FUNDAMENTALS OF CYBER SECURITY FOR NUCLEAR PLANTS

Similar documents
AN INTRODUCTION TO ELECTRIC UTILITY SYSTEMS FOR NON-ENGINEERS

INLINE INSPECTION OF PIPELINES CRITICAL FACTORS IN STRUCTURAL DESIGN, TESTING AND MANUFACTURING

DERIVATIVES ACCOUNTING FOR POWER AND ENERGY COMPANIES:

Oil & Gas Cybersecurity

ELECTRIC UTILITY CONTRACTS FOR NON-LAWYERS

ACCIDENT & INCIDENT INVESTIGATION FOR UPSTREAM OIL & GAS

Strengthening Utility Critical

POWER GENERATION AND INDUSTRIAL PLANT CABLES - CONSTRUCTION, APPLICATION, INSTALLATION AND TESTING

INLINE INSPECTION OF PIPELINES CRITICAL FACTORS IN STRUCTURAL DESIGN, TESTING AND MANUFACTURING

Project Prioritization and Utility Project Portfolio Management

MANAGING CONSTRUCTION RISKS WITH INSURANCE AND CONSTRUCTION SURETY BONDS

Power Facilities Physical Security Threats Physical Security, Personnel Security and Preventative Measures

COurse. Midstream Oil & Gas. April 28-29, 2014 The Westin Denver Downtown Denver, CO. EUCI is authorized by IACET to offer 1.0 CEUs for the course.

Fundamentals of Oil and Gas Taxation

IN-SERVICE REPAIRS TO LEAKING ABOVE GROUND STORAGE TANK ROOFS

Estimation and Cost Control Fundamentals for Oil & Gas

in Ontario and Key Canadian

ADVANCED DISTRIBUTION MANAGEMENT SYSTEMS (ADMS) HOW TO SUCCESSFULLY ASSESS, PROCURE, IMPLEMENT, AND UPGRADE AN OMS, DMS OR A COMPLETE ADMS

5 TH ANNUAL STORM, PLANNING AND PREPARATION CONFERENCE:

FERC Natural Gas 101. October 2-3, 2014 Renaissance Denver Downtown Denver, CO. EUCI is authorized by IACET to offer 1.0 CEUs for the course.

LEADERSHIP CONFERENCE FOR WOMEN IN ENERGY

SOUTHEAST CLEAN POWER SUMMIT

HOW AMI IS IMPACTING THE CUSTOMER EXPERIENCE

AN IN-DEPTH INTRODUCTION TO MASTER LIMITED PARTNERSHIPS

Online Course Design. August 2 4, 2010 Denver, CO

CREDIT AND COLLECTIONS: IMPROVING FINANCIAL PERFORMANCE FOR UTILITIES

WEB SELF-SERVICE, MOBILE APPS, AND SOCIAL MEDIA FOR UTILITIES

Learn the essential components of designing effective online courses.

Storm Planning and Response

13 th Annual Tax & Securities Law Institute. T S L I March 5-6, 2015 Hyatt Regency New Orleans

A Regulatory Approach to Cyber Security

EMERGING LEADERS PROGRAM

October Convention & Trade Show. Thursday. Friday 17. October 16-17, 2014 Hyatt Regency Hotel Tulsa, Oklahoma

Want to brush up on your embalming skills? Would you like to compare notes with embalmers from all over North America?

EDISCOVERY FOR FEDERAL GOVERNMENT PRACTITIONERS

REGISTER TODAY! 79TH ANNUAL CONFERENCE & STATE BOARD OF ACCOUNTS SCHOOL INDIANAPOLIS THE WESTIN JUNE 7-11, 2015

DATA CENTER DESIGN & CONSTRUCTION

FUNDAMENTALS OF MUNICIPAL BOND LAW SEMINAR

SOLAR PROJECT DUE DILIGENCE: FINANCIAL, LEGAL & TECHNICAL REQUIREMENTS

THE EDGE FCCFA ANNUAL CONVENTION & TRADE SHOW Hyatt Regency Coconut Point Resort & Spa - Bonita Springs, FL July 16 18, 2015

The Fire Chiefs Planning Committee thanks you for your continued support. We look forward to seeing you at the conference in February.

