Cyber Security and Privacy - Program 183
|
|
- Ethan Harmon
- 8 years ago
- Views:
Transcription
1 Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology and telecommunications infrastructures to ensure the reliability and security of the electric grid. Cyber security measures must be designed and implemented to protect the electrical grid from attacks by terrorists and hackers. Cyber security measures must also strengthen grid resilience against natural disasters and inadvertent threats such as equipment failures and user errors. The Electric Power Research Institute s (EPRI s) Cyber Security and Privacy program addresses the emerging threats to an interconnected electric sector through cross-sector collaborative research on cyber security technology, standards, and business processes. The program also undertakes collaborative research with industry to assess technologies and controls on data privacy for the electric grid. Research Value The rapid pace of change in the electric sector creates a challenging environment for asset owners and operators to monitor the activities of industry groups, develop an understanding of the security impacts of new technologies, and maintain the right internal resources for assessing technologies. The Cyber Security and Privacy program intends to address this challenge by providing security tools, architectures, guidelines, and testing results to its members. Participation in EPRI s Cyber Security and Privacy program may provide better understanding of industry and government collaborative efforts, and where members should "plug in" to current activities; guidance on developing cyber security strategies and selection requirements; techniques for assessing and monitoring risk; practical approaches to mitigating legacy system risk; early identification of security gaps through lab assessments of security technology; and technology to support managing cyber incidents and increasing the cyber security resiliency of the grid. The Cyber Security and Privacy program is focused on developing security requirements, creating new security technologies, and performing lab assessments of relevant technologies. Members may use the products to enhance their current cyber-security posture and increase the security of systems that are deployed in the future. Key deliverables in this program include continuous mapping of activity in the cyber security and privacy landscape, security solutions and implementation guidance for legacy systems, guidance on assessing and monitoring risk, security management tools for transmission and distribution systems, and security tools and techniques for assessing grid security and cyber security resiliency. Accomplishments The Cyber Security and Privacy portfolio has delivered several key accomplishments that have helped its members and the industry: 1
2 2 Electric Power Research Institute Portfolio 2014 National Electric Sector Cyber Security Organization Resource (NESCOR): EPRI was awarded a contract to provide research and development resources for DOE's public-private partnership NESCOR. EPRI is leading the working groups focused on vulnerability and threat identification, cyber security standards assessment, and technology testing and validation. The results of this work will be used to develop improved threat models, cyber security requirements, and security technologies. To date, NESCOR has delivered the following documents: Smart Energy Profile (SEP) 1.x Summary and Analysis: This technical white paper provides guidance to utilities, regulators, and integrators who are deploying and configuring SEP 1.x in field devices. Guide to Penetration Testing for Electric Utilities: This security test plan provides guidance to electric utilities on how to perform penetration tests in the smart grid domains of advanced metering infrastructure (AMI), demand response (DR), distributed energy resources (DER), distribution grid management (DGM), electric transportation (ET), and wide-area monitoring, protection and control (WAMPAC). Penetration testing is one of the many different types of assessments utilities can perform to evaluate their overall security posture. Draft Electric Sector Failure Scenarios and Analyses: This document includes cyber security failure scenarios and impact analysis for the electric sector. A cyber security failure scenario is a realistic event in which the failure to maintain confidentiality, integrity, and/or availability of sector cyber assets creates a negative impact on the generation, transmission, and/or delivery of power. Legacy System Security: Within the Cyber Security and Privacy program, EPRI is addressing the challenge of reducing the security risk of existing legacy assets. Working with the program advisors, a key legacy system security issue was selected: password management for substation devices. The project focused on analyzing the password management capabilities of multiple substation remote-access vendors. Advanced password management functionality can be used to support NERC CIP compliance requirements, reduce the frequency of password updates due to employee turnover by hiding passwords from users, and reduce the risk of unauthorized access through the use of randomized passwords. Substation Security and Remote Access Implementation Strategies: Within the Cyber Security and Privacy program, EPRI also focused on challenges associated with deploying a secure remote-access solution for substations. These include maintaining security objectives, meeting organizational and operational access restrictions, and supporting NERC CIP compliance. This project developed a set of consolidated requirements for remote substation access solutions. These requirements were provided to vendors to support changing the security and feature sets of their products. Five vendors participated in a workshop at EPRI to demonstrate their products using five test-case scenarios, offering a side-by-side comparison of their capabilities. Current Year Activities In 2014, this program expects to accomplish the following objectives: Track industry and government activities and provide technical contributions to key working groups Address cyber security for select legacy systems security issues Create a security management foundation for transmission and distribution systems Improve the electric sector s ability to detect, respond, and recover from cyber incidents Create security designs and architectures for new smart grid components Develop techniques for assessing and monitoring cyber security risk Develop security metrics for the electric sector Estimated 2014 Program Funding $3.0M Program Manager Galen Rasche,, grasche@epri.com
