Cybersecurity Guidance for Industrial Automation in Oil and Gas Applications

Size: px
Start display at page:

Download "Cybersecurity Guidance for Industrial Automation in Oil and Gas Applications"

Transcription

1 Cybersecurity Guidance for Industrial Automation in Oil and Gas Applications February 17, 2015

2 Agenda

3 Agenda Introductions

4 Agenda Introductions Discussion of the current state of Cybersecurity for Controls Systems with discussions from outside sources

5 Agenda Introductions Discussion of the current state of Cybersecurity for Controls Systems with discussions from outside sources New Cybersecurity Guidance ebook and Engineering Services available from InduSoft

6 Agenda Introductions Discussion of the current state of Cybersecurity for Controls Systems with discussions from outside sources New Cybersecurity Guidance ebook and Engineering Services available from InduSoft Deeper dive into the Security ebook a look inside.

7 Agenda Introductions Discussion of the current state of Cybersecurity for Controls Systems with discussions from outside sources New Cybersecurity Guidance ebook and Engineering Services available from InduSoft Deeper dive into the Security ebook a look inside. Discussion of the new SCADA Cybersecurity Framework ebook and the associated certificate courses at Eastern New Mexico University-Ruidoso

8 Agenda Introductions Discussion of the current state of Cybersecurity for Controls Systems with discussions from outside sources New Cybersecurity Guidance ebook and Engineering Services available from InduSoft Deeper dive into the Security ebook a look inside. Discussion of the new SCADA Cybersecurity Framework ebook and the associated certificate courses at Eastern New Mexico University-Ruidoso Q&A Session

9 Speakers Today (in order of presentation) Richard Clark Technical Marketing and Cybersecurity Engineer

10 Richard H Clark Cybersecurity Background Mr. Clark has been in Automation, Process System, and Control System design and implementation for more than 25 years and was employed by Wonderware where he developed a non-proprietary means of using IP-Sec for securing current and legacy Automation, SCADA, and Process Control Systems, and developed non-proprietary IT security techniques. Industry expert by peer review and spokesperson on IT security; consultant, analyst and voting member of ISA- SP99. Contributor to PCSF Vendor Forum. Consultant to NIST and other government labs and NSA during the development of NIST Special Publication Published engineering white papers, manuals, and instruction documents, developed and given classes and lectures on the topic of ICS/SCADA Security. Participated in forming the NIST Cybersecurity Framework during the workshops last year along with our second speaker today

11 Speakers Today (in order of presentation) Richard Clark Technical Marketing and Cybersecurity Engineer Stephen Miller Associate Professor and Department Chair of Business and Information Systems/Cybersecurity Center of Excellence at Eastern New Mexico University-Ruidoso

12 Stephen Miller Cybersecurity Background Mr. Miller (Associate Professor/Director of Eastern New Mexico University- Ruidoso Cybersecurity Center of Excellence) has been in the Information Systems profession since 1966 working in many business, government, and educational sectors; including being IT/Technology Manager and Advisor at ExxonMobil Global Information Systems. Mr. Miller worked for Univac Corp at NASA Mission Control for the Apollo Mission, including Apollo 13 and Skylab missions, he also worked for Ford Tech-rep Division and TRW Controls, among others. Stephen developed the online computer and network Cybersecurity Certification program at ENMU-Ruidoso, and revised the Information Systems Associates Applied Science Degree Programs under INFOSEC 4011, 4016E, and Center of Academics (CAE-2Y) certifications

13 RICHARD H CLARK Cybersecurity ebooks/guidance

14 Introduction

15 Introduction InduSoft is used in various Oil and Gas, Refinery, and Pipeline applications around the world

16 Introduction InduSoft is used in various Oil and Gas, Refinery, and Pipeline applications around the world We strive to assist customers in designing and building safe, secure and functional applications

17 Introduction InduSoft is used in various Oil and Gas, Refinery, and Pipeline applications around the world We strive to assist customers in designing and building safe, secure and functional applications We have condensed a great deal of our security guidance and discussions into a single ebook

18 Introduction InduSoft is used in various Oil and Gas, Refinery, and Pipeline applications around the world We strive to assist customers in designing and building safe, secure and functional applications We have condensed a great deal of our security guidance and discussions into a single ebook InduSoft has recently added On-Demand Engineering Services to assist your development and engineering teams

19 Introduction InduSoft is used in various Oil and Gas, Refinery, and Pipeline applications around the world We strive to assist customers in designing and building safe, secure and functional applications We have condensed a great deal of our security guidance and discussions into a single ebook InduSoft has recently added On-Demand Engineering Services to assist your development and engineering teams InduSoft has assisted in creating the NIST Cybersecurity Framework and collaborated with ENMU-Ruidoso in creating a curriculum textbook

20 The Scope of the Problem

21 The Scope of the Problem IT Departments believe that they are equipped to handle Control System Cybersecurity.

22 The Scope of the Problem IT Departments believe that they are equipped to handle Control System Cybersecurity. They aren t.

23 The Scope of the Problem IT Departments believe that they are equipped to handle Control System Cybersecurity. They aren t. Example: AutomationWorld, February 10, 2015, Shell Works with Yokogawa and Cisco on a Unified Cybersecurity Approach

24 The Scope of the Problem IT Departments believe that they are equipped to handle Control System Cybersecurity. They aren t. Example: AutomationWorld, February 10, 2015, Shell Works with Yokogawa and Cisco on a Unified Cybersecurity Approach

25 The Scope of the Problem IT Departments believe that they are equipped to handle Control System Cybersecurity. They aren t. Example: AutomationWorld, February 10, 2015, Shell Works with Yokogawa and Cisco on a Unified Cybersecurity Approach

26 The Scope of the Problem IT Departments believe that they are equipped to handle Control System Cybersecurity. They aren t. Example: AutomationWorld, February 10, 2015, Shell Works with Yokogawa and Cisco on a Unified Cybersecurity Approach

