NAVY SmartShore Pilot
|
|
- Victoria Day
- 6 years ago
- Views:
Transcription
1 Track 4 Session 5 NAVY SmartShore Pilot Jeff Johnson Naval District Washington August Rhode Island Convention Center Providence, Rhode Island
2 Session Agenda US Navy, Initial Energy Strategy NDW Goals The new cyber threat landscape hacker trends, techniques and technologies Common critical network vulnerabilities NDW approach to cyber security System Capabilities Summary and conclusions 2
3 Naval District Washington NDW Footprint* Joint Base Anacostia Bolling (DC) NAS Patuxent River (MD) NSA Annapolis (MD) NSA Bethesda (MD) NSA South Potomac (VA) NSA Washington (DC) Total Plant Replacement Value (PRV): $14B Operations & Maintenance Budget: $500M/yr Reimbursable Budget: $15M/yr 25,652 acres 3,129 buildings 2,822 non building structures 1,029 utilities locations 10 runways 6 hangers 44 piers wharfs 3 small arms training 21 small boats Geographically located in multiple states to address interstate utility regulatory issues 3
4 Navy Smart Energy Strategy
5 What is the Shore Baseline? Aging infrastructure with deferred and declining investments for facilities sustainment & emergency management operations Deferred maintenance of buildings and building systems Lack of resources to collect and maintain authoritative data Reduced funding for programs and projects Increased risk from: Commercial grid and perimeter vulnerabilities Threats of cyber attacks (internal and external) Growing incidence of natural and manmade disasters Increased pressure to reduce Cuts to national defense budget Aggressive Federal and DoD mandates Increased Risk Pressure to reduce costs Aging Infrastructure Compelling Need for Change How will shore installation management be maintained & funded over their lifecycle to achieve intended benefits?
6 NDW Operational Goals Establishing a secure critical infrastructure environment for efficient shore operations REQUIREMENTS Compliance with DoD and Federal mandates Efficiency savings through automation Optimization of operations and processes Safe & Reliable operations Share information between stakeholders Connect equipment over an IP network Utilize Standards Based (and Legacy) protocols Enhance Public Safety operations Protect Critical infrastructure CONCERNS Unauthorized external access to networks and systems Loss of command & control or data integrity Loss or degradation of system availability Malware infection manipulating operations Cyber attack causing physical impact Reputation loss due to publicized vulnerabilities or attacks Intentional misuse of systems or control causing physical impacts Cyber security attacks impacting normal operations 6
7 NDW Technology Insertion Dahlgren Ops Investments ATFP Program AMI Program OPNAV NDW Smart Grid Pilot Program CNIC Energy Program ESTCP* Program NDW Utilities Ops Investments Availability of Data for Facility and Utility Mgmt Establish basewide DDC system Command and Control (C2) Virtual Perimeter Monitoring System (VPMS) RDC Gates PSNet Measure Energy Consumption (2200 of 3129 bldgs in NDW) Business Process Reengineering: People, Processes, Technology Accredited Architecture Benchmark MAXIMO Pilot 40 FY12 esrm projects including: Connect locations with existing DDC/SCADA Re-commissioning Building Envelope HVAC, etc. Cognitive Energy Mgmt System Steam Trap Monitoring Chiller Optimization Adv. Demand Response First Fuels Plant Consolidation (Networking) FY14 DDC & SCADA Projects FY13&14 Steam Decentralization MILCON Reduced FTE and improved customer service; trend analysis and maintenance mitigations Initial architecture established for secure command and control enabling mission assurance. Ability to reduce FTE and utilize data-based decisions Smart meters allow multiple commodity consumption data at 15 min intervals; power factor and wave capture data allows improved quality Capability templates & roadmap; Industry products meeting DoD technology gaps; Cyber security & mission assurance; Lessons learned for enterprise solutions Cyber compliance; Integrated systems deployment for optimal C2 and active facility and utility mgmt NDW Pilot has been identified as ideal testbed for private industry partnerships due foundational approach leading to data availability Currently benchmarked at serveral sites; projects allow region wide deployment with proven ROI 7
