SlideShare a Scribd company logo

Helping Utilities with Cybersecurity Preparedness: The C2M2

Smart Grid Interoperability Panel
Smart Grid Interoperability Panel

The document summarizes a presentation about helping utilities prepare for cybersecurity. It discusses the Cybersecurity Capability Maturity Model (C2M2) developed by the Department of Energy (DOE) to help organizations assess their cybersecurity practices. The C2M2 uses a maturity model approach with 10 domains and 4 maturity levels to evaluate an organization's cybersecurity capabilities. It also discusses how the C2M2 can be used to support implementation of the National Institute of Standards and Technology's Cybersecurity Framework.

Technology
1 of 29
Download to read offline
Accelerating Grid Modernization More information available on SGIP.org Helping Utilities with Cybersecurity Preparedness: The C2M2 April 23, 2015
Accelerating Grid Modernization More information available on SGIP.org WELCOME Victoria Yan Pillitteri, National Institute of Standards & Technology (NIST) Smart Grid Cybersecurity Committee Chair April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org Advancing grid modernization through standards innovation, gap filling, interface definitions, and the creation of test frameworks. Multi-stakeholder community with tight coupling to Standards Setting Organizations (SSOs). Disciplined, time-tested processes. Accelerating Smart Grid Interoperability The Smart Grid Interoperability Panel (SGIP) is a consortium that securely accelerates and advances Grid Modernization through interoperability and the leadership talents of its members. SGIP prioritizes topics and issues set by the utilities, independent power producers and industry members to solution and drives innovation of Grid Modernization. April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org Agenda • Welcome – Vicky Pillitteri, SGIP • Main Presentation – Jason D. Christopher, DOE • Questions & Answers • SGIP Cybersecurity Update – Vicky Pillitteri • Closing Reminders – Vicky Pillitteri This meeting, and all SGIP activities, are governed by SGIP By-laws and policies - Intellectual Property Rights Policy and Antitrust Policy. April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org CYBERSECURITY CAPABILITY MATURITY MODEL UPDATE Jason D. Christopher US Department of Energy April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org Defining Security 6 April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org Aligning DOE Activities 7 Build a Culture of Security Training Education Improved communication within industry Assess and Monitor Risk Electricity Subsector Cybersecurity Capability Maturity Model Situational Awareness Tools Common Vulnerability Analysis Threat Assessments Consequence Assessments Develop and Implement New Protective Measures to Reduce Risk Support Cybersecurity Standards Development Near-term Industry-led R&D projects Mid-term Laboratory Academia R&D projects Long-term Laboratory Academia R&D projects Manage Incidents NSTB (National SCADA Test Bed) Outreach Cyber Exercises Sustain Security Improvements Product upgrades to address evolving threats Collaboration among all stakeholders to identify needs and implement solutions April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org Introduction to the C2M2 Program • Since June 2012, hundreds of organizations have used the C2M2. • DOE has facilitated self- evaluations for utilities servicing an estimated 39 million US consumers. • Recently expanded to include oil & natural gas organizations, as well as stakeholders beyond the energy sector 8 April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org C2M2 Program 9 ES-C2M2  Public-private collaborative effort  Sector specific subject matter expertise  Pilot evaluations ONG-C2M2  Tested and refined for ONG through ONG pilot evaluations across upstream, midstream, and downstream ONG companies. C2M2  Without sector-specific references or terms of art  Refined through the ONG pilots, and also via cross- sector outreach April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org The Approach: Maturity Model 10 Maturity Model Definition: • An organized way to convey a path of experience, wisdom, perfection, or acculturation. • The subject of a maturity model can be an object or things, ways of doing something, characteristics of something, practices, or processes. April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org Progression Model Examples 11 Progression for Counting Computer Calculator Adding machine Slide rule Abacus Pencil and paper Fingers Progression for Authentication Three-factor authentication Two-factor authentication Passwords change every 60 days Strong passwords Passwords Progression for Human Mobility Fly Sprint Run Jog Walk Crawl April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org Capability Model Examples 12 Example 1 Practices are optimized Practices are quantitatively managed Practices are defined Practices are managed Practices are ad hoc Example 3 Practices are shared Practices are defined Practices are measured Practices are managed Practices are planned Practices are performed but ad hoc Practices are incomplete Example 2 Practices are externally integrated Practices are internally integrated Practices are managed Practices are performed Practices are initiated April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org C2M2 Domain Descriptions RM: Risk Management Establish, operate, and maintain an enterprise cybersecurity risk management program to identify, analyze, and mitigate cybersecurity risk ACM: Asset, Change, and Configuration Management Inventory, manage changes to, and manage configuration of technology assets, including OT (operations technology), IT (information technology), hardware, and software IAM: Identity and Access Management Create and manage identities for entities that may be granted logical or physical access to assets and control such access TVM: Threat and Vulnerability Management Establish and maintain plans, procedures, and technologies to detect, identify, analyze, manage, and respond to cybersecurity threats and vulnerabilities SA: Situational Awareness Establish and maintain activities and technologies to collect, analyze, alarm, present, and use operational and cybersecurity information to form a common operating picture (COP) ISC: Information Sharing and Communications Establish and maintain relationships with internal and external entities to collect and provide cybersecurity information, including threats and vulnerabilities, to reduce risks and to increase operational resilience IR: Event and Incident Response, Continuity of Operations Establish and maintain plans, procedures, and technologies to detect, analyze, and respond to cybersecurity events and to sustain operations throughout such events EDM: Supply Chain and External Dependencies Management Establish and maintain controls to manage the cybersecurity risks associated with services and assets that are dependent on external entities WM: Workforce Management Establish and maintain plans, procedures, technologies, and controls to create a culture of cybersecurity and to ensure the ongoing suitability and competence of personnel CPM: Cybersecurity Program Management Establish and maintain an enterprise cybersecurity program that provides governance, strategic planning, and sponsorship for cybersecurity activities April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org C2M2 Model Architecture CPM CybersecurityProgram Management WM WorkforceManagement EDM