Utility Telecom Forum. Robert Sill, CEO & President Aegis Technologies February 4, 2008

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Utility Telecom Forum. Robert Sill, CEO & President Aegis Technologies February 4, 2008"

Transcription

1 Utility Telecom Forum Robert Sill, CEO & President Aegis Technologies February 4,

2 Agenda Asked to describe his job, Mike Selves, director of Emergency Management and Homeland Security in Johnson County, Kan., recalls what he once told county commissioners who also posed the question. My job, he said, is to tell you things you don t want to hear, asking you to spend money you don t have for something you don t believe will ever happen. Page 2 2

3 Agenda Current communications networks Issues facing the industry Case Study: Integration into production environment at Utility Page 2 3

4 Typical Communication Network Page 3 4

5 Industry Parallel: Banking Banking sector Relatively secure islands until networking technology introduced in the 1980 s and 1990 s Beginning of modern IT Security, vulnerability protection Energy Sector Discovering that Utilities are already connected, vulnerabilities exist NERC compliance is the first step towards complete cyber security Heading toward federally-influenced completely secure systems as in banking Page 4 5

6 Increasing Complexity of Systems Increased demand on Control System networks has outpaced spending on communication infrastructure upgrades Communication infrastructure limitations may prevent new control devices from being effectively added Bit-oriented protocols still utilized by Utility, but new devices may not support Lack of understanding of bit protocols Reliability can become jeopardized Page 7 6

7 Current Options for System Upgrade Industry and Government moving in different directions Smart-Grid and Substation Automation Interconnectivity NERC it or disconnect it Routable protocols must have security measures in place Replacement costs associated with new technology are high Technology available is limited and incomplete Upgrade process is time-consuming Budget limitations may cause upgrades to be done in pieces over time Supplier industry moving towards IP networks Consideration must be given to security, reliability, and cost of upkeep Page 8 7

8 Convergence of Technologies Serial: designed for reliability IP: designed for information sharing Non-guaranteed delivery (without TCP) Shared bandwidth Neither system designed for security Page 9 8

9 Effects of an IP Network IP is and will be ever more expensive to secure 30+ years of developed hacking experience 25,000+ known IP network vulnerabilities (CVE list) Some of these bugs are in currently deployed security patches Annual Hacking Conferences Millions upon millions are and will be spent on defending against these IP vulnerabilities More vulnerabilities discovered every day Page 10 9

10 Division Between Control Center and the Field Who s responsibility is this? Control Center responsibility Field responsibility Page 11 10

11 Network Vulnerabilities are Across the Entire System Page 12 11

12 Division Between Control Center and the Field Lack of understanding of entire communication network Network is segmented with specialized expertise/knowledge Collaboration between those in the control center and those in the field is minimal Vendors are specialized in one area and don t necessarily look at the big picture Makes implementing upgrades to the system very difficult Page 13 12

13 Influence of Aging Workforce on Electric Industry Baby Boomers make up 1/3 of US workforce Two biggest challenges facing the Power Industry* loss of critical knowledge inability to find replacements with utility-specific skills Number of Electrical Engineering degrees is declining Inadequate Knowledge transfer/documentation passed down to new workforce *According to the APPA research report Work Force Planning for Public Power Utilities Page 14 13

14 Thousands Workforce Maturation Billions KWH *2010 *2015 Year baby boomers % of workforce Demand for Energy Degrees in EE (thousands) Degrees in IT (thousands) Sources: U.S. Bureau of Labor Statistics U.S. Dept of Education Energy Information Administration Page 15 14

15 Changing Environment Control networks are now more connected, more complex, and more expensive to maintain Replacement costs are high Influence of IP on Control Systems Choice between reliable serial vs. TCP/IP with vulnerabilities NERC, Routable protocols Specialized expertise no comprehensive understanding of the system. Fewer Electrical Engineers, more IT NERC influencing utilities to disconnect their systems Page 16 15

