Information Security Standards in Critical Infrastructure Protection

Save this PDF as:
Size: px
Start display at page:

Download "Information Security Standards in Critical Infrastructure Protection"

Transcription

1 Information Security Standards in Critical Infrastructure Protection Berlin 11/11/2015 Alessandro Guarino StudioAG

2 Introduction Computers everywhere! ICT Technologies pervasive even in very analog settings: trains, planes, automobiles (and water treatment) Worse everything seems to be connected Slide 2 of 19

3 Introduction However we have a problem Industrial plants and infrastructure applications have their own peculiarities: Physical effects Long life and legacy systems Geographical dispersion Safety first! Important societal impacts several stakeholders Slide 3 of 19

4 Introduction [...]an asset, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions. Slide 4 of 19

5 Introduction Standards as an integral part of Infosec In CIP and Cyber Security they are becoming integral to policy Cybersecurity policy at the crossroads of Information Technology, Security, Policy, Economics... Slide 5 of 19

6 The World of Standardisation Overly fragmented and complex (actors and bodies, geography, interests involved ) Rough classification of norms along two params: Technical vs. Organisational Certifiable vs. Non-certifiable Slide 6 of 19

7 The World of Standardisation Who writes standards? An alphabet soup (selection): Europe: CEN, CENELEC & ETSI The European Standardisation Organisations United States: NIST, ANSI, NERC Worldwide: ISO, IEC Many, many others... Slide 7 of 19

8 Available Standards (Some of them...) ISO Common Criteria, aka ISO NIST NERC CIP ANSI/ISA 99 Slide 8 of 19

9 ISO Risk-based Wide range of controls Not specific, needs to be tailored and implemented Part of the ISO 27xxx series Slide 9 of 19

10 Common Criteria Concerned with design & development Adopted in the military Not directly applicable but useful to assess the level of security of single elements of the system Slide 10 of 19

11 American Standards NIST Security and Privacy Controls for Federal Information Systems and Organizations The framework for Cyber Security of 2014 Slide 11 of 19

12 American Standards NERC Standards for the Power Grid A very interesting case study for policy (Specific sector but example of a Critical Infrastructure, central to many others) Slide 12 of 19

13 Standardisation Policies Standard development Standard implementation and adoption Slide 13 of 19

14 Standardisation Policies The development phase Europe: The ESO ecosystem, the Commission and their interactions US: Free Market and Supreme Executive Power Slide 14 of 19

15 Standardisation Policies Adoption of standards: policy options No mandatory standardisation (non-interference) Voluntary standardisation compliance Possibly with economic incentives Mandatory compliance (NERC CIP) Slide 15 of 19

16 Standardisation Policies Slide 16 of 19

17 Conclusions Benefits of technical standardisations is mostly non-controversial Organisational models adoption sketchy Problem Organisational Security Models are fundamental for Cyber Security Policy-wise, mandatory adoption seems necessary for CI. Alternatives? Slide 17 of 19

18 Thank you! Any questions? Full Paper and Slide Deck Freely Available at: (Information Security Blog) StudioAG Infosec Consultancy Firm Slide 18 of 19

19 References CEN-CENELEC-ETSI Cyber Security Coordination Group: Recommendations for a Strategy on European Cyber Security Standardisation, 2014 ( Dept. of Homeland Security: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization and Protection, 2003 ISO/IEC: ISO/IEC 27001:2013 Information Technology Security Techniques Information Security Management Systems Requirements NIST: Framework for Improving Critical Infrastructure Cybersecurity, 2014 NIST: NIST Special Publication Revision 4 Security and Privacy Controls for Federal Information Systems and Organizations Slide 19 of 19

Volker Jacumeit, DIN e. V. ILNAS Workshop CSCG Presentation June 4, 2015

Volker Jacumeit, DIN e. V. ILNAS Workshop CSCG Presentation June 4, 2015 Volker Jacumeit, DIN e. V. ILNAS Workshop CSCG Presentation June 4, 2015 Cyber Security Coordination Group Who we are: Advisory body of the European Standards Organizations Composed of experts from CEN/CLC

