Energy Control Systems Cybersecurity Considerations
|
|
- Hillary Dean
- 6 years ago
- Views:
Transcription
1 Track 4 Session 5 Energy Control Systems Cybersecurity Considerations Daryl Haegley Office of the Assistant Secretary of Defense (Energy, Installations, & Environment) August Rhode Island Convention Center Providence, Rhode Island
2 UNCLASSIFIED Cyber Securing Control Systems
3 Smart Buildings, Energy Managers & Cyber Security SMART Buildings, Cars, Cities, and Beyond 3
4 //FOUO Cyber Vulnerabilities in Power Grid Information Technologies (IT) Power Marketing Administration (4) Balancing Authority (100) Control Systems (CS) 15,700 stations Trans. 642,000 miles Subst. 140,000 stations Distr. 6,300,000 miles Subst. Source: eia.gov Utility fiber Internet Power Regional Transmission Organization (15) Utility Control Center Expanding Attack Surface Wholesale power market Utility Headquarters (3200) Power Plant (7300) Cyber vulnerabilities Market vulnerabilities Conventional network attacks Internet-connected devices DHS Vulnerable protocols Building automation Smart grid DoD
5 Advanced Metering Infrastructure (AMI) Building Automation Systems Building Management Control Systems CO2 Monitoring Digital Signage Systems Closed Circuit Television (CCTV) Surveillance Systems Digital Video Management Systems Electronic Security Systems Emergency Management Systems Energy Management Systems Exterior Lighting Control Systems Fire Alarm Systems Fire Sprinkler Systems Interior Lighting Control Systems Intrusion Detection Systems Physical Access Control Systems Public Safety/Land Mobile Radios Renewable Energy Geothermal Systems Renewable Energy Photo Voltaic Systems Shade Control Systems Smoke and Purge Systems Vertical Transport System (Elevators and Escalators) Laboratory Instrument Control Systems Laboratory Information Management Systems (LIMS) Control Systems Configuration options: Stand alone / isolated = not on DoD network Connected directly to the Internet = not on DoD network Connected to DoD network = could be on or isolated from NIPRNET
6 Buildings UNCLASSIFIED Weapon Platforms Operational Energy Electrical and HVAC Pumps and Motors Nuclear Vehicles/Charging Medical Typical Controller Manufacturing Same Commercial Control System Device Installed Across DoD Enterprise
7 What s in Your Building? Fire Sprinkler System Interior Lighting Control Intrusion Detection Land Mobile Radios Renewable Energy Photo Voltaic Systems Shade Control System Smoke and Purge Physical Access Control Vertical Transport System (Elevators and Escalators) Advanced Metering Infrastructure Building Automation System Building Management Control CCTV Surveillance System CO2 Monitoring Digital Signage Systems Electronic Security System Emergency Management System Energy Management System Exterior Lighting Control Systems Fire Alarm System SECURITY Info Sys Control Systems # devices 50,000 40,000 30,000 20,000 10,000 0 Independently Managed, Resourced, Tech-refreshed 7
8 Current Obstacles Not considered / managed like Information Systems Cyber Tech buy, refresh unplanned & unfunded Neither CIO nor Facility Managers are trained or staffed to manage CS cyber security Defense wide vulnerability alerts / patch management procedures in progress Many vendors emerging need sensor strategy for CS networks "We can't solve problems by using the same kind of thinking we used when we created them." A Einstein 8
9 Relevant Policies via OASD EI&E Website RMF KS Portal GRASSMARLIN passive network mapping tool = DHS ICS CERT CSET DoDI Cybersecurity 14Mar14 DoDI Risk Management Framework 12Mar14 DoDI Cybersecurity Activities Support to DoD Information Network Operations 7Mar16 NIST SP r2 Guide to Industrial Control Systems (ICS) Security May15 Recent Cybersecurity Rules Applying to Control Systems Register for notification of specific threats and cyber vulnerabilities affecting control systems through the DHS ICS CERT secure portal 9
10 ASD EI&E Memo 31 Mar 16 Affirms "the system owners/operators are accountable for the system s operational resilience and defense posture, to include cybersecurity and are responsible for securing their IT networks, systems and devices" Directs staffs develop plans identifying the goals, milestones and resources needed to identify, register, and implement cyber security controls on DoD facility related Control Systems under your cognizance Plans due 31Dec 16; implement cybersecurity controls on most critical facility related control systems by end FY19 10