16 What can you do? An Actual Case Study Investor Owned Utility: Co-developer Design considerations Life extension of current system by utilizing proven technology to provide performance improvement Improve troubleshooting capabilities to increase reliability and response time while reducing maintenance costs Operate with a vastly improved cyber security system Improve and secure control systems now and expand capabilities as new technology and standards emerge Cannot effect SCADA traffic, must operate between data scans Latency must be minimal Page 17 16

17 Smarter, Faster, Safer SCADA Odyssey Product Series operational benefits Make the system smarter with: troubleshooting tools such as event logging, byte by byte data captures, and control from the Host (not the field) Make the system faster with: self-optimizing compression and bit and byte-oriented protocol compatibility Extend the life of your system, and in the process, secure your communications and achieve NERC CIP compliance Page 18 17

18 Installed in the system Page 19 18

19 Actual 19 Rack Mount Installation At Operations Center: Host installs next to EMS/DMS At the Substation: RSM, RMD next to RTU, IEDs Page 20 19

20 Appl Appl Appl SW RSM Communication Communication Communication Appl Appl Appl Communication SW RSM HW RSM Optionally Manages SCADA OCPs Too Control Network RMD Dial-Up Modem AMI Data AMI Data ooo oo Residential Meter AMI Data AMI RSM EMS Odyssey Web & DB ICCP AMI Data RTU Control Network ooo oo Residential Meter Optional connection to To RTU AMI Data OCP Odyssey Authentication Server Collection Point Meter ooo oo Residential Meter Embedded OCP Software SCADA SCADA Video Communication Audio SCADA SCADA Card RTU RSM Multifunction RSM/RMD RTU Standalone RMD IED IED RTU IED RMD Dial-Up Modem Dial-Up Modem Dial-Up Modem Complete Security Perimeter Generation Plant SCADA Control Center Pole Top Substation #1 UNIT 1 PLC RSM DCS Network DCS Network UNIT 2 d Remote PLC Over Short-Range Wireless Link Internet Remote Access Corporate WAN Remote Access FEP FEP SCADA Communications Cloud Substation #2 Operations LAN Substation #3 Odyssey Host Web/DB Server OCP Security Measures Plant Security: Authenticates all application traffic, point to point Blocks virus and other unauthorized traffic between servers OCP isolates Units and Operations LAN, for maximum protection Detailed event logging Remote Link Security Authenticates all remote user and WAN access Authenticates traffic from remote PLC s Generation Plant Network Remote Access Security T&D Network Security Measures T&D Network: Encrypt and compress SCADA traffic Device Authentication Central Management and Troubleshooting Remote Access Defense: Real-time access control of dial-up lines Authenticates against Odyssey Web & DB RMDs centrally managed Enterprise WAN To SCADA Network AMI Control Center Security Measures Metering Office: Encrypt telecom Authenticate that readings are from an authorized collection point Substation: Encrypt telecom connection to T&D SCADA Field Meter: Authorized metering source Encrypt meter readings Prevent & alert on tampering AMI Server Odyssey Web & DB Comm. Server OCP Comm. Server AM I Network AMI Communications Cloud Smart RSM Substation ooo oo A variety of communications formats may be present, such as: PSTN (telephone lines) Serial Leased Lines Serial RF Links Comm. Over Power Lines Satellite Page 21 20

21 Defense in Depth 2048-bit streaming encryption Eliminates latency associated with block encryption Supports TCP and serial links Authentication Device to device User authentication Configurable role-based user permission settings Centralized password management Dialup Remote Modem Defense RMD Hardened field unit installs at the substation Authenticates users dialing into IEDs Central management of dial-in users and passwords Real-time reporting of modem activity, alerts Page 23 21

22 Case Study Summary Life of existing communication infrastructure extended through: Improved system performance Effective troubleshooting tools Central control of remote devices Utility Operational system after Odyssey installation: Devices with serial maintenance ports configured from control center Errors in communication diagnosed from control center Comprehensive cyber-security perimeter Event logging capabilities for efficient troubleshooting Extensive data monitoring/forensics Able to send byte-oriented Conitel data to substation Improved communication speeds with compression and bit to byte capabilities Page 24 22

