2 Cyber Security Offerings & Capabilities Overview Full service cyber security and compliance offerings in North America and international power markets: controls and consulting Provide both end-to-end technical and administrative solutions or specific security components Security embedded with other HPI product lines, as a standalone or in packages.
3 Cyber Security Offerings & Capabilities (cont.) Select Key Services Assessment and Risk Benchmarking Systems and network risk assessments Cyber vulnerability assessments Standards-based mock audits Compliance applicability assessments Internal control program effectiveness review Mitigation & Security Design Security Architecting Operations network security upgrade Remediation and recovery planning Detailed security engineering Compliance mitigation plans Compliance filings with government agencies Compliance program design and implementation Implementation & Monitoring Security system conversion Hardware and software monitoring System restoration Corporate Compliance program implementation Installation of GRC software and configuration for monitoring Compliance-as-a-service
4 About John Ballentine Industry service includes: John Ballentine Director of Cyber Security & Compliance Assists HPI customers by reducing their cyber security risk in industrial control system environments. Develops programs that identify, manage and mitigate compliance and regulatory risks. Board of Director of North America Generator Forum (NAGF) US Department of Homeland Security- Cyber Emergency Response Team Graduated from US FBI Compliance Academy Who is John Ballentine? Over 20 years of experience in the energy industry, including corporate and consulting roles managing cyber security and regulatory compliance at power generation facilities in North America. CSSA Certified SCADA Security Architect CISSP Certified Information Systems Security Professional CISA Certified Information Security Auditor CCEP Certified Compliance and Ethics Professional GLEG Certified Information Law Specialist
5 Cyber Security and Compliance Strategy Market Development Plan Focus on security as a unique product and as an enhancer to HPI full product line Ensure clients have onestop-shop for all matters on both security and compliance in both consulting and controls Create and capture unique position as only international asset operator with strong security product line North America cyber market is regulated and mandatory with new compliance deadlines ( ) Growth in key areas: Direct sales to end users Partnering with hardware and software companies
6 Key Strengths Customized services portfolio Utilize deep controls experience and technical product capabilities. Assess existing systemsdetermine level of security risk in operational networks (ICS). Document policies and procedures- test adequacy of administrative controls to reduce cyber risk. Train personnel and contractors- ensure operational expenses are being optimally utilized. Segment the control network- ensure security is properly compartmentalized. Control system accessutilize sophisticated access and encryption technologies to prevent intrusions. Harden system componentsembed security functionality at the core component functionality level with current controls capabilities. Monitor and maintain system security- keep customers in constant state of security status awareness and respond to incidents as they occur.
7 Key Strengths (cont.) Optimize Resources Differentiation Product line leader in US and EU security marketplace with prominent position as trusted service provider Personnel with deep controls experience that translates well into security embedded solutions Trained sales and marketing staff that can market to technical and financial buyers of security products Only vendor that has experience in EPC, controls, operations compliance and cyber security. Other providers are typically consultants with limited understanding of security (as a function of IT) and controls (as a function of asset management).
8 The HPI Advantage HPI LLC Proprietary Information
9 HPI Security Approach: Prevent, Detect & Recover Whether you need a full compliance or security solution, or are preparing for an audit or internal control review, HPI s experience as operators will maximize your return on investment. Prevention Detection & Notification Recovery & Restoration People- trained and alert Technologymanaging systems Processesmitigating risks Network access monitoring Anomaly detection Active intrusion monitoring Back-up restoration management Annual compliance testing
10 HPI Cyber Security & Compliance Service Offerings There IS a starting and end point to get your company optimized to face the threats and reduce the likelihood of interrupting your business: Assessment and Risk Benchmarking Mitigation and Design Services Implementation and Monitoring Cyber Security Systems and Network Risk Assessment; Cyber Vulnerability Assessment (NERC CVA); Standards-based Audits Security Architecture; Operations Network Security Upgrade; Remediation and recovery Plans Security System Conversion; Hardware and Software Monitoring; System Restoration Compliance Applicability Assessments; Controls and Policies Reviews; Mock Audits Compliance Mitigation Plans; Compliance Filings with Govt Agencies; Overall Compliance Program Design Corp Compliance Program Implementation; Install GRC Software and Configure for Monitoring; Compliance-as-a-Service
11 Keys to Securing Your Operations Technology Assess existing systems, and document policies and procedures. Train personnel and contractors. Segment the control network, and control system access. Harden system components. Monitor and maintain system security.
12 Cyber Security Vulnerability Assessment Expert analysis of control system to identify actual and potential security vulnerabilities Network architecture diagrams Network component and host device configurations Access control strategies Software and firmware versions Policies and procedures
13 Implementation Phase HPI LLC Proprietary Information
14 Bridging the ICS Security Specialization Skill Gap IT Professionals Cyber security professionals Control system professionals Many organizations substitute Information Technology/Network Specialists for Information Security Specialists. Control System Cyber Security Professionals Most IT/Network personnel possess few of the security skills needed to harden a network. Even less have the capability to secure an ICS network. HPI has cyber security skills in the energy industry ICS- the rarest and most sought after skill set in the industry.
