WORKSHOP Rethinking Cyber Security for Industrial Control Systems

Size: px
Start display at page:

Download "WORKSHOP Rethinking Cyber Security for Industrial Control Systems"

Transcription

1 WORKSHOP Rethinking Cyber Security for Industrial Control Systems Bob Mick, Workshop Moderator VP Emerging Technologies ARC Advisory Group 1

2 Re-Thinking Cyber Security Why Re-Thinking? An ARC Advisory Group Perspective Are we on the Right Track? What are the Emerging Opportunities? Are We Investing in the Right Security Activities? 2

3 Security In Manufacturing, Utilities Industrial Control Systems ICS Business Systems ERP, SCM, CRM, EAM, BI Lab Systems, Engineering Systems Remote Access Networking Software Servers Business Systems Remote Users Operations Management Networks Intelligences, Analytics, Integration Historians, Recipe Management, User Interface Networks HMI DCS Trending SCADA Operations Management Engineering Automation Systems Network Unit Controllers, PLCs, Devices Automation Laboratories Network Perspective Security Zone Perspective Focus on Cyber Security for ICS Operations Management and Automation 3

4 How Do We Approach Re-Thinking for ICS? Industrial Control System (ICS) Cyber Security Examine Fundamental Issues Miles McQueen, University of Idaho - Idaho National Labs INL is involved in several activities relative to ICS Basic Research participate in the academic community Miles challenge: Make us think Listen to a Voice of Experience Ernie Rakaczky, Invensys Contributed to many ICS Cyber Security activities Ernie s challenge: Represent the Supplier Perspective Open Discussion (~40 min) You, from your perspectives Your challenge: Share your ideas and issues (be positive) The Workshop Strategy 4

5 Rethinking Cyber Security For Control Systems Address Fundamentals Build on Experiences Start Title Speaker 200 2:00pm Opening and Overview Bob Mick, ARC Re-thinking Cyber Security for ICS 2:15pm 3:15pm Software and Human Vulnerabilities Implications for our Critical Infrastructures Break (30 minutes) Miles McQueen, INL 3:45pm Human Factors and a Need for Resilience Miles McQueen, INL 4:45pm Automation Suppliers Perspective and Strategies Ernie Rakaczky, Invensys 5:15pm 6:00pm Q&A Panel and Open Discussion All participants Conclude (for today) Bob Mick, ARC Take Notes about Your Questions and Ideas For the Open Discussion 5

6 Miles McQueen Idaho University Idaho National Labs Principal Investigator, Cyber Security R&D Department, Idaho National Laboratory Miles has held a variety of leadership roles at INL and has also been Director of the University of Idaho s Computer Science Program at the Idaho Falls Center for Higher Education. With well over 20 peer-reviewed reviewed scientific publications, Miles is currently leading research teams investigating cyber threat attack propagation and consequence modeling for multiple infrastructure simulation efforts. Previously, he investigated novel, first of a kind, 0Day vulnerability estimation techniques. Before the 0Day research, Miles led research teams in the investigation of security metrics, attack graphs, and attack surfaces in collaboration with Carnegie Mellon University and Princeton University Computer Science faculty. Miles has been invited, and has served, on a variety of national level security working groups providing assessments of the current state of the art in cyber security, evaluating the strengths and weaknesses in foundational principles, and identifying promising directions for future research and development. 6

7 Ernie Rakaczky Invensys Operations Management Program Manager, Control System Cyber Security Ernie has played an active role within the process control arena for over 32 years with the past 7 years fully dedicated in addressing the cyber security requirements for process control systems and raising the overall protection of our global infrastructures. Currently he has the responsibility to ensure a clear understanding and focus on cyber security requirements within all IOM product strategies at Invensys. As each product strategy is defined, consideration of current regulatory requirements, industry best practices and requirements that IOM clients are specifying within their procurement processes are addressed. Additionally, Ernie participates in the efforts underway at ISA within SP99, Automation Federation, NIST-SMART GRID, within ICSJWG from DHS, MSMUG and plays an active role in the various security initiatives with DOE, DHS, INL, NRC, NPRA, IAEA, and SANDIA. 7

8 Rethinking Cyber Security For Control Systems Address Fundamentals Build on Experiences Start Title Speaker 200 2:00pm Opening and Overview Bob Mick, ARC Re-thinking Cyber Security for ICS 2:15pm 3:15pm Software and Human Vulnerabilities Implications for our Critical Infrastructures Break (30 minutes) Miles McQueen, INL 3:45pm Human Factors and a Need for Resilience Miles McQueen, INL 4:45pm Automation Suppliers Perspective and Strategies Ernie Rakaczky, Invensys 5:15pm 6:00pm Q&A Panel and Open Discussion All participants Conclude (for today) Bob Mick, ARC Take Notes about Your Questions and Ideas For the Open Discussion 8

9 Let s Get Started! For more information, contact or visit 9

Rethinking Cyber Security for Industrial Control Systems (ICS)

Rethinking Cyber Security for Industrial Control Systems (ICS) Rethinking Cyber Security for Industrial Control Systems (ICS) Bob Mick VP Emerging Technologies ARC Advisory Group bmick@arcweb.com 1 Rethinking Cyber Security We Now Have Years of Experience - Security

More information

SCADA Security Training

SCADA Security Training SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,

More information

Panel on Emerging Cyber Security Technologies. Robert F. Brammer, Ph.D., VP and CTO. Northrop Grumman Information Systems.

Panel on Emerging Cyber Security Technologies. Robert F. Brammer, Ph.D., VP and CTO. Northrop Grumman Information Systems. Panel on Emerging Cyber Security Technologies Robert F. Brammer, Ph.D., VP and CTO Northrop Grumman Information Systems Panel Moderator 27 May 2010 Panel on Emerging Cyber Security Technologies Robert

More information

ARC Forum Orlando 2015 Building a Secure Industrial Internet of Things

ARC Forum Orlando 2015 Building a Secure Industrial Internet of Things ARC Forum Orlando 2015 Building a Secure Industrial Internet of Things Sid Snitkin Vice-President & GM Enterprise Advisory Services ARC Advisory Group srsnitkin@arcweb.com Session Overview ARC Presentation

More information

ARC WHITE PAPER. Risk Drives Industrial Control System Cyber Security Investment VISION, EXPERIENCE, ANSWERS FOR INDUSTRY MAY 2011

ARC WHITE PAPER. Risk Drives Industrial Control System Cyber Security Investment VISION, EXPERIENCE, ANSWERS FOR INDUSTRY MAY 2011 ARC WHITE PAPER By ARC Advisory Group MAY 2011 Risk Drives Industrial Control System Cyber Security Investment Executive Overview... 3 Game Changers for Industrial Control System Cyber Security... 4 Risk

More information

Ernie Hayden CISSP CEH GICSP Executive Consultant www.securicon.com

Ernie Hayden CISSP CEH GICSP Executive Consultant www.securicon.com Ernie Hayden CISSP CEH GICSP Executive Consultant www.securicon.com V1 10-7-14 This Presentation is Proprietary to Securicon, Inc. Any use of this document without express written approval from Securicon

More information

Cybersecurity & the Water Sector

Cybersecurity & the Water Sector Cybersecurity & the Water Sector NAWC Water Summit October 6, 2013 San Diego, CA Kevin Morley, AWWA How to deal with Cyber Threat? How would our operations change if we did not have SCADA working? How

More information

An International Perspective on Security and Compliance

An International Perspective on Security and Compliance UNIDIRECTIONAL SECURITY GATEWAYS An International Perspective on Security and Compliance ICSJWG Fall Conference 2014 Lior Frenkel, CEO and Co-Founder Waterfall Security Solutions Andrew Ginter, VP Industrial

More information

i Network, Inc Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time.

i Network, Inc Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time. Technology Solutions, Products & Services Providing the right information, to the right customer, at the right time. 2 Barry Brueseke (619) 401 7334 www.inetwork west.com 4/3/2014 IEEE Cyber Security Workshop

More information

A Modern Process Automation System Offers More than Process Control. Dick Hill Vice President ARC Advisory Group dhill@arcweb.com

A Modern Process Automation System Offers More than Process Control. Dick Hill Vice President ARC Advisory Group dhill@arcweb.com A Modern Process Automation System Offers More than Process Control Dick Hill Vice President ARC Advisory Group dhill@arcweb.com Modern Business Requirements Dynamic Customer Requirements Requiring Agility

More information

Historians and Production Management as Cloud Applications

Historians and Production Management as Cloud Applications Historians and Production Management as Cloud Applications Harry Forbes Senior Analyst ARC Advisory Group hforbes@arcweb.com Emerging Technologies Enable Information- Driven Manufacturing Big Data Analytics

More information

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants Jung-Woon Lee, Cheol-Kwon Lee, Jae-Gu Song, and Dong-Young Lee I&C and HF Research Division, Korea Atomic Energy

