Cyber Security for DER, ADR, and AMI
|
|
- Dylan Banks
- 7 years ago
- Views:
Transcription
1 Cyber Security for DER, ADR, and AMI EPRI Seminar: Integrated Grid Concept and Technology Development Tokyo Japan, August 20, 2015 Galen Rasche, Senior Program Manager, Cyber Security
2 Agenda Security Trends and Challenges Failure Scenarios for DER, ADR, and AMI Identifying Cyber Security Requirements 2
3 Security Trends and Challenges 3
4 The Landscape Most new generation connecting at grid edge The edge is the distribution system Distribution has least amount of utility visibility/control Distributed Energy Resources (DER) Combined Heat & Power Demand Response Home Energy Rooftop Solar Energy Storage Electric Vehicles Large-Scale Solar 4
5 Trends Impacting Security Changing regulation Attacks from nation states and terrorist organizations Connections with more business players Reliance on external communications Increased capability of field equipment 5
6 Threat Model Adversaries with intent Insiders or outsiders, groups or individuals Failure in people, processes, and technology, including human error Threat Agents Economic Criminals Malicious Criminals Recreational Criminals Loss of resources, in particular key employees or communications infrastructure Accidents Natural hazards as they impact cyber security Activist Groups Terrorists Hazards 6
7 Failure Scenarios for DER, ADR, and AMI 7
8 National Electric Sector Cybersecurity Organization Resource: Failure Scenario Report Includes malicious and non-malicious events Format: Failure scenario description Relevant vulnerabilities Impact to grid operations Potential mitigations NESCOR report includes many smart grid scenarios: AMI: 32 scenarios DER: 25 scenarios ADR: 7 scenarios Distribution grid management: 16 scenarios Electric Sector Failure Scenarios and Impact Analyses 8
9 Failure Scenarios - Continued Provide structure for modeling threats and indicators of compromise Can be leveraged as part of a risk assessment process Support cyber security tabletop exercises High-level - must be tailored to each organization 9
10 DR.4 Improper DRAS Configuration Causes Inappropriate DR Messages Description A threat agent unintentionally or maliciously modifies the DRAS configuration to send (or not send) DR messages at incorrect times and to incorrect devices. This could deliver a wrong, but seemingly legitimate set of messages to the customer system. Assumptions DRAS issues a DR message when receiving DR event information in the following ways: (1) Business Logic feeds DR event to DRAS automatically based on its analysis; (2) Authorized manager manually generates and feeds DR event to DRAS through management GUI. 10
11 DR.4 Improper DRAS Configuration Causes Inappropriate DR Messages Utility Boundary Business Logic DR data (subscribers, etc.) DR event Database DRAS DR message Subscribers (DR Client) Graphical User Interface (GUI) DR event Related Architecture Internet Authorized Manager 11
12 DR.4 Improper DRAS Configuration Causes Inappropriate DR Messages (3/4) 12 Threat Agent Gains Access to Network that hosts Business Logic system 13 Threat Agent Obtains Legitimate Credentials for Business Logic system 14 Threat agent misconfigures Business Logic to feed unauthorized DR event to DRAS 15 Threat agent creates unauthorized DR event via DRAS GUI 3 4 Threat agent misconfigures DRAS to generate unauthorized DR event DRAS host is compromised by malware 5 Unintended DR event is injected into DRAS 6 Unintended DR message is sent out to DR Client Client receives unintended DR message may continue operating at peak demand or curtails energy loads No immediate detection; Delayed diagnosis Possible peak energy demand; loss of public confidence
13 DR.4 Improper DRAS Configuration Causes Inappropriate DR Messages Potential Mitigations 1 - See common sub tree Threat Agent Gains Access to Network <specific network> 2 - See common sub tree Threat Agent Obtains Legitimate Credentials for <system or function> 3 - Generate alerts on changes to configurations on DRAS; Detect unauthorized configuration changes; Create audit log of DR messages generated; Require second-level authentication to change configuration 5, 6 - Validate inputs, specifically the reasonableness of DR event 7 - See common sub tree Threat Agent Finds Firewall Gap 8 - See common sub tree Authorized Employee Brings Malware into <system or network> 9, 11 - Require application whitelisting 11 - Conduct penetration testing; Perform security testing; Maintain patches in DRAS host; Maintain anti-virus 13
