Cybersecurity Risk Assessment in Smart Grids

Save this PDF as:

Size: px
Start display at page:

Download "Cybersecurity Risk Assessment in Smart Grids"

Transcription

1 Cybersecurity Risk Assessment in Smart Grids Lucie Langer, Paul Smith, Thomas Hecht AIT Austrian Institute of Technology ComForEn Symposium 2014 Sept 30,

2 Risk Assessment: The Basics Risk assessment is concerned with understanding the probability of a cyber-attack and its impact risk = probability x impact Based on an understanding of threats and vulnerabilities For example, financial loss, damage to equipment, loss of power, The basis for prioritising how to mitigate threats and apply resources for cybersecurity 2

3 The Challenges We See We have identified five key challenges with carrying out a risk assessment for smart grid: 1. Managing safety and security risks 2. Analysing cyber-physical risks 3. Understanding risks to legacy systems 4. Complex organizational dependencies 5. Understanding cascading effects These are not unique to smart grid, but all exist, making risk assessment particularly challenging 3

4 Managing Safety and Security Risks Safety analysis methods are widely used in the energy domain Examples include HAZOP, fault-tree analysis, event-tree analysis, FMEA, STAMP/STPA, There are parallels in the security domain, e.g., attack trees Benefits can be had by performing security and safety co-analysis Reuse of results across analyses Ability to consistently prioritise different types of threats, i.e., attacks versus faults 4

5 Analysing Cyber-physical Risks The smart grid is a cyber-physical system Power system and ICT infrastructure is tightly coupled through SCADA and control systems Traditional IT security provides necessary tools but not sufficient to secure cyber-physical systems Need for tools and strategies to understand and mitigate attacks: Which threats should we care about? What impact can we expect from attacks? Which resources should we protect (more)? 5

6 Understanding Risks to Legacy Systems The smart grid will consist of legacy systems and new ICT components that implement advanced measurement and control functions It is often not clear what impact new components will have on legacy systems, and vice versa Legacy industrial control systems are known to be fragile to active security testing techniques Risk assessment method should account for these characteristics 6

7 Complex Organisational Boundaries In a liberalised European energy market there are many actors Energy Producers, Transmission and Distribution System Operators (TSOs and DSOs), and Energy Suppliers Others from the ICT sector are emerging as being important E.g., telecommunications operators and cloud providers Energy consumers become providers, potentially as part of virtual power providers A diverse and complex supply chain is emerging This complex web of dependencies can make risk assessment challenging 7

8 Understanding Cascading Effects The smart grid consists of a number of sub-systems that support an underlying grid infrastructure The failure of a sub-system could cascade into another This problem is closely related to cyber-physical impact analysis A pathological case: 1. A cyber-attack causes a failure in the energy grid, resulting in a blackout 2. ICT systems start to run on Uninterruptable Power Supply (UPS) 3. The UPS runs out before the grid has recovered 4. ICT systems fail 8

9 NESCOR (National Electric Sector Cybersecurity Organization Resource) Cyber Security Failure Scenarios Realistic events in which the failure to maintain C-I-A of cyber assets has a negative impact on the generation, transmission, and/or delivery of power Intended to be used by utilities for risk assessment, planning, training, security testing Organised in six categories (see NIST SP 1108): AMI: Advanced Metering Infrastructure DER: Distributed Energy Resources WAMPAC: Wide Area Monitoring, Protection, and Control ET: Electric Transportation DR: Demand Response DGM: Distribution Grid Management Ranking of impact and cost to adversary (scores 0.1; 1; 3 and 9) Risk = impact / cost 9

10 CEN-CENELEC-ETSI M/490 Smart Grid Information Security Perform risk assessment of information assets based on smart grid use cases Security Level (SGIS-SL) Risk Impact Level (SGIS-RIL) SGIS-SL = f(sgis-ril, p) 10

11 The (SG) 2 Risk Catalogue 1. Define threats based on IT Baseline Protection and Common Criteria 2. Apply to architecture model BSI Protection Profiles (SG) 2 threat catalogue 3. Rate probability and impact 4. Verify through security tests very low (1). medium (3). very high (5) 11