SupplyChainandExternal DependenciesManagement IR EventandIncidentResponse, ContinuityofOperations ISC InformationSharingand Communications SA SituationalAwareness TVM ThreatandVulnerability Management IAM IdentityandAccess Management ACM Asset,Change,and ConfigurationManagement RM RiskManagement 10 Model Domains: logical groupings of cyber security practices — activities that protect operations from cyber-related disruptions MIL 3 (advanced) MIL 2 (intermediate) MIL 1 (beginning) MIL 0 4MaturityIndicatorLevels MIL 1 practices MIL 2 practices MIL 3 practices No practices Each domain includes a progression of practices from MIL 1 to MIL 3 MIL 2 & 3 practices are progressively more complete, advanced, and ingrained; target levels should be set for each domain based on risk tolerance and threat environment MIL 1 practices are basic activities that any organization may perform; these are the starting blocks April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org Organization of a Domain 15 Model One or more per domain, unique to each domain Approach objectives are supported by a progression of practices that are unique to the domain Practices at MIL1 Practices at MIL2 Practices at MIL3 Approach Objectives Domain One per domain, similar in each domain Each management objective is supported by a progression of practices that are similar in each domain and describe institutionalization activities Management Objective Practices at MIL2 Practices at MIL3 Model contains 10 domains April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org C2M2 Evaluation Tool & Method • Since the program’s inception, DOE has maintained a free tool for organizations to perform a C2M2 self-evaluation • C2M2 self-evaluation workshops can be completed in a single day with appropriately limited scope • Output graphically summarizes implementation status for each of the 312 practices in the model 16 Summary Results — exampleDonut chart key Number of Largely Implemented practices Total number of practices represented by the donut Number of Partially Implemented practices Number of Not- Implemented practices Number of Fully Implemented practices April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org NIST Cybersecurity Framework & C2M2 17 Executive Order 13636 Improving Critical Infrastructure Cybersecurity Section 8(b) “Sector-Specific Agencies, in consultation with the Secretary and other interested agencies, shall coordinate with the Sector Coordinating Councils to review the Cybersecurity Framework and, if necessary, develop implementation guidance or supplemental materials to address sector- specific risks and operating environments.” • Working stakeholders from the sector, DOE collaborated to develop an implementation guidance document addressing how C2M2 supports framework implementation. • Available for download at: http://energy.gov/oe/downloads/energy-sector- cybersecurity-framework-implementation-guidance April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org NIST Cybersecurity Framework Core Tiers Profile Functions Categories Subcategories Informative References IDENTIFY PROTECT DETECT RESPOND RECOVER Tier 1: Partial Ad hoc risk management Limited cybersecurity risk awareness Low external participation Tier 2: Risk Informed Some risk management practices Increased awareness, no program Informal external participation Tier 3: Repeatable Formalized risk management Organization-wide program Receives external partner info Tier 4: Adaptive Adaptive risk management practices Cultural, risk-informed program Actively shares information Current Profile Current state of alignment between Core elements and organizational requirements, risk tolerance, & resources. Where am I today relative to the Framework? Target Profile Desired state of alignment between Core elements and organizational requirements, risk tolerance, & resources. Where do I aspire to be relative to the Framework? Roadmap April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org Framework Process 19 Step 1: Prioritize and Scope Step 2: Orient Step 3: Create a Current Profile Step 4: Conduct a Risk Assessment Step 5: Create a Target Profile Step 6: Determine, Analyze, and Prioritize Gaps Step 7: Implement Action Plan April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org C2M2 as a Framework Enabler C2M2 Output Step 1: Prioritize and Scope Step 2: Orient Step 3: Create a Current Profile Step 4: Conduct a Risk Assessment Step 5: Create a Target Profile Step 6: Determine, Analyze, and Prioritize Gaps Step 7: Implement Action Plan Select in-scope assets and requirements Perform C2M2 self-evaluation using C2M2 tool Evaluate risk based on C2M2 output Create target profile based on C2M2 Prioritize action plan to achieve target profile Implement the plan, use CSF & C2M2 guidance Source: Axio Global April 23, 2015 Helping Utilities with Cybersecurity Preparedness 20
Accelerating Grid Modernization More information available on SGIP.org C2M2 Mapping to CSF CSF Core CSF Tiers Functions Categories Subcategories Informative References IDENTIFY PROTECT DETECT RESPOND RECOVER CSF Tiers Tier 1: Partial Tier 2: Risk Informed Tier 3: Repeatable Tier 4: Adaptive C2M2 Practices MIL1 MIL2 MIL3 C2M2 C2M2 C2M2 Practices MIL1 MIL2 MIL3 April 23, 2015 Helping Utilities with Cybersecurity Preparedness 21
Accelerating Grid Modernization More information available on SGIP.org Defining Security 22 April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org Resources • Cybersecurity Framework and supporting materials: http://www.nist.gov/itl/cyberframework.cfm • NIST Computer Security Resource Center: http://csrc.nist.gov/ • C3 Voluntary Program: www.dhs.gov/ccubedvp • C2M2 Program: http://energy.gov/oe/cybersecurity-capability- maturity-model-c2m2-program 23 April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org QUESTIONS? Jason D. Christopher, jason.christopher@doe.gov Resource emails: C2M2@doe.gov; cyber.framework@doe.gov April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org SGCC UPDATE Victoria Yan Pillitteri, National Institute of Standards & Technology (NIST) Smart Grid Cybersecurity Committee Chair April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org Cybersecurity Committee The SGIP Cybersecurity Committee is collaborative forum that develops resources that smart grid stakeholders can leverage to help understand and manage cybersecurity risk. April 23, 2015 Helping Utilities with Cybersecurity Preparedness Cybersecurity is a critical, cross-cutting issue for the Smart Grid
Accelerating Grid Modernization More information available on SGIP.org 2015 Progress • Cybersecurity Frameworks Case Study • Privacy Awareness Self-Assessment • Published: – Risk Management Process Case Study • Continue: – Collaboration with other smart grid and energy sector communities/groups – Cybersecurity reviews for SGIP Catalog of Standards To learn more contact: victoria.pillitteri@nist.gov April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org SGIP Reminders • May 12: Engaged in Conversation: Grid 3.0 – Register at SGIP.org/Webinars • Past webinars and publications available on SGIP.org under “Information Knowledge Base” • Stay in Touch – Twitter: @SGIPNews – Join our LinkedIn Group – Sign up for SGIP Newsletter, The Conductor April 23, 2015 Helping Utilities with Cybersecurity Preparedness
Accelerating Grid Modernization More information available on SGIP.org THANK YOU FOR YOUR PARTICIPATION A FOLLOW-UP EMAIL WILL BE SENT WITH LINK TO RECORDING AND SUPPORTING MATERIALS April 23, 2015 Helping Utilities with Cybersecurity Preparedness

Recommended

Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
Digital Bond
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)
Maganathin Veeraragaloo
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
NIST CSF Overview
NIST CSF OverviewNIST CSF Overview
NIST CSF Overview
Priyanka Aash
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
SlideTeam
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organization
Exigent Technologies LLC
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 

Recommended

Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
Digital Bond
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)
Maganathin Veeraragaloo
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
NIST CSF Overview
NIST CSF OverviewNIST CSF Overview
NIST CSF Overview
Priyanka Aash
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
SlideTeam
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organization
Exigent Technologies LLC
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
Priyanka Aash
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
PECB
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
PECB
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
Kumar Gaurav
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
Kris Kimmerle
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
Yokogawa1
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
Bryan Len
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
PECB
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
PECB
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
Pranav Shah
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
Mark Arena
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
Ralf Braga
 
Building a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfBuilding a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdf
TapOffice
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
Naresh Rao
 
Securing Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSecuring Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy Sector
Smart Grid Interoperability Panel
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesJorge Sebastiao
 

More Related Content

What's hot

The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
Priyanka Aash
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
PECB
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
PECB
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
Kumar Gaurav
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
Kris Kimmerle
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
Yokogawa1
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
Bryan Len
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
PECB
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
PECB
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
Pranav Shah
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
Mark Arena
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
Ralf Braga
 
Building a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfBuilding a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdf
TapOffice
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
Naresh Rao
 

What's hot (20)

The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
 
Cyber Threat Simulation Training
Cyber Threat Simulation TrainingCyber Threat Simulation Training
Cyber Threat Simulation Training
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
Building a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfBuilding a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdf
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 

Viewers also liked

Securing Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSecuring Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy Sector
Smart Grid Interoperability Panel
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesJorge Sebastiao
 
Presentation gdpr ahti
Presentation gdpr ahtiPresentation gdpr ahti
Presentation gdpr ahti
Sofie van der Meulen
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
Tuan Phan
 
Cloud Security y en donde esta el piloto
Cloud Security y en donde esta el pilotoCloud Security y en donde esta el piloto
Cloud Security y en donde esta el piloto
CSA Argentina
 
Managed Security Service and Cloud Solutions
Managed Security Service and Cloud SolutionsManaged Security Service and Cloud Solutions
Managed Security Service and Cloud SolutionsTony Zirnoon, CISSP
 
CIS13: How IAM Improved Sallie Mae's Compliance and Risk Posture
CIS13: How IAM Improved Sallie Mae's Compliance and Risk PostureCIS13: How IAM Improved Sallie Mae's Compliance and Risk Posture
CIS13: How IAM Improved Sallie Mae's Compliance and Risk Posture
CloudIDSummit
 