23 Your Aging Communications Infrastructure Extend the life of your existing system Effective troubleshooting tools can reduce maintenance costs and increase efficiency Speeding up communication can allow more data to be transmitted, more devices to be added, and increase reliability Securing the system ensures longevity Questions? Page 25 23

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc. Securing Modern Substations With an Open Standard Network Security Solution Kevin Leech Schweitzer Engineering Laboratories, Inc. Copyright SEL 2009 What Makes a Cyberattack Unique? While the resources

More information

How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework

How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework How to Integrate NERC s Requirements in an Ongoing Automation and Integration Project Framework Jacques Benoit, Cooper Power Systems Inc., Energy Automations Solutions - Cybectec Robert O Reilly, Cooper

More information

Innovative Defense Strategies for Securing SCADA & Control Systems

Innovative Defense Strategies for Securing SCADA & Control Systems 1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet

More information

Reclamation Manual Directives and Standards

Reclamation Manual Directives and Standards Electronic Security Perimeter (ESP) Identification and Access Control Process 1. Introduction. A. This document outlines a multi-step process for identifying and protecting ESPs pursuant to the North American

More information

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005 SCADA System Security ECE 478 Network Security Oregon State University March 7, 2005 David Goeke Hai Nguyen Abstract Modern public infrastructure systems

More information

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL AU7087_C013.fm Page 173 Friday, April 28, 2006 9:45 AM 13 Access Control The Access Control clause is the second largest clause, containing 25 controls and 7 control objectives. This clause contains critical

More information

SCADA Security Training

SCADA Security Training SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,

More information

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT Utilities WHITE PAPER May 2013 INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT Table of Contents Introduction...3 Problem Statement...4 Solution Requirements...5 Components of an Integrated

More information

John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)

More information

Manage Utility IEDs Remotely while Complying with NERC CIP

Manage Utility IEDs Remotely while Complying with NERC CIP Manage Utility IEDs Remotely while Complying with NERC CIP Disclaimer and Copyright The information regarding the products and solutions in this document are subject to change without notice. All statements,

More information

IT Security and OT Security. Understanding the Challenges

IT Security and OT Security. Understanding the Challenges IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control

More information

RuggedCom Solutions for

RuggedCom Solutions for RuggedCom Solutions for NERC CIP Compliance Rev 20080401 Copyright RuggedCom Inc. 1 RuggedCom Solutions Hardware Ethernet Switches Routers Serial Server Media Converters Wireless Embedded Software Application

More information

TRIPWIRE NERC SOLUTION SUITE

TRIPWIRE NERC SOLUTION SUITE CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering

More information

NERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com

NERC CIP Substation Cyber Security Update. John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)

More information

Verve Security Center

Verve Security Center Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution

More information

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network WP 1004HE Part 5 1. Cyber Security White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network Table of Contents 1. Cyber Security... 1 1.1 What

More information

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance NERC CIP Whitepaper How Endian Solutions Can Help With Compliance Introduction Critical infrastructure is the backbone of any nations fundamental economic and societal well being. Like any business, in

More information

Electricity for Free? The Dirty Underbelly of SCADA and Smart Meters

Electricity for Free? The Dirty Underbelly of SCADA and Smart Meters sorry Electricity for Free? The Dirty Underbelly of SCADA and Smart Meters Jonathan Pollet, CISSP, CAP, PCIP July 2010 Table of Contents Introduction...3 Power Generation, Transmission, and Distribution...4

More information

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors March 25-27, 2014 Steven A. Kunsman i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors ABB Inc. March 26, 2015 Slide 1 Cyber Security for Substation

More information

SECURING THE MOVE TO IP-BASED SCADA/PLC NETWORKS

SECURING THE MOVE TO IP-BASED SCADA/PLC NETWORKS SECURING THE MOVE TO IP-BASED SCADA/PLC NETWORKS November 2011 Purpose The purpose of this guide is to provide examples/types of SCADA and control systems and their typical use in industry. This document

More information

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc. Cyber Security :: Insights & Recommendations for Secure Operations N-Dimension Solutions, Inc. Cyber Security Protection for Critical Infrastructure Assets Agenda: Cyber Landscape Cyber Threats to Your

More information

Designing a security policy to protect your automation solution

Designing a security policy to protect your automation solution Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...

