Roadmaps to Securing Industrial Control Systems
|
|
- Cornelius Garrison
- 8 years ago
- Views:
Transcription
1 Roadmaps to Securing Industrial Control Systems Insert Photo Here Mark Heard Eastman Chemical Company Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL McCormick Place West Copyright 2011 Rockwell Automation, Inc. All rights reserved.
2 Presenter Mark Heard, Eastman Chemical Company Recovering Control System Engineer Experience with several kinds of automation systems, especially networking with other plant systems General interest in security and admin issues for ICS Work on Eastman Cybersecurity teams Process Control Network Security, Network Segmentation, Cybersecurity Vulnerability Assessment, Process Automation Systems Authentication, Systems Integrity, IT Security Team Working with ISA S99, ACC Cybersecurity Program (formerly through ChemITC and CIDX) since 2002 Copyright 2011 Rockwell Automation, Inc. All rights reserved.
3 What is an ICS Security Roadmap? A structured set of priorities, milestones and goals which address security requirements specific to Industrial Control Systems (ICS), over a 10 year timeframe
4 Published Roadmaps Energy Sector (revised Sep-11) The 2011 Roadmap takes the necessary steps to strengthen the security and reliability of our country s electric grid, in a climate of increasingly sophisticated cyber incidents. This update marks a continued effort by public and private energy sector stakeholders to reduce cyber vulnerabilities that could disrupt the nation's ability to deliver power and energy.
5 Published Roadmaps Water Sector Chemical Sector Dams Draft/Approval: Nuclear Cross-Sector (recognizing and mapping commonality between sector documents) by Department of Homeland Security s Industrial Control Systems Joint Working Group
6 Roadmap Strategies Build a Culture of Security Assess, Monitor and Mitigate Risk Develop and Implement New Protective Measures to Reduce Risk Manage Incidents Sustain Security Improvements for Asset Owner/Operators Vendors/Solution Providers Research/Academia Government Regulators/Standards Organizations
7 Common Goals Across Roadmaps Measure and Assess Security Posture Assess Risk Develop and Integrate Protective Measures Develop and Deploy ICS Security Programs Detect Intrusion and Implement Response Strategies Develop and Implement Risk Mitigation Measures Sustain Security Improvements Partnership and Outreach Secure-by-Design
8 Why do We Care? ICS are increasingly interconnected to other plant and business systems ICS vendors continue to rapidly incorporate standard Information Technology into their products These trends expose the ICS to modern malware threats Potential consequences of an ICS cyber incident can include: Reduction or loss of production at one site or multiple sites simultaneously; Injury or death of employees; Injury or death of persons in the community; Damage to equipment; Release, diversion, or theft of hazardous materials; and Impact to company s reputation in the community.
9 The Risk is Real!! Federal agencies reported 30,000 incidents to US-CERT during fiscal year 2009 [U.S. Government Accountability Office report 6/16/2010] >400% increase over what was reported in CIP Survey conducted by Symantec 60% of cyber attacks were somewhat to extremely effective Average cost of an attack was estimated at $850,000 Significant increase in Advanced Persistent Threat (APT) Stuxnet signaled a paradigm shift in ICS cyber threats Demonstrated that ICS are susceptible to increasingly sophisticated cyber-attacks
10 Chemical Sector Roadmap The voice of the sector on improvements to control systems security Published September 2009 Following sign off by the Chemical Sector Coordinating Council A structured set of priorities spanning a 10-year timeframe specific to needs of Industrial Control Systems (ICS) in the Chemical Sector 10
11 Roadmap Vision In 10 years, the layers of defense for industrial control systems managing critical applications will be designed, installed and maintained, commensurate with risk, to operate with no loss of critical function during and after a cyber event. Scope Industrial Control Systems (ICS) in chemical facilities that are part of the critical infrastructure Possible implications for ICS vendors Connection to other systems included if they impact ICS risk
12 Chemical Sector Roadmap Implementation Working Group Established December 2010 Roadmap Implementation Manager Catalyst 35, under ACC contract CSCC American Chemistry Council (ACC) National Petrochemical & Refiners Association (NPRA) DHS DHS National Cyber Security Division - Control Systems Security Program DHS Chemical SSA Owners/Operators AkzoNobel Dow Chemical Infineum DuPont Eastman Chemical Western Refining Exxon Mobil Air Products Ashland Air Products Vendors Computer Sciences Corporation (CSC)
13 Roadmap Implementation In Partnership with DHS DHS Sector Specific Agency (SSA) is supporting our efforts Utilizing Homeland Security Information Network (HSIN) to share working documents Focusing on milestones identified for the first two years Comprehensive Awareness Package Collected a wealth of resources/reference information Designed to assist owners/operators in addressing ICS security Providing speakers at various conferences across the U.S. Metrics: Working on creating Roadmap Metrics Secure Information Sharing: Developing a matrix of current forums Website: in design stage 13
14 Roadmap Objectives Long Term Improved ICS security across the chemical sector Immediate Build awareness across the chemical sector and ICS vendor community of the resources available to assist the sector in realizing its long term objective.
