Preventing Cyber Security Attacks Against the Water Industry
|
|
- Arron Barnett
- 8 years ago
- Views:
Transcription
1 Preventing Cyber Security Attacks Against the Water Industry Presented by Michael Karl October 2012
2 Acknowledgements Infracri5cal SCADA Security Newsgroup CH2M HILL, Automa5on Cyber- Security Prac5ce Team All the folks at McAfee (thanks for your help and support) The Department of Homeland Security CSSP Invensys/Wonderware Cri5cal Infrastructure & Security Prac5ce Team
3 Our World is Changing
4 The Threat is Real! Overview of the DHS program Why control systems are vulnerable to attack Case study New Industry Trend
5 What is needed to perform a hack? Attacker (Threat Agent) Communications channel Weakness (vulnerability) Targeted device 4 Hacker Virus Malware Insider Vendor Activist group Organized crime Dial-up telephone Cellular communications Leased communication Satellite Internet LAN/WAN Wireless/WiFi Removable media Laptops Poor policy Insufficient firewall Windows updates Application patches Poor configuration network Poorly configured application Default passwords HMI work station Application server Historian server PCs Radio equipment PLC RTU
6 We can improve Security and Reliability! With proper tools your systems can be secure Reduce our exposure against the most likely and probable threats Security improvements will reduce operational risk Balance risk reduction with the cost of security measures Security Risk
7 Media Coverage 6 Pump destroyed at water plant Springfield, IL o Believed to be due to cyberattack (not confirmed by DHS). o Story covered by news media such as the Washington Post, Fox News, CNN, and MSNBC o Even though unconfirmed, the utility was in the national spotlight for weeks Texas SCADA system hacked and screenshots of HMI released Response to DHS downplay of IL incident Again carried by major news media Used a virtual network connection with the internet with simple password to access network
8 Questions and Comments from the Industry Myths Ques5ons from Management I m secure, I m not connected to the Internet. Public Works Director What is the real risk to us? I m secure, I have three passwords What is the golden solu5on? before I can connect Opera5ons Manager What needs to be protected? Using Passwords takes too long and I What do I need to do? 8 can t respond to emergencies Wastewater systems aren t in jeopardy Lead Maintenance Mgr. Cyber security is like an arms race there is no silver bullet Michael Assante Chief Security Of:icer NERC
9 Case Study - Typical SCADA Assessment SCADA System Supported by Local Integrator Part of the system is new, Others > 25 years old Software/Hardware was typical common equipment from the NW Public Works Director Stated the following: I want to perform due-diligence and have our system evaluated by a third party I know our system isn t connected to the internet I am not using Windows 7 yet so I m a bit nervous I also realize that an Security assessment provides information that assist in knowing where our single points of failure are.
10 More details SCADA covered a master site and remote facilities SCADA system had historian, HMI nodes and alarm notification software Local Ethernet network Local PLCs for control Radio network for telemetry communications Remote PLCs 10
11 Phased SCADA Evaluation 11 Phase 1 Review SCADA communication network Evaluate the security of remote access Phase 2 Implement recommendations found in Phase 1 Perform training for utility staff Develop policy and procedures for maintaining software and network Phase 3 Implement the NIST SP guide for SCADA security
12 Approach to Phase 1 Request for documenta5on Debriefs Management Systems Integrator Opera5ons staff IT staff Perform on- site forensics (physical and cyber) on SCADA assets 12
13 Findings of preliminary assessment SCADA directly connected to internet IT group didn t understand the importance of SCADA Know vulnerabili5es with PLC Programming So]ware HMI So]ware Remote Access So]ware Radio network open to the world Surprises - No redundancy and not one backup 13
14 How do I meet Due Diligence? Perform an evalua5on Implement tools Implement policies Don t forget physical securi5es Perform regular evalua5ons
15 Great Job - The New Industry Trend Being a Healthy Skep5c Understanding Cyber Security isn t just protec5ng against Hackers Thank you for your willingness to change! Implemen5ng mul5- factor security Having firm provide Perform a Table Top Exercise as you would with redundancy
