Cyber security: Practical Utility Programs that Work

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cyber security: Practical Utility Programs that Work"

Transcription

1 Cyber security: Practical Utility Programs that Work Securing Strategic National Assets APPA National Conference 2009 Michael Assante Vice President & CSO, NERC June 15, 2009

2 The Electric Grid - Challenges Energy Policy Objectives

3 The Electric Grid Generation Transmission Distribution 5,000 plants 65% of monthly bill Employs approx. 120,000 people 160,000 miles 5% of average customer monthly bill Employs approx. 15,000 people Over 1,000,000 miles 30% of average customer monthly bill Employs approx. 400,000 people The electric infrastructure underpins all others and is vital for both economic and national security

4 Common Hazards Storms (ice, hurricane, wind), tornados, earthquakes, flooding Squirrels and possums Aging staffs, skilled staff availability and labor disputes Fuel disruptions and reduced onsite supplies Aging infrastructures and critical components Vegetation-related T&D outages Lack of preventative maintenance System congestion and operations close to load limits Voltage/reactive reserve availability Mal-operating system protection and controls System complexity and coordination breakdowns Accidents & other human activity Investment uncertainty, renewable mandates and environmental regulation Physical security incidents

5 Competing System Goals The most efficient system operates exactly at its operating limits with little redundancy Every component is critical Every component utilized to its maximum Very economical as long as nothing breaks A resilient system has sufficient redundancies in the right places to withstand losses of any component No one component is critical Components far from their operating limits Very robust but expensive to build and operate

6 Technology Transformation We are at a transformational moment a moment in history when our interconnected world presents us, at once, with great promise but also great peril. President Obama, May 2009

7 Change & Enduring Structures SCADA 765 kv system Electric Capacity In Decline & Aging Infrastructure CIA disclosure Greater Internet Use EBR-I First Nuclear NE Blackout I SCADA EMS NE Blackout II Smart Grid Pulverized Coal Generation Digital Replace EM in Newcon Aurora Research Risk over time: Threats are LOW Vulnerabilities are LOW Consequences are LOW Threats are LOW* Vulnerabilities are MED+ Consequences are MED Threats are MED Vulnerabilities are HIGH Consequences are HIGH 2009

8 Electric Infrastructure Security Landscape Change Present Few homeland threats Perceived security Limited digital technology change (manageable complexity) Ample human and material resources Threat potential increasing Recognized national security issue Aging infrastructure undergoing technology enhancements Increasing complexity Limited transmission investment

9 Cyber & the Pace of Change It's the great irony of our Information Age -- the very technologies that empower us to create and to build also empower those who would disrupt and destroy. President Obama, May 2009

10 Cyber Risk & the Grid

11 Unique Nature of Cyber Threats Understanding of cyber technologies change frequently New vulnerabilities & technical exploits Growing system complexity & connectivity/access paths (e.g. Smart Grid) Potential threats can be unknown and arise very quickly Can require rapid and often confidential responses Attackers are intelligent and watching Attacker s advantage - unbounded attack scenarios (vulnerabilities, technical threats, and consequences) Cyber threats can arise virtually anytime and anywhere across the vast array of communicating devices on the grid Probably don t have all information and expertise Attacks might not happen making measurement difficult (human dilemma) Cyber Security threats are unlike any other threat to the electric grid.

12 Control System Security Snapshot ICS-Specific Vulnerabilities ICS-Attack Tools Electric ICS Port Probes Vulnerabilities that can affect ICS Source: Critical Intelligence

13 Increased Attention 1Q 09 - ICS Attack Presentations Critical intelligence noted six presentations at open information security conferences covering ICS vulnerabilities in the first quarter and a total of 20 in The security conferences include (25C3, Black Hat DC, Shmoocon, Source Boston) Source: Critical Intelligence

14 Threat Actors & Scenarios to Consider Threat Actors: Extremist (single issue groups) Terrorist Organized Criminals Nation States Lone wolf Insiders Viral Threat Scenarios: Physical Attacks Cyber Attacks Blended Attacks EMP/RF Energy, EMC Pandemics WMD (RDD, etc.)

