Critical Infrastructure Protection (CIP)

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Critical Infrastructure Protection (CIP)"

Transcription

1 Critical Infrastructure Protection (CIP) Dr. K. P. Ananth Phone: (208) Presentation at EU sf Raising Public Awareness about the Information Society Tallinn, Estonia 14 March 2012 INL/CON

2 Outline Background on Idaho National Laboratory What constitutes Critical Infrastructure in the U.S. and why protect it? Risks and Threats: Cyber threats to Electric Grid, Control Systems and Wireless Communications Some current approaches for protecting Critical Infrastructures Proposed Senate Cybersecurity Act of 2012 How can INL and Estonia collaborate? 2

3 Idaho National Laboratory Today the Site Supports Three Focused National Missions * SITE 890 square miles, ~4800 ft elevation 111 miles of electrical transmission and distribution lines, with isolatable grid 6 cellular towers (Wireless Comms 3 fixed, 3 mobile) 579 buildings Abundant water 177 miles of paved roads 14 miles of railroad lines MISSIONS Nuclear Energy National & Homeland Security Energy & Environment EMPLOYERS Naval Reactors Facility 1400 Employees 600 Employees 1200 Employees Business Volume $124M Business Volume $365M 4200 Employees Business Volume $1B Idaho National Laboratory The National Nuclear Laboratory with synergistic capabilities in National & Homeland Security 3

4 At INL, We have a history supporting National Missions National Reactor Testing Station 1949, INEL 1974, INEEL 1994, INL 2005 Fuel cycle development and demonstration reprocessing Specific Manufacturing Capability (SMC) Design construction testing and operation of 52 unique nuclear reactors, incl. Navy s Nautilus Submarine Prototype (S1W) Reactor Testing Naval Large Caliber Guns Research - Development - Demonstration Deployment (RDDD) 4

5 Today s RDDD Programs are of National Importance Nuclear Energy National & Homeland Security Energy & Environment Advanced Fuel Cycle R&D Next Generation Nuclear Plant (NGNP) ATR National Scientific User Facility Space Nuclear U.S. National Nuclear Energy Laboratory and an International leader Supervisory Control and Data Acquisition (SCADA) Work Grid Reliability and Security Cyber Security Wireless Communications Nuclear Nonproliferation Nuclear Counterproliferation Armor, Explosive Blast Protection A leader in critical infrastructure protection and homeland security Battery Technology Bio-fuels and Synfuels Hybrid Energy Systems Non-traditional Hydrocarbon use A leader in developing energy solutions to Idaho and the Region 5

6 Homeland Security Presidential Directive (HSPD-7) identifies 18 Critical Infrastructures and Key Resources (CIKR) Agriculture and Food Banking & Finance Chemical Commercial Facilities Critical Manufacturing Dams Defense Industrial Base Emergency Services Energy (production, refining, storage, distribution of oil/gas/electric power except nuclear) Government Facilities Information Technology National Monuments Nuclear Reactors Postal & Shipping Public Health Telecommunications Transportation Water (Drinking Water, Wastewater systems Manmade or Natural Disasters to any of CIKR would adversely impact the national economy, national security, public safety and health consequences for its citizens. Furthermore, cascading impacts would affect other sectors in the country, worsening the situation; and taken to the next level, it could cascade to other nations. As an example, the Chemical Sector in the U.S. accounts for about $700B in revenue and 800,000 employment, and Public Health/Health Care accounts for $2 Trillion in revenue and 17M employment. This is industry-specific without accounting for cascading impacts to other sectors and potentially other Nations. The 9/11 terrorist incident in the U.S. stands as an example of the adverse impacts in Transportation and its cascading impacts to other sectors of the economy and other nations as well. 6

7 INL s three critical enabling technology platforms cut through all 18 Infrastructure Sectors Electricity Control Systems Computers/Wireless Comms Threats can range from Economic Cyber Espionage to Data/Credit Card theft, stealing funds from Automated Teller Machines, and Modern Warfare with Cyber attacks --- caused by individuals, terrorists, Nation states. 7

8 Electric Grid Protection Generation Markets and Operations Transmission Distribution Customer Use Today s Electric Grid: One-way flow of electricity Smart Grid = Electric Grid + Intelligence Integrates Renewables (e.g., wind, solar) Better Demand Supply Management Reduce Peaking Two-Way flow of Power & Information Automated Management, Operation, Control 2-way flow of electricity and information Figures courtesy of EPRI 8