More information

IT Networking and Security

IT Networking and Security elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer

More information

Holistic View of Industrial Control Cyber Security

Holistic View of Industrial Control Cyber Security Holistic View of Industrial Control Cyber Security A Deep Dive into Fundamentals of Industrial Control Cyber Security Learning Goals o Understanding security implications involving industrial control systems

More information

CIP Version 5 Supports Unidirectional Security Gateways

CIP Version 5 Supports Unidirectional Security Gateways CIP Version 5 Supports Unidirectional Security Gateways Paul Feldman Independent Director MISO & WECC Lior Frenkel CEO and Co-Founder Waterfall Security Solutions May, 2013 Abstract The NERC CIP Version

More information

Impact of NERC CIP Version 5 on Synchrophasor Systems

Impact of NERC CIP Version 5 on Synchrophasor Systems Impact of NERC CIP Version 5 on Synchrophasor Systems What the heck do we do NOW? or What are the CIP implications for a substation if we install synchrophasor infrastructure? Disclaimer While I have worked

More information

Cyber Security Compliance (NERC CIP V5)

Cyber Security Compliance (NERC CIP V5) Cyber Security Compliance (NERC CIP V5) Ray Wright NovaTech, LLC Abstract: In December 2013, the Federal Energy Regulatory Commission (FERC) issued Order No. 791 which approved the Version 5 CIP Reliability

More information

GE Measurement & Control. Cyber Security for NERC CIP Compliance

GE Measurement & Control. Cyber Security for NERC CIP Compliance GE Measurement & Control Cyber Security for NERC CIP Compliance GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used for purposes

More information

Smart Substation Security

Smart Substation Security Smart Substation Security SmartSec Europe 2014 Amsterdam 29/01/2014 Agenda Context Elia Introduction to the substation environment in Elia Security design and measures in the substation Near and far future

More information

Document ID. Cyber security for substation automation products and systems

Document ID. Cyber security for substation automation products and systems Document ID Cyber security for substation automation products and systems 2 Cyber security for substation automation systems by ABB ABB addresses all aspects of cyber security The electric power grid has

More information

Security Testing in Critical Systems

Security Testing in Critical Systems Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base

More information

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives Center of excellence for secure integration, deployment and sustainment of Industrial Control Systems and Operational Technology

More information

Cyber Protection for Building Automation and Energy Management Systems

Cyber Protection for Building Automation and Energy Management Systems Cyber Protection for Building Automation and Energy Management Systems IT and Network Operations Managers Perspective PROTECT YOUR INVESTMENT Reinforcing the Integrity of Enterprise Networks The intersection

More information

WHITEPAPER: The advantages of system automation tools in remote management systems

WHITEPAPER: The advantages of system automation tools in remote management systems WHITEPAPER: The advantages of system automation tools in remote management systems Table of Contents 1. Introduction 2. General benefits of system automation tools 3. Managed anti-virus software 4. Managed

More information

ISACA rudens konference

ISACA rudens konference ISACA rudens konference 8 Novembris 2012 Procesa kontroles sistēmu drošība Andris Lauciņš Ievads Kāpēc tēma par procesa kontroles sistēmām? Statistics on incidents Reality of the environment of industrial

More information

Cyber Security Assessment of Enterprise-Wide Architectures

Cyber Security Assessment of Enterprise-Wide Architectures Cyber Security Assessment of Enterprise-Wide Architectures Mathias Ekstedt, Associate Prof. Industrial Information and Control Systems KTH Royal Institute of Technology Agenda Problem framing Management/design