14 DR.4 Improper DRAS Configuration Causes Inappropriate DR Messages Potential Mitigations (2) 13 - See common sub tree Threat Agent Obtains Legitimate Credentials for <system or function> 14 - Use RBAC to limit generation of DR event; Generate alerts on changes to configurations on Business Logic; Detect unauthorized configuration changes; Create audit log of DR events generated 15 - Create audit log of DR events generated; Generate alarm on unexpected DR event generation 18 - Maintain patches in DRAS GUI host; Maintain anti-virus; Detect unauthorized connections to DRAS GUI; Restrict Internet access to DRAS GUI 14
15 Identifying Cyber Security Requirements 15
16 Hierarchical DER System Five-Level Architecture, in SGAM Format Level 5: Transmission and Market Interactions Distribution Energy Market Clearinghouse Transmission Energy Market Clearinghouse Level 4: Distribution Utility Operational Analysis and Control for Grid Operations System to Manage Demand Response (DR) Pricing Signals Market information Retail Energy Market Clearinghouse Retail Energy Provider (REP) and/ or DER Aggregator Market ISO/RTO/TSO Balancing Authority Geographic Information System (GIS) Outage System (OMS) Distribution System (DMS) Demand Response (DR) System Enterprise Energy System (EMS) Transmission Bus Load Model (TBLM) Utility WAN/LAN DER System (DERMS) DER SCADA System for Control & Monitoring Level 3: Utility and REP Information & Communications (ICT) REP DER & Load System Operation Level 2: Facilities DER Energy System (FDEMS) IEC over ModBus or SEP 2 IEC over DNP3 Facilities DER and Load Energy System Market information in OpenADR Facilities Site WAN/LAN Station Facilities DER Energy Systems (FDEMS) Facilities DER Energy Systems (FDEMS) Facilities Load Meter and Utility Grid PCC Level 1: Autonomous cyber-physical DER systems IEC over ModBus PV Controller PV Equipment Electric Vehicle Supply Equipment Electric Vehicle Battery Storage Controller Battery Diesel Controller Diesel Generator Facilities Site Loads Field Process Circuit breaker ECP ECP ECP ECP 16 Transmission Distribution Distributed Energy Resources (DER) Customer Premises
17 NIST Interagency Report (NISTIR) 7628, Guidelines for Smart Grid Cyber Security What it IS May be used as a guideline to evaluate the overall cyber security risks to a Smart Grid system Each organization must develop its own cyber security strategy (including a risk assessment methodology) for the Smart Grid What it IS NOT It does not prescribe particular solutions It is not mandatory Version 1.0 Rev 1 published September
18 Risk Assessment using NISTIR 7628 Initial Phase Step 1 Identify the systems and assets Include all assets not just critical cyber assets Step 2 Specify preliminary confidentiality, integrity, and availability objectives Identify system criticality Preliminary identification of threats and impacts (consequences) Step 3 Perform a preliminary risk assessment Define security requirements Overall business assessment 18
19 DER Logical Reference Model Extended/Modified from the NISTIR 7628 Spaghetti Diagram 25 - Distributed Generation & Storage (DERMS) D Outage System (OMS) 17 - Geographic Information System (GIS) U65 U27 D07 D Load System / Demand- Response System (LM/DR) D06 29a - DER SCADA U56 U9 D Distribution System (DMS) D05 U11 U102 U ISO/RTO Operations U58 U52 D Customer Energy System (CDEMS) U Energy Market Clearinghouse U57 U20 41a - Retail Energy Provider (REP) U45 Transmission Bulk Generation Markets Domain Color Key Operations Service Providers Distribution Customer 4a - DER System Controller 4b DER Device D08 6a - Electric Vehicle Service Element (EVSE) 6b - Electric Vehicle (EV) D09 19
