The document discusses the integration of cybersecurity within the energy and utilities industry, highlighting the rising threats and incidents reported in 2013. It outlines a comprehensive security approach that includes advanced threat detection and the importance of timely, comprehensive threat information. The proposed solution emphasizes a managed, stepwise integration of security processes to enhance overall resilience against cyber adversaries.

1. 1
Bill Lawrence, Ph.D. Commercial Cyber Security Services, Lockheed Martin
(C) Lockheed Martin Corporation 2014© Lockheed Martin Corporation. All Rights Reserved.
This document [or software] shall not be reproduced, modified, distributed or displayed without
the prior written consent of the Lockheed Martin Corporation
Closing the Gap between Physical, Process Control, and
Cybersecurity for the Energy and Utilities Industry

2. 22
Intelligence-driven Defense
The Electric Power System
DOE’s Electric Subsector Cybersecurity
Capabilities Maturity Model V1.1

3. 3
The Threat Surface Continues to Expand
256 incidents were
reported either directly from
asset owners or through
other trusted partners.
2013 ICS-Cert Incidents
51%
ENERGY*OTHER
ICS-CERT Response Monitor
51% of the 2013 ICS/PCN
reported incidents were in
Energy
* The majority of these were in the energy
sector; however, critical manufacturing
and several other sectors were also
targeted.
 A rise in advanced
adversaries in 2013
 40 critical infrastructure
organizations targeted
 ICS/PCN can be both
the target and a pathway
of attack
 Target breach came
through HVAC supplier
 Potential for attacker to
take advantage of a
physically/
geographically dispersed
architecture to gain access
to the business network

4. 44(C) Lockheed Martin Corporation 2014
Security Domain Commonality
Utility Enterprise

5. 55(C) Lockheed Martin Corporation 2014
Tools of Integration: Putting it all Together to
Stop the Adversary

6. 66(C) Lockheed Martin Corporation 2014
Intelligence Driven Defense®

7. 77(C) Lockheed Martin Corporation 2014
A Total Security Approach
Utility Enterprise

8. 88(C) Lockheed Martin Corporation 2014
A Total Security Integrated Lifecycle

9. 9
The Cyber Kill ChainTM - Where “All-Source
Information” Really Pays Off
Recon Weaponize Delivery Exploit Install
Act on
Objectives
C2
Pre-compromise Stages Post-compromise Stages
(C) Lockheed Martin Corporation 2014
• Reconnaissance – Looking for targets, social relationships, conference information,
information on specific technologies, etc.
• Weaponization – Creating deliverable payload
• Delivery – Delivering weaponized bundle
• Exploitation – Exploiting a vulnerability
• Installation – Installing some mechanism that allows adversary to maintain persistence
inside the environment
• Command & Control – Channel for remote manipulation of the “weapon” or victim
• Actions on Objectives – Intruders accomplish their original goal

10. 10
The Cyber Kill ChainTM - Where “All-Source
Information” Really Pays Off
Mitigated intrusion: Analysis and synthesis
Recon Weaponize Delivery Exploit Install
Act on
Objectives
C2
Recon Weaponize ExploitDelivery Install
Act on
Objectives
C2
Detect
Detect
Analyze
Analyze Synthesize
Full intrusion: Analysis to recreate the defense lifecycle
Pre-compromise Stages Post-compromise Stages
Gather intel regardless of attack success
(C) Lockheed Martin Corporation 2014

11. 1111(C) Lockheed Martin Corporation 2014
Timely, Comprehensive Threat and Vulnerability
Information is Key to a Successful Defense

12. 12
Moving from Today to Tomorrow Towards a
Fully Integrated Total Security Architecture
A Total Security Architecture of the future, such as I-IDD, would
tightly integrate all the Security processes and information
• Requires systems architecture evolution for full multi-layer
interoperability across all the Physical, Process, and Cyber-Security
processes and information
– Timely Threat and Vulnerability Data Source Integration and Analysis
– Event Detection Filtering and Analysis
– Advanced Threat Detection
– Cross Domain Correlation
– Guided Forensics
– Workflow Enhancement
• Many pieces exist today in the different security functional areas
• But the full vision is a daunting task for today’s legacy systems

13. 13
A Total Security solution is possible now as a
stepwise, manageable manor
• Use a top-down system-of-systems integration and design
approach
• Review all security processes in light of an Integrated Total
Security approach
• Prioritize integrated functions against threat impact severity and
probability
• Concentrate on the most critical functions that need to be
integrated first.
– Situation Awareness: PSIMs, SIEMs, Process Monitoring Systems,
– Threat and Vulnerability Collection and Analysis
– Consolidate into centralized Total Security Operations Centers
• Then begin the migration to more automated security information
correlation tools for your Total Security professionals