Cyber Infrastructure Security Presentation

Size: px
Start display at page:

Download "Cyber Infrastructure Security Presentation"

Transcription

1 Cyber Infrastructure Security Presentation Moderator: Col. Ron Torgerson, PE, PMP, CHS-V, F.SAME, USAF (Ret.), and Chair, Cyber Security Infrastructure Task Force (CSITF) Speakers: Gary Seifert, P.E. Mark Duszynski, Vice President, Johnson Controls Federal Systems Col. Steve Moes, USAF (Ret.), COO, LRS Federal Emmett McGrath, Secure IT Program Manager, Wesco

2 Building Systems Threats and Mitigation Measures Mark Duszynski VP Johnson Controls Federal Systems Cyber Infrastructure Security Presentation SAME JETC San Diego May 21, 2013

3 Current Federal standards and Industrial Control Systems (ICS) security requirements Federal ICS need to be approved based on a risk assessment process The risks are identified and mitigated until the risk is acceptable The risk assessment is now an on-going process through the lifecycle of the systems (continuous maintenance) because the threats are ever changing 2

4 In general, the following processes must be followed in order to gain Authority to Operate (ATO) DIACAP (DoD Information Assurance Certification and Accreditation Process) C&A process Air Force uses ETL; Navy DIACAP and Army DIACAP Risk Management Framework for civilian agencies Federal Information Security Management Act (FISMA) Risk Management Framework (RMF) 3

5 Industrial Control Systems (ICS) refers to a wide variety of controls systems typically found on DOD installations and civilian agency sites Building Automation Systems (BAS) Sometimes referred to as Energy Management Control Systems (EMCS), Utility Monitoring and Controls Systems (UMCS), HVAC controls or DDC Other ICS elements SCADA, security systems, metering, fire alarm systems, fuel distribution, water controls, wastewater controls, power generation, airfield controls, lighting controls, intrusion detection systems etc. 4

6 5

7 Control systems uniquely present two types of vulnerabilities: 1) Data and intellectual property theft of business networks and 2) Sabotage through normal control process disruptions 6

8 At one point, the penetration into the Chamber of Commerce was so complete that a Chamber thermostat was communicating with a computer in China. 7

9 8

10 9

11 The inherent user-friendly design features of a BAS make them vulnerable Device and point naming standards are highly descriptive e.g. 5 th Floor Supply Air Fan Start/Stop Control All possible port/protocol configurations allowed Use of DoD Logon banners virtually unheard of Easy, open access to online Help files Widely available USB and RS232 ports Verbose and highly descriptive error messages Weak password controls Every control enclosure on an installations has the same key 10

12 11

13 The evolution of Building Automation Systems networks has also increased their vulnerabilities Originally were built on own proprietary networks By late 90s push to utilize business Ethernet LANs Today over 95% of all BAS reside on shared networks Use commercial operating systems & COTS components Follow IEEE and IT networking standards and client/server models Incorporate Web User Interfaces 12

14 13

15 ICS and Building Automation Systems cyber security risks and vulnerabilities are generally found in three vectors: 1. Physical Security 2. Network Security 3. ICS Operations Risk identification and corresponding mitigation steps should align and derive from these three general areas of vulnerability 14

16 Next few slides are an example of ICS network vulnerabilities and mitigation actions as identified by the Naval District Washington 15

17 16

18 17

19 18

20 19

21 The most basic network vulnerability mitigation measure is the construction of firewalls 20

22 21

23 Companies are developing secure BAS controllers that imbed firewalls & provide encryption Metasys Secured NAE S NAE-S Program Phase 1 Exit, 04/12/

24 Mitigation is generally implemented through coincident EMCS modernization and cyber hardening projects A high percentage of DOD installations have diverse, aging buildings with disparate, out-dated automation systems makes it difficult to effectively operate and conserve energy increases vulnerabilities to cyber attack Modernization brings many benefits A more cyber secure EMCS or BAS increased energy efficiency and reduced operational costs enhanced energy security improved functionality (e.g. GHG reporting) better mission support 23

25 Many excellent resources are available for analyzing and designing building systems and ICS protections Standards and References are included in the areas of: Cyber Security Policy Planning and Preparation, Establishing Network Segmentation, Firewalls and DMZs, Control System Security Procurement Requirements Specifications, etc. 24

26 25

27 26

28 For additional information contact: Mark Duszynski VP Johnson Controls Federal Systems

29 Utility Subcommittee Steve Moes Col (Ret), USAF LRS Federal, LLC

30 Utility Subcommittee Members Pat Coullahan COE AK Dave Maharrey LSU Irv Lee City of Tampa Dan Clairmont UT Austin Joe Okes AOC Steve Scott SEPI Engineering and Construction

31 Definition Utility cybersecurity is the protection of the utility systems (Water and Waste Water) operation and the information the system collects. Information includes equipment info, usage data, etc. The protection of the system is both external (blocking ports) and internal such as programs that search for anomalies or other traces of cyber attackers.