16 Open Discussion Forum
17 Thank You! Questions? Contact Informa5on
SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP
SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations
More informationDecrease your HMI/SCADA risk
Decrease your HMI/SCADA risk Key steps to minimize unplanned downtime and protect your organization. Are you running your plant operations with serious risk? Most industrial applications lack recommended
More informationCYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric
CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric Challenges What challenges are there for Cyber Security in Industrial
More informationResilient and Secure Solutions for the Water/Wastewater Industry
Insert Photo Here Resilient and Secure Solutions for the Water/Wastewater Industry Ron Allen DA/Central and Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Your slides here Copyright 2011
More informationCritical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION
Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION ALBERTO AL HERNANDEZ, ARMY RESERVE OFFICER, SOFTWARE ENGINEER PH.D. CANDIDATE, SYSTEMS ENGINEERING PRESENTATION
More informationRethinking Cyber Security for Industrial Control Systems (ICS)
Rethinking Cyber Security for Industrial Control Systems (ICS) Bob Mick VP Emerging Technologies ARC Advisory Group bmick@arcweb.com 1 Rethinking Cyber Security We Now Have Years of Experience - Security
More information7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationThree Simple Steps to SCADA Systems Security
Three Simple Steps to SCADA Systems Security Presented by: Gabe Shones, PE / Gilbert Kwan, PE Insert Photo Here Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL
More informationHealthcare Security Vulnerabilities. Adam Goslin Chief Operations Officer High Bit Security
Healthcare Security Vulnerabilities Adam Goslin Chief Operations Officer High Bit Security Webinar Overview IT Security and Data Loss Breach Sources / Additional Information Recent Medical Breach / Loss
More informationfor Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs
for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs EXECUTIVE SUMMARY Supervisory Control and Data Acquisition (SCADA) systems are used for remote
More informationInnovative Defense Strategies for Securing SCADA & Control Systems
1201 Louisiana Street Suite 400 Houston, Texas 77002 Phone: 877.302.DATA Fax: 800.864.6249 Email: info@plantdata.com Innovative Defense Strategies for Securing SCADA & Control Systems By: Jonathan Pollet
More informationCERIAS Tech Report 2012-15 Mapping Water Sector Cyber-Security Vulnerabilities by James H. Graham, Jeffrey L. Hieb and J. Chris Foreman Center for
CERIAS Tech Report 2012-15 Mapping Water Sector Cyber-Security Vulnerabilities by James H. Graham, Jeffrey L. Hieb and J. Chris Foreman Center for Education and Research Information Assurance and Security
More informationResilient and Secure Solutions for the Water/Wastewater Industry
Insert Photo Here Resilient and Secure Solutions for the Water/Wastewater Industry Ron Allen DA/Central and Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Cyber Security IT People Geeks How
More informationCyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services
Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance
More informationISACA rudens konference
ISACA rudens konference 8 Novembris 2012 Procesa kontroles sistēmu drošība Andris Lauciņš Ievads Kāpēc tēma par procesa kontroles sistēmām? Statistics on incidents Reality of the environment of industrial
More informationThe Importance of Cybersecurity Monitoring for Utilities
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More informationImproving Water and Wastewater SCADA Cyber Security
Improving Water and Wastewater SCADA Cyber Security Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bill Phillips and Norman Anderson 2012 ISA Water & Wastewater
More informationNew Era in Cyber Security. Technology Development
New Era in Cyber New Era in Cyber Security Security Technology Technology Development Development Combining the Power of the Oil and Gas Industry, DHS, and the Vendor Community to Combat Cyber Security
More information8/27/2015. Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354. Don t Wait Another Day
Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354 2015 FRWA Annual Conference Don t Wait Another Day 1 SCADA Subsystems Management Physical Connectivity Configuration Mgmt.
