An International Perspective on Security and Compliance
|
|
- Sharleen Theodora Richard
- 8 years ago
- Views:
Transcription
1 UNIDIRECTIONAL SECURITY GATEWAYS An International Perspective on Security and Compliance ICSJWG Fall Conference 2014 Lior Frenkel, CEO and Co-Founder Waterfall Security Solutions Andrew Ginter, VP Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 2014
2 Nuclear Industry Unidirectional Gateways deployed at first nuclear generator Word spread quickly within American market - by 2010 hardwareenforced communications were effectively required by NEI and NRC 5.71 By the end of 2012, all American reactors had deployed unidirectional communications, the majority Waterfall s World-wide gateways deployed in nuclear generators in another dozen countries Nuclear generation embraced hardware-enforced unidirectional communications NRC Regulatory Guide 5.71 Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 2
3 North America NERC CIP CIP standards are widely studied and emulated, even outside NA and outside the power sector CIP V1 in 2007 made no mention of Unidirectional Gateway tech firewalls were seen as adequate CIP V5 in 2013 encourages unidirectional communications exemptions from 37 of 103 requirements FERC must carry out cost/benefit analysis, and is not permitted to require unduly expensive reliability or security measures Not permitted to require solving a problem until a solution exists How are conventional cyber risks different from nuclear risks? Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 3
4 Israel Small state, surrounded by unfriendly neighbours Actively sought solutions security for critical infrastructures in 2004 Academia Private Sector Nurtured Waterfall as a stronger alternative to firewalls By 2007 Waterfall is used by effectively all industrial critical infrastructures in the country Israel demanded technology that did not exist And then nurtured and embraced that technology Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 4
5 Singapore and South Korea Small states, surrounded by unfriendly neighbours, like Israel Singapore: Often takes inspiration from Israeli solutions and technologies Unidirectional Security Gateways now deployed at multiple industrial sites Korea: Regulations are evolving, especially in the nuclear sector How are Singaporean and S. Korean cyber-risks different from anyone else s? Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 5
6 IEC/ISA SP Feedback Waterfall submitted comments to ISA SP99 working group developing System Security Requirements and Security Levels Waterfall asked that the standard recommend unidirectional gateway to protect most secure safety-instrumented networks Response: This standard does not mandate specific solutions which are state-of-the-art at the time of publication, per IEC guidelines. This in spite of wide-spread adoption in the nuclear industry, and increasingly wide-spread adoption in conventional generation and other sectors Should the IEC/ISA standards document existing practice? Or advance the state of the practice? Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 6
7 Japan Initial deployments of Unidirectional Gateway technology in Japan In spite of this, Japan deployed Unidirectional Security Gateways on ICS Security test beds Used for research and training Japanese infrastructures are largely privately owned Should governments document existing practice? Or advance the state of the practice? Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 7
8 Threat Environment All software has bugs, and some bugs are vulnerabilities, so in practice, all software can be hacked Modern targeted, persistent attacks (TPAs) routinely defeat conventional software-based security controls TPA techniques are widely documented, and widely practiced All cyber-threats are pervasive Eg: cloud control systems are strategic targets whose compromise puts hundreds of identically-provisioned ICS sites at risk at once Should we be defending against motives? Or against universally- available capabilities? Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 8
9 Observations Israeli, Singaporean and increasingly S. Korean and Japanese governments are advancing the state of the practice demanding / developing / demonstrating effective solutions to new cyber threats Nuclear regulators in North America have embraced stronger-thanfirewall security, and nuclear regulators world-wide are moving as well FERC, ISA SP-99 and IEC document solutions industry has developed and deployed already Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 9
10 Conclusions Threats continue to evolve, and so must defenses Different geographies & cultures perceive risks differently Size of infrastructure Public vs private ownership of infrastructure Private owners may not have the same priorities as do governments Progress strong Unidirectional Gateway technology is increasingly deployed in many geographies and industries Key Question: are cyber threats not universal? Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 10
