Cyber Security The Leadership Opportunity for Joint Action Agencies. 2013 APPA Joint Action Workshop

Similar documents
Cyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc.

Cyber Security. Smart Grid

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.

The Importance of Cybersecurity Monitoring for Utilities

AURORA Vulnerability Background

Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

How To Protect A Smart Grid From Cyber Security Threats

PREPARED DIRECT TESTIMONY OF SCOTT KING ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY

N-Dimension Solutions Cyber Security for Utilities

Maturation of a Cyber Security Incident Prevention and Compliance Program

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator

IEEE-Northwest Energy Systems Symposium (NWESS)

Practical Steps To Securing Process Control Networks

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

Risk Management, Equipment Protection, Monitoring and Incidence Response, Policy/Planning, and Access/Audit

future data and infrastructure

North American Electric Reliability Corporation (NERC) Cyber Security Standard

U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW. November 12, 2012 NASEO

NIST Cybersecurity Framework What It Means for Energy Companies

SCADA Security Training

Smart Grid America: Securing your network and customer data. Michael Assante Vice President and Chief Security Officer March 9, 2010

NERC CIP VERSION 5 COMPLIANCE

Frost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends

A Regulatory Approach to Cyber Security

Resilient and Secure Solutions for the Water/Wastewater Industry

NERC CIP Compliance with Security Professional Services

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Panel Session: Lessons Learned in Smart Grid Cybersecurity

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Italy. EY s Global Information Security Survey 2013

Industrial Defender, Inc.: Recipient of the 2008 Global Risk Management Process Control & SCADA Company of the Year Award

CIP Supply Chain Risk Management (RM ) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016

Risk Management in Practice A Guide for the Electric Sector

State of the Applications : Only 11% of Information Security Managers Feel Their Applications are Secure. 1/11

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Information Security for Utility Managers

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants

How To Write A Cybersecurity Framework

Increase insight. Reduce risk. Feel confident.

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE

Resilient and Secure Solutions for the Water/Wastewater Industry

The Protection Mission a constant endeavor

Information Bulletin

Addressing Dynamic Threats to the Electric Power Grid Through Resilience

Cybersecurity & Public Utility Commissions

Cybersecurity The role of Internal Audit

Cyber Security Seminar KTH

Cyber security: Practical Utility Programs that Work

Cyber Security and Privacy - Program 183

EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013

National Cyber Security Policy -2013

Bradford J. Willke, CISSP

ABB s approach concerning IS Security for Automation Systems

Cyber Security. Doug Houseman Engineering Consulting Research. Modeling Simulation Security. The Practical Grid Visionaries TM

Effective Information Sharing and Analysis Process

Regulatory Compliance Management for Energy and Utilities

An International Perspective on Security and Compliance

ISACA North Dallas Chapter

Ideas for Cybersecurity Leadership by the Commonwealth

2012 North American Managed Security Service Providers Growth Leadership Award

Bridging the Security Governance Divide in Utilities

Securing the Grid. Marianne Swanson, NIST Also Moderator Akhlesh Kaushiva (AK), DOE Lisa Kaiser, DHS Leonard Chamberlin, FERC Brian Harrell, NERC

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

Rethinking Cyber Security for Industrial Control Systems (ICS)

Protect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies

Securing the Electric Grid with Common Cyber Security Services Jeff Gooding

Cybersecurity Guidance for Industrial Automation in Oil and Gas Applications

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Cisco Security Optimization Service

Roadmaps to Securing Industrial Control Systems

Building Insecurity Lisa Kaiser

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

How To Manage Risk On A Scada System

Cyber Security Compliance (NERC CIP V5)

Remote Management Services Portfolio Overview

The Four-Step Guide to Understanding Cyber Risk

Agenda: Secure Power Systems Specialist. Challenges Project description Outcomes & findings. Phase I briefing, August 27, 2012

Facilitated Self-Evaluation v1.0

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH

Supporting our customers with NERC CIP compliance. James McQuiggan, CISSP

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Security Services. A Solution for Providing BPM of Security Services within the Enterprise Environment.

Top 10 Compliance Issues for Implementing Security Programs

CIP Electronic Security Perimeter (ESP) - Dan Mishra FRCC Compliance Workshop May 09-13, 2011

DHS Cyber Security & Resilience Resources: Cyber Preparedness, Risk Mitigation, & Incident Response

2011 Forrester Research, Inc. Reproduction Prohibited

OECD PROJECT ON CYBER RISK INSURANCE

Cyber Governance Preparing for the Inevitable Perimeter Breach

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Critical Infrastructure Product Entrepreneurial Leadership Award Company of the Year Award

SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS

Digital Infrastructure - A Model For Success

Defending Against Data Beaches: Internal Controls for Cybersecurity

Transcription:

Cyber Security The Leadership Opportunity for Joint Action Agencies 2013 APPA Joint Action Workshop Doug Westlund N-Dimension Solutions Inc. Cyber Security for the Smart Grid

Cyber Risk Reduction Questions What can individual utilities do? What can Joint Actions Agencies do? What does APPA need to do? What can the states and federal government do? -2-

Discussion Topics Introductions Cyber Security Concepts for Utilities Challenges for Public Power Utilities Opportunities for Joint Action Agencies Q & A -3-

N-Dimension Solutions Cyber Security solutions provider laser focused on the energy market Selected for multi-year DOE project to protect the US grid Member of key standards bodies (NERC, NIST, DOE Labs) Recognitions: Frost & Sullivan Award for Best Practices in Industrial Cyber Security Leader designation by Pike Research and Smart Grid Today Expert witness in FERC and GAO committees HD Supply s cyber security partner Demonstrated success in public power -4-

Strong Supporter of APPA Initiatives Author of Cyber Security Primer available on the APPA web site bookstore Author of four articles published in APPA s Public Power magazine Developed three webinars for APPA s Academy webinar seminar series Presented courses at E&O and National Conferences Selected by Hometown Connections as their cyber security partner -5-

Selected by the American Public Power Hometown Connections Partner Association As stated by the Federal Energy Regulatory Commission, cyber attacks can damage generation and distribution facilities in ways that cause widespread disruption of electric service and undermine our government, economy, and the health and safety of millions of citizens. We selected N-Dimension Solutions Inc. as the official cyber security partner of Hometown Connections because the firm offers a deep knowledge of cyber security, a proven methodology, and a commitment to addressing the unique requirements of public power systems of all sizes. - Tim Blodgett, the President and CEO of Hometown Connections -6-

Cyber Security Concepts for Utilities -7-

Elements of Cyber Security Risks Threat Vectors Vulnerabilities -8-

Four Dangerous and Common Myths 1. Cyber security is only an issue for larger utilities. 2. We re not a target. 3. We have a firewall we re secure. 1. This is an IT issue. -9-

The Philosophy and Culture of Cyber Security A. Security is a process, not a destination. B. Nothing is 100% secure. It s all about managing and mitigating risks. C. A holistic approach is required: i. People ii. iii. Process Technical Security Controls -10-

Challenges for Public Power Utilities -11-

Typical Utility Minimal Risk Points Security Email Web Facebook Basic Internet Security 3 rd parties trusted unpatched systems Flat Network dialup modems shared or default pwds unprotected comms -12-

It s a Continuous And Growing Challenge Advanced Persistent Threats + Increasing Automation + Grid Interconnectedness -13-

Defense-in-Depth: Depth Required by all Utilities Perimeter Protection Interior Security Monitoring Management Processes DOE: Start with the assumption that utility assets will be compromised and then build your defenses from there... -14-

Opportunities for Joint Action Agencies -15-

Opportunities for Joint Action Agencies Participate in the marketing and / or delivery of cyber security solutions to members JAA can be visible in delivering tangible value to members for a very key and pressing issue for utilities and for the APPA Can help to address resource constraints of members Leverage on the strong synergies across JAA s members Cost Group insight capability -16-

Cyber Security Opportunity Categories Technical Services Monitoring Services Managed Services -17-

Cyber Security Technical Services Education Awareness Training Vulnerability Assessments Use of Maturity Model Can expand into penetration testing Development of Cyber Security Plans Development of Cyber Security Programs -18-

Cyber Security Monitoring Services JAA and/or Member Incident Detected! -19-

Cyber Security Hosted / Managed Services Cyber Security Data Corrective Action JAA or Third Party Security Operations Center -20-

Benefits of Proactively Addressing Cyber Security For the JAA and its Members: Increased reliability Revenue assurance Alignment with APPA s RP3 program Demonstrated risk mitigation to assist in improvements in bond ratings and insurance premiums For the Member s Customers: Increased service reliability Cost avoidance and revenue assurance for rate stability Privacy protection -21-

Q & A -22-

Thank You! Contact Information Doug Westlund CEO N-Dimension Solutions Inc. Office: 905.707.8884 x227 Mobile: 416.997.8833 doug.westlund@n-dimension.com -23-

Cyber Risk Reduction Resources APPA Cyber Security Essentials Primer White House/DOE Electricity Sector Cyber Security Capabilities Maturity Model (ES-C2M2) DOE Risk Management Program (RMP) NERC Cyber Security Standards (CIP Version 5) Electricity Sector Information Sharing and Analysis Center (ES-ISAC) Industrial Control Systems Computer Emergency Response Team (ICS CERT) DHS Cyber Security Evaluation Tool (CSET) DHS Physical Security Assessment (PSA) assessment FERC Office of Energy Infrastructure Security (OEIS) (Conceptual) DOE Cyber Incident Management Initiative -24-

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information