11 Facility, Site, Asset Control System 500 Installations 4,000 Sites 550,000 Facilities
12 System & Device Ownership???,000 Intrusion Attempts Per / hr 250,000 Intrusion Attempts Per / hr Which Do You Depend Upon More? Which Do you Own? 12
13 CYBER ATTACK UNCLASSIFIED Mission Dependency Analysis OFF COMMS OUT OFF Down Systems OFF Delays LOGISITCS PROBLEMS LATE TO THE FIGHT Cyber-Landscape Needs to Include Control Systems 13
14 NDAA Language Cybersecurity Risk to DoD Facilities DoD facilities transitioning to smart buildings; increased connectivity has increased threat and vulnerability to cyber attacks, particularly in ways existing DoD regulations were not designed to consider. Therefore, SECDEF deliver a report: (1) Structural risks inherent in control systems and networks, and potential consequences associated with compromise through a cyber event; (2) Assesses the current vulnerabilities to cyber attack initiated through Control Systems (CS) at DoD installations worldwide, determining risk mitigation actions for current and future implementation; (3) Propose a common, DoD wide implementation plan to upgrade & improve security of CS and networks to mitigate identified risks; (4) Assesses DoD construction directives, regulations, and instructions; require the consideration of cybersecurity vulnerabilities and cyber risk in preconstruction design processes and requirements development processes for military construction projects; and (5) Assess capabilities of Army Corps of Engineers, Naval Facilities Engineering Command, Air Force Civil Engineer Center, and other construction agents, as well as participating stakeholders, to identify and mitigate full spectrum cyber enabled risk to new facilities and major renovations. CS include, but are not limited to, Supervisory Control and Data Acquisition Systems, Building Automation Systems Utility Monitoring and Energy Management and Control Systems. Such report shall include an estimated budget for the implementation plan, and delivered no later than 180 days after the date of the enactment of this Act.
15 8-star letter! Include CS in scorecard Invest in detection tools 7x cyber incidents 15
16 UFC Objectives 1. Define new Design and Construction Methodology to apply RMF & NIST SP ICS Security Guide 2. Define IT / CS Reference Architecture as it applies to Control Systems 3. Verify 50-75% construction: conduct Factory Acceptance Testing (FAT) of major components Final Version by 30 August Verify 100% construction complete: conduct Site Acceptance Testing (SAT)
17
18 Energy Consumption Data Building Level Base Level Power plants, peaking plants, and combined heat and power (CHP) plants for multiple installation-level loads Large-scale renewable energy where viable to provide base load Generators for individual critical facilities Usage or Criticality? Regional / Enterprise Level T or F: All Energy Data is UNCLAS
19 Mission Functions Requiring Emergency Generators Medical treatment facilities Air navigation aids and facilities Refrigerated storage rooms POL storage and dispensing facilities Critical utility plants and systems Civil engineer control centers Communication facilities and telephone exchanges Fire stations, including fire alarm, fire control, and radio equipment Critical computer automatic data processing facilities Air traffic control towers Base weather stations Surveillance and warning facilities Command and control facilities Weapon systems Security lighting systems Aircraft and aircrew alert facilities Law enforcement and security facilities Emergency operations centers (EOCs) Mission, property, and life support facilities at remote and not readily accessible sites, such as split site aircraft warning and surveillance installations Industrial facilities that have noxious fumes requiring removal provide power for exhaust system only Readiness facilities relying on electrical power to support tactical or critical missions Photographic laboratories providing critical and essential support to combat and contingency tactical missions Other facilities, including facilities required for emergency response, approved by the Authority Having Jurisdiction (AHJ). Note: Some installations have contingency plans in place that transfer the function to an alternate location in the event something disrupts the operation of a single facility for emergency response 19