20 Hierarchical DER Architecture Mapped to the NISTIR 7628 Level 5: Transmission Operations 19 - Energy Market Clearinghouse Multi-Level Hierarchical DER Architecture D06 Level 4: Distribution Utility DER Operational Analysis D01 U58 U Distributed Generation & Storage (DERMS) D Distribution System (DMS) U Geographic Information System (GIS) D ISO/RTO Operations 30 - Energy System D04 U87 U27 U11 U52 41a - Retail Energy Provider (REP) Level 3: Utility and REP DER Information and Communications Technology (ICT) U92 U56 D05 U65 29a - DER SCADA D03 U9 36 -Outage System (OMS) 32 - Load System / Demand- Response System (LM/DR) U106 Level 2: Facilities DER Energy (FDEMS) 5 - Facilities Energy System (FDEMS) Level 1: Autonomous DER Generation and Storage 4a - DER System Controller U45 D08 U62 6a - Electric Vehicle Supply Equipment (EVSE) D09 Utility Grid Meter and PCC 4b DER Device 6b - Electric Vehicle (EV) Customer Site Load 20
21 NISTIR 7628 Preliminary Security Objectives 21
22 Risk Assessment using NISTIR 7628 Acquisition/Development Phase Step 4 Detailed system design Identify interfaces and interconnected systems Tailor the NISTIR 7628 diagrams Step 5 - Detailed risk assessment Expand upon initial risk assessment More detailed threat and impact assessment Vulnerability assessment Define system level risks 22
23 EPRI Cyber Security Resources Electric Sector Failure Scenarios and Impact Analyses Analysis of Selected Electric Sector High Risk Failure Scenarios Guidelines for Leveraging NESCOR Failure Scenarios in Cyber Security Tabletop Exercises Integrating Electricity Subsector Failure Scenarios into a Risk Assessment Methodology Cyber Security for DER Systems NESCOR Guide to Penetration Testing for Electric Utilities Cyber Security Strategy Guidance for the Electric Sector 23
24 Moving Forward Cyber security supports both the reliability and privacy of the Smart Grid Address interconnected systems both IT and control systems Cyber security needs to be addressed in all systems, not just critical assets Augment existing protection controls, as applicable Continuously monitor and assess the security status Acknowledge will be some security breaches Focus on response and recovery Fail secure Address both safety and security 24
25 Questions 25
26 Together Shaping the Future of Electricity 26
Cyber Security for DER Systems
Cyber Security for DER Systems Version 1.0 July 2013 National Electric Sector Cybersecurity Organization Resource (NESCOR) Cyber Security for DER Systems Version 1.0 July 2013 Authors: Frances Cleveland,
More informationCyber Security and Privacy - Program 183
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
More informationRisk Management in Practice A Guide for the Electric Sector
Risk Management in Practice A Guide for the Electric Sector Annabelle Lee Senior Technical Executive ICCS European Engagement Summit April 28, 2015 Before we continue let s get over our fears and myths
More informationfuture data and infrastructure
White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal
More informationConsulting International
NIST Cyber Security Working Group (CSWG) NISTIR 7628: NIST Guidelines for Smart Grid Cyber Security Frances Cleveland Xanthus Consulting International Xanthus Consulting International fcleve@xanthus-consulting.com
More informationSPARKS Cybersecurity Technology and the NESCOR Failure Scenarios
SPARKS Cybersecurity Technology and the NESCOR Failure Scenarios Lucie Langer and Paul Smith firstname.lastname@ait.ac.at AIT Austrian Institute of Technology ComForEn Workshop Monday 29 th September,
More informationCybersecurity Risk Assessment in Smart Grids
Cybersecurity Risk Assessment in Smart Grids Lucie Langer, Paul Smith, Thomas Hecht firstname.lastname@ait.ac.at AIT Austrian Institute of Technology ComForEn Symposium 2014 Sept 30, 2014 1 Risk Assessment:
More informationSteve Lusk Alex Amirnovin Tim Collins
Steve Lusk Alex Amirnovin Tim Collins ViaSat Inc. Cyber-intrusion Auto-response and Policy Management System (CAPMS) Cybersecurity for Energy Delivery Systems Peer Review August 5-6, 2014 Summary: Cyber-intrusion
More informationEFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013
EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013 1 AGENDA Why Cybersecurity? A Few Helpful Cybersecurity Concepts Developing Expertise:
More informationUnderstanding SCADA System Security Vulnerabilities
Understanding SCADA System Security Vulnerabilities Talking Points Executive Summary Common Misconceptions about SCADA System Security Common Vulnerabilities Affecting SCADA Networks Tactics to Strengthen
More informationIncluding Threat Actor Capability and Motivation in Risk Assessment for Smart Grids