12 The (SG) 2 Risk Catalogue (cont.) Attacks on the WAN through smart grid gateway Attacks through remote maintenance access Cluster Threat to Smart Buildings E-Mobility Customer Premises Low Volt. Gen. Med. Volt. Gen. Grid Testpoints Primary Substation Secondary Substation Grid Operation Metering Threat Category Avg. Authentication & Authorisation Applied Security Mechanisms Integrity & Availability Internal & ext. Interfaces Confidentiality & Data Protection Maintenance of Equipment 3,50 4,00 3,00 6,00 6,00 6,25 5,25 8,25 7,00 5,00 5,43 9,50 4,15 7,50 6,40 4,60 4,70 5,05 5,90 7,05 3,00 5,79 2,71 4,46 4,69 4,00 3,13 3,07 3,64 4,72 3,97 4,50 3,89 2,67 3,50 6,33 6,67 4,00 3,33 5,00 4,00 5,83 2,33 4,37 5,67 4,67 4,67 8,67 4,33 4,00 3,67 5,63 7,50 3,75 5,25 4,43 3,50 4,60 3,75 4,15 3,31 3,94 5,33 5,83 3,60 4,24 Component Cluster Avg. 4,75 4,05 5,13 5,91 4,37 4,11 4,42 5,64 6,20 3,70 Privacy issues of customer production data 12

13 The SPARKS project 13

14 Cyber-physical Impact Analysis in SPARKS Analysing the potential physical impact of a cyber-attack via a hybrid simulation environment, based on existing tools 1. Power Distribution Simulators (GridLAB-D, etc.) Adapt power grid models from US network standards to European network standards Achieve a realistic model of the real environment and generate comparable results which are directly applicable to real European infrastructure 2. ICT network simulation tools Examples include ns-2, OMNeT++, 3. Real smart grid hardware Automation equipment (AIT SmartEST Lab) E.g., Secondary substation Smart meters 14

15 The SECCRIT Project EU-funded project, focusing on the security of high-assurance ICT services in the Cloud Exploring the challenges of risk assessment for Cloud Challenges include: Unclear and complex organisational boundaries A lack of transparency regarding how Cloud services are provisioned Solutions include a transparency enhancement framework to enable remote real-time cloud infrastructure monitoring Further details: 15

16 The HyRiM Project EU-funded project investigating risk assessment for interconnected and interdependent utility networks Failures of one utility can result in cascading failures in others Project aims to develop quantitative methods to assess these risks Using complex-coupled network and decision theory-based analysis techniques to evaluate these risks Further details: 16

17 Questions? 17

Smart grid security analysis

Smart grid security analysis Smart grid security analysis Paul Smith et al. paul.smith@ait.ac.at SPARKS Stakeholder Workshop 20 th May, 2014, Graz SPARKS Objectives The SPARKS project has three main objectives regarding security analysis:

More information

SPARKS Cybersecurity Technology and the NESCOR Failure Scenarios

SPARKS Cybersecurity Technology and the NESCOR Failure Scenarios SPARKS Cybersecurity Technology and the NESCOR Failure Scenarios Lucie Langer and Paul Smith firstname.lastname@ait.ac.at AIT Austrian Institute of Technology ComForEn Workshop Monday 29 th September,

More information

Cyber Security and Privacy - Program 183

Cyber Security and Privacy - Program 183 Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology

More information

ICT SECURITY SECURE ICT SYSTEMS OF THE FUTURE

ICT SECURITY SECURE ICT SYSTEMS OF THE FUTURE OVERVIEW Critial infrastructures are increasingly dependent on information and communication technology. ICT-systems are getting more and more complex, and to enable the implementation of secure applications

More information

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security Boeing Defense, Space & Security Ventures Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security Tristan Glenwright - Boeing BOEING is a trademark of Boeing Management Company. The

More information

Hybrid Risk Management for Utility Networks

Hybrid Risk Management for Utility Networks Hybrid Risk Management for Utility Networks Hermann de Meer hermann.demeer@uni-passau.de Computer Networks and Computer Communications Lab (CNACC) University of Passau CNACC: Introduction People Prof.