8 What are the Threat Vectors? WHAT S NEXT? Kemuri Water Company Ukraine Utilities Left 225,000 customers in the dark. 1st successful cyber attack to knock a power grid offline.. Unnamed Steel Mill, Germany INSIDER ATTACK New York Dam Google HQ, Wharf PLC ATTACK Hack accessed hundreds of PLCs used to manipulate control applications altering chemicals. SCADA ATTACK Hackers disrupted networks to access automation equipment resulted in massive damage. BACKDOOR ATTACK Iranian hackers tried to open flood gates. Was this a dress rehearsal for something bigger? MISS-CONFIGURE SHODAN discovered over 21,000 miss-configured building automation systems. Target Retail Stores Saudi Aramco & RasGas Project Basecamp Unnamed Steel Mill Natanz Nuclear Facility 2010 BACKDOOR ATTACK The attackers backed their way into network by compromising a 3 rd -party vendor to steal data. ENTERPRISE ATTACK Networks infected with the Shamoon virus erased information causing enterprise network outages. PLC ATTACK A team used a penetration test on PLCs to realize how badly vulnerable their SCADA/ICS were. ENTERPRISE INFECTION The Conficker worm infected the control network causing an instability in the communications. SCADA MALWARE Stuxnet infected the air-gapped control network bypassing causing damage to centrifuge.. Maroochy Water System INSIDER ATTACK Disgruntled ex-employee hacks into the water system and floods the community of sewage.
9 Who are the Actors? A World Full of Hackers Nation states Criminals Activists Employees Children! Admiral Michael Rogers, Director NSA & US Cyber Command Various Motivations Money Political protest Environmental activism Espionage Retaliation Job security Fun China along with one or two other countries have the capability to successfully launch a cyber attack that could shut down the electric grid in parts of the United States. NSA Director testimony to Congress, Nov Unintentional Disasters An attacker/ user doesn t even know what they are doing to cause a huge impact 9
10 NDW Technical Approach I.T. vs. O.T. Approaches to Cyber Security Boundary Protections Firewalls Network Intrusion Detection DMZ/Proxy Servers Endpoint Protections Host intrusion detection/prevention (anti virus/firewall/application white listing) Policy enforcement Configuration management Device connection management Data transfer management External alerting & reporting Pre Stuxnet Protection Firewalls DMZ/Proxy Servers Air Gaps Post Stuxnet Protections: Anti virus on PCs & Servers Firewalls / data diodes Configuration/patch management Secure Middleware Panels (Energyguard and NAE(S) Protocol monitoring capability for ICS systems via endpoint protection for legacy devices
11 ICS Solution Overview An enterprise grade industrial control system Integrates disparate multi vendor systems into a local, regional and national system Provides a secure enclave for ICS management while ensuring no access to legacy unsecure PLC devices Improved base operations Remote monitoring and control of HVAC, lighting, building access, water, waste water, steam and power systems Consolidated regional energy performance data for analysis and demand response Enhanced critical infrastructure protection Virtual Monitoring System A virtual fence that detects and alerts when intruders enter restricted areas Enhanced monitoring providing real time access to deployed sensors for command & control / assessment Secure wireless network for mobile and fixed sites Solutions validated by Independent Agencies NAVY Utility Management Control System (NUMCS ) Maintain the Pilot Edge based security capabilities while migrating from SSSPN NAVFAC SMARTGRID RFP will provide Advanced Analytics Capabilities 11
12 Shore Operations Center (ShOC) Shore Operations Center Shore Integrator Alarms / Alerts on Emergencies Regional Dispatch Center (RDC) Shore Facilities Engineering Command Alarms / Alerts on Building & Utility Operations Public Works Department (PWD) Quality Assurance on Shore Operations: Contract Execution, Maintenance Support; Event Close-out, etc. Public Works Department, Regional Dispatch Center Trouble Calls and Service Requests from Installation personnel to the Regional Desk Public Works Department 12