More informationVerve Security Center
Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution
More informationIT Security and OT Security. Understanding the Challenges
IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control
More informationCyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology
Cyber Security Incident Handling Policy Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology Date: Oct 9, 2015 i Document Control Document Owner Classification
More informationSCADA Security Training
SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,
More informationProtecting productivity with Plant Security Services
Protecting productivity with Plant Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. siemens.com/plant-security-services
More informationIntegrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi etieghi@visionautomation.
Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems Enzo M. Tieghi etieghi@visionautomation.it Security IT & Control System Security: where are we?
More informationState of the State of Control System Cyber Security
State of the State of Control System Cyber Security Joe Weiss, PE, CISM IEEE PES San Francisco Section October 15, 2007 What Are the Goals Maintain reliability and availability Minimize intentional and
More informationAre you prepared to be next? Invensys Cyber Security
Defense In Depth Are you prepared to be next? Invensys Cyber Security Sven Grone Critical Controls Solutions Consultant Presenting on behalf of Glen Bounds Global Modernization Consultant Agenda Cyber
More informationSECURE AND FUTURE-READY SCADA CONTROL SYSTEMS PREPARE YOUR CRITICAL INFRASTRUCTURE FOR WHAT HAPPENS NEXT
SECURE AND FUTURE-READY SCADA CONTROL SYSTEMS PREPARE YOUR CRITICAL INFRASTRUCTURE FOR WHAT HAPPENS NEXT SCADA CONTROL SYSTEMS YOUR FIRST LINE OF DEFENSE SCADA systems control most of the vital infrastructure
More informationThe Four-Step Guide to Understanding Cyber Risk
Lifecycle Solutions & Services The Four-Step Guide to Understanding Cyber Risk Identifying Cyber Risks and Addressing the Cyber Security Gap TABLE OF CONTENTS Introduction: A Real Danger It is estimated
More informationCritical IT-Infrastructure (like Pipeline SCADA systems) require cyber-attack protection
Critical IT-Infrastructure (like Pipeline SCADA systems) require cyber-attack protection Tobias WALK ILF Consulting Engineers GmbH Germany Abstract Pipeline Supervisory Control And Data Acquisition (SCADA)
More informationDefensible Strategy To. Cyber Incident Response
Cyber Incident Response Defensible Strategy To Cyber Incident Response Cyber Incident Response Plans Every company should develop a written plan (cyber incident response plan) that identifies cyber attack
More informationSecuring Industrial Control Systems in the Chemical Sector. Roadmap Awareness Initiative Making the Business Case
Securing Industrial Control Systems in the Chemical Sector Roadmap Awareness Initiative Making the Business Case Developed by the Chemical Sector Coordinating Council in partnership with The U.S. Department
More informationWHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.
WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There
More informationIT Security Incident Management Policies and Practices
IT Security Incident Management Policies and Practices Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology Date: Feb 6, 2015 i Document Control Document
More information2 0 1 4 F G F O A A N N U A L C O N F E R E N C E
I T G OV E R NANCE 2 0 1 4 F G F O A A N N U A L C O N F E R E N C E RAJ PATEL Plante Moran 248.223.3428 raj.patel@plantemoran.com This presentation will discuss current threats faced by public institutions,
More informationSCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards
SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which
More informationVulnerabilities in SCADA and Critical Infrastructure Systems
International Journal of Future Generation Communication and Networking 99 Vulnerabilities in SCADA and Critical Infrastructure Systems Rosslin John Robles 1, Min-kyu Choi 1, Eun-suk Cho 1, Seok-soo Kim
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationOPC & Security Agenda
OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information
More informationSBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics
SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced
More informationDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution September 2009 / White paper by Dan DesRuisseaux 1 Contents Executive Summary... p 3 Introduction... p 4 Security Guidelines... p 7 Conclusion...
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationHow Secure is Your SCADA System?