11 Waterfall Security Solutions Headquarters in Israel, sales and operations office in the USA Deployed world-wide in all critical infrastructure sectors 2012, 2013 & 2014 Best Practice awards for Industrial Network Security and Oil & Gas Security Practice IT and OT security architects should consider Waterfall for their operations networks Waterfall is key player in the cyber security market 2010, 2011, & 2012 Only unidirectional technology on US Department of Homeland Security s National SCADA Security Test Bed, and Japanese Test Bed Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 11
12 Waterfall Product Accreditations Only unidirectional technology with cyber security assessment by Idaho National Laboratories Certified Common Criteria EAL4+ (High Attack Potential) Strategic partnership agreements / cooperation with: OSIsoft, GE, Schneider Electric, Westinghouse, and many other industrial vendors Recognized as an industrial cyber-security best-practice by DHS, NERC CIP, NRC, industry analysts & leading industrial cyber-security experts Market leader for unidirectional server replication in industrial environments Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 12
13 Conclusions Threats continue to evolve, and so must defenses Different geographies & cultures perceive risks differently Size of infrastructure Public vs private ownership of infrastructure Private owners may not have the same priorities as do governments Progress strong Unidirectional Gateway technology is increasingly deployed in many geographies and industries Key Question: are cyber threats not universal? Proprietary Information -- Copyright 2014 by Waterfall Security Solutions 13
Safe Network Integration
UNIDIRECTIONAL SECURITY GATEWAYS Safe Network Integration Stronger than Firewalls Shaul Pescovsky, Sales Director Waterfall Security Solutions shaul@waterfall-security.com Proprietary Information -- Copyright
More informationNew Technologies for Substation Cyber Hardening
UNIDIRECTIONAL SECURITY GATEWAYS New Technologies for Substation Cyber Hardening Andrew Ginter VP Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright 2014 by Waterfall
More informationAn Analysis of the Capabilities Of Cybersecurity Defense
UNIDIRECTIONAL SECURITY GATEWAYS An Analysis of the Capabilities Of Cybersecurity Defense Michael Firstenberg, Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationFundamental Issues: Nuclear Generators Lead Cyber Security
power eng.com http://www.power eng.com/articles/npi/print/volume 8/issue 5/nucleus/fundamental issues nuclear generators lead cybersecurity.html Fundamental Issues: Nuclear Generators Lead Cyber Security
More informationUNIDIRECTIONAL SECURITY GATEWAYS. Utilizing Unidirectional Security Gateways to Achieve Cyber Security for Industrial Environments
UNIDIRECTIONAL SECURITY GATEWAYS Utilizing Unidirectional Security Gateways to Achieve Cyber Security for Industrial Environments 2010 Introducing: Waterfall Security Solutions Ltd Located in Rosh-Ha ayin,
More information13 Ways Through A Firewall What you don t know will hurt you
Scientech 2013 Symposium: Managing Fleet Assets and Performance 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions andrew. ginter
More informationWaterfall for NERC-CIP Compliance
Waterfall for NERC-CIP Compliance Using Waterfall s Unidirectional Security Solution to Achieve True Security & NERC-CIP Compliance Date: Jul. 2009 The material in this document is proprietary to Waterfall
More informationStrong Security in NERC CIP Version 5: Unidirectional Security Gateways
Strong Security in NERC CIP Version 5: Unidirectional Security Gateways Chris Humphreys CEO The Anfield Group Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information
More informationProtect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies
Protect Your Assets Cyber Security Engineering Control Systems. Power Plants. Hurst Technologies Cyber Security The hackers are out there and the cyber security threats to your power plant are real. That
More informationSCADA Security Training
SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,
More informationStronger than Firewalls And Cheaper Too
Stronger than Firewalls And Cheaper Too Andrew Ginter Director of Industrial Security Waterfall Security Solutions 2012 Emerging Threat: Low Tech, Targeted Attacks Night Dragon, Shady RAT, Anonymous Trick
More informationCyber Security Summit Milano, IT
UNIDIRECTIONAL SECURITY GATEWAYS Cyber Security Summit Milano, IT Advanced Threats Require Advanced Defenses Michael A. Piccalo, CISSP Director of Industrial Security Waterfall Security Solutions Proprietary
More informationMaximize Security to Minimize Compliance Costs. Technical Solutions Focused Webinar July 28, 2015 Sponsored by Waterfall Security Solutions