More information

EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL. Space, Security and GMES Security Research and Development

EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL. Space, Security and GMES Security Research and Development Ref. Ares(2011)193990-22/02/2011 EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL Space, Security and GMES Security Research and Development Brussels, 17 th February 2011 M/487 EN PROGRAMMING

More information

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org. 2014 Utilities Telecom Council

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org. 2014 Utilities Telecom Council Voluntary Cybersecurity Initiatives in Critical Infrastructure Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org 2014 Utilities Telecom Council Utility cybersecurity environment is full of collaborations

More information

CEN and CENELEC response to the EC Consultation on Standards in the Digital Single Market: setting priorities and ensuring delivery January 2016

CEN and CENELEC response to the EC Consultation on Standards in the Digital Single Market: setting priorities and ensuring delivery January 2016 CEN Identification number in the EC register: 63623305522-13 CENELEC Identification number in the EC register: 58258552517-56 CEN and CENELEC response to the EC Consultation on Standards in the Digital

More information

NIST Cybersecurity Framework What It Means for Energy Companies

NIST Cybersecurity Framework What It Means for Energy Companies Daniel E. Frank J.J. Herbert Mark Thibodeaux NIST Cybersecurity Framework What It Means for Energy Companies November 14, 2013 Your Panelists Dan Frank J.J. Herbert Mark Thibodeaux 2 Overview The Cyber

More information

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure

More information

On the European experience in critical infrastructure protection

On the European experience in critical infrastructure protection DCAF a centre for security, development and the rule of law On the European experience in critical infrastructure protection Valeri R. RATCHEV ratchevv@yahoo.com @ratchevv DCAF/CSDM 1 This presentation

More information

Standards in the Digital Single Market: setting priorities and ensuring delivery

Standards in the Digital Single Market: setting priorities and ensuring delivery Case Id: 7ea2081f-7496-473e-a25f-805fd92c4aad Date: 04/01/2016 19:19:44 Standards in the Digital Single Market: setting priorities and ensuring delivery Fields marked with are mandatory. General information

More information

Security Analysis Part I: Basics

Security Analysis Part I: Basics Security Analysis Part I: Basics Ketil Stølen, SINTEF & UiO October 2, 2015 1 Objectives for Lectures on Security Analysis Classify security concepts Introduce, motivate and explain a basic apparatus for

More information

UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION

UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Technical Conference on Critical Infrastructure Protection Issues Identified in Order No. 791 Prepared Statement of Melanie Seader, Senior

More information

Internet of Things - Internet of the Future" Workshop in Oslo 2012 02 01

Internet of Things - Internet of the Future Workshop in Oslo 2012 02 01 Internet of Things - Internet of the Future" Workshop in Oslo 2012 02 01 The IoT Value Creation Network, Norway Project in the VERDIKT-program The Research Council of Norway Today s Focus CEN and Internet

More information

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event

More information

Billing Code: 3510-EA

Billing Code: 3510-EA Billing Code: 3510-EA DEPARTMENT OF COMMERCE Office of the Secretary National Institute of Standards and Technology National Telecommunications and Information Administration [Docket Number: 130206115-3115-01]

More information

Help for the Developers of Control System Cyber Security Standards

Help for the Developers of Control System Cyber Security Standards INL/CON-07-13483 PREPRINT Help for the Developers of Control System Cyber Security Standards 54 th International Instrumentation Symposium Robert P. Evans May 2008 This is a preprint of a paper intended

More information

PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM

PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM Don Dickinson Phoenix Contact USA P.O. Box 4100 Harrisburg, PA 17111 ABSTRACT Presidential Executive Order 13636 Improving

More information

Concept for a cryptographic infrastructure for measurement components in smart grids

Concept for a cryptographic infrastructure for measurement components in smart grids Physikalisch-Technische Bundesanstalt Braunschweig und Berlin Concept for a cryptographic infrastructure for measurement components in smart grids Norbert Zisky Physikalisch-Technische Bundesanstalt Norbert