CPSR-SG 2016: Joint International Workshop on Cyber-Physical Security and Resilience in Smart Grids, 12th April 2016, Vienna Security for smart Electricity GRIDs Including Threat Actor Capability and Motivation
More informationPROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE0000191
Interim Techlogy Performance Report 3 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V1 Company Name: The Boeing Company November 19, 2013 1 Interim Techlogy Performance Report 3
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationSecurity Implications Associated with Mass Notification Systems
Security Implications Associated with Mass Notification Systems Overview Cyber infrastructure: Includes electronic information and communications systems and services and the information contained in these
More informationDevelopment of a Conceptual Reference Model for Micro Energy Grid
Development of a Conceptual Reference Model for Micro Energy Grid 1 Taein Hwang, 2 Shinyuk Kang, 3 Ilwoo Lee 1, First Author, Corresponding author Electronics and Telecommunications Research Institute,
More informationSoftware & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes
Software & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes Joe Jarzombek, PMP, CSSLP Director for Software & Supply Chain Assurance Stakeholder
More informationPanel Session: Lessons Learned in Smart Grid Cybersecurity
PNNL-SA-91587 Panel Session: Lessons Learned in Smart Grid Cybersecurity TCIPG Industry Workshop Jeff Dagle, PE Chief Electrical Engineer Advanced Power and Energy Systems Pacific Northwest National Laboratory
More informationAppendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises
Appendix Key Areas of Concern i. Inadequate coverage of cybersecurity risk assessment exercises The scope coverage of cybersecurity risk assessment exercises, such as cybersecurity control gap analysis
More informationClient Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs
1 Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs NEW YORK Byungkwon Lim blim@debevoise.com Gary E. Murphy gemurphy@debevoise.com Michael J. Decker mdecker@debevoise.com
More informationCIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System
CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System Purpose CIP-005-5 R2 is focused on ensuring that the security of the Bulk Energy System is not compromised
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationChair Mays, Co-Vice Chair Fox, Co-Vice Chair Whitfield and Members of the Committee:
National Association of Regulatory Utility Commissioners (NARUC) Winter Committee Meeting SGIP Report to Committee on Critical Infrastructure Sunday, February 9, 2014 Chair Mays, Co-Vice Chair Fox, Co-Vice
More informationCybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014
Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security
More informationTHE FUTURE OF SMART GRID COMMUNICATIONS
THE FUTURE OF SMART GRID COMMUNICATIONS KENNETH C. BUDKA CTO STRATEGIC INDUSTRIES MAY 2014 THE GRID OF THE FUTURE WIDE-SCALE DEPLOYMENT OF RENEWABLES INCREASED ENERGY EFFICIENCY PEAK POWER REDUCTION, DEMAND
More informationUtility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security
Boeing Defense, Space & Security Ventures Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security Tristan Glenwright - Boeing BOEING is a trademark of Boeing Management Company. The
More informationSmart Inverters Smart Grid Information Sharing Webcast
Smart Inverters Smart Grid Information Sharing Webcast Brian K. Seal July 11 th, 2013 Inverter-Connected Solar is Coming US Future? 302 GW PV by 2030 Germany - Demand Late in May 2011 60 GW DOE SunShot
More informationBEFORE THE PUBLIC UTILITIES COMMISSION OF THE STATE OF CALIFORNIA ) ) ) ) ) )
BEFORE THE PUBLIC UTILITIES COMMISSION OF THE STATE OF CALIFORNIA Order Instituting Rulemaking on the Commission s Own Motion to Improve Distribution Level Interconnection Rules and Regulations for Certain
More informationSecurity Threats in Demo Steinkjer
Security Threats in Demo Steinkjer Report from the Telenor-SINTEF collaboration project on Smart Grids Author(s) Inger Anne Tøndel, SINTEF Martin Gilje Jaatun, SINTEF Maria Bartnes Line, SINTEF/NTNU SINTEF
