Ground Truth Competency Assessment for Smart Grid Cyber Security
|
|
- Leslie King
- 8 years ago
- Views:
Transcription
1 Ground Truth Competency Assessment for Smart Grid Cyber Security TCIPG May 4, 2012 Michael Assante President, NBISE David H. Tobey, Ph.D. Director of Research
2 The Need for Cyber Defenders "Everywhere I go, across the country, CEOs and business leaders tell me that one of their chief concerns is having the highly skilled workers they need to power their companies. They believe, and this administration believes, that a globally competitive economy requires a globally competitive workforce Secretary of Commerce John Bryson 2
3 Grid Modernization Explosion of interconnected automation & intelligence Growing complexity & sophistication of cyber concerns Develop adaptive & resilient systems (people & technology) Onboard new & transforming our current workforce
4 21 st Century Grid Cross Cutting Challenge of Cyber Security Plug-In Hybrid Electric Vehicles / Storage Demand Response reliability Wind & Variable Generation Demand smart grid Conventional & Hydro Generation Energy Efficiency Nuclear Rooftop Solar / Local Wind Development cyber security Drivers Policy Security Economic Building the 21 st century grid requires a comprehensive and coordinated approach to policy and resource development looking at the grid as a whole, not as component parts.
5 Growing Numbers/Complexity Requires major productivity gains and accelerated skill development Devices Things Devices & Microcontrollers People Internet Hosts Devices Organizations Departments PC Mini Mainframe
6 NBISE s Mission Our mission is to increase the security of our nation s critical infrastructure by improving the science by which we identify and measure the proficiency, the performance, and the potential of the cyber security workforce. Our vision is to establish a national, open source library of assessment, instruction, target practice, and performance support tools that advance cyber defense skills through combining lessons learned from cognitive science and psychometrics. We seek to codify, validate, and disseminate evidence-based practices for accelerating the development of competencies that enable effective performance in addressing the growing cybersecurity threat.
7 How can we assess and develop the future cybersecurity workforce? 1. Job Definition and Competency Analysis 5. Professional Development Plans 4. Proficiency and Performance Assessment 6. Ongoing Performance Support & Simulation 3. Instructional & Simulation Design 2. Aptitude Assessment Source: Assante, M. J. & Tobey, D. H. (2011) Enhancing the Cybersecurity Workforce. IEEE IT Professional, 13:
8 Moving from summative to formative assessments Example from NBME Examinee Performance Profile
9 Foundational Support to Achieving the Benefits of Grid Modernization Purpose: The project contributes to the Department of Energy s efforts to develop a competency model and explore assessment methods focused on the job responsibilities and unique skill set of Smart Grid cybersecurity specialists. This work is designed to provide a foundation for industry s ongoing efforts to transform and develop the workforce necessary to achieve the benefits of grid modernization. Who: Those primarily responsible for operational security functions for dayto-day operations, but not engineering and architecture, in smart grid environments. How: Examination of the technical, problem solving, social and analytical skills used by senior cyber security staff in the daily execution of their responsibilities. Verify: A measurement model for assessing knowledge, skills, and abilities in the areas of technical and operational skills.
10 Subject Matter Expert Panel and Advisory Group Panel Officers Chair Justin Searle UtiliSec Vice Chair - Scott King Sempra Energy Advisory Group John Allen IEIA Forum Joel Garmon - Wake Forest Baptist Medical Center (CISO) Dr. Emannuel - Hooper Global Info Intel and Harvard Bill Hunteman Jamey Sample - PG&E Panel Member Representation Service Gov't Industry Research Vendor Panel Members Lee Aber - OPower Sandeep Agrawal - Neilsoft Limited Bora Akyol - PNNL Andres Andreu - NeuroFuzz, LLC Balusamy Arumugam - Infosys Chris Blask - AlienVault Andy Bochman - IBM Jason Christopher - FERC Art Conklin - University of Houston Benjamin Damm - Silver Springs Network Anthony David Scott - Accenture Steve Dougherty - IBM Global Technology Services Ido Dubrawsky - Itron Michael Echols - Salt River Project Dr. Barbara Endicott-Popovsky - University of Washington Cliff Eyre - PNNL Maria Hayden - Pentagon Charles Reilly Southern California Edison Craig Rosen - PG&E Scott Saunders - SMUD Chris Sawall - Ameren Paul Skare - PNNL Clay Storey - Avista Dan Thanos - GE Digital Energy Kevin Tydings - SAIC Don Weber - InGuardians Mike Wenstrom - Mike Wenstrom Development Partners Nic Ziccardi - Network & Security Technologies
11 Security Testing & Smart Grid Source: Searle, Justin (2012) AMI Penetration Test Plan, National Electric Sector Cybersecurity Organization.
