris Humphreys about the evolutionary transition from disparate point solutions to enterprise-wide, end-to-end, Regulation Management where controls are consolidated and leveraged such that compliance is a byproduct of industry best practices. Finally, Mr. Rice and Chris Humphreys will end the hour with a presentation expanding on the concept of controls consolidation and compliance as a byproduct focused on NERC CIP Ver 3-5 and NIST transitional capabilities of Regulation Management.
Industry Reliability and Security Standards Working TogetherEnergySec
It’s never too early to start thinking about where the standards are going and where your program should be heading. This presentation will discuss how energy organizations should consider furthering alignment to NIST 800-53 Rev 4; focusing on security maturity opportunities such as threat management; addressing third parties and vendors and developing processes to help satisfy control-based security objectives.
What the Department of Defense and Energy Sector Can Learn from Each OtherEnergySec
This presentation will discuss how the Department of Defense executes its critical infrastructure protection program, where it intersects with energy sector CIP efforts and what we can learn from each other.
Third Party Security Testing for Advanced Metering Infrastructure ProgramEnergySec
In July 2010, BC Hydro, the electric utility and grid operator of British Columbia began implementation of its AMI program, formally known as the Smart Meter & Infrastructure (SMI) program. The SMI program transformed BC Hydro from a traditional metering utility to a smart metering utility by implementing smart meters on the customer service points. It was the first step in the smart grid transformation.
The SMI program required the introduction of many new devices and applications into BC Hydro’s infrastructure. Some of these had never been deployed before anywhere in the world. Many were field deployed, outside of BC Hydro’s physical security perimeter.
The SMI Security Delivery Team was formed to deliver on these commitments and to take responsibility for the end to end security of the SMI program. The Team implemented a multi-pronged approach to securing SMI including security risk assessments, security penetration testing by the team, design reviews, whole project risk assessments and third party security penetration testing.
A standards based approach was required to ground the test plan both in best practice and in a common set of principles that BC Hydro and its vendors could accept. The Advanced Metering Infrastructure (AMI) Risk Assessment document prepared by the Advanced Metering Infrastructure Security (AMI-SEC) Task Force was used as a basis for the test plan. This document has since been passed to the National Institute of Standards and Technology (NIST) Cyber Security Working Group and was integrated into NIST IR 7628. NIST IR 7628 contains a comprehensive list of possible threats to AMI systems.
The program was highly successful. Test results informed BC Hydro’s deployment decisions and allowed the manufacturers to improve their products. Lessons were learned about how best to conduct third party security testing. A full lessons learned section is included in the presentation.
Beyond Public Private Partnerships: Collaboration, Coordination and Commitmen...EnergySec
The industrial cybersecurity landscape is complex and formed by very different actors (industrial organizations, critical infrastructures, EPC companies, industrial and cybersecurity vendors, consultancy companies, integrators, academia, public bodies and governments), with very different interests and objectives and different maturity levels, even internally in each organization, so there’s no way to go alone in the way of protecting these industrial and critical infrastructures adequately. Interdependencies, multidisciplinary, multiple supply chains and lack of common reference make even more complex the task of advancing in the right way.
Public Private Partnerships (PPP) are recognized as a key aspect on improving Industrial Cybersecurity and Critical Infrastructure Protection, but PPP usually is a formal and structured way of communication and collaboration between organizations, that is not necessary followed by the persons in charge or being part of those organizations.
In this presentation, we are proposing a new concept: C3R, “Collaboration, Coordination and Commitment based Relationships”, as the base for building a global community for protecting our Industrial and Critical Infrastructures and explaining the keys of the success of such an approach.
Mr. Feldman will lead us on a path to help us think about the “Sea Changes” happening in the energy sector from a strategic perspective, implications for the energy companies and cybersecurity from a Board of Directors governance viewpoint. This will include future direction concept that will address suggestions on where Regulators such as NERC should be heading with regard to security and other associated issues to feed your thoughts.
The informative and entertaining discussion is presented by a 26 year military and law enforcement veteran and former federal counterterrorism operative (now working as a state law enforcement agent responsible for critical energy infrastructure protection), and details the emergence of Red Cell activities and Red Teaming as a valuable form of alternative assessment for use in securing the American energy grid. A widely accepted and established practice in military and intelligence circles, Red Teaming is slowly moving into law enforcement and the private sector, and is now being utilized as a key vulnerability and threat assessment tool by state law enforcement agencies, Fortune 500 companies, and national laboratories.
