Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment
Presenter: David Knox, Vice President of National Security Solutions, Oracle
Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
In May, 2014 the US Department of Homeland Security and its Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, issued a report confirming several recent attacks on public utilities from the first quarter of 2014. DHS confirmed that a sophisticated threat actor gained unauthorized access to an unnamed public utility’s control system network.
Incidents of this type haven’t been as widely publicized as recent retail breaches, but it is believed by many that there are far more incidents occurring within the Energy Sector than are heard about in the press. Lack of enforced and implemented policy and compliance, poor capability for early detection of threat indicators, and lack of visibility and automation may all be contributing to failure in rapidly detecting attacks and breaches.
Essential Power™ (formerly known as North American Energy Alliance) is a wholesale power generator and marketer providing electric energy and located in the North Eastern United States. Essential Power will share a case study on its own journey towards achieving NERC CIP compliance within a very short five-month timeline, and how they did it.
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment: Cyber Security Information and Event Management
Presenter: Dr. Jim Murray, Technical Staff, HBB Systems, LLC
Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.
Network security for automation solutions is a concept that has been getting increased attention over the last decade. In the past, security was not a major concern because automation systems utilized proprietary components and were isolated from other networks within the business.
Today, many automation systems are comprised of commercial off the shelf components, including Ethernet networking and Windows operating systems. In addition, legacy products are being updated to operate in these new network environments.
The consequence is that formerly closed systems are suddenly connected to open enterprise networks and the Internet, exposing improperly protected systems to modern IT threats.
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment
Presenter: David Knox, Vice President of National Security Solutions, Oracle
Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.
Essential Power Case Study: Protecting Critical Infrastructure From Cyber Att...EnergySec
In May, 2014 the US Department of Homeland Security and its Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, issued a report confirming several recent attacks on public utilities from the first quarter of 2014. DHS confirmed that a sophisticated threat actor gained unauthorized access to an unnamed public utility’s control system network.
Incidents of this type haven’t been as widely publicized as recent retail breaches, but it is believed by many that there are far more incidents occurring within the Energy Sector than are heard about in the press. Lack of enforced and implemented policy and compliance, poor capability for early detection of threat indicators, and lack of visibility and automation may all be contributing to failure in rapidly detecting attacks and breaches.
Essential Power™ (formerly known as North American Energy Alliance) is a wholesale power generator and marketer providing electric energy and located in the North Eastern United States. Essential Power will share a case study on its own journey towards achieving NERC CIP compliance within a very short five-month timeline, and how they did it.
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment: Cyber Security Information and Event Management
Presenter: Dr. Jim Murray, Technical Staff, HBB Systems, LLC
Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.
Network security for automation solutions is a concept that has been getting increased attention over the last decade. In the past, security was not a major concern because automation systems utilized proprietary components and were isolated from other networks within the business.
Today, many automation systems are comprised of commercial off the shelf components, including Ethernet networking and Windows operating systems. In addition, legacy products are being updated to operate in these new network environments.
The consequence is that formerly closed systems are suddenly connected to open enterprise networks and the Internet, exposing improperly protected systems to modern IT threats.
Critical Infrastructure Security by Subodh BelgiClubHack
Industrial Automation & Control Systems are an integral part of various manufacturing & process industries as well as national critical infrastructure. Concerns regarding cyber-security of control systems are related to both the legacy nature of some of the systems as well as the growing trend to connect industrial control systems to corporate networks. These concerns have led to a number of identified vulnerabilities and have introduced new categories of threats that have not been seen before in the industrial control systems domain. Many of the legacy systems may not have appropriate security capabilities that can defend against modern day threats, and the requirements for availability and performance can preclude using contemporary cyber-security solutions. To address cyber-security issues for industrial control systems, a clear understanding of the security challenges and specific defensive countermeasures is required. The session will highlight some of the latest cyber security risks faced by industrial automation and control systems along with essential security controls & countermeasures.
Join our webinar hosted by MAGNET: The Manufacturing Advocacy and Growth Network. As the NIST and Ohio MEP program advocates, we’ve invited a leader of our technological and educational cybersecurity partner, Ignyte Institute, for a conversation on how to get on board with the emerging Cybersecurity Maturity Model Certification (CMMC). This webinar will give a detailed and realistic overview of all cybersecurity frameworks and regulations required to continue working on existing projects or bid on future contracts as Department of Defense (DoD) prime and subcontractor. Our goal is to help you assess your current state of Governance, Risk Management, and Compliance (GRC), and provide you overall guidance on a smooth transition to the new regulatory norms in order to ensure that Ohio-based businesses maintain their competitive edge in the Defense Industrial Base (DIB).