More information

Lessons Learned from AMI Pioneers Follow the Path to Success

Lessons Learned from AMI Pioneers Follow the Path to Success welcome Lessons Learned from AMI Pioneers Follow the Path to Success Joe Cummins, PCIP UTC TELECOM May 2010 394 Simcoe Street South Oshawa, ON L1H 4J4 (905) 404-2009 2 outline security risks in smart grid

More information

CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT

CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT Energy Research and Development Division FINAL PROJECT REPORT CONTROL SYSTEM VENDOR CYBER SECURITY TRENDS INTERIM REPORT Prepared for: Prepared by: California Energy Commission KEMA, Inc. MAY 2014 CEC

More information

Client-Server SCADA Technology

Client-Server SCADA Technology Client-Server SCADA Technology A FULL WEB BROWSER-BASED SUITE BRIDGING THE OPERATION & INFORMATION GAP WITH WEB BROWSER DASHBOARDS FOR: v MANAGEMENT DECISION MAKERS v PRODUCTION/ OPERATIONS v MOBILE WORKFORCES

More information

Meeting NERC CIP requirements with Cooper Power Systems IED Integration and Automation Solutions

Meeting NERC CIP requirements with Cooper Power Systems IED Integration and Automation Solutions Meeting NERC CIP requirements with Cooper Power Systems IED Integration and Automation Solutions This document describes the security features of Cooper Power Systems SMP Gateway and Yukon IED Manager

More information

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security

More information

Redesigning automation network security

Redesigning automation network security White Paper WP152006EN Redesigning automation network security Presented at Power and Energy Automation Conference (PEAC), Spokane, WA, March 2014 Jacques Benoit Eaton s Cooper Power Systems Abstract The

More information

Best Practices for DanPac Express Cyber Security

Best Practices for DanPac Express Cyber Security March 2015 - Page 1 Best Practices for This whitepaper describes best practices that will help you maintain a cyber-secure DanPac Express system. www.daniel.com March 2015 - Page 2 Table of Content 1 Introduction

More information

What Risk Managers need to know about ICS Cyber Security

What Risk Managers need to know about ICS Cyber Security What Risk Managers need to know about ICS Cyber Security EIM Risk Managers Conference February 18, 2014 Joe Weiss PE, CISM, CRISC, ISA Fellow (408) 253-7934 joe.weiss@realtimeacs.com ICSs What are they

More information

RUGGEDCOM CROSSBOW. Secure Access Management Solution. siemens.com/ruggedcom. Edition 10/2014. Brochure

RUGGEDCOM CROSSBOW. Secure Access Management Solution. siemens.com/ruggedcom. Edition 10/2014. Brochure RUGGEDCOM CROSSBOW Secure Access Management Solution Brochure Edition 10/2014 siemens.com/ruggedcom Siemens RUGGEDCOM CROSSBOW Secure Access Manager and Station Access Controller Siemens RUGGEDCOM CROSSBOW

More information

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations

More information

NERC CIP VERSION 5 COMPLIANCE

NERC CIP VERSION 5 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining

More information

Tempered Networks NERC CIP Alignment

Tempered Networks NERC CIP Alignment NERC CIP Alignment Executive Summary Utilities are currently weighing the advantages of increasing IP connectivity across all levels of operations against the costs of regulatory compliance. Meeting NERC

More information

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample

More information

Notable Changes to NERC Reliability Standard CIP-005-5

Notable Changes to NERC Reliability Standard CIP-005-5 MIDWEST RELIABILITY ORGANIZATION Notable Changes to NERC Reliability Standard CIP-005-5 Electronic Security Perimeter(s) Bill Steiner MRO Principal Risk Assessment and Mitigation Engineer MRO CIP Version

More information

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which

More information

Joe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security

Joe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security Joe Andrews, MsIA, CISSP-ISSEP, ISSAP, ISSMP, CISA, PSP Sr. Compliance Auditor Cyber Security CIP-005-3 Audit Approach, ESP Diagrams, Industry Best Practices September 24 25, 2013 SALT LAKE CITY, UTAH

More information

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements

More information

Electronic Transaction Market Industry Whitepaper. Systech Corporation Internet Payment Gateways

