Power Facilities Physical Security Threats Physical Security, Personnel Security and Preventative Measures

Transcription

1 COurse Power Facilities Physical Security Threats Physical Security, Personnel Security and Preventative Measures Houston Marriott West Loop by The Galleria Sponsor is authorized by IACET to offer 1.0 CEUs for the course. 1

2 Overview The electric smart grid promises increased capacity, reliability and efficiency through the existing electricity network. However, there is a new host of vulnerabilities stemming from physical intrusion potentially leading to devastating physical effects. The security of a system is as strong as its weakest link. Thus, the scale and complexity of the smart grid, along with its increased connectivity and automation make the task of physical protection particularly challenging. Power facilities, including power plants, sub stations and transmission lines, must be prepared as they face the challenges that come with protecting their assets. What is the concept of defense, including perimeter security? Safety versus Security - what do you do when the two contradict each other? What is bomb recognition and sweeping? Get answers to these questions and more. This course will cover physical security from three major perspectives; preventative measures, physical security 101, and personnel security for those in the energy industry. Issues related to CIP 5 and any new issues identified by CIP 14 will also be discussed in addition to security incidents at power facilities making headlines. Attendees will discover the legal issues facing the security community, and review brand protection, touching upon terrorism of all types. Examples will be provided revolving around risk management and how it has become even more important with limited resources, including the various concepts of risk management. A review of access control, identification and authentication, as well as security at remote locations, will also be discussed, covering security at shared facilities, including the Four Scenarios of Attack. Finally, personnel security, background investigations, workplace violence, vendor contract security as well as security in the age of social media and the importance of security when contracting services will be addressed. Upon completion of this course, attendees should have the skills and knowledge to effectively apply physical security concepts and practices, acquire and analyze the information necessary for protecting assets, and allocate security resources to protect those assets. Who Should Attend Utility and energy company staff from the following departments: Directors and CEOs Corporate Security Risk Assessment Managers/Directors Legal and regulatory staff Information technology and information security Operations and engineering Administrative and support staff Control systems Crisis Management Managers As well as: Attorneys and regulators Contractors and vendors LEARNING OUTCOMES Discuss lessons learned from past security events at power facilities, review legal issues facing security personnel and understand the different type of threats facing the security community Review various threats facing US Energy assets, examine various concepts designed to reduce the risks to energy facilities and examine the four scenarios of attack Discuss the concepts of Risk Management including Risk Tolerance / Appetite, Risk Management Cycle and Risk Management Framework Review the basics of physical security including but not limited to access management, visitor control, hardening of site security and the handling of bomb threats Examine individual roles in information security and the protection of critical assets and intellectual property Discuss the prevention of workplace violence REGISTER 4601 TODAY! DTC Blvd., CALL Suite OR VISIT 2

3 Agenda Wednesday, August 20, :00-8:30 a.m. registration and Continental Breakfast 8:30-8:45 a.m. introduction 8:45-10:00 a.m. review of CIP 5, Real World Security Incidents and Threats to Facilities Lessons learned from past security incidents, legal issues facing security personnel, and types of threats facing today s facility security personnel are covered Corporate Security has been an important part of business since the days of Allan Pinkerton and the Railroad Express companies. In this session, various aspects of physical security that are important to any facility or business in any industry will be reviewed. There will also be an analysis of certain aspects of CIP 5, in addition to revealing real world incidents that have occurred in the energy industry and what could have been done to prevent those incidents. Physical security incidents occur from coast to coast. An evaluation from a historical perspective to identify procedures, that if implemented properly, could have prevented the security incidents. Additionally, a depiction of potential legal issues facing those that work in the field of security will be clarified should those in the industry fail to act in the best interests of themselves, the industry and their customers. Finally, there will be an examination of the types of threats that face facilities in the energy industry. 10:00-10:30 a.m. Networking Break 10:30 a.m. - 12:00 p.m. Security Management Theory and Threats Types of threats facing US energy assets, concepts ad theory used to reduce risks and the four scenarios of attack. Understanding the threats facing facilities and the differences in the types of threats facing facilities is crucial to any security management program. In this session, the theories of physical security management will be discussed in addition to identifying the threats, and a breakdown of the differences between the threats and the different aspects of threats and the various stages. By better understanding the various threats, security managers will be able to better protect their facilities. Terrorism versus criminal activity will be examined along with groups and criminal organizations whose mission is to disrupt business, harm personnel and steal assets. Knowing the precursors of an attack, and the importance of intelligence gathering, will prepare security managers for current security threats. Lastly, four scenarios of an attack each and every facility should be aware of to better protect their facility will be studied.. 12:00-1:00 p.m. Group Luncheon 1:00-2:15 p.m. risk Management Risk Management concepts, including risk appetite/tolerance, risk management cycles, and development of risk tolerance framework will be reviewed. In the era of shrinking resources it is incredibly important for today s physical security professionals to use what resources they have in a highly efficient and beneficial manner. Understanding risk management will enable security managers to better use their limited resources to protect their industry from catastrophic events. This session will introduce different principles of risk management and how it can assist the industry in identifying, scoring and remediating risks facing security professionals. Attendees will learn how to address corporate risk and tolerance, discuss the risk management cycle and begin to understand the importance of implementing a risk tolerance framework. The following topics will be clarified: Ishikawa fishbone diagram, risk appetite scale and the steps of developing a risk appetite/tolerance framework. The importance of developing a strategic risk assessment is crucial and will be discussed and the importance of using this assessment to prioritize funding and allocation of initiative to reduce risk. 2:15-2:30 p.m. Afternoon Break 2:30-3:30 p.m. Risk Management Continued 3

