Cybersecurity in the Energy/Utility Sectors
|
|
- Annabel Campbell
- 8 years ago
- Views:
Transcription
1 Cybersecurity in the Energy/Utility Sectors Thomas Pearce Senior Utility Specialist, PUCO Chair, NARUC Staff Subcommittee on Critical Infrastructure NARUC Staff Subcommittee on Actg. & Fin. Portland, OR September 10, 2013
2 DISCLAIMER Nothing contained within this presentation shall be deemed to represent any positions or views of: the National Association of Regulatory Utility Commissioners (NARUC), its officers, staff, Committees, Subcommittees, or its member commissions; the State of Ohio, its governor, the Public Utilities Commission of Ohio, its chairman, its commissioners, its staff, nor even those of the author 1 1 Remainder of the legal disclaimer: if you re paying attention, that last item was injected for purposes of humor; it s okay to laugh and to take neither the presenter nor the presentation too seriously
3
4 Cybersecurity We thought it was funny in Ferris Bueller s Day Off It isn t funny anymore
5 Agenda Purpose: to provide an introduction to issues, concepts, and vocabulary to facilitate action What is cybersecurity? Threats/Vulnerabilities Principles of preparedness Role of government & regulators Where do we go from here?
6 Recent Headlines The five scariest hacks we saw last week (CNN, 8/5/13) from 2013 Black Hat & DefCon conferences this past month in Las Vegas: Remote-controlled cars (the ones we drive, not the Matchbox kind) Compromising smartphones (Angry Birds survillance via Android, iphone chargers converted to info gathering portals [passcodes, s, etc.]) The too-smart home (Smart meters & TVs w/cameras) Hackers get personal (phones as tracking & personal info distributors; w/o owner s knowledge) Industrial facilities (read detail)
7 Additional Recent Headlines Smart Homes are hacking risk (WSJ) ICS-CERT Warns of Brute-Force Attacks Against Critical Infrastructure Control Systems (Softpedia) Power utilities sparse reply to cybersecurity poll highlights publicity struggle (SNL News) U.S. Power Companies Under Frequent Cyberattack (Networkworld) Cyberattack leaves natural gas pipelines vulnerable to sabotage (CSMonitor) Can government, industry stay ahead of cyberthreats to pipe, utilities? (SNL)
8 Other Headlines (cont d) Decoy ICS/SCADA Water Utility Networks Hit By Attacks (Dark Reading) Cyber Threats To Energy Sector Happening At Alarming Rate (WSJ) DHS Warns of Password-Cracker Targeting Industrial Networks (Nextgov) Malicious Virus Shuttered U.S. Power Plant(Reuters) One-Third of Cyber Attack Traffic Originates in China, Akamai Says (Bloomberg) DHS: 40 percent of cyberattacks targeted energy sector (The Hill)
9 Transportation 3% Telecom 2% Health 2% Nuclear 3% THREAT LANDSCAPE Internet-facing 11% Incidents By Sector FY2012 Water 15% Critical mfg 4% Financial 0% Chemical 4% Agriculture 1% Commercial Facilities 10% Dams 0% Energy 41% Agriculture Financial Chemical Commercial Facilities Dams Energy Government IT Internet-facing Nuclear Health Telecom IT 0% Transportation Water Government 4% ICS-CERT Data Critical mfg
10 What is it? Cybersecurity National Institute of Standards and Technology (NIST): The ability to protect or defend the use of cyberspace from cyber attacks.
11 Cybersecurity I think information sharing is a top priority. Hon. Cheryl LaFleur, Commissioner, Federal Energy Regulatory Commission, when questioned about cybersecurity, Tuesday, March 19, 2013, before the U.S. House of Representatives Energy & Commerce Committee hearings on Gas/Electric coordination
12 Cybersecurity There have been cyber attacks on systems that control plants being turned on/off; they are like FERC fuel neutral. We need to guard against risks to energy management systems, wherever they are. Hon. Cheryl LaFleur, March 19, 2013 testimony to House Energy & Commerce Committee
13 Cybersecurity Isn t just stopping bad guys Vulnerabilities include: Software bugs User errors Control system equipment malfunctions Communications equipment failures Deliberate intrusions and sabotage
14 Information Technology Systems Corporate IT/business systems Industrial Control Systems/Supervisory Control And Data Acquisition (ICS/SCADA) (SCADA e.g., power generation, gas transmission, water treatment, telecommunications)
15 Who IS Playing In The Cyber Realm? Script-kiddies/basement hackers (Ferris Bueller) Criminal element (Letter from Nigeria) Aircraft carrier nation-states
16 Shodan Have you heard of it? What is it? Who? John Matherly There s an app for that
17 Vulnerabilities Smart Meters/AMI Increasing threats Current Trends Spam, Phishing, Malware Stuxnet, Duqu, Gauss, Flame, miniflame, Shamoon Types of threats
18 CYBER THREATS Aurora (2009) DHS/DOE experiment to hack generator control system Stuxnet (2010) Computer worm appearing to target Middle- East nuclear infrastructure SCADA malware; locational effects Targeted controls systems for uranium processing centrifuges Duqu (2011) Likely Stuxnet variant attacking MS Windows seeking info useful to attack ICS
19 CYBER THREATS Night Dragon (2011) Targeted global oil, gas & petrochemical companies, primarily US-based Obtain sensitive data Flame (2012) Aka Flamer/sKyWIper Stuxnet on steroids w/ Shamoon (2012) Targeted Saudi Aramco (damaged/destroyed more than 30,000 (½ computers connected to corp. network) Allegedly retaliation for being US ally
20 Cybersecurity is one element of all-hazards preparedness
21 Issues of Preparedness Assessments Equipment Policies: do you have a formal written employee internet security policy? Responses/action plans Do you have a cyber element/plan? Standards Information sharing
22 Implications for Utilities Delivery of services Reliability CO$T$ Industry actions & response AGA: ONG SCC & CSWG
23 Industry Actions & Response NIST/SGIP CSWG NERC CIP standards; committees; etc. EPRI, EEI, AGA, AWWA ONG SCC Electricity Sub-sector SCC
24 Some Government Response NIST/SGIP CSWG U.S. Department of Homeland Security: CIPAC & Sector Partnerships (GCCs/SCCs) - NARUC National Cyber Security Division (CSET Tool, US- CERT/ICS-CERT, ICSJWG) ICS-CERT fly-away teams (Springfield MO water utility) ICS-CERT Active Cyber Campaigns Against the U.S. Energy Sector Briefings (9 US late fall 2012) U.S. Department of Defense: CyberComm
25 Some Government Response (cont d) U.S. Department of Energy: Cybersecurity for Energy Delivery Systems (CEDS) Roadmap to Achieve Energy Delivery Systems Cybersecurity Cross-Sector Roadmap for Cybersecurity of Control Systems Vulnerability Analysis of Energy Delivery Control Systems Guide to Developing a Cyber Security & Risk Mitigation Plan ESC2M2 (Elec. Sector Cybersecurity Capability Maturity Model) NESCO/NESCOR (Nat l Electric Sector Cybersecurity Org)
26 Roles of State Commissions Cost recovery guidelines investment prudence Sensitive information develop handling protocols Rapid information sharing methods Review utility emergency response plans Regulatory oversight of reliability Promote State emergency planning efforts Understand interdependencies Engage in regional coordination and response
27 Some State Actions Regarding Cybersecurity NARUC: Cybersecurity for State Regulators v2.0 ( 0Primer%202.0.pdf ) State level actions: MO PSC: review/formal dialogue with state utilities PA PUC: annual certification/dialogue with state utilities CPUC: SmartGrid & SGIP CS, OH PUC: informal dialogue with state utilities TX PUC: SmartGrid & SGIP CS; work w/ercot
28 Private & Public Sector Responsibilities Cyber secure utility operations: utilities Defend against nation-state cyber attacks: national defense & law enforcement Effective cybersecurity: utility/regulator/federal partners
29 Some Things To Do Know what you need to protect Enforce strong password policies Map out a disaster preparedness plan Encrypt confidential information Use a reliable security solution Protect information completely Stay up to date Educate employees
30 DISCUSSION Are you seeing costs for security measures in new rate case applications? Physical security expenses? Cybersecurity expenses? If so, what is the order of magnitude? How are you evaluating propriety of investments?
31 THANK YOU! Thomas Pearce Chair, NARUC Staff Subcommittee on Critical Infrastructure Senior Utilities Spec., Public Utilities Commission of Ohio 180 E. Broad St. Columbus, OH
Cybersecurity in the Energy/Utility Sectors
Cybersecurity in the Energy/Utility Sectors Hon. Todd Snitchler Chairman Thomas Pearce Senior Utility Specialist Chair, NARUC Staff Subcommittee on Critical Infrastructure Thursday, March 21, 2013 Ohio
More informationN-Dimension Solutions Cyber Security for Utilities
AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential
More informationRE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity
October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure
More informationCyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc.
Cyber Security Presentation Ontario Energy Board Smart Grid Advisory Committee Doug Westlund CEO, N-Dimension Solutions Inc. October 1, 2013 Cyber Security Protection for Critical Infrastructure Assets
More informationNew York State Energy Planning Board. Cyber Security and the Energy Infrastructure
New York State Energy Planning Board Cyber Security and the Energy Infrastructure New York State Division of Homeland Security and Emergency Services Office of Cyber Security Office of Cyber Security Overview
More informationHow Secure is Your SCADA System?
How Secure is Your SCADA System? Charles Drobny GlobaLogix, Inc. Houston, TX, USA Our Industry is a Target 40% of cyber attacks on Critical Infrastructure targets are aimed at the Energy Industry The potential
More informationEFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013
EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013 1 AGENDA Why Cybersecurity? A Few Helpful Cybersecurity Concepts Developing Expertise:
More informationU.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW. November 12, 2012 NASEO
U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW November 12, 2012 NASEO ISER Response: from site focused to system focused Emergency Preparedness, Response, and Restoration Analysis and
More informationEnergy Cybersecurity Regulatory Brief
Energy Understand the regulations that impact the energy industry and accelerate information security initiatives. Contents Overview 3 A Highly Vulnerable Energy Industry 4 Key Regulations to Consider
More informationCommunication Security Measures for SCADA Systems
Communication Security Measures for SCADA Systems Ron Farquharson, MV Consulting, DNP User Group Jim Coats, Triangle MicroWorks, DNP User Group Joe Stevens, Triangle MicroWorks 23 September 2014, Raleigh,
More informationResilient and Secure Solutions for the Water/Wastewater Industry
Insert Photo Here Resilient and Secure Solutions for the Water/Wastewater Industry Ron Allen DA/Central and Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Cyber Security IT People Geeks How
More informationAgenda. Introduction to SCADA. Importance of SCADA security. Recommended steps
Agenda Introduction to SCADA Importance of SCADA security Recommended steps SCADA systems are usually highly complex and SCADA systems are used to control complex industries Yet.SCADA systems are actually
More informationCyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012
Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012 ATC Nuclear ATC-N serves the commercial nuclear utilities in the US and many foreign
More informationBest Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper
Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationCyber Security & State Energy Assurance Plans
Cyber Security & State Energy Assurance Plans Michigan Cyber Summit 2011 Friday, October 7, 2011 Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials What is Energy
More informationResilient and Secure Solutions for the Water/Wastewater Industry
Insert Photo Here Resilient and Secure Solutions for the Water/Wastewater Industry Ron Allen DA/Central and Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Your slides here Copyright 2011
More informationSan Antonio, TX, August 7, 2011 National Association of Regulatory Utility Commissioners Miles Keogh Christina Cody
San Antonio, TX, August 7, 2011 National Association of Regulatory Utility Commissioners Miles Keogh Christina Cody NARUC & Critical Infrastructure Committee Chair: Commissioner Elizabeth Fleming, South
More informationWhich cybersecurity standard is most relevant for a water utility?
Which cybersecurity standard is most relevant for a water utility? Don Dickinson 1 * 1 Don Dickinson, Phoenix Contact USA, 586 Fulling Mill Road, Middletown, Pennsylvania, USA, 17057 (*correspondence:
More informationState Roles in Enhancing the Cybersecurity of Energy Systems and Infrastructure
NGA PAPER State Roles in Enhancing the Cybersecurity of Energy Systems and Infrastructure Executive Summary Protecting the nation s energy system and infrastructure from cyber threats is of vital importance
More informationCYBER SECURITY. May 6, 2013
CYBER SECURITY May 6, 2013 Cyber Headlines: dramatic and numerous Burning up a generator on demand Staged cyber attack reveals vulnerability in power grid, CNN 09/26/2007 Georgia Takes a Beating in the
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationCybersecurity and the Evolving Role of State Regulation: How it Impacts the California Public Utilities Commission
Cybersecurity and the Evolving Role of State Regulation: How it Impacts the California Public Utilities Commission GRID PLANNING AND RELIABILITY POLICY PAPER Elizaveta Malashenko ENERGY DIVISION Chris
More informationCyber and Mobile Landscape, Challenges, & Best Practices
Cyber and Mobile Landscape, Challenges, & Best Practices while increasing efficiencies through automation Cheri McGuire VP, Global Govt. Affairs & Cybersecurity Policy Cyber and Mobility Challenges and
More informationThe Importance of Cybersecurity Monitoring for Utilities
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More informationMaturation of a Cyber Security Incident Prevention and Compliance Program
Maturation of a Cyber Security Incident Prevention and Compliance Program Utilities & Energy Compliance & Ethics Conference February 25, 2013 Houston, Texas Anna Wang Principal Consultant Imminent Cyber
More informationKeeping the Lights On
Keeping the Lights On Fundamentals of Industrial Control Risks, Vulnerabilities, Mitigating Controls, and Regulatory Compliance Learning Goals o Understanding definition of industrial controls o Understanding
More informationICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team. National Cybersecurity and Communications Integration Center
ICS-CERT Year in Review Industrial Control Systems Cyber Emergency Response Team 2013 National Cybersecurity and Communications Integration Center What s Inside Welcome 1 National Preparedness 2 Prevention
More informationBuilding more resilient and secure solutions for Water/Wastewater Industry
Building more resilient and secure solutions for Water/Wastewater Industry Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Copyright 2010 Rockwell Automation, Inc. All rights reserved. 1 Governmental
More informationCyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.
Cyber Security :: Insights & Recommendations for Secure Operations N-Dimension Solutions, Inc. Cyber Security Protection for Critical Infrastructure Assets Agenda: Cyber Landscape Cyber Threats to Your
More informationLast year, two security researchers
Last year, two security researchers gave themselves a goal: 100 days to identify as many security vulnerabilities as possible within industrial control system software. The results exceeded our expectations,
More informationRoadmaps to Securing Industrial Control Systems
Roadmaps to Securing Industrial Control Systems Insert Photo Here Mark Heard Eastman Chemical Company Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL McCormick
More informationWHITE PAPER PROTECTING OUR CRITICAL UTILITIES WITH INTEGRATED CONTROL SYSTEMS PROTECTING OUR CRITICAL UTILITIES WITH INTEGRATED CONTROL SYSTEMS
PROTECTING OUR CRITICAL UTILITIES WITH INTEGRATED CONTROL SYSTEMS Critical Infrastructure Security The wellbeing and security of all nations depends on the availability of critical infrastructure, such
More informationPROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM
PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM Don Dickinson Phoenix Contact USA P.O. Box 4100 Harrisburg, PA 17111 ABSTRACT Presidential Executive Order 13636 Improving
More informationCYBERSECURITY RISK MANAGEMENT
CYBERSECURITY RISK MANAGEMENT Evan Wolff Maida Lerner Peter Miller Kate Growley 233 Roadmap Cybersecurity Risk Overview Cybersecurity Trends Selected Cybersecurity Topics Critical Infrastructure DFARS
More informationReproduced with kind permission from Putman Media. The content of this guide first appeared in July 2014 as part of the Control Essentials Series
Reproduced with kind permission from Putman Media. The content of this guide first appeared in July 2014 as part of the Control Essentials Series www.controlglobal.com The Essential Guide to Industrial
More informationSecuring the Grid. Marianne Swanson, NIST Also Moderator Akhlesh Kaushiva (AK), DOE Lisa Kaiser, DHS Leonard Chamberlin, FERC Brian Harrell, NERC
1 Securing the Grid Marianne Swanson, NIST Also Moderator Akhlesh Kaushiva (AK), DOE Lisa Kaiser, DHS Leonard Chamberlin, FERC Brian Harrell, NERC February 27, 2012 NIST and the SGIP 2.0 Cybersecurity
More informationRESILIENCE AGAINST CYBER ATTACKS Protecting Critical Infrastructure Information
www.wipro.com RESILIENCE AGAINST CYBER ATTACKS Protecting Critical Infrastructure Information Saritha Auti Practice Head - Enterprise Security Solutions, Wipro Table of Contents 03... Abstract 03... Why
More informationCybersecurity & Public Utility Commissions
Cybersecurity & Public Utility Commissions November 12, 2014 TCIPG Ann McCabe, Commissioner Illinois Commerce Commission NARUC (National Association of Regulatory Utility Commissioners) Cybersecurity Primer
More informationABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport
ABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport Commercial Nuclear Power Plants Stan Blanton Nuclear Power Subcommittee The Regulatory Landscape NRC
More informationThis chapter provides an overview of cyber security issues and activities by state and federal organizations Cyber security is an ongoing, high
This chapter provides an overview of cyber security issues and activities by state and federal organizations Cyber security is an ongoing, high priority, active initiative within the utility industry.
More informationICS-CERT Incident Response Summary Report
ICS-CERT Incident Response Summary Report 20092011 OVERVIEW The Department of Homeland Security (DHS) Control Systems Security Program manages and operates the Industrial Control Systems Cyber Emergency
More informationA New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager
A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks Alex Leemon, Sr. Manager 1 The New Cyber Battleground: Inside Your Network Over 90% of organizations have been breached
More informationCyber Security and Privacy - Program 183
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
More informationApril 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899
Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,
More informationCYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES
CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information
More informationU.S. Cyber Security Readiness
U.S. Cyber Security Readiness Anthony V. Teelucksingh Senior Counsel United States Department of Justice John Chris Dowd Special Agent Federal Bureau of Investigation Overview U.S. National Plan National
More informationA Regulatory Approach to Cyber Security
A Regulatory Approach to Cyber Security Perry Pederson Security Specialist (Cyber) Office of Nuclear Security and Incident Response U.S. Nuclear Regulatory Commission 1 Agenda Overview Regulatory Framework
More informationHacking the Industrial SCADA Network II The Latest Threats to Automated Production and Process Management Networks
SCADA Threat Assessment: Hacking the Industrial SCADA Network II The Latest Threats to Automated Production and Process Management Networks Highly Automated Production Networks Editor s Note: The original
More informationSubject: Critical Infrastructure Identification, Prioritization, and Protection
For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-7 Subject: Critical Infrastructure Identification, Prioritization,
More informationDecember 17, 2003 Homeland Security Presidential Directive/Hspd-7
For Immediate Release Office of the Press Secretary December 17, 2003 December 17, 2003 Homeland Security Presidential Directive/Hspd-7 Subject: Critical Infrastructure Identification, Prioritization,
More informationSCADA Security Training
SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,
More informationCYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
More informationApril 28, 2009. Dear Mr. Chairman:
April 28, 2009 The Honorable Edward J. Markey Chairman Subcommittee on Energy and Environment Committee on Energy and Commerce U.S. House of Representatives Washington, D.C. 20515 Dear Mr. Chairman: I
More informationHow To Protect Water Utilities From Cyber Attack
Cybersecurity in the Water Sector Copyright 2015 American Water Works Association Overview Reality of the Threat Environment Water Sector Cyber Risk Management Key Resources Connectivity = Exposure Process
More informationWho s Doing the Hacking?
Who s Doing the Hacking? 1 HACKTIVISTS Although the term hacktivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from
More information67% 61% STATE OF CLOUD SECURITY BULLETIN. Information Security in the Energy Sector. Summer 2013 FROM APR SEP 2012
STATE OF CLOUD SECURITY BULLETIN Information Security in the Energy Sector Summer 2013 FROM APR SEP 2012 67% of Alert Logic customers in the energy industry experienced BRUTE FORCE ATTACKS 61% of Alert
More informationEnergy Industry Cybersecurity Report. July 2015
Energy Industry Cybersecurity Report July 2015 Energy Industry Cybersecurity Report INTRODUCTION Due to information sharing concerns, energy industry cybersecurity information is not readily available.
More informationWhat is Management Responsible For?
What is Management Responsible For? Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf & Company, P.C Regional
More informationNational Cyber Threat Information Sharing. System Strengthening Study
Contemporary Engineering Sciences, Vol. 7, 2014, no. 32, 1755-1761 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ces.2014.411235 National Cyber Threat Information Sharing System Strengthening
More informationBest Practices in ICS Security for System Operators. A Wurldtech White Paper
Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationCyber-Security Risk in the Global Organization:
Cyber-Security Risk in the Global Organization: Trends, Challenges and Strategies for Effective Management David Childers, CCEP, CIPP CEO, Compli Todd Carroll Assistant Special Agent in Charge, FBI Three
More informationSCADA Security: Challenges and Solutions
SCADA Security: Challenges and Solutions June 2011 / White paper by Metin Ozturk, Philip Aubin Make the most of your energy Summary Executive Summary... p 2 Protecting Critical Infrastructure Includes
More informationNIST Cybersecurity Framework What It Means for Energy Companies
Daniel E. Frank J.J. Herbert Mark Thibodeaux NIST Cybersecurity Framework What It Means for Energy Companies November 14, 2013 Your Panelists Dan Frank J.J. Herbert Mark Thibodeaux 2 Overview The Cyber
More informationInformation Bulletin
Public Policy Division Impact of NIST Guidelines for Cybersecurity Prepared by UTC Staff 1. Introduction... 3 2. Cybersecurity Landscape... 3 3. One Likely Scenario... 5 4. Draft NISTIR 7628, Guidelines
More informationWhat Risk Managers need to know about ICS Cyber Security
What Risk Managers need to know about ICS Cyber Security EIM Risk Managers Conference February 18, 2014 Joe Weiss PE, CISM, CRISC, ISA Fellow (408) 253-7934 joe.weiss@realtimeacs.com ICSs What are they
More informationSecuring Industrial Control Systems in the Chemical Sector. Roadmap Awareness Initiative Making the Business Case
Securing Industrial Control Systems in the Chemical Sector Roadmap Awareness Initiative Making the Business Case Developed by the Chemical Sector Coordinating Council in partnership with The U.S. Department
More informationExecutive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6
Securing the State Of Michigan Information Technology Resources Table of Contents Executive Overview...4 Importance to Citizens, Businesses and Government...5 Emergency Management and Preparedness...6
More informationOil & Gas Cybersecurity
COurse Oil & Gas Cybersecurity Best Practices & Future Trends Sheraton Pentagon City Hotel Supporting Organization is authorized by IACET to offer 0.6 CEUs for the course. 1 Overview The energy industry
More informationExecutive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.
Executive Summary Statement of Nadya Bartol Vice President, Industry Affairs and Cybersecurity Strategist Utilities Telecom Council Before the Subcommittee on Oversight and Subcommittee on Energy Committee
More informationHow To Defend Against A Cyber Attack
As appears in: Cybersecurity - more than just a good firewall by Jim Fererro, Senior Vice President, GlobaLogix (8/4/2013) In seemingly too short a timespan, energy industry cyber threats have escalated
More informationSeven Strategies to Defend ICSs
INTRODUCTION Cyber intrusions into US Critical Infrastructure systems are happening with increased frequency. For many industrial control systems (ICSs), it s not a matter of if an intrusion will take
More informationWhat is Cyber Liability
What is Cyber Liability Ubiquitous Warfare Espionage Media Operational Data Security and Privacy Tech 1 Data Security and Privacy Data Breach Response Costs Privacy Regulatory Action Civil Litigation INSURABLE
More informationCybersecurity. Are you prepared?
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
More informationSecuring connected critical infrastructure against cyber threats
White paper Securing connected critical infrastructure against cyber threats www.cyberoam.com yber-attacks appeared a rather remote possibility to critical infrastructure until now, since owners and operators
More informationProtection from cyber threats
52 ABB review 4 12 Protection from cyber threats Can utilities and industries afford a cyber security breach? PATRIK BOO The intensity of cyber attacks on IT systems increases with every passing day. Worryingly,
More informationProtect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies
Protect Your Assets Cyber Security Engineering Control Systems. Power Plants. Hurst Technologies Cyber Security The hackers are out there and the cyber security threats to your power plant are real. That
More informationModern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth
Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference
More informationFrost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends
Frost & Sullivan s Aerospace, Defence & Security Practice Global Industrial Cyber Security Trends Presented by Philipp Reuter Director Frost & Sullivan, Turkey 1 Worth over $ 50 Billion globally in 2014
More informationOPC & Security Agenda
OPC & Security Agenda Cyber Security Today Cyber Security for SCADA/IS OPC Security Overview OPC Security Products Questions & Answers 1 Introduction CYBER SECURITY TODAY The Need for Reliable Information
More informationADVANCED CYBER ATTACKS ON GLOBAL ENERGY FACILITIES
MARSH RISK MANAGEMENT RESEARCH ADVANCED CYBER ATTACKS ON GLOBAL ENERGY FACILITIES MARCH 2014 CONTENTS 1 PROTECTING ENERGY FACILITIES AGAINST GROWING CYBER RISKS 2 ENERGY SECTOR TARGETED DISPROPORTIONATELY
More informationCYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES. second edition
CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES second edition The information provided in this document is presented as a courtesy to be used for informational purposes only.
More informationAURORA Vulnerability Background
AURORA Vulnerability Background Southern California Edison (SCE) September 2011-1- Outline What is AURORA? Your Responsibility as a Customer Sectors Impacted by AURORA Review of Regulatory Agencies History
More informationProtecting Organizations from Cyber Attack
Protecting Organizations from Cyber Attack Cliff Glantz and Guy Landine Pacific Northwest National Laboratory (PNNL) PO Box 999 Richland, WA 99352 cliff.glantz@pnnl.gov guy.landine@pnnl.gov 1 Key Topics
More informationAn International Perspective on Security and Compliance
UNIDIRECTIONAL SECURITY GATEWAYS An International Perspective on Security and Compliance ICSJWG Fall Conference 2014 Lior Frenkel, CEO and Co-Founder Waterfall Security Solutions Andrew Ginter, VP Industrial
More informationIndustrial Cyber Security 101. Mike Spear
Industrial Cyber Security 101 Mike Spear Introduction Mike Spear Duluth, GA USA Global Operations Manager, Industrial Cyber Security Mike.spear@honeywell.com Responsible for the Global Delivery of Honeywell
More informationTHE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013
THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationThe digital future for energy and utilities.
Digital transformation has changed the way you do business. The digital future for energy and utilities. Digital is reshaping the landscape in every industry, and the energy and utilities sectors are no
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationActions and Recommendations (A/R) Summary
Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry
More informationINDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
More informationWritten Statement of Richard Dewey Executive Vice President New York Independent System Operator
Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationCOVER FEATURE PANDORA'S NET. Pandora s Net
COVER FEATURE PANDORA'S NET F28 Pandora s Net HACKERS HAVE FOUND VULNERABILITIES IN THE WAY THE ELECTRICAL GRID IS TIED TO THE INTERNET BY BRITTANY LOGAN Google we know about. It s a search engine for
More informationNIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH
NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH SANS ICS Security Summit March 18, 2014 Jason D. Christopher Nadya Bartol Ed Goff Agenda Background Use of Existing Tools: C2M2 Case
More informationState Engagement with the Energy Sector to Improve Cyber Security
Contact: Allison Cullin Homeland Security and Technology Division 202/624-5311 April 20, 2010 State Engagement with the Energy Sector to Improve Cyber Security Executive Summary The state-owned computer
More informationOur plant has been hacked! Industry News Cyber News Consultant s Corner. Our plant has been hacked!
this issue Our plant has been hacked! Industry News Cyber News Consultant s Corner Our plant has been hacked! Sept. 2012 Cyber Attack Statistics - Hackmageddon.com Attack Motivations 56% Cyber Crime 44%
More informationManitoba Hydro. Web version. Managing Cyber Security Risk Related to Industrial Control Systems
Manitoba Hydro Web version Managing Cyber Security Risk Related to Industrial Control Systems Office of the Auditor General Manitoba March 2014 361 Web version Executive Management Carol Bellringer Norm
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More information