Lessons learned from the new Smart Meter Risk Analysis Methodology in the Netherlands
|
|
- Arabella McKinney
- 7 years ago
- Views:
Transcription
1 Lessons learned from the new Smart Meter Risk Analysis Methodology in the Netherlands Johan Rambi Alliancemanager Privacy & Security Alliander Chairman Policy Committee Privacy & Security Netbeheer Nederland 16 January 2013
2 Netbeheer Nederland is a branch organization for grid operators (TSO/DSO s) Privacy & Security 2
3 Steps towards the P&S Requirements for Large-scale rollout of smart meters Privacy Stakeholder Analysis P&S Requirements Version 2.0 & Security Redevelopment Control Objectives Large-scale rollout Requirements Previous Version 1.5 Risk Analysis Privacy & Security Sector Requirements Control Measures Dutch Smart Meter Requirements (DSMR) Study Audit Committee P&S Implementation Guidelines 3
4 Privacy & Security Smart Metering Infrastructure Framework in NL Stakeholder analysis and rule base Goals of grid operators Stakeholders expectations Formal legislation and regulations Norms and standards Privacy and security goals Formulation principles Risk analysis Requirements what to protect? Considerations and choices Measures how to realize it? 4
5 Risk Analysis Methodology Stakeholder Analysis Define assets Identify processes Define assets Identify and assess threat sources Define Focus-of-Interest Group assets Business Impact Assessment (BIA) Identify and assess risks Prioritise and present risks 5
6 Stakeholder Analysis Stakeholder Analysis Define assets Identify processes Define assets Identify and assess threat sources Define Focus-of-Interest Group assets Business Impact Assessment (BIA) Identify and assess risks Prioritise and present risks 6
7 Stakeholders Society Consumer Organizations Experts Universities Sector Energy suppliers Grid operators Government Knowledge institutes Meter vendors 7
8 Identify processes Stakeholder Analysis Define assets Identify processes Define assets Identify and assess threat sources Define Focus-of-Interest Group assets Business Impact Assessment (BIA) Identify and assess risks Prioritise and present risks 8
9 Identify processes Processes Energy Supplier Energy procurement Energy Sales / Invoicing (Billing) Disconnecting (switch off) defaulters Processes Grid Operator Transmission energy Managing power quality Meter Management Capacity Planning Minimize grid losses Market Facilitation: SVO, data collection & billing Processes Private Consumer Energy consumption Energy savings Energy Production Payment purchased products Protection personal data Processes ISP Insight / advice on energy consumption of the private consumer 9
10 Define Assets Stakeholder Analysis Define assets Identify processes Define assets Identify and assess threat sources Define Focus-of-Interest Group assets Business Impact Assessment (BIA) Identify and assess risks Prioritise and present risks 10
11 Define Assets Customer Module, e.g. display P1 Grid Operator A manages infrastructure for both electricity and gas P0 P1 Smart E-meter P2 P2 Other meters (G, water, ) P3 P3 3.1 Data Concentrator (DC) P3 3.2 Grid Operator B manages infrastructure for gas only P3 Central System A The clouds symbolise network technologies, such as GPRS, PLC (Power Line Communication), internet, etc. Central System B P4 P4 EDSN P4-Portal Data Exchange P4-Portal (EDSN) Data Exchange P4 P4 Energy Suppliers Suppliers ISP Independent Service Provider (ISP) 11
12 Define Assets Information Assets Function Assets System Assets Measurement Data Measuring Function Meter Switch Data Communication Function Central System Configuration Data Switching Function Data Concentrator Monitoring Data P4-Portal (EDSN) 12
13 Identify and assess threat sources Stakeholder Analysis Define assets Identify processes Define assets Identify and assess threat sources Define Focus-of-Interest Group assets Business Impact Assessment (BIA) Identify and assess risks Prioritise and present risks 13
14 Identify and assess threat sources Introduction The threat sources refer to persons or parties responsible for a security incident. Note that disturbances are not always caused by human behavior. Think for instance of a system failure in the Data Concentrator, that is affecting the stored measurement data. Grid Operator Employee System error / malfunction Central system System error / malfunction Data concentrator System error / malfunction meter Persons / Parties / Technical Data communication provider Fault Communications Energy Supplier Employee System energy supplier Private consumer External attacker Researcher (academic / journalist) Fun Hacker Criminal Fraud Terrorist 14
15 Identify and assess threat sources 15