Electronic Transaction Market Industry Whitepaper. Systech Corporation Internet Payment Gateways Electronic Transaction Market Industry Whitepaper Systech Corporation Internet Payment Gateways John Stafford Director, Payment Systems johns@systech.com 800-800-8970 x483 Systech IPG/7000 Series Internet

More information

Industrial Security for Process Automation

Industrial Security for Process Automation Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical

More information

Securing Distribution Automation

Securing Distribution Automation Securing Distribution Automation Jacques Benoit, Cooper Power Systems Serge Gagnon, Hydro-Québec Luc Tétreault, Hydro-Québec Western Power Delivery Automation Conference Spokane, Washington April 2010

More information

Remote Services. Managing Open Systems with Remote Services

Remote Services. Managing Open Systems with Remote Services Remote Services Managing Open Systems with Remote Services Reduce costs and mitigate risk with secure remote services As control systems move from proprietary technology to open systems, there is greater

More information

Industrial Network Security and Connectivity. Tunneling Process Data Securely Through Firewalls. A Solution To OPC - DCOM Connectivity

Industrial Network Security and Connectivity. Tunneling Process Data Securely Through Firewalls. A Solution To OPC - DCOM Connectivity Industrial Network Security and Connectivity Tunneling Process Data Securely Through Firewalls A Solution To OPC - DCOM Connectivity Manufacturing companies have invested billions of dollars in industrial

More information

The Importance of Cybersecurity Monitoring for Utilities

The Importance of Cybersecurity Monitoring for Utilities The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive

More information

13 Ways Through A Firewall What you don t know will hurt you

13 Ways Through A Firewall What you don t know will hurt you Scientech 2013 Symposium: Managing Fleet Assets and Performance 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions andrew. ginter

More information

How to Choose the Right Industrial Firewall: The Top 7 Considerations. Li Peng Product Manager

How to Choose the Right Industrial Firewall: The Top 7 Considerations. Li Peng Product Manager How to Choose the Right Industrial Firewall: The Top 7 Considerations Li Peng Product Manager The right industrial firewall can strengthen the safety and reliability of control systems Central to industrial

More information

The Cyber Security Modeling Language and Cyber Security research at department for Industrial Information and Control Systems

The Cyber Security Modeling Language and Cyber Security research at department for Industrial Information and Control Systems The Cyber Security Modeling Language and Cyber Security research at department for Industrial Information and Control Systems Mathias Ekstedt, Associate Prof. KTH Royal Institute of Technology, Stockholm

More information

13 Ways Through A Firewall

13 Ways Through A Firewall Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright

More information

Secure Substation Automation for Operations & Maintenance

Secure Substation Automation for Operations & Maintenance Secure Substation Automation for Operations & Maintenance Byron Flynn GE Energy 1. Abstract Today s Cyber Security requirements have created a need to redesign the Station Automation Architectures to provide

More information

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 Table of Contents Introduction AMI Communication Architecture Security Threats Security

More information

Cyber Security. Smart Grid

Cyber Security. Smart Grid Cyber Security for the Smart Grid Peter David Vickery Executive Vice President N-Dimension Solutions Inc. APPA National Conference June 21, 2010 Cyber Security Solutions For Cyber Security

More information

Utilities Facing Many Challenges

Utilities Facing Many Challenges Utilities Facing Many Challenges Cyber Security Is One Area Where Help Is Available Executive Summary Utilities are in the crosshairs of many forces in the world today. Among these are environmental global

More information

ADM:49 DPS POLICY MANUAL Page 1 of 5

ADM:49 DPS POLICY MANUAL Page 1 of 5 DEPARTMENT OF PUBLIC SAFETY POLICIES & PROCEDURES SUBJECT: IT OPERATIONS MANAGEMENT POLICY NUMBER EFFECTIVE DATE: 09/09/2008 ADM: 49 REVISION NO: ORIGINAL ORIGINAL ISSUED ON: 09/09/2008 1.0 PURPOSE The