20 DoD Critical Infrastructure Security Information DoD critical infrastructure security information Sensitive but unclassified information that, if disclosed, would reveal vulnerabilities in DoD critical infrastructure that, if exploited, would likely result in the significant disruption, destruction, or damage of or to DoD operations, property, or facilities Include information related to critical infrastructure or protected systems owned or operated by or on behalf of the DoD, including vulnerability assessments prepared by or on behalf of the DoD, explosives safety information (including storage and handling), and other site-specific information on or relating to installation security." 20
21
22 System / Device Accountability Key ENERGY MONITORING and CONTROL SYSTEM FACILITY POINT OF CONNECTION Supervisory Controller Control Center (The Building) Computers Supervisory Controller Operational Server Network Time Synch Access Control System Firewall Appliance Network Switches Monitor/Keyboard/Mouse Virtualized Server Host Intrusion detection/prevention Storage Area Network (SAN) Uninterruptable Power Supply Communication Lines Linear Structure Asset (only EMCS traffic) Installation Router aka: Network Device Internal Use Software on Servers and network components Real Property Real Property Installed Equipment (RPIE) Personal Property / Collateral Equipment Ethernet Radio (only EMCS traffic) Ethernet Radio (only EMCS traffic) BUILDING / UTILITY CONTROL SYSTEM Part of thefacility s PRC Sensors Actuators Internal Use Software on DDC components DDC Direct Digital Controls Sensors Actuators Internal Use Software on SCADA components SCADA Supervisory Control and Data Acquisition AMI Meter Supervisory Controller Ethernet Radio Electrical System Protective Relay Camera Utility system monitoring camera
23 Many Completely Vendor Run 23
24 My Control Systems are Secure Kaspersky Lab report: Industrial Control Systems and Their Online Availability, discovered 188,019 hosts with ICS components, spread across 170 countries percent of public facing ics components are remotely exploitable/119142/ 24
25 Shodan 25
26 Never Attribute Evil When Stupid is Still Available
27 Shodan ICS Radar Energy System Protocols radar.shodan.io/ 27
28 Discovered Via Shodan Now Resolved Military Base -TridiumNiagara zzz Military HQ zzz Joint Military Base zzz VA Care Center zzz.static.net VA Medical Center t1.ccctel.net West Point Alumni Center zzz Military Hospital zzz Military Base Fuel Cell zzz Military Base Headquarters zzz Military Base Squadron Operations zzz Military Base Hangar zzz Military Base General Maintenance Facility zzz Military Base Multipurpose zzz Military Base Civil Engineering zzz Military Base Supply zzz Military Base Vehicle Maintenance zzz Military Base Flight Simulator zzz Military Base Deployment zzz Military Base ENT Server zzz Military Base zzz
29 Never Attribute Evil When Stupid is Still Available 29
30 DoD IG Audit Determine whether DoD is implementing cybersecurity controls to protect, detect, counter and mitigate potential cyber attacks on control systems supporting DoD critical missions / assets. Visit 5 Sites: Aug-Nov 16 Discussion draft: Dec 16 Draft report: Feb 17 Final report: Apr 17 30
31 Cyber Threat Focus Toward Energy Systems Information Technology 2% Transportation 5% Unknown 2% Chemical 2% Commercial Facilities 3% Nuclear 2% Communications 6% Major Incidents Reported in FY14 Health Care 6% Water 6% Government Facilities 5% Food & Ag 1% Finanace 1% Energy 32% Source: DHS ICS CERT FY14 Annual Report Critical Manufacturin g 27%
32 Potential CS Exploitation Paths 32