More information

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance

More information

Plant Software in the Cloud Fact vs. Myth

Plant Software in the Cloud Fact vs. Myth Plant Software in the Cloud Fact vs. Myth Andy Chatha President ARC Advisory Group AChatha@ARCweb.com Manufacturing Performance Improvement Levers Systems People Processes Information Things 2 Transformational

More information

What Risk Managers need to know about ICS Cyber Security

What Risk Managers need to know about ICS Cyber Security What Risk Managers need to know about ICS Cyber Security EIM Risk Managers Conference February 18, 2014 Joe Weiss PE, CISM, CRISC, ISA Fellow (408) 253-7934 joe.weiss@realtimeacs.com ICSs What are they

More information

CERIAS Tech Report 2012-15 Mapping Water Sector Cyber-Security Vulnerabilities by James H. Graham, Jeffrey L. Hieb and J. Chris Foreman Center for

CERIAS Tech Report 2012-15 Mapping Water Sector Cyber-Security Vulnerabilities by James H. Graham, Jeffrey L. Hieb and J. Chris Foreman Center for CERIAS Tech Report 2012-15 Mapping Water Sector Cyber-Security Vulnerabilities by James H. Graham, Jeffrey L. Hieb and J. Chris Foreman Center for Education and Research Information Assurance and Security

More information

The Internet of Everything:

The Internet of Everything: The Internet of Everything: Transforming O&G Industry in the new age Serhii Konovalov O&G Engineering Executive Amazing things Happen When You Connect the Unconnected March 12th, 2015 Why Internet of Everything?

More information

Applying Cloud Computing: An Executive Workshop

Applying Cloud Computing: An Executive Workshop Applying Cloud Computing: An Executive Workshop March 11, 2013 Joseph Pucciarelli VP & IT Executive Advisor The 3 rd Platform Shift: From IT Productivity to Business Productivity Innovation Information

More information

Cyber Security nei prodotti di automazione

Cyber Security nei prodotti di automazione Cyber Security nei prodotti di automazione Marco Biancardi, ABB SpA, Power System Division 11 dicembre 2013, Roma Why is it an issue? Isolated devices Point to point interfaces Proprietary networks Standard

More information

Effective OPC Security for Control Systems - Solutions you can bank on

Effective OPC Security for Control Systems - Solutions you can bank on Effective Security for Control Systems - Solutions you can bank on Darek Kominek Manager, Marketing, Matrikon Eric Byres, P. Eng., ISA Fellow CTO, Byres Security Inc. Executive Summary There is a perception

More information

Digital Citizen Services & Security

Digital Citizen Services & Security Digital Citizen Services & Security Tony West Unisys May 2016 2016 Unisys Corporation. All Rights Reserved. Unisys provides a range of solutions to address the drive toward Digital Citizens and Government

More information

New Era in Cyber Security. Technology Development

New Era in Cyber Security. Technology Development New Era in Cyber New Era in Cyber Security Security Technology Technology Development Development Combining the Power of the Oil and Gas Industry, DHS, and the Vendor Community to Combat Cyber Security

More information

AURORA Vulnerability Background

AURORA Vulnerability Background AURORA Vulnerability Background Southern California Edison (SCE) September 2011-1- Outline What is AURORA? Your Responsibility as a Customer Sectors Impacted by AURORA Review of Regulatory Agencies History

More information

The Case for Support: The Center for Cyber Security Studies at the U. S. Naval Academy

The Case for Support: The Center for Cyber Security Studies at the U. S. Naval Academy The Case for Support: The Center for Cyber Security Studies at the U. S. Naval Academy Computer and network security threats of the future are of concern today, and new strategies are required to ensure

More information

11741 E-Business Credit Hours: 3 11752 Integrated Application Systems Credit Hours: 3 11742 Enterprise Systems Architecture Credit Hours: 3

11741 E-Business Credit Hours: 3 11752 Integrated Application Systems Credit Hours: 3 11742 Enterprise Systems Architecture Credit Hours: 3 11741 E-Business E-Business is radically changing the ways in which business organizations operate and compete in the global market. This course introduces students to various aspects and models for e-business.