3 3 Electric Power Research Institute Portfolio 2014 Summary of Projects PS183A Cyber Security and Privacy Technology Transfer and Industry Collaboration (072129) Project Set The landscape of cyber security and privacy activities in the electric sector involves numerous industry, government, and regulatory groups. This project set can provide members with an up-to-date view of these activities and support the technical contribution to these groups to increase the usability of their work products. Project Number Project Title P Mapping the Smart Grid Cyber Security and Privacy Activities Landscape P Cyber Security and Privacy Technology Transfer and Industry Collaboration This project will provide asset owners and operators with regular updates on smart grid cyber security and privacy activities. This project supports technical participation in industry collaboration efforts to identify cyber security and privacy issues and requirements for the smart grid, informing members and bringing the utility perspective to the efforts. P Mapping the Smart Grid Cyber Security and Privacy Activities Landscape (072128) Cyber-physical security and data privacy have become critical priorities for utilities over the past several decades. Many federal agencies, such as DOE, the Department of Homeland Security, the Department of Defense, state organizations, and various industry and academic organizations are currently leading and executing cyber security and privacy activities, research, and working groups for the smart grid. Many asset owners and operators are currently modernizing their grid systems, with matching funding from DOE under the American Recovery and Reinvestment Act and other grant programs. In addition, the National Institute of Standards and Technology (NIST), as required by the Energy Independence and Security Act, has developed an interoperability framework for the smart grid. A map of these various activities may prevent redundant effort or identify significant gaps in research areas. There are many initiatives researching and assessing the cyber security requirements of the existing electric grid and the smart grid. This project will provide ongoing updates on the status of research and development activities, federal and state policy and regulatory proposals, standards and guidance document development, and organizations that are funding and/or executing cyber security and privacy activities. This project may help asset owners and operators achieve the following: Be knowledgeable about the status of various research programs and standards and guidance development efforts. Gain an understanding of the cyber security and privacy activities currently being undertaken by industry, academic, and government groups.
4 4 Electric Power Research Institute Portfolio 2014 The information may be used by asset owners and operators to do the following: Identify specific activities that are important to the organization Select applicable committees and working groups Identify gaps in current cyber security and privacy activities Reduce the risk of redundancy in research programs Product Title & Cyber Security and Privacy Landscape Mapping Release 9: This product will be available online for all members to access. The online information will be updated regularly as new activities are identified. Cyber Security and Privacy Landscape Mapping Release 10: This product will be available online for all members to access. The online information will be updated regularly as new activities are identified. Cyber Security and Privacy Landscape Mapping Release 11: This product will be available online for all members to access. The online information will be updated regularly as new activities are identified. Cyber Security and Privacy Landscape Mapping Release 12: This product will be available online for all members to access. The online information will be updated regularly as new activities are identified. 04/01/14 07/01/14 10/01/14 12/31/14 P Cyber Security and Privacy Technology Transfer and Industry Collaboration (072130) With increased attention focused on securing the electric sector, numerous industry groups and public-private partnerships have been created to develop new security requirements and technologies. Additionally, working groups of organizations such as the North American Electric Reliability Corporation (NERC) and the Smart Grid Interoperability Panel (SGIP) will continue to have a direct impact on utility operations. These groups are addressing specific needs in the industry; however, utility staff are often unavailable to support all of these efforts. This lack of availability can lead to two key issues: First, utilities are less aware of changes that might impact the industry. Second, products being generated may lack the perspective of the utilities. This project will support active participation and contribution to collaborative efforts and interest groups such as the following: Smart Grid Interoperability Panel (SGIP) Smart Grid Security Committee (SGCC) NESCOR Design Principles Group European Network and Information Security Agency (ENISA) Department of Homeland Security Industrial Control Systems Joint Working Group (ICSJWG) OpenSG Security Nuclear Energy Institute (NEI) European Commission International Electrotechnical Commission (IEC) National SCADA Test Bed (NSTB)
5 5 Electric Power Research Institute Portfolio 2014 This project may help members benefit from cyber security and privacy collaborative efforts in the following ways: Reduce the time necessary to track industry efforts by using a single report for updates. Reduce the risk that key activities are not tracked. Increase the usability of working group products. Increase the effectiveness of security requirements and solutions that are developed. The reports developed from this project may provide a single reference point for members to track the detailed efforts of several industry groups. This project may also increase the relevance and utility of the security reports, controls, and technologies that are being developed. Product Title & Quarter 1 Electric Sector Cyber Security Activities Report: Quarterly update on the activities of the industry and government working groups Quarter 2 Electric Sector Cyber Security Activities Report: Quarterly update on the activities of the industry and government working groups Quarter 3 Electric Sector Cyber Security Activities Report: Quarterly update on the activities of the industry and government working groups Quarter 4 Electric Sector Cyber Security Activities Report: Quarterly update on the activities of the industry and government working groups 04/01/14 07/01/14 10/01/14 12/31/14 PS183B Security Technology for T&D Systems (072136) Project Set This project set will address several security challenges facing transmission and distribution (T&D) systems, such as reducing the security risk to legacy systems, developing protective measures, and managing cyber incidents to increase the resiliency of the grid. Project Number Project Title P Security Strategies and Solutions for Legacy Systems P Protective Measures for Securing T&D Systems P Managing Cyber Security Incidents for T&D Systems This project will focus on mitigating the cyber security risks to legacy systems by creating cyber security mitigation strategies and transition strategies for legacy systems. This project will focus on security architectures, tools, and procedures that provide end-to-end security and support defense-in-breadth features. This project will focus on increasing the sector s ability to respond and recover from cyber incidents (malicious or non-malicious) in a more efficient and predictive manner.
6 6 Electric Power Research Institute Portfolio 2014 P Security Strategies and Solutions for Legacy Systems (072131) Legacy systems continue to pose a security challenge for utilities. Supporting requirements such as integrity, confidentiality, and authentication can be extremely difficult when confronted with the constraints of limited communications bandwidths, lower computation capacity, and legacy protocols. System availability is a primary concern in power control systems and must be taken into account when developing security mitigation strategies. Additionally, vendor design choices such as hard-coding passwords into software also pose security risks. Given the impracticality of replacing these systems, guidance is required to mitigate cyber security risks posed by legacy systems. This project will focus on mitigating the cyber security risk of legacy systems by creating transition strategies, cyber security controls, and procedures for legacy systems. The project will begin with the project advisors prioritizing and selecting a key legacy systems security issue. Once the highest impact legacy system issue is identified, the project will accomplish the following: Develop practical and implementable solutions for existing systems Develop guidelines for implementing the solutions Provide objective estimates of the resources that will be needed to effectively implement the solutions This project may help members by mitigating the security risk to legacy systems in the following ways: Developing security technology options that account for system constraints Creating an understanding of how to implement the recommended security controls Allowing members to prioritize legacy system security projects based on the resources necessary to implement the solutions The cyber security mitigation strategies developed through this project can provide effective and implementable solutions for securing legacy systems. Product Title & Legacy System Mitigation Report: For the security issue selected, this report will provide the results of the risk assessment, risk mitigation solutions, guidelines for implementation, and estimates of technical resources required. 12/31/14 P Protective Measures for Securing T&D Systems (072132) Increasing the security of next-generation energy delivery systems will require a combination of new security architectures, tools, and procedures that provide end-to-end security and support defense-in-breadth strategies. These technologies and their communications protocols must support strong protective measures such as device and application authentication, access control, cryptography, and redundancy with failover mechanisms for continued operation.
7 7 Electric Power Research Institute Portfolio 2014 The objective of this project is to develop a security management architecture for transmission and distribution systems so that network operations centers (NOC), SCADA operations, substations, and field equipment supporting these functions have a consistent set of information security objects in place that are built on a standards-based taxonomy. This project intends to accomplish the following: Investigate available solutions for applying network management system (NMS) technology to power delivery systems. Extend EPRI's 2013 Project 183B research to focus on the implementation of IEC network security management objects. Investigate the application of emerging cyber-physical security devices for providing alerts to the NOC or other monitoring locations. This project may help members by providing the following: Vendor-agnostic measure of substation and field environment security postures Greater security operational awareness for asset owners and operators Evolution of network security management tools that are focused on power delivery systems As market-ready network management systems are available, members may apply the results of EPRI testing and demonstrations as they evaluate and deploy NMSs in their operating environment. Members may also integrate the NMS into their security monitoring systems and processes. Product Title & Guidelines for Applying Network Security Management: This report will describe a network security management architecture for power delivery systems founded on a consistent set of information security objects that are built on a standards-based taxonomy. 12/31/14 P Managing Cyber Security Incidents for T&D Systems (072133) Cyber security research for energy delivery systems has primarily focused on the prevention and detection of cyber incidents. While these efforts are important for the protection of control systems, they do not prepare for the eventuality of a cyber security incident. Energy delivery systems must also be resilient to cyber security incidents and continue to perform critical functions while under duress and during the recovery process. The first step in managing cyber security incidents involves detecting when they occur. However, the complexity of power systems often makes it difficult to detect when attacks are underway. Although individual intelligent electronic devices (IEDs) and systems may produce alerts and alarms for security events, they are often not correlated across distributed systems. Traditional intrusion detection systems (IDS) as well as security information and event management (SIEM) systems need to be tailored to understand attack profiles for power systems. This includes correlating the geographical and temporal nature of events. Additionally, events need to be correlated with the power system data to provide a complete situational awareness. Future work in this project will focus on network security visualization, decision support tools for operators, increasing grid resiliency, and improving the forensics capabilities of transmission and distribution systems.
8 8 Electric Power Research Institute Portfolio 2014 This project will develop methodologies to perform event correlation across distributed power systems and test them for robustness in EPRI s laboratories. The project may include the following steps: Survey current IDS systems for T&D systems to identify gaps Identify barriers to correlating events across disparate systems, such as a lack of standardized events Develop event correlation methodologies that include power systems features, such as geographic location and temporal properties of the event Perform tests in EPRI's event correlation test bed to verify the methodologies Examine ways to correlate event information with power system sensor data to increase situational awareness Work with IDS and SIEM vendors to incorporate findings into future products This project may help members address cyber security incidents in T&D systems by providing methods for real-time assisted detection of cyber events, creating an event correlation test bed for verifying methodologies, and increasing situational awareness by correlating events with power system sensor data. Members may be able to apply the results of this project to more effectively design, deploy, and manage their incident detection and response systems. Product Title & Distributed Cyber Security Event Correlation Methodologies: This report may include methods for correlating cyber security events from multiple operational domains and the results of testing the methods in a representative power system environment. 12/31/14 PS183D Cyber Security Design, Metrics, and Risk Assessment for Energy Delivery Systems (073556) Project Set This project set focuses on security challenges that affect multiple operational domains, such as designing security into products, developing security architectures, creating security metrics for the electric sector, and developing risk assessment methodologies that are designed for power systems. Project Number Project Title P Security Design and Architectures P Security Metrics for Energy Delivery Systems P Assessing and Monitoring Risks This project will focus on the implementation of security testing and evaluation requirements during the procurement process to reduce risks. This project intends to focus on providing metrics that measure the impact of different classes of security controls. This project intends to focus on a risk assessment process that will support the electric sector cyber security risk management maturity model developed by the DOE.