32 Typical Installation Utility Systems Vulnerabilities Identification is inherent at any Military Installation for systems they own Prioritized facilities/systems Mitigation Contingency Plans Local Operational Inspections and Exercises Continue the Mission

33 W/WWT Systems-Water Sector Specific Plan EPA is the Federal lead for coordinating and assisting in protecting the Nation s critical Water Sector infrastructure > 153,000 public drinking water systems > 16,500 publicly owned treatment works

34 Drinking Water Systems Physical Elements Water Source Conveyance Raw Water Storage Treatment Finished Water Storage Distribution System Monitoring System Cyber Elements Supervisory Control and Data Acquisition (SCADA) System Human Elements Employees and Contractors Waste Water Utilities Physical Elements Collection Raw Influent Storage Treatment Treated Water Storage Effluent Discharge Monitoring System Cyber Elements SCADA Human Elements Employees and Contractors

35 Goals Sustain protection of public health and the environment Recognize and reduce risks Maintain a resilient infrastructure Increase communication, outreach, and public confidence Assess Risk Consequence, Threat and Vulnerability Assessments Screening Infrastructure Assessing Consequences

36 Prioritize Population served Amount of chlorine gas stored on site Economic impact Critical customers served Implement Focus is on high-density population systems (> 100,000 people) Develop templates for detection, response and recovery plans Update emergency response and recovery plans Increase public and political understanding of denial-of-service impacts

37 Potential Opportunities with Sequestration?

38 Protecting Networks in the Age of Light and Air Cyber-attacks From the Physical Infrastructure Standpoint Emmett McGrath, Wesco

39 Light and Air Communication Infrastructure from Inside Plant to Outside Plant Vulnerabilities of Wired/Wireless Communications Networks Available Technologies to Protect Physical Infrastructure Department of Defense is Driving Information Assurance Protecting Everything

40 Drivers Internet Users in North America Growth: 153.3% from million Internet Users in North America 327 million US Mobile Phone Users 58.4% of all American Homes Subscribe to Cable TV 80% of all US Phone Calls Traverse Passive Optical Equipment 30% of all US Mobile Calls Traverse Passive Optical Equipment 22.6 million Homes in the US are Fiber to the Home (13% growth)

41 Vulnerabilities Fiber and Copper Wireless Tapping Denial of Service (DoS) Blind Trust of Senders (MAC Addresses) Denial of Service (DoS) Encryption Based Attacks

42 Available Technologies Methods Harden Pipe, Concrete, Boxes, Locks, Welding etc Inspection Constant or Periodic Visual Inspection Alarm External Monitors Internal Monitors

43 Designed for data infrastructure security Makes the entire cable a sensor - Use a pair of fibers inside the cable being protected - When any component of the cable is abnormally handled, the monitored fibers sense the disturbance Event discrimination technology - Learns the ambient state of the network and differentiates between benign events and real threats - False alarms eliminated - If an INTERCEPTOR alarms, there is a problem (perhaps not a threat) Standard fibers intrinsic to (inside) the cables being protected are used to monitor intrusions into the cables themselves

44 Passive Start Junction Rack mounted Sensing Controller Inactive leadin cable fiber optic sensing cable Passive Terminator A SM fiber optic cable is used as a distributed sensor Steady CW laser light is sent down the fiber When any motion or vibration acts on the fiber, or anything the fiber is attached to or buried in, the lightwave is affected and this change is detected and the event is classified using patented FFT technology

45 Securing Wireless Networks There are three primary areas for concern: Confidentiality, Accessibility, Integrity Implement strong encryption algorithms with stringent password requirements. Wireless Intrusion Detection Systems (WIDS) monitor network traffic and analyze it for various known attack patterns. WIDS can be Signature based (also called misuse detection) and anomaly based detection. In signature based detection, a database of known abnormal patterns must be compiled and maintained. Thus, this approach is weak against attacks that are have not been seen before. In anomaly based detection, the system is trained on normal network activity so that when it experiences activity that is different from what is expected, it alerts system administrators of possible network intrusions. This approach will yield a high false-positive rate if the training set is not exhaustive.