9 Threats to the Electric Grid Legacy SCADA system vulnerabilities Integration of new IT and networking technologies add security challenges Limited cyber security controls currently in place Specified for bulk power distribution and metering Deliberate attacks (disgruntled employees, industrial espionage, unfriendly states, terrorists, and EMP) Inadvertent threats (equipment failures, user errors) Natural phenomena (disasters, solar activity) Vulnerabilities might allow an attacker to penetrate a network, gain access to control software, or alter load conditions to destabilize the grid in unpredictable ways 9

10 Electric Grid R&D Test & Evaluation at INL INL Power Infrastructure: 62 Mile dual fed, 138kV Transmission loop 7 Substations 3 Commercial feeds Ability to isolate portions of grid for specialized testing Real-time grid monitoring and control through centralized SCADA operations center Power Simulation using Real Time Digital Simulator (RTDS) Protection & Restoration Staff with both R&D and Utility Sector Experience 10

11 We operate DOE/OE s National Supervisory Control & Data Acquisition (SCADA) Test Bed for the Energy Sector Capabilities: Conduct Assessments at INL and Asset Owner Sites Research and Development Training and outreach Subject matter experts 11

12 We support Control System Challenges in Critical Infrastructures through DHS ICS-CERT Program, a National Program Industrial Control Systems Cyber Emergency Response Team Provides situational awareness in the form of actionable information Conducts vulnerability and malware analysis Responds to and analyzes control systems related incidents Partners with federal, international and private sector to secure control systems 12

13 Outreach to Industry/Federal Entities Through Training is a Significant Element of the DHS, DOE Programs Share vulnerability and mitigation information with industry and government Conduct Red Team/Blue Team advanced training sessions Permanent Training Facility in Idaho Falls Classroom supports up to 42 students at a time Segregated areas for Red Team/ Blue Team Integrated substation with chemical plant Trained over 4,000 incl. asset owners, vendors, and Feds since

14 Wireless Communication: Global Advances Create Security-related Challenges & INL is Focused on Addressing Them Major Trends: Ubiquitous, global broadband communications Wireless centric access and vanishing wireline Proliferation of Wireless Devices IP protocol centric communications Open Access environment Limitations in Spectrum Little available spectrum in the U.S. Spectrum usage 17% With increased interest in Broadband applications, several new challenges have emerged. NTIA and FCC have jurisdiction over the Spectrum. 14

15 INL s Communications Range has unique attributes well suited to address current/ emerging National challenges (Security and Public Safety) Isolated Location and Spectrum Management NTIA approved wireless experimental station, with local spectrum management Low RF Noise background No Military Bases/ International Airports nearby Full Scale Communications Networks GSM & UMTS Cellular + CDMA networks WiMAX, Mobile & Fixed networks WiFi / VoIP network isolated from the Internet State-of-the-art Network Operations Center (NOC) Industry and Scientific Expertise Cellular, UHF, HF Power Grid, Cyber security, Control Systems In-house design, Operations, Maintenance, Engineering Cellular Design, Software and Hardware development With Industry and DOD-experienced staff, INL supports critical national missions. 15

16 Some Current Approaches to CIP Partnership Between Industry & Government (There is an Industry-Specific representative for each of the 18 Sectors.) Protection of Proprietary information Privacy rights of individuals Sharing of information while protecting it from bad actors Insider Threats Workforce Development Training / Outreach (Basic Training, Intermediate, Advanced (Red Team/Blue Team) Cyber Security evaluation tools (CSET) & Curriculum Development) On site assessments (evaluate network and cyber protection / practices; in depth assessment when penetrated, INL Malware Analysis) Knowledge Management Passing on Threat Bulletins Help Center Standards Development Industry Association NIST Vendor Groups Federal Agencies 16

17 Some Current Approaches to CIP Intra Industry Protection of Proprietary information Privacy rights Sharing of information while protecting it from bad actors Insider Threats Industry Association (Cyber Security Concerns/Trends, Benchmarking, Best Practices) Company-to-Company (By mutual agreement) Industry Sector Representative to Government (Describe Challenges / Assistance Needed) Vendor (Qualifications/Selection/Procurement) Threat Information Assistance, as needed Continuing dialogue for situational awareness Transnational Cyber Security Conferences / Meetings Technical Collaborations / Staff Exchanges Benchmarking Information Sharing 17