The presentation features actual case studies and explains the key reasons energy producing organizations should utilize Red Teaming, including the avoidance of groupthink, complacency reduction, eliminating information silos, collective sense-making, addressing the correctly balanced approach to high impact/low frequency (5 sigma) events, and the integration of CIP compliance into a realistic physical security posture.
The brief outline details the key questions answered by Red Cell exercises: What do our adversaries want, how will they try to meet their goals, and how do we most effectively stop them? Attendees will become familiar with the basic techniques utilized in Red Teaming, including interdisciplinary teams, structured analysis, and physical exercises/penetration testing. Finally, the presentation provides a brief after-action report detailing the Red Cell Exercise conducted by the SC Public Service Authority in November 2013. That exercise addressed dam/dike sabotage, criminal targeting, executive safety, terrorism (domestic and transnational), insider threats, physical attacks on energy grid infrastructure, and workplace violence.
Open Platform for ICS Cybersecurity Research and EducationEnergySec
The CybatiWorks open platform serves as an educational environment for cyber-physical systems. The living laboratory platform uses low cost I/O, embedded devices, virtual machines and authentic automation protocols for participant cybersecurity education. The platform incorporates the Raspberry PI, PiFace I/O, Elenco Snap-Circuits, Fischertechnik components and an ICS-ified Kali Linux called CybatiWorks-1 to allow participants to build, break and cybersecure small control environments. CYBATI has performed years of research to develop this platform and is making it available for early access, school sponsorship and integrated education via the Kickstarter project announced during the session.
CIP-014-1: Next Steps from an Auditor’s PerspectiveEnergySec
A walk-through by an experienced security practitioner with years of relevant industry experience in physical security, compliance, and NERC CIP auditing on how to identify and protect Transmission stations and Transmission substations in accordance with NERC CIP-0014-1. This session will aid you in preparing for the assessment and evaluation process of the potential threats and vulnerabilities of a physical attack. This course is perfect for both professionals involved with NERC CIP physical security and compliance personnel seeking to gain an understanding of the new physical security standard and how to avoid potential pitfalls.
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
In May, 2014 the US Department of Homeland Security and its Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, issued a report confirming several recent attacks on public utilities from the first quarter of 2014. DHS confirmed that a sophisticated threat actor gained unauthorized access to an unnamed public utility’s control system network.
Incidents of this type haven’t been as widely publicized as recent retail breaches, but it is believed by many that there are far more incidents occurring within the Energy Sector than are heard about in the press. Lack of enforced and implemented policy and compliance, poor capability for early detection of threat indicators, and lack of visibility and automation may all be contributing to failure in rapidly detecting attacks and breaches.
Essential Power™ (formerly known as North American Energy Alliance) is a wholesale power generator and marketer providing electric energy and located in the North Eastern United States. Essential Power will share a case study on its own journey towards achieving NERC CIP compliance within a very short five-month timeline, and how they did it.
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
This presentation will review lessons learned from a deployment of behavior-based intrusion detection system (IDS) on a SCADA network that was part of a large-scale energy management system. The IDS architecture, sensor features, and sensor placement within the target SCADA environment proved to be key for successful detection of malicious activity. Challenges included simultaneous monitoring of multiple SCADA protocols (DNP3 and ICCP) across multiple network segments; monitoring of both encrypted and unencrypted network traffic; adapting to slow environment changes to minimize false positive output; and integration of the behavior-based IDS output into an existing monitoring system/SIEM
What to Do When You Don’t Know What to Do: Control System Patching Problems a...EnergySec
FoxGuard Solutions has encountered and resolved a wide variety of problems in our monthly work of patching control systems for our OEM clients and hundreds of power utility sites. In this presentation, we will cover a list of problems you might encounter and some real-world strategies that we have helped our clients implement to deal with them.
Event Correlation Applications for UtilitiesEnergySec
Today, there is a flood of data pouring into Utilities. From AMI data coming into MDM systems to trading system data, to grid management data, this sea of information makes it easy to lose sight of threats to the core business. Combining this with the additional threat intelligence information necessary to protect your business and the scope of the data problem can quickly become overwhelming. Learn how utility customers are applying event correlation to their AMI events, threat intelligence feeds, and Customer Service System events to protect against security threats, while improving business operations, and reducing costs. Additionally, learn about the fascinating future plans that utility customers have for event correlation such as:
Pushing physical security event correlation beyond meter tampering and into video camera control and integration
Correlating micro-earthquake data with meter tilt tamper events to eliminate false positive security alerts
Measuring voltages across meters and the associated transformer to identify theft and meter tampering
It’s an exciting time of transformation in the Utilities industry and event correlation can help drive efficiency, visibility, and security in your business.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
1. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information.