46 Department of Defense Defense Information Systems Agency (DISA) A Combat Support Agency, provides, operates, and assures command and control, information sharing capabilities, and a globally accessible enterprise information infrastructure in direct support to joint warfighters, National level leaders, and other mission and coalition partners across the full spectrum of operations. Information Assurance (IA) National Security Agency (NSA) NSA's Information Assurance Mission focuses on protecting National Security Information and Information Systems Certified TEMPEST Technical Authority (CTTA) "TEMPEST Countermeasures for Facilities," establishes guidelines and procedures that shall be used by departments and agencies to determine the applicable TEMPEST countermeasures for national security systems.

47 Datacenter & SAN Infrastructure Solutions (Pre-terminated cables, cabinets, etc) Physical Network Security & Information Assurance Solutions (PDS, Fiber Security, Intelligent Patching) OSP/LAN Networks (Cable, Connectivity, Pathway, Racks/Cabinets) Secure/C4ISR Network & SCIF Infrastructure (SIPRNET/JWICS, DODIIS) Physical Security & Life Safety (Access Control, CCTV, Paging, Notification) Tactical & Deployable Solutions (Mobile Command Centers, Integrated Cross Talk over multiple platforms)

48 Protecting Everything National: Border Security Perimeters: Airports Perimeters: Restricted Areas Military: Counter IED Military: Choke Points Perimeters: High Value Assets Perimeters: Power Stations Railways: Track Damage Railways: Cable Tampering Perimeters: Vandalism

49 Conclusion Secure(it) Program Most Comprehensive Collection of Products and Solutions Developed Specifically for Reducing the Cost and Complexity of SIPRNet Networks Proven Approved Bundled Solutions from Industry Leading Manufacturers Exclusive to CSC Products and Solutions Design and Consulting Services Available Complete Security For Confidential, Secret, Top Secret, Sensitive Compartmented Information (SCI), Special Access Programs (SAP) The Most Experienced Team in The Industry.

SECURITY FOR TODAY S PHYSICAL NETWORK AND DATA TRAFFIC

SECURITY FOR TODAY S PHYSICAL NETWORK AND DATA TRAFFIC SECURITY FOR TODAY S PHYSICAL NETWORK AND DATA TRAFFIC End-to-end Infrastructure Protection for Institutions In the last few years, the demand for classified information experienced by many government

More information

GE Measurement & Control. Cyber Security for NEI 08-09

GE Measurement & Control. Cyber Security for NEI 08-09 GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4

More information

Physical & Network Security Infrastructure Solutions

Physical & Network Security Infrastructure Solutions Physical & Network Security Infrastructure Solutions people. passion. expertise. gocsc.com What is the Secure(it) Program? Secure(it) is a bundle of the industry s latest solutions, designed to protect

More information

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations

More information

Security Issues with Integrated Smart Buildings

Security Issues with Integrated Smart Buildings Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern

More information

Cyber Security Controls Assessment : A Critical Discipline of Systems Engineering

Cyber Security Controls Assessment : A Critical Discipline of Systems Engineering Cyber Controls : A Critical Discipline of Systems 14 th Annual NDIA Systems San Diego, CA October 24-28, 2011 Bharat Shah Lockheed Martin IS&GS bharat.shah@lmco.com Purpose Provide an overview on integrating

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

Reliable, Repeatable, Measurable, Affordable

Reliable, Repeatable, Measurable, Affordable Reliable, Repeatable, Measurable, Affordable Defense-in-Depth Across Your Cyber Security Life-Cycle Faced with today s intensifying threat environment, where do you turn for cyber security answers you

More information

OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC 20301-1700

OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC 20301-1700 OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC 20301-1700 OPERATIONAL TEST AND EVALUATION AUG 0 1 2014 MEMORANDUM FOR COMMANDER, ARMY TEST AND EVALUATION COMMAND COMMANDER, AIR

More information

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323

More information

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Security for. Industrial. Automation. Considering the PROFINET Security Guideline Security for Industrial Considering the PROFINET Security Guideline Automation Industrial IT Security 2 Plant Security Physical Security Physical access to facilities and equipment Policies & Procedures

More information

Cyber Security for NERC CIP Version 5 Compliance

Cyber Security for NERC CIP Version 5 Compliance GE Measurement & Control Cyber Security for NERC CIP Version 5 Compliance imagination at work Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security Management Controls...