18 The Proposed Cybersecurity Act of 2012 To ensure the federal government and the private sector take the necessary steps to secure our nation, the Cybersecurity Act of 2012 would do the following: Determine the Greatest Cyber Vulnerabilities. Secretary of Homeland Security, Private sector and Intelligence Community conduct risk assessments to determine sectors subject to greatest and most immediate cyber risks. Protect Our Most Critical Infrastructure. Authorize Secretary of Homeland Security, with the private sector, to determine cybersecurity performance requirements based upon the risk assessments. The bill would cover most critical systems/assets in a given sector, only if they are not already secured. Protect and Promote Innovation. Owners of covered critical infrastructure would have flexibility to meet the cybersecurity performance requirements. The bill would prohibit government from regulating design or development of information technology products. Improve Information Sharing While Protecting Privacy and Civil Liberties. Provide a responsible framework for sharing of cyber threat information between federal government and private sector, and within the private sector, while ensuring appropriate measures and oversight to protect privacy, preserve civil liberties. Improve the Security of the Federal Government s Networks. Amend the Federal Information Security Management Act (FISMA) to develop a comprehensive acquisition risk management strategy. Move from culture of compliance to culture of security by giving Department of Homeland Security (DHS) authority to streamline reporting requirements/reduce paperwork through monitoring and risk assessment. Emphasize red team exercises and operational testing so federal agencies are aware of their networks vulnerabilities. Direct OMB to develop security requirements and best practices for federal IT contracts and ensure agencies make informed decisions when purchasing IT products/services. Clarify the Roles of Federal Agencies. Clarify and improve federal efforts to address cyber threats. Strengthen critical partnership between the Department of Defense and the DHS. Consolidate cyber offices at DHS to unified National Center for Cybersecurity and Communications for protecting the networks of federal civilian agencies and critical infrastructure without duplication. Strengthen the Cybersecurity Workforce. Reform how Cybersecurity personnel are recruited, hired, and trained so federal government has necessary talent to lead and manage the protection of its own networks. Coordinate Cybersecurity Research and Development. Provide for a coordinated cybersecurity R&D program to advance development of new technologies to secure our nation from ever evolving cyber threats. 18

19 The Cybersecurity Act of

20 INL Estonia Collaboration Next Steps? 20

Preventing and Defending Against Cyber Attacks October 2011

Preventing and Defending Against Cyber Attacks October 2011 Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their

More information

Preventing and Defending Against Cyber Attacks November 2010

Preventing and Defending Against Cyber Attacks November 2010 Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing

More information

Preventing and Defending Against Cyber Attacks June 2011

Preventing and Defending Against Cyber Attacks June 2011 Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified

More information

Critical Infrastructure Security and Resilience

Critical Infrastructure Security and Resilience U.S. Department of Homeland Security in partnership with the National Coordination Office for Space-Based Positioning, Navigation and Timing Critical Infrastructure Security and Resilience International

More information

ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773

ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses

More information

IEEE-Northwest Energy Systems Symposium (NWESS)

IEEE-Northwest Energy Systems Symposium (NWESS) IEEE-Northwest Energy Systems Symposium (NWESS) Paul Skare Energy & Environment Directorate Cybersecurity Program Manager Philip Craig Jr National Security Directorate Sr. Cyber Research Engineer The Pacific

More information

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013 THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The

More information

Emerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP

Emerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP Emerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP July 25, 2014 Topics Improved 4G Communications Mobile Devices Cyber Security Threats Cyber Security Guidance

More information

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives Center of excellence for secure integration, deployment and sustainment of Industrial Control Systems and Operational Technology

More information

Help for the Developers of Control System Cyber Security Standards

Help for the Developers of Control System Cyber Security Standards INL/CON-07-13483 PREPRINT Help for the Developers of Control System Cyber Security Standards 54 th International Instrumentation Symposium Robert P. Evans May 2008 This is a preprint of a paper intended

More information

John Grossenbacher Director, Idaho National Laboratory

John Grossenbacher Director, Idaho National Laboratory Idaho National Laboratory Meeting the Energy Challenges of Today and Tomorrow John Grossenbacher Director, Idaho National Laboratory Idaho National Laboratory: Advancing the Nuclear Renaissance It's in

More information

[STAFF WORKING DRAFT]

[STAFF WORKING DRAFT] S:\LEGCNSL\LEXA\DOR\OI\PARTIAL\CyberWD..xml [STAFF WORKING DRAFT] JULY, 0 SECTION. TABLE OF CONTENTS. The table of contents of this Act is as follows: Sec.. Table of contents. Sec.. Definitions. TITLE

