CYBER SECURITY. May 6, 2013

Similar documents
EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013

Cybersecurity in the Energy/Utility Sectors

AURORA Vulnerability Background

Cyber Risk and the Utility Industry

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

Cyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc.

Automating NERC CIP Compliance for EMS. Walter Sikora 2010 EMS Users Conference

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Introducti ti t on o El Electricit ity and Gas R egulation Regulation i n in C anada Canada Who does what

Digital Infrastructure - A Model For Success

National Cyber Threat Information Sharing. System Strengthening Study

An International Perspective on Security and Compliance

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator

Cybersecurity & International Relations. Assist. Prof. D. ARIKAN AÇAR, Ph.D. Department of International Relations, Yaşar University, Turkey.

CIP Supply Chain Risk Management (RM ) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy

Information Security for Utility Managers

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

FERC, NERC and Emerging CIP Standards

Keeping the Lights On

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION

The Importance of Cybersecurity Monitoring for Utilities

Energy Cybersecurity Regulatory Brief

Cyber Confrontation: Hackers Convincing Victory Over the Security Industry

Protect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies

Christos Douligeris cdoulig at unipi dot gr. Department of Informatics University of Piraeus

Cybersecurity: Emerging Legal Risks

Cybersecurity in the Energy/Utility Sectors

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

April 8, Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

FBI AND CYBER SECURITY

Cybersecurity in the maritime and offshore industry

Cyber Security & State Energy Assurance Plans

Cyber security: Practical Utility Programs that Work

System Theoretic Approach To Cybersecurity

cyber Threat Intelligence - A Model for the 21st Century

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.

ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE. Measures toward enhancing maritime cybersecurity. Submitted by Canada SUMMARY

The Landscape of Cyber, critical infrastructure and how Regulation fits in

Manitoba Hydro. Web version. Managing Cyber Security Risk Related to Industrial Control Systems

this issue NERC CIP Mid-Year Checkpoint NERC CIP Checkpoint Industry News Cyber News Consultant s Corner June 2013 / Issue 21

NIST Cybersecurity Framework What It Means for Energy Companies

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Hacking and Hardware: Understanding the Threats, Compliance Obligations, and Cybersecurity Solutions for Utilities

Regulatory Compliance Management for Energy and Utilities

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

Answering your cybersecurity questions The need for continued action

Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012

White Paper. April Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks

CYBERSECURITY RISK MANAGEMENT

Challenges and Opportunities for Aligning the Power System Cybersecurity and Reliability Objectives

"Industry Side Views of cyber security in Japan"

NERC CIP VERSION 5 COMPLIANCE

Cedric Leighton, Colonel, USAF (Ret) Founder & President, Cedric Leighton Associates

Cybercrime: risks, penalties and prevention

How Secure is Your SCADA System?

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, 2014 Utilities Telecom Council

"Cyber War or Electronic Espionage - Active Defense or Hack Back" David Willson Attorney at Law, CISSP Assess & Protect Corporate Information

Cyberterror. Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states.

MEETING THE NATION S INFORMATION SECURITY CHALLENGES

ABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport

N-Dimension Solutions Cyber Security for Utilities

April 28, Dear Mr. Chairman:

Cyber-security: legal implications for financial institutions. IAPP Europe Data Protection Intensive 2013

A Regulatory Approach to Cyber Security

Regulating in Cyber Space Cyber Security & the Electrical Grid

NERC-CIP S MOST WANTED

UTCS CyberSecurity. Educating Cyber Professionals. Dr. Bill Young Department of Computer Sciences University of Texas at Austin. Spring Semester, 2015


Information Bulletin

The FDIC s Supervisory Approach to Cyberattack Risks

Frost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends

What Risk Managers need to know about ICS Cyber Security

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Last year, two security researchers

In the Dark report, 2011

Business Continuity for Cyber Threat

Muscle to Protect Your Grid July Sustainable and Cost-effective Muscle to Protect Your Grid

Cybersecurity and Privacy Hot Topics 2015

Better secure IT equipment and systems

Executive Director for Operations AUDIT OF NRC S CYBER SECURITY INSPECTION PROGRAM FOR NUCLEAR POWER PLANTS (OIG-14-A-15)

Cybersecurity. Canisius College

White Paper on Financial Industry Regulatory Climate

New York State Energy Planning Board. Cyber Security and the Energy Infrastructure

Why is this National Cyber Security Month? Stephen G. Austin, CPA, MBA Swenson Advisors, LLP

What is Really Needed to Secure the Internet of Things?

Cyber Security The Leadership Opportunity for Joint Action Agencies APPA Joint Action Workshop

American Public University System - A Multi-Disciplinary Approach to Cybersecurity Education

A Governance Framework for Building Secure IT Systems *

Confrontation or Collaboration?