Maximize Security to Minimize Compliance Costs Technical Solutions Focused Webinar July 28, 2015 Sponsored by Waterfall Security Solutions Agenda Welcome and Panel Introduction Goals Why consider unidirectional
More information13 Ways Through A Firewall
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationBest Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper
Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationDHS ICSJWG Fall Conference 2011. Maintaining Necessary Information Paths Over Unidirectional Gateways
DHS ICSJWG Fall Conference 2011 Maintaining Necessary Information Paths Over Unidirectional Gateways Mohan Ramanathan Solutions Architect for Critical Infrastructure NitroSecurity Andrew Ginter Director
More informationCyber Security focus in ABB: a Key issue. 03 Luglio 2014, Roma 1 Conferenza Nazionale Cyber Security Marco Biancardi, ABB SpA, Power System Division
Cyber Security focus in ABB: a Key issue 03 Luglio 2014, Roma 1 Conferenza Nazionale Cyber Security Marco Biancardi, ABB SpA, Power System Division Cyber Security in ABB Agenda ABB introduction ABB Cyber
More informationKeeping the Lights On
Keeping the Lights On Fundamentals of Industrial Control Risks, Vulnerabilities, Mitigating Controls, and Regulatory Compliance Learning Goals o Understanding definition of industrial controls o Understanding
More informationHow To Protect Your Network From Attack From A Hacker (For A Fee)
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter Director of Industrial Security Waterfall Security Solutions
More informationCybersecurity Guidance for Industrial Automation in Oil and Gas Applications
Cybersecurity Guidance for Industrial Automation in Oil and Gas Applications February 17, 2015 Agenda Agenda Introductions Agenda Introductions Discussion of the current state of Cybersecurity for Controls
More informationGE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems
GE Measurement & Control Top 10 Cyber Vulnerabilities for Control Systems GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used
More informationStronger Than Firewalls: Unidirectional Security Gateways
UNIDIRECTIONAL SECURITY GATEWAYS Stronger Than Firewalls: Unidirectional Security Gateways Colin Blou VP Sales Waterfall Security Solutions Proprietary Information -- Copyright 2013 by Waterfall Security
More informationRE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity
October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure
More informationWORKSHOP Rethinking Cyber Security for Industrial Control Systems
WORKSHOP Rethinking Cyber Security for Industrial Control Systems Bob Mick, Workshop Moderator VP Emerging Technologies ARC Advisory Group bmick@arcweb.com 1 Re-Thinking Cyber Security Why Re-Thinking?
More informationApplying NERC-CIP CAN-0024 Guidance for Data Diodes To Unidirectional Security Gateways
Applying NERC-CIP CAN-0024 Guidance for Data Diodes To Unidirectional Security Gateways Date: January, 2012 P a g e 2 - Legal Notice & Disclaimer - This document contains text, images and other information
More informationFrost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends
Frost & Sullivan s Aerospace, Defence & Security Practice Global Industrial Cyber Security Trends Presented by Philipp Reuter Director Frost & Sullivan, Turkey 1 Worth over $ 50 Billion globally in 2014
More informationResilient and Secure Solutions for the Water/Wastewater Industry
Insert Photo Here Resilient and Secure Solutions for the Water/Wastewater Industry Ron Allen DA/Central and Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Your slides here Copyright 2011
More informationEnabling a Smarter and Safer Nuclear Industry with a Secure, Real-time Data Infrastructure
Fukushima Forum February 18 th, 2014 Tokyo, Japan Enabling a Smarter and Safer Nuclear Industry with a Secure, Real-time Data Infrastructure Presented by Chris Crosby Global Nuclear Industry Principal
More informationExperience with Unidirectional Security Gateways Protecting Industrial Control Systems
Experience with Unidirectional Security Gateways Protecting Industrial Control Systems Lior Frenkel 1, Danny Berko 1, Andrew Ginter 2 1Waterfall Security Solutions Ltd., Tel-Aviv, Israel 2Waterfall Security
More informationCybersecurity in a Mobile IP World
Cybersecurity in a Mobile IP World Alexander Benitez, Senior Scientist, ComSource Introduction by Robert Durbin, Cybersecurity Program Manager, ComSource Introduction ComSource s cybersecurity initiative
More informationDr. Markus Braendle, Head of Cyber Security, ABB Group 10 Steps on the Road to a Successful Cyber Security Program Asia Pacific ICS Security SUMMIT
Dr. Markus Braendle, Head of Cyber Security, ABB Group 10 Steps on the Road to a Successful Cyber Security Program Asia Pacific ICS Security SUMMIT December 3, 2013 slide 1 A global leader in power and
More informationBest Practices in ICS Security for System Operators. A Wurldtech White Paper
Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationRoadmaps to Securing Industrial Control Systems
Roadmaps to Securing Industrial Control Systems Insert Photo Here Mark Heard Eastman Chemical Company Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL McCormick
More informationSCADA Security: Challenges and Solutions
SCADA Security: Challenges and Solutions June 2011 / White paper by Metin Ozturk, Philip Aubin Make the most of your energy Summary Executive Summary... p 2 Protecting Critical Infrastructure Includes
More informationMaturation of a Cyber Security Incident Prevention and Compliance Program
Maturation of a Cyber Security Incident Prevention and Compliance Program Utilities & Energy Compliance & Ethics Conference February 25, 2013 Houston, Texas Anna Wang Principal Consultant Imminent Cyber
More informationMeeting the Cybersecurity Standards of ANSI/ISA 62443 with Data Diodes
Meeting the Cybersecurity Standards of ANSI/ISA 62443 with Data Diodes Dennis Lanahan June 1, 2015 Securing the convergence of OT and IT with ST 1 Introduction to Owl US US Owned and & Operated Product
More informationOptions for Cyber Security. Reactors. April 9, 2015
Options for Cyber Security Design Requirements for Power Reactors April 9, 2015 Scope Discuss options for including cyber security design requirements for power reactors into NRC regulations Scope does
More informationRemote Access Considered Dangerous. Andrew Ginter, VP Industrial Security Waterfall Security Solutions
Access Considered Dangerous Andrew Ginter, VP Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright 2015 by Waterfall Security Solutions 2015 "Secure" Access Behind lots
More informationA Regulatory Approach to Cyber Security
A Regulatory Approach to Cyber Security Perry Pederson Security Specialist (Cyber) Office of Nuclear Security and Incident Response U.S. Nuclear Regulatory Commission 1 Agenda Overview Regulatory Framework
More informationCommunication Security Measures for SCADA Systems
Communication Security Measures for SCADA Systems Ron Farquharson, MV Consulting, DNP User Group Jim Coats, Triangle MicroWorks, DNP User Group Joe Stevens, Triangle MicroWorks 23 September 2014, Raleigh,
More informationResilient and Secure Solutions for the Water/Wastewater Industry
Insert Photo Here Resilient and Secure Solutions for the Water/Wastewater Industry Ron Allen DA/Central and Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Cyber Security IT People Geeks How
More informationThe Importance of Cybersecurity Monitoring for Utilities
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More informationAN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS
http://dx.doi.org/10.5516/net.04.2012.091 AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS JAE-GU SONG *, JUNG-WOON LEE, GEE-YONG PARK, KEE-CHOON KWON,
More informationCyber Security nei prodotti di automazione
Cyber Security nei prodotti di automazione Marco Biancardi, ABB SpA, Power System Division 11 dicembre 2013, Roma Why is it an issue? Isolated devices Point to point interfaces Proprietary networks Standard
More informationProtection of Essential Infrastructure and Services
Protection of Essential Infrastructure and Services NOR AZUWA MUHAMAD PAHRI CONSULTANT, MIMOS CONSULTING GROUP, MIMOS BERHAD azuwa@mimos.my Table of Content Introduction Reality of Cyber Attack Cyber Issues
More informationHelp for the Developers of Control System Cyber Security Standards
INL/CON-07-13483 PREPRINT Help for the Developers of Control System Cyber Security Standards 54 th International Instrumentation Symposium Robert P. Evans May 2008 This is a preprint of a paper intended
More informationNational Cyber Threat Information Sharing. System Strengthening Study
Contemporary Engineering Sciences, Vol. 7, 2014, no. 32, 1755-1761 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ces.2014.411235 National Cyber Threat Information Sharing System Strengthening
More informationCyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services
Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance
More informationWhat Risk Managers need to know about ICS Cyber Security
What Risk Managers need to know about ICS Cyber Security EIM Risk Managers Conference February 18, 2014 Joe Weiss PE, CISM, CRISC, ISA Fellow (408) 253-7934 joe.weiss@realtimeacs.com ICSs What are they
More informationBuilding Insecurity Lisa Kaiser
Building Insecurity Lisa Kaiser Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Insecurity How do I Specify it Buy it Test it Deploy it Regret it Apologize for it Specifying Insecurity
More informationTrends in Security Incidents and Hitachi s Activities
Hitachi Review Vol. 63 (2014), No. 5 270 Featured Articles Trends in Security Incidents and Hitachi s Activities About HIRT Activities Masato Terada, Dr. Eng. Masashi Fujiwara Akiko Numata Toru Senoo Kazumi
More informationCyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc.
