Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.



Similar documents
N-Dimension Solutions Cyber Security for Utilities

Cyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc.

Cyber Security The Leadership Opportunity for Joint Action Agencies APPA Joint Action Workshop

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/

How To Protect A Smart Grid From Cyber Security Threats

Cyber Security. Smart Grid

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013

Update On Smart Grid Cyber Security

Are you prepared to be next? Invensys Cyber Security

SCADA SYSTEMS AND SECURITY WHITEPAPER

Cloak and Secure Your Critical Infrastructure, ICS and SCADA Systems

OPC & Security Agenda

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit

Cybersecurity The role of Internal Audit

Utility Telecom Forum. Robert Sill, CEO & President Aegis Technologies February 4, 2008

LOGIIC Remote Access. Final Public Report. June LOGIIC - APPROVED FOR PUBLIC DISTRIBUTION

Energy Industry Cybersecurity Report. July 2015

Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

How-To Guide: Cyber Security. Content Provided by

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

The Importance of Cybersecurity Monitoring for Utilities

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Three Simple Steps to SCADA Systems Security

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

Grid and Multi-Grid Management

Industrial Security Solutions

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

Enterprise Cybersecurity: Building an Effective Defense

future data and infrastructure

Course Design Document. Information Security Management. Version 2.0

Microsoft s cybersecurity commitment

Cybersecurity. Are you prepared?

8 Steps for Network Security Protection

8 Steps For Network Security Protection

Network Cyber Security. Presented by: Motty Anavi RFL Electronics

CYBERSECURITY: Is Your Business Ready?

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Cloud security architecture

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team. National Cybersecurity and Communications Integration Center

Protecting against cyber threats and security breaches

Protect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cyber Security and Privacy - Program 183

Designing a security policy to protect your automation solution

Increase insight. Reduce risk. Feel confident.

Cybersecurity: An Innovative Approach to Advanced Persistent Threats

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

RETHINKING CYBER SECURITY Changing the Business Conversation

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Team Members: Jared Romano, Rachael Dinger, Chris Jones, Miles Kelly Supervising Professor: Dr. George Collins Industry Advisor: Dr.

This is a preview - click here to buy the full publication

The State of Industrial Control Systems Security and National Critical Infrastructure Protection

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Bellevue University Cybersecurity Programs & Courses

IoT & SCADA Cyber Security Services

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

Innovative Defense Strategies for Securing SCADA & Control Systems

Seven Strategies to Defend ICSs

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Facilitated Self-Evaluation v1.0

Cisco Advanced Services for Network Security

Key Cyber Risks at the ERP Level

Cyber Security Compliance (NERC CIP V5)

North American Electric Reliability Corporation (NERC) Cyber Security Standard

SCOPE. September 25, 2014, 0930 EDT

Remote Services. Managing Open Systems with Remote Services

How To Protect Yourself From A Hacker Attack

Decrease your HMI/SCADA risk

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

The Cyber Security Modeling Language and Cyber Security research at department for Industrial Information and Control Systems

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

Cyber Security Risk Mitigation Checklist

What is Really Needed to Secure the Internet of Things?

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

POLICIES TO MITIGATE CYBER RISK

White Paper Strengthening Information Assurance in Healthcare

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Network Security. Intertech Associates, Inc.

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives

NERC CIP VERSION 5 COMPLIANCE

Department of Management Services. Request for Information

April 8, Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

SCADA/Business Network Separation: Securing an Integrated SCADA System

Cyber security tackling the risks with new solutions and co-operation Miikka Pönniö

Designing & Building an Information Security Program. To protect our critical assets

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

Transcription:

Cyber Security :: Insights & Recommendations for Secure Operations N-Dimension Solutions, Inc. Cyber Security Protection for Critical Infrastructure Assets

Agenda: Cyber Landscape Cyber Threats to Your Operational Enterprise Defense-In-Depth Q&A Cyber Security Protection for Critical Infrastructure Assets

