Cyber Threat Awareness CETAC 2018

Size: px
Start display at page:

Download "Cyber Threat Awareness CETAC 2018"

Transcription

1 Presented by Jeff Sundvick- WAPA Raymond Jeter-SDG&E U.S. CERT-NCCIC Cyber Threat Awareness CETAC 2018 Welcome CETAC 2018 San Ramon Training Facility General Class Information: Safety/Fire evacuation. In event of emergency, do not call 911 from your phone. Instructors will call front desk and they will notify first responders. Restrooms: Outside J101 and to your right. Cell phones on silent or outside

2 Introduction Jeff Sundvick WAPA Raymond Jeter SDGE US CERT-NCCIC Class Summary 08:00-09:30 Cyberwar Threat: Navigating the New and Deadly Digital Battlefield PBS/Nova Series. 20 min. Class Room Discussion/Worksheet Break: 10 min 09:40-11:00 U.S CERT-NCCIC-National Cybersecurity & Communications Integration Center. Real World Threats-Protection, Risks, and Vulnerabilities- Industrial Control Systems/SCADA 20 Min Ques. & Answer Break: 10 min 11:10-12:00: Cyber Threat Table Top Exercise 3 4 2

3 Course Objectives Describe, and explain how we are now living in an era where computer code can cause the same potential damage as a bomb. Also list some of the potential Critical Facilities potential cyberattacks can harm Describe, and explain the vulnerability Mal-Ware can exploit and then use this vulnerability to attack its intended target(s) Describe and explain how a hacker can gain access to, and exploit everyday modern technologies, like modern automobiles. Describe the name of the attack hackers were able to exploit to demonstrate how a hacker can gain control of IOT devices Explain the experimental cyber-attack scenario DHS used in a test against Critical Infrastructure Describe how NCCIC is leading the protection of federal civilian agencies in Cyber Space 5 Course Objectives Describe how NCCIC works with critical civilian infrastructure owns and operators to reduce risk. Describe how NCCIC disseminates cyber threat and vulnerability analysis Describe how NCCIS orchestrates national protection, prevention, mitigation and recovery activities associated with significant cyber and communication incidents. Analyze a cyber threat case study on the 2015 Ukrainian Cyber Attack and formulate strategies from lessons learned presented by NCCIC Cyber Subject Matter Experts Analyze and respond to a potential cyber threat scenario to the BES utilizing information and tactics learned during previous Cyber Threat SME presentation class learning segment. 6 3

4 Why? Why? Description: March 15, 2018 United States Computer Emergency Readiness Team Since at least March 2016, Russian government cyber actors hereafter referred to as threat actors targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. 7 Analysis by DHS and FBI, resulted in the identification of distinct indicators and behaviors related to this activity. Of note, in the report Dragonfly: Western energy sector targeted by sophisticated attack group, released by Symantec on September 6, 2017, provides additional information about this ongoing campaign. 8 4

5 Why? DHS and FBI characterize this activity as a multistage intrusion campaign by Russian government cyber actors who targeted small commercial facilities networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS). 9 DHS observed the threat actors copying Virtual Network Connection (VNC) profiles that contained configuration information on accessing ICS systems. DHS was able to reconstruct screenshot fragments of a Human Machine Interface (HMI) that the threat actors accessed. 10 5

6 Targeting of ICS and SCADA Infrastructure In multiple instances, the threat actors accessed workstations and servers on a corporate network that contained data output from control systems within energy generation facilities. The threat actors accessed files pertaining to ICS or supervisory control and data acquisition (SCADA) systems. Based on DHS analysis of existing compromises, these files were named containing ICS vendor names and ICS reference documents pertaining to the organization (e.g., SCADA WIRING DIAGRAM.pdf or SCADA PANEL LAYOUTS.xlsx ). 11 Why? Background Security of IT systems is increasingly important Industrial Control Systems (ICS) are a subset of IT utilized to control industrial processes Systems referred to with the terms SCADA, DCS, PLC ICS cyber-attacks represent a real risk as ICS become more integrated with other IT systems Successful cyber attacks already being made Stuxnet, Flame, Duqu, Gauss, Shamoon, Havex 12 6