How Secure is Your SCADA System? Charles Drobny GlobaLogix, Inc. Houston, TX, USA Our Industry is a Target 40% of cyber attacks on Critical Infrastructure targets are aimed at the Energy Industry The potential
More informationManaged Hosting & Datacentre PCI DSS v2.0 Obligations
Any physical access to devices or data held in an Melbourne datacentre that houses a customer s cardholder data must be controlled and restricted only to approved individuals. PCI DSS Requirements Version
More informationCyber Security. Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP
Cyber Security Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP Speakers: Keith Overly, Executive Director, Ohio Deferred Compensation Program Raj Patel, Partner, Plante & Moran, PLLC
More informationA Wake-Up Call? Fight Back Against Cybercrime. Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014
A Wake-Up Call? Fight Back Against Cybercrime Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014 1 Coalfire Background Leading Information Security Consulting Firm Offices: Atlanta,
More informationA Concise Model to Evaluate Security of SCADA Systems based on Security Standards
A Concise Model to Evaluate Security of SCADA Systems based on Security Standards Nasser Aghajanzadeh School of Electrical and Computer Engineering, Shiraz University, Shiraz, Iran Alireza Keshavarz-Haddad
More informationCyber Security in a Modern Process Network. Philip Nunn Product Manager - Industrial Networks
Cyber Security in a Modern Process Network Philip Nunn Product Manager - Industrial Networks 2 Philip Nunn Philip started work in the wider electrical industry with Crabtree Electrical, now a part of the
More informationWWHMI SCADA-12 Cyber Security Best Practices in the Industrial World
Slide 1 WWHMI SCADA-12 Cyber Security Best Practices in the Industrial World Chris J Smith for Paul Forney, MCSE, CSSLP Chief Technologist R&D Security Team Invensys Operations Management 2012 Invensys.
More informationAUDITOR GENERAL S REPORT. Protection of Critical Infrastructure Control Systems. Report 5 August 2005
AUDITOR GENERAL S REPORT Protection of Critical Infrastructure Control Systems Report 5 August 2005 Serving the Public Interest Serving the Public Interest THE SPEAKER LEGISLATIVE ASSEMBLY THE PRESIDENT
More informationSecurity Testing in Critical Systems
Security Testing in Critical Systems An Ethical Hacker s View Peter Wood Chief Executive Officer First Base Technologies Who is Peter Wood? Worked in computers & electronics since 1969 Founded First Base
More informationEmerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP
Emerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP July 25, 2014 Topics Improved 4G Communications Mobile Devices Cyber Security Threats Cyber Security Guidance
More informationMaturation of a Cyber Security Incident Prevention and Compliance Program
Maturation of a Cyber Security Incident Prevention and Compliance Program Utilities & Energy Compliance & Ethics Conference February 25, 2013 Houston, Texas Anna Wang Principal Consultant Imminent Cyber
More informationTRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More informationDr. György Kálmán gyorgy@mnemonic.no
COMMUNICATION AND SECURITY IN CURRENT INDUSTRIAL AUTOMATION Dr. György Kálmán gyorgy@mnemonic.no Agenda Connected systems historical overview Current trends, concepts, pre and post Stuxnet Risks and threats
More informationCyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc.
Cyber Security Presentation Ontario Energy Board Smart Grid Advisory Committee Doug Westlund CEO, N-Dimension Solutions Inc. October 1, 2013 Cyber Security Protection for Critical Infrastructure Assets
More informationInformation Security Organizations trends are becoming increasingly reliant upon information technology in
DATASHEET PENETRATION TESTING SERVICE Sales Inquiries: sales@spentera.com Visit us: http://www.spentera.com Protect Your Business. Get Your Service Quotations Today! Copyright 2011. PT. Spentera. All Rights
More informationDATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET
DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET 2014 NSGA Management Conference John Webb Jr., CIC Emery & Webb, Inc. Inga Goddijn, CIPP/US Risk Based Security, Inc. Not just a big business problem
More informationWaterfall for NERC-CIP Compliance
Waterfall for NERC-CIP Compliance Using Waterfall s Unidirectional Security Solution to Achieve True Security & NERC-CIP Compliance Date: Jul. 2009 The material in this document is proprietary to Waterfall
More informationHolistic View of Industrial Control Cyber Security
Holistic View of Industrial Control Cyber Security A Deep Dive into Fundamentals of Industrial Control Cyber Security Learning Goals o Understanding security implications involving industrial control systems
More informationa Post-Stuxnet World The Future of Critical Infrastructure Security Eric Byres, P.Eng.
SCADA and CIP Security in a Post-Stuxnet World The Future of Critical Infrastructure Security Eric Byres, P.Eng. CTO, Byres Security Inc. What is Stuxnet? The Stuxnet Worm July, 2010: Stuxnet worm was
More informationCri$cal Infrastructure Security: The Emerging Smart Grid. Cyber Security Lecture 5: Assurance, Evalua$on, and Compliance Carl Hauser & Adam Hahn
Cri$cal Infrastructure Security: The Emerging Smart Grid Cyber Security Lecture 5: Assurance, Evalua$on, and Compliance Carl Hauser & Adam Hahn Overview Evalua$on Common Criteria Security Tes$ng Approaches
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationThe first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.
CIPS Overview Introduction The reliability of the energy grid depends not only on physical assets, but cyber assets. The North American Electric Reliability Corporation (NERC) realized that, along with
More informationCyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist
Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended
More informationNew York State Energy Planning Board. Cyber Security and the Energy Infrastructure
New York State Energy Planning Board Cyber Security and the Energy Infrastructure New York State Division of Homeland Security and Emergency Services Office of Cyber Security Office of Cyber Security Overview
More informationThe State of Industrial Control Systems Security and National Critical Infrastructure Protection
The State of Industrial Control Systems Security and National Critical Infrastructure Protection Emerging Threats Tinuade Adesina, Lulea University of Technology Sweden IT Security for the Next Generation
More informationSecurity in SCADA solutions
Security in SCADA solutions Green Hills Software Peter Hoogenboom Engineering Manager - EMEA 2011 Green Hills Software D&E Event, 22 Sep 2011, Evoluon Eindhoven (NL) Slide 1 Security in SCADA solutions
More informationHow To Create An Ics Network With A Network Of Nodes
A Connection Pattern-based Approach to Detect Network Traffic Anomalies in Critical Infrastructures Béla Genge 1, Dorin Adrian Rusu 2, Piroska Haller 1 1 Petru Maior University of Tîrgu Mureş, Romania
More informationA Tactical Approach to Continuous Compliance. Walt Sikora, Vice President Security Solutions EMMOS 2013
A Tactical Approach to Continuous Compliance Walt Sikora, Vice President Security Solutions EMMOS 2013 Abstract NERC has moved quickly to address shortcomings and lack of clarity in previous versions of
More informationIndustrial Security for Process Automation
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationUtility Telecom Forum. Robert Sill, CEO & President Aegis Technologies February 4, 2008
Utility Telecom Forum Robert Sill, CEO & President Aegis Technologies February 4, 2008 1 Agenda Asked to describe his job, Mike Selves, director of Emergency Management and Homeland Security in Johnson
More informationJohn M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com
NERC CIP Substation Cyber Security Update John M Shaw Presentation to UTC Region 7 February 19, 2009 jshaw@garrettcom.com It s February 19, 2009 132 project days left to compliance Do you know where (what)
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationImpact of Data Breaches
Research Note Impact of Data Breaches By: Divya Yadav Copyright 2014, ASA Institute for Risk & Innovation Applicable Sectors: IT, Retail Keywords: Hacking, Cyber security, Data breach, Malware Abstract:
More informationCYBER INFORMATION SECURITY AWARENESS AND PROTECTION PRACTICES. Strengthening Your Community at the Organizational Level
CYBER INFORMATION SECURITY AWARENESS AND PROTECTION PRACTICES Strengthening Your Community at the Organizational Level Las Vegas, Nevada 2012 Security Awareness and Why is it Important? In today s economic
More informationNERC CIP Whitepaper How Endian Solutions Can Help With Compliance
NERC CIP Whitepaper How Endian Solutions Can Help With Compliance Introduction Critical infrastructure is the backbone of any nations fundamental economic and societal well being. Like any business, in
More informationDeltaV System Cyber-Security
January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...
More informationSCADA Cyber Security
SCADA Cyber Security Information on Securing SCADA systems Version: 1.0 Erik Daalder, Business Development Manager Yokogawa Electric Corporation Global SCADA Center T: +31 88 4641 360 E: erik.daalder@nl.yokogawa.com
More informationLast year, two security researchers
Last year, two security researchers gave themselves a goal: 100 days to identify as many security vulnerabilities as possible within industrial control system software. The results exceeded our expectations,
More informationHow To Protect Water Utilities From Cyber Attack
Cybersecurity in the Water Sector Copyright 2015 American Water Works Association Overview Reality of the Threat Environment Water Sector Cyber Risk Management Key Resources Connectivity = Exposure Process
More informationNetwork Security Survey of Small Businesses
Network Security Survey of Small Businesses July 2006 Copyright All Covered Inc. www.allcovered.com Executive Summary Most small businesses now make use of a network of PCs and servers to run their operations.
More informationCYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES
CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information
More informationSafe Network Integration
UNIDIRECTIONAL SECURITY GATEWAYS Safe Network Integration Stronger than Firewalls Shaul Pescovsky, Sales Director Waterfall Security Solutions shaul@waterfall-security.com Proprietary Information -- Copyright
More informationBreakthrough Cyber Security Strategies. Introducing Honeywell Risk Manager
Breakthrough Cyber Security Strategies Introducing Honeywell Risk Manager About the Presenter Eric D. Knapp @ericdknapp Global Director of Cyber Security Solutions and Technology for Honeywell Process
More informationCyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014
Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA
More informationABB s approach concerning IS Security for Automation Systems
ABB s approach concerning IS Security for Automation Systems Copyright 2006 ABB. All rights reserved. Stefan Kubik stefan.kubik@de.abb.com The problem Most manufacturing facilities are more connected (and
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationRebecca Massello Energetics Incorporated
Cybersecurity Procurement Language for Energy Delivery Systems Rebecca Massello Energetics Incorporated NRECA TechAdvantage February 25, 2015 Talking Points What is this document? Who can use this document
More informationIntrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
More informationCLOUD BASED SCADA. Removing Implementation and Deployment Barriers. Liam Kearns Open Systems International, Inc.
CLOUD BASED SCADA Removing Implementation and Deployment Barriers Liam Kearns Open Systems International, Inc. SCADA Traditional definition and application. SCADA DEFINITION Definition Supervisory Control
More informationKeeping the Lights On
Keeping the Lights On Fundamentals of Industrial Control Risks, Vulnerabilities, Mitigating Controls, and Regulatory Compliance Learning Goals o Understanding definition of industrial controls o Understanding
More informationLogRhythm and NERC CIP Compliance
LogRhythm and NERC CIP Compliance The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to ensure that the bulk electric system in North America is reliable, adequate
More informationCYBER SECURITY. Is your Industrial Control System prepared?
CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect Operation & Optimization Software Activity Schneider-Electric Challenges What challenges are there
More informationINDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
More informationWhat is Cyber Liability
What is Cyber Liability Ubiquitous Warfare Espionage Media Operational Data Security and Privacy Tech 1 Data Security and Privacy Data Breach Response Costs Privacy Regulatory Action Civil Litigation INSURABLE
More informationCyber Essentials Scheme
Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these
More informationPCI Compliance for Healthcare
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More information