More information

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security

More information

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit Page 1 of 10 Events Partners Careers Contact Facebook Twitter LinkedIn Pike Research Search search... Home About Research Consulting Blog Newsroom Media My Pike Logout Overview Smart Energy Clean Transportation

More information

Smart Substation Security

Smart Substation Security Smart Substation Security SmartSec Europe 2014 Amsterdam 29/01/2014 Agenda Context Elia Introduction to the substation environment in Elia Security design and measures in the substation Near and far future

More information

Practical Risk Assessment Using a Cumulative Smart Grid Model

Practical Risk Assessment Using a Cumulative Smart Grid Model Practical Risk Assessment Using a Cumulative Smart Grid Model Markus Kammerstetter 1, Lucie Langer 2, Florian Skopik 2, Friederich Kupzog 3 and Wolfgang Kastner 4 1 Institute of Computer Aided Automation,

More information

IoT & SCADA Cyber Security Services

IoT & SCADA Cyber Security Services IoT & SCADA Cyber Security Services RIOT SOLUTIONS PTY LTD P.O. Box 10087, Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 4, 60 Edward St, Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au

More information

National Institute of Standards and Technology Smart Grid Cybersecurity

National Institute of Standards and Technology Smart Grid Cybersecurity National Institute of Standards and Technology Smart Grid Cybersecurity Vicky Yan Pillitteri Advisor for Information Systems Security SGIP SGCC Chair Victoria.yan@nist.gov 1 The National Institute of Standards

More information

IEEE-Northwest Energy Systems Symposium (NWESS)

IEEE-Northwest Energy Systems Symposium (NWESS) IEEE-Northwest Energy Systems Symposium (NWESS) Paul Skare Energy & Environment Directorate Cybersecurity Program Manager Philip Craig Jr National Security Directorate Sr. Cyber Research Engineer The Pacific

More information

C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids

C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids Communication Networks C-DAX: A Cyber-Secure Data and Control Cloud for Power Grids Michael Menth http://kn.inf.uni-tuebingen.de C-DAX Project EC FP7-ICT-2011-8 call project C-DAX: Cyber-secure Data And

More information

Nadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA. 2014 Utilities Telecom Council 1

Nadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA. 2014 Utilities Telecom Council 1 Nadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA 2014 Utilities Telecom Council 1 Why do we need cybersecurity? Agriculture and Food Energy

More information

Including Threat Actor Capability and Motivation in Risk Assessment for Smart Grids

Including Threat Actor Capability and Motivation in Risk Assessment for Smart Grids CPSR-SG 2016: Joint International Workshop on Cyber-Physical Security and Resilience in Smart Grids, 12th April 2016, Vienna Security for smart Electricity GRIDs Including Threat Actor Capability and Motivation

More information

Dr. Raheem Beyah Georgia Tech. Cyber-Physical Modeling & Simulation for Situational Awareness (CYMSA)

Dr. Raheem Beyah Georgia Tech. Cyber-Physical Modeling & Simulation for Situational Awareness (CYMSA) Seth Walters Dr. Sakis Meliopoulos Dr. Santiago Grijalva Dr. Raheem Beyah Georgia Tech Cyber-Physical Modeling & Simulation for Situational Awareness (CYMSA) Cybersecurity for Energy Delivery Systems Peer

More information

THE FUTURE OF SMART GRID COMMUNICATIONS

THE FUTURE OF SMART GRID COMMUNICATIONS THE FUTURE OF SMART GRID COMMUNICATIONS KENNETH C. BUDKA CTO STRATEGIC INDUSTRIES MAY 2014 THE GRID OF THE FUTURE WIDE-SCALE DEPLOYMENT OF RENEWABLES INCREASED ENERGY EFFICIENCY PEAK POWER REDUCTION, DEMAND

More information

Introduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security

Introduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security Introduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security The Smart Grid Interoperability Panel Cyber Security Working Group September 2010 Table of Contents Table of Contents...2 1. Introduction

More information

SECURITY RISK ANALYSIS AND EVALUATION OF INTEGRATING CUSTOMER ENERGY MANAGEMENT SYSTEMS INTO SMART DISTRIBUTION GRIDS

SECURITY RISK ANALYSIS AND EVALUATION OF INTEGRATING CUSTOMER ENERGY MANAGEMENT SYSTEMS INTO SMART DISTRIBUTION GRIDS SECURITY RISK ANALYSIS AND EVALUATION OF INTEGRATING CUSTOMER ENERGY MANAGEMENT SYSTEMS INTO SMART DISTRIBUTION GRIDS Christian HÄGERLING Fabian M. KURTZ Christian WIETFELD TU Dortmund University Germany