A Holistic Approach for Reimagining Cyber Defense
23 February 2016
2. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Introduction
The Approach
• Know
• Protect
• Respond
• Mature
Sector Study- The Electric Utility Sector
Agenda
2
3. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Mission
Booz Allen Hamilton partners with clients to solve their most important and complex problems,
making their mission our mission and delivering results that endure
What We Bring
Expertise, objectivity, and the capabilities of exceptional people —combined with the
institutional experience of helping clients succeed for 100 years
What Distinguishes Us
Booz Allen combines a consultant’s unique problem-solving orientation with deep technical
knowledge and strong execution to help clients achieve success in their critical missions
The Firm
Annual Revenue — $4 billion
Public corporation
Founded in 1914
Scale and Scope
Over 24,000 talented people, serving
clients from more than 80 offices
Approx. 300 staff in Hawaii
Office in Honolulu for over 20 years
Booz Allen Hamilton is a leading strategy & technology
consulting firm and solutions provider
4. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Asset Management- Realizing tailored asset management systems
that enable proper classification, tracking, protection, configuration,
and usage of those assets.
Situational Awareness- Establishing real-time visibility into your
cyber ecosystem, providing insights into activities that impact your
unique environment.
Threat Intelligence- Providing clear insights on current and
emerging threat activity in order to drive more informed and precise
decision making.
Vulnerability Management- Identifying, quantifying, and prioritizing
the vulnerabilities in systems, networks, processes, or applications,
and developing plans for intelligently reducing vulnerability.
Know- Understand your business and the cyber risk within
it
4
5. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Specific alerts and warnings relevant to the client are more
valuable than generic reports of vulnerabilities
5
Cyber4Sight- Booz Allen developed the line of Cyber4Sight® to provide cyber
threat alerting and warning services, on-call intelligence analysis, and deep web
intelligence that warn our clients of threats in near real-time.
Insider4Sight- Rogue internal employees fly under the radar of organizations that
use network audit tools to prevent outside threats. I4S was created to identify
insider threats using advanced detection and analytical tools.
Global4Sight- Our line of threat and competitive intelligence Global4Sight™
products combine open-source cloud architecture with social media research and
intelligence analysis to give clients key information on global threats and global
market opportunities.
6. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Application Security- Developing and deploying software assurance processes,
controls, and countermeasures to secure software applications throughout the product
lifecycle--from design to maintenance.
Identity & Access Management- Enabling program design support and deployment
of solutions to assure that information is derived from a trusted source and is only
available to authorized entities.
Information Protection- Cross-disciplinary solutions to protect sensitive information
from unauthorized access, use, disclosure, disruption, modification, recording, and
destruction.
Infrastructure & Mobile Security- Providing a stable and resilient baseline
infrastructure, along with a flexible and secure mobile platform that meets mission and
business needs.
Supplier Security Management- Applying industry-leading, vendor-agnostic
solutions to carefully identify, prioritize, and manage risk in your supply chain and
across your supplier community.
Protect- Secure your organization, operations, products,
and services
6
7. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Continuous Monitoring can help Compliance and Network
Management/Defense needs across the Enterprise.
7
8. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Incident Response- Support to assess incidents,
mitigate the issue, determine the extent of exposure, and
manage communications.
Postmortem Analysis- Analysis of security incidents to
support investigations, document lessons learned, and
improve the overall incident response process.
Remediation- Development and implementation of
targeted action plans for short-term incident containment
and longer-term ecosystem resilience.
Respond- Triage, respond, and learn from cyber incidents
8
9. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Automated First Responder (AFR) – arms analysts with a
proven tool to identify and eradicate APTs
APT-specific suite of tools that can rapidly identify
APTs and their malicious code
Software Distribution
Server
Collection
Server
Enterprise
Workstations/Servers
Standalone Analysis
Environment
Processing
Server
Analyst
1
2
3
4 5
9
Analyst
10. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Awareness- Development and deployment of tailored and impactful training content
to ensure organization-wide awareness and adoption of cyber security priorities.
Governance- Establishment of environment-specific cyber strategy, policies, and
procedures, along with impactful organizational designs and operating models.
Human Capital Development- Fostering and maintaining a secure cyber
environment via attracting, developing, and retaining a high-performing cyber
workforce.
Information Risk Management- Design and delivery of processes and tools for
methodically identifying, analyzing, prioritizing, responding to, and monitoring cyber
risks.