More information

Dr. György Kálmán gyorgy@mnemonic.no

Dr. György Kálmán gyorgy@mnemonic.no COMMUNICATION AND SECURITY IN CURRENT INDUSTRIAL AUTOMATION Dr. György Kálmán gyorgy@mnemonic.no Agenda Connected systems historical overview Current trends, concepts, pre and post Stuxnet Risks and threats

More information

Department of Defense

Department of Defense Department of Defense DIRECTIVE NUMBER 8100.02 April 14, 2004 Certified Current as of April 23, 2007 ASD(NII) SUBJECT: Use of Commercial Wireless Devices, Services, and Technologies in the Department of

More information

Interceptor Optical Network Security System. Design Guide. Chapter 4: INTERCEPTOR Optical Network Security System Alarmed Carrier PDS

Interceptor Optical Network Security System. Design Guide. Chapter 4: INTERCEPTOR Optical Network Security System Alarmed Carrier PDS Interceptor Optical Network Security System } Chapter 4: INTERCEPTOR Optical Network Security System Alarmed Carrier PDS Copyright 2010 Network Integrity Systems, Inc. All rights reserved. The information

More information

Compliance Risk Management IT Governance Assurance

Compliance Risk Management IT Governance Assurance Compliance Risk Management IT Governance Assurance Solutions That Matter Introduction to Federal Information Security Management Act (FISMA) Without proper safeguards, federal agencies computer systems

More information

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses

More information

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION Department of Defense INSTRUCTION NUMBER 8551.01 May 28, 2014 DoD CIO SUBJECT: Ports, Protocols, and Services Management (PPSM) References: See Enclosure 1 1. PURPOSE. In accordance with the authority

More information

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION

CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION Directive Current as of 19 November 2014 J-8 CJCSI 8410.02 DISTRIBUTION: A, B, C, JS-LAN WARFIGHTING MISSION AREA (WMA) PRINCIPAL ACCREDITING AUTHORITY

More information

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance GE Oil & Gas Cyber Security for NERC CIP Versions 5 & 6 Compliance Cyber Security for NERC CIP Versions 5 & 6 Compliance 2 Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security

More information

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,

More information

Cybersecurity considerations for electrical distribution systems

Cybersecurity considerations for electrical distribution systems White Paper WP152002EN Supersedes January 2014 electrical distribution systems Authors Max Wandera, Brent Jonasson, Jacques Benoit, James Formea, Tim Thompson, Zwicks Tang, Dennis Grinberg, Andrew Sowada,

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

How To Secure Your System From Cyber Attacks

How To Secure Your System From Cyber Attacks TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital

More information

Department of Defense INSTRUCTION

Department of Defense INSTRUCTION Department of Defense INSTRUCTION NUMBER 5200.39 May 28, 2015 USD(I)/USD(AT&L) SUBJECT: Critical Program Information (CPI) Identification and Protection Within Research, Development, Test, and Evaluation

More information

Strategic Plan On-Demand Services April 2, 2015

Strategic Plan On-Demand Services April 2, 2015 Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on

More information

Intrusion Detection Systems

Intrusion Detection Systems Intrusion Detection Systems (IDS) Presented by Erland Jonsson Department of Computer Science and Engineering Contents Motivation and basics (Why and what?) IDS types and detection principles Key Data Problems

More information

DIACAP Presentation. Presented by: Dennis Bailey. Date: July, 2007

DIACAP Presentation. Presented by: Dennis Bailey. Date: July, 2007 DIACAP Presentation Presented by: Dennis Bailey Date: July, 2007 Government C&A Models NIST SP 800-37 - Guide for the Security Certification and Accreditation of Federal Information Systems NIACAP - National

More information

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems GE Measurement & Control Top 10 Cyber Vulnerabilities for Control Systems GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used

More information

Meeting Cyber Security Challenges

Meeting Cyber Security Challenges Meeting Cyber Security Challenges Presented to Naval Postgraduate School Cyber Summit 29 October 2009 Cynthia Irvine, PhD, Professor Naval Postgraduate School UNCLASSIFIED Overview Challenges in Cyber

More information

DeltaV System Cyber-Security

DeltaV System Cyber-Security January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...