27 The Scope of the Problem IT Departments believe that they are equipped to handle Control System Cybersecurity. They aren t. Example: AutomationWorld, February 10, 2015, Shell Works with Yokogawa and Cisco on a Unified Cybersecurity Approach

28 The Scope of the Problem IT Departments believe that they are equipped to handle Control System Cybersecurity. They aren t. Example: AutomationWorld, February 10, 2015, Shell Works with Yokogawa and Cisco on a Unified Cybersecurity Approach

29 The Scope of the Problem IT Departments believe that they are equipped to handle Control System Cybersecurity. They aren t. Example: AutomationWorld, February 10, 2015, Shell Works with Yokogawa and Cisco on a Unified Cybersecurity Approach

30 The Scope of the Problem IT Departments believe that they are equipped to handle Control System Cybersecurity. They aren t. Example: AutomationWorld, February 10, 2015, Shell Works with Yokogawa and Cisco on a Unified Cybersecurity Approach

31 The Scope of the Problem IT Departments believe that they are equipped to handle Control System Cybersecurity. They aren t. Example: AutomationWorld, February 10, 2015, Shell Works with Yokogawa and Cisco on a Unified Cybersecurity Approach Major Problems that I have with this Unified Approach :

32 The Scope of the Problem IT Departments believe that they are equipped to handle Control System Cybersecurity. They aren t. Example: AutomationWorld, February 10, 2015, Shell Works with Yokogawa and Cisco on a Unified Cybersecurity Approach Major Problems that I have with this Unified Approach : They ve thrown the SME s (plant engineers) under the bus

33 The Scope of the Problem IT Departments believe that they are equipped to handle Control System Cybersecurity. They aren t. Example: AutomationWorld, February 10, 2015, Shell Works with Yokogawa and Cisco on a Unified Cybersecurity Approach Major Problems that I have with this Unified Approach : They ve thrown the SME s (plant engineers) under the bus They are only addressing security patches and antivirus

34 The Scope of the Problem IT Departments believe that they are equipped to handle Control System Cybersecurity. They aren t. Example: AutomationWorld, February 10, 2015, Shell Works with Yokogawa and Cisco on a Unified Cybersecurity Approach Major Problems that I have with this Unified Approach : They ve thrown the SME s (plant engineers) under the bus They are only addressing security patches and antivirus It is being managed from a central location which is the same entry vector used in the retail and healthcare cyberattacks

35 The Scope of the Problem IT Departments believe that they are equipped to handle Control System Cybersecurity. They aren t. Example: AutomationWorld, February 10, 2015, Shell Works with Yokogawa and Cisco on a Unified Cybersecurity Approach Major Problems that I have with this Unified Approach : They ve thrown the SME s (plant engineers) under the bus They are only addressing security patches and antivirus It is being managed from a central location which is the same entry vector used in the retail and healthcare cyberattacks They are considering the refinery as part of the IOT, which is to say that they think it is just as important as Mrs. Fitsby s new hot water heater, not critical infrastructure.

36 New SCADA Cybersecurity ebooks InduSoft Security Guide NIST Cybersecurity Framework ISBN ISBN Available at Smashwords.com and other major booksellers

37 Available to you as Name Your Price InduSoft Security Guide NIST Cybersecurity Framework ISBN ISBN Download at Smashwords.com to Name Your Price

38 All ebook Proceeds Benefit the Eastern New Mexico University-Ruidoso Foundation

39 InduSoft Security Guide Why?

40 InduSoft Security Guide Why? The ebook is a compilation of InduSoft cybersecurity guidance making it available in one place

41 InduSoft Security Guide Why? The ebook is a compilation of InduSoft cybersecurity guidance making it available in one place There is a chapter on guidelines for designing and building your projects

42 InduSoft Security Guide Why? The ebook is a compilation of InduSoft cybersecurity guidance making it available in one place There is a chapter on guidelines for designing and building your projects Includes reprints of many InduSoft white papers and published articles on cybersecurity guidance describing everything from runtime servers and IT guidance for control system networks, to handheld smart devices and wireless networks

43 InduSoft Security Guide Why? The ebook is a compilation of InduSoft cybersecurity guidance making it available in one place There is a chapter on guidelines for designing and building your projects Includes reprints of many InduSoft white papers and published articles on cybersecurity guidance describing everything from runtime servers and IT guidance for control system networks, to handheld smart devices and wireless networks The ebook contains transcripts of many InduSoft webinars on securing InduSoft Web Studio as well as broader IT and SCADA security guidance

44 InduSoft Security Guide Why? The ebook is a compilation of InduSoft cybersecurity guidance making it available in one place There is a chapter on guidelines for designing and building your projects Includes reprints of many InduSoft white papers and published articles on cybersecurity guidance describing everything from runtime servers and IT guidance for control system networks, to handheld smart devices and wireless networks The ebook contains transcripts of many InduSoft webinars on securing InduSoft Web Studio as well as broader IT and SCADA security guidance Also contains an Appendix with NIST Framework information

45 InduSoft Security Guide Why? The ebook is a compilation of InduSoft cybersecurity guidance making it available in one place There is a chapter on guidelines for designing and building your projects Includes reprints of many InduSoft white papers and published articles on cybersecurity guidance describing everything from runtime servers and IT guidance for control system networks, to handheld smart devices and wireless networks The ebook contains transcripts of many InduSoft webinars on securing InduSoft Web Studio as well as broader IT and SCADA security guidance Also contains an Appendix with NIST Framework information Available in.mobi (Kindle),.epub,.pdf,.html, and.doc formats

46 Contents of Security Guidance ebook The Chapters and Sections contain many useful topics Chapter 1: New Projects and Security as a Design Consideration Section 1: Building your Project Extract from the InduSoft Technical Note: Application Guidelines Chapter 2: Existing Projects Chapter 3: Cloud Based Applications Section 1: Working with Cloud Based Applications The following is an extract from the InduSoft White Paper: Cloud Computing for SCADA Chapter 4: InduSoft Application Security Section 1: SCADA System Security Best Practices The following is a transcript extract from the InduSoft Webinar: SCADA System Security Webinar Chapter 5: InduSoft Security Discussion for Web Based Applications Section 1: Using Security with Distributed Web Applications Extract 1 - From InduSoft White Paper: Security Issues with Distributed Web Applications Section 2 Using Security with Web-Based Applications Extract 2 - From the InduSoft Tech Note: IWS Security System for Web Based Applications Section 3 Using Security with Web-Based Applications Reprint - Control Engineering Magazine - August 2014: Cybersecurity for Smart Mobile Devices Chapter 6: InduSoft Recommendations for IT Security Section 1: Firewalls and other SCADA Security Considerations Transcript extract from the InduSoft Webinar: SCADA and HMI Security in InduSoft Web Studio Section 2: Control Systems Security Overview Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Overview Section 3: SCADA Security - Operational Considerations Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Operational Section 4: SCADA Security - Management Considerations Transcript extract from the InduSoft Webinar: SCADA Security Considerations: Management Appendix A: NIST Cybersecurity Framework Core Appendix B: Cyber Security Evaluation Tool (CSET) Information

47 Examples of topics and subjects covered

48 New SCADA Projects Should be Designed with Security as a Primary Goal Good project design includes the following:

49 New SCADA Projects Should be Designed with Security as a Primary Goal Good project design includes the following: Security as a primary design consideration

50 New SCADA Projects Should be Designed with Security as a Primary Goal Good project design includes the following: Security as a primary design consideration Safety needs to be considered throughout project design and implementation

51 New SCADA Projects Should be Designed with Security as a Primary Goal Good project design includes the following: Security as a primary design consideration Safety needs to be considered throughout project design and implementation Functionality should be moderated based on the first two design goals

52 New SCADA Projects Should be Designed with Security as a Primary Goal Good project design includes the following: Security as a primary design consideration Safety needs to be considered throughout project design and implementation Functionality should be moderated based on the first two design goals

53 Diverse SCADA Projects Require Different Types of Security Profiles

54 Diverse SCADA Projects Require Different Types of Security Profiles We recognize that customers use InduSoft Web Studio in many different ways.

55 Diverse SCADA Projects Require Different Types of Security Profiles We recognize that customers use InduSoft Web Studio in many different ways. This fact presents many differing security scenarios for our customers

56 Diverse SCADA Projects Require Different Types of Security Profiles We recognize that customers use InduSoft Web Studio in many different ways. This fact presents many differing security scenarios for our customers A specific type of security implementation to a particular SCADA system may be entirely inappropriate for a differing system.

57 Diverse SCADA Projects Require Different Types of Security Profiles We recognize that customers use InduSoft Web Studio in many different ways. This fact presents many differing security scenarios for our customers A specific type of security implementation to a particular SCADA system may be entirely inappropriate for a differing system. We have recommended many different ways that security can be implemented into SCADA and HMIs

58 Diverse SCADA Projects Require Different Types of Security Profiles We recognize that customers use InduSoft Web Studio in many different ways. This fact presents many differing security scenarios for our customers A specific type of security implementation to a particular SCADA system may be entirely inappropriate for a differing system. We have recommended many different ways that security can be implemented into SCADA and HMIs Talks, classes, white papers, webinars, forums, Technical Support, and individualized guidance on projects has been available for quite some time

59 Diverse SCADA Projects Require Different Types of Security Profiles We recognize that customers use InduSoft Web Studio in many different ways. This fact presents many differing security scenarios for our customers A specific type of security implementation to a particular SCADA system may be entirely inappropriate for a differing system. We have recommended many different ways that security can be implemented into SCADA and HMIs Talks, classes, white papers, webinars, forums, Technical Support, and individualized guidance on projects has been available for quite some time InduSoft now has on-demand engineering assistance available on our website!

60 Services On Demand is Now Live! Engineering assistance is available when designing projects and implementing project security

61 Stay Informed How to get Product Update and Webinar Announcements

62 Stay Informed How to get Product Update Announcements

63 THANKS FOR ATTENDING! Here s how to contact us

64 Contact InduSoft Today (US) (Brazil) (Germany) Support Web site (English) (Portuguese) (German) Phone (512) (US) (Brazil) +49 (0) (Germany) Toll-Free 877-INDUSOFT ( ) Fax (512) Brazil USA Germany

65 Contact InduSoft Today if you would like to request a copy of this presentation or with other questions. (US) (Brazil) (Germany) Support Web site (English) (Portuguese) (German) Phone (512) (US) (Brazil) +49 (0) (Germany) Toll-Free 877-INDUSOFT ( ) Fax (512) Brazil USA Germany

66 Contact InduSoft Today if you would like to request a copy of this presentation or with other questions. (US) (Brazil) (Germany) Support Web site (English) (Portuguese) (German) Phone (512) (US) (Brazil) +49 (0) (Germany) Toll-Free 877-INDUSOFT ( ) Fax (512) The upcoming InduSoft webinar tomorrow (Feb 18 th ) month will focus on Engineering Services and how you can get the most out of them. Visit: Brazil USA Germany

67 Contact InduSoft Today if you would like to request a copy of this presentation or with other questions. (US) (Brazil) (Germany) Support Web site (English) (Portuguese) (German) Phone (512) (US) (Brazil) +49 (0) (Germany) Toll-Free 877-INDUSOFT ( ) Fax (512) The upcoming InduSoft webinar tomorrow (Feb 18 th ) month will focus on Engineering Services and how you can get the most out of them. Visit: Join our webinars and we will send you an InduSoft webinar series Tee-Shirt! Brazil USA Germany

68 Next: STEPHEN MILLER SCADA Cybersecurity Framework

69 CAE-2Y Accredited

70 Topics Covered E-Book Purpose Key Objectives Outline Of Content Training Plans Cybersecurity Programs Boot Camp About ENMU-Ruidoso Q & A? CAE-2Y Accredited 70