More information

Intrusion Detection for SCADA Systems

Intrusion Detection for SCADA Systems Intrusion Detection for SCADA Systems Dr Kieran McLaughlin CSIT, Queen s University Belfast Outline Background & Motivation Experience with IEC 60870-5-104 SCADA-IDS approach SPARKS mini-project targeting

More information

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies

More information

Software & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes

Software & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes Software & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes Joe Jarzombek, PMP, CSSLP Director for Software & Supply Chain Assurance Stakeholder

More information

future data and infrastructure

future data and infrastructure White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal

More information

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch Building Blocks of a Cyber Resilience Program Monika Josi monika.josi@safis.ch About me Chief Security Advisor for Microsoft Europe, Middle East and Africa providing support to Governments and CIIP until

More information

Risk Management in Practice A Guide for the Electric Sector

Risk Management in Practice A Guide for the Electric Sector Risk Management in Practice A Guide for the Electric Sector Annabelle Lee Senior Technical Executive ICCS European Engagement Summit April 28, 2015 Before we continue let s get over our fears and myths

More information

European Network for Cyber Security

European Network for Cyber Security European Network for Cyber Security Cyber Security: a fundamental basis for Smart Grids Project Summary December 19, 2014 Introduction Smart grids are crucial to support the use of more sustainable energy

More information

SCADA Security Training

SCADA Security Training SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,

More information

!! "# $%!& $!$ +) * ', -./01.//1233/ "4, -./01.//12223 *, 565

!! # $%!& $!$ +) * ', -./01.//1233/ 4, -./01.//12223 *, 565 !! "# $%!& '(!)**+* $!$ +) * ', -./01.//1233/ "4, -./01.//12223 *, 565 1 Content CRUTIAL testbeds - objectives The Telecontrol Testbed platform Critical scenarios - plotted demo Experimental results The

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

POLICIES TO MITIGATE CYBER RISK

POLICIES TO MITIGATE CYBER RISK POLICIES TO MITIGATE CYBER RISK http://www.tutorialspoint.com/information_security_cyber_law/policies_to_mitigate_cyber_risk.htm Copyright tutorialspoint.com This chapter takes you through the various

More information

Threat Modeling Framework for Electrical Distribution Scada Networks

Threat Modeling Framework for Electrical Distribution Scada Networks Middle-East Journal of Scientific Research 23 (9): 2318-2325, 2015 ISSN 1990-9233 IDOSI Publications, 2015 DOI: 10.5829/idosi.mejsr.2015.23.09.22715 Threat Modeling Framework for Electrical Distribution

More information

Enabling the SmartGrid through Cloud Computing

Enabling the SmartGrid through Cloud Computing Enabling the SmartGrid through Cloud Computing April 2012 Creating Value, Delivering Results 2012 eglobaltech Incorporated. Tech, Inc. All rights reserved. 1 Overall Objective To deliver electricity from

More information

Submitted at: http://www.regulations.gov/#!submitcomment;d=nhtsa-2014-0108-0001

Submitted at: http://www.regulations.gov/#!submitcomment;d=nhtsa-2014-0108-0001 December 8, 2014 Docket Management Facility U.S. Department of Transportation 1200 New Jersey Avenue SE. West Building Ground Floor, Room W12-140 Washington, DC 20590-0001 Submitted at: http://www.regulations.gov/#!submitcomment;d=nhtsa-2014-0108-0001

More information

ESKISP6054.01 Conduct security testing, under supervision

ESKISP6054.01 Conduct security testing, under supervision Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to

More information

Industrial Control Systems Security Guide

Industrial Control Systems Security Guide Industrial Control Systems Security Guide Keith Stouffer, Engineering Lab National Institute of Standards and Technology NIST SP 800-82, Rev 2 and ICS Cybersecurity Testbed Keith Stouffer Project Leader,

More information

Models for Cyber Security Analysis

Models for Cyber Security Analysis Enterprise Architecture t Models for Cyber Security Analysis Teodor Sommestad Royal Institute of Technology KTH Stockholm, Sweden 1 Consequences of Cyber Security Incidents (?) CIA senior analyst Tom Donahue:

More information

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives Center of excellence for secure integration, deployment and sustainment of Industrial Control Systems and Operational Technology

More information

Development of a Conceptual Reference Model for Micro Energy Grid

Development of a Conceptual Reference Model for Micro Energy Grid Development of a Conceptual Reference Model for Micro Energy Grid 1 Taein Hwang, 2 Shinyuk Kang, 3 Ilwoo Lee 1, First Author, Corresponding author Electronics and Telecommunications Research Institute,