More information

Standards for Cyber Security

Standards for Cyber Security Best Practices in Computer Network Defense: Incident Detection and Response M.E. Hathaway (Ed.) IOS Press, 2014 2014 The authors and IOS Press. All rights reserved. doi:10.3233/978-1-61499-372-8-97 97

More information

European Distribution System Operators for Smart Grids

European Distribution System Operators for Smart Grids European Distribution System Operators for Smart Grids Network and information security (NIS): Recommendations for information sharing and risk management September 2014 Executive summary Our modern society

More information

NIST Cybersecurity Framework. ARC World Industry Forum 2014

NIST Cybersecurity Framework. ARC World Industry Forum 2014 NIST Cybersecurity Framework Vicky Yan Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL Executive Order 13636 Improving Critical Infrastructure Cybersecurity It is the policy

More information

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman

More information

NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA

NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA ViS!T - Verwaltung integriert sichere Informationstechnologie, Wien, 29.10.2014 European Union Agency

More information

ITI Cybersecurity Principles for Industry and Government

ITI Cybersecurity Principles for Industry and Government ITI Cybersecurity Principles for Industry and Government Danielle Kriz Director, Global Cybersecurity Policy Information Technology Industry Council IEEE CQR Meeting, Naples, FL May 12, 2011 About ITI

More information

Smart Grid Information Security

Smart Grid Information Security CEN-CENELEC-ETSI Smart Grid Coordination Group Date: 2014-12 Secretariat: CCMC CEN-CENELEC-ETSI Smart Grid Coordination Group M490-SGCG-SGIS-Intermediate-Report-V1.pdf 1 Contents Page 2 3 4 5 6 7 8 9 10

More information

Business Continuity for Cyber Threat

Business Continuity for Cyber Threat Business Continuity for Cyber Threat April 1, 2014 Workshop Session #3 3:00 5:30 PM Susan Rogers, MBCP, MBCI Cyberwise CP S2 What happens when a computer program can activate physical machinery? Between

More information

NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH

NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH SANS ICS Security Summit March 18, 2014 Jason D. Christopher Nadya Bartol Ed Goff Agenda Background Use of Existing Tools: C2M2 Case

More information

ehealth in support of safety, quality and continuity of care within and across borders

ehealth in support of safety, quality and continuity of care within and across borders ehealth in support of safety, quality and continuity of care within and across borders Gerard Comyn Acting Director Information Society & Media DG European Commission http://europa.eu.int/information_society/activities/health/index_en.htm

More information

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord Implementation of Cyber Security for Yara Glomfjord Speaker profile Olav Mo ABB

More information

Which cybersecurity standard is most relevant for a water utility?

Which cybersecurity standard is most relevant for a water utility? Which cybersecurity standard is most relevant for a water utility? Don Dickinson 1 * 1 Don Dickinson, Phoenix Contact USA, 586 Fulling Mill Road, Middletown, Pennsylvania, USA, 17057 (*correspondence:

More information

CEN/CENELEC/ETSI Cyber Security Coordination Group (CSCG)

CEN/CENELEC/ETSI Cyber Security Coordination Group (CSCG) CEN/CENELEC/ETSI Cyber Security Coordination Group (CSCG) White Paper No. 01 Recommendations for a Strategy on European Cyber Security Standardisation CSCG White Paper No. 01 Contents 1 Executive Summary...

More information

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security

More information

Appropriate security measures for smart grids

Appropriate security measures for smart grids 1 Appropriate security measures for smart grids Guidelines to assess the sophistication of security measures implementation [2012-12-06] 1 Copyright TenneT Appropriate security measures for smart grids

More information

Cyber Security and Privacy - Program 183

Cyber Security and Privacy - Program 183 Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology

More information

CONCEPTS IN CYBER SECURITY

CONCEPTS IN CYBER SECURITY CONCEPTS IN CYBER SECURITY GARY KNEELAND, CISSP SENIOR CONSULTANT CRITICAL INFRASTRUCTURE & SECURITY PRACTICE 1 OBJECTIVES FRAMEWORK FOR CYBERSECURITY CYBERSECURITY FUNCTIONS CYBERSECURITY CONTROLS COMPARATIVE

More information

Westlaw Journal. What is the Cybersecurity Framework? Risk Management Process And Pathway to Corporate Liability? Expert Analysis

Westlaw Journal. What is the Cybersecurity Framework? Risk Management Process And Pathway to Corporate Liability? Expert Analysis Westlaw Journal Computer & Internet Litigation News and Analysis Legislation Regulation Expert Commentary VOLUME 31, ISSUE 14 / DECEMBER 12, 2013 Expert Analysis The Cybersecurity Framework: Risk Management

More information

COMMITTEE ON STANDARDS AND TECHNICAL REGULATIONS (98/34 COMMITTEE)

COMMITTEE ON STANDARDS AND TECHNICAL REGULATIONS (98/34 COMMITTEE) EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL Regulatory Policy Standardisation Brussels, 9 th November 2005 Doc.: 34/2005 Rev. 1 EN COMMITTEE ON STANDARDS AND TECHNICAL REGULATIONS (98/34

More information

Why & How Cloud computing is enabling the digital transformation of financial services institutions

Why & How Cloud computing is enabling the digital transformation of financial services institutions Why & How Cloud computing is enabling the digital transformation of financial services institutions There s no one billion customer bank yet, because there s no way to do it without cloud. Next generation

More information

April 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

April 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,

More information

Smart grid security certification in Europe Challenges and recommendations

Smart grid security certification in Europe Challenges and recommendations Smart grid security certification in Europe European Union Agency for Network and Information Security www.enisa.europa.eu About ENISA ENISA is a centre of network and information security expertise for

More information

Standards in the Digital Single Market: setting priorities and ensuring delivery

Standards in the Digital Single Market: setting priorities and ensuring delivery Case Id: c2b48264-98a2-4dab-b05c-7e21b2b028b9 Date: 24/12/2015 15:19:42 Standards in the Digital Single Market: setting priorities and ensuring delivery Fields marked with are mandatory. General information

More information

CEN-CENELEC reply to the European Commission's Public Consultation on demand-side policies to spur European industrial innovations in a global market

CEN-CENELEC reply to the European Commission's Public Consultation on demand-side policies to spur European industrial innovations in a global market CEN Identification number in the EC register: 63623305522-13 CENELEC Identification number in the EC register: 58258552517-56 CEN-CENELEC reply to the European Commission's Public Consultation on demand-side

More information

Secure Machine to Machine Communication on the example of Smart Grids

Secure Machine to Machine Communication on the example of Smart Grids Corporate Technology Secure Machine to Machine Communication on the example of Smart Grids 10.ITG Fachtagung Zukunft der Netze 2011, Steffen Fries Siemens AG, CT T, GTF IT Security : +49 89 636 53403 :

More information

For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Cyber Security

For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Cyber Security For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE Cyber Security Purpose This paper briefs Members on the global cyber security outlook facing governments of some

More information

Smart Grid Standardization

Smart Grid Standardization Smart Grid Standardization CONFERENCE ON ROLLING PLAN ON ICT STANDARDISATION Session 3: Sustainable Growth: Smart grids and smart meters, ICT environment Brussels, 2014-03-25 Page 1 CEN-CENELEC-ETSI Smart

More information

Lifting the Fog Around Cloud Computing. Eric A. Hibbard, CISSP-ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems

Lifting the Fog Around Cloud Computing. Eric A. Hibbard, CISSP-ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems Lifting the Fog Around Cloud Computing Eric A. Hibbard, CISSP-ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems 1 Straw Poll Cloud Awareness A. To truly understand clouds one should

More information

Mandate M-403: ehealth Interoperability. Karl Øyri Intervensjonseteret, Rikshospitalet HF

Mandate M-403: ehealth Interoperability. Karl Øyri Intervensjonseteret, Rikshospitalet HF Mandate M-403: ehealth Interoperability Karl Øyri Intervensjonseteret, Rikshospitalet HF M-403: Mandate to the European Standardisation Organisations CEN, CENELEC and ETSI in the field of Information

More information

An Overview of ISO/IEC 27000 family of Information Security Management System Standards