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationPreparing for Distributed Energy Resources
Preparing for Distributed Energy Resources Executive summary Many utilities are turning to Smart Grid solutions such as distributed energy resources (DERs) small-scale renewable energy sources and energy
More informationSecurity in Smart Grid / IoT. Nenad Andrejević Comtrade Solutions Engineering
Security in Smart Grid / IoT Nenad Andrejević Comtrade Solutions Engineering Introduction Why is security important With so much of our lives connected to the Internet from our critical infrastructure
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationRisk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit
Page 1 of 10 Events Partners Careers Contact Facebook Twitter LinkedIn Pike Research Search search... Home About Research Consulting Blog Newsroom Media My Pike Logout Overview Smart Energy Clean Transportation
More informationRobert Malmgren. Smart Grid. Security Challenges - Legacy and Infrastructure Burdens
Robert Malmgren Smart Grid Security Challenges - Legacy and Infrastructure Burdens Short bio Robert Malmgren Independent consultant that have worked with utility companies regarding IT- and info sec since
More informationGoals. Understanding security testing
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
More informationFour Top Emagined Security Services
Four Top Emagined Security Services. www.emagined.com Emagined Security offers a variety of Security Services designed to support growing security needs. This brochure highlights four key Emagined Security
More informationSCOPE. September 25, 2014, 0930 EDT
National Protection and Programs Directorate Office of Cyber and Infrastructure Analysis (OCIA) Critical Infrastructure Security and Resilience Note Critical Infrastructure Security and Resilience Note:
More informationThe Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard
The Impact of Wireless LAN Technology on to the PCI Data Security Standard 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Wireless LANs and PCI Retailers today use computers
More informationDiscussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples The
More informationInformation Bulletin
Public Policy Division Impact of NIST Guidelines for Cybersecurity Prepared by UTC Staff 1. Introduction... 3 2. Cybersecurity Landscape... 3 3. One Likely Scenario... 5 4. Draft NISTIR 7628, Guidelines
More informationNIST Cybersecurity Initiatives. ARC World Industry Forum 2014
NIST Cybersecurity Initiatives Keith Stouffer and Vicky Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL National Institute of Standards and Technology (NIST) NIST s mission
More informationN-Dimension Solutions Cyber Security for Utilities
AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationHow Much Cyber Security is Enough?
How Much Cyber Security is Enough? Business Drivers of Cyber Security Common Challenges and Vulnerabilities Cyber Security Maturity Model Cyber Security Assessments September 30, 2010 Business in the Right
More informationPROJECT BOEING SGS. Interim Technology Performance Report 1. Company Name: The Boeing Company. Contract ID: DE-OE0000191
Interim Techlogy Performance Report 1 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V2 Company Name: The Boeing Company December 10, 2012 1 Interim Techlogy Performance Report 1
More informationTRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More informationAsset Management Challenges and Options, Including the Implications and Importance of Aging Infrastructure
Asset Management Challenges and Options, Including the Implications and Importance of Aging Infrastructure Presentation to the U.S. Department of Energy by the IEEE Joint Task Force on QER Trends: Resilience
More informationIntroduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security
Introduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security The Smart Grid Interoperability Panel Cyber Security Working Group September 2010 Table of Contents Table of Contents...2 1. Introduction
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationFacilitated Self-Evaluation v1.0
Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) Patricia Hoffman Facilitated Self-Evaluation v1.0 Assistant Secretary Office of Electricity Delivery and Energy Reliability U.S.