More information

William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly

William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly Ramesh Karri (rkarri@poly.edu) Associate Professor, Electrical and Computer Engineering NYU-Poly Why is cyber

More information

Appropriate security measures for smart grids

Appropriate security measures for smart grids 1 Appropriate security measures for smart grids Guidelines to assess the sophistication of security measures implementation [2012-12-06] 1 Copyright TenneT Appropriate security measures for smart grids

More information

Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives

Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives (Revised March 2012) Disclaimer: To the extent permitted by law, this document

More information

Following the Energy Sector s Roadmap

Following the Energy Sector s Roadmap Cybersecurity for Energy Delivery Systems (CEDS) R&D Following the Energy Sector s Roadmap Carol Hawk CEDS R&D Program Manager Energy Sector Cybersecurity Different Priorities Energy Delivery Control Systems

More information

NIST Cybersecurity Framework Manufacturing Implementation

NIST Cybersecurity Framework Manufacturing Implementation NIST Cybersecurity Framework Manufacturing Implementation Keith Stouffer Project Leader, Cybersecurity for Smart Manufacturing Systems Engineering Lab, NIST Manufacturing Cybersecurity Research at NIST

More information

What Risk Managers need to know about ICS Cyber Security

What Risk Managers need to know about ICS Cyber Security What Risk Managers need to know about ICS Cyber Security EIM Risk Managers Conference February 18, 2014 Joe Weiss PE, CISM, CRISC, ISA Fellow (408) 253-7934 joe.weiss@realtimeacs.com ICSs What are they

More information

Security Risk Management For Health IT Systems and Networks

Security Risk Management For Health IT Systems and Networks Health IT Standards Committee Meeting Security Risk Management For Health IT Systems and Networks NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Setting the stage. NATIONAL INSTITUTE OF STANDARDS AND

More information

Frost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends

Frost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends Frost & Sullivan s Aerospace, Defence & Security Practice Global Industrial Cyber Security Trends Presented by Philipp Reuter Director Frost & Sullivan, Turkey 1 Worth over $ 50 Billion globally in 2014

More information

Developing an Architectural Framework towards achieving Cyber Resiliency. Presented by Deepak Singh

Developing an Architectural Framework towards achieving Cyber Resiliency. Presented by Deepak Singh Developing an Architectural Framework towards achieving Cyber Resiliency Presented by Deepak Singh Presentation Content Cyber Threat Landscape Cyber Attack and Threat Profile Cyber Threat Map Cyber Security

More information

IT Infrastructure Services. White Paper. Cyber Risk Mitigation for Smart Cities

IT Infrastructure Services. White Paper. Cyber Risk Mitigation for Smart Cities IT Infrastructure Services White Paper Cyber Risk Mitigation for Smart Cities About the Author Abhik Chaudhuri Abhik Chaudhuri is a Domain Consultant with the Information Technology Infrastructure Services

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

DATA, THE GATE TO A SMART ENERGY SYSTEM - views from the electricity industry

DATA, THE GATE TO A SMART ENERGY SYSTEM - views from the electricity industry DATA, THE GATE TO A SMART ENERGY SYSTEM - views from the electricity industry Hans Ten Berge, Secretary General, EURELECTRIC Big Data Europe workshop, 16 June 2015 EURELECTRIC represents the EU electricity

More information

Smart Grid Cyber Security

Smart Grid Cyber Security WHITE PAPER Cyber Security Smart Grid Cyber Security Smart Grid Deployment Requires a New End-to-End Security Approach EXECUTIVE SUMMARY Alstom Grid, Intel, and McAfee have joined their expertise to deliver

More information

ISO 27002:2013 Version Change Summary

ISO 27002:2013 Version Change Summary Information Shield www.informationshield.com 888.641.0500 sales@informationshield.com Information Security Policies Made Easy ISO 27002:2013 Version Change Summary This table highlights the control category

More information

Risk Management Guide for Information Technology Systems. NIST SP800-30 Overview

Risk Management Guide for Information Technology Systems. NIST SP800-30 Overview Risk Management Guide for Information Technology Systems NIST SP800-30 Overview 1 Risk Management Process that allows IT managers to balance operational and economic costs of protective measures and achieve