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
Kenneth de Brucq
 
Uk french national id card presentation
Uk french national id card presentationUk french national id card presentation
Uk french national id card presentationSaiful Chowdhury
 
Workshop on Identity & Access Management.
Workshop on Identity & Access Management.Workshop on Identity & Access Management.
Workshop on Identity & Access Management.
cisoplatform
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare Providers
Andrew Ames
 
Identity Management: Tools, processes & services
Identity Management: Tools, processes & servicesIdentity Management: Tools, processes & services
Identity Management: Tools, processes & services
JISC Netskills
 
Identity and Entitlement Management Concepts
Identity and Entitlement Management Concepts Identity and Entitlement Management Concepts
Identity and Entitlement Management Concepts WSO2
 
Landscape of Web Identity Management
Landscape of Web Identity ManagementLandscape of Web Identity Management
Landscape of Web Identity ManagementFraunhofer AISEC
 
Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018
Corporacion Colombia Digital
 
CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in Action
CloudIDSummit
 

Viewers also liked (16)

Securing Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSecuring Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy Sector
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed Services
 
Presentation gdpr ahti
Presentation gdpr ahtiPresentation gdpr ahti
Presentation gdpr ahti
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
Cloud Security y en donde esta el piloto
Cloud Security y en donde esta el pilotoCloud Security y en donde esta el piloto
Cloud Security y en donde esta el piloto
 
Managed Security Service and Cloud Solutions
Managed Security Service and Cloud SolutionsManaged Security Service and Cloud Solutions
Managed Security Service and Cloud Solutions
 
CIS13: How IAM Improved Sallie Mae's Compliance and Risk Posture
CIS13: How IAM Improved Sallie Mae's Compliance and Risk PostureCIS13: How IAM Improved Sallie Mae's Compliance and Risk Posture
CIS13: How IAM Improved Sallie Mae's Compliance and Risk Posture
 
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
Dell Solutions Tour 2015 - Security in the cloud, Ramses Gallego, Security St...
 
Uk french national id card presentation
Uk french national id card presentationUk french national id card presentation
Uk french national id card presentation
 
Workshop on Identity & Access Management.
Workshop on Identity & Access Management.Workshop on Identity & Access Management.
Workshop on Identity & Access Management.
 
Identity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare ProvidersIdentity Management: Front and Center for Healthcare Providers
Identity Management: Front and Center for Healthcare Providers
 
Identity Management: Tools, processes & services
Identity Management: Tools, processes & servicesIdentity Management: Tools, processes & services
Identity Management: Tools, processes & services
 
Identity and Entitlement Management Concepts
Identity and Entitlement Management Concepts Identity and Entitlement Management Concepts
Identity and Entitlement Management Concepts
 
Landscape of Web Identity Management
Landscape of Web Identity ManagementLandscape of Web Identity Management
Landscape of Web Identity Management
 
Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018
 
CIS14: PingAccess in Action
CIS14: PingAccess in ActionCIS14: PingAccess in Action
CIS14: PingAccess in Action
 

Similar to Helping Utilities with Cybersecurity Preparedness: The C2M2

Opening Keynote - Cybersecurity Summit 2018
Opening Keynote - Cybersecurity Summit 2018Opening Keynote - Cybersecurity Summit 2018
Opening Keynote - Cybersecurity Summit 2018
aztechcouncil
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
GoogleNewsSubmit
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security Framework
Norbi Hegedus
 
The Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital Transformation
NUS-ISS
 
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityCybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Leonardo ENERGY
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
Eryk Budi Pratama
 
Management Structures for IT Security
Management Structures for IT SecurityManagement Structures for IT Security
Management Structures for IT Security
zohraz
 
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati
 
NIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric UtilitiesNIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric Utilities
Dr Dev Kambhampati
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
Nirmal Thaliyil
 
Power Plants Security Webinar Presentation
Power Plants Security Webinar PresentationPower Plants Security Webinar Presentation
Power Plants Security Webinar Presentation
Certrec
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...
Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...
Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...
Power System Operation
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance
EnergyTech2015
 
Network Monitoring Market.pdf
Network Monitoring Market.pdfNetwork Monitoring Market.pdf
Network Monitoring Market.pdf
pavanjanawade1
 
Project Topics on Network Security
Project Topics on Network SecurityProject Topics on Network Security
Project Topics on Network Security
Phdtopiccom
 
Cybersecurity Application Installation with no Shutdown Required webinar Slides
Cybersecurity Application Installation with no Shutdown Required webinar SlidesCybersecurity Application Installation with no Shutdown Required webinar Slides
Cybersecurity Application Installation with no Shutdown Required webinar Slides
Yokogawa1
 
Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity
European Services Institute
 
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
TI Safe
 
Comparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment ToolsComparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment Tools
IRJET Journal
 

Similar to Helping Utilities with Cybersecurity Preparedness: The C2M2 (20)

Opening Keynote - Cybersecurity Summit 2018
Opening Keynote - Cybersecurity Summit 2018Opening Keynote - Cybersecurity Summit 2018
Opening Keynote - Cybersecurity Summit 2018
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security Framework
 
The Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital Transformation
 
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityCybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
Management Structures for IT Security
Management Structures for IT SecurityManagement Structures for IT Security
Management Structures for IT Security
 
Dr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational AwarenessDr Dev Kambhampati | Electric Utilities Situational Awareness
Dr Dev Kambhampati | Electric Utilities Situational Awareness
 
NIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric UtilitiesNIST Guide- Situational Awareness for Electric Utilities
NIST Guide- Situational Awareness for Electric Utilities
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
 
Power Plants Security Webinar Presentation
Power Plants Security Webinar PresentationPower Plants Security Webinar Presentation
Power Plants Security Webinar Presentation
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...
Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...
Next Generation Scada Developing Advanced Security Monitoring & Threat Detect...
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance
 
Network Monitoring Market.pdf
Network Monitoring Market.pdfNetwork Monitoring Market.pdf
Network Monitoring Market.pdf
 
Project Topics on Network Security
Project Topics on Network SecurityProject Topics on Network Security
Project Topics on Network Security
 
Cybersecurity Application Installation with no Shutdown Required webinar Slides
Cybersecurity Application Installation with no Shutdown Required webinar SlidesCybersecurity Application Installation with no Shutdown Required webinar Slides
Cybersecurity Application Installation with no Shutdown Required webinar Slides
 
Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity
 
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
CLASS 2018 - Palestra de Julio Oliveira (Gerente de Tecnologia, Power Grids G...
 
Comparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment ToolsComparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment Tools
 

More from Smart Grid Interoperability Panel

Overview of SGIP Member Ameren Illinois' Smart Grid Test Bed
Overview of SGIP Member Ameren Illinois' Smart Grid Test BedOverview of SGIP Member Ameren Illinois' Smart Grid Test Bed
Overview of SGIP Member Ameren Illinois' Smart Grid Test Bed
Smart Grid Interoperability Panel
 
Transactive Energy Webinar
Transactive Energy WebinarTransactive Energy Webinar
Transactive Energy Webinar
Smart Grid Interoperability Panel
 
SGIP May 22 Webinar "Getting to Truly Interoperable Power Grid Solutions: A U...
SGIP May 22 Webinar "Getting to Truly Interoperable Power Grid Solutions: A U...SGIP May 22 Webinar "Getting to Truly Interoperable Power Grid Solutions: A U...
SGIP May 22 Webinar "Getting to Truly Interoperable Power Grid Solutions: A U...
Smart Grid Interoperability Panel
 
SGIP Sri 2014-keynote Reducing Cost and Risk in the Interoperable Smart Grid
SGIP Sri 2014-keynote Reducing Cost and Risk in the Interoperable Smart GridSGIP Sri 2014-keynote Reducing Cost and Risk in the Interoperable Smart Grid
SGIP Sri 2014-keynote Reducing Cost and Risk in the Interoperable Smart Grid
Smart Grid Interoperability Panel
 
SGIP Webinar “Regulatory Commission Members Discuss How SGIP Helps Shape Sm...
SGIP Webinar “Regulatory Commission Members Discuss How SGIP Helps Shape Sm...SGIP Webinar “Regulatory Commission Members Discuss How SGIP Helps Shape Sm...
SGIP Webinar “Regulatory Commission Members Discuss How SGIP Helps Shape Sm...
Smart Grid Interoperability Panel
 
Smart Grid Interoperablity December Emeeting 20131212 final
Smart Grid Interoperablity December Emeeting 20131212 finalSmart Grid Interoperablity December Emeeting 20131212 final
Smart Grid Interoperablity December Emeeting 20131212 final
Smart Grid Interoperability Panel
 
"How Today's Power Grid Implementation Choices Impact Future Smart Grid Deplo...
"How Today's Power Grid Implementation Choices Impact Future Smart Grid Deplo..."How Today's Power Grid Implementation Choices Impact Future Smart Grid Deplo...
"How Today's Power Grid Implementation Choices Impact Future Smart Grid Deplo...
Smart Grid Interoperability Panel
 
SGIP August 15, 2013 eMeeting - State of the Union
SGIP August 15, 2013 eMeeting - State of the UnionSGIP August 15, 2013 eMeeting - State of the Union
SGIP August 15, 2013 eMeeting - State of the Union
Smart Grid Interoperability Panel
 

More from Smart Grid Interoperability Panel (8)

Overview of SGIP Member Ameren Illinois' Smart Grid Test Bed
Overview of SGIP Member Ameren Illinois' Smart Grid Test BedOverview of SGIP Member Ameren Illinois' Smart Grid Test Bed
Overview of SGIP Member Ameren Illinois' Smart Grid Test Bed
 
Transactive Energy Webinar
Transactive Energy WebinarTransactive Energy Webinar
Transactive Energy Webinar
 
SGIP May 22 Webinar "Getting to Truly Interoperable Power Grid Solutions: A U...
SGIP May 22 Webinar "Getting to Truly Interoperable Power Grid Solutions: A U...SGIP May 22 Webinar "Getting to Truly Interoperable Power Grid Solutions: A U...
SGIP May 22 Webinar "Getting to Truly Interoperable Power Grid Solutions: A U...
 