7 Why? Biggest Cyber Security Incidents of 2017 Shadow Brokers- Hacked NSA linked group called Equation -Data Stolen- Windows Exploit Eternal Blue WannaCry-Spread around the world crippling public utilities and hospitals in U.K-North Korean Gov. Petya/NotPetya/Goldeneye- On month after WannaCry Multiple Pharmaceutical Co-Merck & Danish Shipper Maersk WikiLeaks CIA Vault 7- Data trove of 8,761 documents stolen: Spying operations and hacking tools revealed. Cloudbleed- Cloudfare-Cyber Security Co data breach, affected Uber, Fitbit, Google and Bing American Voter Data Breach Deep Root Analytics Amazon S3 server hosted 198 million voter records. Macron Campaign Hack- 2 days before French presidential runoff, hackers dumped 9GB of leaked s (Wired Magazine 07/01/2017) 13 Why? The number of vulnerabilities in ICS components keeps growing. In total, 189 vulnerabilities in ICS components were published in 2015, and most of them are critical (49%) or have medium severity (42%). (Kaspersky Lab 2016 ICS Report) ICS vulnerabilities are widely diversified. New vulnerabilities were found in 2015 in the ICS components of different vendors (55 different manufacturers) and types (HMI, electric devices, SCADA, industrial network devices, PLCs and multiple others). (Kaspersky Lab 2016 ICS Report) The largest amount of vulnerabilities were found in Siemens, Schneider Electric and Hospira devices. (Kaspersky Lab 2016 ICS Report) 14 7

8 How? Industrial Control Systems: Cyber War Threat Video As internet connections multiply so do points of attack and risks to national security, and Critical Infrastructure

9 Cyber War Threat Video Worksheet Review/Classroom Discussion. Question/Concept #1-Describe, and explain how we are now living in an era where computer code can cause the same potential damage as a bomb. Also list some of the potential Critical Faculties potential cyber-attacks can harm. Question/Concept #2-In 2010 the world got a glimpse of the first true cyber weapon called. Explain the Term Mal-Ware. Question/Concept #3-Describe, and explain how (what vulnerability) this powerful Mal-Ware exploited, and then used this vulnerability to attack its intended target(s) Question/Concept #4-Question/Key Concept: Explain the term the Internet of everything, or for short IOT-Internet of Things. Describe the name of the attack the hackers were able to use to demonstrate how a hacker can gain control of IOT devices Question/Concept #5-Explain the experimental cyber-attack scenario DHS used in a test against Critical Infrastructure. What was this experimental program named, and what was this attacks intended purpose? 10 Minute Break

10 Introduction NCCIC-National Cybersecurity & Communications Integration Center Introduction NCCIC-National Cybersecurity & Communications Integration Center The NCCIC serves as a central location where a diverse set of partners involved in cybersecurity and communications protection coordinate and synchronize their efforts. NCCIC's partners include other government agencies, the private sector, and international entities. Working closely with its partners, NCCIC analyzes cybersecurity and communications information, shares timely and actionable information, and coordinates response, mitigation and recovery efforts. 19 Please Welcome Mr. Jonathan Homer Chief, Industrial Control System Group Hunt and Incident Response Team (HIRT) National Cyber Security and Communications Integration Center (NCCIC) U.S. Dept. of Homeland Security 20 10

11 10 Minute Break Cyber Threat Table Top Exercise

12 CETAC Group Cyber Threat Table Top Exercise Exercise Objectives Analyze and respond to a potential cyber threat scenario to the BES utilizing information and tactics learned during previous Cyber Threat SME presentation class learning segment Enhance Power System Operator cyber awareness, readiness, coordination, and communication. Develop contingency plans for surviving the loss, and recovery of some or all ICS-SCADA Systems. CETAC Group Cyber Threat Table Top Exercise Exercise Instructions- See Handouts for Details Initial Scenario: EMS/SCADA/IT has reported EMS/SCADA has been compromised. Stale data, and supervisory control no longer valid. Business machines are slow to respond to inputs, and some have frozen up. External calls to and from neighboring utilities have reported similar events