More information

Palomar College Dial-up Remote Access

Palomar College Dial-up Remote Access Palomar College Dial-up Remote Access Instructions for Windows 95/98 and Windows 2000 Following are instructions to implement dialup access to the Palomar College network, email and Internet. The minimum

More information

Making the most out of substation IEDs in a secure, NERC compliant manner

Making the most out of substation IEDs in a secure, NERC compliant manner Making the most out of substation IEDs in a secure, NERC compliant manner Jacques Benoit, Product Marketing Manager, Cybectec Inc. Jean-Louis Pâquet, Chief of Technology, Cybectec Inc. Abstract An increasing

More information

NERC CIP Requirements and Lexmark Device Security

NERC CIP Requirements and Lexmark Device Security Overview The information in this document explains how Lexmark multifunction printers (MFPs) and network printers can assist with compliance to the NERC s Critical Infrastructure Protection (CIP) requirements.

More information

Industrial Security in the Connected Enterprise

Industrial Security in the Connected Enterprise Industrial Security in the Connected Enterprise Presented by Rockwell Automation 2008 Cisco Systems, Inc. and Rockwell Automation, Inc. All rights reserved. THE CONNECTED ENTERPRISE Optimized for Rapid

More information

Understand Wide Area Networks (WANs)

Understand Wide Area Networks (WANs) Understand Wide Area Networks (WANs) Lesson Overview In this lesson, you will review: Dial-up Integrated services digital networks (ISDN) Leased lines Virtual private networks (VPN) Wide area networks

More information

CrossBow NERC CIP Compliance Matrix

CrossBow NERC CIP Compliance Matrix Section Requirement CIP-002-1 Cyber Security Critical Cyber Asset Identification R3, M3 the Responsible Entity shall develop a list of associated Critical Cyber Assets essential to the operation of the

More information

Could your utility improve efficiency and performance with third-party services?

Could your utility improve efficiency and performance with third-party services? White Paper Outsourced Smart Grid Services: A Smart Approach for AMI and Beyond Could your utility improve efficiency and performance with third-party services? Jim Blake Director of Customer Operations

More information

Network Cyber Security. Presented by: Motty Anavi RFL Electronics

Network Cyber Security. Presented by: Motty Anavi RFL Electronics Network Cyber Security Presented by: Motty Anavi RFL Electronics Agenda Cyber Security Threats Defense Strategy & Consequences Next Generation Networking ICS Vulnerabilities Liabilities Next Gen Networking

More information

What is Really Needed to Secure the Internet of Things?

What is Really Needed to Secure the Internet of Things? What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs alan.grau@iconlabs.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices

More information

Utility Modernization Cyber Security City of Glendale, California

Utility Modernization Cyber Security City of Glendale, California Utility Modernization Cyber Security City of Glendale, California Cyber Security Achievements Cyber Security Achievements (cont) 1. Deploying IT Security Awareness training program Q4 2012 2. Purchased

More information

Industrial Security Solutions

Industrial Security Solutions Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats

More information

Network Assessment Services

Network Assessment Services Network ment Services Information networks are arguably your most important IT assets, their speed and reliability are the foundations upon which your critical business systems and applications run. Ensuring

More information

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005 State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology

More information

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies

More information

OPCNet Broker TM for Industrial Network Security and Connectivity

OPCNet Broker TM for Industrial Network Security and Connectivity OPCNet Broker TM for Industrial Network Security and Connectivity Tunneling Process Data Securely Through Firewalls A Solution To OPC - DCOM Connectivity from Integration Objects Compatible for DA, HDA

More information

Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity)

Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity) Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity) Abstract Strong identity management enforced with digital authentication mechanisms

More information

An IT Perspective of Control Systems Security

An IT Perspective of Control Systems Security An IT Perspective of Control Systems Security Abstract Enterprises with industrial operations typically utilize at least two types of computer networks Information Technology (IT) - a network that supports

More information

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation Rev 5058-CO900C Agenda Control System Network Security Defence in Depth Secure Remote Access Examples

More information

Network Management System (NMS) FAQ

Network Management System (NMS) FAQ Network Management System (NMS) FAQ Q: How does the NMS work? A: The Cooper NMS is a powerful, flexible and highly scalable wireless and fixed network management solution for thousands of network nodes

More information

Penetration Testing of control systems, is it a good idea?