More informationHigh Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe
2/1/2012 Assessor: J. Doe Disclaimer This report is provided as is for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More informationProtecting Organizations from Cyber Attack
Protecting Organizations from Cyber Attack Cliff Glantz and Guy Landine Pacific Northwest National Laboratory (PNNL) PO Box 999 Richland, WA 99352 cliff.glantz@pnnl.gov guy.landine@pnnl.gov 1 Key Topics
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationIEEE Smart Grid Series of Standards IEEE 2030 TM (Interoperability) and IEEE 1547 TM (Interconnection) Status. #GridInterop
IEEE Smart Grid Series of Standards IEEE 2030 TM (Interoperability) and IEEE 1547 TM (Interconnection) Status #GridInterop Smart Grid (IEEE 2030): the integration of power, communications, and information
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationSecurity Issues in SCADA Networks
Security Issues in SCADA Networks by V. M. Igure, S. A. Laughter, and R. D. Williams Computers & Security, 25(7): 498-506, 2006 presented by Ruilong Deng Postdoctoral Research Fellow School of Electrical
More informationOEB Smart Grid Advisory Committee
Meeting Summary OEB Smart Grid Advisory Committee Meeting Date: October 1, 2013 Time: 9:30 am 4:00 pm Location: OEB Offices, 2300 Yonge Street The Meeting Summary provides a high level review of the presentations
More informationData Security Concerns for the Electric Grid
Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid The U.S. power grid infrastructure is a vital component of modern society and commerce, and represents a critical
More informationInternal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015
Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are
More informationThe Importance of Cybersecurity Monitoring for Utilities
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More informationCIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationIntroduction to the Cyber Security Working Group
Introduction to the Cyber Security Working Group Marianne Swanson, Chair Cyber Security Working Group Computer Security Division Information Technology Laboratory National Institute of Standards and Technology
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationSecuring Campus Utility Systems from Cyber Attack
Securing Campus Utility Systems from Cyber Attack TC Lau, Industrial Defender VP of Professional Services Bob Manning, Harvard University Engineering & Utilities Associate Director of Operations IDEA s
More informationThis chapter provides an overview of cyber security issues and activities by state and federal organizations Cyber security is an ongoing, high
This chapter provides an overview of cyber security issues and activities by state and federal organizations Cyber security is an ongoing, high priority, active initiative within the utility industry.
More informationPractical Considerations for Security
Practical Considerations for Security Steven Hodder GE Digital Energy, Multilin 1. Introduction This paper has been prepared to outline some practical security strategies for protection & control engineers
More informationSOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness
SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper Safeguarding data through increased awareness November 2015 1 Contents Executive Summary 3 Introduction 4 Martime Security 5 Perimeters Breached
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationA Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst
TRACESECURITY WHITE PAPER GRC Simplified... Finally. A Guide to Successfully Implementing the NIST Cybersecurity Framework Jerry Beasley CISM and TraceSecurity Information Security Analyst TRACESECURITY
More informationSmart Grid Security: A Look to the Future
Smart Grid Security: A Look to the Future SESSION ID: TECH-W03A Gib Sorebo Chief Cybersecurity Technologist Leidos @gibsorebo Overview Distributed Energy Plug-in Vehicles Evolving Threats: Market Manipulation,
More informationAirports and their SCADA Systems. Dr Leigh Armistead, CISSP. Peregrine Technical Solutions
Airports and their SCADA Systems Dr Leigh Armistead, CISSP Peregrine Technical Solutions What We May Face For an attack to be successful it only has to cause disruption not loss of life to a significant
More information1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network
WP 1004HE Part 5 1. Cyber Security White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network Table of Contents 1. Cyber Security... 1 1.1 What
More informationAgenda. Introduction to SCADA. Importance of SCADA security. Recommended steps
Agenda Introduction to SCADA Importance of SCADA security Recommended steps SCADA systems are usually highly complex and SCADA systems are used to control complex industries Yet.SCADA systems are actually