71 E-Book Purpose Provide a quick reference guide to the framework Promote awareness of Cybersecurity Critical Infrastructure Framework SCADA Cybersecurity threats and vulnerabilities The importance of risk assessments How to use the framework CAE-2Y Accredited Look into applying security to Indusoft Web Studio 71

72 Key Objectives Knowledge of SCADA and cybersecurity environment Types of SCADA systems Threats and risks Understanding of framework CAE-2Y Accredited Knowledge of tools and processes for risk analysis Ability to apply risk management processes to obtain the right framework tier for an organization 72

73 Outline Of Content Chapter 1 - SCADA Cybersecurity Introduction and Review What is SCADA How it works, In Depth Look, field devices, control units, HMI Overview of Cybersecurity Vulnerabilities CAE-2Y Accredited Security Challenges, Understanding & defining information security, Cyber Threat Source to Control/SCADA Systems, GAO Threats, Attacks & Defenses, Vulnerability Scanning vs Penetration Testing Understanding Control System Cyber Vulnerabilities Gaining control of SCADA Systems, Categories of SCADA Systems 73

74 Information security components

75 Gov t Acct. Office Threat Table

76 Steps of a cyberattack

77 Geographic Layer

78 Physical Network Layer

79 Logical Network Layer

80 Cyber Organization/Personal Layer Internet of Things

81 One individual with multiple, complex relationships to other levels of the environment... that also change over time.

82 Control System Environment

83 Three Categories of SCADA Systems Modern/Common Diagram Modern/Proprietary Diagram Legacy/Proprietary Diagram

84 Outline Of Content Chapter 2 Cybersecurity Framework Introduction Framework Introduction Executive Order (EO), Improving Critical Infrastructure Cybersecurity Risk Management Process The Cybersecurity Framework CAE-2Y Accredited 84

85 Overview of the Framework

86 Risk Management Decomposition Diagram

87 Outline Of Content Chapter 3 Cybersecurity Framework Basics Basic framework overview Framework core CAE-2Y Accredited

88 Business Process Management (BPM) Approach to the Framework

89 How Does it All Come Together?

90 Outline Of Content Chapter 4 How to Use the Framework Basic Review of Cybersecurity Practices Establishing or Improving a Cybersecurity Program Communicating Cybersecurity Requirements with Stakeholders CAE-2Y Accredited

91 Using the CSET Tool for Risk Management and Future Framework Analysis

92 Select Standard(s) NIST Framework for Improving Critical Infrastructure Cybersecurity V1 (Recommended) NIST Special Publication Rev 3 and NIST Special Publication Rev 3 App l NIST Special Publication Rev 4 and NIST Special Publication Rev 4 App l Consensus Audit Guidelines (CAG) Components Questions Set CFATS Risk Based Performance Standard (RBPS) 8: Chemical Facilities Anti-Terrorism Standard, Risk- Based Performance Standards Guidance 8 - Cyber, 6 CFR Part 27 CNSSI No Baseline CNSSI No Industrial Control System (ICS) Overlay V1 Catalog of Recommendations Rev 7 (DHS Catalog of Control Systems Security: Recommendations for Standards Developers, Revisions 6 and 7) INGAA Control Systems Cyber Security Guidelines for the Natural Gas Pipeline Industry Key Questions Set DoD Instruction Information Assurance Implementation, February 2, 2003 ISO/IEC revision 3.1: Common Criteria for Information Technology Security Evaluation, Revision 3.1 NERC Reliability Standards CIP Revisions 3 and 4 NIST Special Publication Guide to Industrial Control Systems Security, June 2011 NIST Special Publication Rev 1 NIST Special Publication Rev 2 (Draft) NIST Special Publication , Recommended Security Controls for Federal Information Systems Rev 3 and with Appendix I, ICS Controls NRC Regulatory Guide 5.71 Cyber Security Programs for Nuclear Facilities, January 2010 NEI 0809 Cyber Security Plan for Nuclear Power Reactors TSA Pipeline Security Guidelines April 2011 Universal Questions Set

93 Outline Of Content Chapter 5 Indusoft Security Guide Embedded in this chapter. CAE-2Y Accredited Appendix (Framework Core, CSET Tool, References, and Glossary)

94 CSET 6.1 Tool CAE-2Y Accredited https://ics-cert.us-cert.gov/assessments 94

95 ENMU-Ruidoso Cybersecurity Programs Computer and Network Security Certification Program (Online) Credited or Self-paced ($2,495) Associates of Applied Science Degree - Information Systems Cybersecurity The programs are designed to prepare students as: Information Systems Security (INFOSEC) Professionals NSTISSI No CNSSI No Entry Level Risk Analysts CAE-2Y Information Assurance/Cyber Defense Accredited IS 131: Network Security Fundamentals-3 IS 136: Guide to Disaster Recovery- 3 IS 153/L: Introduction to Information System- 4 IS 253: Firewalls and How They Work- 3 IS 257: Network Defense and Counter Measures- 3 IS 258: Cyber Ethics, Professionalism, and Career Development- 3 IS 285: Ethical Hacking 3 IS 289: Capstone/Internship/NCL Cybersecurity Challenge CAE-2Y Accredited

96 Training Plans: Boot Camp CAE-2Y Accredited Four day Boot Camp covering: Course Orientation and Introduction to Cybersecurity and SCADA CompTIA-Security+ Key Topics SCADA Cybersecurity Recommended Practice/ Infrastructure Guiding Principles/National Infrastructure Protection Plan IS-821 Critical Infrastructure and Key Resources Support Annex IS-860.a National Infrastructure Protection Plan (NIPP) Cybersecurity Critical Infrastructure Framework / CAP Process/Intro to a SCADA Product (IDUSOFT) CSET Department of Homeland Security Risk Assessment Process and Tools Using the Cybersecurity Critical Infrastructure Framework 96