15 Cyber Events and Power Systems CIA discloses they have information of cyber attacks against power system controls outside the US. Resulted in multi-city outage Extortion as the prime motivation US Power companies have been penetrated Media reports & government officials Connectivity to substations & digital hardware exist Market Surveys (modems, SCADA, Internet, wireless, etc ) Restoration time is critical, Availability is priority Websites, presentations and books devoted to hacking our systems CNN Aurora disclosure & video Senate Energy & Natural Resources Committee Chairman Jeff Bingham at recent classified briefing I found the briefing chilling 15

16 Recent Wall Street Journal & Media Reports Cyber spies have penetrated the U.S. electrical grid and left behind software systems that could be used to disrupt the system. Current and former national security officials The Russians and Chinese have attempted to map our infrastructure. Senior intelligence official U.S. Intelligence agencies detected the intrusions, not the companies in charge of the infrastructure. Officials There are intrusions and they are growing. There were a lot last year. Former DHS official Utilities are reluctant to speak about the dangers. PJM

17 Greatest Challenge to Overcome The potential for an intelligent cyber attacker to exploit a common vulnerability that impacts many assets at once, and from a distance is one of the most concerning aspects of this challenge Common or single point of failure (horizontal nature of technology) Universal points for commands/action Still need to prioritize our effort (investment, time and attention) Essentially, we re working to protect the grid against an armed and moving target that has a closet full of camouflage, so to speak. It s no easy task. Cyber threats can develop in the shadows and arise in minutes, exhibiting different characteristics than those preceding them, and are being driven by intelligent threat actors attempting to manipulate system components to achieve their objective (all the while enjoying the attacker s advantage). Michael Assante, CSO of NERC, 2009

18 Cyber Security & the Grid

19 Addressing Cyber Risk Requires a different approach, that must include: Constant vigilance Urgent action (as technologies change, threats arise, and vulnerabilities are identified) Information must be disseminated to the individuals who need it most as quickly and securely as possible Layered defense (CIP Standards, Active risk identification & management, Communications) Involved risk decision making model Identify, measure, and manage risk, scope and pinpoint specific issues, and determine the timeframe in which they must be addressed.

20 Reliability & Security Goals Understand what is possible Mitigate consequences of a successful attack Reduce the attractiveness of the power grid as a target Shift the majority of our focus from prevention to engineering in resilience & safety, restoration, and system recovery From now on, our digital infrastructure -- the networks and computers we depend on every day -- will be treated as they should be: as a strategic national asset. Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient. We will deter, prevent, detect, and defend against attacks and recover quickly from any disruptions or damage. President Obama, May 2009

21 Foundations of Protection Leadership & Culture Bi-directional communications Skilled people Dynamic & resourced security operations Awareness & Coordination Foundational standards System Resilience & Capacity

22 CIP Standards The critical infrastructure protection standards approved through Order No. 706 are a sound starting point for the electric industry to address cybersecurity. Designed as a foundation for sound practices Good housekeeping requirements intended to help protect asset owners from unstructured cyber threats NERC s Reliability Standards development process enables the progressive and continuous improvement of Reliability Standards. Important milestone to help ensure grid reliability by improving the resiliency of control system cyber assets and enhancing their ability to withstand cyber-based attacks

23 Limitations of the CIP Standards The CIP Reliability Standards alone cannot eliminate the threat of a cyber disruption of critical national infrastructure NERC has jurisdiction only to propose reliability standards for the bulk power system CIP Reliability Standards cannot address other critical assets such as telecommunications systems, for example, or electricity distribution systems The open process by which Reliability Standards are developed, while demonstrably successful in producing standards that have significantly enhanced the reliability of the grid, may not be ideally suited to sensitive subject matter where confidentiality is required Standards take time to modify (foundational but static) Specific cyber security risk can be very dynamic Compliance can t be at the expense of developing necessary and more flexible security management approaches Cyber Security standards are a foundation, designed to be built upon.