4 Agenda Wednesday, August 20, 2014 (Continued) 3:30-4:30 p.m. A Physical Security Approach to Substation Security and NERC Compliance High profile intrusions and physical attacks against substations have spurred a lot of discussion about physical security resulting in a FERC directive, for NERC to propose new physical security standards from NERC. A holistic approach to security has been proven to be more effective and addresses compliance requirements In the Utilities Industry at the same time. It is now essential to monitor and report rolesbased physical access to various facilities, control rooms, substations and critical assets. Utilities of all size need to know who has access to specific facilities, critical assets and cyber critical assets and how much area access they should have within those facilities. Version 5 of the NERC CIP compliance requirements adds more to physical security requirements in addition to complete background check and criminal history record checks for employees and un-escorted contractors. Additionally, highly critical assets must be housed in secured boundaries and any access to that area recorded and tracked. Join the experts who are leading this session to discuss why this new approach is the only way to detect and identify complex threats that extend across the boundaries of cyber and physical security. Lessons you will learn: Why integrating physical and cyber security is key How to overcome the challenges of extending security across organizational boundaries New techniques that cover upfront risk analysis and automated workflow to simplify onboarding offboarding, anomaly detection and threat correlation - Ron Fabela, Sr. Product Manager, AlertEnterprise Thursday, August 21, :00 8:30 a.m. continental Breakfast 8:30-10:00 a.m. Physical Security 101 A sampling of concepts in Physical Security including Access Management, Site Security, Security Systems, Visitor Screening, and Handling of Bomb Threats. Physical security is an ever evolving field and it is important for both novice and experienced managers to understand the concepts of physical security. Real world examples of where security failed will be identified. Physical security concepts, including what constitutes a physical security system will be revealed in addition to deterrence, detection and delaying factors and the important of access controls. The aspect of proper lighting, credentialing, cameras and fencing as well as vegetation management is important to the overall success of protecting facilities, including the importance of proper visitor management. Providing security training to personnel with non security duties can have exponential benefits. How to handle bomb threats including searching methods and identifying dangerous substances will be discussed and the importance of physical security training and conducting exercises and drills. 10:00-10:30 a.m. Networking Break 10:30 a.m. - 12:00 p.m. Operational Security, Personnel Security and Workplace Violence Concepts in handling of critical assets, information security, intellectual property and HR from a security perspective In the digital age, information has become today s currency. Protecting a company s assets, whether its people, information, equipment, data or intellectual property should be a priority. This session will examine the importance of protecting assets and provide recommendations to better protect current and future assets. Operational security will also be discussed, including instruction on protection of data cradle to grave. The protection of data, both physical and electronic format will be examined, including examples of the repercussions companies face when policies are not followed. Finally, the importance of personnel security, including background investigations, social media solutions and workplace violence will be reviewed, along with a group discussion about protecting assets. 12:00-12:30 p.m. Q&A/Conclusion 4