Don Pearson and Travis Cox from Inductive Automation, Arlen Nipper, the president/CTO of Cirrus Link Solutions and co-inventor of MQTT, and Gregory Tink, managing owner of The Streamline Group address the improvements to data access to help solve business challenges as well as explore the digital oilfield.
Dedicated to furthering innovation through the rapid identification, integration and adoption of practical, standards-based cybersecurity solutions, the National Cybersecurity Center of Excellence (NCCoE) was established in 2012 through a partnership among National Institute of Standards and Technology (NIST), the State of Maryland and Montgomery County. NCCoE senior security engineer Jim McCarthy shares an overview on the center's energy sector use cases and their recent developments.
Learn about the mandate for NIST Special Publication 800-171 and the upcoming deadline for compliance of December 31, 2017. Get answers to questions such as: what is NIST, who needs to comply, what are the requirements, and how do I know if I’m already compliant?
While C2M2 is not the love child of C3PO and R2D2 (sorry), the Cybersecurity Capability Maturity Model (C2M2) program under the U.S. Department of Energy's (DOE) Office of Electricity Delivery and Energy Reliability (OE) is helping to enhance the security and resilience of the United States’ critical infrastructure.
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
Presented @ 2016 ISA Process Control & Safety Symposium, November 10, 2016
The exchange of key information between business operations, suppliers, customers, production, and ultimately the production equipment itself can provide significant financial and productivity advantages. This presentation will discuss some practical approaches to utilizing the cyber security principles from ISA/IEC 62443 in order to integrate the business and production environments. It will also present some of the different solutions for meeting a variety of scenarios, such as data historians, patching/updating, and remote maintenance.
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
How can IT and OT teams work together effectively to secure the entire infrastructure? We asked industry experts for their top tips. Read their full responses here: https://www.tripwire.com/state-of-security/ics-security/it-collaborate-ics-security/
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
After a brief introduction by Mr. Humphreys, Henry Bailey will talk a few minutes about SAP’s roadmap for utilities. This will be followed by a discussion led by Chris Humphreys about the evolutionary transition from disparate point solutions to enterprise-wide, end-to-end, Regulation Management where controls are consolidated and leveraged such that compliance is a byproduct of industry best practices. Finally, Mr. Rice and Chris Humphreys will end the hour with a presentation expanding on the concept of controls consolidation and compliance as a byproduct focused on NERC CIP Ver 3-5 and NIST transitional capabilities of Regulation Management.
In this session, participants will hear about real world scenarios for a variety of markets and what steps they have taken to address their security needs in an effective and efficient manner. Customer case studies will dig into real security challenges, mitigation plans, and the organizational benefits realized.
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
Discussion of if and how you can secure payments in the cloud. Covers the issue, compliance considerations, regulatory changes and their impact, and provides a rationale for using a cloud to decouple your payments processes from your legacy infrastructure.
Critical Infrastructure Security by Subodh BelgiClubHack
Industrial Automation & Control Systems are an integral part of various manufacturing & process industries as well as national critical infrastructure. Concerns regarding cyber-security of control systems are related to both the legacy nature of some of the systems as well as the growing trend to connect industrial control systems to corporate networks. These concerns have led to a number of identified vulnerabilities and have introduced new categories of threats that have not been seen before in the industrial control systems domain. Many of the legacy systems may not have appropriate security capabilities that can defend against modern day threats, and the requirements for availability and performance can preclude using contemporary cyber-security solutions. To address cyber-security issues for industrial control systems, a clear understanding of the security challenges and specific defensive countermeasures is required. The session will highlight some of the latest cyber security risks faced by industrial automation and control systems along with essential security controls & countermeasures.
Join our webinar hosted by MAGNET: The Manufacturing Advocacy and Growth Network. As the NIST and Ohio MEP program advocates, we’ve invited a leader of our technological and educational cybersecurity partner, Ignyte Institute, for a conversation on how to get on board with the emerging Cybersecurity Maturity Model Certification (CMMC). This webinar will give a detailed and realistic overview of all cybersecurity frameworks and regulations required to continue working on existing projects or bid on future contracts as Department of Defense (DoD) prime and subcontractor. Our goal is to help you assess your current state of Governance, Risk Management, and Compliance (GRC), and provide you overall guidance on a smooth transition to the new regulatory norms in order to ensure that Ohio-based businesses maintain their competitive edge in the Defense Industrial Base (DIB).