33 Building Systems and Technology Solutions UNCLASSIFIED Facilities Energy Management Competencies Apply fundamentals of building energy systems & facility management technologies to support compliance with applicable energy codes, Federal requirements, & professional standards. 6.A Collaborate with stakeholders on the planning and design of sustainable building systems to optimize building performance while balancing human and mission needs. 6.B Serve as subject matter expert on current technologies, codes and regulations to identify, evaluate, and recommend technologies and/or energy reduction solutions. 6.C Interact with the energy management community and provide lessons learned/best practices on operational and financial performance of technologies. 6.D Collaborate with Information Assurance / Cyber Security personnel to ensure Industrial Control Systems comply with DoD Information Technology requirements. 6.E Advise on technical design standards specific to the installation to provide designers with project sustainability guidelines. 6.F Support emerging technologies and innovative acquisition strategies, if and where appropriate, to expedite technology adoption and advance energy performance. Very Limited Cyber Role How Much is Enough? 33
34 Solutions / Discussion Build cyber security into your smart building network design criteria Ensure awareness of cyber security policies and standard operating procedures Collaborate with all relevant stakeholders & contractors Best practices & guidelines RMF KS Portal Daryl Haegley daryl.r.haegley.civ@osd.mil 34
35 Industrial Security Advisory: Ransomware Masquerading as Allen-Bradley Update Rockwell Automation learned about malicious file called Allenbradleyupdate.zip NOT an official update from Rockwell Automation File contains ransomware malware that, if successfully installed and launched, may compromise the victim s computer 35
36 36
Build Your Cybersecurity Program in Minutes: Click, Copy, Modify, Implement
FEMP Cybersecurity Program Review Build Your Cybersecurity Program in Minutes: Click, Copy, Modify, Implement Daryl Haegley GISCP, OCP OASD EI&E / ODASD IE August 15, 2017 Tampa Convention Center Tampa,
More informationPanelists. Moderator: Dr. John H. Saunders, MITRE Corporation
SCADA/IOT Panel This panel will focus on innovative & emerging solutions and remaining challenges in the cybersecurity of industrial control systems ICS/SCADA. Representatives from government and infrastructure
More informationControl Systems Cyber Security Awareness
Control Systems Cyber Security Awareness US-CERT Informational Focus Paper July 7, 2005 Produced by: I. Purpose Focus Paper Control Systems Cyber Security Awareness The Department of Homeland Security
More informationProtecting Buildings Operational Technology (OT) from Evolving Cyber Threats & Vulnerabilities
Cybersecurity Basics For Energy Managers Protecting Buildings Operational Technology (OT) from Evolving Cyber Threats & Vulnerabilities Michael Mylrea Manager, Cybersecurity & Energy Technology Pacific
More informationAn Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)
An Operational Cyber Security Perspective on Emerging Challenges Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL) Johns Hopkins University Applied Physics Lab (JHU/APL) University
More informationCybersecurity in Acquisition
Kristen J. Baldwin Acting Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)) Federal Cybersecurity Summit September 15, 2016 Sep 15, 2016 Page-1 Acquisition program activities must
More informationTop 10 ICS Cybersecurity Problems Observed in Critical Infrastructure
SESSION ID: SBX1-R07 Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure Bryan Hatton Cyber Security Researcher Idaho National Laboratory In support of DHS ICS-CERT @phaktor 16 Critical
More informationBoston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018
Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your
More informationTSA/FTA Security and Emergency Management Action Items for Transit Agencies
TSA/FTA Security and Emergency Management Action Items for Transit Agencies AACTION ITEM LIST Management and Accountability 1. Establish Written System Security Programs and Emergency Management Plans:
More informationPresented by Joe Burns Kentucky Rural Water Association July 19, 2005
Infrastructure Security for Public Water and Wastewater Utilities Presented by Joe Burns Kentucky Rural Water Association July 19, 2005 Public Health Security and Bioterrorism Preparedness and Response
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Host Intrusion The Host Intrusion employs a response to a perceived incident of interference on a host-based system