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

Computer Network Security & Privacy Protection

Computer Network Security & Privacy Protection Overview Computer Network Security & Privacy Protection The Nation s electronic information infrastructure is vital to the functioning of the Government as well as maintaining the Nation s economy and

More information

Cyber Security and Privacy - Program 183

Cyber Security and Privacy - Program 183 Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology

More information

INFRAGARD.ORG. Portland FBI. Unclassified 1

INFRAGARD.ORG. Portland FBI. Unclassified 1 INFRAGARD.ORG Portland FBI 1 INFRAGARD Thousands of Members One Mission Securing Infrastructure The subject matter experts include: 2 INFRAGARD Provides a trusted environment for the exchange of Intelligence

More information

SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012.

SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012. SECTION-BY-SECTION Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012. Section 2. Definitions. Section 2 defines terms including commercial information technology product,

More information

Energy Systems Integration

Energy Systems Integration Energy Systems Integration Dr. Martha Symko-Davies Director of Partnerships, ESI March 2015 NREL is a national laboratory of the U.S. Department of Energy, Office of Energy Efficiency and Renewable Energy,

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

Subject: Critical Infrastructure Identification, Prioritization, and Protection

Subject: Critical Infrastructure Identification, Prioritization, and Protection For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

Asset Management Challenges and Options, Including the Implications and Importance of Aging Infrastructure

Asset Management Challenges and Options, Including the Implications and Importance of Aging Infrastructure Asset Management Challenges and Options, Including the Implications and Importance of Aging Infrastructure Presentation to the U.S. Department of Energy by the IEEE Joint Task Force on QER Trends: Resilience

More information

Claes Rytoft, ABB, 2009-10-27 Security in Power Systems. ABB Group October 29, 2009 Slide 1

Claes Rytoft, ABB, 2009-10-27 Security in Power Systems. ABB Group October 29, 2009 Slide 1 Claes Rytoft, ABB, 2009-10-27 Security in Power Systems October 29, 2009 Slide 1 A global leader in power and automation technologies Leading market positions in main businesses 120,000 employees in about

More information

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS NEW YORK Jeremy Feigelson jfeigelson@debevoise.com WASHINGTON, D.C. Satish M. Kini smkini@debevoise.com Renee

More information

What are you trying to secure against Cyber Attack?

What are you trying to secure against Cyber Attack? Cybersecurity Legal Landscape Bonnie Harrington Executive Counsel EHS and Product Safety & Cybersecurity GE Energy Management Imagination at work. What are you trying to secure against Cyber Attack? Personally

More information

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008 U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October

More information

TEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS

TEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS TEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS INTRODUCTION The purpose of this document is to list the aligned with each in the Texas Homeland Security Strategic Plan 2015-2020 (THSSP).

More information

DEPARMTMENT OF HOMELAND SECURITY AUTHORIZATION BILL FOR FY 2008 AND FY 2009 SECTION-BY-SECTION

DEPARMTMENT OF HOMELAND SECURITY AUTHORIZATION BILL FOR FY 2008 AND FY 2009 SECTION-BY-SECTION DEPARMTMENT OF HOMELAND SECURITY AUTHORIZATION BILL FOR FY 2008 AND FY 2009 SECTION-BY-SECTION TITLE I: AUTHORIZATION OF APPROPRIATIONS Sec. 101. Authorization of Appropriations. This section authorizes

More information

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary May 2007 Environmental Protection Agency Executive Summary

More information

NATIONAL NUCLEAR SECURITY ADMINISTRATION

NATIONAL NUCLEAR SECURITY ADMINISTRATION NATIONAL NUCLEAR SECURITY ADMINISTRATION (Discretionary dollars in thousands) FY 2013 FY 2014 FY 2015 FY 2015 vs. FY 2014 Current Enacted Request $ % National Nuclear Security Administration Weapons Activities

More information

Michigan State Police Emergency Management & Homeland Security. Infrastructure Analysis & Response Section. Sgt. Bruce E. Payne

Michigan State Police Emergency Management & Homeland Security. Infrastructure Analysis & Response Section. Sgt. Bruce E. Payne Michigan State Police Emergency Management & Homeland Security Infrastructure Analysis & Response Section Sgt. Bruce E. Payne Presidential Directive On December 17, 2003, President Bush issued Homeland

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order Executive Order: In the President s State of the Union Address on February 12, 2013, he announced an Executive Order Improving Critical Infrastructure Cybersecurity (EO) to strengthen US cyber defenses

