Industrial Control Security
|
|
- Evan Harvey
- 8 years ago
- Views:
Transcription
1 Industrial Control Security Holiday Inn, Sacramento, California The Effective Approach for Protecting Oil and Gas Critical Infrastructures from the Emerging Cyber Threats Pre Conference Workshop, 5th October 2014 with Ayman AL-Issa, Digital Oil Fields Cyber Security Advisor, ADMA Headline Sponsors Co Sponsors Event Overview All stakeholders have a new responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure. Public and Private partnerships are paramount and information sharing on an international level a priority. We will be addressing key areas of vulnerability, threat detection, mitigation, and planning for the Utilities and Oil and Gas sectors. The ICS Energy USA conference has been developed with the guidance of the Cyber Senate. An exclusive community of authoritative global leaders with unparalleled experience and knowledge in both Cyber and Industrial Control sectors. Key Speakers Samara Moore, IT and Cyber Security Policy Advisor, Department of Energy Mike Ahmadi, Global Business Development Director, Codenomicon William Barker, Cybersecurity Standards and Technology Advisor, NIST Billy Rios, Director of Vulnerability Research and Threat Intelligence, Qualys Fred Hintermister, Manager, ESISAC, North American Electric Reliability Corporation Galen Rasch, Senior Program Manager Power Delivery and Utilization Sector, Electric Power Research Institute Scott Saunders, Information and Security Officer, Sacramento Municipal Utilities District Billy Glenn, Principal Enterprise Architect, Pacific Gas and Electric Ayman Al Issa, Digital Oil Fields Cyber Security Advisor, Abu Dhabi Marine Operating Company Pan Kamal Vice President, Marketing and Product Management AlertEnterprise Seth Bromberger, Specialist in Critical Infrastructure Protection, Principal, NCI Security Patricia Robison, Professor, New York University Phillip Beabout, Manager, Security Special Projects and Response Strategy, San Onofre Nuclear Generation Station Media Partners Pre Conference workshop 5th October 2014 Effective methodology to protecting the oil and gas critical infrastructures from the emerging cyber threats Workshop Leader: Ayman AL-Issa Digital Oil Fields Cyber Security Advisor Refreshment sponsors
2 Colin McKinty Vice President of Cyber Security Strategy, Americas BAE Systems Applied Intelligence Every country relies on critical infrastructure to provide essential services underpinning many of these important functions are Industrial control systems (ICS). As the threat of cyber attacks has increased, those responsible for designing and maintaining these systems have had to think more and more about security. The ICS Cyber Security Conference provides the perfect environment for ICS specialists and security practitioners to meet and discuss the unique challenge involved in securing our Critical National Infrastructure (CNI). As a company that delivers solutions to government and commercial customers to help secure the CNI, we at BAE Systems Applied Intelligence value the opportunity to participate in ICS Cyber Security Conference. It creates an environment in which we can continue learning about the latest challenges our clients are facing as well as providing the opportunity to discuss our views on security best practices. About the Cyber Senate James Nesbitt Organiser and Director The Cyber Senate Our vision To create a community of global leaders with unparalleled knowledge and experience, a common voice for the international Cyber Security industry. To be the first port of call to facilitate discussion and public and private information sharing. We address key Cyber topics across industry sectors such as Finance and Banking, Transport, Energy & Power and Healthcare. Through high value content and a robust network of thought leaders, we raise awareness of global security risks to assist in information sharing and the progression of a safer more resilient society. For further information contact The Cyber Senate represents the best in relationship development, information sharing and thought leadership on a global level. A robust and resilient Cyber Security strategy is the most important directive on the international agenda, not only addressing current developments, but also how we intend on protecting and securing future generations. I look forward to the ICS Cyber Security show with great anticipation, knowing that the potential of each valued speaker and participant, in the right environment and setting, together, have an unrivalled ability to shape the resiliency of our critical national infrastructure. It is a privilege to be your host. WEBSITE: TWITTER:@cybersenate
3 Headline Sponsors Co Sponsors Refreshment Sponsors BAE Systems Applied Intelligence delivers solutions to government and commercial customers; with a focus on critical national infrastructure. For example, IndustrialProtect is a network segmentation appliance developed to secure automation between IT and OT networks. The appliance provides hardware implemented security functions, ensuring the validity, integrity, and authorization of data exchange. Pre Conference Workshop 5th October 2014 AlertEnterprise delivers IT-OT and Cybersecurity Convergence Software for Security Incident Management and Response to identify and prevent cyber and physical attacks, sabotage and terrorism by uncovering blended threats across IT security, Physical Access Controls and Industrial Control Systems. AlertEnterprise streamlines OT Compliance as well as contractor, employee and vendor security. Automation.com is the leading online content provider in the automation industry, dedicated to providing information that enables control and automation professionals to do their jobs better. The website and topic-specific e-newsletters feature articles, news, products, supplier and system integrator directories, job center, white papers, application stories and events. The website attracts 115,000+ unique visitors each month. The Effective Approach for Protecting Oil and Gas Critical Infrastructures from the Emerging Cyber Threats Overview of workshop While there were heaps of talks during the last few years about the increase in emerging threats that are targeting Industrial Control Systems (ICS), the major challenge that needs more focus is how to practically improve cyber security within these heterogeneous industrial environments while maintain safe operation. The workshop will give a comprehensive overview of the practical approach for designing and implementing cyber security for the new Industrial Control Systems from Front End Engineering Design (FEED) Stage to the EPC (Engineering, Procurement and Construction). It will also discuss how to address the challenges faced for securing the existing new and legacy control systems in the brown oil fields. Program Registration & Coffee Session 1 Morning Coffee Session2 End of workshop Why you should attend Learn how to embed industrial cyber security technical assurance in project lifecycle Discuss ways to resolve the human IT and OT conflicts. Who should do what? Develop ideas on implementing a defense in depth model for protecting the critical infrastructure Evaluate the important aspects that you need to consider before implementing cyber security in the existing ICS systems About the workshop host Ayman has over 20 years of experience in the fields of Automation, Information Technology, and Cyber Security. He has graduated with a Bachelor s degree in Electronics Engineering and verse in different backgrounds like industrial control systems, systems engineering, and building cyber security strategies and models.. He is information contributor to the ISA99/ IEC62443 Industrial Automation and Control Systems Cyber Security Standards. He is the Industrial Cyber Security Center Chief Technology Advisor in the Middle East and Asia, and he is a member in the Cyber Security Advisory boards of top rated worldwide universities for the advancement of researches on industrial cyber security. He is also an active member in different international Security Innovation Alliances that are focused in a worldwide program for improving the security of industrial control systems by the close collaboration of the leading IT Security and industrial control system vendors. Realizing that security measures are always behind the emerging cyber risks, he developed an ICS defense-in-depth industrial cyber security model that aims to early detection of threats based on security-through-visionand-integration. Workshop main bullets Understanding the Evolving nature of Industrial Cyber Threats Protecting critical infrastructures from the emerging cyber threats Understanding the ISA99/IEC62443, and understanding the SILs and SALs Implementing Industrial Cyber Security by Design Resolving the human conflict. Who is going to lead the Industrial Cyber Security task? IT or Control staff? What are the key first things to consider before implementing industrial cyber security? The importance of realizing the Industrial cyber security big picture. Understand the big picture first then zoom in. ICS cyber security risk assessment. Is it done right? Before implementing an Industrial Cyber Security solution, find the answer on how is cyber security going to be supported for the long-term life of the plant (20 to 30 years or more)? What are the obstacles faced by the customer at the plant floor to protect new/ existing (old) diverse types of IACS from the emerging cyber threats. Securing the green field, Securing the brown field. Why an effective cyber-security DID model failed to be implemented so far in a Critical Infrastructure having multi/diverse/old/new Automation Systems, and the way forward? The MAC and the MCSC. The value of the partnership between the Automation vendors and cyber security vendors. Why failing to consider Cyber Security needs at the procurement phase of the ICS systems shall not happen anymore?
4 Day One Chairman s Opening Remarks Key Note Presentation: Realizing the Roadmap Vision: Ensuring Security and Resilience in Today s Changing World. Evolving cybersecurity challenges faced by the sector Policy, operational, and cultural considerations for managing cyber risks and ensuring resilience in our changing world DOE s efforts with industry to support realizing the roadmap vision, such as: R&D projects, Cybersecurity Capability Maturity Model (C2M2), and Cybersecurity Procurement Language for Energy Delivery Systems Executive Order Improving Critical Infrastructure Cybersecurity, including the importance of information sharing and using the NIST Cybersecurity Framework Abstract - The roadmap for secure energy delivery systems 2020 vision is that Systems will be designed, installed, operated, and maintained to survive a cyber incident while sustaining critical energy delivery functions. Today organizations are modernizing infrastructure, automating processes, becoming more connected, and increasingly leveraging telecommunications. Understanding and managing cyber risk is KEY to ensuring secure and resilient infrastructure, including information and operation technology (IT/OT), the role of vendors and external partners, and engaging corporate governance in addressing cyber risks. Samara Moore, Sr IT and Cyber Security Policy Advisor at U.S. Department of Energy The development and standardization of cyber security controls and processes Changing nature and increasing importance and vulnerability of internetworks and internetworked processes and process control systems. Importance in adoption, as well as development, of cybersecurity controls Initiatives aimed at accelerating effective adoption of controls. NCCoE as one approach to facilitation of implementation of security frameworks. Larger cybersecurity context for ICS and critical infrastructure initiatives. Willam Barker, Cybersecurity Standards and Technology Advisor, NIST Creating a Converged OT / IT Architecture While Operational Technology and Information Technology Architecture shares many commonalities, there are at least as many differences, ranging from primary objectives, guiding principles and even culture. This interactive presentation will walk through a process and approach at establishing a converged, holistic reference architecture which guides the design, implementation, integration and evolution of the ever-increasing intersection of OT and IT technologies. We will review similarities and differences, opportunities for alignment and risks of divergence. Particular focus will highlight observed cultural and procedural differences, organizational priorities and methodologies. Billy Glenn, Principal Enterprise Architect, Pacific Gas and Electric Effective methodology to protecting the oil and gas critical infrastructures from the emerging cyber threats Ayman Al Issa, Digital Oilfield Advisor, Abu Dhabi Marine Operating Company Coffee Break and Exhibitor Networking BAE Systems Reserved Combining Physical Security and IT-OT Convergence to Transform Cybersecurity for Critical Infrastructure Following high profile physical attacks on critical structures, compliance requirements for Critical Industries like Utilities, Chemicals, etc. have made it essential to monitor and report on physical access to control rooms, substations and critical assets. Asset owners and operators of all size need to know who and how much access relevant roles have to specific facilities, critical assets and cyber assets. Learn how new techniques can correlate threats across the domains of IT, OT/ICS, and Physical Security to deliver total 360-degree situational intelligence for effective security incident management and responsemany commonalities, there are at least as many differences, ranging from primary objectives, guidin Pan Kamal, Vice President, Marketing and Product Management, AlertEnterprise Coffee and Exhibitor networking Cross Sector Roadmap for Cyber security of Industrial Control Systems Initiatives to enhance the security and resilience of ICS Information sharing - how far have we come in the past five years? Public and Private Partnerships; What has worked and where do we need to focus