12 Current Draft OST Competency Model Constructs (Goal & Task Categories) Manage the project Develop project plan Monitor project plan Identify the critical vulnerabilities Identify critical vulnerabilities Analyze and map critical vulnerabilities Develop and execute mitigation strategy Penetrate targets Identify targets to penetrate Analyze targets to penetrate Develop and execute penetration strategy Exploit vulnerabilities Infrastructure Web and Applications Other Perform tasks in a safe and lawful fashion Constructs (Goal & Task Categories) Mitigate vulnerabilities Identify resources Plan and document actions Communicate actions Understand and demonstrate impact Specify target-specific impact Determine implications/plan response Communicate impact Educate team and clients Educate team Educate clients
13 Developing the Science of Competency Assessment: JOB PERFORMANCE MODELING
14 What is a competency? Broad Consistent Ability (transfer across domains) Skills (consistency of performance) Inconsistent Narrow = Novice Shallow Knowledge (understanding of strategy or procedure) = Apprentice = Journeyman = Master Deep Source: Tobey, D. H. et. al. (in press) Predictive Performance Modeling: An innovative approach to defining critical competencies that distinguish levels of performance," National Board of Information Security Examiners, Idaho Falls, ID, OST Working Group Report NBISE-OST-11-01
15 Defining proficiency at multiple levels for multiple roles Source: Tobey, D. H. et. al. (2011) Predictive Performance Modeling: An innovative approach to defining critical competencies that distinguish levels of performance," National Board of Information Security Examiners, Idaho Falls, ID, OST Working Group Report NBISE-OST-11-01
16 Critical Differentiation Analysis Low Task Criticality High Task Differentiation Low High #1 #2 #3 #4 #5 #1 #2 #3 #4 #5 #1 #2 #3 #4 #5 #1 #2 #3 #4 #5
17 Defining the path to performance Masters Source: Tobey, D. H. et. al. (2011) Predictive Performance Modeling: An innovative approach to defining critical competencies that distinguish levels of performance," National Board of Information Security Examiners, Idaho Falls, ID, OST Working Group Report NBISE-OST Apprentices Journeymen
18 Self-Assessment Instrument Knowledge (Understanding) Learning Modes/Hours Degree of understanding Degree of difficulty Skill (Consistency) Self-efficacy scale Frequency scale Performance scale Ability Planning and Monitoring Problem Solving
19 Individual Competency Profile: Radial Chart Views by Composite, Knowledge, Skill, and Ability Mitigate Vulnerabilities Penetrate Targets 4 Exploit vulnerabilities 2 0 Identify Vulnerabilities Performance Levels Red: Low performance Yellow: Borderline performance Green: High performance
20 Individual Competency Profile: Drill-down (Penetrate targets) Foundational Tasks Composite score Comparative score Identify ownership of gateway devices (16.77) 83.8 Average Identify recon that is within project scope (15.63) 46.8 Low Search online sources for useful information about a target (15.45) 53.5 Average Differentiating Tasks (with weights) Analyze data found on compromised machines to enable exploitation deeper into the network (24.02) 36.0 Average Identify major assets subject to attacks (23.67) 87.2 High Identify targets for potential exploitation (23.67) 56.0 High Analyze data found on compromised machines for strategic value as seen by a worst case attacker (23.60) Overall Score 26.2 Low My Score 54.9 Average Knowledge Skill Ability Identify recon that is within project scope
21 Workforce Planning Source: International Center for Leadership in Education (ICLE) Rigor/Relevance Framework (Daggett, 2000)
22 Rigor/Relevance Framework Analysis Symbols for major competencies Instances represent task areas Location of instances represent current achievement (KSAs) by quadrant: 1. Foundational Knowledge 2. Foundational Skill 3. Differentiating Skill 4. Ability Drill down on any instance to a personal development plan