24 Electric Sector Coordination Government Regulators Governmental NEB Provincial Govts. Government CIP Public Safety Canada RCMP NRCAN NERC iero ES-ISAC FERC Regulator DOE Sector Specific Agency DHS NIPP Utility Industry Canadian Registered Entities Canadian Electric Association NERC Committees CIPC ESSG & ESCC 19 CIKR sectors U.S. Registered Entities U.S. Remaining Sector Entities Electric Associations (EEI, NRECA, APPA, EPSA)

25 A Changing World Cartoon credit: The Economist 2009

26 Barriers to Reducing Risk Constant increase in complexity associated with new technology deployments and applications Organizational complexity of the grid in North America Lack of positive economic motivation for utilities to increase security Growing dependence on communications A more complex and distant global supply chain Skilled cybersecurity professionals

27 Question & Answer Contacts: Michael Assante Vice President & CSO It's now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation. President Obama, May 2009

28 About NERC International regulatory authority for electric reliability in North America Develop & enforce reliability standards Analyze system outages and near-misses & recommend improved practices Assess current and future reliability

Smart Grid America: Securing your network and customer data. Michael Assante Vice President and Chief Security Officer March 9, 2010

Smart Grid America: Securing your network and customer data. Michael Assante Vice President and Chief Security Officer March 9, 2010 Smart Grid America: Securing your network and customer data Michael Assante Vice President and Chief Security Officer March 9, 2010 About NERC The electric industry s self-regulatory organization for reliability

More information

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies

More information

Cyber Security & State Energy Assurance Plans

Cyber Security & State Energy Assurance Plans Cyber Security & State Energy Assurance Plans Michigan Cyber Summit 2011 Friday, October 7, 2011 Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials What is Energy

More information

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure

More information

Presenter: October 14, 2009 Mr. Takanobu Ito Managing Director, Asia Pacific & Middle East Operations

Presenter: October 14, 2009 Mr. Takanobu Ito Managing Director, Asia Pacific & Middle East Operations TeleContinuity The Survivable Cyber Solution Presentation For Presenter: October 14, 2009 Mr. Takanobu Ito Managing Director, Asia Pacific & Middle East Operations 2007 TeleContinuity, Inc.. All Rights

More information

Addressing Dynamic Threats to the Electric Power Grid Through Resilience

Addressing Dynamic Threats to the Electric Power Grid Through Resilience Addressing Dynamic Threats to the Electric Power Grid Through Resilience NOVEMBER 2014 INTRODUCTION The U.S. electric power grid is an interconnected system made up of power generation, transmission, and

More information

Keeping the Lights On: Security Priorities for the 21 st Century. Harvard Energy Policy Group June 13, 2014 Tamara Linde Vice President Regulatory

Keeping the Lights On: Security Priorities for the 21 st Century. Harvard Energy Policy Group June 13, 2014 Tamara Linde Vice President Regulatory Keeping the Lights On: Security Priorities for the 21 st Century Harvard Energy Policy Group June 13, 2014 Tamara Linde Vice President Regulatory The PSEG Companies PSEG Fast Facts Assets: $32.5 billion

More information

Panel Session: Lessons Learned in Smart Grid Cybersecurity

Panel Session: Lessons Learned in Smart Grid Cybersecurity PNNL-SA-91587 Panel Session: Lessons Learned in Smart Grid Cybersecurity TCIPG Industry Workshop Jeff Dagle, PE Chief Electrical Engineer Advanced Power and Energy Systems Pacific Northwest National Laboratory

More information

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage. Executive Summary Statement of Nadya Bartol Vice President, Industry Affairs and Cybersecurity Strategist Utilities Telecom Council Before the Subcommittee on Oversight and Subcommittee on Energy Committee

More information

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman

More information

April 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

April 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,

More information

AURORA Vulnerability Background

AURORA Vulnerability Background AURORA Vulnerability Background Southern California Edison (SCE) September 2011-1- Outline What is AURORA? Your Responsibility as a Customer Sectors Impacted by AURORA Review of Regulatory Agencies History