More information

Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives

Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives (Revised March 2012) Disclaimer: To the extent permitted by law, this document

More information

Safe Network Integration

Safe Network Integration UNIDIRECTIONAL SECURITY GATEWAYS Safe Network Integration Stronger than Firewalls Shaul Pescovsky, Sales Director Waterfall Security Solutions shaul@waterfall-security.com Proprietary Information -- Copyright

More information

Plant Software in the Cloud

Plant Software in the Cloud Plant Software in the Cloud Fact vs. Myth February 2012 Greg Gorbach Vice President ARC Advisory Group ggorbach@arcweb.com Cloud 2 Manufacturing Performance Improvement Levers Systems People Processes

More information

Smart grid security analysis

Smart grid security analysis Smart grid security analysis Paul Smith et al. paul.smith@ait.ac.at SPARKS Stakeholder Workshop 20 th May, 2014, Graz SPARKS Objectives The SPARKS project has three main objectives regarding security analysis:

More information

Including Threat Actor Capability and Motivation in Risk Assessment for Smart Grids

Including Threat Actor Capability and Motivation in Risk Assessment for Smart Grids CPSR-SG 2016: Joint International Workshop on Cyber-Physical Security and Resilience in Smart Grids, 12th April 2016, Vienna Security for smart Electricity GRIDs Including Threat Actor Capability and Motivation

More information

SCOPE. September 25, 2014, 0930 EDT

SCOPE. September 25, 2014, 0930 EDT National Protection and Programs Directorate Office of Cyber and Infrastructure Analysis (OCIA) Critical Infrastructure Security and Resilience Note Critical Infrastructure Security and Resilience Note:

More information

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security

More information

Cyber Security and Privacy - Program 183

Cyber Security and Privacy - Program 183 Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology

More information

Control Systems Security: Australian Government Activities. Dr. Jason Smith Asst. Director, Operations CERT Australia Attorney-General s Department

Control Systems Security: Australian Government Activities. Dr. Jason Smith Asst. Director, Operations CERT Australia Attorney-General s Department Japan Computer Emergency Response Team Coordination Center 電子署名者 : Japan Computer Emergency Response Team Coordination Center DN : c=jp, st=tokyo, l=chiyoda-ku, email=office@jpcert.or.jp, o=japan Computer

More information

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Cyber Security Risk With Today s Cyber Threats, How Secure is Your Control System? Today, industrial organizations are faced

More information

Cyber Security Implications of SIS Integration with Control Networks

Cyber Security Implications of SIS Integration with Control Networks Cyber Security Implications of SIS Integration with Control Networks The LOGIIC SIS Project Standards Certification Education & Training Publishing Conferences & Exhibits Presenter Zach Tudor is a Program

More information

I3P SCADA Security Research Plan

I3P SCADA Security Research Plan I3P SCADA Security Research Plan Unifying Stakeholders and Security Programs to Address SCADA Vulnerability and Infrastructure Interdependency Ron Trellue, Team Lead Sandia National Laboratories 1 What

More information

CPM and Operations Management

CPM and Operations Management CPM and Operations Management Manufacturers Need Plant Software Now More Than Ever February 9, 2010 Greg Gorbach Vice President ARC Advisory Group ggorbach@arcweb.com Today s Business Environment Makes

More information

Process Control Systems Forum (PCSF)

Process Control Systems Forum (PCSF) Process Control Systems Forum (PCSF) Michael Torppey Technical Manager, PCSF Senior Principal, Mitretek Systems Collaborating to Advance Control System Security Background Department of Homeland Security

More information

Data Analytics & Information Security

Data Analytics & Information Security Data Analytics & Information Security About The Speaker Practice Director at ERM M.S. Information Networking and Security CERT Coordination Center - Carnegie Mellon University Carnegie Mellon CyLab Agenda

More information

OPC & Security Agenda

OPC & Security Agenda OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information

More information

Innovative Defense Strategies for Securing SCADA & Control Systems

Innovative Defense Strategies for Securing SCADA & Control Systems 1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet

More information

Mobility Solutions for Plant Personnel

Mobility Solutions for Plant Personnel Mobility Solutions for Plant Personnel ARC Forum Orlando, February 2014 Greg Gorbach Vice President ARC Advisory Group ggorbach@arcweb.com Introduction Mobile Devices play a key role in industrial operations

More information

2015 Golf & Learn August 18, 2015

2015 Golf & Learn August 18, 2015 2015 Golf & Learn August 18, 2015 Cyber-Security: Is your satellite network at risk? Moderator: Caleb Henri, Via Satellite Introduction Frank Zinghini, Applied Visions, Inc. AVI: developer of mission-critical

More information

Collaborative Service Management Reduces Cost and Risk. Executive Overview... 3. Trends in Process Industry Operations Challenge Service Models...