13 Facilities and Energy Operations Center (FEOC) Active Facility Management Workflow Trouble Call Reported QA/QC for Ticket Closeout Coordinates with Operator If HVAC related Maximo Ticket Created System Requires Service ICS Alarm on Building System 13
14 Sensor Management and Emergency Dispatch Emergency Management Workflow Emergency Call or Fire Alarm Received in Regional Dispatch Center (RDC) Notify Regional Operation Center (ROC) and Installation Emergency Operations Center (EOC) per CONOPS Dispatch First Responders or Create Remedy Ticket Sensor Management Suite (SMS Team) Virtual Perimeter Monitoring System 14
15 NDW Technology Insertion Sustainment Improvement Example Air Handler Unit #1 Service Area: West Side Floors 1,2,&3 Unit: 12k CFM 7.5 HP Supply 15 HP Return Occupancy Mode Static Pressure Supply Fan Speed Zone Temp Re-Programming Date 24 Dec 2014 Re-tuning via controls programming reduced AHU Run Time by 12 hours on weekdays and 16 hours on weekends Re-tuning Building extends lifecycle of building equipment 15
16 Energy Analysis Example Building Electrical Meter Data Daily Meter Data (kwh) 2,500 Daily Average 1,975 2,000 1,500 1, New Daily Average 1, kwh Average Daily 0 Meter Data (kwh) Average Weekends_Holidays Re-tuning Buildings saves Energy 16
17 Lessons Learned Projects Execution for Cyber and Operations is Easier than continuous monitoring of deployed systems Loss of funding for Public Works funds impacts the ability to repair systems (ROI is predicated on fixing systems) Cyber Security and Continuous Monitoring provides a opportunity for additional continuous monitoring and operations of Facility and Utility Infrastructure NAVFAC FEOC CONOPS development is an move towards active facility management Network and System continuous monitoring helps with system reliability and reduces Operational and Cyber Risk NAVFAC RFP addresses the big data advanced analytics gap and provides additional tools for system operation and energy savings.
18 Present and Future Smart Shore 1.0 Systems consolidated onto the same platform Smart Shore X.0 Advanced applications and operating procedures leveraging integrated system data Wired/ Wireless Infrastucture Network Assets Video Cameras Direct Digital Controls Alarm Systems ELMR Quick Reaction Force Security Sensor Based Enclaving Demand response every 15 minutes based Market Conditions Condition Based Recurring Maintenance Dynamic Equipment/Fire Response Integration Instantaneous Access Restrictions Integrated Systems and CONOPS for the SHORE 18 18
NAVAL DISTRICT WASHINGTON SMARTSHORE CASE STUDY Jeff Johnson NDW CIO (N6)
NAVAL DISTRICT WASHINGTON SMARTSHORE CASE STUDY Jeff Johnson NDW CIO (N6) 1 Creating Cyber Secure Enterprise Control Systems Networks Agenda US Navy, NDW Industrial Controls overview The new cyber threat
More informationFrank Ignazzitto Ultra Electronics, 3eTI
Demystifying Government-Validated Solutions: A Standards Based Approach to Protecting Process Control Networks Standards Certification Education & Training Publishing Conferences & Exhibits Frank Ignazzitto
More informationVulnerabilities in Process Control Networks: What Are We Protecting Against?
Vulnerabilities in Process Control Networks: What Are We Protecting Against? Mark Benedict Ultra Electronics, 3eTI Standards Certification Education & Training Publishing Conferences & Exhibits 2014 ISA
More informationLESSONS LEARNED IN SMART GRID CYBER SECURITY
LESSONS LEARNED IN SMART GRID CYBER SECURITY Lynda McGhie CISSP, CISM, CGEIT Quanta Technology Executive Advisor Smart Grid Cyber Security and Critical Infrastructure Protection lmcghie@quanta-technology.com
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationFuture Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group
Future Challenges and Changes in Industrial Cybersecurity Sid Snitkin VP Cybersecurity Services ARC Advisory Group Srsnitkin@ARCweb.com Agenda Industrial Cybersecurity Today Scope, Assumptions and Strategies
More informationIn the wrong hands it s an open invitation
In the wrong hands it s an open invitation If someone takes over your control system infrastructure it could prove fatal Control systems are indispensable for a number of industrial processes and are lucrative
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationTrends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk
Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk Standards Certification Education & Training Publishing Conferences & Exhibits Steve Liebrecht W/WW Industry
More informationThe Road to Industry 4.0
The Road to Industry 4.0 Secure remote access and active cyber protection for industrial machinery Hamburg, May 22, 2017 Fabian Bahr G+D Group Business Units and Divisions G+D Mobile Security Financial
More informationAn Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)
An Operational Cyber Security Perspective on Emerging Challenges Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL) Johns Hopkins University Applied Physics Lab (JHU/APL) University
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationDoug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017
Cyber Concerns of Local Government and What Does It Mean to Transportation Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017 Transportation and Infrastructure
More informationAir Force Civil Engineer Center. Director s View. Randy Brown Director 4 May Battle Ready Built Right! 1
Air Force Civil Engineer Center Director s View Randy Brown Director 4 May 2017 Battle Ready Built Right! 1 AFCEC Organization Local Partners AFCEC Director AFLOA/JACE Deputy (JBSA-Lackland) Deputy (Tyndall)
More informationEMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS
Information Technology Shared Service Team North Dakota Cyber Security Across North Dakota Threats and Opportunities 15 September 2018 EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS AGENDA SIRN / FirstNet
More informationCyber Security Update. Bennett L. Gaines Senior Vice President, Corporate Services, CIO, FirstEnergy 2012 Summer Seminar August 5-7, 2012
Cyber Security Update Bennett L. Gaines Senior Vice President, Corporate Services, CIO, FirstEnergy 2012 Summer Seminar August 5-7, 2012 Agenda Timeline Regulatory / Compliance Environment Smart Grid Threats
More informationCyber Security of Industrial Control Systems (ICSs)
Cyber Security of Industrial Control Systems (ICSs) February 23, 2016 Joe Weiss PE, CISM, CRISC, ISA Fellow Managing Partner Applied Control Solutions, LLC (408) 253-7934 joe.weiss@realtimeacs.com Applied
More informationIndegy. Industrial Cyber Security. ISA New Orleans Section. Applying the NIST Framework February 6, 2018
Indegy Industrial Cyber Security ISA New Orleans Section Applying the NIST Framework February 6, 2018 Agenda 1. Introductions 2. Indegy Background 3. NIST Background and History with ICS 4. What is the
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationAdaptive & Unified Approach to Risk Management and Compliance via CCF
SESSION ID: SOP-W08 Adaptive & Unified Approach to Risk Management and Compliance via CCF Vishal Kalro Manager, Risk Advisory & Assurance Services (RAAS) Adobe @awish11 Disclaimer All the views presented
More informationEnergy Integration Program Submarine Base New London, CT
Utility Partnerships Helping the Agency Meet Strategic Goals Energy Integration Program Submarine Base New London, CT Craig S. Prather, PE, CEM, PMP, MBA Naval Facilities Engineering Command August 16,
More informationCybersecurity for the Electric Grid
Cybersecurity for the Electric Grid Electric System Regulation, CIP and the Evolution of Transition to a Secure State A presentation for the National Association of Regulatory Utility Commissioners March
More informationCybersmart Buildings: Securing Your Investments in Connectivity and Automation
Cybersmart Buildings: Securing Your Investments in Connectivity and Automation Jason Rosselot, CISSP, Director Product Cyber Security, Johnson Controls AIA Quality Assurance The Building Commissioning
More informationWhy Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG
Why Should You Care About Control System Cybersecurity Tim Conway ICS.SANS.ORG Events Example #1 Dec 23, 2015 Cyber attacks impacting Ukrainian Power Grid Targeted, synchronized, & multi faceted Three
More informationIntroducing the 9202-ETS MTL Tofino industrial Ethernet security appliance
Introducing the 9202-ETS MTL Tofino industrial Ethernet security appliance HAKIM- Sales Engineer 1 Cybersecurity of valuable assets and processes in a wide range of industry verticals, such as: Oil & Gas
More informationNERCPI Regional Cyber Disruption Planning.