Penetration Testing of control systems, is it a good idea? SANS Amsterdam, Netherlands September 8, 2008 Penetration Testing of control systems, is it a good idea? Managing Consultant Roelof.Klein@capgemini.com http://www.linkedin.com/in/roelofklein Definition

More information

The Industrial Wireless Book - Articles TECHNICAL ARTICLE: USING GPRS TO CONNECT SMALL, OUTLYING STATIONS

The Industrial Wireless Book - Articles TECHNICAL ARTICLE: USING GPRS TO CONNECT SMALL, OUTLYING STATIONS Page 1 of 6 Print this Page Close this Window TECHNICAL ARTICLE: USING GPRS TO CONNECT SMALL, OUTLYING STATIONS Process monitoring and control for electricity distribution grids until now has been available

More information

AMI security considerations

AMI security considerations AMI security considerations Jeff McCullough Introduction Many electric utilities are deploying or planning to deploy smart grid technologies. For smart grid deployments, advanced metering infrastructure

More information

CTS2134 Introduction to Networking. Module 07: Wide Area Networks

CTS2134 Introduction to Networking. Module 07: Wide Area Networks CTS2134 Introduction to Networking Module 07: Wide Area Networks WAN cloud Central Office (CO) Local loop WAN components Demarcation point (demarc) Consumer Premises Equipment (CPE) Channel Service Unit/Data

More information

IT Networking and Security

IT Networking and Security elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software powered by Calibrate www.medallionlearning.com

More information

Print Audit Facilities Manager Technical Overview

Print Audit Facilities Manager Technical Overview Print Audit Facilities Manager Technical Overview Print Audit Facilities Manager is a powerful, easy to use tool designed to remotely collect meter reads, automate supplies fulfilment and report service

More information

Cyber Security nei prodotti di automazione

Cyber Security nei prodotti di automazione Cyber Security nei prodotti di automazione Marco Biancardi, ABB SpA, Power System Division 11 dicembre 2013, Roma Why is it an issue? Isolated devices Point to point interfaces Proprietary networks Standard

More information

Machine control going www - Opportunities and risks when connecting a control system to the Internet

Machine control going www - Opportunities and risks when connecting a control system to the Internet B&R Industrial Automation Corp. 1325 Northmeadow Parkway, S-130 Tel: (770) 772-0400 E-mail: office.us@br-automation.com Roswell, Georgia 30076 Fax: (770) 772-0243 Internet: www.br-automation.com Machine

More information

Secure VoIP for optimal business communication

Secure VoIP for optimal business communication White Paper Secure VoIP for optimal business communication Learn how to create a secure environment for real-time audio, video and data communication over IP based networks. Andreas Åsander Manager, Product

More information

Summary of CIP Version 5 Standards

Summary of CIP Version 5 Standards Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have

More information

Security in the smart grid

Security in the smart grid Security in the smart grid Security in the smart grid It s hard to avoid news reports about the smart grid, and one of the media s favorite topics is security, cyber security in particular. It s understandable

More information

Technology Spotlight on Cellular Data Networking for SCADA system networks. Presented by Teamwork Solutions, Inc.

Technology Spotlight on Cellular Data Networking for SCADA system networks. Presented by Teamwork Solutions, Inc. on Cellular Data Networking for SCADA system networks Presented by Teamwork Solutions, Inc. Wireless (Cellular) Data Networking Internet SCADA Server How Wireless (Cellular) Data Networking Works Dynamic

More information

CG Automation Solutions USA

CG Automation Solutions USA CG Automation Solutions USA (Formerly QEI Inc.) Automation Products and Solutions CG Automation Works for You INDUSTRY SOLUTIONS Electric T&D Utilities Renewable Energy Transit Authorities Public Power

More information