More information

Energy Cybersecurity Regulatory Brief

Energy Cybersecurity Regulatory Brief Energy Understand the regulations that impact the energy industry and accelerate information security initiatives. Contents Overview 3 A Highly Vulnerable Energy Industry 4 Key Regulations to Consider

More information

CRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE

CRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE 1 CRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE Gavin McLintock P.Eng. CISSP PCIP 2 METCALFE POWER STATION 16 April 2013 Sophisticated physical attack 27 Days outage $15.4 million

More information

Cyber Security and Privacy - Program 183

Cyber Security and Privacy - Program 183 Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology

More information

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013 THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The

More information

IEEE-Northwest Energy Systems Symposium (NWESS)

IEEE-Northwest Energy Systems Symposium (NWESS) IEEE-Northwest Energy Systems Symposium (NWESS) Paul Skare Energy & Environment Directorate Cybersecurity Program Manager Philip Craig Jr National Security Directorate Sr. Cyber Research Engineer The Pacific

More information

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY JANUARY 2012 Table of Contents Executive Summary 1 Introduction 2 Our Strategic Goals 2 Our Strategic Approach 3 The Path Forward 5 Conclusion 6 Executive

More information

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security

More information

EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013

EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013 EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013 1 AGENDA Why Cybersecurity? A Few Helpful Cybersecurity Concepts Developing Expertise:

More information

Critical Infrastructure Security and Resilience

Critical Infrastructure Security and Resilience U.S. Department of Homeland Security in partnership with the National Coordination Office for Space-Based Positioning, Navigation and Timing Critical Infrastructure Security and Resilience International

More information

CYBER SECURITY GUIDANCE

CYBER SECURITY GUIDANCE CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires

More information

Resilient and Secure Solutions for the Water/Wastewater Industry

Resilient and Secure Solutions for the Water/Wastewater Industry Insert Photo Here Resilient and Secure Solutions for the Water/Wastewater Industry Ron Allen DA/Central and Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Your slides here Copyright 2011

More information

The Importance of Cybersecurity Monitoring for Utilities

The Importance of Cybersecurity Monitoring for Utilities The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive

More information

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and Healthy Students Hamed Negron-Perez,

More information

Building more resilient and secure solutions for Water/Wastewater Industry

Building more resilient and secure solutions for Water/Wastewater Industry Building more resilient and secure solutions for Water/Wastewater Industry Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Copyright 2010 Rockwell Automation, Inc. All rights reserved. 1 Governmental

More information

Maturation of a Cyber Security Incident Prevention and Compliance Program

Maturation of a Cyber Security Incident Prevention and Compliance Program Maturation of a Cyber Security Incident Prevention and Compliance Program Utilities & Energy Compliance & Ethics Conference February 25, 2013 Houston, Texas Anna Wang Principal Consultant Imminent Cyber

More information

Asset Management Challenges and Options, Including the Implications and Importance of Aging Infrastructure

Asset Management Challenges and Options, Including the Implications and Importance of Aging Infrastructure Asset Management Challenges and Options, Including the Implications and Importance of Aging Infrastructure Presentation to the U.S. Department of Energy by the IEEE Joint Task Force on QER Trends: Resilience

More information

U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW. November 12, 2012 NASEO

U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW. November 12, 2012 NASEO U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW November 12, 2012 NASEO ISER Response: from site focused to system focused Emergency Preparedness, Response, and Restoration Analysis and

More information

Summary of CIP Version 5 Standards

Summary of CIP Version 5 Standards Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have

More information

NERC Cyber Security Standards

NERC Cyber Security Standards SANS January, 2008 Stan Johnson Manager of Situation Awareness and Infrastructure Security Stan.johnson@NERC.net 609-452-8060 Agenda History and Status of Applicable Entities Definitions High Level of

More information

AD11-6-000 FERC Technical Conference February 8, 2011 Statement of Ron Litzinger. President, Southern California Edison Company