16 Group Assets Stakeholder Analysis Define assets Identify processes Define assets Identify and assess threat sources Define Focus-of-Interest Group assets Business Impact Assessment (BIA) Identify and assess risks Prioritise and present risks 16
17 Group Assets Stakeholder Process Link between Asset and Process Asset Asset Category 17
18 Group Assets Stakeholder Process Link between Asset and Process Asset Asset Category Focus 18
19 Business Impact Assessment Stakeholder Analysis Define assets Identify processes Define assets Identify and assess threat sources Define Focus-of-Interest Group assets Business Impact Assessment (BIA) Identify and assess risks Prioritise and present risks 19
20 Business Impact Assessment Impact Classifications Stakeholders Categories Stakeholder Values Description Stakeholder Values on classifications Classifications 20
21 Business Impact Assessment Results Total Score BIA for Asset on A, I, or C Related to Available, Integrity or Confidentiality Stakeholder (incl. process) Values of stakeholder Score on Business Impact Analysis Focussed Asset 21
22 Identify and assess risks Stakeholder Analysis Define assets Identify processes Define assets Identify and assess threat sources Define Focus-of-Interest Group assets Business Impact Assessment (BIA) Identify and assess risks Prioritise and present risks 22
23 Identify and assess risks Likelihood Classifications Likelihood Categories Very High High Medium Low Very Low Occurance in time "Daily (more than 100 times a year)" "Monthly (10 to 100 times a year)" "Annual (1 to 10 times a year)" "Probably (once a year to once in 10 years)" "Possible (once in 10 years to once a century)" The calculation of the impact comes from the BIA, but the likelihood of the threat is determined during this step. Several aspects are taken into account: Which vulnerabilities in the assets can lead to the actual occurrence of this threat? What threat sources have an interest? How important is that interest of threat source? What is the extent of the technical complexity to abuse the vulnerability in real life? What is the likelihood of an unintended disruption? 23
24 Identify and assess risks Related to Available, Integrity or Confidentiality Identify Likelihood Identified Threat Related Asset Identify Impact The identified impact is taken from the Business Impact Assessment (BIA) Main Threat Sub Threat Sub Threat 24
25 Identify and assess risks Count risk 25
26 Prioritise and present risks Stakeholder Analysis Define assets Identify processes Define assets Identify and assess threat sources Define Focus-of-Interest Group assets Business Impact Assessment (BIA) Identify and assess risks Prioritise and present risks 26
27 Prioritise and present risks Identified Threat Related Asset Risk Risk = Likelihood * Impact Main Threat Sub Threat Sub Threat 27
28 Approach for redevelopment Stakeholder Analysis Stakeholder Analysis Risk Analysis Risk Analysis Other input phase 1 Other input phase 2 Open issues P&S Requirements Version 1.50 Open issues P&S Dutch Smart Meter Requirements 4.0 Official Privacy Code Smart Meter Grid Operators Document Integral Vision Smart Meter P&S Requirements Version 2.0 Control Objectives Alignment with Working Group DSMR Review P&S Audit Committee of the P&S Requirements Desk study P&S Audit Committee Experiences from penetration tests DSMR 4 meters Control Measures Internal review grid operators P&S requirements other European countries Experiences from code reviews DSMR 4 meters Implementation Guidelines Alignment with EDSN about P4-portal Essential Regulatory Recommedations for E.C. (EG-2) Analysis incidents Review and alignment ESMIG 28
29 Structure of the requirements Stakeholder Analysis Risk Analysis Stakeholders Asset process Stakeholder Values BIA P&S Requirements Version 2.0 Risks Control Objectives Control Measures Implementation Grid Operator Organisation Implementation Guidelines Processes Technical 29
30 Structure of the requirements Stakeholder Analysis Risk Analysis Stakeholders Asset process Stakeholder Values BIA P&S Requirements Version 2.0 Risks Control Objectives Control Measures Implementation Grid Operator Organisation Implementation Guidelines Processes Technical 30