More information

Steve Lusk Alex Amirnovin Tim Collins

Steve Lusk Alex Amirnovin Tim Collins Steve Lusk Alex Amirnovin Tim Collins ViaSat Inc. Cyber-intrusion Auto-response and Policy Management System (CAPMS) Cybersecurity for Energy Delivery Systems Peer Review August 5-6, 2014 Summary: Cyber-intrusion

More information

TECHNOLOGIES: KEY MARKET FORECASTS: GEOGRAPHIES:

TECHNOLOGIES: KEY MARKET FORECASTS: GEOGRAPHIES: Smart Grid Cyber Security System Reliability, Defense-in-Depth, Business Continuity, Change Management, Secure Telecommunications, Endpoint Protection, Identity Management, and Security Event Management

More information

SCADA System Overview

SCADA System Overview Introduction SCADA systems are critical to the control and monitoring of complex cyber-physical systems. Now with advanced computer and communications technologies, SCADA systems are connected to networks

More information

Information Security Team

Information Security Team Title Document number Add document Document status number Draft Owner Approver(s) CISO Information Security Team Version Version history Version date 0.01-0.05 Initial drafts of handbook 26 Oct 2015 Preface

More information

IBM 000-281 EXAM QUESTIONS & ANSWERS

IBM 000-281 EXAM QUESTIONS & ANSWERS IBM 000-281 EXAM QUESTIONS & ANSWERS Number: 000-281 Passing Score: 800 Time Limit: 120 min File Version: 58.8 http://www.gratisexam.com/ IBM 000-281 EXAM QUESTIONS & ANSWERS Exam Name: Foundations of

More information

Security Control Standard

Security Control Standard Department of the Interior Security Control Standard Security Assessment and Authorization January 2012 Version: 1.2 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior,

More information

Future cybersecurity threats and research needs.

Future cybersecurity threats and research needs. www.thalesgroup.com Future cybersecurity threats and research needs. 3 rd Franco-American Workshop on Cybersecurity Lyon Kreshnik Musaraj kreshnik.musaraj@thalesgroup.com December 9. 2014 2 / Challenges

More information

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a

More information

Smart Grid Security. Recommendations for Europe and Member States. [Deliverable 2012-07-01]

Smart Grid Security. Recommendations for Europe and Member States. [Deliverable 2012-07-01] Smart Grid Security [Deliverable 2012-07-01] Smart Grid Security I Contributors to this report ENISA would like to recognise the contribution of the S21sec 1 team members that prepared this report in collaboration

More information

BEFORE THE PUBLIC UTILITIES COMMISSION OF THE STATE OF CALIFORNIA ) ) ) ) ) )

BEFORE THE PUBLIC UTILITIES COMMISSION OF THE STATE OF CALIFORNIA ) ) ) ) ) ) BEFORE THE PUBLIC UTILITIES COMMISSION OF THE STATE OF CALIFORNIA Order Instituting Rulemaking on the Commission s Own Motion to Improve Distribution Level Interconnection Rules and Regulations for Certain

More information

Utilization of Automatic Meter Management in Smart Grid Development

Utilization of Automatic Meter Management in Smart Grid Development GEODE Autumn Seminar in Brighton 12 th of November Utilization of Automatic Meter Management in Smart Grid Development Ville Sihvola Head of Marketing and Sales Elenia Oy Elenia Oy Turnover 220 M Employees

More information

ESKISP6055.01 Manage security testing

ESKISP6055.01 Manage security testing Overview This standard covers the competencies concerning with managing security testing activities. Including managing resources activities and deliverables. This includes planning, conducting and reporting

More information

Cyber security: Practical Utility Programs that Work

Cyber security: Practical Utility Programs that Work Cyber security: Practical Utility Programs that Work Securing Strategic National Assets APPA National Conference 2009 Michael Assante Vice President & CSO, NERC June 15, 2009 The Electric Grid - Challenges

More information

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage. Executive Summary Statement of Nadya Bartol Vice President, Industry Affairs and Cybersecurity Strategist Utilities Telecom Council Before the Subcommittee on Oversight and Subcommittee on Energy Committee

More information

McAfee Security Architectures for the Public Sector

McAfee Security Architectures for the Public Sector White Paper McAfee Security Architectures for the Public Sector End-User Device Security Framework Table of Contents Business Value 3 Agility 3 Assurance 3 Cost reduction 4 Trust 4 Technology Value 4 Speed