A conversation with Allan Friedman about cybersecurity issues

Developing a robust cyber security governance framework 16 April 2015

STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION

Resilient and Secure Solutions for the Water/Wastewater Industry

Homeland Open Security Technology HOST Program

Our plant has been hacked! Industry News Cyber News Consultant s Corner. Our plant has been hacked!

The Cancer Running Through IT Cybercrime and Information Security

1. Introduction. Table 1 Why Use Open Communication Systems?

Transcription:

CYBER SECURITY May 6, 2013

Cyber Headlines: dramatic and numerous Burning up a generator on demand Staged cyber attack reveals vulnerability in power grid, CNN 09/26/2007 Georgia Takes a Beating in the Cyberwar With Russia New York Times 08/11/2008 Cyber-attack claims at US water facility The Guardian 11/20/2011 America's Failing Grade on Cyber Attack Readiness ABC News 07/27/2011 Pro-Wikileaks Hackers Take Down MasterCard, Visa (widely reported) Dec. 8, 2010 Stuxnet New spy rootkit targets industrial secrets (Stuxnet) Tech World, 07/19/2010 Stuxnet virus targets and spread revealed BBC News, 02/15/2011 The Pandora's Box of Stuxnet, Duqu, and Flame PC World 06/01/2012 Hackers in China Attacked The Times for Last 4 Months, New York Times 01/30/2013 Will the next 9/11 be digital? Digital Trends, 04/01/2013 South Korea Hit Hard by Massive Cyber Attack PBS NewsHour 04/01/2013 (on attacks from 03/20/2012 2013-05-06 CAMPUT CYBER SECURITY 2

All those headlines => Government Response? Canada s response Cybersecurity policy announced in 2001 Canada s auditor general reports little progress In 2010 the federal government puts in place Cyber Security Strategy and the National strategy and action plan for critical infrastructure Auditor general reports progress on relationship building but little definitive improvement 24/7 awareness and other key action items But so far, no made-in-canada stuxnet or is Canada s stuxnet still a secret? 2013-05-06 CAMPUT - CYBER SECURITY 3

Why are we so cyber-vulnerable? Cyber-systems allow efficient control of complex systems The more efficient and powerful these systems become, the more impact they can have when they are compromised. 2013-05-06 CAMPUT - CYBER SECURITY 4

Cyber-vulnerability A cyber-vulnerability can be deliberately exploited to gain Power (political/military) Knowledge (espionage) Money Glory Revenge (e.g. sabotage) break Accidents, human error 2013-05-06 CAMPUT - CYBER SECURITY 5

Infrastructure security Federal Headed by Public Safety Canada (Critical Infrastructure) and the RCMP Develop working relationships and find ways to share information within and between sectors 10 industrial sectors in Canada (18 in US) Energy and Utilities sector is the most advanced. Structurally and in general orientation, US and Canada are deliberately similar and align with one another 2013-05-06 CAMPUT - CYBER SECURITY 6

Cyber Regulation of Electricity DHS NEB FERC DOT NERC Utility Regulator $$ Customers State Regulator NERC Utility $$ Customers 2013-05-06 CAMPUT - CYBER SECURITY 7

Electricity Cyber Regulation in Canada Generally following NERC Critical Infrastructure Protection standards Nationwide, different provinces are at different stages of NERC standards adoption Ontario has CIP version 3 in force, whereas in Québec, we have adopted CIP version 1 and are still developing the enforcement framework. Meanwhile, Hydro-Québec, Québec s principal utility, complies with CIP version 3 (and CIP version 1) on a voluntary basis until Québec s regulatory regime catches up. 2013-05-06 CAMPUT - CYBER SECURITY 8

Cyber Regulation of Natural Gas International and interprovincial NEB Utility $$ Provincial Regulator Customers 2013-05-06 CAMPUT - CYBER SECURITY 9

Evolving dynamics In general, the power dynamic between FERC and an American utility is not the same as between a provincial regulator and a provincial utility. Generalizing substantially, Canadian regulation tends towards collaboration and meeting objectives. (e.g. "Tell us how you protect your cyber-infrastructure against significant risks?") However, Canadian regulation is trending towards more definition. Electric industry alignment with a mandatory regime with fines NEB s upcoming authority to levy fines for natural gas issues Meanwhile, American regulation is perhaps moving towards objective based (CIP5, NERC RAI) Perhaps Canadian regulation and American regulation will meet in some happy middle that would be a very Canadian compromise! 2013-05-06 CAMPUT - CYBER SECURITY 10

MERCI! THANK YOU! 2013-05-06 CAMPUT - CYBER SECURITY 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information