AD11-6-000 FERC Technical Conference February 8, 2011 Statement of Ron Litzinger. President, Southern California Edison Company AD11-6-000 FERC Technical Conference February 8, 2011 Statement of Ron Litzinger President, Southern California Edison Company Good afternoon, Chairman Wellinghoff, Commissioners, and FERC staff. I am

More information

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs) Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs) Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and

More information

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. 1 Calling All CEOs Are You Ready to Defend the Battlefield of the 21st Century? It is not the norm for corporations to be

More information

Constructing a successful business continuity plan

Constructing a successful business continuity plan Constructing a successful business continuity plan By Alan Berman Alan Berman Being prepared is the cornerstone of having a business continuity plan regardless of the size of a company. Ultimately, getting

More information

Legislative Language

Legislative Language Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking

More information

The digital future for energy and utilities.

The digital future for energy and utilities. Digital transformation has changed the way you do business. The digital future for energy and utilities. Digital is reshaping the landscape in every industry, and the energy and utilities sectors are no

More information

What Risk Managers need to know about ICS Cyber Security

What Risk Managers need to know about ICS Cyber Security What Risk Managers need to know about ICS Cyber Security EIM Risk Managers Conference February 18, 2014 Joe Weiss PE, CISM, CRISC, ISA Fellow (408) 253-7934 joe.weiss@realtimeacs.com ICSs What are they

More information

DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview DHS, National Cyber Security Division Overview Hun Kim, Deputy Director Strategic Initiatives Information Analysis and Infrastructure Protection Directorate www.us-cert.gov The strategy of DHS, as defined

More information

Resilient and Secure Solutions for the Water/Wastewater Industry

Resilient and Secure Solutions for the Water/Wastewater Industry Insert Photo Here Resilient and Secure Solutions for the Water/Wastewater Industry Ron Allen DA/Central and Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Cyber Security IT People Geeks How

More information

Establishing A Secure & Resilient Water Sector. Overview. Legislative Drivers

Establishing A Secure & Resilient Water Sector. Overview. Legislative Drivers Establishing A Secure & Resilient Water Sector December 14-15, 2010 LWQTC Overview Key Drivers Legislation Presidential Directives AWWA & Sector Initiatives Standards & Guidance Mutual Aid & Assistance

More information

Performs the Federal coordination role for supporting the energy requirements associated with National Special Security Events.

Performs the Federal coordination role for supporting the energy requirements associated with National Special Security Events. ESF Coordinator: Energy Primary Agency: Energy Support Agencies: Agriculture Commerce Defense Homeland Security the Interior Labor State Transportation Environmental Protection Agency Nuclear Regulatory

More information

Cyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc.

Cyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc. Cyber Security Presentation Ontario Energy Board Smart Grid Advisory Committee Doug Westlund CEO, N-Dimension Solutions Inc. October 1, 2013 Cyber Security Protection for Critical Infrastructure Assets

More information

146 FERC 61,166 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION

146 FERC 61,166 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION 146 FERC 61,166 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Before Commissioners: Cheryl A. LaFleur, Acting Chairman; Philip D. Moeller, John R. Norris, and Tony Clark. Reliability Standards

More information

Cyber Security Controls Assessment : A Critical Discipline of Systems Engineering

Cyber Security Controls Assessment : A Critical Discipline of Systems Engineering Cyber Controls : A Critical Discipline of Systems 14 th Annual NDIA Systems San Diego, CA October 24-28, 2011 Bharat Shah Lockheed Martin IS&GS bharat.shah@lmco.com Purpose Provide an overview on integrating

More information

CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016

CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016 CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016 My name is Jacob Olcott and I am pleased to share some observations on

More information

U.S. Cyber Security Readiness

U.S. Cyber Security Readiness U.S. Cyber Security Readiness Anthony V. Teelucksingh Senior Counsel United States Department of Justice John Chris Dowd Special Agent Federal Bureau of Investigation Overview U.S. National Plan National