13 CETAC Group Cyber Threat Table Top Exercise Post Exercise Review/Discussion Each Table Report Out Answer to Exercise Questions: REPONDING TO CYBER THREAT CYBER SECURITY How to isolate substations from harm Cybersecurity / IT Operations / SCADA, EMS Coordinate on network plan Cybersecurity / Management 3 1 BES OPERATIONS Supervisor/Management Notification Reference hard copies of single line diagrams Stop clearances / return equipment as needed System Operators Determine substations to staff System Operators 2 Internal and external notifications System Operators Coordinating with CAISO and BANC Coordinate with EMS/SCADA Supervisor / SCADA team EMS/SCADA NEIGHBORS Coordinating with Peak RC SCADA Block EMS signals 25 4 Dispatch field personnel Substation I&C, Sub Station Electricians Target: 1 hour* to staff critical subs Field personnel provide visibility, switch, and isolate substations 26 13

14 CETAC Group Cyber Threat Table Top Exercise So how do we come back from such an event? What might be the steps we take to return our respective systems to normal? Assignment: Take the next 10 minutes and discuss among your respective tables/teams, and report back similar to the first exercise. 27 NORMALIZE GRID OPERATIONS CYBER SECURITY MANAGEMENT Wind Down Emergency Operations Command 2 No Incident Response & Recovery Threat eradicated and vulnerability closed? Yes De-mobilization BES OPERATIONS Receive all-clear signal Begin normalizing the System Coordinate with CAISO/BANC & Peak RC Systems normal? Yes No Switch local to remote at substations Resume Normal Schedules Release system limits, return equipment to service System testing (Operations, SCADA, IT) EMS/SCADA Returning systems back online Coordinating with Field Personnel Coordinating with CAISO/BANC & Peak RC As necessary 28 14

15 Post Course & Weekly Evaluation Thank You! 15

Cybersecurity Overview

Cybersecurity Overview Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where

More information

CLICK TO EDIT MASTER TITLE RECENT STYLE APT CAMPAIGN TARGETING ENERGY SECTOR ASSETS

CLICK TO EDIT MASTER TITLE RECENT STYLE APT CAMPAIGN TARGETING ENERGY SECTOR ASSETS National Cybersecurity and Communications Integration Center (NCCIC) Hunt and Incident Response Team (HIRT) CLICK TO EDIT MASTER TITLE RECENT STYLE APT CAMPAIGN TARGETING ENERGY SECTOR ASSETS Jonathan

More information

Cyber Security of Industrial Control Systems (ICSs)

Cyber Security of Industrial Control Systems (ICSs) Cyber Security of Industrial Control Systems (ICSs) February 23, 2016 Joe Weiss PE, CISM, CRISC, ISA Fellow Managing Partner Applied Control Solutions, LLC (408) 253-7934 joe.weiss@realtimeacs.com Applied

More information

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation SCADA/IOT Panel This panel will focus on innovative & emerging solutions and remaining challenges in the cybersecurity of industrial control systems ICS/SCADA. Representatives from government and infrastructure

More information

Statement for the Record

Statement for the Record Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before

More information

PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems

PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems Mati Epstein Global Sales Lead, Critical Infrastructure and ICS [Internal Use] for Check Point employees 1 Industrial Control Systems (ICS)/SCADA

More information

Water Information Sharing and Analysis Center

Water Information Sharing and Analysis Center SUPERCHARGE YOUR SECURITY Water Information Sharing and Analysis Center DHS Hunt and Incident Response Team September 12, 2018 SUPERCHARGE YOUR SECURITY Presenter Brian Draper, DHS NCCIC HIRT Slides and

More information

Heavy Vehicle Cyber Security Bulletin

Heavy Vehicle Cyber Security Bulletin Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin

More information

Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016 Grid Security & NERC Council of State Governments The Future of American Electricity Policy Academy Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016 1965 Northeast blackout

More information

DHS Cybersecurity: Services for State and Local Officials. February 2017

DHS Cybersecurity: Services for State and Local Officials. February 2017 DHS Cybersecurity: Services for State and Local Officials February 2017 Department of Established in March of 2003 and combined 22 different Federal departments and agencies into a unified, integrated