More information

Energy Cybersecurity Regulatory Brief

Energy Cybersecurity Regulatory Brief Energy Understand the regulations that impact the energy industry and accelerate information security initiatives. Contents Overview 3 A Highly Vulnerable Energy Industry 4 Key Regulations to Consider

More information

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

December 17, 2003 Homeland Security Presidential Directive/Hspd-7 For Immediate Release Office of the Press Secretary December 17, 2003 December 17, 2003 Homeland Security Presidential Directive/Hspd-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

Water Sector Initiatives on Cyber Security. Water Sector Cyber Security Symposium Dallas, TX August 15, 2013

Water Sector Initiatives on Cyber Security. Water Sector Cyber Security Symposium Dallas, TX August 15, 2013 Water Sector Initiatives on Cyber Security Water Sector Cyber Security Symposium Dallas, TX August 15, 2013 Presentation Outline The water sector Interdependencies with other critical infrastructure sectors

More information

Cybersecurity Converged Resilience :

Cybersecurity Converged Resilience : Cybersecurity Converged Resilience : The cybersecurity of critical infrastructure 2 AECOM Port Authority of New York and New Jersey (PANYNJ), New York, New York, United States. AECOM, working with the

More information

Why the Global Cyber Security Landscape Paints a Concerning Picture

Why the Global Cyber Security Landscape Paints a Concerning Picture SESSION ID: SPO-W07A Why the Global Cyber Security Landscape Paints a Concerning Picture Simon Goldsmith Director of Cyber Security (Commercial Sectors) BAE Systems @BAE_AI Today s Discussion PART 1 THE

More information

Roadmaps to Securing Industrial Control Systems

Roadmaps to Securing Industrial Control Systems Roadmaps to Securing Industrial Control Systems Insert Photo Here Mark Heard Eastman Chemical Company Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL McCormick

More information

U.S. Cyber Security Readiness

U.S. Cyber Security Readiness U.S. Cyber Security Readiness Anthony V. Teelucksingh Senior Counsel United States Department of Justice John Chris Dowd Special Agent Federal Bureau of Investigation Overview U.S. National Plan National

More information

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team. National Cybersecurity and Communications Integration Center

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team. National Cybersecurity and Communications Integration Center ICS-CERT Year in Review Industrial Control Systems Cyber Emergency Response Team 2013 National Cybersecurity and Communications Integration Center What s Inside Welcome 1 National Preparedness 2 Prevention

More information

Statement of Gil Vega. Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer. U.S. Department of Energy

Statement of Gil Vega. Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer. U.S. Department of Energy Statement of Gil Vega Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer U.S. Department of Energy Before the Subcommittee on Oversight and Investigations Committee

More information

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE0000191

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE0000191 Interim Techlogy Performance Report 3 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V1 Company Name: The Boeing Company November 19, 2013 1 Interim Techlogy Performance Report 3

More information

What s Inside. ICS-CERT Year in Review 2014. Welcome 1. ICS-CERT Introduction 2. ICS-CERT 2014 Highlights 3. ICS-CERT Watch Floor Operations 4

What s Inside. ICS-CERT Year in Review 2014. Welcome 1. ICS-CERT Introduction 2. ICS-CERT 2014 Highlights 3. ICS-CERT Watch Floor Operations 4 What s Inside Welcome 1 ICS-CERT Introduction 2 ICS-CERT 2014 Highlights 3 ICS-CERT Watch Floor Operations 4 Incident Response 6 Vulnerability Coordination 8 Technical Analysis 9 Assessments 10 Training

More information

April 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

April 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,

More information

Parsons Government Services. Elizabeth Fields National Security Division

Parsons Government Services. Elizabeth Fields National Security Division Parsons Government Services Elizabeth Fields National Security Division Parsons Corporation Overview Founded in 1944 15,000+ employees 2014 Revenue: $3B 4,500+ projects in all 50 states and 25 countries

More information

U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW. November 12, 2012 NASEO

U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW. November 12, 2012 NASEO U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW November 12, 2012 NASEO ISER Response: from site focused to system focused Emergency Preparedness, Response, and Restoration Analysis and

More information

REQUEST FOR INFORMATION

REQUEST FOR INFORMATION Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services 3 September 2015 6506 Loisdale Rd, Ste 325