Cyber Security Protection for Critical Infrastructure Assets Cyber Landscape

The cyber threat is escalating -4-

Remember when -5-

Present day -6-

Energy is the most targeted sector 198 disclosed attacks in 2012 All Others 116 (59%) Energy 82 (41%) Up 52% vs. 2011 Many of these incidents targeted information pertaining to the ICS/SCADA environment, including data that could facilitate remote access and unauthorized operations.. Source: ICS-CERT Incidents by Sector (+Internet-Facing) 198 in total FY 2012-7-

There is no official solution If I had a cyber threat that was revealed to me in a letter tomorrow, there is little I could do the next day to ensure that that threat was mitigated effectively by the utilities that were targeted. Federal Energy Regulatory Commission Chairman Jon Wellinghoff September, 2012 Source: The Hill -8-

Technology Trends Increasing Cyber Security Risks Technology trends increasing cyber security risk Adoption of common technology Connectivity of utility control systems to other systems Increasing automation Creates increased attack surface that can be exploited External Attackers: Hackers conferences are identifying utility systems as valuable target Hackers Tool Kits specific to Utility systems are available for download and use Internal Users (Insiders) can knowingly or unknowingly exploit systems Increasingly advanced and persistent threats to a growing attack surface -9-

Medium sized utilities are at greatest risk HIGHER Cyber-security resources LOWER o Most Vulnerable Smallest Utilities Impact from Attack o Most Impact o Largest IOUs o Other IOUs Public Power & Cooperatives HIGHER -10-

Cyber Threats to Your Operational Enterprise Cyber Security Protection for Critical Infrastructure Assets

Your org chart may be your biggest security gap Accountability gaps between IT and Operations make critical assets vulnerable to attack Functional Role Area of Responsibility Sr. Management Overall Results Point of Attack IT / Asset interconnections Departmental silos Areas of overlap are vague Asset and IT inroads open Information Tech. Operations IT Systems Assets -12-

OT closes security gaps between IT and Operations An independent world of "operational technology" (OT) is developing separately from IT groups. If IT organizations do not engage with OT environments they may be sidelined from major technology decisions - and place OT systems at risk. Source: Sr. Management OT IT Systems Assets -13-

N-Dimension protects critical utility assets N-Dimension Solutions Inc. (NDSI) protects the control centers, substations, generating plants, field control systems, and smart meter networks of critical infrastructure utilities from cyber-attacks by providing a comprehensive, defense-in-depth solution that all utilities can afford. Sr. Management OT IT Systems Assets -14-

Typical Utility Minimal Security Typical Utility -15-

Typical Utility Minimal Security Typical utility risk points Email Web Facebook Basic Internet Security 3 rd Parties Trusted Unpatched Systems Flat Network Dialup Modems Shared or Default Passwords Unprotected Comms -16-

What happens after an attack Disconnect operation(s) systems Fly blind for awhile Engage a team of subject matter experts Locate and isolate Data Analysis loss Utility and member s data Forensics Replace necessary hardware and software Deploy a cyber security solution Public relations Media Members Legal and regulatory issues -17-

Cyber Security Protection for Critical Infrastructure Assets Defense-In-Depth

Built on a Defense-in-Depth strategy Identify Isolate Insulate Electronic security perimeters Monitoring Layered defenses Cyber-resilience Frustrate threat progression Mitigate impact Speed recovery and reconstitution Elements of a Defense in Depth Strategy People Technology Operations NDSI has the OT expertise to go beyond IT measures and achieve true Defense-in-Depth resilience! -19-

N-Dimension Products Technical Overview Dimension Defense-in-Depth Critical Infrastructure with N-Dimension Architecture Control DMZ Encrypted VPN Tunnel n-platform n-central n-client -20-

Seamless integration with SCADA Systems -21-

Benefits of comprehensive cyber-security Reliability Less chance of service interruption Revenue Assurance Attack mitigation for core revenue producing assets Risk Mitigation Complies with indemnification requirements -22-

Questions? -23-

Thank You Mary Jo Nye Alliances Director & Regional Sales Manager N-Dimension Solutions, Inc. 612.859.1821 maryjo.nye@n-dimension.com -24-

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information