9 9 Electric Power Research Institute Portfolio 2014 P Security Design and Architectures (073557) Asset owner/operators need to deliver cost-effective and reliable power to their customers. Key components of this effort are the various operational systems and cyber assets that are deployed. To rely on these cyber assets, owner/operators must be assured that the cyber assets have been developed in a secure manner and that the necessary cyber security controls have been installed. In the same respect, owner/operators also need assurance that unnecessary or ineffective cyber security controls are not implemented. However, securing devices after they are deployed in a production environment is a difficult undertaking. The electric sector needs to establish a security requirement specification that is tailored for power delivery procurements and includes a prioritization that is related to a graded security index. This specification can be utilized during the procurement process to require suppliers to build security into their products and services. This project will focus on solutions for ensuring that procurement guidelines can be utilized by utilities as security requirements for prospective suppliers, and may include the following: Security requirement specification tailored for procurements Documentation, test, and evaluation evidence requirements needed for suppliers to show proof that they provide security in their products and services This project will help members as they procure products and services to address a more secure and modernized grid by providing: Security requirements that can be engrained in vendor products and solutions A reduced level of risk in the procurement phase for evaluated products and services This project is intended to help members acquire and deploy more secure supplier products and services to reduce security vulnerabilities that have been prevalent in the industry. Product Title & Security Requirements Specification for Suppliers: This report will include a set of security requirements for testing and evaluating suppliers and their products according to a graded security index. 12/20/14 P Security Metrics for Energy Delivery Systems (073558) While many asset owners and operators are performing self-assessments of their control systems, the methods and metrics used vary widely across the electric sector. This lack of consistent criteria and metrics makes it difficult to benchmark and compare the cyber security risk associated with energy delivery systems. It is also difficult to evaluate the impact of security efforts and calculate the return on investment for cyber security controls. Utilities are deploying a variety of tools and techniques to address current and emerging cyber security vulnerabilities and threats. A set of benchmarking criteria could be utilized to measure the effectiveness of
10 10 Electric Power Research Institute Portfolio 2014 implemented classes of security controls within energy delivery systems and the environments in which they reside. A process that measures and monitors the current state of risk-reducing controls would be very useful to the industry. The monitoring of the controls in place and the output of useful metrics can be used to benefit and improve a utility's cyber security program. Such metrics could also be used to provide senior management with an ongoing reporting process and support cyber security investment decisions in areas such as hardware, software, and personnel resources. Creating an effective set of cyber security metrics is a challenging endeavor. However, metrics may be useful in measuring the impact of different classes of security controls. They can be utilized to justify current and future investments in cyber security solutions and resources. This project will focus on developing metrics that utilities may use in assessing the classes of security controls that are implemented within their organization. A set of effective cyber security metrics may improve a utility s ability to measure the impact of different classes of cyber security controls and to understand the tradeoffs associated with cyber security investment decisions. This project may help members as they plan expenditures for cyber security resources. These metrics may be used to measure the value of continued and further investments in the overall cyber program. Product Title & Cyber Security Metrics for Implemented Security Controls: Metrics to measure the impact of different classes of security controls within the energy delivery systems environment. 12/20/14 P Assessing and Monitoring Risks (073559) Assessing and monitoring the cyber security posture for energy delivery systems is vital to understanding and managing cyber security risk. New metrics, methodologies, and tools are required to support real-time risk monitoring and decision making. A cyber security risk assessment provides the basis for determining the type, nature, and severity of cyber security risks facing a utility and provides the basis for all subsequent risk management decision making. A risk assessment includes identifying the threats, vulnerabilities, impacts, and likelihoods of cyber security events. A risk assessment process addresses malicious and non-malicious events and natural events. There are several risk assessment approaches available, but most are primarily focused on the IT and telecommunication sectors. A standardized risk-assessment approach for the electric sector is needed. DOE led an effort to develop a capability maturity model for the electric sector. This initiative defined specific criteria at several levels of maturity. This DOE model does not include criteria for assessing the implemented cyber security controls. This project will focus on developing a risk-assessment and monitoring methodology that members may use to assess the implemented security controls.
