Continuous Monitoring
|
|
- Vivien Watts
- 6 years ago
- Views:
Transcription
1 Continuous Monitoring A New Approach To Secure Critical Infrastructure Jasvir Gill Founder & CEO, AlertEnterprise, Inc. October 20, 2011
2 Security Incidents Keep Growing Combination of Cyber And Physical North America Asia 5400 Terrorist Attacks 500 Terrorist Attacks Africa 1600 Terrorist Attacks Source: GlobalSecurityIncident.com 3900 Terrorist Attacks South America 2 RELIABILITY ACCOUNTABILITY
3 Why CI/KR are Attractive Targets Creating catastrophic incident is possible Impact Large Populations Gain Attention Loss Of Public Confidence In Government Instill Fear 3 RELIABILITY ACCOUNTABILITY
4 Challenges for Effective Critical Infrastructure Protection Common Characteristics of Critical Infrastructure makes them more vulnerable to attacks Large Complex Systems Control Systems Linkage To Corporate Networks Dispersed Assets Highly Visible Targets Not Designed with Security in mind Integration with business creates more vulnerability Assets spread over thousands of miles Gates, Guns And Guards Not Effective Over Thousands Of Miles 4 RELIABILITY ACCOUNTABILITY
5 Why Critical Infrastructure is so difficult to protect? IT from Mars and OT from Venus. Attacks are more complex Cyber and Physical (attackers exploit the weakness of silos) Impossible to address these Blended Threats with current approach (elephant and 3 blind men..) Many critical sectors still far behind the curve More focused on doing just the minimum to meet compliance requirements. Attitude - We would like to eliminate silos but we are not there yet (self defeating proposition) 5 RELIABILITY ACCOUNTABILITY
6 Critical Infrastructure Segments Share Similar Complex Challenges Threats Sensitive Asset Diversion (Dangerous Chemicals, Pathogens, Nuclear material) Cyber Attacks - Utilities (Water, Power, Gas), Smart Grid, Transportation Terrorism (Chemicals stolen to make explosives) Bio Terrorism (Food & Beverage, Consumer Products) Disgruntled employees/contractors Monitoring both Access and Behavior Who has access to assets (physical, cyber..) Any suspicious behavior or activities Monitoring Privileged Users (guarding the guards) Effective Response, Command and Control Situational Awareness, Incident/Emergency Management 6 RELIABILITY ACCOUNTABILITY
7 Similar Incident Management Command and Control Challenges Geographically Dispersed assets/locations Guards with guns expensive and not cost-effective Impossible to cover all locations Putting guards/employees at unnecessary risk 3 ring binders approach not suitable for modern times We are up against Organized and State Sponsored Crime Response has to be instant and appropriate Audit trail of incident management very important How incident was handled to learn from mistakes for future Making sure no one took advantage of an emergency Monitoring First Responders (with privilege comes accountability) Leveraging investments in technology Non-lethal weapon systems (rubber bullets, sticky foam, non-lethal gas) Cameras, sensors, alarms, physical access control systems etc. 7 RELIABILITY ACCOUNTABILITY
8 Addressing these complex challenges calls for a new approach IT / Cyber Physical Access Control Industrial Control / Process Control 8 RELIABILITY ACCOUNTABILITY
9 Security Convergence The Solution Requires Integrating Risks Across IT Systems, Physical Security and Control Systems Risk analysis across all three domains Detect Identify and eliminate risks before they manifest, from threats, sabotage and terrorism Prevent Incident management with built-in programmed remediation Policy Based (Compliance to various regulations / policies) Respond Comply 9 RELIABILITY ACCOUNTABILITY
10 TSA Pilot Project Complex Threat Monitoring TSA s Transportation Security Innovative Concepts program: Targeting Insider Threat Leverage airport's existing systems Improve current security operations and capabilities utilizing Security Convergence Alternate measure to 100% employee physical screening Pilot Project: Comprehensive and dynamic system proven in other industries Enable airports to detect, prevent and manage threats TSA funded $1M pilot project for 6 months. Feb Sept RELIABILITY ACCOUNTABILITY
11 Unauthorized Access Attempt by Airport Insider into Restricted Area 11 RELIABILITY ACCOUNTABILITY
12 Consolidated Incident Management Capabilities Insider Threat, Duress Signals AlertEnterprise RELIABILITY ACCOUNTABILITY
13 Addressing Copper Theft at Remote Sites and Substations Intelligence Report UNCLASSIFIED US electrical utilities spend almost $1 billion per year on repairs and to fix disruptions caused by copper wire theft. [DOE Report] The cost to replace stolen components can be considerably greater than the value of the stolen copper parts The theft of copper can disrupt electricity, communications and impede the response time of emergency services. Copper theft also can cause significant damage to surrounding property 13 RELIABILITY ACCOUNTABILITY
14 Utilities Continue to Live with the Risk Unclassified Incidents: October 2008, thieves in Florida posed as utility workers using vehicles painted with utility-service logos and wearing utility company uniforms stole copper cables worth over $1 million November 2010, a series of copper thefts from radio transmission towers near Houston prevented emergency-service dispatchers from communicating with firefighters and paramedics for nearly an hour. December ,000 Louisiana homes and businesses lost power - copper theft at an substation created a system overload forcing the system to shut down. February 2011, five separate thefts of copper from telephone cables in southwest Virginia disrupted phone service to over 1,000 residents From January 2011 to June 2011, thieves in Northern California knocked down 300 power poles to steal copper wiring from within and on the poles. 14 RELIABILITY ACCOUNTABILITY
15 Proposed AlertEnterprise / NERC Remote Substation Monitoring Project Enable the Security and Operations teams to detect, deter and respond to threats and other incidents Sustain and enhance investments in existing infrastructure and security technologies like CCTV, Access Control, Badging Software, Security keys, SCADA Systems, Safety systems and IT Applications Provide situational awareness for responders and analysts to enable more efficient deterrent of threats and incidents; Enhance effectiveness of counter measures and standard operating procedures by automating them through remedial action schemes 15 RELIABILITY ACCOUNTABILITY
16 Sample Pilot Use Cases 1. Perimeter and facility motion sensors to detect the presence of intruders and determining if a work order is open for any planned maintenance. 2. Unscheduled or forced physical entry into substation and change in key substation operating parameters detected within a certain time period (1-30 minutes) of the entry. 3. Access to sub-station(s) by personnel with an invalid or expired Personnel risk assessment (PRA), trainings and certifications. 4. Employee / contractor access a remote, unmanned facility and stay much longer than prescribed work duration 16 RELIABILITY ACCOUNTABILITY
17 Terminated Employee has Physical Access to Substation Terminated user has Physical access to Critical Cyber Assets 17 RELIABILITY ACCOUNTABILITY
18 Automated Remediated and Prevention 18 RELIABILITY ACCOUNTABILITY
19 Remote Monitoring Solutions Links to Existing Access Control, CCTV and SCADA Systems 19 RELIABILITY ACCOUNTABILITY