23 Personal Development Plan Clicking on any symbol instance in the RRF brings up the table What are my strengths? What are my weaknesses? Feedback I have received? Conclusion Reference work #1 Reference work #2 Online course #1 Online course #2 When do I want or need to achieve the desired state? What is my schedule to work on these focus areas? State Analysis 1, 2., 3, 4., 5. 1, 2., 3, 4., 5. 1, 2., 3, 4., 5. 1, 2., 3, 4., 5. Resource Listing US-Cert: Cyber Security Policy Planning and Preparation PDF download NIST: Guide to Industrial Control Systems (ICS) Security PDF download SANS: Hacker Techniques, Exploits & Incident Handling LMS course SANS: Reverse-Engineering Malware: Analysis Tools and Techniques LMS course Improvement Timeline Focus Area #1 : Short term ; Medium term ; Long term Focus Area #2 : Short term ; Medium term ; Long term Focus Area #1 : Day / time 1 ; Day / time 2 ; Day / time 3 Focus Area #2 : Day / time 1 ; Day / time 2 ; Day / time 3 Notes Document any important notes or other items in this section
24 The GTED Cybersecurity Performance Management System Workforce Planning and Development Organization Assessment Summary Individual Assessment Summary Task Assessment Results with KSA Metrics
25 Advanced Defender Aptitude, Performance Testing and Simulation (ADAPTS) Framework Competency Model Content Model Object Model Development Model Assessments Content Metrics Simulations Etc. Assessment Objects (TestLets) SCORM/CMI-5 XML Library Training Objects (CourseLets) Simulation Objects (SimLets) Adapted from Ostyn (2005) Competency Data for Training Automation
26 Why job performance models are important Facilitate translation of functional roles into job roles Clearly distinguish knowledge, skill, and ability Determine factors that differentiate performance at varying levels of skill Identify the critical factors that predict performance Competency models describe Job performance models prescribe JPM s help to determine who should be developed (aptitude), how to development them (skill profiles), and when they are ready to take the next step (performance-based learning) 26
27 Questions? Contact: Michael Assante
Agenda: Workforce Development for ICS Security
Workforce Development for ICS Security Cross cutting challenge shared by asset owner & supplier Item Spans 1 professional training to simple awareness Item 2 No identified pipeline to recruit from and
More informationSmart Grid Cybersecurity Certification Phase 1 Overview Report
Prepared for the U.S. Department of Energy under Contract DE-AC05-76RL01830 Smart Grid Cybersecurity Certification Phase 1 Overview Report LR O Neil, PNNL MJ Assante, NBISE DH Tobey, NBISE August 2012
More informationSecure Power Systems Professional Project Phase 2 Closeout Briefing Lori Ross O Neil, PNNL and Michael Assante, NBISE
Secure Power Systems Professional Project Phase 2 Closeout Briefing Lori Ross O Neil, PNNL and Michael Assante, NBISE Background Challenges Project description Outcomes and Findings 1 Challenge facing
More informationAgenda: Secure Power Systems Specialist. Challenges Project description Outcomes & findings. Phase I briefing, August 27, 2012
Secure Power Systems Specialist Phase I briefing, August 27, 2012 By Lori Ross O Neil, PNNL and Michael Assante, NBISE Agenda: Challenges Project description Outcomes & findings 1 Challenge facing the
More informationDefine & Assess Skills - Smart Grid Security Specialists
Define & Assess Skills - Smart Grid Security Specialists SANS 2011 North American SCADA & Process Control Summit Michael Assante President & CEO NBISE michae.assante@nbise.org 208-557-8026 Cyber Security:
More informationSECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS
1 SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS Synopsis SPSP Project Overview Phase I Summary Phase
More informationSmart Grid America: Securing your network and customer data. Michael Assante Vice President and Chief Security Officer March 9, 2010
Smart Grid America: Securing your network and customer data Michael Assante Vice President and Chief Security Officer March 9, 2010 About NERC The electric industry s self-regulatory organization for reliability
More informationCyberNEXS Global Services
CyberNEXS Global Services CYBERSECURITY A cyber training, exercising, competition and certification product for maximizing the cyber skills of your workforce The Cyber Network EXercise System CyberNEXS
More informationIntroduction to NICE Cybersecurity Workforce Framework
Introduction to NICE Cybersecurity Workforce Framework Jane Homeyer, Ph.D., Deputy ADNI/HC for Skills and Human Capital Data, ODNI Margaret Maxson, Director, National Cybersecurity Education Strategy,
More informationRisk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit
Page 1 of 10 Events Partners Careers Contact Facebook Twitter LinkedIn Pike Research Search search... Home About Research Consulting Blog Newsroom Media My Pike Logout Overview Smart Energy Clean Transportation
More informationNational Initiative for Cybersecurity Education