More information

Frost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends

Frost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends Frost & Sullivan s Aerospace, Defence & Security Practice Global Industrial Cyber Security Trends Presented by Philipp Reuter Director Frost & Sullivan, Turkey 1 Worth over $ 50 Billion globally in 2014

More information

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit Page 1 of 10 Events Partners Careers Contact Facebook Twitter LinkedIn Pike Research Search search... Home About Research Consulting Blog Newsroom Media My Pike Logout Overview Smart Energy Clean Transportation

More information

future data and infrastructure

future data and infrastructure White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal

More information

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY JANUARY 2012 Table of Contents Executive Summary 1 Introduction 2 Our Strategic Goals 2 Our Strategic Approach 3 The Path Forward 5 Conclusion 6 Executive

More information

DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview DHS, National Cyber Security Division Overview Hun Kim, Deputy Director Strategic Initiatives Information Analysis and Infrastructure Protection Directorate www.us-cert.gov The strategy of DHS, as defined

More information

Privacy and Security in Healthcare

Privacy and Security in Healthcare 5 th 5 th th National HIPAA Summit National Strategy to Secure Cyberspace Privacy and Security in Healthcare October 31, 2002 Andy Purdy Senior Advisor, IT Security and Privacy The President s Critical

More information

GAO. IT SUPPLY CHAIN Additional Efforts Needed by National Security- Related Agencies to Address Risks

GAO. IT SUPPLY CHAIN Additional Efforts Needed by National Security- Related Agencies to Address Risks GAO For Release on Delivery Expected at 10:00 a.m. EDT Tuesday, March 27, 2012 United States Government Accountability Office Testimony Before the Subcommittee on Oversight and Investigations, Committee

More information

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives Update on U.S. Critical Infrastructure and Cybersecurity Initiatives Presented to Information Security Now! Seminar Helsinki, Finland May 8, 2013 MARK E. SMITH Assistant Director International Security

More information

Cyber Security focus in ABB: a Key issue. 03 Luglio 2014, Roma 1 Conferenza Nazionale Cyber Security Marco Biancardi, ABB SpA, Power System Division

Cyber Security focus in ABB: a Key issue. 03 Luglio 2014, Roma 1 Conferenza Nazionale Cyber Security Marco Biancardi, ABB SpA, Power System Division Cyber Security focus in ABB: a Key issue 03 Luglio 2014, Roma 1 Conferenza Nazionale Cyber Security Marco Biancardi, ABB SpA, Power System Division Cyber Security in ABB Agenda ABB introduction ABB Cyber

More information

EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013

EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013 EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013 1 AGENDA Why Cybersecurity? A Few Helpful Cybersecurity Concepts Developing Expertise:

More information

Legislative Proposals for the Maryland Commission on Cyber Security Innovation and Excellence

Legislative Proposals for the Maryland Commission on Cyber Security Innovation and Excellence Legislative Proposals for the Maryland Commission on Cyber Security Innovation and Excellence December 6, 2012 Michael Greenberger Professor of Law Founder and Director, CHHS Legislative Proposals Maryland

More information

SCOPE. September 25, 2014, 0930 EDT

SCOPE. September 25, 2014, 0930 EDT National Protection and Programs Directorate Office of Cyber and Infrastructure Analysis (OCIA) Critical Infrastructure Security and Resilience Note Critical Infrastructure Security and Resilience Note:

More information

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications

More information

Department of Homeland Security Federal Government Offerings, Products, and Services

Department of Homeland Security Federal Government Offerings, Products, and Services Department of Homeland Security Federal Government Offerings, Products, and Services The Department of Homeland Security (DHS) partners with the public and private sectors to improve the cybersecurity

More information

Information Assurance. and Critical Infrastructure Protection

Information Assurance. and Critical Infrastructure Protection Information Assurance and Critical Infrastructure Protection A Federal Perspective Information Assurance Presented by the Government Electronics and Information Technology Association 2001 Executive Summary

More information

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro) Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro) NICE Conference 2014 CYBERSECURITY RESILIENCE A THREE TIERED SOLUTION NIST Framework for Improving Critical Infrastructure Cybersecurity

More information

U.S. Department of Homeland Security Protective Security Advisor (PSA) North Carolina District

U.S. Department of Homeland Security Protective Security Advisor (PSA) North Carolina District U.S. Department of Homeland Security Protective Security Advisor (PSA) North Carolina District Securing the Nation s s critical infrastructures one community at a time Critical Infrastructure & Key Resources

More information

Cyber Legislation & Policy Developments 2014

Cyber Legislation & Policy Developments 2014 Cyber Legislation & Policy Developments 2014 SESSION ID: LAW-Fo2 Michael A. Aisenberg, Esq. Chair, ABA Information Security Committee Policy Task Force ABA Section on Science & Technology Law Principal

More information

FY2010 CONFERENCE SUMMARY: HOMELAND SECURITY APPROPRIATIONS

FY2010 CONFERENCE SUMMARY: HOMELAND SECURITY APPROPRIATIONS Wednesday,October7,2009 Contact:RobBlumenthal/JohnBray,w/Inouye(202)224-7363 EllisBrachman/JenileeKeefeSinger,w/Obey(202)225-2771 FY2010CONFERENCESUMMARY: HOMELANDSECURITYAPPROPRIATIONS TheHomelandSecurityAppropriaOonsBillisfocusedonsecuringournaOon

More information

Cyber security: Practical Utility Programs that Work

Cyber security: Practical Utility Programs that Work Cyber security: Practical Utility Programs that Work Securing Strategic National Assets APPA National Conference 2009 Michael Assante Vice President & CSO, NERC June 15, 2009 The Electric Grid - Challenges

More information

El Camino College Homeland Security Spring 2016 Courses

El Camino College Homeland Security Spring 2016 Courses El Camino College Homeland Security Spring 2016 Courses With over 250,000 federal positions in Homeland Security and associated divisions, students may find good career opportunities in this field. Explore

More information

National Communications System. December 6, 2007

National Communications System. December 6, 2007 1 National Communications System December 6, 2007 2 National Communications System (NCS) Established in 1963 in response to communications failures associated with the Cuban Missile Crisis The mandate

More information

Performs the Federal coordination role for supporting the energy requirements associated with National Special Security Events.

Performs the Federal coordination role for supporting the energy requirements associated with National Special Security Events. ESF Coordinator: Energy Primary Agency: Energy Support Agencies: Agriculture Commerce Defense Homeland Security the Interior Labor State Transportation Environmental Protection Agency Nuclear Regulatory

More information

CYBER SECURITY GUIDANCE

CYBER SECURITY GUIDANCE CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires

More information

SCADA Security Training

SCADA Security Training SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,

More information

Testimony of the Honorable Paul Stockton Assistant Secretary of Defense Homeland Defense and Americas Security Affairs Department of Defense

Testimony of the Honorable Paul Stockton Assistant Secretary of Defense Homeland Defense and Americas Security Affairs Department of Defense Testimony of the Honorable Paul Stockton Assistant Secretary of Defense Homeland Defense and Americas Security Affairs Department of Defense Before the Subcommittee on Energy and Power The Committee on

More information

Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING

Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING Sec. 1. Department of Homeland Security Cybersecurity Authority Section 1(a) amends Title II of the Homeland

More information

William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly

William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly Ramesh Karri (rkarri@poly.edu) Associate Professor, Electrical and Computer Engineering NYU-Poly Why is cyber

More information

NIST Coordination and Acceleration of Smart Grid Standards. Tom Nelson National Institute of Standards and Technology 8 December, 2010

NIST Coordination and Acceleration of Smart Grid Standards. Tom Nelson National Institute of Standards and Technology 8 December, 2010 NIST Coordination and Acceleration of Smart Grid Standards Tom Nelson National Institute of Standards and Technology 8 December, 2010 The Electric Grid One of the largest, most complex infrastructures

More information

National Cyber Threat Information Sharing. System Strengthening Study

National Cyber Threat Information Sharing. System Strengthening Study Contemporary Engineering Sciences, Vol. 7, 2014, no. 32, 1755-1761 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ces.2014.411235 National Cyber Threat Information Sharing System Strengthening

More information

Preparing for Distributed Energy Resources

Preparing for Distributed Energy Resources Preparing for Distributed Energy Resources Executive summary Many utilities are turning to Smart Grid solutions such as distributed energy resources (DERs) small-scale renewable energy sources and energy

More information

The Strategic Importance, Causes and Consequences of Terrorism

The Strategic Importance, Causes and Consequences of Terrorism The Strategic Importance, Causes and Consequences of Terrorism How Terrorism Research Can Inform Policy Responses Todd Stewart, Ph.D. Major General, United States Air Force (Retired) Director, Program

More information

Cyber Security and Resilient Systems

Cyber Security and Resilient Systems INL/CON-09-16096 PREPRINT Cyber Security and Resilient Systems Institute of Nuclear Materials Management 50 th Annual Meeting Robert S. Anderson July 2009 This is a preprint of a paper intended for publication