An Overview of ISO/IEC 27000 family of Information Security Management System Standards What is ISO/IEC 27001? The ISO/IEC 27001 standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is known as Information

More information

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014 Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework September 23, 2014 Executive Order: Improving Critical Infrastructure Cybersecurity It is the policy of the United States to

More information

ISO/IEC Information & ICT Security and Governance Standards in practice. Charles Provencher, Nurun Inc; Chair CAC-SC27 & CAC-CGIT

ISO/IEC Information & ICT Security and Governance Standards in practice. Charles Provencher, Nurun Inc; Chair CAC-SC27 & CAC-CGIT ISO/IEC Information & ICT Security and Governance Standards in practice Charles Provencher, Nurun Inc; Chair CAC-SC27 & CAC-CGIT June 4, 2009 ISO and IEC ISO (the International Organization for Standardization)

More information

CForum: A Community Driven Solution to Cybersecurity Challenges

CForum: A Community Driven Solution to Cybersecurity Challenges SESSION ID: AST3-R01 CForum: A Community Driven Solution to Cybersecurity Challenges Tom Conkle Cybersecurity Engineer G2, Inc. @TomConkle Greg Witte Sr. Security Engineer G2, Inc. @thenetworkguy Organizations

More information

Nationwide Deployment of Social Alarms in Sweden

Nationwide Deployment of Social Alarms in Sweden Nationwide Deployment of Social Alarms in Sweden ehealth forum May 13 th 2014, Athens Greece The EIP AHA Scale-up Strategy Background problems and uncertainties Background the root of the problem The telecommunication

More information

MyCC Scheme Overview SECURITY ASSURANCE. Creating Trust & Confidence. Norhazimah Abdul Malek MyCC Scheme Manager zie@cybersecurity.

MyCC Scheme Overview SECURITY ASSURANCE. Creating Trust & Confidence. Norhazimah Abdul Malek MyCC Scheme Manager zie@cybersecurity. An Agency Under MOSTI MyCC Scheme Overview SECURITY ASSURANCE Creating Trust & Confidence Norhazimah Abdul Malek MyCC Scheme Manager zie@cybersecurity.my Copyright 2007 CyberSecurity Malaysia Slide no:

More information

NASCIO 2014 State IT Recognition Awards

NASCIO 2014 State IT Recognition Awards NASCIO 2014 State IT Recognition Awards Project: California Cybersecurity Task Force Category: Cybersecurity Initiatives Project Initiation Date: September, 2012 Project Completion Date: May 2013 Carlos

More information

Towards Standardisation Measures to Support the Security of Control and Real-Time Systems for Energy Critical Infrastructures

Towards Standardisation Measures to Support the Security of Control and Real-Time Systems for Energy Critical Infrastructures Towards Standardisation Measures to Support the Security of Control and Real-Time Systems for Energy Critical Infrastructures Alberto Stefanini, Marcelo Masera EUR 23538 EN - 2008 The mission of the IPSC

More information

Developing a National Strategy for Cybersecurity FOUNDATIONS FOR SECURITY, GROWTH, AND INNOVATION. Cristin Flynn Goodwin J.

Developing a National Strategy for Cybersecurity FOUNDATIONS FOR SECURITY, GROWTH, AND INNOVATION. Cristin Flynn Goodwin J. Developing a National Strategy for Cybersecurity FOUNDATIONS FOR SECURITY, GROWTH, AND INNOVATION Cristin Flynn Goodwin J. Paul Nicholas October 2013 Contents Executive Summary... 3 What Is a National

More information

Cyber Security in EU: ENISA approach

Cyber Security in EU: ENISA approach Cyber Security in EU: ENISA approach Konstantinos Moulinos, Security Expert European Union Network and Information Security Agency in Electricity Distribution Grids, Brussels European Union Agency for

More information

cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You!

cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You! cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You! Cybersecurity is all over the news. Target, University of Maryland, Neiman

More information

IoT & SCADA Cyber Security Services

IoT & SCADA Cyber Security Services IoT & SCADA Cyber Security Services RIOT SOLUTIONS PTY LTD P.O. Box 10087, Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 4, 60 Edward St, Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au

More information

TECHNICAL BOARD BT N 9776. Draft BT C135/2014. CEN/BT by correspondence. For vote Issue date: 2014-11-19

TECHNICAL BOARD BT N 9776. Draft BT C135/2014. CEN/BT by correspondence. For vote Issue date: 2014-11-19 BT N 9776 Draft BT C135/2014 TECHNICAL BOARD CEN/BT by correspondence For vote Issue date: 2014-11-19 Simultaneous circulation to CENELEC/BT Deadline: 2015-02-17 SUBJECT Creation of a new CEN/TC Private

More information

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security Boeing Defense, Space & Security Ventures Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security Tristan Glenwright - Boeing BOEING is a trademark of Boeing Management Company. The

More information

Keeping the Lights On

Keeping the Lights On Keeping the Lights On Fundamentals of Industrial Control Risks, Vulnerabilities, Mitigating Controls, and Regulatory Compliance Learning Goals o Understanding definition of industrial controls o Understanding

More information

Cyber security in education in Greece

Cyber security in education in Greece Cyber security in education in Greece Sokratis K. Katsikas ska@unipi.gr NIST SP800-50 NIS education in Europe EU Cyber security strategy and NIS directive http://eeas.europa.eu/policies/eu-cybersecurity/cybsec_comm_en.pdf

More information

Standardising the Internet of Things Is Today s System Adequate?

Standardising the Internet of Things Is Today s System Adequate? Standardising the Internet of Things Is Today s System Adequate? Kai Jakobs A Bit of Motivation The IoT represents another paradigm shift in communication initially, communication occurred between humans,

More information

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE JANUARY 2015 U.S. DEPARTMENT OF ENERGY OFFICE OF ELECTRICITY DELIVERY AND ENERGY RELIABILITY Energy Sector Cybersecurity Framework Implementation

More information

Maintaining Herd Communication - Standards Used In IT And Cyber Security. Laura Kuiper

Maintaining Herd Communication - Standards Used In IT And Cyber Security. Laura Kuiper Maintaining Herd Communication - Standards Used In IT And Cyber Security Laura Kuiper So what is Cyber Security? According to ITU-T X.1205 Cybersecurity is the collection of tools, policies, security concepts,

More information

Cybersecurity in a Mobile IP World

Cybersecurity in a Mobile IP World Cybersecurity in a Mobile IP World Alexander Benitez, Senior Scientist, ComSource Introduction by Robert Durbin, Cybersecurity Program Manager, ComSource Introduction ComSource s cybersecurity initiative

More information

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS NEW YORK Jeremy Feigelson jfeigelson@debevoise.com WASHINGTON, D.C. Satish M. Kini smkini@debevoise.com Renee

More information

Jyväskylä Cyber Security Ecosystem

Jyväskylä Cyber Security Ecosystem Jyväskylä Cyber Security Ecosystem Adjunct Professor, Dr. (Military Sciences), Col (ret.) Martti Lehto 30.9.2015 High Level Cyber Security Comment 4.2.2014 President Sauli Niinistö highlighted cyber security.

More information

Regulatory Compliance Management for Energy and Utilities

Regulatory Compliance Management for Energy and Utilities Regulatory Compliance Management for Energy and Utilities The Energy and Utility (E&U) sector is transforming as enterprises are looking for ways to replace aging infrastructure and create clean, sustainable

More information

Critical Infrastructure Security and Resilience

Critical Infrastructure Security and Resilience U.S. Department of Homeland Security in partnership with the National Coordination Office for Space-Based Positioning, Navigation and Timing Critical Infrastructure Security and Resilience International

More information

Models for Cyber Security Analysis

Models for Cyber Security Analysis Enterprise Architecture t Models for Cyber Security Analysis Teodor Sommestad Royal Institute of Technology KTH Stockholm, Sweden 1 Consequences of Cyber Security Incidents (?) CIA senior analyst Tom Donahue:

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2014 ISACA Pittsburgh Information Security Awareness Day Victoria Yan