20 Solution detects suspicious activity at Un-manned Substation 20 RELIABILITY ACCOUNTABILITY
21 Operator is Notified Video Verification of Alert 21 RELIABILITY ACCOUNTABILITY
22 GIS Technology Automatically Displays Incident Location 22 RELIABILITY ACCOUNTABILITY
23 Risks are Identified 23 RELIABILITY ACCOUNTABILITY
24 Single Click Control for Camera and Door Lock Options 24 RELIABILITY ACCOUNTABILITY
25 Situational Awareness: Converged Dashboard for the Utilities Industry Incident User Risk Analysis Live Video Feed Incident Confirmation Incident Report Grid View Affected Consumer Area Incident Location! High Alert- PI Notification High Alert PI Notification Manager Protective Relay Set Point Change Last Physical Access: JonesMa TIME: 15:26 25 RELIABILITY ACCOUNTABILITY
26 Executive / Compliance Dashboard Utilizes Real-Time Monitoring and Active Policy Enforcement 26 RELIABILITY ACCOUNTABILITY
27 Enhancing Security With Continuous Monitoring Monitor remote and on-site access to facilities, critical systems, assets and information is possible and cost effective Centralize Onboarding / Offboarding across enterprise (IT, Physical ) Actively enforce risk analysis across IT, Physical and SCADA Access (eliminate silos) Solutions must have rule based (easily configurable) intelligence We are not there yet is not an option Leverage technology for Sustainable Security and Compliance 27 RELIABILITY ACCOUNTABILITY
28 28 RELIABILITY ACCOUNTABILITY AlertEnterprise Confidential Information About AlertEnterprise Experienced Team Founded Virsa Systems Application Security Focus Acquired By SAP In Customers Innovation Awards RSA Security Conference Security Summit SAP TechEd ASIS GSN Magazine HSPD-12 Flagship Customers TSA, PDX FPL, KCPL, OG&E, Toronto Hydro, NIPSCO, Consumers Energy Nike, Honda, Cisco Key Partners Services: Deloitte, HP, SAIC, PwC Technology: Lenel, Tyco, GE, JCI, Cisco Oracle, SAP, Microsoft Special Projects NERC Smart Grid Security Nuclear Cyber Security Airport Security Our Unique Advantages Situational Intelligence Active Policy Enforcement Innovation In Convergence Of Logical & Physical Security
29 Jasvir Gill Founder & CEO AlertEnterprise, Inc. 29 RELIABILITY ACCOUNTABILITY
(U//FOUO) Copper Thefts Disrupting Homeland Infrastructure
(U//FOUO) Copper Thefts Disrupting Homeland Infrastructure 19 July 2011 (U) Prepared by the Office of Intelligence and Analysis (I&A), Cyber, Infrastructure, and Science Division, Strategic Infrastructure
More informationManaging Security, Risk and Compliance for Critical Assets on the Smart Grid
Managing Security, Risk and Compliance for Critical Assets on the Smart Grid Kshamit Dixit Toronto Hydro Toronto Hydro A snapshot Worldwide Employees: 1,700 Revenues: $2.3 Billion Headquarters: Toronto,
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationELECTRIC UTILITY SECTOR PHYSICAL THREATS (DBT) & RESPONSE PLANNING
ELECTRIC UTILITY SECTOR PHYSICAL THREATS (DBT) & RESPONSE PLANNING Helping to keep the lights on, businesses running and communities strong 1 Objectives The Utility Business has Changed Methodology Program
More informationElectric Facility Threats and Violence
Electric Facility Threats and Violence Louis Dabdoub Entergy Services, Inc. October 20, 2011 COMPANY FACTS Entergy Corporation is an integrated energy company engaged primarily in electric power production
More informationGallagher Critical Infrastructure Solutions
Gallagher Critical Infrastructure Solutions Gallagher secures from the perimeter including gates, through to the facility access points and interior areas security.gallagher.co 2 Introducing Gallagher
More informationCyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.