More informationDFARS Defense Industrial Base Compliance Information
DFARS 252.204-7012 Defense Industrial Base Compliance Information Protecting Controlled Unclassified Information (CUI) Executive Order 13556 "Controlled Unclassified Information, November 2010 Established
More informationEnsuring System Protection throughout the Operational Lifecycle
Ensuring System Protection throughout the Operational Lifecycle The global cyber landscape is currently occupied with a diversity of security threats, from novice attackers running pre-packaged distributed-denial-of-service
More informationCybersecurity Overview
Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where
More informationNAVAL DISTRICT WASHINGTON SMARTSHORE CASE STUDY Jeff Johnson NDW CIO (N6)
NAVAL DISTRICT WASHINGTON SMARTSHORE CASE STUDY Jeff Johnson NDW CIO (N6) 1 Creating Cyber Secure Enterprise Control Systems Networks Agenda US Navy, NDW Industrial Controls overview The new cyber threat
More informationEnergy Integration Program Submarine Base New London, CT
Utility Partnerships Helping the Agency Meet Strategic Goals Energy Integration Program Submarine Base New London, CT Craig S. Prather, PE, CEM, PMP, MBA Naval Facilities Engineering Command August 16,
More informationCYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA
CYBER SECURITY BRIEF Presented By: Curt Parkinson DCMA September 20, 2017 Agenda 2 DFARS 239.71 Updates Cybersecurity Contracting DFARS Clause 252.204-7001 DFARS Clause 252.239-7012 DFARS Clause 252.239-7010
More informationRisk Management Framework for DoD Medical Devices
Risk Management Framework for DoD Medical Devices Session 136, March 7, 2018 Lt. Col. Alan Hardman, Chief Operations Officer, Cyber Security Division, Office of the DAD IO/J-6 William Martin, Deputy of
More informationDepartment of Defense Fiscal Year (FY) 2014 IT President's Budget Request Defense Advanced Research Projects Agency Overview
Mission Area Business System Breakout Appropriation BMA 0.027 Total 35.003 Defense Business Systems 0.027 All Other Resources 34.976 EIEMA 34.976 FY 2014 ($M) FY 2014 ($M) 35.003 FY 2014 ($M) FY13 to FY14
More informationAvionics Cyber T&E Examples Testing Cyber Security Resilience to support Operations in the 3rd Offset Environment
Avionics Cyber T&E Examples Testing Cyber Security Resilience to support Operations in the 3rd Offset Environment 26 January 2017 Presented by: Mr. Chad Miller NAVAIR Cyber T&E What: Replicate Cyber Battlespace
More informationInstitute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11
AUDITING ROBOTICS AND THE INTERNET OF THINGS (IOT) APRIL 9, 2018 PRESENTERS Kara Nagel Manager, Information Security Accenture Ryan Hopkins Assistant Director, Internal Audit Services Packaging Corp. of
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationDoD Terminology Decision In Progress: PIT, CS, PIT-CS, ICS,OT, SCADA, CPS, IoT, IIoT
DoD Terminology Decision In Progress: PIT, CS, PIT-CS, ICS,OT, SCADA, CPS, IoT, IIoT PIT = Platform Information Technology CS = Control Systems PIT-CS = PIT Control Systems ICS = Industrial Control Systems
More informationDefence services. Independent systems and technology advice that delivers real value. Systems and Engineering Technology
Defence services Independent systems and technology advice that delivers real value Systems and Engineering Technology Frazer-Nash Consultancy Working in the UK and internationally, Frazer-Nash is making
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationPort Facility Cyber Security
International Port Security Program Port Facility Cyber Security Cyber Security Assessment MAR'01 1 Lesson Topics ISPS Code Requirement The Assessment Process ISPS Code Requirements What is the purpose
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationTrends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk
Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk Standards Certification Education & Training Publishing Conferences & Exhibits Steve Liebrecht W/WW Industry
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationPort Facility Cyber Security
International Port Security Program Port Facility Cyber Security Cyber Risk in the Marine Transportation System MAR'01 1 Objectives IDENTIFY motivations behind a cyber attack. IDENTIFY various types of
More informationCYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS
CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS WILLIAM (THE GONZ) FLINN M.S. INFORMATION SYSTEMS SECURITY MANAGEMENT; COMPTIA SECURITY+, I-NET+, NETWORK+; CERTIFIED
More informationHeavy Vehicle Cyber Security Bulletin
Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin
More informationCybersecurity Challenges
Cybersecurity Challenges Protecting DoD s Information NAVSEA Small Business Industry Day August 8, 2017 1 Outline Protecting DoD s Information DFARS Clause 252.204-7012 Contractor and Subcontractor Requirements
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationPIPELINE SECURITY An Overview of TSA Programs
PIPELINE SECURITY An Overview of TSA Programs Jack Fox Pipeline Industry Engagement Manager Surface Division Office of Security Policy & Industry Engagement May 5, 2014 TSA and Pipeline Security As the
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationDoug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017
Cyber Concerns of Local Government and What Does It Mean to Transportation Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017 Transportation and Infrastructure
More informationUNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21
National and Cyber Security Branch Presentation for Gridseccon Quebec City, October 18-21 1 Public Safety Canada Departmental Structure 2 National and Cyber Security Branch National and Cyber Security
More information10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment
Preparing Your Organization for a HHS OIG Information Security Audit David Holtzman, JD, CIPP/G CynergisTek, Inc. Brian C. Johnson, CPA, CISA HHS OIG Section 1: Models for Risk Assessment Section 2: Preparing
More informationFuture Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group
Future Challenges and Changes in Industrial Cybersecurity Sid Snitkin VP Cybersecurity Services ARC Advisory Group Srsnitkin@ARCweb.com Agenda Industrial Cybersecurity Today Scope, Assumptions and Strategies
More informationDHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017
DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationCOMPASS FOR THE COMPLIANCE WORLD. Asia Pacific ICS Security Summit 3 December 2013
COMPASS FOR THE COMPLIANCE WORLD Asia Pacific ICS Security Summit 3 December 2013 THE JOURNEY Why are you going - Mission Where are you going - Goals How will you get there Reg. Stnd. Process How will
More informationBuilding a resilient ICS
Building a resilient ICS By Dr Jules Pagna Disso, @julesdisso Building a resilient Industrial Control System (ICS) 1: From ICS to Critical National Infrastructure 2: Thenatureof the problem 3: Building
More informationLanguage for Control Systems
Cyber Security Procurement e Language for Control Systems Rita Wells Idaho National Laboratory Program Sponsor: National Cyber Security Division Control Systems Security Program Agenda Background Foundation
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Risk Monitoring Risk Monitoring assesses the effectiveness of the risk decisions that are made by the Enterprise.
More informationCyber Attacks & Breaches It s not if, it s When
` Cyber Attacks & Breaches It s not if, it s When IMRI Team Aliso Viejo, CA Trusted Leader with Solution Oriented Results Since 1992 Data Center/Cloud Computing/Consolidation/Operations 15 facilities,
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationPower Grid Resilience, Reliability and Security Research at Idaho National Laboratory
Power Grid Resilience, Reliability and Security Research at Idaho National Laboratory Brent J. Stacey Associate Laboratory Director National & Homeland Security Presented at: 69 th Annual Meeting of the
More informationCyber Hygiene: A Baseline Set of Practices
[DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More informationCritical Infrastructure Sectors and DHS ICS CERT Overview
Critical Infrastructure Sectors and DHS ICS CERT Overview Presented by Darryl E. Peek II REGIONAL INTELLIGENCE SEMINAR AND NATIONAL SECURITY FORUM 2 2 Authorities and Related Legislation Homeland Security
More informationCYBER SECURITY AIR TRANSPORT IT SUMMIT
CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER
More informationMaintaining Efficiency using Your Building Controls and Automation
Session: Building Controls and Automation Maintaining Efficiency using Your Building Controls and Automation Carl E. Lundstrom, PE, CCP Dewberry Design Builders Inc. August 10, 2016 Rhode Island Convention
More informationDOD Medical Device Cybersecurity Considerations
Enedina Guerrero, Acting Chief, Incident Mgmt. Section, Cyber Security Ops Branch 2015 Defense Health Information Technology Symposium DOD Medical Device Cybersecurity Considerations 1 DHA Vision A joint,
More informationEMERGENCY SUPPORT FUNCTION (ESF) 13 PUBLIC SAFETY AND SECURITY
EMERGENCY SUPPORT FUNCTION (ESF) 13 PUBLIC SAFETY AND SECURITY PRIMARY AGENCY: SUPPORT AGENCIES: Savannah-Chatham Metropolitan Police Department Armstrong-Atlantic Campus Police Department Bloomingdale
More informationSmart Cities and Security. Security - 1
Smart Cities and Security Security - 1 Where are we in 2013? Security - 2 Where are we in 2050? Security - 3 Our Topics Who is concerned? Security of the electric grid Security of the water supply Security
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete
More informationStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening
More informationThe U.S. Coast Guard s Role in Cybersecurity
The U.S. Coast Guard s Role in Cybersecurity Mr. Thomas P. Michelli Deputy Chief Information Officer U.S. Coast Guard What is Cyberspace? Domain characterized by the use of electronics and the electromagnetic
More informationT&E Workforce Development
T&E Workforce Development 2016 ITEA Cyber Security Workshop Mr. Thomas W. Simms Deputy Director, T&E Competency & Development Deputy Assistant Secretary of Defense (DT&E) March 17, 2016 Agenda Policy Overview
More informationDoD Environmental Security Technology Certification Program (ESTCP) Tim Tetreault DoD August 15, 2017
DoD Energy Testbed DoD Environmental Security Technology Certification Program (ESTCP) Tim Tetreault DoD August 15, 2017 Tampa Convention Center Tampa, Florida About ESTCP Established in 1995 to: Improve
More informationDepartment of Defense Emerging Needs for Standardization
Department of Defense Emerging Needs for Standardization Robert Gold Director, Engineering Enterprise Office of the Deputy Assistant Secretary of Defense for Systems Engineering SAE International 2016
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationInformation Warfare Industry Day
Information Warfare Industry Day 20180510 RDML Barrett, OPNAV N2N6G TRANSPORT COMMERCIAL INTERNET DISN SCI Coalition Networks ADNS TELEPORT NMCI & ONE-NET JRSS MOC GNOC NCDOC USMC ISNS / CANES / SUBLAN
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationIntroduction to ICS Security
Introduction to ICS Security Design. Build. Protect. Presented by Jack D. Oden, June 1, 2018 ISSA Mid-Atlantic Information Security Conference, Rockville, MD Copyright 2018 Parsons Federal 2018 Critical
More informationNW NATURAL CYBER SECURITY 2016.JUNE.16
NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Advisors and Special Event Domestic Incident Tracker Overview Federal
More informationDepartment of Defense. Installation Energy Resilience
Department of Defense Installation Energy Resilience Lisa A. Jung DASD (Installation Energy) OASD(Energy, Installations and Environment) 19 June 2018 Installation Energy is Energy that Powers Our Military
More informationSymantec Security Monitoring Services
24x7 real-time security monitoring and protection Protect corporate assets from malicious global threat activity before it impacts your network. Partnering with Symantec skilled and experienced analysts
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Physical Enterprise Physical Enterprise Monitoring is the monitoring of the physical and environmental controls that
More informationDHS Overview of Sustainability and Environmental Programs. Dr. Teresa R. Pohlman Executive Director, Sustainability and Environmental Programs
DHS Overview of Sustainability and Environmental Programs Dr. Teresa R. Pohlman Executive Director, Sustainability and Environmental Programs DHS Mission DHS Organization Getting to Know DHS Mission: Secure
More informationSecuring the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.