31 Nationaal Cyber Security Centre Cyber Security CPNI.nl CouncilThe Netherlands IRB ICT Response Board (for Crisis) Dutch Data Protection Authority (CBP) ENCS Contact Group Security and Crisismanagement Policy Committee Audit Committee Privacy & Security Privacy & Security Netbeheer Nederland Working Group Smart Grid Cyber Security Project Group Smart Grids NEN European SCADA Control Systems Information Exchange (EuroSCSIE) Thematic Network for Critical Energy Infrastructure Protection (TNCEIP) Cyber Security EG: European Network of Transmission System Operators for Electricity European Commission DG ENER Europe European Commission DG INFSO/CONNECT Smart Grid Task Force Steering committee M/490 Smart Grid Coordination Group. Expert Group on Smart Grid Security M/490 Smart Grid Steering Committee. ENISA Expert Group 2 Data Privacy and Cyber Security M/490 Working Group for Smart Grid Information Security (WG SGIS). EUTC ETSI CEN CENELEC Stand dardisation European Reference Network Critical Infrastructure Protection (ERNCIP) European Commission DG HOME. DG HOME CIIP for SCADA and the Smart Grid. NIST U.S.A. DECC U.K. STEG 31
32 Security Toolbox M/490 32
33 Security Toolbox M/490 Comparison with Dutch Risk Analysis methodology Make for this distinction of the different assets and grouping of the assets for instance a model like this: Use Case x Stakeholder 1 Stakeholder 2 Business Process 1 Business Process 2 Business Process 3 Business Process 1 Business Process 2 Business Process 3 Business Process 4 Business Process 5 Asset Category 1 Asset Category 2 A 1 X X X A 2 X X X X A 1 X X X X A 2 X X X X 33
34 Security Toolbox M/490 Comparison with Dutch Risk Analysis methodology For the information assets the impact of each use case should be defined, of course per category of the different stakeholders. Use case x Stakeholder Stakeholder Financial Reputation Safety Financial Reputation Operations Safety Regulation Total Asset Category x Asset 1 Asset 2 A I C A I C 34
35 Security Toolbox M/490 Comparison with Dutch Risk Analysis methodology Now only for the information assets that score significant on impact potential threats are identified: ID Sub Threat Asset AIC-Classifications Likelihood Impact Risk Remarks Threat 1 Asset 2 A 1 A Asset 2 A 1 B Asset 2 A 1 C Asset 2 A 2 Asset 2 A 3 Asset 2 A 3 A Asset 2 A 3 B Asset 2 A 3 C Asset 2 A 4 Asset 2 I 4 A Asset 2 I 4 B Asset 2 I Remarks Chance 35
36 Security Toolbox M/490 Comparison with Dutch Risk Analysis methodology Therefore an overall risk can be identified for each potential threat on an asset with a significant impact on the risk categories (operational, legal etc.). These threats should be the trigger to identify the needed essential requirements, and next to analyze the potential gaps in the existing standards: Stakeholder Analysis Stakeholder processes Stakeholder Values Risk Analysis Impact on Stakeholder processes Impact on Stakeholder values Identify the gaps & define actions Actions to solve gaps Security Goals Risks Gaps Define essential requirements Essential Requirements Compare requirements with standards Identify relevant Standards
37 Are we ready for Cyber Security? 37
38 Many thanks for your attention! Johan Rambi : Alliancemanager Privacy & Security Telephone : johan.rambi@alliander.com 38
Including Threat Actor Capability and Motivation in Risk Assessment for Smart Grids
CPSR-SG 2016: Joint International Workshop on Cyber-Physical Security and Resilience in Smart Grids, 12th April 2016, Vienna Security for smart Electricity GRIDs Including Threat Actor Capability and Motivation
More informationENCS/NEC RESEARCH MEETING
ENCS/NEC RESEARCH MEETING Benessa Defend ベネッサ ディフェンド Benessa.Defend@encs.eu April 21, 2014 NEC, Kawasaki 1 PARTNERING FOR CYBER RESILIENCE We create and bring together knowledge and resources to secure
More informationCyber Security in EU: ENISA approach
Cyber Security in EU: ENISA approach Konstantinos Moulinos, Security Expert European Union Network and Information Security Agency Norwegian Energy Days 2015, Oslo European Union Agency for Network and
More informationEnterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security
Enterprise Security Governance Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security Governance and Organisational Model Risk Mgmt & Reporting Digital Risk & Security
More informationCyber Security in EU: ENISA approach
Cyber Security in EU: ENISA approach Konstantinos Moulinos, Security Expert European Union Network and Information Security Agency in Electricity Distribution Grids, Brussels European Union Agency for
More informationNIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA
NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA ViS!T - Verwaltung integriert sichere Informationstechnologie, Wien, 29.10.2014 European Union Agency
More informationEU CIP Project DENSEK. Joining forces against cyber threats on European level
EU CIP Project DENSEK Joining forces against cyber threats on European level DENSEK EU CIP Objectives Improving the resilience of the energy infrastructure i.e. improving the security of the Smart Energy
More informationRobert Malmgren. Smart Grid. Security Challenges - Legacy and Infrastructure Burdens