11 11 Electric Power Research Institute Portfolio 2014 This project will help members perform a cyber security risk assessment and continuous monitoring activities to determine the security posture of the utility, and identify residual risks. The cyber security risk assessment and continuous monitoring methodology developed through this project may be used to determine the security status of a utility, determine cyber security controls and measures, and identify residual risks. Product Title & Cyber Security Risk Assessment and Continuous Monitoring Methodology: A strategy for performing a risk assessment and providing results to determine the maturity level. 12/20/14
12 12 Electric Power Research Institute Portfolio 2014 NERC CIP Tools and Techniques (105241) Background, Objectives, and New Learning Supplemental Projects Cyber security standards have been developed as a result of continual threats to business and process control networks. In recent years, electric utilities that are part of the bulk electric system (BES) have established cyber security programs to ensure compliance with critical infrastructure protection (CIP) standards requirements of the North American Electric Reliability Corporation (NERC). Compliance with NERC CIP requirements is non-trivial and requires IT staff and control engineers to work together to implement and maintain a cyber security program for control systems. Version 5 of the NERC CIP Standards is currently under review by the Federal Energy Regulatory Commission (FERC) and pending their approval. Although compliance with the currently mandatory Version 3 of NERC CIP has been difficult for utilities, the upcoming Version 5 requirements will increase the scope of cyber assets that must be compliant. This will create significant challenges as new devices and systems come under the purview of CIP Version 5. Project and Summary The objective of this project is to provide techniques for transitioning to the upcoming NERC CIP Version 5 Standards. This will assist utilities in identifying gaps in current tools that have been employed to address the CIP requirements. This will lead to the development of solutions that can be used by asset owners to better validate and enhance the security posture of their critical cyber assets. The project may include topics such as: Identity access management Configuration change management Patch management Determination of BES cyber assets and BES cyber systems based on new Bright-Line Criteria Benefits This project intends to provide participants with the following benefits: Strategies and tools for transitioning existing cyber security programs from the current Version 3 to Version 5 Guidance and techniques for reaching effective regulatory compliance with Version 5 of the NERC CIP Standards
13 13 Electric Power Research Institute Portfolio 2014 Secure Remote Substation Access Solutions (105320) Background, Objectives, and New Learning There is an established need for secure remote substation access solutions that provide support for a wide range of IEDs including current, legacy and future devices, while still delivering the required level of cyber security and compliance support. Leveraging remote, interactive access capabilities with substations can provide new opportunities for data integration solutions such as fault location, asset optimization and power quality monitoring. Remote access systems may also reduce the number of times that field personnel are required to visit substations to retrieve IED configuration or event files for fault location and event analysis. However, balancing the functional requirements against cyber security and regulatory compliance requirements can be very difficult. This balance can be achieved through proper preparation, procedure implementation, and organizational support. The use of commercially available software packages can also ease these transition and implementation efforts. Guidance materials and reference standards relating to substation security, such as NERC CIP v3/4 and v5, the NISTIR 7628 and IEC 62351, should also be considered when developing remote access security requirements. The objective of this project is to investigate and address implementation challenges for Secure Remote Substation Access Security Solutions. This will enable effective application of existing solutions and foster new technology solutions. Project and Summary This project will explore and address a variety of implementation challenges facing Secure Remote Substation Access Solutions. The focus will be on solutions implemented in the electric sector for Transmission Substations, Distribution substations and remote field locations. For each identified challenge, the project team will study implementation options, best practices and capabilities/limitations regarding the challenge. This project may include the use of EPRI s Cyber Security Research Laboratory, as appropriate, to evaluate proposed solutions. EPRI will work with participants to establish and prioritize solution topics to study. A preliminary list of potential topics includes: NERC CIPv5 compliance to new or updated requirements Scalability of solutions of IEC on Remote Substation Access Solutions Universal IED tools/protocols vs. vendor proprietary tools/protocols of migration from command-line interfaces (CLI) on IEDs to web-based interfaces Use of multiple authentication devices/gateways to proxy connections Multiple user groups vs. single organizational owner Access policy/methods from outside the substation vs. inside the substation Coordination of access with operations for safety and situational awareness Asset management and maintenance correlation with Remote Substation Access tools Identification of specific devices that do not easily integrate with Remote Substation Access solutions. Management and tracking of IED configurations Patch management of IEDs
14 14 Electric Power Research Institute Portfolio 2014 EPRI will research and summarize existing industry documentation for the topics selected with a focus on implementation best practices, technology gaps, and new developments. Guidance materials and reference standards relating to substation security, such as NISTIR 7628, NERC CIPv5, IEC and others will also be utilized. The project will include an assessment of specific implementation challenges of remote substation access security solutions through laboratory testing with currently available vendor solutions. A workshop for participants will allow a hands-on approach to gain system familiarization and increased understanding of the implementation challenges discussed. Benefits Participants in this project will gain new knowledge and receive practical implementation guidance for a variety of options for establishing secure remote substation access solutions. This can improve participants abilities to address elements of cyber security standards (such as NERC CIP) through improved understanding of strategies and technology options. Participants may apply the knowledge gained from this project to derive the necessary system level requirements and more effectively implement a secure remote substation access solution.