more effort? Third party risk and disclosure - creating awareness and encouraging disclosure Changes in ICS vulnerability What would the Cross Sector Roadmap look like? Fred Hintermister, Manager, ES-ISAC, North American Electric Reliability Corporation Critical National Infrastructure Cyber Security and Risk Management Scott Saunders, Security Officer, Sacramento Municipal Utilities District Roundtable Discussions Cyber Security for Supply Chain Roundtable discussion Scott Saunders, CISO, SMUD Incident Response: Management and Recovery, what to do when things go wrong Seth Bromberger of NCi Security Effective methodology to protecting the oil and gas critical infrastructures from the emerging cyber threats Ayman Al Issa, Digital Oilfield Cyber Security Advisor, ADMA BAE Systems Roundtable to be announced NIST Roundtable The NCCOE Approach William Barker, Chief Cyber Security Advisor, NIST Networking Luncheon Close of conference
5 Day Two Registration Networking Lunch Chairman s Opening Remarks Heartbleed: What is the impact and what do you need to know? Defensics and safeguard This is Not Our First Big Discovery How the Heartbleed Bug Works How We Discovered Heartbleed What is the Potential Impact How You Can Test for Heartbleed How Can You Protect Yourself What the Future Holds: Heartbleed Conclusions Deep Packet inspections Mike Ahmadi, Global Business Development Director, Codenomicon Understanding ICS Active Defenses Preparing for the storm Actively searching for Indicators of Compromise on ICS Understanding White-listing on ICS systems Assurance models and ICS Billy Rios, Director of Vulnerability Research and Threat Intelligence, Qualys Coffee and Exhibitor Networking Leveraging Cyber Security Controls and Process across the Critical Infrastructure Industries Examples where the same ICS components and cyber security industrial system controls - can and should be used for Telecom, Electricity Grid, Oil/Gas, Transportation, and Medical. Patricia Robison, Professor, New York University Case Study: Cyber security IT/OT Challenges San Onfre Nuclear Generation Station Establishing, implementing, and maintaining the Cyber Security program Critical Data Asset, system and communications protection Physical and operational environment protection Attack mitigation and incident response General site population training Phillip Beabout, Manager, Security Special Projects and Response Strategy San Onofre Nuclear Generation Station Integrating Failure Scenarios into Your Risk Assessment Process Overview of cyber security failure scenarios Failure scenarios for the power delivery sector How to calculate the impact and threat likelihood Risk ranking process Galen Rasch, Senior Program Manager Power Delivery and Utilization Sector, Electric Power Research Institute Lies, Damned Lies, and Statistics: Malware Indicator Correlation As Part of a Security Intelligence Function Synopsis: Advanced threat detection products provide detailed data regarding indicators of compromise. Seth Bromberger from NCI Security analyzed over a year s worth of data from a large multinational corporation and will share the results of his research, along with lessons learned and steps that you can take today to improve your detection of, and response to, malware infections within your organization. Seth Bromberger, Specialist in Critical Infrastructure Protection, NCI Security Coffee and Exhibitor Networking Roundtable Discussions Tabletop exercises for control systems Galen Rasche, Sr. Program Manager Cyber Security, Electric Power Research Institute NIST Roundtable The NCCOE Approach William Barker, Chief Cyber Security Advisor, NIST Integrating cyber security methods into operational hardware Current approaches to supply chain attack analysis and why it doesn t scale Billy Rios, Director of Vulnerability Research and Threat Intelligence, Qualys Close of Conference
Industrial Control Cybersecurity USA 2015
Industrial Control Cybersecurity USA 2015 Subject to change For opportunities contact: James Nesbitt, james.nesbitt@cybersenate.com +1 916 692 0184 USA Copyright Cyber Senate 2015. 13th and 14th October
More informationExecutive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.
Executive Summary Statement of Nadya Bartol Vice President, Industry Affairs and Cybersecurity Strategist Utilities Telecom Council Before the Subcommittee on Oversight and Subcommittee on Energy Committee
More informationNadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA. 2014 Utilities Telecom Council 1
Nadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA 2014 Utilities Telecom Council 1 Why do we need cybersecurity? Agriculture and Food Energy
More informationRE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity
October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationUtility of the Future Virtual Event Series Monthly Virtual Studio Event Series for Utilities
Utility of the Future Virtual Event Series Monthly Virtual Studio Event Series for Utilities PART 1 OPERATIONAL AND CYBER SECURITY WITH AlertEnterprise WEDNESDAY, APRIL 30 Monthly Virtual Events Last Wednesday
More informationCybersecurity Framework: Current Status and Next Steps
Cybersecurity Framework: Current Status and Next Steps Federal Advisory Committee on Insurance November 6, 2014 Adam Sedgewick Senior IT Policy Advisor Adam.Sedgewick@nist.gov National Institute of Standards
More informationRelease of the Draft Cybersecurity Procurement Language for Energy Delivery Systems
Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Energy Sector Control Systems Working Group Supporting the Electricity Sector Coordinating Council, Oil & Natural Gas
More informationObtaining Enterprise Cybersituational
SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational
More informationFacilitated Self-Evaluation v1.0
Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) Patricia Hoffman Facilitated Self-Evaluation v1.0 Assistant Secretary Office of Electricity Delivery and Energy Reliability U.S.
More informationWritten Statement of Richard Dewey Executive Vice President New York Independent System Operator
Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationIEEE-Northwest Energy Systems Symposium (NWESS)
IEEE-Northwest Energy Systems Symposium (NWESS) Paul Skare Energy & Environment Directorate Cybersecurity Program Manager Philip Craig Jr National Security Directorate Sr. Cyber Research Engineer The Pacific
More informationCyber Security. Protecting the UK water industry
Cyber Security Protecting the UK water industry In today s connected world, cyber attacks are a daily occurrence. These attacks can have potentially disastrous consequences for water companies and the
More informationDr. Markus Braendle, Head of Cyber Security, ABB Group 10 Steps on the Road to a Successful Cyber Security Program Asia Pacific ICS Security SUMMIT
Dr. Markus Braendle, Head of Cyber Security, ABB Group 10 Steps on the Road to a Successful Cyber Security Program Asia Pacific ICS Security SUMMIT December 3, 2013 slide 1 A global leader in power and
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More informationRisk & Audit Committee California Public Employees Retirement System
California Public Employees Retirement System Consent Agenda Item 4d ITEM NAME: Enterprise Risk Management Division Status Report PROGRAM: Risk Management ITEM TYPE: Consent Information EXECUTIVE SUMMARY
More informationBest Practices in ICS Security for System Operators. A Wurldtech White Paper
Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationCIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016
CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016 My name is Jacob Olcott and I am pleased to share some observations on
More informationCritical Infrastructure Security and Resilience
U.S. Department of Homeland Security in partnership with the National Coordination Office for Space-Based Positioning, Navigation and Timing Critical Infrastructure Security and Resilience International
More informationDoes Aligning Cyber Security and Process Safety Reduce Risk?
Does Aligning Cyber Security and Process Safety Reduce Risk? How can we align them to protect Operational Integrity? Schneider Electric September 15, 2015 Hosted by Greg Hale, Founder & Editor of Industrial
More informationIndustrial Cyber Security 101. Mike Spear
Industrial Cyber Security 101 Mike Spear Introduction Mike Spear Duluth, GA USA Global Operations Manager, Industrial Cyber Security Mike.spear@honeywell.com Responsible for the Global Delivery of Honeywell
More informationSponsorship & Exhibition Packages
ship & Exhibition Packages Tuesday 22 nd to Thursday 24 th September 2015 Novotel Amsterdam City The Netherlands 4 Conference Tracks in 3 Days! IntelliSub 2015 Smart Substation Implementations NextGen
More informationRESILIENCE AGAINST CYBER ATTACKS Protecting Critical Infrastructure Information
www.wipro.com RESILIENCE AGAINST CYBER ATTACKS Protecting Critical Infrastructure Information Saritha Auti Practice Head - Enterprise Security Solutions, Wipro Table of Contents 03... Abstract 03... Why
More informationBuilding Security In:
#CACyberSS2015 Building Security In: Intelligent Security Design, Development and Acquisition Steve Caimi Industry Solutions Specialist, US Public Sector Cybersecurity September 2015 A Little About Me
More informationRebecca Massello Energetics Incorporated
Cybersecurity Procurement Language for Energy Delivery Systems Rebecca Massello Energetics Incorporated NRECA TechAdvantage February 25, 2015 Talking Points What is this document? Who can use this document
More informationPROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM
PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM Don Dickinson Phoenix Contact USA P.O. Box 4100 Harrisburg, PA 17111 ABSTRACT Presidential Executive Order 13636 Improving
More informationHow To Protect A Smart Grid From Cyber Security Threats
Smart Grid Cyber Security System Reliability, Defense-in-Depth, Business Continuity, Change Management, Secure Telecommunications, Endpoint Protection, Identity Management, and Security Event Management
More informationApril 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899
Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,
More informationSecurity Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013
Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational
More informationAgenda. All Summit Sessions will be held in CA Thayer Ballroom (unless noted).
Program Guide SANS Securing the Internet of Things Summit 2013 Agenda All Summit Sessions will be held in CA Thayer Ballroom (unless noted). All approved presentations will be available online following
More informationCyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services
Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance
More informationRising to the Challenge
CYBERSECURITY: Rising to the Challenge Dialogues with Subject Matter Experts Advanced persistent threats. Zero-day attacks. Insider threats. Cybersecurity experts say that if IT leaders are not concerned
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication
More informationWhich cybersecurity standard is most relevant for a water utility?
Which cybersecurity standard is most relevant for a water utility? Don Dickinson 1 * 1 Don Dickinson, Phoenix Contact USA, 586 Fulling Mill Road, Middletown, Pennsylvania, USA, 17057 (*correspondence:
More informationDepartment of Homeland Security Federal Government Offerings, Products, and Services
Department of Homeland Security Federal Government Offerings, Products, and Services The Department of Homeland Security (DHS) partners with the public and private sectors to improve the cybersecurity
More informationIndustrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk
Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Cyber Security Risk With Today s Cyber Threats, How Secure is Your Control System? Today, industrial organizations are faced
More informationNational Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009
National Security & Homeland Security Councils Review of National Cyber Security Policy Submission of the Business Software Alliance March 19, 2009 Question # 1: What is the federal government s role in
More informationADVANCED DISTRIBUTION MANAGEMENT SYSTEMS OFFICE OF ELECTRICITY DELIVERY & ENERGY RELIABILITY SMART GRID R&D
ADVANCED DISTRIBUTION MANAGEMENT SYSTEMS OFFICE OF ELECTRICITY DELIVERY & ENERGY RELIABILITY SMART GRID R&D Eric Lightner Director Federal Smart Grid Task Force July 2015 2 OE Mission The Office of Electricity
More informationRiskAstute. Prepared for When.
RiskAstute Prepared for When. phishing Legal Threats ISO 27001/2 IT worms FCC Operations FERC process errors AM NTSB cyber-vandalism cyber-thef Accounting viruses SEC Dodd-Frank Customer Service SOX FAA
More informationCyber Security and Privacy - Program 183
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
More informationCybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014
Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security
More informationBuilding Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch
Building Blocks of a Cyber Resilience Program Monika Josi monika.josi@safis.ch About me Chief Security Advisor for Microsoft Europe, Middle East and Africa providing support to Governments and CIIP until
More informationCyberSecurity Solutions. Delivering
CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions
More informationAdvancing Cyber Security Using System Dynamics Simulation Modeling for System Resilience, Patching, and Software Development
Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity (IC) 3 12 February 2015 Advancing Cyber Security Using System Dynamics Simulation Modeling for System Resilience, Patching,
More informationSeven Steps To A Superior Physical Identity and Access Management Solution. Enterprise-Class Physical Identity and Access Management Software
WHITE PAPER Seven Steps To A Superior Physical Identity and Access Management Solution Enterprise-Class Physical Identity and Access Management Software www.alertenterprise.com Seven Steps To A Superior
More informationClick to edit Master title style
EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationCybersecurity Converged Resilience :
Cybersecurity Converged Resilience : The cybersecurity of critical infrastructure 2 AECOM Port Authority of New York and New Jersey (PANYNJ), New York, New York, United States. AECOM, working with the
More informationCyber Security: from threat to opportunity
IT ADVISORY Cyber Security: from threat to opportunity www.kpmg.com/nl/cybersecurity From threat to opportunity / Cyber security / 1 FOREWORD OPPORTUNITY-DRIVEN CYBER SECURITY Cyber security (also known
More informationZen Internet Case Study
Zen Internet Case Study About Zen Internet Zen Internet is an independent Internet Service Provider (ISP) that offers a full range of data, voice, and hosting services to businesses and residential users
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationIT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski
IT AUDIT Current Trends and Top Risks of 2015 2 02 Eric Vyverberg WHO WE ARE David Kupinski Randy Armknecht Associate Director Internal Audit Protiviti 317.510.4661 eric.vyverberg@protiviti.com Managing
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationJOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.
JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationMicrosoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
More informationeet Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry Power and Utilities Fact Sheet
Power and Utilities Fact Sh Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry A holistic approach to business resiliency and disaster recovery
More informationThe Dow Chemical Company. statement for the record. David E. Kepler. before
The Dow Chemical Company statement for the record of David E. Kepler Chief Sustainability Officer, Chief Information Officer, Business Services and Executive Vice President before The Senate Committee
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationIntelligent Data Center Solutions
Intelligent Data Center Solutions Panduit s Unified Physical Infrastructure (UPI): a Guiding Vision A unified approach to physical and logical systems architecture is imperative for solutions to fully
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationRisk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit
Page 1 of 10 Events Partners Careers Contact Facebook Twitter LinkedIn Pike Research Search search... Home About Research Consulting Blog Newsroom Media My Pike Logout Overview Smart Energy Clean Transportation
More informationWhat Risk Managers need to know about ICS Cyber Security
What Risk Managers need to know about ICS Cyber Security EIM Risk Managers Conference February 18, 2014 Joe Weiss PE, CISM, CRISC, ISA Fellow (408) 253-7934 joe.weiss@realtimeacs.com ICSs What are they
More informationDOD Medical Device Cybersecurity Considerations
Enedina Guerrero, Acting Chief, Incident Mgmt. Section, Cyber Security Ops Branch 2015 Defense Health Information Technology Symposium DOD Medical Device Cybersecurity Considerations 1 DHA Vision A joint,
More informationSPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles
PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the
More informationCybersecurity on a Global Scale
Cybersecurity on a Global Scale Time-tested Leadership A global leader for more than a century with customers in 80 nations supported by offices in 19 countries worldwide, Raytheon recognizes that shared
More informationRethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council
Rethinking Information Security for Advanced Threats CEB Information Risk Leadership Council Advanced threats differ from conventional security threats along many dimensions, making them much more difficult
More informationCONCEPTS IN CYBER SECURITY
CONCEPTS IN CYBER SECURITY GARY KNEELAND, CISSP SENIOR CONSULTANT CRITICAL INFRASTRUCTURE & SECURITY PRACTICE 1 OBJECTIVES FRAMEWORK FOR CYBERSECURITY CYBERSECURITY FUNCTIONS CYBERSECURITY CONTROLS COMPARATIVE
More informationSTATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE
STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE COMMITTEE ON ENERGY AND NATURAL RESOURCES UNITED STATES SENATE
More informationCLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY
CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for
More informationRoadmaps to Securing Industrial Control Systems
Roadmaps to Securing Industrial Control Systems Insert Photo Here Mark Heard Eastman Chemical Company Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL McCormick
More informationCyber Security focus in ABB: a Key issue. 03 Luglio 2014, Roma 1 Conferenza Nazionale Cyber Security Marco Biancardi, ABB SpA, Power System Division
Cyber Security focus in ABB: a Key issue 03 Luglio 2014, Roma 1 Conferenza Nazionale Cyber Security Marco Biancardi, ABB SpA, Power System Division Cyber Security in ABB Agenda ABB introduction ABB Cyber
More informationTozzi Holding Case Study
Real-World Solutions With a proven reputation for excellence and innovation, Panduit and our partners work with you to overcome challenges and implement real-world solutions that create a competitive business
More informationHigh Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe
2/1/2012 Assessor: J. Doe Disclaimer This report is provided as is for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information
More informationPREPARED DIRECT TESTIMONY OF SCOTT KING ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY
BEFORE THE PUBLIC UTILITIES COMMISSION OF THE STATE OF CALIFORNIA Application of SOUTHERN CALIFORNIA GAS COMPANY (U 0 G) for Review of its Safety Model Assessment Proceeding Pursuant to Decision 1-1-0.
More informationfuture data and infrastructure
White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal
More informationCyber security in healthcare
Cyber security in healthcare Julian Meyrick, Vice President IBM Security Services Europe julian_meyrick@uk.ibm.com Healthcare is one of the top 5 industries that continue to offer attackers the most significant
More informationSecurity Vulnerability Assessment
Security Vulnerability Assessment Deter, Detect, Delay, Respond the elements for minimizing your operational risk. A detailed SVA assists you to understand how best to do so. Security Vulnerability Assessment
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationHow To Write A Cybersecurity Framework
NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order
More informationNIST Cybersecurity Framework Manufacturing Implementation
NIST Cybersecurity Framework Manufacturing Implementation Keith Stouffer Project Leader, Cybersecurity for Smart Manufacturing Systems Engineering Lab, NIST Manufacturing Cybersecurity Research at NIST
More informationIntel Security Professional Services Leveraging NIST Cybersecurity Framework (CSF): Complexity is the enemy of security
Intel Security Professional Services Leveraging NIST Cybersecurity Framework (CSF): Complexity is the enemy of security David Brezinski, Professional Services, Enterprise Security Architect Agenda Overview
More informationHow To Improve Your Business
IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends
More informationMaturation of a Cyber Security Incident Prevention and Compliance Program
Maturation of a Cyber Security Incident Prevention and Compliance Program Utilities & Energy Compliance & Ethics Conference February 25, 2013 Houston, Texas Anna Wang Principal Consultant Imminent Cyber
More informationBuilding a Cyber Security Operations Center
Building a Cyber Security Operations Center Kevin Charest, Chief Information Security Officer, U.S. Department of Health and Human Services Allison Miller, Senior Director of InfoSec Response Team, UnitedHealth
More informationA MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS
A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS CYBER ATTACKS INFILTRATE CRITICAL INFRASTRUCTURE SECTORS Government and enterprise critical infrastructure sectors such as energy, communications
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationEnergy Industry Cybersecurity Report. July 2015
Energy Industry Cybersecurity Report July 2015 Energy Industry Cybersecurity Report INTRODUCTION Due to information sharing concerns, energy industry cybersecurity information is not readily available.
More informationLifecycle Solutions & Services. Managed Industrial Cyber Security Services
Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements
More informationGEARS Cyber-Security Services
Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationSempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013
Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of
More informationCyber Security for NERC CIP Version 5 Compliance
GE Measurement & Control Cyber Security for NERC CIP Version 5 Compliance imagination at work Contents Cyber Security for NERC CIP Compliance... 5 Sabotage Reporting... 6 Security Management Controls...
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationEnterprise Service Management (ESM)
Enterprise Service Management (ESM) A Reference Model for Adopting and Adapting IT Best Practices Across and Enterprise itsm003 v.3.0 Agenda and Objectives What are ESM Best Practices? What is the ESM
More information