Robert Malmgren Smart Grid Security Challenges - Legacy and Infrastructure Burdens Short bio Robert Malmgren Independent consultant that have worked with utility companies regarding IT- and info sec since
More informationKPN and Utilities. Agenda
1 Titel van de presentatie Classificatie KPN and Utilities Agenda Company Profile Business Market positioning Environmental Performance ICT in the transformation of the energy market Recap and Conclusions
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationESKISP6054.01 Conduct security testing, under supervision
Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to
More informationTHINK SMART! THE INTRODUCTION OF SMART GAS METERS
23rd World Gas Conference, Amsterdam 2006 THINK SMART! THE INTRODUCTION OF SMART GAS METERS Henk van Bruchem Netherlands ABSTRACT The application of smart metering has many advantages, especially in a
More informationSPARKS Cybersecurity Technology and the NESCOR Failure Scenarios
SPARKS Cybersecurity Technology and the NESCOR Failure Scenarios Lucie Langer and Paul Smith firstname.lastname@ait.ac.at AIT Austrian Institute of Technology ComForEn Workshop Monday 29 th September,
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationNIST National Institute of Standards and Technology
NIST National Institute of Standards and Technology Lets look at SP800-30 Risk Management Guide for Information Technology Systems (September 2012) What follows are the NIST SP800-30 slides, which are
More informationENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012
ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe CENTR General Assembly, Brussels October 4, 2012 christoffer.karsberg@enisa.europa.eu 1 Who we are ENISA was
More informationCyber Security for the energy industry
ENERGY Cyber Security for the energy industry 28-03-2014 1 DNV GL 2014 10-03-2014 SAFER, SMARTER, GREENER 2 3 Challenges Utilities are thinking they are ok! The fence around the assets isn t enough anymore
More informationInformation Technology
Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level
More informationEuropean Network for Cyber Security
European Network for Cyber Security Cyber Security: a fundamental basis for Smart Grids Project Summary December 19, 2014 Introduction Smart grids are crucial to support the use of more sustainable energy
More informationHow To Protect Your Network From Attack
NextGen SCADA security Erwin Kooi Setting the stage This talk is not An introduction to SCADA security AIC versus CIA The latest blinky-lights SCADA security appliance How to use IT security in OT envrionments
More informationCloud Security Standardisation & Certification. Arjan de Jong Policy Advisor Information Security
Cloud Security Standardisation & Certification Arjan de Jong Policy Advisor Information Security Overview Economics of standardization and certification (EU) Legal requirements for (cloud) security International
More informationSmart grid cyber security certification
Smart grid cyber security certification 1 Introduction On 30th September 2014 ENISA organised a workshop where the results of the report on Smart grid security certification (to be published by end of
More informationESKISP6056.01 Direct security testing
Direct security testing Overview This standard covers the competencies concerning with directing security testing activities. It includes setting the strategy and policies for security testing, and being
More informationBT Conferencing Business Continuity Management. Planning to stay in business
BT Conferencing Business Continuity Management Planning to stay in business Planning for the unexpected In today s connected world, businesses are increasingly dependent on their communications and networked
More informationAppropriate security measures for smart grids
1 Appropriate security measures for smart grids Guidelines to assess the sophistication of security measures implementation [2012-12-06] 1 Copyright TenneT Appropriate security measures for smart grids
More informationCyber Security and Privacy - Program 183
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
More informationDATA, THE GATE TO A SMART ENERGY SYSTEM - views from the electricity industry
DATA, THE GATE TO A SMART ENERGY SYSTEM - views from the electricity industry Hans Ten Berge, Secretary General, EURELECTRIC Big Data Europe workshop, 16 June 2015 EURELECTRIC represents the EU electricity
More informationNetwork security policy issues. Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece
Network security policy issues Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece 1 Sample Agenda Slide 1 The current threat landscape 2 IT security and policy leadership 3 The EU
More informationVattenfall Eldistribution AB, Sweden Project AMR Automatic Meter Reading