Secure Remote Substation Access Solutions
Secure Remote Substation Access Solutions Supplemental Project - Introduction Webcast October 16, 2013 Scott Sternfeld, Project Manager Smart Grid Substation & Cyber Security Research Labs ssternfeld@epri.com
More informationPanel Session: Lessons Learned in Smart Grid Cybersecurity
PNNL-SA-91587 Panel Session: Lessons Learned in Smart Grid Cybersecurity TCIPG Industry Workshop Jeff Dagle, PE Chief Electrical Engineer Advanced Power and Energy Systems Pacific Northwest National Laboratory
More informationfuture data and infrastructure
White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationRisk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit
Page 1 of 10 Events Partners Careers Contact Facebook Twitter LinkedIn Pike Research Search search... Home About Research Consulting Blog Newsroom Media My Pike Logout Overview Smart Energy Clean Transportation
More informationUtility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security
Boeing Defense, Space & Security Ventures Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security Tristan Glenwright - Boeing BOEING is a trademark of Boeing Management Company. The
More informationSecure Remote Substation Access Interest Group Part 3: Review of Top Challenges, CIPv5 mapping, and looking forward to 2014!
Secure Remote Substation Access Interest Group Part 3: Review of Top Challenges, CIPv5 mapping, and looking forward to 2014! October 3, 2013 Scott Sternfeld, Project Manager Smart Grid Substation & Cyber
More informationCybersecurity Risk Assessment in Smart Grids
Cybersecurity Risk Assessment in Smart Grids Lucie Langer, Paul Smith, Thomas Hecht firstname.lastname@ait.ac.at AIT Austrian Institute of Technology ComForEn Symposium 2014 Sept 30, 2014 1 Risk Assessment:
More informationThis chapter provides an overview of cyber security issues and activities by state and federal organizations Cyber security is an ongoing, high
This chapter provides an overview of cyber security issues and activities by state and federal organizations Cyber security is an ongoing, high priority, active initiative within the utility industry.
More informationIEEE-Northwest Energy Systems Symposium (NWESS)
IEEE-Northwest Energy Systems Symposium (NWESS) Paul Skare Energy & Environment Directorate Cybersecurity Program Manager Philip Craig Jr National Security Directorate Sr. Cyber Research Engineer The Pacific
More informationRisk Management in Practice A Guide for the Electric Sector
Risk Management in Practice A Guide for the Electric Sector Annabelle Lee Senior Technical Executive ICCS European Engagement Summit April 28, 2015 Before we continue let s get over our fears and myths
More informationCybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014
Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security
More informationEFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013
EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013 1 AGENDA Why Cybersecurity? A Few Helpful Cybersecurity Concepts Developing Expertise:
More informationInformation Bulletin
Public Policy Division Impact of NIST Guidelines for Cybersecurity Prepared by UTC Staff 1. Introduction... 3 2. Cybersecurity Landscape... 3 3. One Likely Scenario... 5 4. Draft NISTIR 7628, Guidelines
More informationPROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE0000191
Interim Techlogy Performance Report 3 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V1 Company Name: The Boeing Company November 19, 2013 1 Interim Techlogy Performance Report 3
More informationTRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More informationINTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT
Utilities WHITE PAPER May 2013 INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT Table of Contents Introduction...3 Problem Statement...4 Solution Requirements...5 Components of an Integrated
More informationApril 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899
Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,
More informationNERC CIP Tools and Techniques
NERC CIP Tools and Techniques Supplemental Project - Introduction Webcast Scott Sternfeld, Project Manager Smart Grid Substation & Cyber Security Research Labs ssternfeld@epri.com (843) 619-0050 October
More informationFeature. SCADA Cybersecurity Framework
Feature Samir Malaviya, CISA, CGEIT, CSSA, works with the Global Consulting Practice-GRC practice of Tata Consultancy Services and has more than 17 years of experience in telecommunications, IT, and operation
More informationVoluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org. 2014 Utilities Telecom Council
Voluntary Cybersecurity Initiatives in Critical Infrastructure Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org 2014 Utilities Telecom Council Utility cybersecurity environment is full of collaborations
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationMaturation of a Cyber Security Incident Prevention and Compliance Program
Maturation of a Cyber Security Incident Prevention and Compliance Program Utilities & Energy Compliance & Ethics Conference February 25, 2013 Houston, Texas Anna Wang Principal Consultant Imminent Cyber
More informationRelease of the Draft Cybersecurity Procurement Language for Energy Delivery Systems
Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Energy Sector Control Systems Working Group Supporting the Electricity Sector Coordinating Council, Oil & Natural Gas
More informationSTATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE
STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE COMMITTEE ON ENERGY AND NATURAL RESOURCES UNITED STATES SENATE
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationUpdate On Smart Grid Cyber Security
Update On Smart Grid Cyber Security Kshamit Dixit Manager IT Security, Toronto Hydro, Ontario, Canada 1 Agenda Cyber Security Overview Security Framework Securing Smart Grid 2 Smart Grid Attack Threats
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationRE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity
October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure
More informationSPARKS Cybersecurity Technology and the NESCOR Failure Scenarios
SPARKS Cybersecurity Technology and the NESCOR Failure Scenarios Lucie Langer and Paul Smith firstname.lastname@ait.ac.at AIT Austrian Institute of Technology ComForEn Workshop Monday 29 th September,
More informationENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE
ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE JANUARY 2015 U.S. DEPARTMENT OF ENERGY OFFICE OF ELECTRICITY DELIVERY AND ENERGY RELIABILITY Energy Sector Cybersecurity Framework Implementation
More informationHow Much Cyber Security is Enough?