Cyber Security Presentation Ontario Energy Board Smart Grid Advisory Committee Doug Westlund CEO, N-Dimension Solutions Inc. October 1, 2013 Cyber Security Protection for Critical Infrastructure Assets
More informationHow To Defend Against A Cyber Attack
As appears in: Cybersecurity - more than just a good firewall by Jim Fererro, Senior Vice President, GlobaLogix (8/4/2013) In seemingly too short a timespan, energy industry cyber threats have escalated
More informationSmart Grid Cybersecurity
Smart Grid Cybersecurity Exceeding cybersecurity requirements mandated by customers and regulatory agencies Abstract The world has become much more connected, with over 32 percent of the population of
More informationSANS SCADA and Process Control Security Survey
Sponsored by Splunk SANS SCADA and Process Control Security Survey February 2013 A SANS Whitepaper Written by: Matthew E. Luallen Advisor: Barbara Filkins Survey Participants PAGE 2 Risk Awareness PAGE
More informationState of the State of Control System Cyber Security
State of the State of Control System Cyber Security Joe Weiss, PE, CISM IEEE PES San Francisco Section October 15, 2007 What Are the Goals Maintain reliability and availability Minimize intentional and
More informationAURORA Vulnerability Background
AURORA Vulnerability Background Southern California Edison (SCE) September 2011-1- Outline What is AURORA? Your Responsibility as a Customer Sectors Impacted by AURORA Review of Regulatory Agencies History
More informationExecutive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.
Executive Summary Statement of Nadya Bartol Vice President, Industry Affairs and Cybersecurity Strategist Utilities Telecom Council Before the Subcommittee on Oversight and Subcommittee on Energy Committee
More informationCyber Security and Privacy - Program 183
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationRegulatory Compliance Management for Energy and Utilities
Regulatory Compliance Management for Energy and Utilities The Energy and Utility (E&U) sector is transforming as enterprises are looking for ways to replace aging infrastructure and create clean, sustainable
More informationNew Era in Cyber Security. Technology Development
New Era in Cyber New Era in Cyber Security Security Technology Technology Development Development Combining the Power of the Oil and Gas Industry, DHS, and the Vendor Community to Combat Cyber Security
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationFUNDAMENTALS OF CYBER SECURITY FOR NUCLEAR PLANTS
COURSE FUNDAMENTALS OF CYBER SECURITY FOR NUCLEAR PLANTS Hyatt Regency Phoenix is authorized by IACET to offer 1.0 CEUs for the course. is authorized by CPE to offer 11.0 credits for the course. 1 OVERVIEW
More informationEnergy Cybersecurity Regulatory Brief
Energy Understand the regulations that impact the energy industry and accelerate information security initiatives. Contents Overview 3 A Highly Vulnerable Energy Industry 4 Key Regulations to Consider
More informationCyber Security The Leadership Opportunity for Joint Action Agencies. 2013 APPA Joint Action Workshop
Cyber Security The Leadership Opportunity for Joint Action Agencies 2013 APPA Joint Action Workshop Doug Westlund N-Dimension Solutions Inc. Cyber Security for the Smart Grid Cyber Risk Reduction Questions
More informationCyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012
Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012 ATC Nuclear ATC-N serves the commercial nuclear utilities in the US and many foreign
More informationBuilding more resilient and secure solutions for Water/Wastewater Industry
Building more resilient and secure solutions for Water/Wastewater Industry Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Copyright 2010 Rockwell Automation, Inc. All rights reserved. 1 Governmental
More informationABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security?