Collaborative Service Management Reduces Cost and Risk. Executive Overview... 3. Trends in Process Industry Operations Challenge Service Models... ARC WHITE PAPER By ARC Advisory Group JANUARY 2007 Collaborative Service Management Reduces Cost and Risk Executive Overview... 3 Trends in Process Industry Operations Challenge Service Models... 4 Problems

More information

SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT

SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT SAN ANTONIO WATER SYSTEM PURCHASING DEPARTMENT Issued By: Clifford Gorman Date Issued: July 6, 2015 BID NO.: 15-15060 FORMAL INVITATION FOR BEST VALUE BID (BVB) FOR THE ONE TIME PURCHASE OF SCADA NETWORK

More information

The Cyber Security Modeling Language and Cyber Security research at department for Industrial Information and Control Systems

The Cyber Security Modeling Language and Cyber Security research at department for Industrial Information and Control Systems The Cyber Security Modeling Language and Cyber Security research at department for Industrial Information and Control Systems Mathias Ekstedt, Associate Prof. KTH Royal Institute of Technology, Stockholm

More information

ISA Security Compliance Institute

ISA Security Compliance Institute ISA Security Compliance Institute Johan Nye Chairman ISCI Governing Board 1 ISA Security Compliance Institute agenda topics About ISA Security Compliance Institute (ISCI) About ISA 99 Standards 2013 ISCI

More information

INDUSTRY BUSINESS. Clemens Blum, EVP Industry. February 19, 2015

INDUSTRY BUSINESS. Clemens Blum, EVP Industry. February 19, 2015 INDUSTRY BUSINESS Clemens Blum, EVP Industry February 19, 2015 1 Disclaimer All forward-looking statements are Schneider Electric management s present expectations of future events and are subject to a

More information

SCADA System Overview

SCADA System Overview Introduction SCADA systems are critical to the control and monitoring of complex cyber-physical systems. Now with advanced computer and communications technologies, SCADA systems are connected to networks

More information

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014 NIST Cybersecurity Initiatives Keith Stouffer and Vicky Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL National Institute of Standards and Technology (NIST) NIST s mission

More information

Industrial IT cpmplus Enterprise Connectivity Collaborative Production Management. Improving the total cost of ownership of your ERP System

Industrial IT cpmplus Enterprise Connectivity Collaborative Production Management. Improving the total cost of ownership of your ERP System Industrial IT cpmplus Enterprise Connectivity Collaborative Production Management Improving the total cost of ownership of your ERP System Realize the true value of your ERP investment with minimal integration

More information

The Electronic Arms Race of Cyber Security 4.2 Lecture 7

The Electronic Arms Race of Cyber Security 4.2 Lecture 7 The Electronic Arms Race of Cyber Security 4.2 Lecture 7 ISIMA Clermont-Ferrand / 04-February 2011 Copyright 2011 Dr. Juergen Hirte List of Content Why Process Automation Security? Security Awareness Issues

More information

ISA Security Compliance Institute

ISA Security Compliance Institute ISA Security Compliance Institute Andre Ristaino, Managing Director, ISCI 28 May 2013 CSSC 1 ISA Security Compliance Institute agenda topics About ISA Security Compliance Institute (ISCI) About ISA 99

More information

SPARKS Cybersecurity Technology and the NESCOR Failure Scenarios

SPARKS Cybersecurity Technology and the NESCOR Failure Scenarios SPARKS Cybersecurity Technology and the NESCOR Failure Scenarios Lucie Langer and Paul Smith firstname.lastname@ait.ac.at AIT Austrian Institute of Technology ComForEn Workshop Monday 29 th September,

More information

GE Fanuc Production Management Software

GE Fanuc Production Management Software ARC ADVISORY GROUP Orlando Forum 2008 Erik Udstuen Vice President, Intelligent Platforms ARC ADVISORY GROUP Orlando Forum 2008 & Pfizer and Our Vision Technology Roadmap 2 GE Enterprise Solutions Enterprise

More information

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer

More information

Roadmaps to Securing Industrial Control Systems

Roadmaps to Securing Industrial Control Systems Roadmaps to Securing Industrial Control Systems Insert Photo Here Mark Heard Eastman Chemical Company Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL McCormick

More information

ISACA rudens konference

ISACA rudens konference ISACA rudens konference 8 Novembris 2012 Procesa kontroles sistēmu drošība Andris Lauciņš Ievads Kāpēc tēma par procesa kontroles sistēmām? Statistics on incidents Reality of the environment of industrial