More informationGuide to Developing a Cyber Security and Risk Mitigation Plan
NRECA / Cooperative Research Network Smart Grid Demonstration Project Guide to Developing a Cyber Security and Risk Mitigation Plan DOE Award No: DE-OE0000222 National Rural Electric Cooperative Association,
More informationSecurity. Security consulting and Integration: Definition and Deliverables. Introduction
Security Security Introduction Businesses today need to defend themselves against an evolving set of threats, from malicious software to other vulnerabilities introduced by newly converged voice and data
More informationCyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services
Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance
More information1. Summary. electric grid, strengthen saving programs sponsored by utilities. The project
1. 1. Summary Honeywell s Smart Grid Investment Grant (SGIG) project demonstrates utility-scale performance of a Under the American Recovery and hardware/software platform for automated demand Reinvestment
More informationInformation Security Organizations trends are becoming increasingly reliant upon information technology in
DATASHEET PENETRATION TESTING SERVICE Sales Inquiries: sales@spentera.com Visit us: http://www.spentera.com Protect Your Business. Get Your Service Quotations Today! Copyright 2011. PT. Spentera. All Rights
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationRMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles
RMS Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles RMS Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles RMS aims to provide the most secure, the most private, and
More informationIndustrial Control Systems Security Guide
Industrial Control Systems Security Guide Keith Stouffer, Engineering Lab National Institute of Standards and Technology NIST SP 800-82, Rev 2 and ICS Cybersecurity Testbed Keith Stouffer Project Leader,
More informationTechnical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments
DATA SHEET Technical Testing Application, Network and Red Team Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance
More informationIntrusion Tolerance to Mitigate Attacks that Persist
Intrusion Tolerance to Mitigate Attacks that Persist Arun Sood Professor (Computer Science) and Co-Director International Cyber Center George Mason University, Fairfax, VA asood@gmu.edu The variety and
More informationIntegrating the customer experience through unifying software - The Microsoft Vision
VAASAETT - RESPOND 2010 Integrating the customer experience through unifying software - The Microsoft Vision Principal Author Andreas Berthold- van der Molen, Microsoft EMEA Contents The New Energy Ecosystem
More informationStrategic Plan On-Demand Services April 2, 2015
Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on
More informationCyber security measures in protection and control IEDs
Cyber security measures in protection and control IEDs K. Hagman 1, L.Frisk 1, J. Menezes 1 1 ABB AB, Sweden krister.hagman@se.abb.com Abstract: The electric power grids and power systems are critical
More informationSTATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE
STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE COMMITTEE ON ENERGY AND NATURAL RESOURCES UNITED STATES SENATE
More informationCyber Security Risk Mitigation Checklist
Cyber Security Risk Mitigation Checklist Contents Building a Risk Management AMI Program MDM Cyber Security Policy Communication Systems Personnel and Training Scada Operational Risks In Home Displays
More informationIEEE-Northwest Energy Systems Symposium (NWESS)
IEEE-Northwest Energy Systems Symposium (NWESS) Paul Skare Energy & Environment Directorate Cybersecurity Program Manager Philip Craig Jr National Security Directorate Sr. Cyber Research Engineer The Pacific
More informationCyber Security Seminar KTH 2011-04-14
Cyber Security Seminar KTH 2011-04-14 Defending the Smart Grid erik.z.johansson@se.abb.com Appropriate Footer Information Here Table of content Business Drivers Compliance APT; Stuxnet and Night Dragon
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationReliabilityFirst CIP Evidence List CIP-002 through CIP-009 are applicable to RC, BA, IA, TSP, TO, TOP, GO, GOP, LSE, NERC, & RE
R1 Provide Risk Based Assessment Methodology (RBAM) R1.1 Provide evidence that the RBAM includes both procedures and evaluation criteria, and that the evaluation criteria are riskbased R1.2 Provide evidence
More informationFlexible Plug & Play Smart grid cyber security design and framework. Tim Manandhar
Flexible Plug & Play Smart grid cyber security design and framework Tim Manandhar Agenda Cyber security for smart grids Smart Grid cyber security framework FPP project approach on Cyber security Conclusions
More information