More information

ISACA North Dallas Chapter

ISACA North Dallas Chapter ISACA rth Dallas Chapter Business Continuity Planning Observations of Critical Infrastructure Environments Ron Blume, P.E. Ron.blume@dyonyx.com 214-280-8925 Focus of Discussion Business Impact Analysis

More information

Information Bulletin

Information Bulletin Public Policy Division Impact of NIST Guidelines for Cybersecurity Prepared by UTC Staff 1. Introduction... 3 2. Cybersecurity Landscape... 3 3. One Likely Scenario... 5 4. Draft NISTIR 7628, Guidelines

More information

Statement for the Record

Statement for the Record Statement for the Record Robert M. Blue President Dominion Virginia Power Enhancing Resilience in Energy Infrastructure and Addressing Vulnerabilities Quadrennial Energy Review Task Force April 11, 2014

More information

Claes Rytoft, ABB, 2009-10-27 Security in Power Systems. ABB Group October 29, 2009 Slide 1

Claes Rytoft, ABB, 2009-10-27 Security in Power Systems. ABB Group October 29, 2009 Slide 1 Claes Rytoft, ABB, 2009-10-27 Security in Power Systems October 29, 2009 Slide 1 A global leader in power and automation technologies Leading market positions in main businesses 120,000 employees in about

More information

CYBERSECURITY RISK MANAGEMENT

CYBERSECURITY RISK MANAGEMENT CYBERSECURITY RISK MANAGEMENT Evan Wolff Maida Lerner Peter Miller Kate Growley 233 Roadmap Cybersecurity Risk Overview Cybersecurity Trends Selected Cybersecurity Topics Critical Infrastructure DFARS

More information

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008 U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October

More information

April 28, 2009. Dear Mr. Chairman:

April 28, 2009. Dear Mr. Chairman: April 28, 2009 The Honorable Edward J. Markey Chairman Subcommittee on Energy and Environment Committee on Energy and Commerce U.S. House of Representatives Washington, D.C. 20515 Dear Mr. Chairman: I

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

No. 33 February 19, 2013. The President

No. 33 February 19, 2013. The President Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001

More information

ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773

ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses

More information

ABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport

ABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport ABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport Commercial Nuclear Power Plants Stan Blanton Nuclear Power Subcommittee The Regulatory Landscape NRC

More information

TUSKEGEE CYBER SECURITY PATH FORWARD

TUSKEGEE CYBER SECURITY PATH FORWARD TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats,

More information

UNITED STATES DEPARTMENT OF AGRICULTURE Rural Utilities Service. Bulletin 1730B-2. SUBJECT: Guide for Electric System Emergency Restoration Plan

UNITED STATES DEPARTMENT OF AGRICULTURE Rural Utilities Service. Bulletin 1730B-2. SUBJECT: Guide for Electric System Emergency Restoration Plan UNITED STATES DEPARTMENT OF AGRICULTURE Rural Utilities Service Bulletin 1730B-2 SUBJECT: Guide for Electric System Emergency Restoration Plan TO: RUS Electric Borrowers and RUS Electric Staff EFFECTIVE

More information

Michigan State Police Emergency Management & Homeland Security. Infrastructure Analysis & Response Section. Sgt. Bruce E. Payne

Michigan State Police Emergency Management & Homeland Security. Infrastructure Analysis & Response Section. Sgt. Bruce E. Payne Michigan State Police Emergency Management & Homeland Security Infrastructure Analysis & Response Section Sgt. Bruce E. Payne Presidential Directive On December 17, 2003, President Bush issued Homeland

More information

STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE

STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE COMMITTEE ON ENERGY AND NATURAL RESOURCES UNITED STATES SENATE

More information

Preventing and Defending Against Cyber Attacks November 2010

Preventing and Defending Against Cyber Attacks November 2010 Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing

More information

PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM

PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM Don Dickinson Phoenix Contact USA P.O. Box 4100 Harrisburg, PA 17111 ABSTRACT Presidential Executive Order 13636 Improving

More information

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security Boeing Defense, Space & Security Ventures Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security Tristan Glenwright - Boeing BOEING is a trademark of Boeing Management Company. The

