CYBERSECURITY AND RESILIENCE



Similar documents
Cybersecurity Delivering Confidence in the Cyber Domain

ADVANCED DISTRIBUTION MANAGEMENT SYSTEMS OFFICE OF ELECTRICITY DELIVERY & ENERGY RELIABILITY SMART GRID R&D

INFORMATION CONNECTED

Cyber Security and Privacy - Program 183

future data and infrastructure

Why you should adopt the NIST Cybersecurity Framework

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

Obtaining Enterprise Cybersituational

Cybersecurity The role of Internal Audit

Accenture Technology Consulting. Clearing the Path for Business Growth

Continuous Diagnostics & Mitigation:

Defending Against Data Beaches: Internal Controls for Cybersecurity

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Technical Testing. Network Testing DATA SHEET

Avoiding the Top 5 Vulnerability Management Mistakes

Strategies for assessing cloud security

TURN YOUR COMPANY S GOALS INTO AN ACTIONABLE PLAN

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Change is happening: Is your workforce ready? Many power and utilities companies are not, according to a recent PwC survey

Why you should adopt the NIST Cybersecurity Framework

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

Your asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified.

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments

IBM Security X-Force Threat Intelligence

CYBERSECURITY IN HEALTHCARE: A TIME TO ACT

Metrics that Matter Security Risk Analytics

Cybersecurity Framework. Executive Order Improving Critical Infrastructure Cybersecurity

How To Protect Your Network From Attack From A Network Security Threat

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

Deloitte Cyber Risk Services Providing trust in a digital world

Microsoft Services Premier Support. Security Services Catalogue

2015 GLOBAL THREAT INTELLIGENCE REPORT EXECUTIVE SUMMARY

Energy Systems Integration

Industry Challenges in Embedded Software Development

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

A Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst

Cybersecurity: Mission integration to protect your assets

End-to-End Application Security from the Cloud

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

CYBER SECURITY INFORMATION SHARING & COLLABORATION

HP Application Security Center

Application Security Center overview

Healthcare Information Security Today

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Enterprise Security Tactical Plan

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

ENABLING FAST RESPONSES THREAT MONITORING

Cisco Security Optimization Service

IG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY

BECAUSE CYBERSECURITY RISKS ARE ENTERPRISE RISKS.

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

HP and netforensics Security Information Management solutions. Business blueprint

Advanced Threat Protection with Dell SecureWorks Security Services

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

Cybersecurity Awareness for Executives

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Setting smar ter sales per formance management goals

RETHINKING CYBER SECURITY

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Visual Enterprise Architecture

YOUR ITAM PROGRAM: TO OUTSOURCE, OR NOT TO OUTSOURCE?

Continuous Network Monitoring

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

WHITE PAPER. Creating your Intranet Checklist

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

Where insights lead Cybersecurity and the role of internal audit: An urgent call to action

Enterprise-Grade Security from the Cloud

Cybersecurity Enhancement Account. FY 2017 President s Budget

Business Intelligence

Module 6 Essentials of Enterprise Architecture Tools

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security.

Panel Session: Lessons Learned in Smart Grid Cybersecurity

INFORMATION MANAGED. Project Management You Can Build On. Primavera Solutions for Engineering and Construction

Cybersecurity Framework: Current Status and Next Steps

CIOs: How to Become the CEO s Business Partner

Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity

QUICK FACTS. Delivering a Unified Data Architecture for Sony Computer Entertainment America TEKSYSTEMS GLOBAL SERVICES CUSTOMER SUCCESS STORIES

IBM Software Integrated Service Management: Visibility. Control. Automation.

Information Technology Risk Management

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Transcription:

ENERGY SYSTEMS INTEGRATION ESI optimizes the design and performance of electrical, thermal, fuel, and water pathways at all scales. CYBERSECURITY AND RESILIENCE NREL is a national laboratory of the U.S. Department of Energy, Office of Energy Efficiency and Renewable Energy, operated by the Alliance for Sustainable Energy, LLC.

CYBERSECURITY AND RESILIENCE How confident are you that your company s cybersecurity is bullet-proof? If your answer to that question is not very, you re not alone. Securing the grid from cyberattacks is more complex than ever before. Highly networked business applications, distributed generation, and real-time data demands are just a few of the factors that are creating new points of entry for hackers. In this rapidly changing environment, concerns about cybersecurity can loom large. While there is no shortage of vendors offering solutions, objective voices are hard to come by. That s why NREL established the Cyber-Physical Systems Security and Resilience R&D Center. The center, located at NREL s Energy Systems Integration Facility, serves as an independent resource for utilities and energysector companies to test the security of new technologies and get a fresh set of eyes on organizational cybersecurity efforts from experts in the field.