15 Awareness Campaign Focus Areas Developing a Business Case for investing in ICS security Conducting an ICS Security Assessment Training for employees who work in the ICS environment Implementing existing standards Complying with existing Chemical Facility Anti-Terrorism Standards (CFATS) Regulations Leveraging Best Practices Wherever possible, not Chem sector specific
16 Developing a Business Case The protection of ICS from cyber security threats requires resources and personnel to plan, develop and implement needed security measures Companies must develop a business case for investing in ICS security A business rationale for justifying this investment is currently under development Authored by the Industrial Control Systems Joint Working Group Goal is to provide guidance for Developing a Business Case icsjwg@dhs.gov
17 Awareness Materials Case for Action Cyber Security Evaluation Tool (CSET) Cyber Security Tabletop Exercise (TTX) Procurement language ICS Security Training Resource ICS-CERT & Cyber Incident Response Industry standards and additional relevant guidance
18 A Case for Action The chemical industry dedicates immense time and resources toward ensuring the safety of its personnel, customers, and surrounding community; but in today s environment of growing cyber threats, a Chemical plant is not safe unless its control systems are secure. One of the trends emerging in the current environment of cost efficiencies, is the move from delivery of ICS on proprietary system platforms to open system platforms. These open platforms carry a greater level of cyber risk due to the rapid growth of cyber threats against them.
19 CSET - Cyber Security Evaluation Tool Available from the Department of Homeland Security Assists organizations in protecting their key national cyber assets. Developed under the direction of the DHS National Cyber Security Division (NCSD) Developed by cybersecurity experts and with assistance from the National Institute of Standards and Technology. This tool provides a systematic and repeatable approach for assessing the security posture cyber systems and networks. Includes both high-level and detailed questions related to all industrial control and IT systems.
20 Procurement Language Department of Homeland Security: Cyber Security Procurement Language for Control Systems provides sample recommended language for control systems security requirements, including: New SCADA/control systems Upgrading Legacy systems Maintenance contracts Information and personnel security
21 ICS Training Resources Chemical Sector Compiled by the Roadmap Implementation Working Group Designed for owner/operators in the process control and automation industries. Lists selected and representative security trainings but not a comprehensive list Organized by levels of difficulty (intro, intermediate, advanced) Includes links to relevant websites, for ease of training access
22 Who Can Benefit from this training? ICS Operations Routinely interact with the ICS environment Security Managers Have primary responsibility for securing ICS Engineers Responsible for design and configuration of ICS functionality IT Personnel Have responsibility for operation & support of IT infrastructure supporting the ICS
23 Leveraging Existing Standards ANSI/ISA99/IEC 62443, Industrial Automation and Control Systems Security A series of 11 standards & technical reports Address all aspects of ICS security 3 work products have been published Several others are available in draft form for review and comment ISO/IEC :2009 Establishes general concepts and principles of IT security evaluation Specifies the general model of evaluation given by its various parts Is intended to be used as the basis for evaluation of security properties of IT products
24 Additional Guidance ACC Guidance for Addressing Cyber Security in the Chemical Sector DHS Catalog of Control Systems Security: Recommendations for Standards Developers NIST Special Publication (SP) , Guide to ICS Security, final public draft Sept 29, 2008 NIST SP Rev 3, Recommended Security Controls for Federal Information Systems and Organizations, August 2009 NERC Critical Infrastructure Protection
25 What Can You Do? Pick up a DVD & Case for Action to take with you Review the information shared today Bring this issue to the attention of your engineering & manufacturing management Ask key questions about how your company is addressing ICS security And as you begin 25
26 Tips for Getting Started Ensure one person takes ownership of ICS security and is accountable. Open the lines of communication between engineering, security, IT, process safety and manufacturing operations within your own company. Conduct an audit of current ICS security measures and implement obvious fixes. Follow-up with an ICS security vulnerability analysis (risk assessment).
27 Tips for Getting Started Implement an ICS security management program that is integrated with existing company management systems for security, safety, quality, etc. Keep in touch by ing for additional information. Become an advocate in your company on this important issue!
28 Insert Photo Here Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL McCormick Place West Copyright 2011 Rockwell Automation, Inc. All rights reserved.
7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationThe Dow Chemical Company. statement for the record. David E. Kepler. before
The Dow Chemical Company statement for the record of David E. Kepler Chief Sustainability Officer, Chief Information Officer, Business Services and Executive Vice President before The Senate Committee
More informationSCADA Security Training
SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,
More informationPROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM
PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM Don Dickinson Phoenix Contact USA P.O. Box 4100 Harrisburg, PA 17111 ABSTRACT Presidential Executive Order 13636 Improving
More informationResilient and Secure Solutions for the Water/Wastewater Industry
Insert Photo Here Resilient and Secure Solutions for the Water/Wastewater Industry Ron Allen DA/Central and Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Your slides here Copyright 2011
More informationResilient and Secure Solutions for the Water/Wastewater Industry
Insert Photo Here Resilient and Secure Solutions for the Water/Wastewater Industry Ron Allen DA/Central and Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Cyber Security IT People Geeks How
More informationChemical Sector Cyber Security Program
Chemical Sector Cyber Security Program Christine Adams, Director, Chemical Sector Cyber Security Program Neil Hershfield, Director, CIDX Cyber Security Initiative Cyber Security Program Leadership Executive
More informationBuilding Insecurity Lisa Kaiser
Building Insecurity Lisa Kaiser Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Insecurity How do I Specify it Buy it Test it Deploy it Regret it Apologize for it Specifying Insecurity
More informationProtect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies
Protect Your Assets Cyber Security Engineering Control Systems. Power Plants. Hurst Technologies Cyber Security The hackers are out there and the cyber security threats to your power plant are real. That
More informationHelp for the Developers of Control System Cyber Security Standards
INL/CON-07-13483 PREPRINT Help for the Developers of Control System Cyber Security Standards 54 th International Instrumentation Symposium Robert P. Evans May 2008 This is a preprint of a paper intended
More informationWater Sector Initiatives on Cyber Security. Water Sector Cyber Security Symposium Dallas, TX August 15, 2013
Water Sector Initiatives on Cyber Security Water Sector Cyber Security Symposium Dallas, TX August 15, 2013 Presentation Outline The water sector Interdependencies with other critical infrastructure sectors
More informationRethinking Cyber Security for Industrial Control Systems (ICS)
Rethinking Cyber Security for Industrial Control Systems (ICS) Bob Mick VP Emerging Technologies ARC Advisory Group bmick@arcweb.com 1 Rethinking Cyber Security We Now Have Years of Experience - Security
More informationICS-CERT Incident Response Summary Report
ICS-CERT Incident Response Summary Report 20092011 OVERVIEW The Department of Homeland Security (DHS) Control Systems Security Program manages and operates the Industrial Control Systems Cyber Emergency
More informationRelease of the Draft Cybersecurity Procurement Language for Energy Delivery Systems
Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Energy Sector Control Systems Working Group Supporting the Electricity Sector Coordinating Council, Oil & Natural Gas
More informationENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE
ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE JANUARY 2015 U.S. DEPARTMENT OF ENERGY OFFICE OF ELECTRICITY DELIVERY AND ENERGY RELIABILITY Energy Sector Cybersecurity Framework Implementation
More informationICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team. National Cybersecurity and Communications Integration Center
ICS-CERT Year in Review Industrial Control Systems Cyber Emergency Response Team 2013 National Cybersecurity and Communications Integration Center What s Inside Welcome 1 National Preparedness 2 Prevention
More informationIndustrial Control Systems Security Guide
Industrial Control Systems Security Guide Keith Stouffer, Engineering Lab National Institute of Standards and Technology NIST SP 800-82, Rev 2 and ICS Cybersecurity Testbed Keith Stouffer Project Leader,
More informationWhich cybersecurity standard is most relevant for a water utility?
Which cybersecurity standard is most relevant for a water utility? Don Dickinson 1 * 1 Don Dickinson, Phoenix Contact USA, 586 Fulling Mill Road, Middletown, Pennsylvania, USA, 17057 (*correspondence:
More informationRE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity
October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure
More informationHow To Understand And Manage Cybersecurity Risk
White Paper A Framework to Gauge Cyber Defenses NIST s Cybersecurity Framework Helps Critical Infrastructure Owners to Cost-Effectively Defend National & Economic Security of the U.S. Executive Summary
More informationIEEE-Northwest Energy Systems Symposium (NWESS)
IEEE-Northwest Energy Systems Symposium (NWESS) Paul Skare Energy & Environment Directorate Cybersecurity Program Manager Philip Craig Jr National Security Directorate Sr. Cyber Research Engineer The Pacific
More informationBest Practices in ICS Security for System Operators. A Wurldtech White Paper
Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationCyber Security and Privacy - Program 183
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
More informationThe State of Industrial Control Systems Security and National Critical Infrastructure Protection
The State of Industrial Control Systems Security and National Critical Infrastructure Protection Emerging Threats Tinuade Adesina, Lulea University of Technology Sweden IT Security for the Next Generation
More informationCybersecurity Guidance for Industrial Automation in Oil and Gas Applications
Cybersecurity Guidance for Industrial Automation in Oil and Gas Applications February 17, 2015 Agenda Agenda Introductions Agenda Introductions Discussion of the current state of Cybersecurity for Controls
More informationNIST Cybersecurity Initiatives. ARC World Industry Forum 2014
NIST Cybersecurity Initiatives Keith Stouffer and Vicky Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL National Institute of Standards and Technology (NIST) NIST s mission
More informationWhite Paper. 7 Steps to ICS and SCADA Security. Tofino Security exida Consulting LLC. Contents. Authors. Version 1.0 Published February 16, 2012
Tofino Security exida Consulting LLC White Paper Version 1.0 Published February 16, 2012 Contents Executive Summary... 1 Step 1 Assess Existing Systems... 1 Step 2 Document Policies & Procedures... 3 Step
More informationMaturation of a Cyber Security Incident Prevention and Compliance Program
Maturation of a Cyber Security Incident Prevention and Compliance Program Utilities & Energy Compliance & Ethics Conference February 25, 2013 Houston, Texas Anna Wang Principal Consultant Imminent Cyber
More informationCyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services
Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance
More informationA MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS
A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS CYBER ATTACKS INFILTRATE CRITICAL INFRASTRUCTURE SECTORS Government and enterprise critical infrastructure sectors such as energy, communications
More informationIndustrial Cyber Security 101. Mike Spear
Industrial Cyber Security 101 Mike Spear Introduction Mike Spear Duluth, GA USA Global Operations Manager, Industrial Cyber Security Mike.spear@honeywell.com Responsible for the Global Delivery of Honeywell
More informationHow To Manage Risk On A Scada System
Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives (Revised March 2012) Disclaimer: To the extent permitted by law, this document
More informationSecuring Industrial Control Systems in the Chemical Sector. Roadmap Awareness Initiative Making the Business Case
Securing Industrial Control Systems in the Chemical Sector Roadmap Awareness Initiative Making the Business Case Developed by the Chemical Sector Coordinating Council in partnership with The U.S. Department
More informationDepartment of Homeland Security Federal Government Offerings, Products, and Services
Department of Homeland Security Federal Government Offerings, Products, and Services The Department of Homeland Security (DHS) partners with the public and private sectors to improve the cybersecurity
More informationCIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016
CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016 My name is Jacob Olcott and I am pleased to share some observations on
More informationNIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH
NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH SANS ICS Security Summit March 18, 2014 Jason D. Christopher Nadya Bartol Ed Goff Agenda Background Use of Existing Tools: C2M2 Case
More informationGAO. CRITICAL INFRASTRUCTURE PROTECTION DHS Leadership Needed to Enhance Cybersecurity
GAO For Release on Delivery Expected at 3 p.m. EDT Wednesday, September 13, 2006 United States Government Accountability Office Testimony Before the House Committee on Homeland Security, Subcommittee on
More informationHigh Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe
2/1/2012 Assessor: J. Doe Disclaimer This report is provided as is for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information
More informationThree Simple Steps to SCADA Systems Security
Three Simple Steps to SCADA Systems Security Presented by: Gabe Shones, PE / Gilbert Kwan, PE Insert Photo Here Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL
More informationITL BULLETIN FOR SEPTEMBER 2012 REVISED GUIDE HELPS ORGANIZATIONS HANDLE SECURITY-RELATED INCIDENTS
ITL BULLETIN FOR SEPTEMBER 2012 REVISED GUIDE HELPS ORGANIZATIONS HANDLE SECURITY-RELATED INCIDENTS Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More information2) trusted network, resilient against large scale Denial of Service attacks
Sam Crooks Network Design Engineer My background is that I have worked in the gaming (as in casinos, gambling), credit card processing industries, consumer credit and related
More informationOlav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord
Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord Implementation of Cyber Security for Yara Glomfjord Speaker profile Olav Mo ABB
More informationProcess Control System Cyber Security Standards an Overview
INL/CON-06-01317 PREPRINT Process Control System Cyber Security Standards an Overview 52nd International Instrumentation Symposium Robert P. Evans May 2006 This is a preprint of a paper intended for publication
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationNIST Cybersecurity Framework Manufacturing Implementation
NIST Cybersecurity Framework Manufacturing Implementation Keith Stouffer Project Leader, Cybersecurity for Smart Manufacturing Systems Engineering Lab, NIST Manufacturing Cybersecurity Research at NIST
More informationInformation Bulletin
Public Policy Division Impact of NIST Guidelines for Cybersecurity Prepared by UTC Staff 1. Introduction... 3 2. Cybersecurity Landscape... 3 3. One Likely Scenario... 5 4. Draft NISTIR 7628, Guidelines
More informationHow To Write A Cybersecurity Framework
NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order
More informationSuzanne B. Schwartz, MD, MBA Director Emergency Preparedness/Operations & Medical Countermeasures (EMCM Program) CDRH/FDA
8 th Annual Safeguarding Health Information: Building Assurance through HIPAA Security HHS Office of Civil Rights and National Institute of Standards & Technology Wednesday September 2, 2015 Suzanne B.
More informationCYBERSECURITY RISK MANAGEMENT
CYBERSECURITY RISK MANAGEMENT Evan Wolff Maida Lerner Peter Miller Kate Growley 233 Roadmap Cybersecurity Risk Overview Cybersecurity Trends Selected Cybersecurity Topics Critical Infrastructure DFARS
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationTHE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013
THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The
More informationWater Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary
Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary May 2007 Environmental Protection Agency Executive Summary
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationPREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection
More Intelligent, More Effective Cybersecurity Protection January 2013 Business Roundtable (BRT) is an association of chief executive officers of leading U.S. companies with more than $7.3 trillion in
More informationCONCEPTS IN CYBER SECURITY
CONCEPTS IN CYBER SECURITY GARY KNEELAND, CISSP SENIOR CONSULTANT CRITICAL INFRASTRUCTURE & SECURITY PRACTICE 1 OBJECTIVES FRAMEWORK FOR CYBERSECURITY CYBERSECURITY FUNCTIONS CYBERSECURITY CONTROLS COMPARATIVE
More informationWhat s Inside. ICS-CERT Year in Review 2014. Welcome 1. ICS-CERT Introduction 2. ICS-CERT 2014 Highlights 3. ICS-CERT Watch Floor Operations 4
What s Inside Welcome 1 ICS-CERT Introduction 2 ICS-CERT 2014 Highlights 3 ICS-CERT Watch Floor Operations 4 Incident Response 6 Vulnerability Coordination 8 Technical Analysis 9 Assessments 10 Training
More informationThe Importance of Cybersecurity Monitoring for Utilities
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More informationIndependent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015
Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 OIG-16-A-03 November 12, 2015 All publicly available OIG reports (including
More informationSCOPE. September 25, 2014, 0930 EDT
National Protection and Programs Directorate Office of Cyber and Infrastructure Analysis (OCIA) Critical Infrastructure Security and Resilience Note Critical Infrastructure Security and Resilience Note:
More informationABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?
ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security? Agenda Threats Risk Assessment Implementation Validation Advanced Security Implementation Strategy
More informationCyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
More informationResponse to NIST: Developing a Framework to Improve Critical Infrastructure Cybersecurity
National Grid Overview National Grid is an international electric and natural gas company and one of the largest investor-owned energy companies in the world. We play a vital role in delivering gas and
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationApril 28, 2009. Dear Mr. Chairman:
April 28, 2009 The Honorable Edward J. Markey Chairman Subcommittee on Energy and Environment Committee on Energy and Commerce U.S. House of Representatives Washington, D.C. 20515 Dear Mr. Chairman: I
More informationFeature. SCADA Cybersecurity Framework
Feature Samir Malaviya, CISA, CGEIT, CSSA, works with the Global Consulting Practice-GRC practice of Tata Consultancy Services and has more than 17 years of experience in telecommunications, IT, and operation
More informationCybersecurity Resources
Assessment Resources Cybersecurity Resources Cyber Resiliency Review (CRR) is a DHS assessment tool that measures the implementation of key cybersecurity capacities and capabilities. The goal of the CRR
More informationAn International Perspective on Security and Compliance
UNIDIRECTIONAL SECURITY GATEWAYS An International Perspective on Security and Compliance ICSJWG Fall Conference 2014 Lior Frenkel, CEO and Co-Founder Waterfall Security Solutions Andrew Ginter, VP Industrial
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationU.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW. November 12, 2012 NASEO
U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW November 12, 2012 NASEO ISER Response: from site focused to system focused Emergency Preparedness, Response, and Restoration Analysis and
More informationFederal Highway Administration Director, Office of Transportation Management
Federal Highway Administration Director, Office of Transportation Management Transportation Systems Cyber-Security Framework A process to Monitor Alert Advise Owner/Operators of ITS deployments From just
More informationFundamental Issues: Nuclear Generators Lead Cyber Security
power eng.com http://www.power eng.com/articles/npi/print/volume 8/issue 5/nucleus/fundamental issues nuclear generators lead cybersecurity.html Fundamental Issues: Nuclear Generators Lead Cyber Security
More informationBuilding more resilient and secure solutions for Water/Wastewater Industry
Building more resilient and secure solutions for Water/Wastewater Industry Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Copyright 2010 Rockwell Automation, Inc. All rights reserved. 1 Governmental
More informationPROJECT BOEING SGS. Interim Technology Performance Report 1. Company Name: The Boeing Company. Contract ID: DE-OE0000191
Interim Techlogy Performance Report 1 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V2 Company Name: The Boeing Company December 10, 2012 1 Interim Techlogy Performance Report 1
More informationGE Measurement & Control. Cyber Security for Industrial Controls
GE Measurement & Control Cyber Security for Industrial Controls Contents Overview...3 Cyber Asset Protection (CAP) Software Update Subscription....4 SecurityST Solution Options...5 Centralized Account
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Infrastructure Information Collection Division August 2015 Michael A. Norman Overview
More informationStatement for the Record of
Statement for the Record of Roberta Stempfley Acting Assistant Secretary Office of Cyber Security and Communications National Protection and Programs Directorate Department of Homeland Security and Sean
More informationCSMS. Cyber Security Management System. Conformity Assessment Scheme
CSMS Cyber Security Management System Conformity Assessment Scheme for the CSMS Certification Criteria IEC 62443-2-1:2010 Cyber Security Management Syste 1 Purpose of the CSMS Conformity Assessment Scheme
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationCyber Security Seminar KTH 2011-04-14
Cyber Security Seminar KTH 2011-04-14 Defending the Smart Grid erik.z.johansson@se.abb.com Appropriate Footer Information Here Table of content Business Drivers Compliance APT; Stuxnet and Night Dragon
More informationCyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012
Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012 ATC Nuclear ATC-N serves the commercial nuclear utilities in the US and many foreign
More informationCybersecurity Enhancement Account. FY 2017 President s Budget
Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities
More informationCS 2 SAT: The Control Systems Cyber Security Self-Assessment Tool
INL/CON-07-12810 PREPRINT CS 2 SAT: The Control Systems Cyber Security Self-Assessment Tool ISA Expo 2007 Kathleen A. Lee January 2008 This is a preprint of a paper intended for publication in a journal
More informationFrost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends
Frost & Sullivan s Aerospace, Defence & Security Practice Global Industrial Cyber Security Trends Presented by Philipp Reuter Director Frost & Sullivan, Turkey 1 Worth over $ 50 Billion globally in 2014
More informationObtaining Enterprise Cybersituational
SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationCopyright 2011 Rockwell Automation, Inc. All rights reserved. Quick Industrial Security Assessment
Copyright 2011 Rockwell Automation, Inc. All rights reserved. Quick Industrial Security Assessment Key Concerns of Control System Security 1. Preventing accidental and unintentional changes to the control
More informationManaging Cyber Risks to Transportation Systems. Mike Slawski Cyber Security Awareness & Outreach
Managing Cyber Risks to Transportation Systems Mike Slawski Cyber Security Awareness & Outreach The CIA Triad 2 SABSA Model 3 TSA Mission in Cyber Space Mission - Facilitate the measured improvement of
More informationChanging Legal Landscape in Cybersecurity: Implications for Business
Changing Legal Landscape in Cybersecurity: Implications for Business Presented to Greater Wilmington Cyber Security Group Presented by William R. Denny, Potter Anderson & Corroon LLP May 8, 2014 Topics
More informationU.S. Department of Energy Office of Inspector General Office of Audits and Inspections
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report Federal Energy Regulatory Commission's Monitoring of Power Grid Cyber Security DOE/IG-0846 January 2011
More informationISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services
ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better
More informationCYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES. second edition
CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES second edition The information provided in this document is presented as a courtesy to be used for informational purposes only.
More informationCritical Infrastructure Security & Resilience Month 2014 Toolkit
Critical Infrastructure Security & Resilience Month 2014 Toolkit Homeland Security Table of Contents Table of Contents... ii CRITICAL INFRASTRUCTURE SECURITY & RESILIENCE MONTH... 1 HOW TO PROMOTE CRITICAL
More informationNHTSA S AUTOMOTIVE CYBERSECURITY RESEARCH. Arthur Carter, Frank Barickman, NHTSA
NHTSA S AUTOMOTIVE CYBERSECURITY RESEARCH Arthur Carter, Frank Barickman, NHTSA Electronic Systems Safety Research Division Electronic Systems Safety (ESS) Research Division conducts research to ensure
More informationPROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE0000191
Interim Techlogy Performance Report 3 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V1 Company Name: The Boeing Company November 19, 2013 1 Interim Techlogy Performance Report 3
More informationCYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES
CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information
More information(HTTP://WWW.ADDTHIS.COM/BOOKMARK.PHP?V=250&PUBID=XA- 4EC5891570C11392)
(HTTP://WWW.ADDTHIS.COM/BOOKMARK.PHP?V=250&PUBID=XA- 4EC5891570C11392) VISIT: WWW.TTCUS.COM (HTTP://WWW.TTCUS.COM /? HSTC=40060925.4FE4E58F02ECBE9D993453E16A8EB373.1374161815407.1374161815407.1374161815407.1&
More informationPreventing and Defending Against Cyber Attacks October 2011
Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their
More informationCYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
More informationNational Cybersecurity & Communications Integration Center (NCCIC)
National Cybersecurity & Communications Integration Center (NCCIC) FOR OFFICIAL USE ONLY NCCIC Overview NCCIC Overview The National Cybersecurity and Communications Integration Center (NCCIC), a division
More informationOverview. FedRAMP CONOPS
Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,
More information