More information

Actions and Recommendations (A/R) Summary

Actions and Recommendations (A/R) Summary Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry

More information

Hearing on Oversight of Federal Efforts to Address Electromagnetic Risks. May 17, 2016

Hearing on Oversight of Federal Efforts to Address Electromagnetic Risks. May 17, 2016 Testimony of Joseph McClelland Director, Office of Energy Infrastructure Security Federal Energy Regulatory Commission Before the Committee on Homeland Security Subcommittee on Oversight and Management

More information

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA JOÃO MANUEL ASSIS BARBAS Coronel de Artilharia. Assessor de Estudos do IDN INTRODUCTION Globalization and information and communication technologies

More information

Cyber Security The Leadership Opportunity for Joint Action Agencies. 2013 APPA Joint Action Workshop

Cyber Security The Leadership Opportunity for Joint Action Agencies. 2013 APPA Joint Action Workshop Cyber Security The Leadership Opportunity for Joint Action Agencies 2013 APPA Joint Action Workshop Doug Westlund N-Dimension Solutions Inc. Cyber Security for the Smart Grid Cyber Risk Reduction Questions

More information

CyberSecurity Solutions. Delivering

CyberSecurity Solutions. Delivering CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions

More information

State Roles in Enhancing the Cybersecurity of Energy Systems and Infrastructure

State Roles in Enhancing the Cybersecurity of Energy Systems and Infrastructure NGA PAPER State Roles in Enhancing the Cybersecurity of Energy Systems and Infrastructure Executive Summary Protecting the nation s energy system and infrastructure from cyber threats is of vital importance

More information

Cybersecurity: Mission integration to protect your assets

Cybersecurity: Mission integration to protect your assets Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions

More information

Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING

Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING Sec. 1. Department of Homeland Security Cybersecurity Authority Section 1(a) amends Title II of the Homeland

More information

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

Defensible Strategy To. Cyber Incident Response

Defensible Strategy To. Cyber Incident Response Cyber Incident Response Defensible Strategy To Cyber Incident Response Cyber Incident Response Plans Every company should develop a written plan (cyber incident response plan) that identifies cyber attack

More information

State Engagement with the Energy Sector to Improve Cyber Security

State Engagement with the Energy Sector to Improve Cyber Security Contact: Allison Cullin Homeland Security and Technology Division 202/624-5311 April 20, 2010 State Engagement with the Energy Sector to Improve Cyber Security Executive Summary The state-owned computer

More information

Working with the Federal Government on Cybersecurity

Working with the Federal Government on Cybersecurity O B S I D I A N C Y B E R S E C U R I T Y O C C A S I O N A L P A P E R Working with the Federal Government on Cybersecurity Preparation is Key to Success December 5, 2013 Table of Contents CONSIDER THIS...

More information

Industrial Defender, Inc.: Recipient of the 2008 Global Risk Management Process Control & SCADA Company of the Year Award

Industrial Defender, Inc.: Recipient of the 2008 Global Risk Management Process Control & SCADA Company of the Year Award F R O S T & S U L L I V A N 2008 Industrial Defender, Inc.: Recipient of the 2008 Global Risk Management Process Control & SCADA Company of the Year Award Todd Nicholson (left), Chief Marketing Officer,

More information

Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach

Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach Executing a Critical Infrastructure Risk Management Approach Risk is defined as the potential for an unwanted outcome resulting

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security

More information

Update On Smart Grid Cyber Security

Update On Smart Grid Cyber Security Update On Smart Grid Cyber Security Kshamit Dixit Manager IT Security, Toronto Hydro, Ontario, Canada 1 Agenda Cyber Security Overview Security Framework Securing Smart Grid 2 Smart Grid Attack Threats

More information

Securing the Network: Cybersecurity Recommendations for Critical Infrastructure and the Global Supply Chain Telecommunications Industry Association