Cyber Security For Utilities Risks, Trends & Standards IEEE Toronto March 22, 2017 Doug Westlund Senior VP, AESI Inc. Agenda Cyber Security Risks for Utilities Trends & Recent Incidents in the Utility
More informationCIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra
CIP-014 JEA Compliance Approach FRCC Fall Compliance Workshop Presenter Daniel Mishra Acronyms & Terminologies DHS Department of Homeland Security JEA It s not an acronym JSO Jacksonville Sheriff's Office
More informationCyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations. Arkansas Joint Committee on Energy March 16, 2016
Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations Arkansas Joint Committee on Energy March 16, 2016 CenterPoint Energy, Inc. (NYSE: CNP) Regulated Electric and Natural Gas Utility
More informationIndegy. Industrial Cyber Security. ISA New Orleans Section. Applying the NIST Framework February 6, 2018
Indegy Industrial Cyber Security ISA New Orleans Section Applying the NIST Framework February 6, 2018 Agenda 1. Introductions 2. Indegy Background 3. NIST Background and History with ICS 4. What is the
More informationChemical Facility Anti-Terrorism Standards. T. Ted Cromwell Sr. Director, Security and
Chemical Facility Anti-Terrorism Standards T. Ted Cromwell Sr. Director, Security and NJ ELG Operations Meeting Today s Presentation ACC Action Major Rule Components Select Risk-Based Performance Standards
More informationLa gestione di Security e Safety con un singolo sistema di supporto alle decisioni Baltimore/Washington Airport - USA
La gestione di Security e Safety con un singolo sistema di supporto alle decisioni Baltimore/Washington Airport - USA Filippo Silvestri Sales Manager PS&S Intergraph Italia Security Government & Infrastructure
More informationTHE OPEN & SHUT CASE FOR ENHANCING SECURITY IN HAZARDOUS AREAS SECURITY IN HAZARDOUS AREAS. By Doug Woodbridge PRODUCT PHOTO
SECURITY IN AREAS PRODUCT PHOTO THE OPEN & SHUT CASE FOR ENHANCING SECURITY IN AREAS By Doug Woodbridge Securex Technology Ltd Pump House Station Road Wath-Upon-Dearne ROTHERHAM S63 7DQ T: +44 (0) 1709
More informationPresented by Joe Burns Kentucky Rural Water Association July 19, 2005
Infrastructure Security for Public Water and Wastewater Utilities Presented by Joe Burns Kentucky Rural Water Association July 19, 2005 Public Health Security and Bioterrorism Preparedness and Response
More informationIndegy. Industrial Cyber Security. Matt Petrauskas Regional Director.
Indegy Industrial Cyber Security Matt Petrauskas Regional Director mpetrauskas@indegy.com Discussion Focus Unveiling Security Gaps in Industrial Control Networks About the Presenter Matt Petrauskas 33
More informationCincinnati/Northern Kentucky International Airport. Partnership for Nuclear Security Insider Threat Summit September, 2015
Cincinnati/Northern Kentucky International Airport Partnership for Nuclear Security Insider Threat Summit September, 2015 Cincinnati USA Story 2 28 th largest metropolitan area in the USA with 2.1M population
More informationAged Care Security Solutions. security.gallagher.com
Aged Care Security Solutions security.gallagher.com Aged care security solutions The safety of residents and staff is the most important thing. Our objective at Gallagher is to create innovative solutions
More informationSecurity in a Converging IT/OT World
Security in a Converging IT/OT World Introduction Around the winter solstice, darkness comes early to the citizens of Ukraine. On December 23, 2015, it came a little earlier than normal. In mid-afternoon,
More informationSecurity Guideline for the Electricity Sector: Physical Security
1 Security Guideline for the Electricity Sector: Physical Security Preamble: It is in the public interest for NERC to develop guidelines that are useful for improving the reliability of the bulk electric
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationDigital Wind Cyber Security from GE Renewable Energy
Digital Wind Cyber Security from GE Renewable Energy BUSINESS CHALLENGES The impact of a cyber attack to power generation operations has the potential to be catastrophic to the renewables industry as well
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an
More informationEBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS
EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS HOW SECURE IS YOUR VPN ACCESS? Remote access gateways such as VPNs and firewalls provide critical anywhere-anytime connections to the networks
More informationCanadian Chemical Engineering Conference Edmonton, Alberta October 30, 2007
US Chemical Facility Anti-Terrorism Standards (CFATS) Overview Canadian Chemical Engineering Conference Edmonton, Alberta October 30, 2007 Dorothy Kellogg AcuTech Consulting Group Alexandria, Virginia
More informationControl Systems Cyber Security Awareness
Control Systems Cyber Security Awareness US-CERT Informational Focus Paper July 7, 2005 Produced by: I. Purpose Focus Paper Control Systems Cyber Security Awareness The Department of Homeland Security
More informationSecurity Guideline for the Electricity Sector: Physical Security
Security Guideline for the Electricity Sector: Physical Security Preamble: It is in the public interest for NERC to develop guidelines that are useful for improving the reliability of the bulk electric
More informationBreaking down information silos to improve GSOC efficiency and effectiveness
Breaking down information silos to improve GSOC efficiency and effectiveness Microsoft s Global Security Operations teams adopted Visual Command Center from IDV Solutions, an Everbridge company, to reduce
More informationStandard CIP-006-3c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3c 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security
More informationCyber Security. June 2015
Cyber Security June 2015 Table of contents Section Pages Introduction and methodology 3 Key findings 4 Respondent profile 5-9 Cyber security practices 10-25 Resources for monitoring cyber security events
More informationSecuring the Grid and Your Critical Utility Functions. April 24, 2017
Securing the Grid and Your Critical Utility Functions April 24, 2017 1 Securing the Grid Effectively and Efficiently Recent threats to the Electric Grid and the importance of security Standards and Requirements
More informationAirport Security & Safety Thales, Your Trusted Hub Partner
Airport Security & Safety Thales, Your Trusted Hub Partner www.thalesgroup.com/shield Securing People Ensuring Business Continuity Protecting Assets Thales Credentials Thales is a leading international
More informationCYBERBIT P r o t e c t i n g a n e w D i m e n s i o n
CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n CYBETBIT in a Nutshell A leader in the development and integration of Cyber Security Solutions A main provider of Cyber Security solutions for the
More informationCyber Attacks & Breaches It s not if, it s When
` Cyber Attacks & Breaches It s not if, it s When IMRI Team Aliso Viejo, CA Trusted Leader with Solution Oriented Results Since 1992 Data Center/Cloud Computing/Consolidation/Operations 15 facilities,
More informationIndustrial Control System Cyber Security
Industrial Control System Cyber Security Disaster Recovery Information Exchange Bruce Tyson June 28, 2017 Lunch and Learn Introduction Bruce Tyson is a certified engineering technologist (CET Telecommunications
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationPIPELINE SECURITY An Overview of TSA Programs
PIPELINE SECURITY An Overview of TSA Programs Jack Fox Pipeline Industry Engagement Manager Surface Division Office of Security Policy & Industry Engagement May 5, 2014 TSA and Pipeline Security As the
More informationProtecting Control Systems from Cyber Attack: A Primer on How to Safeguard Your Utility May 15, 2012
Protecting Control Systems from Cyber Attack: A Primer on How to Safeguard Your Utility May 15, 2012 Paul Kalv Electric Director, Chief Smart Grid Systems Architect, City of Leesburg Doug Westlund CEO,
More informationChemical Facility Anti- Terrorism Standards
SATA Presentation Regarding Chemical Facility Anti- Terrorism Standards Joe Hartline, CHMM Rindt-McDuff Associates Marietta, Georgia October 6, 2007 Presentation Outline Introduction Rule Requirements
More informationMaking airports safer and smarter
Making airports safer and smarter Transforming Situation Management into Actionable Intelligence Dharmesh Patel October 17 th, 2017 Technology & Theory Integration Workflow Automation Collaboration Airports
More informationThe Engineering Department recommends that Council: 1. Receive this Corporate Report for information purposes.