Don Pearson and Travis Cox from Inductive Automation, Arlen Nipper, the president/CTO of Cirrus Link Solutions and co-inventor of MQTT, and Gregory Tink, managing owner of The Streamline Group address the improvements to data access to help solve business challenges as well as explore the digital oilfield.
Dedicated to furthering innovation through the rapid identification, integration and adoption of practical, standards-based cybersecurity solutions, the National Cybersecurity Center of Excellence (NCCoE) was established in 2012 through a partnership among National Institute of Standards and Technology (NIST), the State of Maryland and Montgomery County. NCCoE senior security engineer Jim McCarthy shares an overview on the center's energy sector use cases and their recent developments.
Learn about the mandate for NIST Special Publication 800-171 and the upcoming deadline for compliance of December 31, 2017. Get answers to questions such as: what is NIST, who needs to comply, what are the requirements, and how do I know if I’m already compliant?
While C2M2 is not the love child of C3PO and R2D2 (sorry), the Cybersecurity Capability Maturity Model (C2M2) program under the U.S. Department of Energy's (DOE) Office of Electricity Delivery and Energy Reliability (OE) is helping to enhance the security and resilience of the United States’ critical infrastructure.
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
Presented @ 2016 ISA Process Control & Safety Symposium, November 10, 2016
The exchange of key information between business operations, suppliers, customers, production, and ultimately the production equipment itself can provide significant financial and productivity advantages. This presentation will discuss some practical approaches to utilizing the cyber security principles from ISA/IEC 62443 in order to integrate the business and production environments. It will also present some of the different solutions for meeting a variety of scenarios, such as data historians, patching/updating, and remote maintenance.
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
How can IT and OT teams work together effectively to secure the entire infrastructure? We asked industry experts for their top tips. Read their full responses here: https://www.tripwire.com/state-of-security/ics-security/it-collaborate-ics-security/
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
After a brief introduction by Mr. Humphreys, Henry Bailey will talk a few minutes about SAP’s roadmap for utilities. This will be followed by a discussion led by Chris Humphreys about the evolutionary transition from disparate point solutions to enterprise-wide, end-to-end, Regulation Management where controls are consolidated and leveraged such that compliance is a byproduct of industry best practices. Finally, Mr. Rice and Chris Humphreys will end the hour with a presentation expanding on the concept of controls consolidation and compliance as a byproduct focused on NERC CIP Ver 3-5 and NIST transitional capabilities of Regulation Management.
In this session, participants will hear about real world scenarios for a variety of markets and what steps they have taken to address their security needs in an effective and efficient manner. Customer case studies will dig into real security challenges, mitigation plans, and the organizational benefits realized.
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
Discussion of if and how you can secure payments in the cloud. Covers the issue, compliance considerations, regulatory changes and their impact, and provides a rationale for using a cloud to decouple your payments processes from your legacy infrastructure.
Intelligent Maintenance: Mapping the #IIoT ProcessDan Yarmoluk
A presentation about Industrial IoT, the value chain and real-world use cases; how to create value with IoT at your organization with an emphasis on predictive maintenance (bearing fault detection).
Branndon Kelley Keynote on Cybersecurity and the Smart Utility EnergyTech2015
In an effort to make a Utility more “Smart” the business units within are requiring additional data for business intelligence, predictive and data analytics and asset optimization. To acquire the necessary data points the once “disconnected” power plants, electric grid, and the consumer now have to be connected. Utilizing sensor technology, advanced metering, and automated controls the systems within the power plant, transmission & distribution grid, and even a home or business now become vulnerable. In addition to this business-enabling concept the threat of a full-fledged cyber-attack or at the minimum cyber espionage is real. Utilities are now faced with these threats and must spend enormous amounts of capital and operational dollars to protect their assets utilizing a “not if, but when” mentality. The two competing concepts create a paradox – the more we connect the utility, the more vulnerable it be- comes -however, without connecting the utility, the less “Smart” we can be.
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: Cybersecurity for Government Contractors
Presenter: Robert Nichols, Partner, Covington & Burling LLP
Smart Grid Solutions( June 2012) my presentation from 2012 on state of smart grid solutions. I tried to identify 5 areas of technology most interesting for VC(cleantech one) within next 5 years. My intended 20m presentation turned into 80m discussion. Looking at it from 2014 some interesting things happened. I identified 5 interesting technology areas: Data management(Big data), AMI, Home automation, Cyber security and substation automation. I looked at grid scale energy storage because everyone wanted it badly but no one could figure out way for it to work at scale. So what happened since 2012.
In home automation coolest company was NEST and their main innovation was that they made thermostats consumer product. That was not obvious to everyone at the time. But we discussed investment in NEST, it not so easy though as NEST had enough cash, and you need take into account fund's life cycle. In January 2014 Google acquired NEST for $3.2B. Also at the time smartphones and technology made home automation relatively affordable and there was need for platform to control it. Microsoft was working on Home OS, software platform and interface to control home automation devices. In 2014 Apple announced HomeKit, platform to control home automation devices.
Data management - Big data started to become buzz word and companies using billions of sensors accumulated ton of date but most of them never used it. in 2014 Hadoop is standard and companies find very creative ways to use data.
AMI - i expected that we will have smart meters everywhere. 2014 I overestimated it. Though cool company Opower who found create way to use data from smart meters to create social platform for neighbors to compare their energy usage and compete to reduce it, had it successful IPO.
Cyber Security. I focused on grid security because with all smart in grid you have shift from analog to digital and risk of cyber attack. Also Cyber security for grid became mandatory by law in USA. in 2014 it is very hard to dig up data on grid but everywhere else there were huge cases of cyber security attack. Now people aware of it but still underestimate its threat. Huge but sensitive and complex market.
Grid storage. Elon Musk announced Gigafactory. It is very hard to use battery technology used in cars and smartphones on grid. Scalability is an issue. We actually did small exercise to check. My boss took his blackberry and disassembled it. We look at numbers at battery, made calculations, added cost, estimated watt needs for grid storage one, added manufacturing, environmental risks and concluded that it will not work for some time. But China announced that they will use lithium ion for storage so everyone else paid attention.
It was fun to do this research and talk to smart people. I had discussion with execs from ABB Technology ventures, VC, McRock Capital, professors from MIT, ETH. I talked to CTO of IBM's big green innovation, and my fav author James Utterback. I was great pleasure.
http://www.controlscon.com Controls-Con is a bi-annual Smart Building and Building Controls Conference that takes place in Detroit, Michigan with a focus on building controls, building automation, and the IoT.
This fast-paced, education-packed event attracts more than 600 systems integrators, service technicians, building managers, contractors, engineers, end users, and more from throughout the United States and Canada. Controls-Con gives them the chance to explore the latest technologies and possibilities of Building Controls and Automation and includes a Building Automation Trade Show featuring the industry's top manufacturers, networking opportunities, educational sessions, and more.
Here you will find the PowerPoint presentation shown during the Business Track that took place on Day Two of Controls-Con.
Learn more about this smart building conference by visiting http://www.controlscon.com.
Subscribe to upcoming event news, industry updates, and more by visiting http://www.cochranesupply.com.
Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...Inductive Automation
In this webinar, a panel of experienced control system integrators will discuss the biggest challenges and technology trends in their field, as identified in a recent survey conducted by Inductive Automation, and will also discuss potential solutions.
Integrator Evolution: Discussing Current Challenges & Future Trends in Indust...Inductive Automation
In this webinar, a panel of experienced control system integrators will discuss the biggest challenges and technology trends in their field, as identified in a recent survey conducted by Inductive Automation, and will also discuss potential solutions.
A single change to a network device can have a far reaching effect on your business. It can create security holes for cyber criminals, impact your regulatory audit, and even cause costly outages that can bring your business to a standstill – as we have recently seen in the news!
This technical webinar will walk you a variety of use cases where device misconfigurations typically occur, including a basic device change, business application connectivity changes, and data center migrations. It will provide both best practices and demonstrate specific techniques to help you understand and avoid misconfigurations and ultimately prevent damage to your business, including how to:
* Understand and map your enterprise infrastructure topology before you make a change
* Proactively assess the impact of a change to ensure it does not break connectivity, affect compliance or create a security hole
* Common mistakes to avoid when making changes to your network security devices
* How to better understand business requirements from the network security perspective
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Regulators’ Role in Smart Grid Security: What They Want to Know by Alan Rivaldo Public Utility Commission of Texas
1. Alan Rivaldo
Public Utility Commission of Texas
Regulators’ Role in Smart Grid Security
What They Want to Know
2. BACKGROUND
• Utilities are typically monopolies and therefore
are highly regulated.