15 The HPI Differentiator Why work with us? HPI customers must be secure so that they can focus on their core business of efficiently producing power to the grid. - Hal Pontez, HPI President & CEO HPI designs, builds, operates, controls, maintains and repairs HPI designs, builds, operates, controls, maintains and repairs power generation facilities- its in our DNA. power generation facilities it s in our DNA. Generic security consultants cannot cannot match match our our comprehensive comprehensive understanding of of how how those those areas areas link link together together and and form form an an aligned aligned approach. approach. Unlike vendors that sell newfangled technology solutions solutions or or prepackaged pre-packaged systems systems, HPI, HPI customizes customizes security security solutions at at significantly significantly reduces risk. risk. Every area of HPI is completely aligned to the cyber security challenge Every area as of the HPI key is completely to protecting aligned our to client s the cyber assets. security challenge as the key to protecting our client s assets.
16 Contact Us OFFICE: CELL: https://www.linkedin.com/company/hpi-llc/
Accenture Human Capital Management Solutions Transforming people and process to achieve high performance The sophistication of our products and services requires the expertise of a special and talented
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
IBM Connections White Paper September 2014 IBM Connections Cloud Security 2 IBM Connections Cloud Security Contents 3 Introduction 4 Security-rich Infrastructure 6 Policy Enforcement Points Provide Application
Technical white paper Top 5 reasons to choose HP Information Archiving Proven, market-leading archiving solutions The value of intelligent archiving The requirements around managing information are becoming
Continuous Cyber Situational Awareness Continuous monitoring of security controls and comprehensive cyber situational awareness represent the building blocks of proactive network security. A publication
Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery
Advantages of Managed Security Services versus In-house Security Information Management (SIM) Introduction Proactively managing information security is a critical component to mitigating the risks to your
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
Priority III: A National Cyberspace Security Awareness and Training Program Everyone who relies on part of cyberspace is encouraged to help secure the part of cyberspace that they can influence or control.
Information Technology Outsourcing GTAG Partners AICPA American Institute of Certified Public Accountants www.aicpa.org CIS Center for Internet Security www.cisecurity.org CMU/SEI Carnegie-Mellon University
Professional Customer Services www.pcs-egypt.com Public Cloud Services S.A.E. We facilitate the complicated Your IT, Our Concern Public Cloud Services S.A.E. PCS 2014 - Page 1 PCS s Vision Our vision is
ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS Acknowledgements The ICC Cyber security guide for business was inspired by the Belgian Cyber security guide, an initiative of
OVERVIEW OPTUS MANAGED SERVICES AND DELIVERY LETTING YOU GET ON WITH YOUR BUSINESS CONTENTS WELCOME TO OPTUS MANAGED SERVICES AND DELIVERY 01 A QUICK OVERVIEW 02 OUR SERVICES 03 WHAT IS INCLUDED IN MANAGED
WHITE PAPER Managed Services for Mission Critical Communications Introduction Much has been written about Managed Services in the communications industry, initially in the IT sector and more recently in
Music Recording Studio Security Program Security Assessment Version 1.1 DOCUMENTATION, RISK MANAGEMENT AND COMPLIANCE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND
Mobile Device Security Information for IT Managers July 2012 Disclaimer: This paper is intended as a general guide only. To the extent permitted by law, the Australian Government makes no representations
DELIVERS PEACE OF MIND SERVICE LINE FLYER ACI ON DEMAND ACCESS TO THE LATEST RELEASES OF FEATURE-RICH SOFTWARE AND SYSTEMS, INCLUDING INTEGRATION WITH VALUE- ADDED THIRD PARTIES IMPLEMENTATION CONFIGURED
BEST PRACTICES WHITE PAPER Measuring Success Service Desk Evaluation Guide for the Midsized Business: How to Choose the Right Service Desk Solution and Improve Your ROI Table of Contents INTRODUCTION...1
Securing Microsoft s Cloud Infrastructure This paper introduces the reader to the Online Services Security and Compliance team, a part of the Global Foundation Services division who manages security for
Tenzing Security Services and Best Practices OVERVIEW Security is about managing risks and threats to your environment. The most basic security protection is achieved by pro-actively monitoring and intercepting
INDUSTRIAL CONTROL SYSTEM SECURITY CURRENT TRENDS & RISK MITIGATION Reducing Critical Infrastructure Risk An Imperative in Today s Interconnected World. Donald J. Fergus Intekras, Inc. 21515 Ridgetop Circle
APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1