An International Perspective on Security and Compliance

Probate and Mental Health Fall 2013 Study Section Conference Hyatt Regency Monterey October 16-18, 2013

February 24-26, 2016 Westin Hotel Ottawa, ON

Law Firm Cyber Risk Conference: Addressing the Issues from the Top Down

Industry Sponsored Satellite Symposia Information and Application

2015 AESC 3rd Annual Oilfield Trucking Conference. Hilton Hotel Downtown Fort Worth, Texas. November 17-19, 2015

2015 EMERGING LEADERS INSTITUTE

County Counsels' Association of California

Smart Grid Security: A Look to the Future

& Project Management

PREPARING TO BECOME A

We look forward to working with you to make the GSASC & SCASCA February 2016 Semi-Annual Conference and Trade Show a success!

HONOR TREASURE SHAPE. Honrando. Formando. the Past, Atesorando. the Present, the Future. Register Now!

Cyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc.

Spring 2016 Industry Event - CABLES

2014 SCSHMM Spring Conference May 28 th May 30 th, Cost/Quality Outcomes. Kingston Plantation

FIRE PROTECTION SYSTEMS/EQUIPMENT MAINTENANCE & INSPECTION SEMINAR

Corporate Compliance Programs - Industry Best Practices. November 18, 2010 (Thursday) 8:00 a.m. to 12:00p.m.

July 22-25, 2016 Washington, DC Marriott Wardman Park Hotel

EEOC Atlanta Seminar AUGUST 21-22, Fee $349 per day. REGISTER NOW

April 8, Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

UPDATE YOUR POST-SECONDARY SKILLS AND EXPERTISE WHILE ATTENDING THE NYSSCA CONFERENCE! NYSSCA

Transcription:

COURSE FUNDAMENTALS OF CYBER SECURITY FOR NUCLEAR PLANTS Hyatt Regency Phoenix is authorized by IACET to offer 1.0 CEUs for the course. is authorized by CPE to offer 11.0 credits for the course. 1

OVERVIEW Like other parts of critical infrastructure, nuclear power faces cyber security threats, and the Nuclear Regulatory commission (NRC) has mandated that these threats be addressed ultimately through an agreed upon approach through NEI 08-09. However, because of the dangers nuclear presents, operators face much greater challenges in providing needed cyber security controls for critical digital assets (CDAs). New digital components are being implemented that are challenging many preconceived notions of how technology is used in a nuclear plant. As the options for access and control become more complicated, so does security. Threats are evolving at a rapid pace, and with national security and nuclear safety on the line, the industry is racing to keep up. As the mandatory NRC regulations are being revised to address industry challenges, the industry is still responsible for its plants from design basis threats from cyber security vulnerabilities. Notwithstanding growing questions and concerns from Owner and Utility Boards of Directors over cyber security at their nuclear plants, each inspection of early Milestone commitments yields new insight into the NRC s concerns over cyber security in the nuclear industry. This course is an in-depth introduction to cyber security issues facing the nuclear industry and plant assets today. It is meant as a primer to give the necessary background for all staff to understand the concepts and complexities of cyber security and and compliance with NEI cyber security controls. WHO SHOULD ATTEND Utility and nuclear operating company staff from the following departments: Directors and CEOs Compliance and regulatory managers Licensing Legal and regulatory staff Information technology and information security Operations, engineering, and maintenance Administrative and support staff Control systems As well as: Attorneys and regulators Regional NRC staff Contractors and vendors LEARNING OUTCOMES Identify current cyber security threats facing nuclear power plants Analyze cyber threats and vulnerabilities Define, assess and manage cyber security risk for nuclear plants Review and analyze NEI 08-09 security controls Discuss NRC cyber security inspection techniques and interpretations Identify key NEI 08-09 implementation strategies Discuss the convergence of maintenance/operations/engineering/security/cyber security departments, internal communication strategies and building cross-functional teams REGISTER 4601 TODAY! DTC Blvd., CALL Suite 800 303-770-8800 OR VISIT 2