Vattenfall Eldistribution AB, Sweden Project AMR Automatic Meter Reading Toveiskommunikasjon i Norge 2008 21. mai 2008, Gardemoen, Oslo Fra planleggning til ferdig installasjon och drift Erik Nordgren
More informationSmart Metering Implementation Programme: Data Privacy and Security
Smart Metering Implementation Programme: Data Privacy and Security Document type: Supporting Document Ref: 94e/10 Date of publication: 27 July 2010 Deadline for response: 28 October 2010 Target audience:
More informationDBC 999 Incident Reporting Procedure
DBC 999 Incident Reporting Procedure Signed: Chief Executive Introduction This procedure is intended to identify the actions to be taken in the event of a security incident or breach, and the persons responsible
More informationBuilding Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch
Building Blocks of a Cyber Resilience Program Monika Josi monika.josi@safis.ch About me Chief Security Advisor for Microsoft Europe, Middle East and Africa providing support to Governments and CIIP until
More informationAn ERGEG Public Consultation Paper on Draft Guidelines of Good Practice on Regulatory Aspects of Smart Metering for Electricity and Gas
ERGEG Date: Contact: Per Hallberg Phone: 03.09.2010 Email: per.hallberg@vattenfall.com Fax: An ERGEG Public Consultation Paper on Draft Guidelines of Good Practice on Regulatory Aspects of Smart Metering
More informationHow To Write A Cybersecurity Framework
NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order
More informationSECURITY RISK MANAGEMENT
SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W
More informationCybersecurity Risk Assessment in Smart Grids
Cybersecurity Risk Assessment in Smart Grids Lucie Langer, Paul Smith, Thomas Hecht firstname.lastname@ait.ac.at AIT Austrian Institute of Technology ComForEn Symposium 2014 Sept 30, 2014 1 Risk Assessment:
More informationState Governments at Risk: The Data Breach Reality
State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO
More informationAdvanced Metering Infrastructure
Advanced Metering Infrastructure Research Project 2 Vic Ding SNE, UvA February 8th 2012 Agenda Background Research motivation and questions Research methods Research findings Stakeholders Legislation Smart
More informationOverview TECHIS60851. Manage information security business resilience activities
Overview Information security business resilience encompasses business continuity and disaster recovery from information security threats. As well as addressing the consequences of a major security incident,
More informationInformation Security Team
Title Document number Add document Document status number Draft Owner Approver(s) CISO Information Security Team Version Version history Version date 0.01-0.05 Initial drafts of handbook 26 Oct 2015 Preface
More informationRisk Management & Business Continuity Manual 2011-2014
ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page
More informationCyber security guide for boardroom members
Cyber security guide for boardroom members 2 Cyber security guide for boardroom members Cyber security at strategic level Our society is rapidly digitising, and we are all reaping the benefits. Our country
More informationISO 27001 Information Security Management Services (Lot 4)
ISO 27001 Information Security Management Services (Lot 4) CONTENTS 1. WHY LEICESTERSHIRE HEALTH INFORMATICS SERVICE?... 3 2. LHIS TECHNICAL ASSURANCE SERVICES... 3 3. SERVICE OVERVIEW... 4 4. EXPERIENCE...
More informationLGMA Qld Governance and Corporate Planning Village Forum
www.pwc.com.au Fraud Risk Management Fraud Risk Assessments LGMA Qld Governance and Corporate Planning Village Forum March 2015 Agenda Introductions Fraud Risk Management Fraud Statistics s Global Economic
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationNational Cyber Security Strategies
May 2012 National Cyber Security Strategies About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is
More informationIT risk management discussion 2013 PIAA Leadership Camp May 15, 2013
IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationPrivacy and Security in Healthcare
5 th 5 th th National HIPAA Summit National Strategy to Secure Cyberspace Privacy and Security in Healthcare October 31, 2002 Andy Purdy Senior Advisor, IT Security and Privacy The President s Critical
More informationCyber Security - What Would a Breach Really Mean for your Business?
Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber
More informationOECD PROJECT ON CYBER RISK INSURANCE
OECD PROJECT ON CYBER RISK INSURANCE Introduction 1. Cyber risks pose a real threat to society and the economy, the recognition of which has been given increasingly wide media coverage in recent years.
More informationDIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014 Revision History Update this table every time a new edition of the document is published Date Authored
More informationHow To Manage Risk On A Scada System
Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives (Revised March 2012) Disclaimer: To the extent permitted by law, this document
More informationfuture data and infrastructure
White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationInformation Security: Business Assurance Guidelines
Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies
More informationIndustrial Cyber Security 101. Mike Spear
Industrial Cyber Security 101 Mike Spear Introduction Mike Spear Duluth, GA USA Global Operations Manager, Industrial Cyber Security Mike.spear@honeywell.com Responsible for the Global Delivery of Honeywell
More informationClaes Rytoft, ABB, 2009-10-27 Security in Power Systems. ABB Group October 29, 2009 Slide 1
Claes Rytoft, ABB, 2009-10-27 Security in Power Systems October 29, 2009 Slide 1 A global leader in power and automation technologies Leading market positions in main businesses 120,000 employees in about
More informationCertified Information Security Manager (CISM)
Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security
More informationUtility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security
Boeing Defense, Space & Security Ventures Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security Tristan Glenwright - Boeing BOEING is a trademark of Boeing Management Company. The
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationVolker Jacumeit, DIN e. V. ILNAS Workshop CSCG Presentation June 4, 2015
Volker Jacumeit, DIN e. V. ILNAS Workshop CSCG Presentation June 4, 2015 Cyber Security Coordination Group Who we are: Advisory body of the European Standards Organizations Composed of experts from CEN/CLC
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis
More informationDe Nieuwe Code voor Informatiebeveiliging
De Nieuwe Code voor Informatiebeveiliging Piet Donga, ING Voorzitter NEN NC 27 - IT Security 1 Agenda Standardisation of Information security The new Code of Practice for Information Security The Code
More informationCyber Security Health Test
ENERGY Cyber Security Health Test Robin Massink 20-05-2014 1 DNV GL 2013 2014 20-12-2013 SAFER, SMARTER, GREENER Cyber security issues facing the utility industry We are moving from IEC60870-5-101/ DNP3
More informationAppendix 3 - Joint FRS Information Security & Assurance Sub Group Action Plan
Appendix 3 - Joint FRS Information Security & Assurance Sub Group Action Plan HFR Version 2 5th Oct 2010 Objective 1 - Introduce mandatory requirements 11, 12, 14, 15, 16, 19, 21, 31, 32, 33, 34, 35, 36,
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationCYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION
CYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION CYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION In the ever-evolving technological landscape which we all inhabit, our lives are dominated by
More informationESKISP6046.02 Direct security architecture development
Overview This standard covers the competencies concerned with directing security architecture activities. It includes setting the strategy and policies for security architecture, and being fully accountable
More informationBusiness Continuity Management Policy
Governance 1 Purpose The purpose of this policy is to communicate Business Continuity Management (BCM) framework, responsibilities and guiding principles for Victoria to effectively prepare for and achieve
More informationProcurement Innovation for Cloud Services in Europe
Procurement Innovation for Cloud Services in Europe Author: Bob Jones (CERN) on behalf of the PICSE consortium www.picse.eu/ @PICSEPROCURE Focus: cloud service procurement and the Digital Single Market
More informationRoad map for ISO 27001 implementation
ROAD MAP 1 (5) ISO 27001 adopts the "Plan-Do-Check-Act" (PDCA) model, which is applied to structure all ISMS processes: PDCA Plan (establish the ISMS) Do (implement and operate the ISMS) Descriprion Establish
More informationEnterprise Security Architecture for Cyber Security. M.M.Veeraragaloo 5 th September 2013
Enterprise Security Architecture for Cyber Security M.M.Veeraragaloo 5 th September 2013 Outline Cyber Security Overview TOGAF and Sherwood Applied Business Security Architecture (SABSA) o o Overview of
More informationINFRASTRUCTURE CONTROL SYSTEMS ENCRYPTION
INFRASTRUCTURE CONTROL SYSTEMS ENCRYPTION solutions-paper INFRASTRUCTURE AND INDUSTRIAL PROCESS AND CONTROL SYSTEMS SECURITY ARE OF NATIONAL IMPORTANCE DUE TO THEIR ESSENTIAL SERVICES AND ECONOMIC IMPACT.