• Unlike with most other stock investments, for
the most part utility investors are guaranteed a
certain rate of return on their investment.
• Any capital investments made by utilities are
ultimately paid by ratepayers… their customers.
2
3. CUSTOMERS AND REGULATORS
• Therefore, customers need to know what they are
getting and how much they’re paying for it.
• Customers are typically disengaged from the
process (at least beyond the bottom line on
their utility bill).
• Regulators are the ones who are charged with
knowing about the capital expenditures made
by utilities.
3
4. RATE CASES
• Utilities recapture capital investments through
rate cases
• Rate cases are conducted in open hearings
• This process is nothing new: ~100 years
• Any infrastructure:
• Water and Wastewater
• Electric service
4
5. WHAT IS NEW?
• In past few years, commissions became aware of
cybersecurity as a pressing issue.
• Unfortunately, some awareness has come in the
form of alarmist reports in the media:
• Mass outages
• Chaos
• Imminent take-overs by foreign governments
5
6. WHAT’S NOT SO NEW?
• Risk that legislatures may overreact
• Try to pass “comprehensive bills” that may:
• Cause unintended consequences
• Impede meaningful progress
• Interfere with commission direction
• Classic conflict: legislative vs. executive
6
7. THE CHALLENGE
• Utilities have difficulties finding qualified,
knowledgeable staff for energy operations.
• Commissions are in the same position; engineers
have to be recruited from an industry in which
there traditionally hasn’t been much turnover.
7
8. THE CHALLENGE (CONT.)
• States’ budgets are being cut
• Recruiting from industry and the private sector
is a challenge
• PUC staff knowledge limited to conventional
energy operations technologies
• Electromechanical devices
• Not advanced, data-intensive technologies
8
9. WHAT TO DO?
• Commissions train existing staff
• Hire new people to ask intelligent questions of:
• Utilities
• Vendors
• Staff within the agency
• Ponder implications of technology on policy
• Ponder implications of policy on technology
9
10. ASK UTILITIES QUESTIONS: STRATEGY
• What is your security strategy?
• Update your security plans? How often?
• Test your plans?
• Have you conducted vulnerability assessment of:
• Back Office information systems?
• Control Systems?
10
11. ASK UTILITIES QUESTIONS: RISK
• How do you manage risk?
• Use a Risk Management process?
• How was it derived?
• From DOE/NIST/NERC or some other
authority?
11
12. QUESTIONS: UTILITY ENGAGEMENT
• Have you worked with Department of Homeland Security
regarding cybersecurity?
• Aware of… work with…
• DHS National Cyber Security Division (NCSD)?
• US-CERT? ICS-CERT? etc.
• NESCO (National Electric Sector Cybersecurity
Organization)
• Law Enforcement, i.e. Fusion centers
• Local chapter of InfraGard (FBI public private
partnership)?
• DOE, SANS, others?
12
13. NERC CIP
• We may ask about NERC CIP…
• Not necessarily the utility’s status
• NERC CIP is outside of a state’s jurisdiction
• No double reporting or “double jeopardy”
• NERC CIP compliance is only marginally
interesting to state regulators. We care more
about distribution: SAIDI and SAIFI
• Upstream cybersecurity issues may have an
impact upon SAIDI and SAIFI
13
14. NERC CIP (CONT.)
• NERC CIP is compliance-based. Commissions are
compliance-focused out of tradition, but…
• Compliance doesn’t ensure security.
• Cybersecurity isn’t about checking boxes on a form.
• “Hackers don’t have checklists”
• Folks at utilities: Trying to get their CIP compliance
paperwork in order to satisfy some NERC auditor
• Hackers: Working diligently to upset the apple cart
14
15. LESSONS FROM NERC CIP
• PUCs are more interested in knowing how many
resources a utility has tied up in doing NERC CIP
compliance paperwork
• Is NERC CIP compliance a value-added activity?
• Compliance puts a utility only on the ground floor
of security
• Compliance doesn’t set a ceiling
• Compliance makes security people contemplate
the roof
15
16. LESSONS FROM NERC CIP
• Utilities have to graduate beyond compliance
• Utilities should have compliance mastered by
now, right?