More information

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe Think Oslo 2018 Where Technology Meets Humanity Oslo Felicity March Cyber Resilience - Europe Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity

More information

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1 The Cyber Threat Bob Gourley, Partner, Cognitio June 22, 2016 How we think. 1 About This Presentation Based on decades of experience in cyber conflict Including cyber defense, cyber intelligence, cyber

More information

Grid Security & NERC

Grid Security & NERC Grid Security & NERC Janet Sena, Senior Vice President, Policy and External Affairs Southern States Energy Board 2017 Associate Members Winter Meeting February 27, 2017 Recent NERC History Energy Policy

More information

Control Systems Cyber Security Awareness

Control Systems Cyber Security Awareness Control Systems Cyber Security Awareness US-CERT Informational Focus Paper July 7, 2005 Produced by: I. Purpose Focus Paper Control Systems Cyber Security Awareness The Department of Homeland Security

More information

Industrial Control System Cyber Security

Industrial Control System Cyber Security Industrial Control System Cyber Security Disaster Recovery Information Exchange Bruce Tyson June 28, 2017 Lunch and Learn Introduction Bruce Tyson is a certified engineering technologist (CET Telecommunications

More information

SECURING THE SUPPLY CHAIN

SECURING THE SUPPLY CHAIN SECURING THE SUPPLY CHAIN BY Jerome Farquharson, CISSP, Donald Dustin Williams, PE, AND Courtney Buser The advance of smart grids, smart devices and increasingly interconnected systems provides exceptional

More information

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc. Cyber Security For Utilities Risks, Trends & Standards IEEE Toronto March 22, 2017 Doug Westlund Senior VP, AESI Inc. Agenda Cyber Security Risks for Utilities Trends & Recent Incidents in the Utility

More information

Cybersecurity for Health Care Providers

Cybersecurity for Health Care Providers Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact

More information

Cyber Security & Homeland Security:

Cyber Security & Homeland Security: Cyber Security & Homeland Security: Cyber Security for CIKR and SLTT Michael Leking 19 March 2014 Cyber Security Advisor Northeast Region Office of Cybersecurity and Communications (CS&C) U.S. Department

More information

Focus on Water Treatment

Focus on Water Treatment this issue Water Treatment Security Industry News Consultants Corner Invensys CISP News Focus on Water Treatment Dept. of Homeland Security (DHS) 2003 Presidential Directive 7 (HSPD7) Water is a Critical

More information

Why Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG

Why Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG Why Should You Care About Control System Cybersecurity Tim Conway ICS.SANS.ORG Events Example #1 Dec 23, 2015 Cyber attacks impacting Ukrainian Power Grid Targeted, synchronized, & multi faceted Three

More information

Cyber Resiliency. Felicity March. May 2018

Cyber Resiliency. Felicity March. May 2018 Cyber Resiliency Felicity March May 2018 1 Cyber Resiliency Cyber Resiliency is the ability of an organization to continue to function with the least amount of disruption in the face of cyber attacks.

More information

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services Managing IT Risk: What Now and What to Look For Presented By Tina Bode IT Assurance Services Agenda 1 2 WHAT TOP TEN IT SECURITY RISKS YOU CAN DO 3 QUESTIONS 2 IT S ALL CONNECTED Introduction All of our

More information

BILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers

BILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers This document is scheduled to be published in the Federal Register on 07/28/2016 and available online at http://federalregister.gov/a/2016-17854, and on FDsys.gov BILLING CODE 6717-01-P DEPARTMENT OF ENERGY

More information

Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas

Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas Facts expressed in this presentation are Facts Opinions express in this presentation are solely my own The voices I

More information

Cybersecurity and Hospitals: A Board Perspective

Cybersecurity and Hospitals: A Board Perspective Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,

More information

Business continuity management and cyber resiliency

Business continuity management and cyber resiliency Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,

More information

Securing Industrial Control Systems

Securing Industrial Control Systems L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting

More information

NW NATURAL CYBER SECURITY 2016.JUNE.16

NW NATURAL CYBER SECURITY 2016.JUNE.16 NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING

More information

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team ICS-CERT Year in Review Industrial Control Systems Cyber Emergency Response Team 2012 What s Inside Welcome 1 Organization 3 Outreach 4 Industrial Control Systems Joint Working Group 5 Advanced Analytical

More information

New Information Collection Request: The Department of. Homeland Security, Office of Cybersecurity and

New Information Collection Request: The Department of. Homeland Security, Office of Cybersecurity and This document is scheduled to be published in the Federal Register on 07/18/2017 and available online at https://federalregister.gov/d/2017-15067, and on FDsys.gov 9110-9P P DEPARTMENT OF HOMELAND SECURITY

More information

Chapter X Security Performance Metrics

Chapter X Security Performance Metrics Chapter X Security Performance Metrics Page 1 of 10 Chapter X Security Performance Metrics Background For many years now, NERC and the electricity industry have taken actions to address cyber and physical

More information

Incident response to a breach: Right of boom you find ashes

Incident response to a breach: Right of boom you find ashes Incident response to a breach: Right of boom you find ashes Dr. Samuel Liles http://selil.com Opinions, or other information expressed are presenters and do not reflect current, former, future, or unaffiliated

More information

The Office of Infrastructure Protection

The Office of Infrastructure Protection The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Coordination Division Overview ND Safety Council Annual Conference

More information

The Office of Infrastructure Protection

The Office of Infrastructure Protection The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Native American Risk Management Conference 20 July, 2018 Bridging the Gap: Delivering

More information

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches

More information

Securing the North American Electric Grid

Securing the North American Electric Grid SESSION ID: TECH-R02 Securing the North American Electric Grid Marcus H. Sachs, P.E. SVP and CSO North American Electric Reliability Corporation @MarcusSachs Critical Infrastructure s Common Denominator

More information

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City 1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the

More information

Cybersmart Buildings: Securing Your Investments in Connectivity and Automation

Cybersmart Buildings: Securing Your Investments in Connectivity and Automation Cybersmart Buildings: Securing Your Investments in Connectivity and Automation Jason Rosselot, CISSP, Director Product Cyber Security, Johnson Controls AIA Quality Assurance The Building Commissioning

More information

Featured Articles II Security Research and Development Research and Development of Advanced Security Technology

Featured Articles II Security Research and Development Research and Development of Advanced Security Technology 364 Hitachi Review Vol. 65 (2016), No. 8 Featured Articles II Security Research and Development Research and Development of Advanced Security Technology Tadashi Kaji, Ph.D. OVERVIEW: The damage done by

More information

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL) An Operational Cyber Security Perspective on Emerging Challenges Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL) Johns Hopkins University Applied Physics Lab (JHU/APL) University

More information

Standards. Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016

Standards. Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016 Standards Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016 Balancing Authority Reliability-based Controls Reliability Benefits Data requirements for Balancing Authority (BA)

More information

Chapter X Security Performance Metrics

Chapter X Security Performance Metrics Chapter X Security Performance Metrics Page 1 of 9 Chapter X Security Performance Metrics Background For the past two years, the State of Reliability report has included a chapter for security performance

More information

Cyber Security Incident Report

Cyber Security Incident Report Cyber Security Incident Report Technical Rationale and Justification for Reliability Standard CIP-008-6 January 2019 NERC Report Title Report Date I Table of Contents Preface... iii Introduction... 1 New

More information

Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment

Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment S&L Logo Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment Date: October 24, 2017 Authors/Presenters: J. Matt Cole, PE

More information

End-to-End Trust, Segmentation and Segregation in the IIoT

End-to-End Trust, Segmentation and Segregation in the IIoT End-to-End Trust, Segmentation and Segregation in the IIoT www.blackridge.us Michael Murray - SVP & GM Cyber Physical Systems www.blackridge.us Company Origin BlackRidge technology originated from a Department

More information

Department of Management Services REQUEST FOR INFORMATION

Department of Management Services REQUEST FOR INFORMATION RESPONSE TO Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 250 South President

More information

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls Cybersecurity Hospitality Finance and Technology Professionals June 27, 2017 Presented by: Harvey Johnson, CPA Partner Overview Define Cyber Security Importance of Cyber Security 2017 Cyber Trends 1 About

More information

Loss of Control Center Functionality: EOP-008-1, CIP-008-3, CIP September 30, 2014

Loss of Control Center Functionality: EOP-008-1, CIP-008-3, CIP September 30, 2014 Loss of Control Center Functionality: EOP-008-1, CIP-008-3, CIP-009-3 September 30, 2014 James Williams Lead Compliance Specialist jwilliams.re@spp.org 501.614.3261 Jeremy Withers Senior Compliance Specialist

More information

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:

More information

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018 Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018 The Homeland Security Systems Engineering and Development Institute (HSSEDI ) is a trademark of the U.S. Department of Homeland

More information

Critical Infrastructure Sectors and DHS ICS CERT Overview

Critical Infrastructure Sectors and DHS ICS CERT Overview Critical Infrastructure Sectors and DHS ICS CERT Overview Presented by Darryl E. Peek II REGIONAL INTELLIGENCE SEMINAR AND NATIONAL SECURITY FORUM 2 2 Authorities and Related Legislation Homeland Security

More information

CYBER RESILIENCE & INCIDENT RESPONSE

CYBER RESILIENCE & INCIDENT RESPONSE CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable

More information

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity Why is the NIST framework important? GOH Seow Hiong Executive Director, Global Policy & Government Affairs, Asia Pacific

More information

Toward Open Source Intrusion Tolerant SCADA. Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania

Toward Open Source Intrusion Tolerant SCADA. Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania Toward Open Source Intrusion Tolerant SCADA Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania Outline What is SCADA? SCADA Vulnerabilities What is Intrusion Tolerance? Prime PvBrowser Our

More information

American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment

American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment July 20, 2017 DECIDEPLATFORM.COM The new Reality of Cyber Security

More information

June 5, 2018 Independence, Ohio

June 5, 2018 Independence, Ohio June 5, 2018 Independence, Ohio The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Securing the Nation at the Community Level 2018 Cuyahoga

More information

DHS Election Task Force Updates. Geoff Hale, Elections Task Force

DHS Election Task Force Updates. Geoff Hale, Elections Task Force 1 DHS Election Task Force Updates Geoff Hale, Elections Task Force Geoffrey.Hale@hq.dhs.gov ETF Updates Where we ve made progress Services EI-ISAC/ National Cyber Situational Awareness Room What we ve

More information

CYBERSMART BUILDINGS. Securing Your Investments in Connectivity and Automation

CYBERSMART BUILDINGS. Securing Your Investments in Connectivity and Automation CYBERSMART BUILDINGS Securing Your Investments in Connectivity and Automation JANUARY 2018 WELCOME STEVE BRUKBACHER Application Security Manager Global Product Security Johnson Controls 1 WHY ARE WE HERE

More information

Power Grid Resilience, Reliability and Security Research at Idaho National Laboratory

Power Grid Resilience, Reliability and Security Research at Idaho National Laboratory Power Grid Resilience, Reliability and Security Research at Idaho National Laboratory Brent J. Stacey Associate Laboratory Director National & Homeland Security Presented at: 69 th Annual Meeting of the

More information

Cybersecurity Today Avoid Becoming a News Headline

Cybersecurity Today Avoid Becoming a News Headline Cybersecurity Today 2017 Avoid Becoming a News Headline Topics Making News Notable Incidents Current State of Affairs Common Points of Failure Three Quick Wins How to Prepare for and Respond to Cybersecurity

More information

Firewalls (IDS and IPS) MIS 5214 Week 6

Firewalls (IDS and IPS) MIS 5214 Week 6 Firewalls (IDS and IPS) MIS 5214 Week 6 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part

More information

U.S. State of Cybercrime

U.S. State of Cybercrime EXCLUSIVE RESEARCH FROM EXECUTIVE SUMMARY 2017 U.S. State of Cybercrime IDG Communications, Inc. 2017 U.S. State of Cybercrime TODAY S CYBERCRIMES ARE BECOMING MORE TARGETED AND BUILT FOR MAXIMUM IMPACT,

More information

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda Rise in Data Breaches Effects of Increase in Cybersecurity Threats Cybersecurity Framework

More information

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith OPUC Workshop March 13, 2015 Cyber Security Electric Utilities Portland General Electric Co. Travis Anderson Scott Smith 1 CIP Version 5 PGE Implementation Understanding the Regulations PGE Attended WECC

More information

Awareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology

Awareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology Awareness as a Cyber Security Vulnerability Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology Background TSA Cyber Security Awareness and Outreach (CSAO)

More information

Incident Response Table Tops

Incident Response Table Tops Incident Response Table Tops Agenda Introductions SecureState overview Need for improved incident response capability https://pollev.com/securestate Overview of the exercise: Sample incident response table

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices Against Cyber Attacks (CODEF) Cyber Security of the

More information

Cybersecurity Dimension of Critical Infrastructure

Cybersecurity Dimension of Critical Infrastructure Cybersecurity Dimension of Critical Infrastructure Views expressed in this presentation are the authors and do not represent the official view of any institution he is affiliated with. ESReDA 52 Seminar,

More information

Indegy. Industrial Cyber Security. ISA New Orleans Section. Applying the NIST Framework February 6, 2018

Indegy. Industrial Cyber Security. ISA New Orleans Section. Applying the NIST Framework February 6, 2018 Indegy Industrial Cyber Security ISA New Orleans Section Applying the NIST Framework February 6, 2018 Agenda 1. Introductions 2. Indegy Background 3. NIST Background and History with ICS 4. What is the

More information

How AlienVault ICS SIEM Supports Compliance with CFATS

How AlienVault ICS SIEM Supports Compliance with CFATS How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal

More information

Cybersecurity for the Electric Grid

Cybersecurity for the Electric Grid Cybersecurity for the Electric Grid Electric System Regulation, CIP and the Evolution of Transition to a Secure State A presentation for the National Association of Regulatory Utility Commissioners March

More information

PIPELINE SECURITY An Overview of TSA Programs

PIPELINE SECURITY An Overview of TSA Programs PIPELINE SECURITY An Overview of TSA Programs Jack Fox Pipeline Industry Engagement Manager Surface Division Office of Security Policy & Industry Engagement May 5, 2014 TSA and Pipeline Security As the

More information

Information Assurance 101

Information Assurance 101 BUILT FOR SECURITY Information Assurance 101 Barbara Wert, Regulatory Compliance Specialist FoxGuard Solutions, Inc. The value of an organization lies within its information its security is critical for

More information

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin ARC VIEW DECEMBER 7, 2017 Critical Industries Need Active Defense and Intelligence-driven Cybersecurity By Sid Snitkin Keywords Industrial Cybersecurity, Risk Management, Threat Intelligence, Anomaly &

More information

Homeland Security Perspective on Modeling and Simulation (M&S)

Homeland Security Perspective on Modeling and Simulation (M&S) Homeland Security Perspective on Modeling and Simulation (M&S) From Science.Security From Technology.Trust George R. Ryan Director T&E / Standards 2 How is M&S used for Homeland Security? Current Capabilities

More information

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power

More information

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018 Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your

More information

Bird of a Feather Automated Responses

Bird of a Feather Automated Responses Bird of a Feather Automated Responses Energy-Sec Summit 2017 13 Th Security and Compliance www.inl.gov August 2017 INL s Position Nationally A network of 17 DOE national labs DOE s lead lab for nuclear

More information

Welcome Mike Kraft, MRO SAC Member

Welcome Mike Kraft, MRO SAC Member 11/16/2016 Welcome Mike Kraft, MRO SAC Member Basin Electric Power Cooperative Please submit questions to the meeting moderator. Questions will be answered at the end of the webinar. NOTICE The is an industry

More information

Cyber Resilience. Think18. Felicity March IBM Corporation

Cyber Resilience. Think18. Felicity March IBM Corporation Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack

More information

Cyber Security Stress Test SUMMARY REPORT

Cyber Security Stress Test SUMMARY REPORT Cyber Security Stress Test SUMMARY REPORT predict prevent respond detect FINAL SCORE PREDICT: PREVENT: Final score: RESPOND: DETECT: BRILLIANT! You got a 100/100. That's as good as it gets. So take a second

More information

Table of Contents. Sample

Table of Contents. Sample TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...

More information

The Office of Infrastructure Protection

The Office of Infrastructure Protection The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Hometown Security Overview Minnesota Festivals and Events Association 5 November, 018

More information

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies: ESF Coordinator: Homeland Security/National Protection and Programs/Cybersecurity and Communications Primary Agencies: Homeland Security/National Protection and Programs/Cybersecurity and Communications

More information

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management Remarks of Marcus Sachs, Senior Vice President and the Chief Security Officer North American Electric Reliability

More information

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security Best Practices in Healthcare Risk Management Balancing Frameworks/Compliance and Practical Security Our industry is full of jargon terms that make it difficult to understand what we are buying To accelerate

More information

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference Benefits to the Stakeholders A Collaborative and Win-Win Strategy Lal Dias Chief Executive Officer Sri Lanka CERT CC Cyber attacks

More information

TSA/FTA Security and Emergency Management Action Items for Transit Agencies

TSA/FTA Security and Emergency Management Action Items for Transit Agencies TSA/FTA Security and Emergency Management Action Items for Transit Agencies AACTION ITEM LIST Management and Accountability 1. Establish Written System Security Programs and Emergency Management Plans:

More information

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON Testimony Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON Defending Our Democracy: Building Partnerships to Protect America

More information

COUNTERING IMPROVISED EXPLOSIVE DEVICES

COUNTERING IMPROVISED EXPLOSIVE DEVICES COUNTERING IMPROVISED EXPLOSIVE DEVICES FEBRUARY 26, 2013 COUNTERING IMPROVISED EXPLOSIVE DEVICES Strengthening U.S. Policy Improvised explosive devices (IEDs) remain one of the most accessible weapons

More information

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Florida Hospital Association Welcome! John Wilgis Director, Emergency Management Services Florida Hospital Association

More information

Industry Best Practices for Securing Critical Infrastructure

Industry Best Practices for Securing Critical Infrastructure Industry Best Practices for Securing Critical Infrastructure Cyber Security and Critical Infrastructure AGENDA - Difference between IT and OT - Real World Examples of Cyber Attacks Across the IT/OT Boundary

More information

American Association of Port Authorities. Navigating the Cyber Domain. Homeland Security UNCLASSIFIED

American Association of Port Authorities. Navigating the Cyber Domain. Homeland Security UNCLASSIFIED American Association of Port Authorities Navigating the Cyber Domain Captain James Cash Deputy Director U.S. Coast Guard Cyber Command Vision & Mission VISION A safe, secure and resilient cyber operating

More information

Department of Homeland Security Updates

Department of Homeland Security Updates American Association of State Highway and Transportation Officials Special Committee on Transportation Security and Emergency Management 2016 Critical Infrastructure Committee Joint Annual Meeting Department

More information

New Zealand National Cyber Security Centre Incident Summary

New Zealand National Cyber Security Centre Incident Summary New Zealand National Cyber Security Centre 2013 Incident Summary National Cyber Security Centre 2013 Incident Summary Foreword The incidents summarised in this report reinforce that cyber security is truly

More information

FAA Cybersecurity Test Facility (CyTF) By: Enterprise Information Security Team ANG-B31 Patrick Hyle, William J Hughes Technical Center

FAA Cybersecurity Test Facility (CyTF) By: Enterprise Information Security Team ANG-B31 Patrick Hyle, William J Hughes Technical Center FAA Cybersecurity Test Facility (CyTF) By: Enterprise Information Security Team ANG-B31 Patrick Hyle, William J Hughes Technical Center Date: 08 August, 2016 1 2 3 4 5 6 7 8 2 FAA Provides Aviation Portion

More information

Cyber Security Maturity Model

Cyber Security Maturity Model Cyber Security Maturity Model Robert Lentz Former DoD CISO / Deputy Assistant Secretary Cyber Facts Facts About About Intrusions Intrusions 2 Verizon 2010 Data Breach Investigation Report WHO IS BEHIND

More information

CloudSOC and Security.cloud for Microsoft Office 365

CloudSOC and  Security.cloud for Microsoft Office 365 Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed

More information