Securing the Network: Cybersecurity Recommendations for Critical Infrastructure and the Global Supply Chain Telecommunications Industry Association Securing the Network: Cybersecurity Recommendations for Critical Infrastructure and the Global Supply Chain Telecommunications Industry Association EXECUTIVE SUMMARY: The increased integration of information

More information

ASX SETTLEMENT OPERATING RULES Guidance Note 10

ASX SETTLEMENT OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

September 4, 2003. appearing before you today. I am here to testify about issues and challenges in providing for

September 4, 2003. appearing before you today. I am here to testify about issues and challenges in providing for Testimony of John A. McCarthy, Director of the Critical Infrastructure Protection Project, George Mason School of Law Before a joint hearing of the House Subcommittee on Infrastructure Security and The

More information

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to

More information

Increasing Energy Reliability & Resiliency NGA Policy Institute for Governors' Energy Advisors Denver Colorado, September 11, 2013

Increasing Energy Reliability & Resiliency NGA Policy Institute for Governors' Energy Advisors Denver Colorado, September 11, 2013 + Increasing Energy Reliability & Resiliency NGA Policy Institute for Governors' Energy Advisors Denver Colorado, September 11, 2013 Jeffrey R. Pillon, Director, Energy Assurance Programs National Association

More information

Data Security Concerns for the Electric Grid

Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid The U.S. power grid infrastructure is a vital component of modern society and commerce, and represents a critical

More information

Subject: Critical Infrastructure Identification, Prioritization, and Protection

Subject: Critical Infrastructure Identification, Prioritization, and Protection For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

Assessment of natural hazards, man made hazards, technical and societal related risks and associated impact.

Assessment of natural hazards, man made hazards, technical and societal related risks and associated impact. Aon Business Continuity Planning The Aon Business Continuity Planning practice provides consulting services that allow Aon clients to measure and manage their strategic and tactical risks through Crisis

More information

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit Page 1 of 10 Events Partners Careers Contact Facebook Twitter LinkedIn Pike Research Search search... Home About Research Consulting Blog Newsroom Media My Pike Logout Overview Smart Energy Clean Transportation

More information

Protect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies

Protect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies Protect Your Assets Cyber Security Engineering Control Systems. Power Plants. Hurst Technologies Cyber Security The hackers are out there and the cyber security threats to your power plant are real. That

More information

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

December 17, 2003 Homeland Security Presidential Directive/Hspd-7 For Immediate Release Office of the Press Secretary December 17, 2003 December 17, 2003 Homeland Security Presidential Directive/Hspd-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

PREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection

PREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection More Intelligent, More Effective Cybersecurity Protection January 2013 Business Roundtable (BRT) is an association of chief executive officers of leading U.S. companies with more than $7.3 trillion in

More information

Critical Infrastructure

Critical Infrastructure Critical Infrastructure Long-term Trends and Drivers and Their Implications for Emergency Management June 2011 Overview The state and nature of infrastructure is likely to change over the next several

More information

Priority III: A National Cyberspace Security Awareness and Training Program

Priority III: A National Cyberspace Security Awareness and Training Program Priority III: A National Cyberspace Security Awareness and Training Program Everyone who relies on part of cyberspace is encouraged to help secure the part of cyberspace that they can influence or control.

More information

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS NEW YORK Jeremy Feigelson jfeigelson@debevoise.com WASHINGTON, D.C. Satish M. Kini smkini@debevoise.com Renee

More information

REMARKS BY US PRESIDENT BARACK OBAMA ON SECURING THE NATION'S CYBER INFRASTRUCTURE

REMARKS BY US PRESIDENT BARACK OBAMA ON SECURING THE NATION'S CYBER INFRASTRUCTURE REMARKS BY US PRESIDENT BARACK OBAMA ON SECURING THE NATION'S CYBER INFRASTRUCTURE 29 May 2009 THE PRESIDENT: Everybody, please be seated. We meet today at a transformational moment -- a moment in history

More information

An Overview of Large US Military Cybersecurity Organizations

An Overview of Large US Military Cybersecurity Organizations An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United

More information