Corporate NO: R038 Report COUNCIL DATE: MARCH 12, 2007 REGULAR COUNCIL TO: Mayor & Council DATE: March 8, 2007 FROM: General Manager, Engineering FILE: 5420-00 SUBJECT: Street Lighting Copper Wire Theft
More informationStandard CIP-006-4c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-4c 3. Purpose: Standard CIP-006-4c is intended to ensure the implementation of a physical security
More informationTSA/FTA Security and Emergency Management Action Items for Transit Agencies
TSA/FTA Security and Emergency Management Action Items for Transit Agencies AACTION ITEM LIST Management and Accountability 1. Establish Written System Security Programs and Emergency Management Plans:
More informationLive Webinar: Best Practices in Substation Security November 17, 2014
Live Webinar: Best Practices in Substation Security November 17, 2014 1 Agenda & Panelists Welcome & Introduction - Allan Wick, CFE, CPP, PSP, PCI, CBCP Enterprise Security Manager-CSO Tri-State Generation
More informationPutting security first for critical online brand assets. cscdigitalbrand.services
Putting security first for critical online brand assets cscdigitalbrand.services 2 As the most security conscious digital brand service provider, our clients trust us to take care of their businesses and
More informationLESSONS LEARNED IN SMART GRID CYBER SECURITY
LESSONS LEARNED IN SMART GRID CYBER SECURITY Lynda McGhie CISSP, CISM, CGEIT Quanta Technology Executive Advisor Smart Grid Cyber Security and Critical Infrastructure Protection lmcghie@quanta-technology.com
More informationBackground FAST FACTS
Background Terra Verde was founded in 2008 by cybersecurity, risk and compliance executives. The founders believed that the market needed a company that was focused on using security, risk and compliance
More informationSECURITY CODE. Responsible Care. American Chemistry Council. 7 April 2011
American Chemistry Council Responsible Care SECURITY CODE 7 April 2011 Debra Phillips Managing Director, Responsible Care American Chemistry Council Why develop a Separate Security Code? Need for a clearly
More informationCisco Open Platform for Safety and Security
Cisco Open Platform for Safety and Security 1 Agenda Market Overview Business Drivers Barriers and Risks Cisco Open Platform for Safety and Security Scenarios Ecosystem Partners Summary 2 Market Overview
More informationBreaking down information silos to improve GSOC efficiency and effectiveness
Breaking down information silos to improve GSOC efficiency and effectiveness Microsoft s Global Security Operations teams adopted Visual Command Center from IDV Solutions, an Everbridge company, to reduce
More informationFlorida Power & Light Company Hurricane Response Update. Eric Silagy President and CEO Florida Power & Light Company
Florida Power & Light Company Hurricane Response Update Eric Silagy President and CEO Florida Power & Light Company 35 counties Serving more than half of Florida 4.9 million customer accounts Majority
More informationCybersecurity for the Electric Grid
Cybersecurity for the Electric Grid Electric System Regulation, CIP and the Evolution of Transition to a Secure State A presentation for the National Association of Regulatory Utility Commissioners March
More informationCompliance with ISPS and The Maritime Transportation Security Act of 2002
Mr. Melchor Becena Security Administrator Port Everglades SecurePort Conference Miami, Florida 25-27 27 February, 2004 Compliance with ISPS and The Maritime Transportation Security Act of 2002 Overview
More informationExpress Monitoring 2019
Express Monitoring 2019 WHY CHOOSE PT EXPRESS MONITORING PT Express Monitoring provides a quick evaluation of the current signaling network protection level. This service helps to discover critical vulnerabilities
More information10 Hidden IT Risks That Might Threaten Your Business
(Plus 1 Fast Way to Find Them) Your business depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine
More informationSAND No C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department
SAND No. 2012-1606C S 0 606C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy s National Nuclear Security Administration
More informationThe five questions I am being asked by National Policy Makers and Utility CEOs; My Best Answers; And Where the Questions Don't Have Answers
The five questions I am being asked by National Policy Makers and Utility CEOs; My Best Answers; And Where the Questions Don't Have Answers The 7th Annual North American SCADA and Process Control Summit
More informationEffective Leadership, Role of Workers & Labor Organizations
Effective Leadership, Role of Workers & Labor Organizations International Regulators Offshore Safety Conference December 6, 2007 safety@usw.org 412.562.2581 Why is the USW involved in health & safety?
More informationForensics and Active Protection
Forensics and Active Protection Computer and Network Forensics Research Project 2003 Work Update Yanet Manzano Florida State University manzano@cs.fsu.edu manzano@cs.fsu.edu 1 Outline CNF Project Goal
More informationCYBER SECURITY POLICY REVISION: 12
1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred
More informationSecuring the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.