More information

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy 2015 Michigan NASCIO Award Nomination Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy Sponsor: David Behen, DTMB Director and Chief Information Officer Program Manager: Rod Davenport,

More information

Risk & Vulnerability Assessment Training

Risk & Vulnerability Assessment Training Critical Infrastructure Protection Homeland security assistance should be based strictly on an assessment of risks and vulnerabilities......it [Homeland Security] should supplement state and local resources

More information

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security. Written Testimony of Dr. Andy Ozment Assistant Secretary for Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee on Oversight and Government

More information

What Risk Managers need to know about ICS Cyber Security

What Risk Managers need to know about ICS Cyber Security What Risk Managers need to know about ICS Cyber Security EIM Risk Managers Conference February 18, 2014 Joe Weiss PE, CISM, CRISC, ISA Fellow (408) 253-7934 joe.weiss@realtimeacs.com ICSs What are they

More information

FREQUENTLY ASKED QUESTIONS

FREQUENTLY ASKED QUESTIONS FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication

More information

NASA OFFICE OF INSPECTOR GENERAL

NASA OFFICE OF INSPECTOR GENERAL NASA OFFICE OF INSPECTOR GENERAL OFFICE OF AUDITS SUITE 8U71, 300 E ST SW WASHINGTON, D.C. 20546-0001 April 14, 2016 TO: SUBJECT: Renee P. Wynn Chief Information Officer Final Memorandum, Review of NASA

More information

2 Gabi Siboni, 1 Senior Research Fellow and Director,

2 Gabi Siboni, 1 Senior Research Fellow and Director, Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,

More information

Resilient and Secure Solutions for the Water/Wastewater Industry

Resilient and Secure Solutions for the Water/Wastewater Industry Insert Photo Here Resilient and Secure Solutions for the Water/Wastewater Industry Ron Allen DA/Central and Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Your slides here Copyright 2011

More information

Booz Allen Engineering Services. Global Integrated Solutions Based on Technical Excellence and Mission Insight. Ready for what s next.

Booz Allen Engineering Services. Global Integrated Solutions Based on Technical Excellence and Mission Insight. Ready for what s next. Booz Allen Engineering Services Global Integrated Solutions Based on Technical Excellence and Mission Insight Ready for what s next. Engineering Services delivers to our defense and civilian government

More information

Statement for the Record of

Statement for the Record of Statement for the Record of Roberta Stempfley Acting Assistant Secretary Office of Cyber Security and Communications National Protection and Programs Directorate Department of Homeland Security and Sean

More information

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cybersecurity Enhancement Account. FY 2017 President s Budget Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities

More information

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security

More information

Considerations for Hybrid Communications Network Technology for Pipeline Monitoring

Considerations for Hybrid Communications Network Technology for Pipeline Monitoring Considerations for Hybrid Communications Network Technology for Pipeline Monitoring Craig Held White Paper April 2012 Abstract The concept of automation (and its corresponding technologies) is a primary

More information

Network Security Policy: The U.S. Experience. The U.S. Experience. Patricia Cooper International Bureau U.S. Federal Communications Commission

Network Security Policy: The U.S. Experience. The U.S. Experience. Patricia Cooper International Bureau U.S. Federal Communications Commission Network Security Policy: The U.S. Experience Patricia Cooper International Bureau U.S. Federal Communications Commission Network Security: The U.S. Experience Network Security: How we define it U.S. Approach:

More information

All. Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization, and Protection, and as they relate to the NRF.

All. Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization, and Protection, and as they relate to the NRF. Coordinating Agency: Department of Homeland Security Cooperating Agencies: All INTRODUCTION Purpose Scope This annex describes the policies, responsibilities, and concept of operations for Federal incident

More information

Department of Homeland Security Control Systems Security Program

Department of Homeland Security Control Systems Security Program Department of Homeland Security Control Systems Security Program Transportation Sector David Sawin Program Manager Bob Hoaglund, CSSP - Maritime Transportation Modal Lead Control Systems Security Program

More information

Standards for Security Categorization of Federal Information and Information Systems

Standards for Security Categorization of Federal Information and Information Systems FIPS PUB 199 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Standards for Security Categorization of Federal Information and Information Systems Computer Security Division Information Technology

More information

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)

More information

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity; NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity challenges facing the nation. Although implementing policies and practices that will make state systems and data more secure will

More information