More information

ISA CERTIFIED AUTOMATION PROFESSIONAL (CAP ) CLASSIFICATION SYSTEM

ISA CERTIFIED AUTOMATION PROFESSIONAL (CAP ) CLASSIFICATION SYSTEM ISA CERTIFIED AUTOMATION PROFESSIONAL (CAP ) CLASSIFICATION SYSTEM Domain I: Feasibility Study - identify, scope and justify the automation project Task 1: Define the preliminary scope through currently

More information

Vulnerability Analysis of Energy Delivery Control Systems

Vulnerability Analysis of Energy Delivery Control Systems INL/EXT-10-18381 Vulnerability Analysis of Energy Delivery Control Systems September 2011 Idaho National Laboratory Idaho Falls, Idaho 83415 http://www.inl.gov Prepared for the U.S. Department of Energy

More information

Cyber Security focus in ABB: a Key issue. 03 Luglio 2014, Roma 1 Conferenza Nazionale Cyber Security Marco Biancardi, ABB SpA, Power System Division

Cyber Security focus in ABB: a Key issue. 03 Luglio 2014, Roma 1 Conferenza Nazionale Cyber Security Marco Biancardi, ABB SpA, Power System Division Cyber Security focus in ABB: a Key issue 03 Luglio 2014, Roma 1 Conferenza Nazionale Cyber Security Marco Biancardi, ABB SpA, Power System Division Cyber Security in ABB Agenda ABB introduction ABB Cyber

More information

2015 Transit Safety Summit

2015 Transit Safety Summit 2015 Transit Safety Summit Cybersecurity In Transit Vulnerable Systems APTA Enterprise Cyber Security WG update Cyber attacks may be targeted toward one or more of the *system layers that Transit agencies

More information

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS http://dx.doi.org/10.5516/net.04.2012.091 AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS JAE-GU SONG *, JUNG-WOON LEE, GEE-YONG PARK, KEE-CHOON KWON,

More information

Session 14: Functional Security in a Process Environment

Session 14: Functional Security in a Process Environment Abstract Session 14: Functional Security in a Process Environment Kurt Forster Industrial IT Solutions Specialist, Autopro Automation Consultants In an ideal industrial production security scenario, the

More information

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational

More information

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323

More information

Leveraging Cloud Services for Quicker Implementation and More Secure Automation Solutions

Leveraging Cloud Services for Quicker Implementation and More Secure Automation Solutions Leveraging Cloud Services for Quicker Implementation and More Secure Automation Solutions Peter Reynolds Senior Consultant ARC Advisory Group PReynolds@ARCweb.com Twitter @PeterDReynolds The Hardware Layer

More information

Conquering Data and Analytics Obstacles in Smart Utilities. Copyright 2010 SAS Institute Inc. All rights reserved.

Conquering Data and Analytics Obstacles in Smart Utilities. Copyright 2010 SAS Institute Inc. All rights reserved. Conquering Data and Analytics Obstacles in Smart Utilities Copyright 2010 SAS Institute Inc. All rights reserved. The Panel Kate Rowland Editor-in-Chief of Intelligent Utility Magazine Energy Central Alyssa

More information

Testing Control Systems

Testing Control Systems Testing Control Systems with Microsoft s Attack Surface Analyzer { Digital Bond, Inc Michael Toecker, PE ddddddddd ICSJWG October 15 th 18 th Track III { { Michael Toecker, PE Professional Engineer 8 Years

More information

ARC WHITE PAPER. Yokogawa s Comprehensive Lifecycle Approach to Process Control System Cyber-Security VISION, EXPERIENCE, ANSWERS FOR INDUSTRY

ARC WHITE PAPER. Yokogawa s Comprehensive Lifecycle Approach to Process Control System Cyber-Security VISION, EXPERIENCE, ANSWERS FOR INDUSTRY ARC WHITE PAPER By ARC Advisory Group SEPTEMBER 2011 Yokogawa s Comprehensive Lifecycle Approach to Process Control System Cyber-Security Executive Overview... 3 Introduction... 4 Security Lifecycle Approach...