5 INSTRUCTORs CAPT Chris Schaffer, USCGR (ret) / Principal, Risk Mitigation and Security / AliTek Consulting, LLP Chris Schaffer is Principal of the Security Practice at AliTek Consulting in specializing in security, regulatory compliance, business continuity, disaster recovery, and incident and crisis management. Chris has over 28 years of practical experience in facility and Maritime security, security vulnerability assessments, regulatory compliance, crisis management and business continuity in both government and private sector companies. Chris has served in senior management and as a senior consultant in both Fortune 500 companies as well as the Department of Homeland Security, U.S. Coast Guard where he currently holds the rank of Captain (0-6) in the Reserves. He holds a Bachelor of Science in Risk Management from Florida State University, a Master of Arts in Theology from Andersonville Theological Seminary and is a graduate of the U.S. Naval War College s Command and Staff program as well as the Darden Executive Education Program at the University of Virginia. He also holds a second Master s Degree in Security Management from the University of Houston and is a member of the Phi Kappa Phi Honor Society. Captain Schaffer s awards include the Meritorious Service Medal, two Coast Guard Commendation Medals with Operational Distinguishing Device, three Coast Guard Achievement Medals with Operational Distinguishing Device, the Navy and Marine Corps Achievement Medal, two Coast Guard Commandant s Letter of Commendation ribbons, the Global War On Terrorism Service Medal, the 9-11 Department of Transportation service ribbon and various other unit and service awards. He also is authorized to wear the permanent Advanced Boat Force Operations insignia. Jesse Flores / Lead Security Trainer, Senior Security Consultant / AliTek Consulting, LLP Jesse Flores is the Lead Trainer and a Senior Consultant at AliTek Consulting in Houston, Texas specializing in security / risk management, information security, records management and security, crisis management, regulatory compliance, business continuity, incident response and disaster recovery. Jesse has nearly 15 years of practical experience in the risk management and physical / information security industry. Jesse has worked with both the private sector and federal government agencies working in risk management, and physical / information security management. Jesse has conducted IT and physical security vulnerability assessments, risk assessments, enforcing regulatory compliance, crisis management and business continuity planning both in the United States and abroad. He has served as a information security officer, supervisory risk analyst, IT security auditor and consultant. Jesse has worked in integrated operation centers monitoring the real time emergency activities of federal agencies and conducted / lead numerous emergency exercises. Jesse is a seasoned speaker and has been conducting training sessions within the energy sector for many years. His most recent duties allow him to engage facility security officers, health and safety officers and contract security personnel in the areas of physical security, MTSA, and CFATS. Jesse has conducted facility security vulnerability assessments throughout his career and continues to work with leading companies in the energy sector to advise security personnel, conduct business continuity exercises, address critical infrastructure needs and identify, score and mitigate risk. Jesse holds a Bachelor s Degree in Computer Information Systems from Texas State University at San Marcos, and a Graduate Degree (Masters in Security Management for Executives) from the University of Houston - Downtown. Jesse has received in depth training in the areas of Business Continuity Planning, Risk Assessment and Abatement, and Information Security. 5

6 Instructional Methods This program will use PowerPoint Presentations, group discussions, as well as active participation. Requirements for Successful Completion of Program Participants must sign in/out each day and be in attendance for the entirety of the course to be eligible for continuing education credit. Credits has been accredited as an Authorized Provider by the International Association for Continuing Education and Training (IACET). In obtaining this accreditation, the (organization name) has demonstrated that it complies with the ANSI/IACET Standard which is recognized internationally as a standard of good practice. As a result of their Authorized Provider status, (organization name) is authorized to offer IACET CEUs for its programs that qualify under the ANSI/IACET Standard. is authorized by IACET to offer 1.0 CEUs for the course. EVENT LOCATION A room block has been reserved at the Houston Marriott West Loop by The Galleria, 1750 West Loop South, Houston, TX 77027, for the nights of August 19-20, Room rates are $189 for single & double occupancy, plus applicable tax. Call for reservations and mention the course to get the group rate. The cutoff date to receive the group rate is August 8, 2014 but as there are a limited number of rooms available at this rate, the room block may close sooner. Please make your reservations early. PROCEEDINGS The proceedings of the course will be published, and one copy will be distributed to each registrant at the course. register 3 send 4th free Any organization wishing to send multiple attendees to these conferences may send 1 FREE for every 3 delegates registered. Please note that all registrations must be made at the same time to qualify. 6

7 REGISTRATION INFORMation Mail Directly To: Electric Utility Consultants, Inc. () 4601 DTC Blvd., Ste. 800 OR, scan and to: please register the following Power Facilities Physical Security Threats : US $1495 Early bird on or before August 8, 2014: US $1295 Event location A room block has been reserved at the Houston Marriott West Loop by The Galleria, 1750 West Loop South, 77027, for the nights of August 19-20, Room rates are $189 for single & double occupancy, plus applicable tax. Call for reservations and mention the course to get the group rate. The cutoff date to receive the group rate is August 8, 2014 but as there are a limited number of rooms available at this rate, the room block may close sooner. Please make your reservations early. ENERG ZE WEEKLY s Energize Weekly newsletter compiles and reports on the latest news and trends in the energy industry. Newsletter recipients also receive a different, complimentary conference presentation every week on a relevant industry topic. The presentations are selected from a massive library of more than 1,000 current presentations that has gathered during its 26 years organizing conferences. Sign me up for Energize Weekly. How did you hear about this event? (direct , colleague, speaker(s), etc.) Print Name Job Title Company What name do you prefer on your name badge? Address City State/Province Zip/Postal Code Country Telephone List any dietary or accessibility needs here CREDIT CARD Name on Card Account Number Billing Address Billing City Billing State Billing Zip Code/Postal Code exp. Date Security Code (last 3 digits on the back of Visa and MC or 4 digits on front of AmEx) OR Enclosed is a check for $ to cover registrations. All cancellations received on or before July 18, 2014, will be subject to a US $195 processing fee. Written cancellations received after this date will create a credit of the tuition (less processing fee) good toward any other event or publication. This credit will be good for six months. In case of event cancellation, s liability is limited to refund of the event registration fee only. For more information regarding administrative policies, such as complaints and refunds, please contact our offices at reserves the right to alter this program without prior notice. 7