More information

Cybersecurity Framework: Current Status and Next Steps

Cybersecurity Framework: Current Status and Next Steps Cybersecurity Framework: Current Status and Next Steps Federal Advisory Committee on Insurance November 6, 2014 Adam Sedgewick Senior IT Policy Advisor Adam.Sedgewick@nist.gov National Institute of Standards

More information

SmartGrids SRA 2035. Summary of Priorities for SmartGrids Research Topics

SmartGrids SRA 2035. Summary of Priorities for SmartGrids Research Topics SmartGrids SRA 2035 Summary of Priorities for SmartGrids Research Topics Version 19 June 2013 Setting Priorities related to SRA 2035 research areas and topics The following section reports on the conclusions

More information

Cyberspace Situational Awarness in National Security System

Cyberspace Situational Awarness in National Security System Cyberspace Situational Awarness in National Security System Rafał Piotrowski, Joanna Sliwa, Military Communication Institute C4I Systems Department Zegrze, Poland, r.piotrowski@wil.waw.pl, j.sliwa@wil.waw.pl

More information

Facilitated Self-Evaluation v1.0

Facilitated Self-Evaluation v1.0 Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) Patricia Hoffman Facilitated Self-Evaluation v1.0 Assistant Secretary Office of Electricity Delivery and Energy Reliability U.S.

More information

Update On Smart Grid Cyber Security

Update On Smart Grid Cyber Security Update On Smart Grid Cyber Security Kshamit Dixit Manager IT Security, Toronto Hydro, Ontario, Canada 1 Agenda Cyber Security Overview Security Framework Securing Smart Grid 2 Smart Grid Attack Threats

More information

SCOPE. September 25, 2014, 0930 EDT

SCOPE. September 25, 2014, 0930 EDT National Protection and Programs Directorate Office of Cyber and Infrastructure Analysis (OCIA) Critical Infrastructure Security and Resilience Note Critical Infrastructure Security and Resilience Note:

More information

NERC CIP VERSION 5 COMPLIANCE

NERC CIP VERSION 5 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining

More information

Panel Session: Lessons Learned in Smart Grid Cybersecurity

Panel Session: Lessons Learned in Smart Grid Cybersecurity PNNL-SA-91587 Panel Session: Lessons Learned in Smart Grid Cybersecurity TCIPG Industry Workshop Jeff Dagle, PE Chief Electrical Engineer Advanced Power and Energy Systems Pacific Northwest National Laboratory

More information

Human Factors in Information Security

Human Factors in Information Security University of Oslo INF3510 Information Security Spring 2014 Workshop Questions Lecture 2: Security Management, Human Factors in Information Security QUESTION 1 Look at the list of standards in the ISO27000

More information

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015 EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015 Aristotelis Tzafalias Trust and Security Unit H.4 DG Connect European Commission Trust and Security: One Mission

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity 18 November 2015 grance@nist.gov cyberframework@nist.gov National Institute of Standards and Technology About NIST NIST s mission is to develop

More information

Overview TECHIS60241. Carry out risk assessment and management activities

Overview TECHIS60241. Carry out risk assessment and management activities Overview Information in all its forms is a vital component of the digital environment in which we live and work. The protection of information in its physical form is well understood but the protection

More information

PwC Cybersecurity Briefing

PwC Cybersecurity Briefing www.pwc.com/cybersecurity Cybersecurity Briefing June 25, 2014 The views expressed in these slides are solely the views of the presenters and do not necessarily reflect the views of the PCAOB, the members

More information

Information Technology Strategy

Information Technology Strategy Information Technology Strategy ElectraNet Corporate Headquarters 52-55 East Terrace, Adelaide, South Australia 5000 PO Box, 7096, Hutt Street Post Office, Adelaide, South Australia 5000 Tel: (08) 8404

More information

Future of Electric Distribution Dialogue

Future of Electric Distribution Dialogue Future of Electric Distribution Dialogue Webinar Series Session I: State of U.S. Electric Distribution July 11, 2012 2:00 3:30 p.m. EDT Session I: State of U.S. Electric Distribution 2:00 p.m. Opening