How we can help NREL s team provides companies with a clear, unbiased picture of their cybersecurity health from the technologies, systems, and devices they use, to the workforce and business process best practices they have in place. If problems are identified, NREL s team can create a customized plan to get things back on track. The plan is created using the most up-to-date industry standards and focuses on measurable, achievable progress. Actions are prioritized so limited cybersecurity budgets can be directed to where they will have the greatest impact. Our services Nine-Layer Security Testing To stop a cyberattack before it starts, strike first. NREL developed a secure testbed that emulates an end-to-end power and communication network of a typical distribution NREL s cybersecurity team provided the coordination and facilities to perform meaningful cybersecurity tests in a live distributed grid environment. This was all accomplished working with multiple vendors, integrators, and a very condensed schedule. The experience and exposure has been invaluable to BlackRidge Technology. The lessons we learned, along with the other cybersecurity vendors, will provide a blueprint for others in the industry, saving testing time and costs, and will allow us all to better protect the nation s distribution grid infrastructure. John Thuotte, Project Manager BlackRidge Technology utility. The testbed is subjected to extensive penetration testing to explore how those networks hold up against the most sophisticated cyberattacks from internal and external sources. The testbed incorporates a nine-layer security architecture (seven-layer OSI model + two upper layers of GridWise Architecture Council Stack) that is applicable to any multisite information system in any industry that has real-time transactions between different actors (end users and/or systems).

Cybersecurity Road Mapping Getting from where you are to where you want to be, without breaking the bank. To keep up with the latest guidelines, CIOs have a library s-worth of cybersecurity documents to navigate through from government agencies, associations, academics, and vendors. Often these documents are rich in theory and lean on actionable advice. With limited funds and staff hours to invest in new a company s cybersecurity efforts, companies need to know that those investments will result in real progress. NREL offers a cybersecurity assessment service designed to help companies maximize their cybersecurity efforts and dollars. Using a tool that draws on two of the best known and most respected security guidance documents in the electric sector, NREL s assessment gives immediate visibility into the maturity of a company s cybersecurity operations relative to industry standards. A customized road map is then created that identifies actionable items and prioritizes them so the company knows where to focus first. Additional Services Building resilience at all levels now and for the future. Detailed software vulnerability scans for code under development and binary executables in use or in the implementation phase. Any poor coding practices, malicious code, or back door features are identified and mitigating techniques are recommended. Cybersecurity awareness training for technical and non-technical audiences. Training is the best way to minimize vulnerabilities from social engineering tactics, phishing schemes, and inconsistent use of cybersecurity controls. Enterprise-wide security architecture development. Fortify your business with a set of standards-based security controls at the technology and business process levels. Streamlining business units to maximize cybersecurity awareness. Developing a new work flow process that supports the end-to-end security architecture and standards-based cybersecurity best practices is a powerful defense against cyberattacks. Organizational training on new cybersecurity technologies and business processes. Engaging and informing staff members through training helps ensure effective implementation.

The Initial Process 1 Leverage a cybersecurity software tool from the industry to conduct a cybersecurity assessment of the electric utility or company. The software tool integrates both the NIST Framework for Improving Critical Infrastructure Cybersecurity and the U.S. Department of Energy s Cybersecurity Capability Maturity Model (C2M2). 2 3 From the assessment, a cybersecurity maturity score is generated. Identify the gaps in cybersecurity practices and prioritize high-, medium-, and low-priority controls to address based on the level of maturity and centrality (number of controls dependent on a particular control). 4 Create a roadmap for implementing the controls based on the priority defined by the tool. This includes an estimate of the labor, material, and financial costs for each task. 5 Deliver the roadmap and a high-level dashboard including areas where NREL can help with implementation through education, hands-on work, and assistance in creating RFPs for third-party work. Our team The cybersecurity center draws on a core staff with decades of practical field experience in power systems, cybersecurity, water/ wastewater, renewable energy, and energy efficiency. The team s experience spans the entire spectrum from generation to end use, from strategic blueprints to operational data analytics, and from the boardroom to the operations center. NREL s Energy Systems Integration Facility The ESIF offers utilities, industry, manufacturers, universities, and other government laboratories access to an award-winning, state-of-the-art lab space and a team of specialized scientists and engineers to help move new technologies forward. Bring us your biggest energy system challenges and let s solve them together.

Getting started The cybersecurity landscape can be difficult to navigate on your own. We re here to help. Tell us about your project or get more information by contacting us at 303-275-3887 or tami.reynolds@nrel.gov. National Renewable Energy Laboratory NREL is a national laboratory of the U.S. Department of Energy, Office of Energy 15013 Denver West Parkway, Golden, CO 80401 Efficiency and Renewable Energy, operated by the Alliance for Sustainable Energy, LLC. 303-275-3000 www.nrel.gov NREL/BR-5C00-65838 February 2016 NREL is a national laboratory of the U.S. Department of Energy, Office of Energy Efficiency and Renewable Energy, NREL prints on paper that contains recycled content. operated by the Alliance for Sustainable Energy, LLC.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information