Securing the Smart Grid Understanding the BIG Picture The Power Grid The electric power system is the most capital-intensive infrastructure in North America. The system is undergoing tremendous change
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationScience & Technology Directorate: R&D Overview
Science & Technology Directorate: R&D Overview August 6 th, 2012 UNCLASSIFIED//FOUO DHS S&T Mission Strengthen America s security and resiliency by providing knowledge products and innovative technology
More informationGrid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016
Grid Security & NERC Council of State Governments The Future of American Electricity Policy Academy Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016 1965 Northeast blackout
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationPhysical Security. Introduction. Brian LeBlanc
Physical Security Introduction 1 Physical Security Provides for the protection of property, personnel, facilities, and material against unauthorized entry, trespass, damage, sabotage, theft, or other criminal
More informationAddressing the Challenges and Complexities Facing Physical Security Networks
Addressing the Challenges and Complexities Facing Physical Security Networks CHAPTERS I. II. III. IV. V. VI. Introduction What is Physical Security Network Monitoring? About Vunetrix Areas of Expertise
More informationControl System Security SCADA/DCS. By Chaiyakorn Apiwathanokul,, CISSP Chief Security Officer PTT ICT Solutions Company Limited
Control System Security SCADA/DCS By Chaiyakorn Apiwathanokul,, CISSP Chief Security Officer PTT ICT Solutions Company Limited Objectives To understand the current situation and threats against Control
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More informationipcgrid 2015 March 26, 2015 David Roop Director Electric Transmission Operations Dominion Virginia Power
Substation Security and Resiliency Update on Accomplishments thus far ipcgrid 2015 March 26, 2015 David Roop Director Electric Transmission Operations Dominion Virginia Power Dominion Profile Leading provider
More informationDepartment of Homeland Security Science and Technology Directorate
Department of Homeland Security Science and Technology Directorate Overview Presented to the Transportation Research Board Infrastructure and Geophysical Division Science and Technology Directorate Department
More informationGE Enterprise Solutions. Digital Energy
GE Enterprise Solutions Digital Energy g Digital Energy we protect and connect the world s critical equipment to ensure safe, reliable power Our strength lies in the innovative people who deliver solutions
More informationDIRECT TESTIMONY OF RICHARD P. NUZZO (SECURITY INFRASTRUCTURE)
BEFORE THE NEW YORK STATE PUBLIC SERVICE COMMISSION ----------------------------------------------------------------------------x Proceeding on Motion of the Commission as to the Rates, Charges, Rules
More informationuanacia 1+1 MARINE SECURITY OPERATIONS BULLETIN No:
1+1 MARINE SECURITY OPERATIONS BULLETIN No: 2014-001 CLARIFICATION OF TRANSPORT CANADA (TC) MARINE SECURITY MANDATORY THREAT, BREACH AND INCIDENT REPORTING REOUIREMENTS THIS MARINE SECURITY OPERATIONS
More informationOracle Data Cloud ( ODC ) Inbound Security Policies
Oracle Data Cloud ( ODC ) Inbound Security Policies Contents Contents... 1 Overview... 2 Oracle Data Cloud Security Policy... 2 Oracle Information Security Practices - General... 2 Security Standards...