97 About ENMU-Ruidoso The National Security Agency and the Department of Homeland Security have designated Eastern New Mexico University - Ruidoso National Center of Academic Excellence in Information Assurance/Cybersecurity Defense through academic year CAE-2Y Based on the universities ability to meet the increasing demands of the program criteria will serve the nation well in contributing to the protection of the National Information Infrastructure. Meets the eleven Knowledge Units learning objectives Recognized by the National Initiative in Cybersecurity Education (NICE) as a certified Training Institution for the NIST National Cybersecurity Workforce Framework. CAE-2Y Accredited 97

98 ENMU-Ruidoso Foundation Foundation, as noted below. If you find this ebook useful in your business, tax deductable donations to the university 501 (c) (3) foundation are encouraged by contacting:

99 CAE-2Y Accredited

Building Insecurity Lisa Kaiser

Building Insecurity Lisa Kaiser Building Insecurity Lisa Kaiser Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Insecurity How do I Specify it Buy it Test it Deploy it Regret it Apologize for it Specifying Insecurity

More information

SCADA Security Training

SCADA Security Training SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,

More information

An International Perspective on Security and Compliance

An International Perspective on Security and Compliance UNIDIRECTIONAL SECURITY GATEWAYS An International Perspective on Security and Compliance ICSJWG Fall Conference 2014 Lior Frenkel, CEO and Co-Founder Waterfall Security Solutions Andrew Ginter, VP Industrial

More information

Roadmaps to Securing Industrial Control Systems

Roadmaps to Securing Industrial Control Systems Roadmaps to Securing Industrial Control Systems Insert Photo Here Mark Heard Eastman Chemical Company Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL McCormick

More information

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014 NIST Cybersecurity Initiatives Keith Stouffer and Vicky Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL National Institute of Standards and Technology (NIST) NIST s mission

More information

Resilient and Secure Solutions for the Water/Wastewater Industry

Resilient and Secure Solutions for the Water/Wastewater Industry Insert Photo Here Resilient and Secure Solutions for the Water/Wastewater Industry Ron Allen DA/Central and Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Your slides here Copyright 2011

More information

Keeping the Lights On

Keeping the Lights On Keeping the Lights On Fundamentals of Industrial Control Risks, Vulnerabilities, Mitigating Controls, and Regulatory Compliance Learning Goals o Understanding definition of industrial controls o Understanding

More information

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security

More information

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance

More information

Protect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies

Protect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies Protect Your Assets Cyber Security Engineering Control Systems. Power Plants. Hurst Technologies Cyber Security The hackers are out there and the cyber security threats to your power plant are real. That

More information

Help for the Developers of Control System Cyber Security Standards

Help for the Developers of Control System Cyber Security Standards INL/CON-07-13483 PREPRINT Help for the Developers of Control System Cyber Security Standards 54 th International Instrumentation Symposium Robert P. Evans May 2008 This is a preprint of a paper intended

More information

Resilient and Secure Solutions for the Water/Wastewater Industry

Resilient and Secure Solutions for the Water/Wastewater Industry Insert Photo Here Resilient and Secure Solutions for the Water/Wastewater Industry Ron Allen DA/Central and Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Cyber Security IT People Geeks How

More information

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE JANUARY 2015 U.S. DEPARTMENT OF ENERGY OFFICE OF ELECTRICITY DELIVERY AND ENERGY RELIABILITY Energy Sector Cybersecurity Framework Implementation

More information

Digital Citizen Services & Security

Digital Citizen Services & Security Digital Citizen Services & Security Tony West Unisys May 2016 2016 Unisys Corporation. All Rights Reserved. Unisys provides a range of solutions to address the drive toward Digital Citizens and Government

More information

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro) Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro) NICE Conference 2014 CYBERSECURITY RESILIENCE A THREE TIERED SOLUTION NIST Framework for Improving Critical Infrastructure Cybersecurity

More information

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information

More information

ISACA rudens konference

ISACA rudens konference ISACA rudens konference 8 Novembris 2012 Procesa kontroles sistēmu drošība Andris Lauciņš Ievads Kāpēc tēma par procesa kontroles sistēmām? Statistics on incidents Reality of the environment of industrial

More information

CONCEPTS IN CYBER SECURITY

CONCEPTS IN CYBER SECURITY CONCEPTS IN CYBER SECURITY GARY KNEELAND, CISSP SENIOR CONSULTANT CRITICAL INFRASTRUCTURE & SECURITY PRACTICE 1 OBJECTIVES FRAMEWORK FOR CYBERSECURITY CYBERSECURITY FUNCTIONS CYBERSECURITY CONTROLS COMPARATIVE

More information

Rethinking Cyber Security for Industrial Control Systems (ICS)

Rethinking Cyber Security for Industrial Control Systems (ICS) Rethinking Cyber Security for Industrial Control Systems (ICS) Bob Mick VP Emerging Technologies ARC Advisory Group bmick@arcweb.com 1 Rethinking Cyber Security We Now Have Years of Experience - Security

More information

Oil & Gas Cybersecurity

Oil & Gas Cybersecurity COurse Oil & Gas Cybersecurity Best Practices & Future Trends Sheraton Pentagon City Hotel Supporting Organization is authorized by IACET to offer 0.6 CEUs for the course. 1 Overview The energy industry

More information

New Era in Cyber Security. Technology Development

New Era in Cyber Security. Technology Development New Era in Cyber New Era in Cyber Security Security Technology Technology Development Development Combining the Power of the Oil and Gas Industry, DHS, and the Vendor Community to Combat Cyber Security

More information

ISA Security. Compliance Institute. Role of Product Certification in an Overall Cyber Security Strategy

ISA Security. Compliance Institute. Role of Product Certification in an Overall Cyber Security Strategy ISA Security Role of Product Certification in an Overall Cyber Security Strategy Tom Culling Chevron Andre Ristaino ASCI Kevin Staggs - Honeywell John Cusimano exida 1 ISA Security Agenda Who is the ISA

More information

Industrial Control Systems Security Guide

Industrial Control Systems Security Guide Industrial Control Systems Security Guide Keith Stouffer, Engineering Lab National Institute of Standards and Technology NIST SP 800-82, Rev 2 and ICS Cybersecurity Testbed Keith Stouffer Project Leader,

More information

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS CYBER ATTACKS INFILTRATE CRITICAL INFRASTRUCTURE SECTORS Government and enterprise critical infrastructure sectors such as energy, communications

More information

Cybersecurity of. President. July 2, 2013. mchipley@pmcgroup.biz

Cybersecurity of. President. July 2, 2013. mchipley@pmcgroup.biz To help protect your privacy, PowerPoint prevented this external picture from being automatically downloaded. To download and display this picture, click Options in the Message Bar, and then click Enable

More information

Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012

Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012 Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012 ATC Nuclear ATC-N serves the commercial nuclear utilities in the US and many foreign

More information

Cyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc.

Cyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc. Cyber Security Presentation Ontario Energy Board Smart Grid Advisory Committee Doug Westlund CEO, N-Dimension Solutions Inc. October 1, 2013 Cyber Security Protection for Critical Infrastructure Assets

More information

CYBERSECURITY CERTIFICATION PROGRAMS

CYBERSECURITY CERTIFICATION PROGRAMS CYBERSECURITY CERTIFICATION PROGRAMS Workforce Training Need 30% more computer and network workers needed from 2008 to 2018 1 ; 433 New Mexico IT job postings in 2012 for securityspecific positions 2 ;

More information

GE Measurement & Control. Cyber Security for Industrial Controls

GE Measurement & Control. Cyber Security for Industrial Controls GE Measurement & Control Cyber Security for Industrial Controls Contents Overview...3 Cyber Asset Protection (CAP) Software Update Subscription....4 SecurityST Solution Options...5 Centralized Account

More information

Cyber Security Design Methodology for Nuclear Power Control & Protection Systems. By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC)

Cyber Security Design Methodology for Nuclear Power Control & Protection Systems. By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC) Cyber Security Design Methodology for Nuclear Power Control & Protection Systems By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC) 1. INTRODUCTION In today s world, cyber security is one

More information

Cyber Security The Leadership Opportunity for Joint Action Agencies. 2013 APPA Joint Action Workshop

Cyber Security The Leadership Opportunity for Joint Action Agencies. 2013 APPA Joint Action Workshop Cyber Security The Leadership Opportunity for Joint Action Agencies 2013 APPA Joint Action Workshop Doug Westlund N-Dimension Solutions Inc. Cyber Security for the Smart Grid Cyber Risk Reduction Questions

More information

Maturation of a Cyber Security Incident Prevention and Compliance Program

Maturation of a Cyber Security Incident Prevention and Compliance Program Maturation of a Cyber Security Incident Prevention and Compliance Program Utilities & Energy Compliance & Ethics Conference February 25, 2013 Houston, Texas Anna Wang Principal Consultant Imminent Cyber

More information

Cyber Security Controls Assessment : A Critical Discipline of Systems Engineering

Cyber Security Controls Assessment : A Critical Discipline of Systems Engineering Cyber Controls : A Critical Discipline of Systems 14 th Annual NDIA Systems San Diego, CA October 24-28, 2011 Bharat Shah Lockheed Martin IS&GS bharat.shah@lmco.com Purpose Provide an overview on integrating

More information

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord

Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord Implementation of Cyber Security for Yara Glomfjord Speaker profile Olav Mo ABB

More information

Nadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA. 2014 Utilities Telecom Council 1

Nadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA. 2014 Utilities Telecom Council 1 Nadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA 2014 Utilities Telecom Council 1 Why do we need cybersecurity? Agriculture and Food Energy

More information

A Concise Model to Evaluate Security of SCADA Systems based on Security Standards

A Concise Model to Evaluate Security of SCADA Systems based on Security Standards A Concise Model to Evaluate Security of SCADA Systems based on Security Standards Nasser Aghajanzadeh School of Electrical and Computer Engineering, Shiraz University, Shiraz, Iran Alireza Keshavarz-Haddad

More information

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi etieghi@visionautomation.

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi etieghi@visionautomation. Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems Enzo M. Tieghi etieghi@visionautomation.it Security IT & Control System Security: where are we?

More information

Hosted by Lunarline: School of Cyber Security

Hosted by Lunarline: School of Cyber Security Hosted by Lunarline: School of Cyber Security Please Fax Government Purchase Orders and SF 182s To (22) 315-33 Cybersecurity is one of the hottest issues for today s Federal and DOD Agencies and commercial

More information

Cybersecurity & the Water Sector

Cybersecurity & the Water Sector Cybersecurity & the Water Sector NAWC Water Summit October 6, 2013 San Diego, CA Kevin Morley, AWWA How to deal with Cyber Threat? How would our operations change if we did not have SCADA working? How

More information

BRIDGING BARRIERS: LEGAL AND TECHNICAL OF CYBERCRIME CASES

BRIDGING BARRIERS: LEGAL AND TECHNICAL OF CYBERCRIME CASES Organizer: BRIDGING BARRIERS: LEGAL AND TECHNICAL OF CYBERCRIME CASES Session 6 : Securing Your Fortress Best practices, standards, techniques and technologies secure your organization from cyber criminals.