More information

Interceptor Optical Network Security System. Design Guide. Chapter 3: Choosing between Encryption or a Protected Distribution System (PDS)

Interceptor Optical Network Security System. Design Guide. Chapter 3: Choosing between Encryption or a Protected Distribution System (PDS) Interceptor Optical Network Security System } Chapter 3: Choosing between Encryption or a Protected Distribution System (PDS) Copyright 2010 Network Integrity Systems, Inc. All rights reserved. The information

More information

A Model-based Methodology for Developing Secure VoIP Systems

A Model-based Methodology for Developing Secure VoIP Systems A Model-based Methodology for Developing Secure VoIP Systems Juan C Pelaez, Ph. D. November 24, 200 VoIP overview What is VoIP? Why use VoIP? Strong effect on global communications VoIP will replace PSTN

More information

DoD Strategy for Defending Networks, Systems, and Data

DoD Strategy for Defending Networks, Systems, and Data DoD Strategy for Defending Networks, Systems, and Data November 13, 2013 Department DoDD of Defense Chief Information Officer DoD Strategy for Defending Networks, Systems, and Data Introduction In July

More information

8/27/2015. Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354. Don t Wait Another Day

8/27/2015. Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354. Don t Wait Another Day Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354 2015 FRWA Annual Conference Don t Wait Another Day 1 SCADA Subsystems Management Physical Connectivity Configuration Mgmt.

More information

Update On Smart Grid Cyber Security

Update On Smart Grid Cyber Security Update On Smart Grid Cyber Security Kshamit Dixit Manager IT Security, Toronto Hydro, Ontario, Canada 1 Agenda Cyber Security Overview Security Framework Securing Smart Grid 2 Smart Grid Attack Threats

More information

U.S. DoD Physical Security Market

U.S. DoD Physical Security Market U.S. DoD Physical Security Market Technologies Used for DoD Applications June 2011 Table of Contents Executive Summary 7 Introduction 8 Definitions and Scope 9-11 Percentage of FY 2010 Total Budget Request

More information

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations

More information

Industrial Control System Cyber Situational Awareness. Robert M. Lee* June 10 th, 2015

Industrial Control System Cyber Situational Awareness. Robert M. Lee* June 10 th, 2015 Industrial Control System Cyber Situational Awareness Robert M. Lee* June 10 th, 2015 Executive Summary Cyber situational awareness is the concept of understanding and visualizing the networked environment

More information

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample

More information

Department of Defense INSTRUCTION. SUBJECT: Communications Security (COMSEC) Monitoring and Information Assurance (IA) Readiness Testing

Department of Defense INSTRUCTION. SUBJECT: Communications Security (COMSEC) Monitoring and Information Assurance (IA) Readiness Testing Department of Defense INSTRUCTION NUMBER 8560.01 October 9, 2007 ASD(NII)/DoD CIO SUBJECT: Communications Security (COMSEC) Monitoring and Information Assurance (IA) Readiness Testing References: (a) DoD

More information

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations

More information

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the

More information

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808 cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

More information

Vindicator Security Solutions. Security for Mission-Critical Applications

Vindicator Security Solutions. Security for Mission-Critical Applications Vindicator Security Solutions Security for Mission-Critical Applications About Vindicator Security Solutions Photo courtesy of U.S. Department of Defense. Military, Federal and State Governments Ports

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

SCOPE. September 25, 2014, 0930 EDT

SCOPE. September 25, 2014, 0930 EDT National Protection and Programs Directorate Office of Cyber and Infrastructure Analysis (OCIA) Critical Infrastructure Security and Resilience Note Critical Infrastructure Security and Resilience Note:

More information

Increase your network s security by making the right premise cabling decisions

Increase your network s security by making the right premise cabling decisions Increase your network s security by making the right premise cabling decisions André Mouton, Product Line Manager Benoit Chevarie, Product Line Manager August 2006 Revision 2 Increase your network s security

More information

Mission Assurance and Security Services

Mission Assurance and Security Services Mission Assurance and Security Services Dan Galik, Chief Federation of Tax Administrators Computer Security Officer Conference March 2007 Security, privacy and emergency preparedness issues are front page

More information

Network Security Deployment (NSD)

Network Security Deployment (NSD) Network Security Deployment (NSD) National Cybersecurity Protection System (NCPS) 11 July 2012 What is the NCPS? National Cybersecurity Protection System (NCPS) is the program of record within the Department

More information

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives Center of excellence for secure integration, deployment and sustainment of Industrial Control Systems and Operational Technology

More information

Information Security Policy

Information Security Policy Information Security Policy Steve R. Hutchens, CISSP EDS, Global Leader, Homeland Security Agenda Security Architecture Threats and Vulnerabilities Design Considerations Information Security Policy Current

More information

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A

More information

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

A Review of Anomaly Detection Techniques in Network Intrusion Detection System A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In

More information

Using ISA/IEC 62443 Standards to Improve Control System Security

Using ISA/IEC 62443 Standards to Improve Control System Security Tofino Security White Paper Version 1.2 Published May 2014 Using ISA/IEC 62443 Standards to Improve Control System Security Contents 1. Executive Summary... 1 2. What s New in this Version... 1 3. Why

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Cybersecurity Converged Resilience :

Cybersecurity Converged Resilience : Cybersecurity Converged Resilience : The cybersecurity of critical infrastructure 2 AECOM Port Authority of New York and New Jersey (PANYNJ), New York, New York, United States. AECOM, working with the

More information

STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE

STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE HOUSE OVERSIGHT AND GOVERNMENT REFORM COMMITTEE S INFORMATION TECHNOLOGY SUBCOMMITTEE AND THE VETERANS

More information

Architecture Overview

Architecture Overview Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and

More information

Network Management and Defense Telos offers a full range of managed services for:

Network Management and Defense Telos offers a full range of managed services for: Network Management and Defense Telos offers a full range of managed services for: Network Management Operations Defense Cybersecurity and Information Assurance Software and Application Assurance Telos:

More information

Cloud Security for Federal Agencies

Cloud Security for Federal Agencies Experience the commitment ISSUE BRIEF Rev. April 2014 Cloud Security for Federal Agencies This paper helps federal agency executives evaluate security and privacy features when choosing a cloud service

More information

A Comprehensive Cyber Compliance Model for Tactical Systems

A Comprehensive Cyber Compliance Model for Tactical Systems A Comprehensive Cyber Compliance Model for Tactical Systems Author Mark S. Edwards, CISSP/MSEE/MCSE Table of Contents July 28, 2015 Meeting Army cyber security goals with an IA advocate that supports tactical

More information

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS CYBER ATTACKS INFILTRATE CRITICAL INFRASTRUCTURE SECTORS Government and enterprise critical infrastructure sectors such as energy, communications

More information

Network & Information Security Policy

Network & Information Security Policy Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk

More information

Data Security Concerns for the Electric Grid

Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid The U.S. power grid infrastructure is a vital component of modern society and commerce, and represents a critical

More information

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann

More information

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) CONTENT Introduction 2 Overview of Continuous Diagnostics & Mitigation (CDM) 2 CDM Requirements 2 1. Hardware Asset Management 3 2. Software

More information

Best of Breed Opinion

Best of Breed Opinion Best of Breed Opinion Basic requirements for a best in class Global Security Operation Center. CONSULTING AND INVESTIGATIONS DIVISION The Consulting and Investigations (C&I) Division is part of one of

More information

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services Managing Vulnerabilities for PCI Compliance White Paper Christopher S. Harper Managing Director, Agio Security Services PCI STRATEGY Settling on a PCI vulnerability management strategy is sometimes a difficult

More information

Security Testing in Critical Systems

Security Testing in Critical Systems Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base

More information

A Concise Model to Evaluate Security of SCADA Systems based on Security Standards

A Concise Model to Evaluate Security of SCADA Systems based on Security Standards A Concise Model to Evaluate Security of SCADA Systems based on Security Standards Nasser Aghajanzadeh School of Electrical and Computer Engineering, Shiraz University, Shiraz, Iran Alireza Keshavarz-Haddad

More information

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff

More information

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational

More information

CRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE

CRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE 1 CRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE Gavin McLintock P.Eng. CISSP PCIP 2 METCALFE POWER STATION 16 April 2013 Sophisticated physical attack 27 Days outage $15.4 million

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

Improvements Needed With Host-Based Intrusion Detection Systems

Improvements Needed With Host-Based Intrusion Detection Systems Report No. DODIG-2012-050 February 3, 2012 Improvements Needed With Host-Based Intrusion Detection Systems Warning This report is a product of the Inspector General of the Department of Defense. Its contents