More information

Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015

Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015 Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015 European Union Agency for Network and Information Security Summary 1 Presentation

More information

SCADA Security Training

SCADA Security Training SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,

More information

Smart Grid Cybersecurity

Smart Grid Cybersecurity Smart Grid Cybersecurity Exceeding cybersecurity requirements mandated by customers and regulatory agencies Abstract The world has become much more connected, with over 32 percent of the population of

More information

SCADA Security @ City of Raleigh. Martin Petherbridge, CPA, CIA Internal Audit Manager Shirley McFadden, CPA, CIA Senior Internal Auditor

SCADA Security @ City of Raleigh. Martin Petherbridge, CPA, CIA Internal Audit Manager Shirley McFadden, CPA, CIA Senior Internal Auditor SCADA Security @ City of Raleigh Martin Petherbridge, CPA, CIA Internal Audit Manager Shirley McFadden, CPA, CIA Senior Internal Auditor Agenda 1. PLCs, SCADA and Stuxnet 2. Selecting Audit Standards 3.

More information

An International Perspective on Security and Compliance

An International Perspective on Security and Compliance UNIDIRECTIONAL SECURITY GATEWAYS An International Perspective on Security and Compliance ICSJWG Fall Conference 2014 Lior Frenkel, CEO and Co-Founder Waterfall Security Solutions Andrew Ginter, VP Industrial

More information

National Cyber Security Policy -2013

National Cyber Security Policy -2013 National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information

More information

Who s Doing the Hacking?

Who s Doing the Hacking? Who s Doing the Hacking? 1 HACKTIVISTS Although the term hacktivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from

More information

Industrial Cybersecurity Center Are you looking for End-Users, Close to Market Approaches, Requirements, Validation and Dissemination?

Industrial Cybersecurity Center Are you looking for End-Users, Close to Market Approaches, Requirements, Validation and Dissemination? Industrial Cybersecurity Center Are you looking for End-Users, Close to Market Approaches, Requirements, Validation and Dissemination? Twitter: @info_cci Email: info@cci-es.org Meet the Center Non-profit,

More information

Response to NIST: Developing a Framework to Improve Critical Infrastructure Cybersecurity

Response to NIST: Developing a Framework to Improve Critical Infrastructure Cybersecurity National Grid Overview National Grid is an international electric and natural gas company and one of the largest investor-owned energy companies in the world. We play a vital role in delivering gas and

More information

September 4, 2003. appearing before you today. I am here to testify about issues and challenges in providing for

September 4, 2003. appearing before you today. I am here to testify about issues and challenges in providing for Testimony of John A. McCarthy, Director of the Critical Infrastructure Protection Project, George Mason School of Law Before a joint hearing of the House Subcommittee on Infrastructure Security and The

More information

BRIDGING BARRIERS: LEGAL AND TECHNICAL OF CYBERCRIME CASES

BRIDGING BARRIERS: LEGAL AND TECHNICAL OF CYBERCRIME CASES Organizer: BRIDGING BARRIERS: LEGAL AND TECHNICAL OF CYBERCRIME CASES Session 6 : Securing Your Fortress Best practices, standards, techniques and technologies secure your organization from cyber criminals.

More information

An overview of Health Informatics Standards

An overview of Health Informatics Standards An overview of Health Informatics Standards Management and Information Systems in Health Care in the Russian Federation, Moscow Y.Samyshkin, A.Timoshkin Centre for Health Management The Business School

More information

Report: An Analysis of US Government Proposed Cyber Incentives. Author: Joe Stuntz, MBA EP 14, McDonough School of Business

Report: An Analysis of US Government Proposed Cyber Incentives. Author: Joe Stuntz, MBA EP 14, McDonough School of Business S 2 ERC Project: Cyber Threat Intelligence Exchange Ecosystem: Economic Analysis Report: An Analysis of US Government Proposed Cyber Incentives Author: Joe Stuntz, MBA EP 14, McDonough School of Business