SGIP Sri 2014-keynote Reducing Cost and Risk in the Interoperable Smart Grid
SGIP Sri 2014-keynote Reducing Cost and Risk in the Interoperable Smart GridSGIP Sri 2014-keynote Reducing Cost and Risk in the Interoperable Smart Grid
SGIP Sri 2014-keynote Reducing Cost and Risk in the Interoperable Smart Grid
 
SGIP Webinar “Regulatory Commission Members Discuss How SGIP Helps Shape Sm...
SGIP Webinar “Regulatory Commission Members Discuss How SGIP Helps Shape Sm...SGIP Webinar “Regulatory Commission Members Discuss How SGIP Helps Shape Sm...
SGIP Webinar “Regulatory Commission Members Discuss How SGIP Helps Shape Sm...
 
Smart Grid Interoperablity December Emeeting 20131212 final
Smart Grid Interoperablity December Emeeting 20131212 finalSmart Grid Interoperablity December Emeeting 20131212 final
Smart Grid Interoperablity December Emeeting 20131212 final
 
"How Today's Power Grid Implementation Choices Impact Future Smart Grid Deplo...
"How Today's Power Grid Implementation Choices Impact Future Smart Grid Deplo..."How Today's Power Grid Implementation Choices Impact Future Smart Grid Deplo...
"How Today's Power Grid Implementation Choices Impact Future Smart Grid Deplo...
 
SGIP August 15, 2013 eMeeting - State of the Union
SGIP August 15, 2013 eMeeting - State of the UnionSGIP August 15, 2013 eMeeting - State of the Union
SGIP August 15, 2013 eMeeting - State of the Union
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 