• Utilities must find their way up the stairs to a
higher floor in the building
• Compliance mindset vs. Security
16
17. PERSONNEL
• What kind of people do you have?
• Individuals specifically assigned cybersecurity
responsibility?
• IT staff responsible for cybersecurity in energy
operations?
• Does energy operations have its own security staff?
• What kind of training and experience does cybersecurity
staff have?
• Engaged in cybersecurity standards activities of:
• NIST SGIP Cybersecurity Working Group?
• NESCOR, UCAIug, NERC, etc.?
17
18. PERSONNEL / VENDORS
• What background checking is performed for
those with access to key cyber components?
• Vendors and other third-parties that have
access to key cyber systems
• How are they vetted? How do you screen who
has access to your systems? A lot of support
comes from vendors and integrators.
18
19. CAPITAL EXPENDITURES
• Review: Commissions are tasked with approving
surcharges in rate cases so that utilities can
recoup the costs they have incurred by making
capital expenditures on the infrastructure.
• Is the equipment a utility buys robust when it
comes to security? Will it continue to be robust
in the future?
• Traditional equipment lifetime is
as long as 40 years.
19
20. CAPITAL EXPENDITURES
• Moving toward new paradigm
• May call for more regular replacements of
infrastructure components
• Precedents: IT and mobile phone
infrastructures
• Will no longer be in terms of multiple
decades
• But anticipated replacement cycle won’t be
as brisk as mobile phone infrastructure
20
21. CAPITAL EXPENDITURES
• Prefer not to have to replace devices at all
• Hope/wish replacement won’t be
for reasons of security
• Smart Grid continues to evolve
• More palatable reasons for replacement:
• Expanded functionality
• Larger quantity of data
• Higher data rates
21
22. CAPITAL EXPENDITURES/VENDORS
• Regulators want assurance that:
• Proposed investments are prudent
• Solutions are cost effective
• Firms hired by utilities are:
• Capable
• Reliable
• Understand their ultimate responsibilities
22
23. CAPITAL EXPENDITURES/VENDORS
• Regulators want utilities to:
• Do their due diligence when securing their
infrastructure
• Prove it
• Hold their vendors accountable for doing their
part
• Everyone plays a role in security, and everyone
should be accountable for holding up their end of
the bargain.
23
24. VENDORS
• Regulators… and therefore the utilities… want:
• To know that products and processes are
secure
• From concept to design to manufacture to
deployment to support in the form of
issuing of firmware updates, to the eventual
decommissioning of these devices and
systems.
24
26. VENDORS’ ROLE
• Third-party assessment of products - proof
• Installation of products - field testing of
configured, deployed infrastructure
• Deliver what was promised
• Anything that touches or comes near a
device is doing what it’s supposed to do
• Maintain integrity of the data
• Without latency
26
27. UTILITY’S RESPONSIBILITIES
• Ensure the safe and secure delivery of energy and
energy-related data
• Maintain the accuracy of the data being
transmitted
• Ensure data is handled with care
• Secure
• Policies in place and followed
• Ensure customer privacy
27
28. REVIEW
• Commissions take a look at the numbers – we
want to see what the public is… or will be…
paying for.
• If incorporating security costs a little bit more
upfront, then that should be reflected in the
numbers and filed in the rate case – preferably
itemized, if possible.
• At the same time, costs must be reasonable and
reflect whatever level of risk is acceptable.
28
29. REVIEW AND CONCLUSION
• We must accept that risk is inevitable and cannot
be completely eliminated – only mitigated to an
acceptable level.
• Risk is difficult to calculate, but commissions
want to know how you made your
determinations; make us a part of the process.
• We all play a role in security.
29
Editor's Notes
Disclaimer – the views expressed are not those of the commission or any commissioner – they are solely mine.
Conflicts at the federal level can trickle down to the states.
SAIDI = System Average Interruption Duration IndexSAIFI - System Average Interruption Frequency Index
If hackers DO have checklists, it’s “launch Metasploit – CHECK!”, “launch exploit – CHECK!” “Turn off the lights - CHECK!” “Brag about what I did on Facebook - CHECK!”
SGIP = Smart Grid Interoperability PanelUCAIug = Utility Communications Architecture International User’s Group
SGIP = Smart Grid Interoperability PanelUCAIug = Utility Communications Architecture International User’s Group