AGENDA Wednesday, May 13, 2015 12:30 1:00 p.m. Registration 1:00 2:30 p.m. Hacking and Hardware Understanding Cyber Threats to Nuclear Power Plants Current cyber security threats facing nuclear plants Common vulnerabilities and consequences Predictions of future cyber security challenges 2:30 3:00 p.m. Networking Break 3:00 5:00 p.m. The Old and New: A Primer on the Technology Architecture of a Nuclear Power Plant and How It is Changing Core assets and Critical Digital Assets (CDA) Levels 1-4 Integration and containment challenges Securing the communications network Analyzing cyber threats and vulnerabilities o Field equipment and communications o Wide-area-network communications o Portable Media Devices o Vendor access to CDAs Thursday, May 14, 2015 8:00 8:30 a.m. Continental Breakfast 8:30 10:00 a.m. NRC 10 CFR 73.54, Regulatory Guide 5.71, NEI 08-09, and NRC Inspection Manual Chapters 10:00 10:30 a.m. Networking Break 10:30 a.m. 12:30 p.m. Continuation of NRC 10 CFR 73.54, Regulatory Guide 5.71, NEI 08-09, and NRC Inspection Manual Chapters 12:30 1:30 p.m. Group Luncheon 1:30 3:00 p.m. Plant-Wide Cyber Security: Moving Beyond Cyber Security as an IT Problem Alternative Controls Internal communication strategies Building a cross-functional team o Roles and responsibilities o Cyber across Operations/Maintenance/Engineering o Licensing Creating a Culture of Security Leveraging plant cyber security for Utility or Owner NERC CIP requirements 3:00 3:30 p.m. Networking Break 3:30 5:00 p.m. Pulling It All Together Practical lessons learned and techniques for implementing and maintaining a cyber security program for both operational technology (OT) and information technology (IT) Addressing cyber security for corporate functions 5:00 p.m. Course Adjourns Conduct mini-exercises based on potential scenarios 4601 DTC Blvd., Suite 800 3

INSTRUCTORS Robert Schuler / Cyber Security Principal / Leidos Robert Schuler is a senior information security program manager with 18 years of information security risk management and systems security engineering experience across multiple industries. Over this period, he has become a recognized expert in both NEI (Nuclear Energy Institute) and NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) cyber security guidance for utility control systems. He is currently leading an NEI 08-09 compliance assessment team at a nuclear power plant toward the plant s cyber security plan commitments to the NRC (Nuclear Regulatory Commission). He has also guided the cyber security design team for the Westinghouse AP1000 Standard Plant communications system and has managed multi-region NERC CIP compliance efforts at a major independent power producer. Mr. Schuler advises government and private sector organizations on high-performing information security architectures in critical or control system environments. He also counsels industry regulators regarding compliance requirements and builds consensus on suggested improvements to address following the intent of a particular requirement. Mr. Schuler also works with key control system contributors to identify widespread technical issues facing many industry participants and develops solutions that can largely be applied, independent of the organization. While generally facilitating agreements among business units, he is helping to achieve secure architectures that are business enablers and tackling a range of complex technical issues. Robert is also addressing the security aspects of Smart Grid/Advanced Metering and other energy sector cyber security implementation efforts. His industry outreach activities have included frequent speaking engagements delivering control system cyber security courses and speaking on industry panels, where his technical knowledge and interactive style is helping key industry participants reach a shared understanding of cyber security threats, compliance standards, and how to build secure, best-practice architectures while meeting compliance objectives. Gib Sorebo / Chief Cyber Security Technologist / Leidos Mr. Sorebo is a Chief Cyber Security Technologist for Leidos (formerly SAIC) where he assists government and private sector organizations in complying with legal and regulatory requirements and advises customers on ways to reduce cyber security risks. He has been working in the information technology industry for more than twenty years in both the public and private sector. In addition to federal and state governments, Mr. Sorebo has done security consulting in the financial services and electricity sectors. He has managed and participated in system security certification and accreditation, penetration testing, and vulnerability assessments. He is recognized for his expertise in information security compliance where he has helped government and commercial customers comply with various legal obligations. Additionally, as a former Windows system administrator and network penetration tester, Mr. Sorebo has extensive technical abilities and is familiar with a wide variety of network security tools and exploit methods. He is also a frequent speaker at national security and utility conferences, such as the RSA Security Conference, CSI Annual Conference, Metering America, Autovation, and the FIRST Annual Conference, where he has given talks on information security liability, Sarbanes-Oxley, E-Discovery, and breach notification. He was instrumental in the development of and provided significant leadership and guidance to Leidos Smart Grid Security practice where he established the Leidos Smart Grid Security Solutions Center for product security testing and solution development and contributed to a variety of other smart grid security research efforts. He is also the co-author of a book on smart grid security. 4601 DTC Blvd., Suite 800 4