ABB Automation Days, Madrid, May 25 th and 26 th, Patrik Boo What do you need to know about cyber security? Agenda Threats Risk Assessment Implementation Validation Advanced Security Implementation Strategy
More informationCyber Security Controls Assessment : A Critical Discipline of Systems Engineering
Cyber Controls : A Critical Discipline of Systems 14 th Annual NDIA Systems San Diego, CA October 24-28, 2011 Bharat Shah Lockheed Martin IS&GS bharat.shah@lmco.com Purpose Provide an overview on integrating
More information"Industry Side Views of cyber security in Japan"
"Industry Side Views of cyber security in Japan" Event 2: Cyber Security in East Asia and Policy Cooperation between Japan and the United States USJI-Week, September 7-10, 2010 US-Japan Research Institute
More informationCybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015
Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationState Engagement with the Energy Sector to Improve Cyber Security
Contact: Allison Cullin Homeland Security and Technology Division 202/624-5311 April 20, 2010 State Engagement with the Energy Sector to Improve Cyber Security Executive Summary The state-owned computer
More informationCyber Security Design Methodology for Nuclear Power Control & Protection Systems. By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC)
Cyber Security Design Methodology for Nuclear Power Control & Protection Systems By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC) 1. INTRODUCTION In today s world, cyber security is one
More informationFeature. SCADA Cybersecurity Framework
Feature Samir Malaviya, CISA, CGEIT, CSSA, works with the Global Consulting Practice-GRC practice of Tata Consultancy Services and has more than 17 years of experience in telecommunications, IT, and operation
More informationNERC CIP-007 v. 5 Patch Management: Factors for Success
Cyber Security Compliance Industrial Computing NERC CIP-007 v. 5 Patch Management: Factors for Success A Presentation By: EnergySec FoxGuard Solutions NRG It s Interactive Please submit your questions
More informationN-Dimension Solutions Cyber Security for Utilities
AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential
More informationGE Measurement & Control. Cyber Security for Industrial Controls
GE Measurement & Control Cyber Security for Industrial Controls Contents Overview...3 Cyber Asset Protection (CAP) Software Update Subscription....4 SecurityST Solution Options...5 Centralized Account
More informationAnnouncement of a new IAEA Co-ordinated Research Programme (CRP)
Announcement of a new IAEA Co-ordinated Research Programme (CRP) 1. Title of Co-ordinated Research Programme Design and engineering aspects of the robustness of digital instrumentation and control (I&C)
More informationA Concise Model to Evaluate Security of SCADA Systems based on Security Standards
A Concise Model to Evaluate Security of SCADA Systems based on Security Standards Nasser Aghajanzadeh School of Electrical and Computer Engineering, Shiraz University, Shiraz, Iran Alireza Keshavarz-Haddad
More informationLiability Management Evolving Cyber and Physical Security Standards and the SAFETY Act
Liability Management Evolving Cyber and Physical Security Standards and the SAFETY Act JULY 17, 2014 2013 Venable LLP 1 Agenda 1. Security Risks affecting the Maritime Transportation System (MTS) 2. The
More informationCYBER SECURITY. May 6, 2013
CYBER SECURITY May 6, 2013 Cyber Headlines: dramatic and numerous Burning up a generator on demand Staged cyber attack reveals vulnerability in power grid, CNN 09/26/2007 Georgia Takes a Beating in the
More informationSupporting our customers with NERC CIP compliance. James McQuiggan, CISSP
Supporting our customers with NERC CIP compliance James, CISSP Siemens Energy Sector Energy products and solutions - in 6 Divisions Oil & Gas Fossil Power Generation Renewable Energy Service Rotating Equipment
More informationVMware and the Need for Cyber Supply Chain Security Assurance
White Paper VMware and the Need for Cyber Supply Chain Security Assurance By Jon Oltsik, Senior Principal Analyst September 2015 This ESG White Paper was commissioned by VMware and is distributed under