More information

NIST Unveils Preliminary Cybersecurity Framework

NIST Unveils Preliminary Cybersecurity Framework November 25, 2013 Practice Group: Cyber Law and Cybersecurity NIST Unveils Preliminary Cybersecurity Framework By Roberta D. Anderson On October 22, the National Institute of Standards and Technology (NIST)

More information

Sector Forum i Europa New proposals for Standards. Dr. Bernard GINDROZ, SFEM Chair

Sector Forum i Europa New proposals for Standards. Dr. Bernard GINDROZ, SFEM Chair Sector Forum i Europa New proposals for Standards Dr., SFEM Chair Agenda 1. European and International Standards Organizations 2. CEN/CENELEC Sector Forum Energy Management About CEN and CENELEC SFEM :

More information

The Cybersecurity Framework and the SAFETY Act a Primer for Temple Business School

The Cybersecurity Framework and the SAFETY Act a Primer for Temple Business School The Cybersecurity Framework and the SAFETY Act a Primer for Temple Business School MARCH 31, 2014 2013 Venable LLP 1 EO 13636: Improving Critical Infrastructure Cybersecurity Directs to NIST to develop

More information

Maturation of a Cyber Security Incident Prevention and Compliance Program

Maturation of a Cyber Security Incident Prevention and Compliance Program Maturation of a Cyber Security Incident Prevention and Compliance Program Utilities & Energy Compliance & Ethics Conference February 25, 2013 Houston, Texas Anna Wang Principal Consultant Imminent Cyber

More information

Nadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA. 2014 Utilities Telecom Council 1

Nadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA. 2014 Utilities Telecom Council 1 Nadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA 2014 Utilities Telecom Council 1 Why do we need cybersecurity? Agriculture and Food Energy

More information

No. 33 February 19, 2013. The President

No. 33 February 19, 2013. The President Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001

More information

SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012.

SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012. SECTION-BY-SECTION Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012. Section 2. Definitions. Section 2 defines terms including commercial information technology product,

More information

RFID and Privacy Impact Assessment (PIA)

RFID and Privacy Impact Assessment (PIA) URSI-France Journées scientifiques 25/26 mars 2014 Claude Tételin RFID and Privacy Impact Assessment (PIA) Centre National de Référence RFID, ctetelin@centrenational-rfid.com Mots clés : RFID, privacy,

More information

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope March 6, 2014 Victoria King UPS (404) 828-6550 vking@ups.com Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com

More information

An Overview of Large US Military Cybersecurity Organizations

An Overview of Large US Military Cybersecurity Organizations An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United

More information

Some Specific Parawise Suggestinons. 2. An application which collects and analyzes this data for further consolidation and,

Some Specific Parawise Suggestinons. 2. An application which collects and analyzes this data for further consolidation and, Comments by Amcham India on draft Internet of Things (IoT) Policy released by the Department of Electronics & Information Technology (DeitY), on October 16, 2014 Standards The Draft IoT Policy already

More information

BEFORE THE PUBLIC UTILITIES COMMISSION OF THE STATE OF CALIFORNIA ) ) ) ) ) )

BEFORE THE PUBLIC UTILITIES COMMISSION OF THE STATE OF CALIFORNIA ) ) ) ) ) ) BEFORE THE PUBLIC UTILITIES COMMISSION OF THE STATE OF CALIFORNIA Order Instituting Rulemaking on the Commission s Own Motion to Improve Distribution Level Interconnection Rules and Regulations for Certain

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Lessons from Defending Cyberspace

Lessons from Defending Cyberspace Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat

More information

National Institute of Standards and Technology Smart Grid Cybersecurity

National Institute of Standards and Technology Smart Grid Cybersecurity National Institute of Standards and Technology Smart Grid Cybersecurity Vicky Yan Pillitteri Advisor for Information Systems Security SGIP SGCC Chair Victoria.yan@nist.gov 1 The National Institute of Standards

More information

A Framework to Gauge Cyber Defenses

A Framework to Gauge Cyber Defenses White Paper A Framework to Gauge Cyber Defenses NIST s Cybersecurity Framework Helps Critical Infrastructure Owners to Cost-Effectively Defend National & Economic Security of the U.S. Executive Summary

More information