INSTRUCTIONAL METHODS This course will use PowerPoint presentations and group discussions. REQUIREMENTS FOR SUCCESSFUL COMPLETION OF PROGRAM Participants must sign in/out each day and be in attendance for the entirety of the course to be eligible for continuing education credit. CREDITS has been accredited as an Authorized Provider by the International Association for Continuing Education and Training (IACET). In obtaining this accreditation, has demonstrated that it complies with the ANSI/IACET Standard which is recognized internationally as a standard of good practice. As a result of their Authorized Provider status, is authorized to offer IACET CEUs for its programs that qualify under the ANSI/IACET Standard. is authorized by IACET to offer 1.0 CEUs for the course. EVENT LOCATION A room block has been reserved at the Hyatt Regency Phoenix, 122 N. Second Street, 85004, for the nights of May 11-13, 2015. Room rates are $199, plus applicable tax. Call 1-888-421-1442 for reservations and mention the course to get the group rate. The cutoff date to receive the group rate is April 20, 2015, but as there are a limited number of rooms available at this rate, the room block may close sooner. Please make your reservations early. REGISTER 3 SEND 4TH FREE Any organization wishing to send multiple attendees to these conferences may send 1 FREE for every 3 delegates registered. Please note that all registrations must be made at the same time to qualify. PROCEEDINGS The proceedings of the course will be published, and one copy will be distributed to each registrant at the course. REGISTER 4601 TODAY! DTC Blvd., CALL Suite 800 303-770-8800 OR VISIT 5

REGISTRATION INFORMATION EVENT LOCATION Mail Directly To: Electric Utility Consultants, Inc. () 4601 DTC Blvd., Ste. 800 OR, scan and email to: conferences@euci.com PLEASE REGISTER THE FOLLOWING FUNDAMENTALS OF CYBER SECURITY FOR NUCLEAR PLANTS MAY 13-14, 2015: US $1395 EARLY BIRD ON OR BEFORE MAY 1, 2015: US $1195 A room block has been reserved at the Hyatt Regency Phoenix, 122 N. Second Street, 85004, for the nights of May 11-13, 2015. Room rates are $199, plus applicable tax. Call 1-888- 421-1442 for reservations and mention the course to get the group rate. The cutoff date to receive the group rate is April 20, 2015, but as there are a limited number of rooms available at this rate, the room block may close sooner. Please make your reservations early. ENERG ZE WEEKLY s Energize Weekly e-mail newsletter compiles and reports on the latest news and trends in the energy industry. Newsletter recipients also receive a different, complimentary conference presentation every week on a relevant industry topic. The presentations are selected from a massive library of more than 1,000 current presentations that has gathered during its 27 years organizing conferences. Sign me up for Energize Weekly. How did you hear about this event? (direct e-mail, colleague, speaker(s), etc.) Print Name Job Title Company What name do you prefer on your name badge? Address City State/Province Zip/Postal Code Country Telephone Email List any dietary or accessibility needs here CREDIT CARD Name on Card Account Number Billing Address Billing City Billing State Billing Zip Code/Postal Code Exp. Date Security Code (last 3 digits on the back of Visa and MC or 4 digits on front of AmEx) OR Enclosed is a check for $ to cover registrations. All cancellations received on or before April 10, 2015, will be subject to a US $195 processing fee. Written cancellations received after this date will create a credit of the tuition (less processing fee) good toward any other event or publication. This credit will be good for six months. In case of event cancellation, s liability is limited to refund of the event registration fee only. For more information regarding administrative policies, such as complaints and refunds, please contact our offices at 303-770-8800. reserves the right to alter this program without prior notice. 4601 DTC Blvd., Suite 800 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information