How Much Cyber Security is Enough? Business Drivers of Cyber Security Common Challenges and Vulnerabilities Cyber Security Maturity Model Cyber Security Assessments September 30, 2010 Business in the Right
More informationSystem Stability through technology
System Stability through technology 1 Smart Grid Design Goals More increased capabilities More capabilities at the edge and enterprise, pervasive automation Better faster, more reliable & secure The electric
More informationSummary of CIP Version 5 Standards
Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have
More informationCIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016
CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016 My name is Jacob Olcott and I am pleased to share some observations on
More informationSymphony Plus Cyber security for the power and water industries
Symphony Plus Cyber security for the power and water industries Symphony Plus Cyber Security_3BUS095402_(Oct12)US Letter.indd 1 01/10/12 10:15 Symphony Plus Cyber security for the power and water industries
More informationOEB Smart Grid Advisory Committee
Meeting Summary OEB Smart Grid Advisory Committee Meeting Date: October 1, 2013 Time: 9:30 am 4:00 pm Location: OEB Offices, 2300 Yonge Street The Meeting Summary provides a high level review of the presentations
More informationCyber Security Seminar KTH 2011-04-14
Cyber Security Seminar KTH 2011-04-14 Defending the Smart Grid erik.z.johansson@se.abb.com Appropriate Footer Information Here Table of content Business Drivers Compliance APT; Stuxnet and Night Dragon
More informationHow To Protect A Smart Grid From Cyber Security Threats
Smart Grid Cyber Security System Reliability, Defense-in-Depth, Business Continuity, Change Management, Secure Telecommunications, Endpoint Protection, Identity Management, and Security Event Management
More informationWilliam Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly
William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly Ramesh Karri (rkarri@poly.edu) Associate Professor, Electrical and Computer Engineering NYU-Poly Why is cyber
More information7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationBest Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper
Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationWhich cybersecurity standard is most relevant for a water utility?
Which cybersecurity standard is most relevant for a water utility? Don Dickinson 1 * 1 Don Dickinson, Phoenix Contact USA, 586 Fulling Mill Road, Middletown, Pennsylvania, USA, 17057 (*correspondence:
More informationNational Institute of Standards and Technology Smart Grid Cybersecurity
National Institute of Standards and Technology Smart Grid Cybersecurity Vicky Yan Pillitteri Advisor for Information Systems Security SGIP SGCC Chair Victoria.yan@nist.gov 1 The National Institute of Standards
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationData Security Concerns for the Electric Grid
Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid The U.S. power grid infrastructure is a vital component of modern society and commerce, and represents a critical
More informationEnergy Cybersecurity Regulatory Brief
Energy Understand the regulations that impact the energy industry and accelerate information security initiatives. Contents Overview 3 A Highly Vulnerable Energy Industry 4 Key Regulations to Consider
More informationISACA North Dallas Chapter
ISACA rth Dallas Chapter Business Continuity Planning Observations of Critical Infrastructure Environments Ron Blume, P.E. Ron.blume@dyonyx.com 214-280-8925 Focus of Discussion Business Impact Analysis
More informationNERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice
NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to
More informationUnderstanding SCADA System Security Vulnerabilities
Understanding SCADA System Security Vulnerabilities Talking Points Executive Summary Common Misconceptions about SCADA System Security Common Vulnerabilities Affecting SCADA Networks Tactics to Strengthen
More informationABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?
ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security? Agenda Threats Risk Assessment Implementation Validation Advanced Security Implementation Strategy
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationPROJECT BOEING SGS. Interim Technology Performance Report 1. Company Name: The Boeing Company. Contract ID: DE-OE0000191
Interim Techlogy Performance Report 1 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V2 Company Name: The Boeing Company December 10, 2012 1 Interim Techlogy Performance Report 1
More informationi-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors
March 25-27, 2014 Steven A. Kunsman i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors ABB Inc. March 26, 2015 Slide 1 Cyber Security for Substation
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationCommunication Security Measures for SCADA Systems
Communication Security Measures for SCADA Systems Ron Farquharson, MV Consulting, DNP User Group Jim Coats, Triangle MicroWorks, DNP User Group Joe Stevens, Triangle MicroWorks 23 September 2014, Raleigh,
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationNavigate Your Way to NERC Compliance
Navigate Your Way to NERC Compliance NERC, the North American Electric Reliability Corporation, is tasked with ensuring the reliability and safety of the bulk power system in North America. As of 2010,
More informationBest Practices in ICS Security for System Operators. A Wurldtech White Paper
Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationHow To Write A Cybersecurity Framework
NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order
More informationCyber Security Compliance (NERC CIP V5)
Cyber Security Compliance (NERC CIP V5) Ray Wright NovaTech, LLC Abstract: In December 2013, the Federal Energy Regulatory Commission (FERC) issued Order No. 791 which approved the Version 5 CIP Reliability
More informationCybersecurity Enhancement Account. FY 2017 President s Budget
Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities
More informationCyber Security Health Test
ENERGY Cyber Security Health Test Robin Massink 20-05-2014 1 DNV GL 2013 2014 20-12-2013 SAFER, SMARTER, GREENER Cyber security issues facing the utility industry We are moving from IEC60870-5-101/ DNP3