More informationISACA rudens konference
ISACA rudens konference 8 Novembris 2012 Procesa kontroles sistēmu drošība Andris Lauciņš Ievads Kāpēc tēma par procesa kontroles sistēmām? Statistics on incidents Reality of the environment of industrial
More informationGOOD PRACTICE GUIDE PROCESS CONTROL AND SCADA SECURITY
GOOD PRACTICE GUIDE PROCESS CONTROL AND SCADA SECURITY GUIDE 5. MANAGE THIRD PARTY RISK This guide is designed to impart good practice for securing industrial control systems such as: process control,
More informationHIMSS Survey Uncovers Critical Weaknesses In Hospital Web Security
HIMSS Survey Uncovers Critical Weaknesses In Hospital Web Security HIMSS Survey Uncovers Critical Weaknesses in Hospital Web Security 2 HIMSS Analytics, in partnership with Akamai, recently conducted a
More informationOctober 29, 2014 - Washington, DC. Copyr i g h t 2014-1 5 O S Is o f t, LLC. 1
October 29, 2014 - Washington, DC 1 Shared Situational Awareness for US Nuclear Emergency Planning, Preparedness and Response (EP) Presented by Chris Crosby US Federal -- Global Nuclear and Renewable Energy
More informationGuy Ron Managing Director, Bayon Security guyron@bayoncon.com
Guy Ron Managing Director, Bayon Security guyron@bayoncon.com About Me Started my career at the Israeli Defense Forces developing mission critical solutions for the Air Force and retiring as a Captain
More informationCybersecurity & the Water Sector
Cybersecurity & the Water Sector NAWC Water Summit October 6, 2013 San Diego, CA Kevin Morley, AWWA How to deal with Cyber Threat? How would our operations change if we did not have SCADA working? How
More informationCybersecurity Leadership
Cybersecurity Leadership How does Dynamic Enterprise Security Governance benefit ICS Security? Christopher A. Peters May 1, 2014 Overview A Perilous Time in Boston during 1775 Fast Forward Today Internal
More informationThe Difference Between Compliance and Cyber Security
N Korea denies hacking nuclear plants in S Korea (APAC) From www.outlookindia.com, 3/26/2015 North Korea denied involvement in cyber attacks on South Korea's nuclear power plant operator, accusing Seoul
More informationThe Changing Threat Surface in. Embedded Computing. Riley Repko. Vice President, Global Cyber Security Strategy
The Changing Threat Surface in Embedded Computing Riley Repko Vice President, Global Cyber Security Strategy Embedded Computing History First embedded system was the Apollo Guidance Computer First integrated
More informationNadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA. 2014 Utilities Telecom Council 1
Nadya Bartol, CISSP, CGEIT VP, Industry Affairs and Cybersecurity Strategist UTC (Utilities Telecom Council) USA 2014 Utilities Telecom Council 1 Why do we need cybersecurity? Agriculture and Food Energy
More informationProcess Control System Cyber Security Standards an Overview
INL/CON-06-01317 PREPRINT Process Control System Cyber Security Standards an Overview 52nd International Instrumentation Symposium Robert P. Evans May 2006 This is a preprint of a paper intended for publication
More informationIAEA 2015 INTERNATIONAL CONFERENCE ON COMPUTER SECURITY IN A NUCLEAR WORLD
IAEA 2015 INTERNATIONAL CONFERENCE ON COMPUTER SECURITY IN A NUCLEAR WORLD A NEW IEC STANDARD FOR CYBERSECURITY FOR NUCLEAR POWER PLANTS: IEC 62645 - REQUIREMENTS FOR SECURITY PROGRAMS FOR COMPUTER-BASED
More informationCIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016
CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016 My name is Jacob Olcott and I am pleased to share some observations on
More informationIT Security & Compliance Risk Assessment Capabilities
ATIBA Governance, Risk and Compliance ATIBA provides information security and risk management consulting services for the Banking, Financial Services, Insurance, Healthcare, Manufacturing, Government,
More informationApril 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899
Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,
More information