THE NICE VISION National Initiative for Cybersecurity Education a national campaign to promote cybersecurity awareness and digital literacy from our boardrooms to our classrooms, and to build a digital
More informationHow to use the National Cybersecurity Workforce Framework. Your Implementation Guide
How to use the National Cybersecurity Workforce Framework Your Implementation Guide A NATIONAL PROBLEM The Nation needs greater cybersecurity awareness. The US workforce lacks cybersecurity experts. Many
More informationNational Initiative for Cyber Security Education
2014/PPWE/SEM2/007 Agenda Item: 5 National Initiative for Cyber Security Education Submitted by: United States Women Business and Smart Technology Seminar Beijing, China 23 May 2014 NICE OVERVIEW Women
More informationTeam Members: Jared Romano, Rachael Dinger, Chris Jones, Miles Kelly Supervising Professor: Dr. George Collins Industry Advisor: Dr.
Cyber Security 2014 Team Members: Jared Romano, Rachael Dinger, Chris Jones, Miles Kelly Supervising Professor: Dr. George Collins Industry Advisor: Dr. Joel Dubow Hacking Incidents Reported to the Cyber
More informationSmart Grid Security: A Look to the Future
Smart Grid Security: A Look to the Future SESSION ID: TECH-W03A Gib Sorebo Chief Cybersecurity Technologist Leidos @gibsorebo Overview Distributed Energy Plug-in Vehicles Evolving Threats: Market Manipulation,
More informationWhite Paper: Leveraging Web Intelligence to Enhance Cyber Security
White Paper: Leveraging Web Intelligence to Enhance Cyber Security October 2013 Inside: New context on Web Intelligence The need for external data in enterprise context Making better use of web intelligence
More informationNational Institute of Standards and Technology Smart Grid Cybersecurity
National Institute of Standards and Technology Smart Grid Cybersecurity Vicky Yan Pillitteri Advisor for Information Systems Security SGIP SGCC Chair Victoria.yan@nist.gov 1 The National Institute of Standards
More informationAdvancing Cyber Security Using System Dynamics Simulation Modeling for System Resilience, Patching, and Software Development
Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity (IC) 3 12 February 2015 Advancing Cyber Security Using System Dynamics Simulation Modeling for System Resilience, Patching,
More informationFacilitated Self-Evaluation v1.0
Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) Patricia Hoffman Facilitated Self-Evaluation v1.0 Assistant Secretary Office of Electricity Delivery and Energy Reliability U.S.
More informationNICE and Framework Overview
NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to
More informationData Driven Assessment of Cyber Risk:
Data Driven Assessment of Cyber Risk: Challenges in Assessing and Mitigating Cyber Risk Mustaque Ahamad, Saby Mitra and Paul Royal Georgia Tech InformationSecurity Center Georgia Tech Research Institute
More informationSPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Behavioral Interview Guidelines by Job Roles
PNNL-24140 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Behavioral Interview Guidelines by Job Roles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton
More informationHow To Protect A Smart Grid From Cyber Security Threats
Smart Grid Cyber Security System Reliability, Defense-in-Depth, Business Continuity, Change Management, Secure Telecommunications, Endpoint Protection, Identity Management, and Security Event Management
More informationIntegrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education
Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and Healthy Students Hamed Negron-Perez,
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationRelease of the Draft Cybersecurity Procurement Language for Energy Delivery Systems
Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Energy Sector Control Systems Working Group Supporting the Electricity Sector Coordinating Council, Oil & Natural Gas
More informationCYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
More informationWeb application security Executive brief Managing a growing threat: an executive s guide to Web application security.
Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction
More informationPREPARED DIRECT TESTIMONY OF SCOTT KING ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY
BEFORE THE PUBLIC UTILITIES COMMISSION OF THE STATE OF CALIFORNIA Application of SOUTHERN CALIFORNIA GAS COMPANY (U 0 G) for Review of its Safety Model Assessment Proceeding Pursuant to Decision 1-1-0.
More informationNGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;
NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity challenges facing the nation. Although implementing policies and practices that will make state systems and data more secure will
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationEffective Information Sharing and Analysis Process
Bringing Data to Life Presented by Michael Echols REGIONAL INTELLIGENCE SEMINAR AND NATIONAL SECURITY FORUM DHS Responsibilities Emergency Communications Capabilities Secure dot-gov Assist in Protecting
More informationIEEE-Northwest Energy Systems Symposium (NWESS)
IEEE-Northwest Energy Systems Symposium (NWESS) Paul Skare Energy & Environment Directorate Cybersecurity Program Manager Philip Craig Jr National Security Directorate Sr. Cyber Research Engineer The Pacific
More informationThe Changing Threat Surface in. Embedded Computing. Riley Repko. Vice President, Global Cyber Security Strategy
The Changing Threat Surface in Embedded Computing Riley Repko Vice President, Global Cyber Security Strategy Embedded Computing History First embedded system was the Apollo Guidance Computer First integrated
More informationIntegrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)
Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs) Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and
More informationImplementing a Quantitative Risk- Based Approach to Cyber Security
Implementing a Quantitative Risk- Based Approach to Cyber Security SESSION ID: STR-W01 Scott Borg U.S. Cyber Consequences Unit scott.borg@usccu.us The main problem to overcome: the statistical techniques
More informationPreparing for Performance Building the Cybersecurity Workforce We Need. Maurice Uenuma 13 November 2013
Preparing for Performance Building the Cybersecurity Workforce We Need Maurice Uenuma 13 November 2013 The Challenge Shortage in numbers Jobs +53% by 2018 Only 24% of H.S. students would even consider
More informationUtility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security
Boeing Defense, Space & Security Ventures Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security Tristan Glenwright - Boeing BOEING is a trademark of Boeing Management Company. The
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationCritical Infrastructure in a CyberPhysicalHuman World
Critical Infrastructure in a CyberPhysicalHuman World December 2015 Approved for Public Release; Distribution Unlimited. 15-3575 2015 The MITRE Corporation. All rights reserved. Chris Folk, MBA, Director,
More informationRethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council
Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult
More informationSTATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE
STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE COMMITTEE ON ENERGY AND NATURAL RESOURCES UNITED STATES SENATE
More informationPanel Session: Lessons Learned in Smart Grid Cybersecurity
PNNL-SA-91587 Panel Session: Lessons Learned in Smart Grid Cybersecurity TCIPG Industry Workshop Jeff Dagle, PE Chief Electrical Engineer Advanced Power and Energy Systems Pacific Northwest National Laboratory
More informationCYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills DAU-South
CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS Steve Mills DAU-South 1 Overview Questions Cybersecurity Owners and Stakeholders Cybersecurity Why It Matters to DoD Program Managers Defense Science
More informationBreakthrough Cyber Security Strategies. Introducing Honeywell Risk Manager
Breakthrough Cyber Security Strategies Introducing Honeywell Risk Manager About the Presenter Eric D. Knapp @ericdknapp Global Director of Cyber Security Solutions and Technology for Honeywell Process
More informationCyber Security Working Group
Cyber Security Working Group Guidelines for Smart Grid Cyber Security (NISTIR 7628) National Institute of Standards and Technology U.S. Department of Commerce 1 Today s Electric Grid Markets and Operations
More informationSecurity Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013
Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational
More informationTestimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security
Testimony of Dr. Phyllis Schneck Deputy Under Secretary for Cybersecurity and Communications National Protection and Programs Directorate United States Department of Homeland Security Before the United
More informationAbout Our 2015 WTA Cyber Security Speakers and Sessions
About Our 2015 WTA Cyber Security Speakers and Sessions The constant threat of cyber security attacks is the number one concern for most businesses today. Weaknesses in networks and data security can expose