More informationApplying IBM Security solutions to the NIST Cybersecurity Framework
IBM Software Thought Leadership White Paper August 2014 Applying IBM Security solutions to the NIST Cybersecurity Framework Help avoid gaps in security and compliance coverage as threats and business requirements
More informationNorth American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)
Whitepaper North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5) NERC-CIP Overview The North American Electric Reliability Corporation (NERC) is a
More information1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network
WP 1004HE Part 5 1. Cyber Security White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network Table of Contents 1. Cyber Security... 1 1.1 What
More informationIntroduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security
Introduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security The Smart Grid Interoperability Panel Cyber Security Working Group September 2010 Table of Contents Table of Contents...2 1. Introduction
More informationSecuring the Electric Grid with Common Cyber Security Services Jeff Gooding
Securing the Electric Grid with Common Cyber Security Services Jeff Gooding TCIPG Seminar April 4, 2014 Southern California Edison (SCE) is committed to safely providing reliable and affordable electricity
More informationDocument ID. Cyber security for substation automation products and systems
Document ID Cyber security for substation automation products and systems 2 Cyber security for substation automation systems by ABB ABB addresses all aspects of cyber security The electric power grid has
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationResponse to NIST: Developing a Framework to Improve Critical Infrastructure Cybersecurity
National Grid Overview National Grid is an international electric and natural gas company and one of the largest investor-owned energy companies in the world. We play a vital role in delivering gas and
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationStrategic Plan On-Demand Services April 2, 2015
Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on
More informationLogRhythm and NERC CIP Compliance
LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationClick to edit Master title style
EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity
More informationExecutive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.
Executive Summary Statement of Nadya Bartol Vice President, Industry Affairs and Cybersecurity Strategist Utilities Telecom Council Before the Subcommittee on Oversight and Subcommittee on Energy Committee
More informationSteve Lusk Alex Amirnovin Tim Collins
Steve Lusk Alex Amirnovin Tim Collins ViaSat Inc. Cyber-intrusion Auto-response and Policy Management System (CAPMS) Cybersecurity for Energy Delivery Systems Peer Review August 5-6, 2014 Summary: Cyber-intrusion
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More informationCyber Security & State Energy Assurance Plans
Cyber Security & State Energy Assurance Plans Michigan Cyber Summit 2011 Friday, October 7, 2011 Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials What is Energy
More informationIG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY
IG MATURITY MODEL FOR FY 2015 FISMA 1 Ad-hoc 1.1 program is not formalized and activities are performed in a reactive manner resulting in an adhoc program that does not meet 2 requirements for a defined
More informationObtaining Enterprise Cybersituational
SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational
More informationThe Importance of Cybersecurity Monitoring for Utilities
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More informationCYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
More informationWhat Risk Managers need to know about ICS Cyber Security
What Risk Managers need to know about ICS Cyber Security EIM Risk Managers Conference February 18, 2014 Joe Weiss PE, CISM, CRISC, ISA Fellow (408) 253-7934 joe.weiss@realtimeacs.com ICSs What are they
More informationGE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems
GE Measurement & Control Top 10 Cyber Vulnerabilities for Control Systems GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used
More informationRESEARCH CALL TO DOE/FEDERAL LABORATORIES. Cybersecurity for Energy Delivery Systems Research Call RC-CEDS-2012-02
RESEARCH CALL TO DOE/FEDERAL LABORATORIES Cybersecurity for Energy Delivery Systems Research Call RC-CEDS-2012-02 CONTACT: Diane Hooie, Project Manager TELEPHONE NUMBER: (304) 285-4524 FAX NUMBER: (304)
More informationNIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH
NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH SANS ICS Security Summit March 18, 2014 Jason D. Christopher Nadya Bartol Ed Goff Agenda Background Use of Existing Tools: C2M2 Case
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More informationNetwork Infrastructure Considerations for Smart Grid Strategies By Jim Krachenfels, Marketing Manager, GarrettCom, Inc.
Network Infrastructure Considerations for Smart Grid Strategies By Jim Krachenfels, Marketing Manager, GarrettCom, Inc. The Smart Grid is having a decided impact on network infrastructure design and the
More informationAppropriate security measures for smart grids
1 Appropriate security measures for smart grids Guidelines to assess the sophistication of security measures implementation [2012-12-06] 1 Copyright TenneT Appropriate security measures for smart grids
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationSecurity in the smart grid
Security in the smart grid Security in the smart grid It s hard to avoid news reports about the smart grid, and one of the media s favorite topics is security, cyber security in particular. It s understandable
More informationHow To Secure A Wireless Utility Network
Utilities Facing Many Challenges Cyber Security Is One Area Where Help Is Available Executive Summary Utilities are in the crosshairs of many forces in the world today. Among these are environmental global
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationFrost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends
Frost & Sullivan s Aerospace, Defence & Security Practice Global Industrial Cyber Security Trends Presented by Philipp Reuter Director Frost & Sullivan, Turkey 1 Worth over $ 50 Billion globally in 2014
More information