More information

Risk Management Framework (RMF): The Future of DoD Cyber Security is Here

Risk Management Framework (RMF): The Future of DoD Cyber Security is Here Risk Management Framework (RMF): The Future of DoD Cyber Security is Here Authors: Rebecca Onuskanich William Peterson 3300 N Fairfax Drive, Suite 308 Arlington, VA 22201 Phone: 571-481-9300 Fax: 202-315-3003

More information

Security in Space: Intelsat Information Assurance

Security in Space: Intelsat Information Assurance Security in Space: Intelsat Information Assurance 14/03/6997 Intelsat Information Assurance Intelsat maintains the highest standards of Information Assurance by assessing and building the Intelsat infrastructure,

More information

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division

More information

Meeting the Cybersecurity Standards of ANSI/ISA 62443 with Data Diodes

Meeting the Cybersecurity Standards of ANSI/ISA 62443 with Data Diodes Meeting the Cybersecurity Standards of ANSI/ISA 62443 with Data Diodes Dennis Lanahan June 1, 2015 Securing the convergence of OT and IT with ST 1 Introduction to Owl US US Owned and & Operated Product

More information

How To Manage Security On A Networked Computer System

How To Manage Security On A Networked Computer System Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1 JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask Everything You Wanted to Know about DISA STIGs but were Afraid to Ask An EiQ Networks White Paper 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue,

More information

EC Council Certified Ethical Hacker V8

EC Council Certified Ethical Hacker V8 Course Code: ECCEH8 Vendor: Cyber Course Overview Duration: 5 RRP: 2,445 EC Council Certified Ethical Hacker V8 Overview This class will immerse the delegates into an interactive environment where they

More information

IoT & SCADA Cyber Security Services

IoT & SCADA Cyber Security Services IoT & SCADA Cyber Security Services RIOT SOLUTIONS PTY LTD P.O. Box 10087, Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 4, 60 Edward St, Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au

More information

Cyber Threats in Physical Security Understanding and Mitigating the Risk

Cyber Threats in Physical Security Understanding and Mitigating the Risk Cyber Threats in Physical Security Understanding and Mitigating the Risk Synopsis Over the last few years, many industrial control systems, including security solutions, have adopted digital technology.

More information

Industrial Security Solutions

Industrial Security Solutions Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats

More information

Enterprise Security Platform for Government

Enterprise Security Platform for Government Enterprise Security Platform for Government Today s Cybersecurity Challenges in Government Governments are seeking greater efficiency and lower costs, adopting Shared Services models, consolidating data

More information

A Systems Approach to HVAC Contractor Security

A Systems Approach to HVAC Contractor Security LLNL-JRNL-653695 A Systems Approach to HVAC Contractor Security K. M. Masica April 24, 2014 A Systems Approach to HVAC Contractor Security Disclaimer This document was prepared as an account of work sponsored

More information

Get Confidence in Mission Security with IV&V Information Assurance

Get Confidence in Mission Security with IV&V Information Assurance Get Confidence in Mission Security with IV&V Information Assurance September 10, 2014 Threat Landscape Regulatory Framework Life-cycles IV&V Rigor and Independence Threat Landscape Continuously evolving

More information

Intel Enhanced Data Security Assessment Form

Intel Enhanced Data Security Assessment Form Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized

More information

KeyLock Solutions Security and Privacy Protection Practices

KeyLock Solutions Security and Privacy Protection Practices KeyLock Solutions Overview KeyLock Solutions hosts its infrastructure at Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

Security Policy for External Customers

Security Policy for External Customers 1 Purpose Security Policy for This security policy outlines the requirements for external agencies to gain access to the City of Fort Worth radio system. It also specifies the equipment, configuration

More information

Products. Technology. Services. Delivered Globally. PROTECTING CRITICAL INFRASTRUCTURE SOLUTION

Products. Technology. Services. Delivered Globally. PROTECTING CRITICAL INFRASTRUCTURE SOLUTION Products. Technology. Services. Delivered Globally. PROTECTING CRITICAL INFRASTRUCTURE SOLUTION THE ANIXTER DIFFERENCE Organizations responsible for building and maintaining critical infrastructures face

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc. Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources

More information

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Full Compliance With Trusted Internet Connection Requirements Is Progressing; However, Improvements Would Strengthen Security September 17, 2013 Reference

More information