More informationImproving Distribution Reliability with Smart Fault Indicators and the PI System
Improving Distribution Reliability with Smart Fault Indicators and the PI System Presented by Cameron D. Sherding, Sr. Software Engineer Profile of DTE Electric 2 th Largest US electric utility 2.2 million
More informationNOVEMBER 2017 Leading Digital Transformation Driving innovation at scale Marc Leroux Executive Evangelist/Digital ABB
NOVEMBER 2017 Leading Digital Transformation Driving innovation at scale Marc Leroux Executive Evangelist/Digital ABB Discussion topics Introductions The digital transformation Innovating at scale How
More informationhidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION
HID ActivOne USER FRIENDLY STRONG AUTHENTICATION We understand IT security is one of the TOUGHEST business challenges today. HID Global is your trusted partner in the fight against data breach due to misused
More informationWritten Statement of. Timothy J. Scott Chief Security Officer The Dow Chemical Company
Written Statement of Timothy J. Scott Chief Security Officer The Dow Chemical Company Representing The Dow Chemical Company and the American Chemistry Council To the United States Senate Committee on Homeland
More informationElectronic Security Systems Process Overview
US Army Corps Infrastructure Systems Conference Electronic Security Systems Process Overview Electronic Security Center 4 August 2005 Outline About the Electronic Security Center Physical Security System
More informationPort Facility Cyber Security
International Port Security Program Port Facility Cyber Security Cyber Security Assessment MAR'01 1 Lesson Topics ISPS Code Requirement The Assessment Process ISPS Code Requirements What is the purpose
More informationPREPARED STATEMENT OF ERNEST R. FRAZIER, SR., ESQ. AMTRAK, CHIEF OF POLICE AND SECURITY DEPARTMENT
PREPARED STATEMENT OF ERNEST R. FRAZIER, SR., ESQ. AMTRAK, CHIEF OF POLICE AND SECURITY DEPARTMENT HOUSE TRANSPORTATION & INFRASTRUCTURE SUBCOMMITTEE ON RAILROADS Oversight Hearing on Railroad Security
More information2008 National Ag Safety School. Richard Gupton Vice President, Legislative Policy & Counsel Agricultural Retailers Association
2008 National Ag Safety School Richard Gupton Vice President, Legislative Policy & Counsel Agricultural Retailers Association Agricultural Retailers Association (ARA) ARA is a member, dues supported trade
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationStandard CIP-006-1a Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-1a 3. Purpose: Standard CIP-006 is intended to ensure the implementation of a physical security program
More informationAddressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting
Addressing Vulnerabilities By Integrating Your Incident Response Plans Brian Coates Enaxis Consulting Contents Enaxis Introduction Presenter Bio: Brian Coates Incident Response / Incident Management in
More informationImproved Situational Awareness with OSIsoft PI for the U.S. Nuclear Regulatory Commission (NRC)
Improved Situational Awareness with OSIsoft PI for the U.S. Nuclear Regulatory Commission (NRC) Matt McDonald, Vice President April 16, 2015 Agenda About PPC Story of the project OSIsoft PI Solution for
More informationIDENTITY: A KEY ELEMENT OF BUSINESS-DRIVEN SECURITY
IDENTITY: A KEY ELEMENT OF BUSINESS-DRIVEN SECURITY Identity is replacing perimeter as the primary defensive frontline OVERVIEW Organizations have been grappling with identity and access management since
More informationOracle Buys Automated Applications Controls Leader LogicalApps
Oracle Buys Automated Applications Controls Leader LogicalApps To strengthen Oracle s Governance, Risk and Compliance Suite with Real-time Policy Enforcement October 26, 2007 Disclaimer The following is
More informationCyberLock. Innovative Solutions Water Security
CyberLock Innovative Solutions Water Security Security Challenges in the Water Industry Water utilities, both large and small, are looking for solutions that will allow them to secure their perimeters,
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationBest Practices in ICS Security for System Operators
Best Practices in ICS Security for System Operators Introduction Industrial automation and control systems have become increasingly connected to internal and external networks. This exposure has resulted
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationInformation Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure
Information Infrastructure and Security The value of smart manufacturing begins with a secure and reliable infrastructure The Case for Connection To be competitive, you must be connected. That is why industrial
More informationThe modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.
Automotive The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020. Cars are becoming increasingly connected through a range of wireless networks The increased
More informationBest Practices for Incident Communications: Simplifying the Mass Notification Process for Government
Best Practices for Incident Communications: Simplifying the Mass Notification Process for Government Introduction State and local governments and their supporting agencies encounter emergency situations
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationCYBER SECURITY AIR TRANSPORT IT SUMMIT
CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER
More information