More informationAdvanced Project Management Incl. MS Projects 5 DAYS
Imsimbi Training proudly presents Advanced Project Management Incl. MS Projects 5 DAYS Imsimbi Training is a fully accredited training provider with the Services Seta, number 2147, as well as a Level 2
More informationRisk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC
Annex 1 TITLE VERSION Version 2 Risk Management Strategy and Policy SUMMARY The policy provides the framework for the management and control of risk within the GOC DATE CREATED January 2013 REVIEW DATE
More informationSmart grid security analysis
Smart grid security analysis Paul Smith et al. paul.smith@ait.ac.at SPARKS Stakeholder Workshop 20 th May, 2014, Graz SPARKS Objectives The SPARKS project has three main objectives regarding security analysis:
More informationSmart Grid Security: A Look to the Future
Smart Grid Security: A Look to the Future SESSION ID: TECH-W03A Gib Sorebo Chief Cybersecurity Technologist Leidos @gibsorebo Overview Distributed Energy Plug-in Vehicles Evolving Threats: Market Manipulation,
More informationSmart Meters Executive Paper
Smart Meters Executive Paper Smart infrastructure overview The ever growing global demand for energy, combined with increasing scarcity of resources and the threat of climate change, have prompted governments
More informationOnsight IntelliDefense SECURING YOUR BUSINESS
Onsight IntelliDefense SECURING YOUR BUSINESS Onsight IntelliDefense SECURING YOUR BUSINESS Nowadays, ensuring that business systems and applications function properly and are available is of crucial importance.
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationManaged Security Services SECURING YOUR BUSINESS
Managed Security Services SECURING YOUR BUSINESS Managed Security Services SECURING YOUR BUSINESS Nowadays, ensuring that business systems and applications function properly and are available is of crucial
More informationPROTEUS Enterprise - IT Governance, Risk and Compliance Management Solution
PROTEUS Enterprise - IT Governance, Risk and Compliance Management Solution 1. The Challenge Large enterprises are experiencing an ever increasing burden of regulation and legislation against which they
More informationPreparing yourself for ISO/IEC 27001 2013
Preparing yourself for ISO/IEC 27001 2013 2013 a Vintage Year for Security Prof. Edward (Ted) Humphreys (edwardj7@msn.com) [Chair of the ISO/IEC and UK BSI Group responsible for the family of ISMS standards,
More informationBusiness Continuity for Cyber Threat
Business Continuity for Cyber Threat April 1, 2014 Workshop Session #3 3:00 5:30 PM Susan Rogers, MBCP, MBCI Cyberwise CP S2 What happens when a computer program can activate physical machinery? Between
More informationPolish Financial Supervision Authority. Guidelines
Polish Financial Supervision Authority Guidelines on the Management of Information Technology and ICT Environment Security for Insurance and Reinsurance Undertakings Warsaw, 16 December 2014 Table of Contents
More informationASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012. Co-Chair s Summary Report
ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012 Co-Chair s Summary Report 1. Pursuant to the 18 th ASEAN Regional Forum (ARF) Ministerial meeting in Bali,
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationEmerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP
Emerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP July 25, 2014 Topics Improved 4G Communications Mobile Devices Cyber Security Threats Cyber Security Guidance
More informationHow small and medium-sized enterprises can formulate an information security management system
How small and medium-sized enterprises can formulate an information security management system Royal Holloway Information Security Thesis Series Information security for SMEs Vadim Gordas, MSc (RHUL) and
More informationwww.pwc.com Developing a robust cyber security governance framework 16 April 2015
www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October
More informationPaul Vlissidis Group Technical Director NCC Group plc paulv@nccgroup.com
Managing IT Fraud Using Ethical Hacking Paul Vlissidis Group Technical Director NCC Group plc paulv@nccgroup.com Agenda Introductions Context for Ethical Hacking Effective use of ethical hacking in fraud
More informationFlexible Plug & Play Smart grid cyber security design and framework. Tim Manandhar
Flexible Plug & Play Smart grid cyber security design and framework Tim Manandhar Agenda Cyber security for smart grids Smart Grid cyber security framework FPP project approach on Cyber security Conclusions
More informationCloud and Critical Information Infrastructures
Cloud and Critical Information Infrastructures Cloud computing in ENISA Dr. Evangelos Ouzounis Head of Infrastructure & Services Unit www.enisa.europa.eu About ENISA The European Union Network and Information
More informationCybersecurity & Public Utility Commissions
Cybersecurity & Public Utility Commissions November 12, 2014 TCIPG Ann McCabe, Commissioner Illinois Commerce Commission NARUC (National Association of Regulatory Utility Commissioners) Cybersecurity Primer
More informationAre your people playing an effective role in your cyber resilience?
Are your people playing an effective role in your cyber resilience? 01 Cyber attacks are now business as usual for organizations around the world. Organizations have typically trusted in technology to
More information