Securing the Smart Grid Understanding the BIG Picture The Power Grid The electric power system is the most capital-intensive infrastructure in North America. The system is undergoing tremendous change
More informationUNCLASSIFIED FY 2016 OCO. FY 2016 Base
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400:,, Test & Evaluation, Defense-Wide / BA 3: Advanced Technology (ATD) COST ($ in Millions)
More informationPreparing for the Dynamic Grid of Future
Preparing for the Dynamic Grid of Future Peter Hoffman, P.E. Duke Energy, Grid Solutions Engineering & Technology POWERING LIVES & COMMUNITIES Environmental Stewardship Reliable Service Affordable Rates
More information2011 North American SCADA & Process Control Summit March 1, 2011 Orlando, Fl
Beyond Compliance Greg Goodrich Supervisor, Enterprise Security New York Independent System Operator 2011 North American SCADA & Process Control Summit March 1, 2011 Orlando, Fl Roles of the NYISO Reliable
More informationUnderstanding Holistic Effects of Cyber Events on Critical Infrastructure
Understanding Holistic Effects of Cyber Events on Critical Infrastructure Shane Cherry Infrastructure Analysis and Technology Development National and Homeland Security Directorate March 20, 2018 INL/CON-17-42513
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Coordination Division Overview ND Safety Council Annual Conference
More informationCybersecurity for Department of Defense Microgrids: An Army Perspective
Cybersecurity for Department of Defense Microgrids: An Army Perspective Lori Ross O Neil with Cliff Glantz, David McKinnon, Fleur DePeralta, Mark Watson, Paul Boyd, Emily Barrett and Darlene Thorsen Pacific
More informationSecuring Buildings & Facilities From Emerging Cyber Threats
Session 5: [Session Title] Securing Buildings & Facilities From Emerging Cyber Threats Michael Mylrea Manager, Cybersecurity & Energy Technology Pacific Northwest National Lab August 10, 2016 Rhode Island
More informationExpanding Cyber Security Management for Critical Infrastructure
Expanding Cyber Security Management for Critical Infrastructure ISSE Wednesday 15 th November 17, Brussels Dr Andrew Hutchison, Telekom Security andrew.hutchison@t-systems.com OVERVIEW Attack Surface expands
More informationCybersecurity: Hope is Not a Strategy Daryl Haegley GISCP, OCP OASD EI&E / ODASD IE August 15, 2017
Cybersecurity Basics for Energy Managers Cybersecurity: Hope is Not a Strategy Daryl Haegley GISCP, OCP OASD EI&E / ODASD IE August 15, 2017 Tampa Convention Center Tampa, Florida Smart Phones UNCLASSIFIED
More informationEmergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:
Emergency Support Function #12 Energy Annex ESF Coordinator: Department of Energy Primary Agency: Department of Energy Support Agencies: Department of Agriculture Department of Commerce Department of Defense
More informationCyber Security. June 2015
Cyber Security June 2015 Table of contents Section Pages Introduction and methodology 3 Key findings 4 Respondent profile 5-9 Cyber security practices 10-25 Resources for monitoring cyber security events
More informationexisting customer base (commercial and guidance and directives and all Federal regulations as federal)
ATTACHMENT 7 BSS RISK MANAGEMENT FRAMEWORK PLAN [L.30.2.7, M.2.2.(7), G.5.6; F.2.1(41) THROUGH (76)] A7.1 BSS SECURITY REQUIREMENTS Our Business Support Systems (BSS) Risk MetTel ensures the security of
More informationDmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices
Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices Against Cyber Attacks (CODEF) Cyber Security of the
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationEnergy Assurance State Examples and Regional Markets Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials
+ NGA State Learning Lab on Energy Assurance Coordination May 13-15, 2015 Trenton, New Jersey Energy Assurance State Examples and Regional Markets Jeffrey R. Pillon, Director of Energy Assurance National
More informationThe Connected Water Plant. Immediate Value. Long-Term Flexibility.
The Connected Water Plant Immediate Value. Long-Term Flexibility. The Water Industry is Evolving Reliable, safe and affordable access to water is not solely on the minds of water and wastewater managers.
More information