More information

Copyright 2013 OSIsoft, LLC. 1

Copyright 2013 OSIsoft, LLC. 1 1 Slice and Dice your PI System Data with MS BI Tools Presented by John Bradley and Caroline Hughes Convergence of IT and Operations Control Systems, DCS and Automated Equipment Customer Relationship Management

More information

CSSC-CL Announces ISASecure Certification of Hitachi and Yokogawa Industrial Control Devices. ~For More Globally Competitive Control System Devices ~

CSSC-CL Announces ISASecure Certification of Hitachi and Yokogawa Industrial Control Devices. ~For More Globally Competitive Control System Devices ~ Press Release July 15, 2014 CSSC Certification Laboratory (CSSC-CL) Control System Security Center (CSSC) CSSC-CL Announces ISASecure Certification of Hitachi and Yokogawa Industrial Control Devices ~For

More information

Vendor System Vulnerability Testing Test Plan

Vendor System Vulnerability Testing Test Plan INEEL/EXT-05-02613 Vendor System Vulnerability Testing Test Plan James R. Davidson January 2005 Idaho National Engineering and Environmental Laboratory Bechtel BWXT Idaho, LLC INEEL/EXT-05-02613 Vendor

More information

Decrease your HMI/SCADA risk

Decrease your HMI/SCADA risk Decrease your HMI/SCADA risk Key steps to minimize unplanned downtime and protect your organization. Are you running your plant operations with serious risk? Most industrial applications lack recommended

More information

STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE

STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE COMMITTEE ON ENERGY AND NATURAL RESOURCES UNITED STATES SENATE

More information

The Critical Infrastructure: To be or not to be Secure. European Network for Cyber Security. Fred Streefland Director Education & Training

The Critical Infrastructure: To be or not to be Secure. European Network for Cyber Security. Fred Streefland Director Education & Training The Critical Infrastructure: To be or not to be Secure European Network for Cyber Security Fred Streefland Director Education & Training Utilinet Securing IP/Ethernet Networks CBS video Aurora Content

More information

Erik Johansson, 091027, erik.z.johansson@se.abb.com Virtualization in Control Systems Possibilities and Challenges

Erik Johansson, 091027, erik.z.johansson@se.abb.com Virtualization in Control Systems Possibilities and Challenges Erik Johansson, 091027, erik.z.johansson@se.abb.com Virtualization in Control Systems Possibilities and Challenges ABB Group October 19, 2009 Slide 1 Possibilities and Challenges The open debate of virtualization

More information

National Center for Risk and Economic Analysis of Terrorism Events

National Center for Risk and Economic Analysis of Terrorism Events National Center for Risk and Economic Analysis of Terrorism Events CREATE FY2015 (Year 11) Call for White Papers CREATE, the DHS-sponsored Center of Excellence at the University of Southern California,

More information

1 ISA Security Compliance Institute

1 ISA Security Compliance Institute 1 ISA Security Compliance Institute Internationally Accredited Conformance Scheme ISASecure certification programs are accredited as an ISO/ IEC Guide 65 conformance scheme and ISO/IEC 17025 lab operations

More information

Preventing Cyber Security Attacks Against the Water Industry

Preventing Cyber Security Attacks Against the Water Industry Preventing Cyber Security Attacks Against the Water Industry Presented by Michael Karl October 2012 Acknowledgements Infracri5cal SCADA Security Newsgroup CH2M HILL, Automa5on Cyber- Security Prac5ce Team

More information

Automation Intelligence Suite managing automation information

Automation Intelligence Suite managing automation information Software Datasheet Summary Automation Intelligence Suite for Wonderware System manages automation and production information in same way as it is seen already done by Business Intelligence (BI) in business

More information

Dr. Markus Braendle, Head of Cyber Security, ABB Group 10 Steps on the Road to a Successful Cyber Security Program Asia Pacific ICS Security SUMMIT

Dr. Markus Braendle, Head of Cyber Security, ABB Group 10 Steps on the Road to a Successful Cyber Security Program Asia Pacific ICS Security SUMMIT Dr. Markus Braendle, Head of Cyber Security, ABB Group 10 Steps on the Road to a Successful Cyber Security Program Asia Pacific ICS Security SUMMIT December 3, 2013 slide 1 A global leader in power and

More information

Rebecca Massello Energetics Incorporated

Rebecca Massello Energetics Incorporated Cybersecurity Procurement Language for Energy Delivery Systems Rebecca Massello Energetics Incorporated NRECA TechAdvantage February 25, 2015 Talking Points What is this document? Who can use this document

More information

Energy sector control centers across the nation, such as this one at Kansas City Power & Light, benefit from the system security assessments

Energy sector control centers across the nation, such as this one at Kansas City Power & Light, benefit from the system security assessments Energy sector control centers across the nation, such as this one at Kansas City Power & Light, benefit from the system security assessments performed through National SCADA Test Bed industry partnerships.