More information

Cyber Security at NSU

Cyber Security at NSU Cyber Security at NSU Aurelia T. Williams, Ph.D. Chair, Department of Computer Science Associate Professor of Computer Science June 9, 2015 Background Undergraduate computer science degree program began

More information

Cybersecurity in a Mobile IP World

Cybersecurity in a Mobile IP World Cybersecurity in a Mobile IP World Alexander Benitez, Senior Scientist, ComSource Introduction by Robert Durbin, Cybersecurity Program Manager, ComSource Introduction ComSource s cybersecurity initiative

More information

Verve Security Center

Verve Security Center Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution

More information

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems GE Measurement & Control Top 10 Cyber Vulnerabilities for Control Systems GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used

More information

Process Control System Cyber Security Standards an Overview

Process Control System Cyber Security Standards an Overview INL/CON-06-01317 PREPRINT Process Control System Cyber Security Standards an Overview 52nd International Instrumentation Symposium Robert P. Evans May 2006 This is a preprint of a paper intended for publication

More information

ISA Security Compliance Institute

ISA Security Compliance Institute ISA Security Compliance Institute Johan Nye Chairman ISCI Governing Board 1 ISA Security Compliance Institute agenda topics About ISA Security Compliance Institute (ISCI) About ISA 99 Standards 2013 ISCI

More information

Supporting our customers with NERC CIP compliance. James McQuiggan, CISSP

Supporting our customers with NERC CIP compliance. James McQuiggan, CISSP Supporting our customers with NERC CIP compliance James, CISSP Siemens Energy Sector Energy products and solutions - in 6 Divisions Oil & Gas Fossil Power Generation Renewable Energy Service Rotating Equipment

More information

Supplemental Tool: NPPD Resources to Support Vulnerability Assessments

Supplemental Tool: NPPD Resources to Support Vulnerability Assessments Supplemental Tool: NPPD Resources to Support Vulnerability Assessments NPPD Resources to Support Vulnerability Assessments Assessing vulnerabilities of critical infrastructure is an important step in developing

More information

CYBERSECURITY RISK MANAGEMENT

CYBERSECURITY RISK MANAGEMENT CYBERSECURITY RISK MANAGEMENT Evan Wolff Maida Lerner Peter Miller Kate Growley 233 Roadmap Cybersecurity Risk Overview Cybersecurity Trends Selected Cybersecurity Topics Critical Infrastructure DFARS

More information

ISA Security Compliance Institute

ISA Security Compliance Institute ISA Security Compliance Institute Andre Ristaino, Managing Director, ISCI 28 May 2013 CSSC 1 ISA Security Compliance Institute agenda topics About ISA Security Compliance Institute (ISCI) About ISA 99

More information

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants Jung-Woon Lee, Cheol-Kwon Lee, Jae-Gu Song, and Dong-Young Lee I&C and HF Research Division, Korea Atomic Energy

More information

Building Security In:

Building Security In: #CACyberSS2015 Building Security In: Intelligent Security Design, Development and Acquisition Steve Caimi Industry Solutions Specialist, US Public Sector Cybersecurity September 2015 A Little About Me

More information

Information Security @ Blue Valley Schools FEBRUARY 2015

Information Security @ Blue Valley Schools FEBRUARY 2015 Information Security @ Blue Valley Schools FEBRUARY 2015 Student Data Privacy & Security Blue Valley is committed to providing an education beyond expectations to each of our students. To support that

More information

Building more resilient and secure solutions for Water/Wastewater Industry

Building more resilient and secure solutions for Water/Wastewater Industry Building more resilient and secure solutions for Water/Wastewater Industry Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Copyright 2010 Rockwell Automation, Inc. All rights reserved. 1 Governmental

More information

Industrial Cyber Security 101. Mike Spear

Industrial Cyber Security 101. Mike Spear Industrial Cyber Security 101 Mike Spear Introduction Mike Spear Duluth, GA USA Global Operations Manager, Industrial Cyber Security Mike.spear@honeywell.com Responsible for the Global Delivery of Honeywell

More information

Train Like You Will Fight

Train Like You Will Fight Train Like You Will Fight Reliability First Workshop 1 October 2015 Dr. Joe Adams Disclaimer 2 The content of this presentation is based on personal and professional experience of the speaker. The content

More information

Cybernetic Global Intelligence. Service Information Package

Cybernetic Global Intelligence. Service Information Package Cybernetic Global Intelligence Service Information Package / 2015 Content Who we are Our mission Message from the CEO Our services 01 02 02 03 Managed Security Services Penetration Testing Security Audit

More information

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure

More information

Announcement of a new IAEA Co-ordinated Research Programme (CRP)

Announcement of a new IAEA Co-ordinated Research Programme (CRP) Announcement of a new IAEA Co-ordinated Research Programme (CRP) 1. Title of Co-ordinated Research Programme Design and engineering aspects of the robustness of digital instrumentation and control (I&C)

More information

Safe Network Integration

Safe Network Integration UNIDIRECTIONAL SECURITY GATEWAYS Safe Network Integration Stronger than Firewalls Shaul Pescovsky, Sales Director Waterfall Security Solutions shaul@waterfall-security.com Proprietary Information -- Copyright

More information

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Trends

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Trends Quarterly Cybersecurity BILT Meeting October 10, 2012 Meeting Minutes ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Trends Stephen

More information

Cybersecurity Definitions and Academic Landscape

Cybersecurity Definitions and Academic Landscape Cybersecurity Definitions and Academic Landscape Balkrishnan Dasarathy, PhD Program Director, Information Assurance Graduate School University of Maryland University College (UMUC) Email: Balakrishnan.Dasarathy@umuc.edu

More information

U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW. November 12, 2012 NASEO

U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW. November 12, 2012 NASEO U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW November 12, 2012 NASEO ISER Response: from site focused to system focused Emergency Preparedness, Response, and Restoration Analysis and

More information

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008 U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October

More information

April 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

April 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,

More information

Certifications and Standards in Academia. Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute

Certifications and Standards in Academia. Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute Certifications and Standards in Academia Dr. Jane LeClair, Chief Operating Officer National Cybersecurity Institute Accreditation What is it? Why is it important? How is it attained? The National Centers

More information

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample

More information

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations

More information

Designing Compliant and Sustainable Security Programs 1 Introduction

Designing Compliant and Sustainable Security Programs 1 Introduction Designing Compliant and Sustainable Security Programs 1 Introduction The subject of this White Paper addresses several methods that have been successfully employed by DYONYX to efficiently design, and

More information

Cyber R &D Research Roundtable

Cyber R &D Research Roundtable Cyber R &D Research Roundtable 2 May 2013 N A T I O N A L S E C U R I T Y E N E R G Y & E N V I R O N M E N T H E A L T H C Y B E R S E C U R I T Y Changing Environment Rapidly Evolving Threat Changes

More information

FedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

FedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov FedVTE Training Catalog SPRING 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk here or email the

More information

Last year, two security researchers

Last year, two security researchers Last year, two security researchers gave themselves a goal: 100 days to identify as many security vulnerabilities as possible within industrial control system software. The results exceeded our expectations,

More information

Agenda. All Summit Sessions will be held in CA Thayer Ballroom (unless noted).

