Cyber Security & Compliance Briefing

Transcription

1 Cyber Security & Compliance Briefing

2 Cyber Security Offerings & Capabilities Overview Full service cyber security and compliance offerings in North America and international power markets: controls and consulting Provide both end-to-end technical and administrative solutions or specific security components Security embedded with other HPI product lines, as a standalone or in packages.

3 Cyber Security Offerings & Capabilities (cont.) Select Key Services Assessment and Risk Benchmarking Systems and network risk assessments Cyber vulnerability assessments Standards-based mock audits Compliance applicability assessments Internal control program effectiveness review Mitigation & Security Design Security Architecting Operations network security upgrade Remediation and recovery planning Detailed security engineering Compliance mitigation plans Compliance filings with government agencies Compliance program design and implementation Implementation & Monitoring Security system conversion Hardware and software monitoring System restoration Corporate Compliance program implementation Installation of GRC software and configuration for monitoring Compliance-as-a-service

4 About John Ballentine Industry service includes: John Ballentine Director of Cyber Security & Compliance Assists HPI customers by reducing their cyber security risk in industrial control system environments. Develops programs that identify, manage and mitigate compliance and regulatory risks. Board of Director of North America Generator Forum (NAGF) US Department of Homeland Security- Cyber Emergency Response Team Graduated from US FBI Compliance Academy Who is John Ballentine? Over 20 years of experience in the energy industry, including corporate and consulting roles managing cyber security and regulatory compliance at power generation facilities in North America. CSSA Certified SCADA Security Architect CISSP Certified Information Systems Security Professional CISA Certified Information Security Auditor CCEP Certified Compliance and Ethics Professional GLEG Certified Information Law Specialist

5 Cyber Security and Compliance Strategy Market Development Plan Focus on security as a unique product and as an enhancer to HPI full product line Ensure clients have onestop-shop for all matters on both security and compliance in both consulting and controls Create and capture unique position as only international asset operator with strong security product line North America cyber market is regulated and mandatory with new compliance deadlines ( ) Growth in key areas: Direct sales to end users Partnering with hardware and software companies

6 Key Strengths Customized services portfolio Utilize deep controls experience and technical product capabilities. Assess existing systemsdetermine level of security risk in operational networks (ICS). Document policies and procedures- test adequacy of administrative controls to reduce cyber risk. Train personnel and contractors- ensure operational expenses are being optimally utilized. Segment the control network- ensure security is properly compartmentalized. Control system accessutilize sophisticated access and encryption technologies to prevent intrusions. Harden system componentsembed security functionality at the core component functionality level with current controls capabilities. Monitor and maintain system security- keep customers in constant state of security status awareness and respond to incidents as they occur.

7 Key Strengths (cont.) Optimize Resources Differentiation Product line leader in US and EU security marketplace with prominent position as trusted service provider Personnel with deep controls experience that translates well into security embedded solutions Trained sales and marketing staff that can market to technical and financial buyers of security products Only vendor that has experience in EPC, controls, operations compliance and cyber security. Other providers are typically consultants with limited understanding of security (as a function of IT) and controls (as a function of asset management).

8 The HPI Advantage HPI LLC Proprietary Information

9 HPI Security Approach: Prevent, Detect & Recover Whether you need a full compliance or security solution, or are preparing for an audit or internal control review, HPI s experience as operators will maximize your return on investment. Prevention Detection & Notification Recovery & Restoration People- trained and alert Technologymanaging systems Processesmitigating risks Network access monitoring Anomaly detection Active intrusion monitoring Back-up restoration management Annual compliance testing

10 HPI Cyber Security & Compliance Service Offerings There IS a starting and end point to get your company optimized to face the threats and reduce the likelihood of interrupting your business: Assessment and Risk Benchmarking Mitigation and Design Services Implementation and Monitoring Cyber Security Systems and Network Risk Assessment; Cyber Vulnerability Assessment (NERC CVA); Standards-based Audits Security Architecture; Operations Network Security Upgrade; Remediation and recovery Plans Security System Conversion; Hardware and Software Monitoring; System Restoration Compliance Applicability Assessments; Controls and Policies Reviews; Mock Audits Compliance Mitigation Plans; Compliance Filings with Govt Agencies; Overall Compliance Program Design Corp Compliance Program Implementation; Install GRC Software and Configure for Monitoring; Compliance-as-a-Service

11 Keys to Securing Your Operations Technology Assess existing systems, and document policies and procedures. Train personnel and contractors. Segment the control network, and control system access. Harden system components. Monitor and maintain system security.

12 Cyber Security Vulnerability Assessment Expert analysis of control system to identify actual and potential security vulnerabilities Network architecture diagrams Network component and host device configurations Access control strategies Software and firmware versions Policies and procedures

13 Implementation Phase HPI LLC Proprietary Information

14 Bridging the ICS Security Specialization Skill Gap IT Professionals Cyber security professionals Control system professionals Many organizations substitute Information Technology/Network Specialists for Information Security Specialists. Control System Cyber Security Professionals Most IT/Network personnel possess few of the security skills needed to harden a network. Even less have the capability to secure an ICS network. HPI has cyber security skills in the energy industry ICS- the rarest and most sought after skill set in the industry.

15 The HPI Differentiator Why work with us? HPI customers must be secure so that they can focus on their core business of efficiently producing power to the grid. - Hal Pontez, HPI President & CEO HPI designs, builds, operates, controls, maintains and repairs HPI designs, builds, operates, controls, maintains and repairs power generation facilities- its in our DNA. power generation facilities it s in our DNA. Generic security consultants cannot cannot match match our our comprehensive comprehensive understanding of of how how those those areas areas link link together together and and form form an an aligned aligned approach. approach. Unlike vendors that sell newfangled technology solutions solutions or or prepackaged pre-packaged systems systems, HPI, HPI customizes customizes security security solutions at at significantly significantly reduces risk. risk. Every area of HPI is completely aligned to the cyber security challenge Every area as of the HPI key is completely to protecting aligned our to client s the cyber assets. security challenge as the key to protecting our client s assets.

16 Contact Us OFFICE: CELL: