Hybrid Risk Management for Utility Networks
|
|
- Bernice Daniels
- 8 years ago
- Views:
Transcription
1 Hybrid Risk Management for Utility Networks Hermann de Meer Computer Networks and Computer Communications Lab (CNACC) University of Passau
2 CNACC: Introduction People Prof. Dr.-Ing. Hermann de Meer 11 PhD students/ras Research IT-security/functional safety Risk analysis in critical infrastructures Analysis of security implications induced by networking (e.g., smart grid) Energy systems Intelligent demand-response mechanisms in smart grids Trade-off-analysis of energy efficiency/performance/security Virtualization 2
3 ACM SIGCOMM e-energy Conference Univ. Passau (2010), Columbia Univ. (2011), IMDEA Univ. Carlos III Madrid (2012), UC Berkeley (2013), Univ. Cambridge (2014) UK, IBM Research India at Bangalore (2015). Topics cover the whole energy systems environment Sensing, monitoring and management of energy systems Energy-efficient computing and communication Distribution and transmission network control techniques Modeling, control, and architectures for renewable energies Smart grid communication architectures and protocols Privacy and security of smart grid infrastructure 3
4 Power Grid Smart Grid Power grid evolves into a smart grid Integration and interdependence of power network with information and communication technology (ICT) Extension of the grid using decentralized, renewable energy sources Power network with public IT networks (e.g., the Internet) Combination of both networks leads to a network of networks Interdependence of networks New network has previously unknown, new properties Combined network forms a new complex system Fusion of IT and power network generates new challenges 4
5 Motivation (1/2) Power failure in north eastern US in 2003 Causes Effects Software errors in monitoring systems Overload and failure of IT backup systems Lack of risk awareness Outdated supply network infrastructure Poor communication More than 55 million people without electricity Failure of public telecommunications/utility networks Estimated costs: 6 billion $ (Photos: Huffington Post, 2003) 5
6 Motivation (2/2) Dragonfly malware infection (announced April 30 th 2014) Causes Hacking websites of control system software vendors Infection and later distribution of software packages Infection of industrial systems by remote access trojans (RATs) Has been launched since 2011 minimum with significant virulances Effects Capabilities: Gather information, such as passwords, screenshots Backdoor Estimated costs: could well cause a significant amount of damage * How can such catastrophic failures be prevented? *Adam Kujawa, head of malware intelligence at Malwarebytes (Graphic: Symantec, 2014) 6
7 Risk Assessment (1/4) Power/communication networks are critical infrastructures Constant availability not optional, but mandatory Disturbances are economically, socially and politically-administratively catastrophical Risk assessment in smart grids enormously challenging Possible error propagation between ICT and energy network Various sources of error: Accidents/human error Defects in hardware/software Deliberate attacks (physical/it-based) Large-scale, long-term failures must be prevented! 7
8 Risk Assessment (2/4) The need for new risk assessments tailored for interconnected utility networks is already known: ENSIA: Security Aspects of Smart Grid Propose that there at least is a risk management in smart grids: Align cyber-security to the organization s overall IT strategy based on the defined risk profile Establish a rigorous, on-going risk management process However, the solutions proposed in this document are either very abstract and underspecified, or based on legacy best practices Concluding, the risk management by ENSIA does not address all risks in networked utilities in detail 8
9 Risk Assessment (3/4) NIST: Introduction to NISTIR 7628 Guidelines for Smart Grid Cyber Security Risk management also proposed, but only considering legacy risk sources E.g., no consideration of risk caused by interconnection No special metrics that include all risk sources and the possibilities of failure propagation between different networks Current risk assessment approaches have to be re-thought A new, solid foundation for risk assessment is needed 9
10 Risk Assessment (4/4) Legacy risk assessments have been used for a long time These approaches focus either on utility or control network Control network Combined networked Utility network utility infrastructure Integrity problems Network of networks Physical infrastructure Previously isolated Uncontrolled access threats Failure propagation Phishing, social Reliability problems Mutual dependence of engineering networks Misuse of infrastructure Future How smart to deal utilities with are these networked, new threats? not isolated! 10
11 Possible Solutions Resilient implementation of networked utilities requires: Novel risk evaluation approaches Integration, interaction and interdependency of utility and ICT network Analysis of risk origins such as the human factor for the networks New risk metrics for interconnected utility infrastructure networks Robust communication infrastructures Awareness of all involved entities/persons System-wide strategies to deal with multiple threat sources in both control & utility network 11
12 HyRiM: Project Facts HyRiM = Hybrid Risk Management for Utility Networks EU FP7-research project (Call FP7-SEC ) Runtime: 36 months ( ) Cooperation between 7 project partners Austrian Institute of Technology Lancaster University ETRA Investigación y Desarrollo, S.A. Akhela S.R.L. Suministros Especiales Alginetenses, Coop. V. Linz AG Universität Passau 12
13 HyRiM: Project Facts Analysis of organizational / human factors Monitoring of data & power network perimeter Monitoring and protection of SCADA systems (Figure: Föderprogramm E-Energy des BMWi) 13
14 HyRiM: Overview The goal of HyRiM is to extend current risk management approaches to utility networks HyRiM will focus on the interconnection points between control networks and individual utility networks Providing a quantitative approach to support decision makers Assessing the potential threats and their cascading effects Main objectives of the project Develop and evaluate hybrid risk metrics Assess and categorize security risks in interconnected utility infrastructure networks Provide foundations for novel protection mechanisms 14
15 HyRiM: Goals (1/4) Analysis of organizational/human factors Uncertainty of employees due to lack of security/safety standardization and emerging working paradigms, such as bring your own device or mobile working lead to new threats Goals Consideration of the human factor by studying the sociological and economic effects on the different networks Special focus on the usage on personally owned digital/communication devices and how it might comprise security of a control network Definition of security architectures and guidelines to mitigate threats related to human and organizational (including cyber) risk 15
16 HyRiM: Goals (2/4) Monitoring and protection of SCADA systems Utility providers are often unaware of the sensitivity of control networks leading to an underestimation their importance and a lack of security Goals Evaluation of interdependent utility network infrastructures and attacks targeted specifically at utility network controls Classification of attacks against SCADA systems (e.g., threats of smart phones, USB sticks) Development of tools and methods for risk assessment, which extend existing methodologies towards the handling of new threats (e.g., Advanced Persistent Threats) arising in interconnected SCADA networks 16
17 HyRiM: Goals (3/4) Monitoring of data & power network perimeter Interconnection of utility facilities can open new attack vectors exploitable from unprotected remote locations Goals Combination of monitoring and surveillance of the extended perimeter Enhancing network and infrastructure surveillance systems using novel, on-demand technologies in the extended perimeter of utility networks Development of self-diagnostic systems for detecting errors in utility infrastructures Classification and recommendations for IT-based protection systems according to applicability and effectiveness in utility networks 17
18 HyRiM: Goals (4/4) Development of hybrid risk metrics To be able to perform a system-wide risk analysis covering control and utility networks, novel risk assessment approaches are required Goals Hybrid risk metrics are based on the combination and interrelation of risks in the power and the ICT/control networks Based on the application of a mathematical framework to provide a basis for quantitative risk assessment Development of analytical methods/metrics for risk assessment Hybrid risk metrics will allow both the assessment and categorization of security risks in interconnected utility infrastructure networks 18
19 Further Research There are still open questions remaining: 1) How can the reliability of the communication infrastructure be guaranteed? Networked utility infrastructures more and more depend on automated processes relying on IP data exchange Therefore, reliable communication is becoming increasingly important in utility networks However, achieving reliable communication is an important challenge Strategies for reliable message delivery have to be taken In dedicated and public networks (e.g. the Internet) Usage of new technologies to achieve reliability (e.g. virtualization) 19
20 Further Research There are still open questions remaining: 2) How can the regulatory challenges in an interconnected ICT- and utility-network be met? Currently lack of standards and best practices stretching across both ICT and power grid domains Different standards developed at different times with unequal maturity, development speed and domains Interoperability and interchangeability are essential prerequisites for a functional smart grid. Without them, interaction of different vendors would be rendered completly impossible. 20
21 Further Research There are still open questions remaining: 3) What is the influence of interconnecting utility networks on their functional safety? Combining ICT and utility networks adds a direct link between IT security and safety E.g. can the manipulation of SCADA systems directly influence control systems used in power plants Utility networks often a critical infrastructure, which in case of failures endanger the environment as well as human lives How can the additional information available in networked utilities be used to increase safety? 21
22 Conclusion Future scenarios are not fully foreseeable Increasing integration of IT and supply networks Increasing dependence between network components problematic Incomplete analysis of risks and threats Currently no sufficient protection Utility network control systems not designed for use in IT networks No sound strategy in the event of a black-outs Comprehensive risk analysis of the smart grid required! Protection of both ICT and power networks necessary! Emergency plans for the smart grid in case of disasters! 22
Cybersecurity Risk Assessment in Smart Grids
Cybersecurity Risk Assessment in Smart Grids Lucie Langer, Paul Smith, Thomas Hecht firstname.lastname@ait.ac.at AIT Austrian Institute of Technology ComForEn Symposium 2014 Sept 30, 2014 1 Risk Assessment:
More informationSecurity Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013
Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational
More informationAgenda. Introduction to SCADA. Importance of SCADA security. Recommended steps
Agenda Introduction to SCADA Importance of SCADA security Recommended steps SCADA systems are usually highly complex and SCADA systems are used to control complex industries Yet.SCADA systems are actually
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationFrost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends
Frost & Sullivan s Aerospace, Defence & Security Practice Global Industrial Cyber Security Trends Presented by Philipp Reuter Director Frost & Sullivan, Turkey 1 Worth over $ 50 Billion globally in 2014
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationCyber Security and Privacy - Program 183
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
More informationCybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014
Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security
More informationIEEE-Northwest Energy Systems Symposium (NWESS)
IEEE-Northwest Energy Systems Symposium (NWESS) Paul Skare Energy & Environment Directorate Cybersecurity Program Manager Philip Craig Jr National Security Directorate Sr. Cyber Research Engineer The Pacific
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationRisk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit
Page 1 of 10 Events Partners Careers Contact Facebook Twitter LinkedIn Pike Research Search search... Home About Research Consulting Blog Newsroom Media My Pike Logout Overview Smart Energy Clean Transportation
More informationPanel Session: Lessons Learned in Smart Grid Cybersecurity
PNNL-SA-91587 Panel Session: Lessons Learned in Smart Grid Cybersecurity TCIPG Industry Workshop Jeff Dagle, PE Chief Electrical Engineer Advanced Power and Energy Systems Pacific Northwest National Laboratory
More informationPOLICIES TO MITIGATE CYBER RISK
POLICIES TO MITIGATE CYBER RISK http://www.tutorialspoint.com/information_security_cyber_law/policies_to_mitigate_cyber_risk.htm Copyright tutorialspoint.com This chapter takes you through the various
More informationSmart grid security analysis
Smart grid security analysis Paul Smith et al. paul.smith@ait.ac.at SPARKS Stakeholder Workshop 20 th May, 2014, Graz SPARKS Objectives The SPARKS project has three main objectives regarding security analysis:
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationHow To Protect A Smart Grid From Cyber Security Threats
Smart Grid Cyber Security System Reliability, Defense-in-Depth, Business Continuity, Change Management, Secure Telecommunications, Endpoint Protection, Identity Management, and Security Event Management
More informationUtility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security
Boeing Defense, Space & Security Ventures Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security Tristan Glenwright - Boeing BOEING is a trademark of Boeing Management Company. The
More informationWhat is Really Needed to Secure the Internet of Things?
What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs alan.grau@iconlabs.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices
More informationGEARS Cyber-Security Services
Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More informationfuture data and infrastructure
White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal
More informationThe State of Industrial Control Systems Security and National Critical Infrastructure Protection
The State of Industrial Control Systems Security and National Critical Infrastructure Protection Emerging Threats Tinuade Adesina, Lulea University of Technology Sweden IT Security for the Next Generation
More informationBuilding Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch
Building Blocks of a Cyber Resilience Program Monika Josi monika.josi@safis.ch About me Chief Security Advisor for Microsoft Europe, Middle East and Africa providing support to Governments and CIIP until
More informationChair Mays, Co-Vice Chair Fox, Co-Vice Chair Whitfield and Members of the Committee:
National Association of Regulatory Utility Commissioners (NARUC) Winter Committee Meeting SGIP Report to Committee on Critical Infrastructure Sunday, February 9, 2014 Chair Mays, Co-Vice Chair Fox, Co-Vice
More informationChallenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved
Siemens AG - Corporate Technology - IT Security Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved Not a single
More informationIT Security Quo Vadis?
Munich IT Security Research Group IT Security Quo Vadis? Hans-Joachim Hof MuSe - Munich IT Security Research Group Munich University of Applied Sciences hof@hm.edu http://muse.bayern Prof. Dr.-Ing. Hans-Joachim
More informationRE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity
October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure
More informationCyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services
Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance
More informationi-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors
March 25-27, 2014 Steven A. Kunsman i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors ABB Inc. March 26, 2015 Slide 1 Cyber Security for Substation
More informationADVANCED DISTRIBUTION MANAGEMENT SYSTEMS OFFICE OF ELECTRICITY DELIVERY & ENERGY RELIABILITY SMART GRID R&D
ADVANCED DISTRIBUTION MANAGEMENT SYSTEMS OFFICE OF ELECTRICITY DELIVERY & ENERGY RELIABILITY SMART GRID R&D Eric Lightner Director Federal Smart Grid Task Force July 2015 2 OE Mission The Office of Electricity
More informationHow To Protect Water Utilities From Cyber Attack
Cybersecurity in the Water Sector Copyright 2015 American Water Works Association Overview Reality of the Threat Environment Water Sector Cyber Risk Management Key Resources Connectivity = Exposure Process
More informationBest Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper
Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationUsing Vulnerable Hosts to Assess Cyber Security Risk in Critical Infrastructures
Workshop on Novel Approaches to Risk and Security Management for Utility Providers and Critical Infrastructures Using Vulnerable Hosts to Assess Cyber Security Risk in Critical Infrastructures Xiaobing
More informationEmerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP
Emerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP July 25, 2014 Topics Improved 4G Communications Mobile Devices Cyber Security Threats Cyber Security Guidance
More informationENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE
ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE JANUARY 2015 U.S. DEPARTMENT OF ENERGY OFFICE OF ELECTRICITY DELIVERY AND ENERGY RELIABILITY Energy Sector Cybersecurity Framework Implementation
More informationExecutive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.
Executive Summary Statement of Nadya Bartol Vice President, Industry Affairs and Cybersecurity Strategist Utilities Telecom Council Before the Subcommittee on Oversight and Subcommittee on Energy Committee
More informationRESILIENCE AGAINST CYBER ATTACKS Protecting Critical Infrastructure Information
www.wipro.com RESILIENCE AGAINST CYBER ATTACKS Protecting Critical Infrastructure Information Saritha Auti Practice Head - Enterprise Security Solutions, Wipro Table of Contents 03... Abstract 03... Why
More informationEncyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.
Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted. Administrative Awareness Case Study: Government Offices Certification and Accreditation:
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationEL Program: Smart Manufacturing Systems Design and Analysis
EL Program: Smart Manufacturing Systems Design and Analysis Program Manager: Dr. Sudarsan Rachuri Associate Program Manager: K C Morris Strategic Goal: Smart Manufacturing, Construction, and Cyber-Physical
More informationAs global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended
As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended Global Cybercrime has an estimated cost of US$ 110 Billion per year Every second, 18 adults become a
More informationDeltaV System Cyber-Security
January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationSCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP
SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationAdvanced Persistent Threats
White Paper INTRODUCTION Although most business leaders and IT managers believe their security technologies adequately defend against low-level threats, instances of (APTs) have increased. APTs, which
More informationCDM Hardware Asset Management (HWAM) Capability
CDM Hardware Asset Management (HWAM) Capability Department of Homeland Security Office of Cybersecurity and Communications Federal Network Resilience Table of Contents 1 PURPOSE AND SCOPE... 2 2 THREAT
More informationCyber Security & State Energy Assurance Plans
Cyber Security & State Energy Assurance Plans Michigan Cyber Summit 2011 Friday, October 7, 2011 Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials What is Energy
More informationSCADA Security Training
SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,
More informationData Security Concerns for the Electric Grid
Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid The U.S. power grid infrastructure is a vital component of modern society and commerce, and represents a critical
More informationData Breach Response Planning: Laying the Right Foundation
Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationInternet of Things (IoT): Security Awareness. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com
Internet of Things (IoT): Security Awareness Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com So What is the Internet of Things Network of physical objects embedded with: Electronics, software, sensors
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationMEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO
E MARITIME SAFETY COMMITTEE 95th session Agenda item 4 MSC 95/4/1 5 March 2015 Original: ENGLISH MEASURES TO ENHANCE MARITIME SECURITY Industry guidelines on cyber security on board ships Submitted by
More informationAsset Management Challenges and Options, Including the Implications and Importance of Aging Infrastructure
Asset Management Challenges and Options, Including the Implications and Importance of Aging Infrastructure Presentation to the U.S. Department of Energy by the IEEE Joint Task Force on QER Trends: Resilience
More informationCapabilities for Cybersecurity Resilience
Capabilities for Cybersecurity Resilience In the Homeland Security Enterprise May 2012 DHS Cybersecurity Strategy A cyberspace that: Is Secure and Resilient Enables Innovation Protects Public Advances
More informationCommunication Security Measures for SCADA Systems
Communication Security Measures for SCADA Systems Ron Farquharson, MV Consulting, DNP User Group Jim Coats, Triangle MicroWorks, DNP User Group Joe Stevens, Triangle MicroWorks 23 September 2014, Raleigh,
More informationResponse to NIST: Developing a Framework to Improve Critical Infrastructure Cybersecurity
National Grid Overview National Grid is an international electric and natural gas company and one of the largest investor-owned energy companies in the world. We play a vital role in delivering gas and
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationSPARKS Cybersecurity Technology and the NESCOR Failure Scenarios
SPARKS Cybersecurity Technology and the NESCOR Failure Scenarios Lucie Langer and Paul Smith firstname.lastname@ait.ac.at AIT Austrian Institute of Technology ComForEn Workshop Monday 29 th September,
More informationDepartment of Management Services. Request for Information
Department of Management Services Request for Information Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 Submitted By: Carlos Henley
More informationWhat IT Auditors Need to Know About Secure Shell. SSH Communications Security
What IT Auditors Need to Know About Secure Shell SSH Communications Security Agenda Secure Shell Basics Security Risks Compliance Requirements Methods, Tools, Resources What is Secure Shell? A cryptographic
More informationDecrease your HMI/SCADA risk
Decrease your HMI/SCADA risk Key steps to minimize unplanned downtime and protect your organization. Are you running your plant operations with serious risk? Most industrial applications lack recommended
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More informationModelling cyber-threats in the Airport domain: a case study from the SECONOMICS project. Alessandra Tedeschi, Deep Blue S.r.
Modelling cyber-threats in the Airport domain: a case study from the SECONOMICS project Alessandra Tedeschi, Deep Blue S.r.L, Rome, Italy Project overview SECONOMICS is a 36 months project funded in the
More informationImproving Energy Infrastructure Security: Costs and Consequences
Improving Energy Infrastructure Security: Costs and Consequences Alex Farrell 1,Hisham Zerriffi 2, Lester Lave 2, Granger Morgan 2 1 Energy and Resources Group, UC Berkeley 2 Dept. of Engineering and Public
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationThe Importance of Cybersecurity Monitoring for Utilities
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More informationDocument ID. Cyber security for substation automation products and systems
Document ID Cyber security for substation automation products and systems 2 Cyber security for substation automation systems by ABB ABB addresses all aspects of cyber security The electric power grid has
More informationSeminar: Security Metrics in Cloud Computing (20-00-0577-se)
Technische Universität Darmstadt Dependable, Embedded Systems and Software Group (DEEDS) Hochschulstr. 10 64289 Darmstadt Seminar: Security Metrics in Cloud Computing (20-00-0577-se) Topics Descriptions
More informationICT SECURITY SECURE ICT SYSTEMS OF THE FUTURE
OVERVIEW Critial infrastructures are increasingly dependent on information and communication technology. ICT-systems are getting more and more complex, and to enable the implementation of secure applications
More informationEmergency Response Service. 2013 IBM Corporation
Emergency Response Service Who is our team The Cyber Security Intelligence and Response team is staffed with: Highly skilled forensic analysts and consultants dedicated to incident response. Resident malware
More informationCybersecurity. Are you prepared?
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
More informationCybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015
Cybersecurity Kill Chain William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Who Am I? Over 20 years experience with 17 years in the financial industry
More informationCyber Security for SCADA/ICS Networks
Cyber Security for SCADA/ICS Networks GANESH NARAYANAN HEAD-CONSULTING CYBER SECURITY SERVICES www.thalesgroup.com Increasing Cyber Attacks on SCADA / ICS Systems 2 What is SCADA Supervisory Control And
More informationDoD Strategy for Defending Networks, Systems, and Data
DoD Strategy for Defending Networks, Systems, and Data November 13, 2013 Department DoDD of Defense Chief Information Officer DoD Strategy for Defending Networks, Systems, and Data Introduction In July
More informationHow To Secure A Wireless Utility Network
Utilities Facing Many Challenges Cyber Security Is One Area Where Help Is Available Executive Summary Utilities are in the crosshairs of many forces in the world today. Among these are environmental global
More informationPROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE0000191
Interim Techlogy Performance Report 3 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V1 Company Name: The Boeing Company November 19, 2013 1 Interim Techlogy Performance Report 3
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More information8/27/2015. Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354. Don t Wait Another Day
Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354 2015 FRWA Annual Conference Don t Wait Another Day 1 SCADA Subsystems Management Physical Connectivity Configuration Mgmt.
More informationCyber Security Seminar KTH 2011-04-14
Cyber Security Seminar KTH 2011-04-14 Defending the Smart Grid erik.z.johansson@se.abb.com Appropriate Footer Information Here Table of content Business Drivers Compliance APT; Stuxnet and Night Dragon
More informationData Driven Assessment of Cyber Risk:
Data Driven Assessment of Cyber Risk: Challenges in Assessing and Mitigating Cyber Risk Mustaque Ahamad, Saby Mitra and Paul Royal Georgia Tech InformationSecurity Center Georgia Tech Research Institute
More informationClick to edit Master title style
EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication
More informationCYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
More informationNational Cyber League Certified Ethical Hacker (CEH) TM Syllabus
National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)
More informationGuiding principles for security in a networked society
ericsson White paper Uen 307 23-3230 February 2014 Guiding principles for security in a networked society The technological evolution that makes the Networked Society possible brings positive change in
More informationApproach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera
Approach to Information Security Architecture Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera About TeliaSonera TeliaSonera provides network access and telecommunication services that help
More informationSCADA Security: Challenges and Solutions
SCADA Security: Challenges and Solutions June 2011 / White paper by Metin Ozturk, Philip Aubin Make the most of your energy Summary Executive Summary... p 2 Protecting Critical Infrastructure Includes
More informationUnified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice
Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government
More informationCybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity
Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness
More informationCybersecurity Awareness. Part 1
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationINTELLIGENCE BY ZPRYME ZPRYME.COM SMARTGRIDRESEARCH.ORG 2013 ZPRYME RESEARCH & CONSULTING, LLC. ALL RIGHTS RESERVED.
cyber security SPONSORED BY INTELLIGENCE BY ZPRYME ZPRYME.COM SMARTGRIDRESEARCH.ORG 2013 ZPRYME RESEARCH & CONSULTING, LLC. ALL RIGHTS RESERVED. survey JANUARY 2013 Table of Contents Executive Summary...
More informationSeminar on Unfair Competition Enforcement in the United States and Supply Chain Cybersecurity Issues. Palace Hotel Saigon, HCMC, November 19 th 2014
Seminar on Unfair Competition Enforcement in the United States and Supply Chain Cybersecurity Issues Palace Hotel Saigon, HCMC, November 19 th 2014 Cyber Security and Supply Chain Integrity as Risk Factors
More informationNow and Tomorrow. IEEE/AICCSA Conference November 2014 Malike Bouaoud Cyber Security Advisor
Now and Tomorrow IEEE/AICCSA Conference November 2014 Malike Bouaoud Cyber Security Advisor Hacktivism Regulatory/Compliance (local and international) Sophisticated Malware Data leakage Cybercriminal syndicates
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationAchieving Business Agility Through An Agile Data Center
Achieving Business Agility Through An Agile Data Center Overview: Enable the Agile Data Center Business Agility Is Your End Goal In today s world, customers expect or even demand instant gratification
More informationService-Aware Security for Distributed Automation. Ilan Barda GRIPS SciREX Symposium February 2 nd 2015
Service-Aware Security for Distributed Automation Ilan Barda GRIPS SciREX Symposium February 2 nd 2015 The market Securing the Industrial IoT Source: MarketsandMarkets, December 2014-2- Radiflow Mission
More information