Agenda. All Summit Sessions will be held in CA Thayer Ballroom (unless noted). Program Guide SANS Securing the Internet of Things Summit 2013 Agenda All Summit Sessions will be held in CA Thayer Ballroom (unless noted). All approved presentations will be available online following

More information

HEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES

HEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES HEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES OCTOBER 2014 3300 North Fairfax Drive, Suite 308 Arlington, Virginia 22201 USA +1.571.481.9300 www.lunarline.com OUR CLIENTS INCLUDE Contents Healthcare

More information

N-Dimension Solutions Cyber Security for Utilities

N-Dimension Solutions Cyber Security for Utilities AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential

More information

Which cybersecurity standard is most relevant for a water utility?

Which cybersecurity standard is most relevant for a water utility? Which cybersecurity standard is most relevant for a water utility? Don Dickinson 1 * 1 Don Dickinson, Phoenix Contact USA, 586 Fulling Mill Road, Middletown, Pennsylvania, USA, 17057 (*correspondence:

More information

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Best Practices in ICS Security for System Operators. A Wurldtech White Paper Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security

More information

GE Measurement & Control. Cyber Security for NERC CIP Compliance

GE Measurement & Control. Cyber Security for NERC CIP Compliance GE Measurement & Control Cyber Security for NERC CIP Compliance GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used for purposes

More information

What Risk Managers need to know about ICS Cyber Security

What Risk Managers need to know about ICS Cyber Security What Risk Managers need to know about ICS Cyber Security EIM Risk Managers Conference February 18, 2014 Joe Weiss PE, CISM, CRISC, ISA Fellow (408) 253-7934 joe.weiss@realtimeacs.com ICSs What are they

More information

Professional Services Overview

Professional Services Overview Professional Services Overview INFORMATION SECURITY ASSESSMENT AND ADVISORY NETWORK APPLICATION MOBILE CLOUD IOT Praetorian Company Overview HISTORY Founded in 2010 Headquartered in Austin, TX Self-funded

More information

NIST Cybersecurity Framework Manufacturing Implementation

NIST Cybersecurity Framework Manufacturing Implementation NIST Cybersecurity Framework Manufacturing Implementation Keith Stouffer Project Leader, Cybersecurity for Smart Manufacturing Systems Engineering Lab, NIST Manufacturing Cybersecurity Research at NIST

More information

Information Bulletin

Information Bulletin Public Policy Division Impact of NIST Guidelines for Cybersecurity Prepared by UTC Staff 1. Introduction... 3 2. Cybersecurity Landscape... 3 3. One Likely Scenario... 5 4. Draft NISTIR 7628, Guidelines

More information

future data and infrastructure

future data and infrastructure White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal

More information

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security

More information

Bellevue University Cybersecurity Programs & Courses

Bellevue University Cybersecurity Programs & Courses Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320

More information

MEETING THE NATION S INFORMATION SECURITY CHALLENGES

MEETING THE NATION S INFORMATION SECURITY CHALLENGES MEETING THE NATION S INFORMATION SECURITY CHALLENGES TO ADDRESS SKILLS AND WORKFORCE SHORTAGES IN THE INFORMATION SECURITY INDUSTRY, THE NATIONAL SECURITY AGENCY AND THE DEPARTMENT OF HOMELAND SECURITY

More information

ARC INDUSTRY FORUM 2015

ARC INDUSTRY FORUM 2015 ARC INDUSTRY FORUM PRESENTATION TOPIC: MANAGING INDUSTRIAL CYBER SECURITY RISK Tyler Williams Manager, Industrial Cyber Security Shell Global Solutions tyler.williams@shell.com 1 THE TRADITIONAL APPROACH

More information

The Next Generation of Security Leaders

The Next Generation of Security Leaders The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish

More information

Goal. Vision. CAE 2Y Program Eligibility and Summary

Goal. Vision. CAE 2Y Program Eligibility and Summary Goal National Centers of Academic Excellence in Information Assurance/Cyber Defense for Two-Year Education (CAE2Y) Program Criteria for Measurement Jointly Sponsored by the National Security Agency (NSA)

More information

EC-Council. Certified Ethical Hacker. Program Brochure

EC-Council. Certified Ethical Hacker. Program Brochure EC-Council C Certified E Ethical Hacker Program Brochure Course Description The (CEH) program is the core of the most desired information security training system any information security professional

More information

Cybersecurity AAS Program

Cybersecurity AAS Program Cybersecurity AAS Program New Program Proposal State Submission Steve Buchholz, Dean of Accreditation and Advancement July 2015 TABLE OF CONTENTS Executive Summary... 2 Identification and Description of

More information

The Importance of Cybersecurity Monitoring for Utilities

The Importance of Cybersecurity Monitoring for Utilities The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive

More information

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman

More information

Emerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP

Emerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP Emerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP July 25, 2014 Topics Improved 4G Communications Mobile Devices Cyber Security Threats Cyber Security Guidance

More information

How Secure is Your SCADA System?

How Secure is Your SCADA System? How Secure is Your SCADA System? Charles Drobny GlobaLogix, Inc. Houston, TX, USA Our Industry is a Target 40% of cyber attacks on Critical Infrastructure targets are aimed at the Energy Industry The potential

More information

FedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

FedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov FedVTE Training Catalog SUMMER 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

More information

Industrial Control System Cyber Security

Industrial Control System Cyber Security 2012 Honeywell Users Group Asia Pacific Sustain.Ability. Industrial Control System Cyber Security 1 Honeywell Process Solutions Cyber Security Architect Global Architect Team Mike Baldi Responsible for

More information