More informationCyber Security for Advanced Manufacturing Next Steps
Status Update Cyber Security for Advanced Manufacturing Next Steps NDIA Manufacturing Division February 19, 2015 Michael McGrath Consultant, Analytic Services Inc. michael.mcgrath@anser.org NDIA White
More informationThomas J. Schlagel Chief Information Officer, BNL
Thomas J. Schlagel Chief Information Officer, BNL PhD in Nuclear Physics from the University of Illinois at Urbana-Champaign in 1990 Joined BNL in 1990 as a Postdoctoral Associate in the Nuclear Theory
More informationU.S. Department of Energy Office of Inspector General Office of Audits and Inspections
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report The Department's Configuration Management of Non-Financial Systems OAS-M-12-02 February 2012 Department
More informationADVANCED DISTRIBUTION MANAGEMENT SYSTEMS OFFICE OF ELECTRICITY DELIVERY & ENERGY RELIABILITY SMART GRID R&D
ADVANCED DISTRIBUTION MANAGEMENT SYSTEMS OFFICE OF ELECTRICITY DELIVERY & ENERGY RELIABILITY SMART GRID R&D Eric Lightner Director Federal Smart Grid Task Force July 2015 2 OE Mission The Office of Electricity
More informationBridging the knowledge gap between power engineering and cyber security: Imparting the interdisciplinary knowledge in cyber security for power systems
1 Bridging the knowledge gap between power engineering and cyber security: Imparting the interdisciplinary knowledge in cyber security for power systems Peter W. Sauer University of Illinois at Urbana-Champaign
More informationDETECT. LEARN. ADAPT. DEFEND. WIN EVERY ATTACK.
DETECT. LEARN. ADAPT. DEFEND. WIN EVERY ATTACK. A Brief History of IT Security Once upon a time, IT security was simple. Viruses were written to attack any system they came in contact with. As a result,
More informationInformation Technology Risk Management
Find What Matters Information Technology Risk Management Control What Counts The Cyber-Security Discussion Series for Federal Government security experts... by Carson Associates your bridge to better IT
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationCyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015
Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology
More informationDHS Cyber Security & Resilience Resources: Cyber Preparedness, Risk Mitigation, & Incident Response
February 2015 DHS Cyber Security & Resilience Resources: Cyber Preparedness, Risk Mitigation, & Incident Response Cyber Security Advisor Program Office of Cybersecurity & Communications National Protection
More informationCyber Watch. Written by Peter Buxbaum
Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs
More informationA Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst
TRACESECURITY WHITE PAPER GRC Simplified... Finally. A Guide to Successfully Implementing the NIST Cybersecurity Framework Jerry Beasley CISM and TraceSecurity Information Security Analyst TRACESECURITY
More informationRisk Management in Practice A Guide for the Electric Sector
Risk Management in Practice A Guide for the Electric Sector Annabelle Lee Senior Technical Executive ICCS European Engagement Summit April 28, 2015 Before we continue let s get over our fears and myths
More informationQRadar SIEM and FireEye MPS Integration
QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving
More informationAdvanced Inverter Overview
Advanced Inverter Overview Renewables on the Distribution Grid Minnesota Public Utilities Commission April 11, 2014 Lise Trudeau Senior Engineering Specialist Minnesota Department of Commerce Division
More informationHow To Protect Water Utilities From Cyber Attack
Cybersecurity in the Water Sector Copyright 2015 American Water Works Association Overview Reality of the Threat Environment Water Sector Cyber Risk Management Key Resources Connectivity = Exposure Process
More informationBlacKnight. Cyber Security international A BUSINESS / MARKETING PRESENTATION
BlacKnight Cyber Security international A BUSINESS / MARKETING PRESENTATION The BlacKnight Mission To provide proven techniques and innovative learning services to help organizations detect, deter and
More informationHow To Manage Risk On A Scada System
Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives (Revised March 2012) Disclaimer: To the extent permitted by law, this document
More informationWHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK
WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK DATE OF RELEASE: 27 th July 2012 Table of Contents 1. Introduction... 2 2. Need for securing Telecom Networks... 3 3. Security Assessment Techniques...
More informationShared Infrastructure: What and Where is Collaboration Needed to Build the SM Platform?
Smart Manufacturing Forum Shared Infrastructure: What and Where is Collaboration Needed to Build the SM Platform? 10:45-11:45am panel discussion Moderator: John Bernaden, Vice Chair, Smart Manufacturing
More informationFrost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends
Frost & Sullivan s Aerospace, Defence & Security Practice Global Industrial Cyber Security Trends Presented by Philipp Reuter Director Frost & Sullivan, Turkey 1 Worth over $ 50 Billion globally in 2014
More informationIndustrial Control Security
Industrial Control Security Holiday Inn, Sacramento, California www.industrialcontrolsecurityusa.com www.cybersenate.com The Effective Approach for Protecting Oil and Gas Critical Infrastructures from
More informationCyber Information-Sharing Models: An Overview
PARTNERSHIP Cyber Information-Sharing Models: An Overview October 2012. The MITRE Corporation. All rights reserved. Approved for Public Release. Case Number 11-4486. Distribution Unlimited. Table of Contents
More informationNIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin, MoFo
2014 Morrison & Foerster LLP All Rights Reserved mofo.com NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin,
More informationCyber Security. Doug Houseman Doug@Enernex.com. Engineering Consulting Research. Modeling Simulation Security. The Practical Grid Visionaries TM
Cyber Security Engineering Consulting Research Modeling Simulation Security Doug Houseman Doug@Enernex.com The Practical Grid Visionaries TM Warnings The costs given are based on prior projects They may
More informationCS 2 SAT: The Control Systems Cyber Security Self-Assessment Tool
INL/CON-07-12810 PREPRINT CS 2 SAT: The Control Systems Cyber Security Self-Assessment Tool ISA Expo 2007 Kathleen A. Lee January 2008 This is a preprint of a paper intended for publication in a journal
More informationProtect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies
Protect Your Assets Cyber Security Engineering Control Systems. Power Plants. Hurst Technologies Cyber Security The hackers are out there and the cyber security threats to your power plant are real. That
More informationBEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT
BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT Exelon Corporation Cybersecurity Supply Chain Risk Management INTERVIEWS Spencer Wilcox Managing Security Strategist and Special Assistant to the Chief
More informationIndustry involvement in education and research - TCIPG
1 Industry involvement in education and research - TCIPG Peter W. Sauer and William H. Sanders (and the TCIPG team) IEEE/PES GM, Denver, CO July 29, 2015 Outline History and facts TCIPG Overview and Vision
More informationCybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014
Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationCIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016
CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016 My name is Jacob Olcott and I am pleased to share some observations on
More informationUS-CERT Year in Review. United States Computer Emergency Readiness Team
US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 What s Inside Welcome 1 Vison, Mission, Goals
More informationWritten Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.
Written Testimony of Dr. Andy Ozment Assistant Secretary for Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee on Oversight and Government
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationHow To Audit The Mint'S Information Technology
Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit
More informationUtilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: What do large enterprises need in order to address increasingly
More informationNICE Cybersecurity Workforce Framework Tutorial
NICE Cybersecurity Workforce Framework Tutorial Jane Homeyer, Ph.D., Deputy ADNI/HC for Skills and Human Capital Data, ODNI Margaret Maxson, Director, National Cybersecurity Education Strategy, DHS Outline
More informationIs security awareness a waste of time?
Is security awareness a waste of time? New York State Cyber Security Conference June 5, 2013 Scott Gréaux Vice President Product Management and Services, PhishMe, Inc. They are exploiting human vulnerabilities
More informationSPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles
PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the
More informationSCADA Security Training
SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,
More information1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.
Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is
More informationIndustrial Cyber Security 101. Mike Spear
Industrial Cyber Security 101 Mike Spear Introduction Mike Spear Duluth, GA USA Global Operations Manager, Industrial Cyber Security Mike.spear@honeywell.com Responsible for the Global Delivery of Honeywell
More informationLarry Clinton President & CEO Internet Security Alliance lclinton@isalliance.org 703-907-7028 202-236-0001 www.isalliance.org
Larry Clinton President & CEO Internet Security Alliance lclinton@isalliance.org 703-907-7028 202-236-0001 www.isalliance.org ISA Board of Directors Ty Sagalow, Esq. Chair, Executive Vice President & Chief
More informationSteve Lusk Alex Amirnovin Tim Collins
Steve Lusk Alex Amirnovin Tim Collins ViaSat Inc. Cyber-intrusion Auto-response and Policy Management System (CAPMS) Cybersecurity for Energy Delivery Systems Peer Review August 5-6, 2014 Summary: Cyber-intrusion
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Collaboration and communication between technical
More informationRSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst
ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents
More informationfuture data and infrastructure
White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal
More information