Helping Utilities with Cybersecurity Preparedness: The C2M2

  • 1. Accelerating Grid Modernization More information available on SGIP.org Helping Utilities with Cybersecurity Preparedness: The C2M2 April 23, 2015
  • 2. Accelerating Grid Modernization More information available on SGIP.org WELCOME Victoria Yan Pillitteri, National Institute of Standards & Technology (NIST) Smart Grid Cybersecurity Committee Chair April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 3. Accelerating Grid Modernization More information available on SGIP.org Advancing grid modernization through standards innovation, gap filling, interface definitions, and the creation of test frameworks. Multi-stakeholder community with tight coupling to Standards Setting Organizations (SSOs). Disciplined, time-tested processes. Accelerating Smart Grid Interoperability The Smart Grid Interoperability Panel (SGIP) is a consortium that securely accelerates and advances Grid Modernization through interoperability and the leadership talents of its members. SGIP prioritizes topics and issues set by the utilities, independent power producers and industry members to solution and drives innovation of Grid Modernization. April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 4. Accelerating Grid Modernization More information available on SGIP.org Agenda • Welcome – Vicky Pillitteri, SGIP • Main Presentation – Jason D. Christopher, DOE • Questions & Answers • SGIP Cybersecurity Update – Vicky Pillitteri • Closing Reminders – Vicky Pillitteri This meeting, and all SGIP activities, are governed by SGIP By-laws and policies - Intellectual Property Rights Policy and Antitrust Policy. April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 5. Accelerating Grid Modernization More information available on SGIP.org CYBERSECURITY CAPABILITY MATURITY MODEL UPDATE Jason D. Christopher US Department of Energy April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 6. Accelerating Grid Modernization More information available on SGIP.org Defining Security 6 April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 7. Accelerating Grid Modernization More information available on SGIP.org Aligning DOE Activities 7 Build a Culture of Security Training Education Improved communication within industry Assess and Monitor Risk Electricity Subsector Cybersecurity Capability Maturity Model Situational Awareness Tools Common Vulnerability Analysis Threat Assessments Consequence Assessments Develop and Implement New Protective Measures to Reduce Risk Support Cybersecurity Standards Development Near-term Industry-led R&D projects Mid-term Laboratory Academia R&D projects Long-term Laboratory Academia R&D projects Manage Incidents NSTB (National SCADA Test Bed) Outreach Cyber Exercises Sustain Security Improvements Product upgrades to address evolving threats Collaboration among all stakeholders to identify needs and implement solutions April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 8. Accelerating Grid Modernization More information available on SGIP.org Introduction to the C2M2 Program • Since June 2012, hundreds of organizations have used the C2M2. • DOE has facilitated self- evaluations for utilities servicing an estimated 39 million US consumers. • Recently expanded to include oil & natural gas organizations, as well as stakeholders beyond the energy sector 8 April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 9. Accelerating Grid Modernization More information available on SGIP.org C2M2 Program 9 ES-C2M2  Public-private collaborative effort  Sector specific subject matter expertise  Pilot evaluations ONG-C2M2  Tested and refined for ONG through ONG pilot evaluations across upstream, midstream, and downstream ONG companies. C2M2  Without sector-specific references or terms of art  Refined through the ONG pilots, and also via cross- sector outreach April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 10. Accelerating Grid Modernization More information available on SGIP.org The Approach: Maturity Model 10 Maturity Model Definition: • An organized way to convey a path of experience, wisdom, perfection, or acculturation. • The subject of a maturity model can be an object or things, ways of doing something, characteristics of something, practices, or processes. April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 11. Accelerating Grid Modernization More information available on SGIP.org Progression Model Examples 11 Progression for Counting Computer Calculator Adding machine Slide rule Abacus Pencil and paper Fingers Progression for Authentication Three-factor authentication Two-factor authentication Passwords change every 60 days Strong passwords Passwords Progression for Human Mobility Fly Sprint Run Jog Walk Crawl April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 12. Accelerating Grid Modernization More information available on SGIP.org Capability Model Examples 12 Example 1 Practices are optimized Practices are quantitatively managed Practices are defined Practices are managed Practices are ad hoc Example 3 Practices are shared Practices are defined Practices are measured Practices are managed Practices are planned Practices are performed but ad hoc Practices are incomplete Example 2 Practices are externally integrated Practices are internally integrated Practices are managed Practices are performed Practices are initiated April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 13. Accelerating Grid Modernization More information available on SGIP.org C2M2 Domain Descriptions RM: Risk Management Establish, operate, and maintain an enterprise cybersecurity risk management program to identify, analyze, and mitigate cybersecurity risk ACM: Asset, Change, and Configuration Management Inventory, manage changes to, and manage configuration of technology assets, including OT (operations technology), IT (information technology), hardware, and software IAM: Identity and Access Management Create and manage identities for entities that may be granted logical or physical access to assets and control such access TVM: Threat and Vulnerability Management Establish and maintain plans, procedures, and technologies to detect, identify, analyze, manage, and respond to cybersecurity threats and vulnerabilities SA: Situational Awareness Establish and maintain activities and technologies to collect, analyze, alarm, present, and use operational and cybersecurity information to form a common operating picture (COP) ISC: Information Sharing and Communications Establish and maintain relationships with internal and external entities to collect and provide cybersecurity information, including threats and vulnerabilities, to reduce risks and to increase operational resilience IR: Event and Incident Response, Continuity of Operations Establish and maintain plans, procedures, and technologies to detect, analyze, and respond to cybersecurity events and to sustain operations throughout such events EDM: Supply Chain and External Dependencies Management Establish and maintain controls to manage the cybersecurity risks associated with services and assets that are dependent on external entities WM: Workforce Management Establish and maintain plans, procedures, technologies, and controls to create a culture of cybersecurity and to ensure the ongoing suitability and competence of personnel CPM: Cybersecurity Program Management Establish and maintain an enterprise cybersecurity program that provides governance, strategic planning, and sponsorship for cybersecurity activities April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 14. Accelerating Grid Modernization More information available on SGIP.org C2M2 Model Architecture CPM CybersecurityProgram Management WM WorkforceManagement EDM SupplyChainandExternal DependenciesManagement IR EventandIncidentResponse, ContinuityofOperations ISC InformationSharingand Communications SA SituationalAwareness TVM ThreatandVulnerability Management IAM IdentityandAccess Management ACM Asset,Change,and ConfigurationManagement RM RiskManagement 10 Model Domains: logical groupings