More information

Security in Smart Grid / IoT. Nenad Andrejević Comtrade Solutions Engineering

Security in Smart Grid / IoT. Nenad Andrejević Comtrade Solutions Engineering Security in Smart Grid / IoT Nenad Andrejević Comtrade Solutions Engineering Introduction Why is security important With so much of our lives connected to the Internet from our critical infrastructure

More information

STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE

STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE COMMITTEE ON ENERGY AND NATURAL RESOURCES UNITED STATES SENATE

More information

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc. Cyber Security :: Insights & Recommendations for Secure Operations N-Dimension Solutions, Inc. Cyber Security Protection for Critical Infrastructure Assets Agenda: Cyber Landscape Cyber Threats to Your

More information

Securing Cyber-Physical Systems

Securing Cyber-Physical Systems Securing Cyber-Physical Systems Alvaro Cárdenas Fujitsu Laboratories Ricardo Moreno Universidad de los Andes From Sensor Nets to Cyber-Physical Systems Control Computation Communication Interdisciplinary

More information

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT Exelon Corporation Cybersecurity Supply Chain Risk Management INTERVIEWS Spencer Wilcox Managing Security Strategist and Special Assistant to the Chief

More information

Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium 2012-01-18, Miami Beach FL / USA

Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium 2012-01-18, Miami Beach FL / USA Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium 2012-01-18, Miami Beach FL / USA Dr. Stephan Beirer s.beirer@gai-netconsult.de Sichere ebusiness

More information

SMART ENERGY. The only cloud that speeds up your. cloud services. broadband for smart grids. Last Mile Keeper

SMART ENERGY. The only cloud that speeds up your. cloud services. broadband for smart grids. Last Mile Keeper SMART ENERGY cloud services broadband for smart grids Last Mile Keeper The only cloud that speeds up your Energy Management System Introduction Smart Grids are the result of the merging between power and

More information

Smart Grid Information Security

Smart Grid Information Security CEN-CENELEC-ETSI Smart Grid Coordination Group Date: 2014-12 Secretariat: CCMC CEN-CENELEC-ETSI Smart Grid Coordination Group M490-SGCG-SGIS-Intermediate-Report-V1.pdf 1 Contents Page 2 3 4 5 6 7 8 9 10

More information

Cyber-Physical Systems: Some Food for Thought

Cyber-Physical Systems: Some Food for Thought Cyber-Physical Systems: Some Food for Thought Ness B. Shroff Electrical and Computer Engineering & Computer Science and Engineering E-mail: shroff.11@osu.edu What is CPS? By NSF: engineered systems that

More information

Robert Malmgren. Smart Grid. Security Challenges - Legacy and Infrastructure Burdens

Robert Malmgren. Smart Grid. Security Challenges - Legacy and Infrastructure Burdens Robert Malmgren Smart Grid Security Challenges - Legacy and Infrastructure Burdens Short bio Robert Malmgren Independent consultant that have worked with utility companies regarding IT- and info sec since

More information

How can the Future Internet enable Smart Energy?

How can the Future Internet enable Smart Energy? How can the Future Internet enable Smart Energy? FINSENY overview presentation on achieved results Prepared by the FINSENY PMT April 2013 Outline Motivation and basic requirements FI-PPP approach FINSENY

More information

Using the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6

Using the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6 to Assess Cybersecurity Preparedness 1 of 6 Introduction Long before the signing in February 2013 of the White House Executive Order Improving Critical Infrastructure Cybersecurity, HITRUST recognized

More information

8/27/2015. Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354. Don t Wait Another Day

8/27/2015. Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354. Don t Wait Another Day Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354 2015 FRWA Annual Conference Don t Wait Another Day 1 SCADA Subsystems Management Physical Connectivity Configuration Mgmt.

More information

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments

More information

Which cybersecurity standard is most relevant for a water utility?

Which cybersecurity standard is most relevant for a water utility? Which cybersecurity standard is most relevant for a water utility? Don Dickinson 1 * 1 Don Dickinson, Phoenix Contact USA, 586 Fulling Mill Road, Middletown, Pennsylvania, USA, 17057 (*correspondence:

More information

Risk and Security Assessment. Zbigniew Kalbarczyk

Risk and Security Assessment. Zbigniew Kalbarczyk Risk and Security Assessment Zbigniew Kalbarczyk 1 TCIPG Cluster Arrangement Communication and Data Delivery for Wide-Area Monitoring and Control Trustworthy cyber infrastructure and technologies for wide-area

More information