Organizational Change Management- Holistically managing the transition of
business processes, technologies, and cultures from a current state to a desired
target state.
Mature- Build and manage a world-class cyber program and
workforce.
10
11. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Effective governance requires a comprehensive and
detailed strategy backed by clear and effective policies
11
Functional and
enabling controls
Functional controls are more technical/operational in nature (e.g., application security,
vulnerability assessment), while enabling controls pertain to governance, risk management, and
other organizational functions that support (i.e., enable) the technical operations
Appropriate Level
Views- high and
low
Logically organized objectives and measures that are used to pinpoint and evaluate specific
aspects of your security program
Address all
dimensions
People, process, and technology dimensions – Multifaceted views that let you evaluate each
control area in its key component parts
Maturity Spectrum A maturity spectrum of granular and measureable details – A clear scale of maturity, defined by
characteristics and indicators to accurately assess your level of maturity
Best Practices A foundation grounded in established best practices – Developed from best practices across
industry, government, and academia.
12. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Current state of the industry
Where it is going
Implications
Case Study- The electric utility industry
12
13. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
All investor and privately held utilities are regulated by state
regulatory commissions and federal agencies
Why Regulated?
Utilities are “natural monopolies”
• Major scale economies on distribution
• Generation not a “natural monopoly”
• Retail not a “natural monopoly” although significant scale economies apply
Utilities provide a public “good”
• Integral to function of society and economy
• Safety and reliability issues
State Utility
Commissions
DOE,
NERC, DOT,
et. al.
FERC
Rates and Services
Service Complaints
Reliability
Service Territory
Expansions /
Investments
Ownership
Reporting
Ownership
Reliability
Access
Reporting
Reliability
Safety
14. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
An electric transaction in a market with a single buyer and
competitive generation
Utility
Transmission
Residential
Customers
Commercial
Customers
Industrial
Customers
Utility Buyer
Utility Generation
Distribution
Independent
Generation
Independent
Generation
Examples: Georgia, Alabama
15. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
An electric transaction in a market with wholesale /
industrial competition
Utility
Transmission
Distribution
Regulated Utility
Generation
Independent
Generation
Independent
Generation
Wholesale
Marketers
System
Operations
Residential
Customers
Small
Commercial
Customers
Industrial
Customers
Large
Commercial
Customers
Generation
Coordinator
Examples: New York, California
16. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Due to regulation, utilities have limited options for making
and spending money
Utilities’ profit is almost always best on a regulated rate
of return on capital investment
Operations and Maintenance (including fuel for those
that generate) is usually a pass through, but must be
justified before the regulators (PUS/PSC)
Reliability is their key metric
• Used to justify new capital investments
• Poor reliability gets a lot of negative attention from
customers and politicians
• Regulators respond to this negative attention
17. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Historically, severe weather accounts for the majority of grid
reliability issues, but physical attacks are a growing concern
Major Grid Disturbances
0
20
40
60
80
100
120
140
160
2003 2004 2005 2006 2007 2008 2014
Weather Equipment Control Systems Human Error Load Shedding Other
Number
Of
Incidents
Source: EIA, BAH Analysis
18. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Compliance Example- DTE Cyber Program Development
18
Detroit Edison (DTE)
Cyber Security Program Assessment and Gap Analysis, Procedure Development
Client
Challenge
Detroit Edison (DTE) sought an outside perspective on their position relative to key
milestone requirements for implementation of NEI 08-09, and support to create a
compliance roadmap including resource estimates to meet required deadlines.
Booz Allen
Solution
To support DTE, Booz Allen:
Reviewed existing DTE procedures against the requirements of NEI 08-09
Formulated recommendations to address compliance gaps
Helped to quantify the LOE required for CDA Assessments, Critical System and
CDA identification and documentation, and sustaining program support (excluding
remediation required from initial assessments)
Assessed DTE’s level of compliance with 2012 milestones, and made
recommendations to re-deploy labor to meet this year’s deadlines in the area of
Critical System/CDA identification and documentation
Initiated effort to support development of the set of additional needed required
procedures
Results DTE implemented recommendations for labor re-direction and is on track to meet all
2012 milestones. Procedures are currently under development to allow full compliance
within the required timeline.
19. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
Because of these reasons cyber security has been only a
compliance issue, but things are changing
20. This document contains Booz Allen Hamilton, Inc. Proprietary and Confidential Business Information. .
As the grid transforms it will become more dependent upon
“smart” technology- increasing the need for cyber security
20