of cyber security practices — activities that protect operations from cyber-related disruptions MIL 3 (advanced) MIL 2 (intermediate) MIL 1 (beginning) MIL 0 4MaturityIndicatorLevels MIL 1 practices MIL 2 practices MIL 3 practices No practices Each domain includes a progression of practices from MIL 1 to MIL 3 MIL 2 & 3 practices are progressively more complete, advanced, and ingrained; target levels should be set for each domain based on risk tolerance and threat environment MIL 1 practices are basic activities that any organization may perform; these are the starting blocks April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 15. Accelerating Grid Modernization More information available on SGIP.org Organization of a Domain 15 Model One or more per domain, unique to each domain Approach objectives are supported by a progression of practices that are unique to the domain Practices at MIL1 Practices at MIL2 Practices at MIL3 Approach Objectives Domain One per domain, similar in each domain Each management objective is supported by a progression of practices that are similar in each domain and describe institutionalization activities Management Objective Practices at MIL2 Practices at MIL3 Model contains 10 domains April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 16. Accelerating Grid Modernization More information available on SGIP.org C2M2 Evaluation Tool & Method • Since the program’s inception, DOE has maintained a free tool for organizations to perform a C2M2 self-evaluation • C2M2 self-evaluation workshops can be completed in a single day with appropriately limited scope • Output graphically summarizes implementation status for each of the 312 practices in the model 16 Summary Results — exampleDonut chart key Number of Largely Implemented practices Total number of practices represented by the donut Number of Partially Implemented practices Number of Not- Implemented practices Number of Fully Implemented practices April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 17. Accelerating Grid Modernization More information available on SGIP.org NIST Cybersecurity Framework & C2M2 17 Executive Order 13636 Improving Critical Infrastructure Cybersecurity Section 8(b) “Sector-Specific Agencies, in consultation with the Secretary and other interested agencies, shall coordinate with the Sector Coordinating Councils to review the Cybersecurity Framework and, if necessary, develop implementation guidance or supplemental materials to address sector- specific risks and operating environments.” • Working stakeholders from the sector, DOE collaborated to develop an implementation guidance document addressing how C2M2 supports framework implementation. • Available for download at: http://energy.gov/oe/downloads/energy-sector- cybersecurity-framework-implementation-guidance April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 18. Accelerating Grid Modernization More information available on SGIP.org NIST Cybersecurity Framework Core Tiers Profile Functions Categories Subcategories Informative References IDENTIFY PROTECT DETECT RESPOND RECOVER Tier 1: Partial Ad hoc risk management Limited cybersecurity risk awareness Low external participation Tier 2: Risk Informed Some risk management practices Increased awareness, no program Informal external participation Tier 3: Repeatable Formalized risk management Organization-wide program Receives external partner info Tier 4: Adaptive Adaptive risk management practices Cultural, risk-informed program Actively shares information Current Profile Current state of alignment between Core elements and organizational requirements, risk tolerance, & resources. Where am I today relative to the Framework? Target Profile Desired state of alignment between Core elements and organizational requirements, risk tolerance, & resources. Where do I aspire to be relative to the Framework? Roadmap April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 19. Accelerating Grid Modernization More information available on SGIP.org Framework Process 19 Step 1: Prioritize and Scope Step 2: Orient Step 3: Create a Current Profile Step 4: Conduct a Risk Assessment Step 5: Create a Target Profile Step 6: Determine, Analyze, and Prioritize Gaps Step 7: Implement Action Plan April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 20. Accelerating Grid Modernization More information available on SGIP.org C2M2 as a Framework Enabler C2M2 Output Step 1: Prioritize and Scope Step 2: Orient Step 3: Create a Current Profile Step 4: Conduct a Risk Assessment Step 5: Create a Target Profile Step 6: Determine, Analyze, and Prioritize Gaps Step 7: Implement Action Plan Select in-scope assets and requirements Perform C2M2 self-evaluation using C2M2 tool Evaluate risk based on C2M2 output Create target profile based on C2M2 Prioritize action plan to achieve target profile Implement the plan, use CSF & C2M2 guidance Source: Axio Global April 23, 2015 Helping Utilities with Cybersecurity Preparedness 20
  • 21. Accelerating Grid Modernization More information available on SGIP.org C2M2 Mapping to CSF CSF Core CSF Tiers Functions Categories Subcategories Informative References IDENTIFY PROTECT DETECT RESPOND RECOVER CSF Tiers Tier 1: Partial Tier 2: Risk Informed Tier 3: Repeatable Tier 4: Adaptive C2M2 Practices MIL1 MIL2 MIL3 C2M2 C2M2 C2M2 Practices MIL1 MIL2 MIL3 April 23, 2015 Helping Utilities with Cybersecurity Preparedness 21
  • 22. Accelerating Grid Modernization More information available on SGIP.org Defining Security 22 April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 23. Accelerating Grid Modernization More information available on SGIP.org Resources • Cybersecurity Framework and supporting materials: http://www.nist.gov/itl/cyberframework.cfm • NIST Computer Security Resource Center: http://csrc.nist.gov/ • C3 Voluntary Program: www.dhs.gov/ccubedvp • C2M2 Program: http://energy.gov/oe/cybersecurity-capability- maturity-model-c2m2-program 23 April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 24. Accelerating Grid Modernization More information available on SGIP.org QUESTIONS? Jason D. Christopher, jason.christopher@doe.gov Resource emails: C2M2@doe.gov; cyber.framework@doe.gov April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 25. Accelerating Grid Modernization More information available on SGIP.org SGCC UPDATE Victoria Yan Pillitteri, National Institute of Standards & Technology (NIST) Smart Grid Cybersecurity Committee Chair April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 26. Accelerating Grid Modernization More information available on SGIP.org Cybersecurity Committee The SGIP Cybersecurity Committee is collaborative forum that develops resources that smart grid stakeholders can leverage to help understand and manage cybersecurity risk. April 23, 2015 Helping Utilities with Cybersecurity Preparedness Cybersecurity is a critical, cross-cutting issue for the Smart Grid
  • 27. Accelerating Grid Modernization More information available on SGIP.org 2015 Progress • Cybersecurity Frameworks Case Study • Privacy Awareness Self-Assessment • Published: – Risk Management Process Case Study • Continue: – Collaboration with other smart grid and energy sector communities/groups – Cybersecurity reviews for SGIP Catalog of Standards To learn more contact: victoria.pillitteri@nist.gov April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 28. Accelerating Grid Modernization More information available on SGIP.org SGIP Reminders • May 12: Engaged in Conversation: Grid 3.0 – Register at SGIP.org/Webinars • Past webinars and publications available on SGIP.org under “Information Knowledge Base” • Stay in Touch – Twitter: @SGIPNews – Join our LinkedIn Group – Sign up for SGIP Newsletter, The Conductor April 23, 2015 Helping Utilities with Cybersecurity Preparedness
  • 29. Accelerating Grid Modernization More information available on SGIP.org THANK YOU FOR YOUR PARTICIPATION A FOLLOW-UP EMAIL WILL BE SENT WITH LINK TO RECORDING AND SUPPORTING MATERIALS April 23, 2015 Helping Utilities with Cybersecurity Preparedness