More information

Cyber Security The Leadership Opportunity for Joint Action Agencies. 2013 APPA Joint Action Workshop

Cyber Security The Leadership Opportunity for Joint Action Agencies. 2013 APPA Joint Action Workshop Cyber Security The Leadership Opportunity for Joint Action Agencies 2013 APPA Joint Action Workshop Doug Westlund N-Dimension Solutions Inc. Cyber Security for the Smart Grid Cyber Risk Reduction Questions

More information

Cyber Security of Industrial Control Systems:

Cyber Security of Industrial Control Systems: TECHNICAL STUDIES Cyber Security of Industrial Control Systems: How to get started? An overview of existing documents, standards, guidelines and best practices September 2014 CLUB DE LA SECURITE DE L INFORMATION

More information

Update On Smart Grid Cyber Security

Update On Smart Grid Cyber Security Update On Smart Grid Cyber Security Kshamit Dixit Manager IT Security, Toronto Hydro, Ontario, Canada 1 Agenda Cyber Security Overview Security Framework Securing Smart Grid 2 Smart Grid Attack Threats

More information

SIRFN Capability Summary Sandia National Laboratories, Albuquerque, NM, USA

SIRFN Capability Summary Sandia National Laboratories, Albuquerque, NM, USA SIRFN Capability Summary Sandia National Laboratories, Albuquerque, NM, USA Introduction Sandia National Laboratories has extensive laboratory facilities to conduct applied research and development on

More information

Presentation to the Control Systems Security Outreach Coordination Meeting. Mark P. Morgan Lori Ross O Neil July 24, 2007

Presentation to the Control Systems Security Outreach Coordination Meeting. Mark P. Morgan Lori Ross O Neil July 24, 2007 Presentation to the Control Systems Security Outreach Coordination Meeting Mark P. Morgan Lori Ross O Neil July 24, 2007 Areas to be addressed Current CSSP control systems security training Online Instructor

More information

Cybersecurity in the Water Sector. Copyright 2015 American Water Works Association

Cybersecurity in the Water Sector. Copyright 2015 American Water Works Association Cybersecurity in the Water Sector Copyright 2015 American Water Works Association Overview Reality of the Threat Environment Water Sector Cyber Risk Management Key Resources Connectivity = Exposure Process

More information

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Industrial Cyber Security Risk Industrial Attacks Continue to Increase in Frequency & Sophistication Today, industrial organizations

More information

This is a preview - click here to buy the full publication

This is a preview - click here to buy the full publication TECHNICAL REPORT IEC/TR 62443-3-1 Edition 1.0 2009-07 colour inside Industrial communication networks Network and system security Part 3 1: Security technologies for industrial automation and control systems

More information

An Evaluation of Security Posture Assessment Tools on a SCADA Environment

An Evaluation of Security Posture Assessment Tools on a SCADA Environment An Evaluation of Security Posture Assessment Tools on a SCADA Environment Shahir Majed 1, Suhaimi Ibrahim 1, Mohamed Shaaban 2 1 Advance Informatics School, Universiti Teknologi Malaysia, International

More information

Cyber-Physical System Security of the Power Grid

Cyber-Physical System Security of the Power Grid Course on: Cyber-Physical System Security of the Power Grid April 9-11, 2013 at KTH Royal Institute of Technology, Stockholm, Sweden Background Cyber Security is essential to today s power grid operation

More information

SAP. To help you drive the most value from certification opportunities, SAP is now offering multi-tiered certification paths for specific subjects.

SAP. To help you drive the most value from certification opportunities, SAP is now offering multi-tiered certification paths for specific subjects. SAP Over the course of three decades, SAP has evolved from a small, regional enterprise into a world-class international company. Headquartered in Walldorf, Germany, SAP is the global market leader in

More information

Privacy and Security in Healthcare

Privacy and Security in Healthcare 5 th 5 th th National HIPAA Summit National Strategy to Secure Cyberspace Privacy and Security in Healthcare October 31, 2002 Andy Purdy Senior Advisor, IT Security and Privacy The President s Critical

More information

Cybersecurity Maturity Assessment: Are you where you should be?

Cybersecurity Maturity Assessment: Are you where you should be? Cybersecurity Maturity Assessment: Are you where you should be? NAFCU Services Webinar: 2/23/2016 A subsidiary of Introduction Matt Mitchell, CISSP- Director Risk Assurance 18 years information security

More information

Lloyd F. Colegrove Mary Beth Seasholtz Bryant LaFreniere

Lloyd F. Colegrove Mary Beth Seasholtz Bryant LaFreniere Lloyd F. Colegrove Mary Beth Seasholtz Bryant LaFreniere 1 Run Design - Mountains of Data Planning Wisdom Improvement Marketing Trailer Current Data Use Poor coordination, no obvious plan. We work, data

More information