NERCPI Regional Cyber Disruption Planning www.newenglandrcpi.org Cyber Disruption Planning Catastrophic cyber planning is an evolving concept True emergencies vs. inconveniences Fully interconnected world
More informationSaving Energy and Reducing Costs Through Better Use of Building Automation Systems
Session: Low/No Cost Solutions Through BAS Saving Energy and Reducing Costs Through Better Use of Building Automation Systems Mark M. Duszynski Johnson Controls Federal Systems August 9, 2016 Rhode Island
More informationIndustry Best Practices for Securing Critical Infrastructure
Industry Best Practices for Securing Critical Infrastructure Cyber Security and Critical Infrastructure AGENDA - Difference between IT and OT - Real World Examples of Cyber Attacks Across the IT/OT Boundary
More informationConverged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products
Converged security Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products Increased risk and wasted resources Gartner estimates more than $1B in
More informationCyber Criminal Methods & Prevention Techniques. By
Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation
More informationCyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations. Arkansas Joint Committee on Energy March 16, 2016
Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations Arkansas Joint Committee on Energy March 16, 2016 CenterPoint Energy, Inc. (NYSE: CNP) Regulated Electric and Natural Gas Utility
More informationLanguage for Control Systems
Cyber Security Procurement e Language for Control Systems Rita Wells Idaho National Laboratory Program Sponsor: National Cyber Security Division Control Systems Security Program Agenda Background Foundation
More informationProactive Approach to Cyber Security
Proactive roach to Cyber Security Jeffrey Neo Sales Director HP Enterprise Security Products Customers struggle to manage the security challenge Today, security is a board-level agenda item 2 Trends driving
More informationSession 5311 Critical Testing Programs for Security Operations
Session 5311 Critical Testing Programs for Security Operations Introduction Neil Lakomiak UL Rodney Thayer Smithee Spelvin Agnew & Plinge, Inc. Coleman Wolf Environmental Systems Design, Inc. Testing Programs
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationCisco Smart Grid. Powering End-to-End Communications. Annette Winston Sr. Mgr., Product Operations Customer Value Chain Management
Cisco Smart Grid Powering End-to-End Communications Annette Winston Sr. Mgr., Product Operations Customer Value Chain Management 21 October 2010 What is the Smart Grid? A digital superstructure which uses
More informationCyber Security Brian Bostwick OSIsoft Market Principal for Cyber Security
Cyber Security Presented by Brian Bostwick OSIsoft Market Principal for Cyber Security Cyber Security Trauma in the News Saudi Aramco Restores Network After Shamoon Malware Attack Hacktivist-launched virus
More informationAdapting Basing and Facilities Ashore to Energy Challenges
Adapting Basing and Facilities Ashore to Energy Challenges RDML David Boone, Director, CNO Shore Readiness Division (Moderator) CAPT Hugh Hemstreet, Commander NAVFAC Washington Jeffrey Johnson, Chief Information
More informationOPERATIONS CENTER. Keep your client s data safe and business going & growing with SOC continuous protection
SECURITY OPERATIONS CENTER Keep your client s data safe and business going & growing with SOC continuous protection Business Need of Security Operations Center SOC Benefits NOC vs SOC UnderDefense Incident
More informationSecuring the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.
Securing the Smart Grid Understanding the BIG Picture The Power Grid The electric power system is the most capital-intensive infrastructure in North America. The system is undergoing tremendous change
More informationEstablishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security
Establishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security Michael John SmartSec 2016, Amsterdam www.encs.eu European Network for Cyber Security The European
More informationMike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS
Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Can You Answer These Questions? 1 What s my company s exposure to the latest industrial cyber threat? Are my plants
More informationCYBERSMART BUILDINGS. Securing Your Investments in Connectivity and Automation
CYBERSMART BUILDINGS Securing Your Investments in Connectivity and Automation JANUARY 2018 WELCOME STEVE BRUKBACHER Application Security Manager Global Product Security Johnson Controls 1 WHY ARE WE HERE
More informationManaged Endpoint Defense
DATA SHEET Managed Endpoint Defense Powered by CB Defense Next-gen endpoint threat detection and response DEPLOY AND HARDEN. Rapidly deploy and optimize endpoint prevention with dedicated security experts
More informationCost Take Out for DoD s Infrastructure Portfolio
24 May 2012 Cost Take Out for DoD s Infrastructure Portfolio Avalanche Cost Take Out Tool for Reduction of Energy Costs Bob St. Thomas IBM Global Business Services 2012 IBM Corporation At Home, Would You
More informationDIMETRA X CORE DATA SHEET DIMETRA X CORE
DIMETRA X CORE FOR GOVERNMENT ORGANISATIONS, PUBLIC SAFETY AGENCIES AND LARGE ENTERPRISES, MOBILE BROADBAND IS ON THE WAY. AND WHILE YOU DON T KNOW WHEN THAT CHANGE IS COMING YOU CAN BE READY FOR IT WITH
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationWho Goes There? Access Control in Water/Wastewater Siemens AG All Rights Reserved. siemens.com/ruggedcom
WEAT Webinar Who Goes There? Access Control in Water/Wastewater Siemens AG 2018. siemens.com/ruggedcom ACCESS CONTROL WEBINAR TABLE OF CONTENTS TOPIC Why Access Control? Risks If Not Used Factors of Authentication
More informationThe Value of Bipartisanship
About Vectis Vectis At Vectis Strategies we understand how to successfully and properly apply leverage in public relations, government stretch from the corridors of power in Washington, DC to international
More informationIT Transformation Through ESPCs
June 27, 2013 IT Transformation Through ESPCs Restricted Siemens AG 2013. All rights reserved. siemens.com/answers Contents Integration of IT with Facilities ESPCs as Related to Data Centers Measurement
More informationClick to edit Master title style. DIY vs. Managed SIEM
DIY vs. Managed SIEM Meet Paul Paul Caiazzo Principal, Chief Security Architect CISSP, CISA, CEH M.S. Information Security and Assurance 15+ years of experience in Information Security Connect with me:
More informationCIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra
CIP-014 JEA Compliance Approach FRCC Fall Compliance Workshop Presenter Daniel Mishra Acronyms & Terminologies DHS Department of Homeland Security JEA It s not an acronym JSO Jacksonville Sheriff's Office
More informationInformation Warfare Industry Day
Information Warfare Industry Day 20180510 RDML Barrett, OPNAV N2N6G TRANSPORT COMMERCIAL INTERNET DISN SCI Coalition Networks ADNS TELEPORT NMCI & ONE-NET JRSS MOC GNOC NCDOC USMC ISNS / CANES / SUBLAN
More informationSRS Overview. Dave Hepner. Looking toward the future of the Savannah River Site
SRS Overview Looking toward the future of the Savannah River Site Dave Hepner Department of Energy-Savannah River Director, Acquisition Operations Division Savannah River Site March 19, 2012 SRS: We know
More informationCA Security Management
CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate
More informationCYBER SECURITY AIR TRANSPORT IT SUMMIT
CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER
More informationAdvanced Two-Way Metering. Looking Forward
Advanced Two-Way Metering Looking Forward June 5 2017 Seeking board guidance today Beginning Detailed Technical Design & Request For Proposal Include Opt-Out & Opt-Up Alternatives Through the RFP Chelan
More informationExpanding Cyber Security Management for Critical Infrastructure
Expanding Cyber Security Management for Critical Infrastructure ISSE Wednesday 15 th November 17, Brussels Dr Andrew Hutchison, Telekom Security andrew.hutchison@t-systems.com OVERVIEW Attack Surface expands
More informationCyber Security Solutions Mitigating risk and enhancing plant reliability
P OW E R G E N E R AT I O N Cyber Security Solutions Mitigating risk and enhancing plant reliability 2 CYBER SECURITY SOLUTIONS MITIGATING RISK AND ENHANCING PLANT RELIABILITY Providing a roadmap to achieve
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.
Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationIndustrial Security - Protecting productivity. Industrial Security in Pharmaanlagen
- Protecting productivity Industrial Security in Pharmaanlagen siemens.com/industrialsecurity Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationRadware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper
Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper Table of Contents Abstract...3 Understanding Online Business
More informationYour single source for a safe, secure, and sustainable airport
Your single source for a safe, secure, and sustainable airport Innovative and comprehensive solutions www.usa.siemens.com/es Answers for infrastructure. Turning challenges into sustainable success Every
More informationProtect Your End-of-Life Windows Server 2003 Operating System
Protect Your End-of-Life Windows Server 2003 Operating System Your guide to mitigating risks in your Windows Server 2003 Systems after the end of support End of Support is Not the End of Business When
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationSafety System Cyber Security A Practical Approach
Safety System Cyber Security A Practical Approach Kelly Mahoney Protection Systems Team Leader ORNL/SNS ORNL is managed by UT-Battelle for the US Department of Energy Acronyms I would rather not know Cyber-physical
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationFederal Data Center Consolidation Initiative (FDCCI) Workshop III: Final Data Center Consolidation Plan
Federal Data Center Consolidation Initiative (FDCCI) Workshop III: Final Data Center Consolidation Plan August 10, 2010 FDCCI Agenda August 10 th, 2010 1. Welcome Katie Lewin GSA Director Cloud Computing
More informationFERC Hydroproject Cyber Security [FERC 3A Section 9 versus CIP v5]
FERC Hydroproject Cyber Security [FERC 3A Section 9 versus CIP v5] Presentation Goals Provide a clear distinction between the intent of FERC cyber security and NERC CIP cyber security Discuss opportunities
More informationDEVELOP YOUR TAILORED CYBERSECURITY ROADMAP
ARINC cybersecurity solutions DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP Getting started is as simple as assessing your baseline THE RIGHT CYBERSECURITY SOLUTIONS FOR YOUR UNIQUE NEEDS Comprehensive threat
More informationNebraska CERT Conference
Nebraska CERT Conference Security Methodology / Incident Response Patrick Hanrion Security Center of Excellence Sr. Security Consultant Agenda Security Methodology Security Enabled Business Framework methodology
More informationControl Systems Cyber Security Awareness
Control Systems Cyber Security Awareness US-CERT Informational Focus Paper July 7, 2005 Produced by: I. Purpose Focus Paper Control Systems Cyber Security Awareness The Department of Homeland Security
More informationBest Practices for Incident Communications: Simplifying the Mass Notification Process for Government
Best Practices for Incident Communications: Simplifying the Mass Notification Process for Government Introduction State and local governments and their supporting agencies encounter emergency situations
More informationBackground FAST FACTS
Background Terra Verde was founded in 2008 by cyber security, risk and compliance executives. The founders believed that the market needed a company that was focused on using security, risk and compliance
More informationProtecting Control Systems from Cyber Attack: A Primer on How to Safeguard Your Utility May 15, 2012
Protecting Control Systems from Cyber Attack: A Primer on How to Safeguard Your Utility May 15, 2012 Paul Kalv Electric Director, Chief Smart Grid Systems Architect, City of Leesburg Doug Westlund CEO,
More informationFFIEC Cyber Security Assessment Tool. Overview and Key Considerations
FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationEXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.
EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT An Insight Cyber White Paper Copyright Insight Cyber 2018. All rights reserved. The Need for Expert Monitoring Digitization and external connectivity
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationWHITE PAPER. Vericlave The Kemuri Water Company Hack
WHITE PAPER Vericlave The Kemuri Water Company Hack INTRODUCTION This case study analyzes the findings of Verizon Security Solutions security assessment of the Kemuri Water Company security breach. The
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationProtecting Buildings Operational Technology (OT) from Evolving Cyber Threats & Vulnerabilities
Cybersecurity Basics For Energy Managers Protecting Buildings Operational Technology (OT) from Evolving Cyber Threats & Vulnerabilities Michael Mylrea Manager, Cybersecurity & Energy Technology Pacific
More informationCyber Resilience Solution for Smart Buildings
Cyber Resilience Solution for Smart Buildings Integrated IT/OT Security Oren Aspir, Cyberbit, CTO 2017 by CYBERBIT 2017 by CYBERBIT Proprietary CYBERBIT Proprietary Buildings getting smarter IT systems
More informationCA Host-Based Intrusion Prevention System r8
PRODUCT BRIEF: CA HOST-BASED INTRUSION PREVENTION SYSTEM CA Host-Based Intrusion Prevention System r8 CA HOST-BASED INTRUSION PREVENTION SYSTEM (CA HIPS) BLENDS A STAND-ALONE FIREWALL WITH INTRUSION DETECTION
More informationRyan KS office thesee
SERVERR and WORKSTATION REMOTE MANAGEMENT SERVICES Ryan Dental Systems Dental Computer Systems Support and Sales 303 2 nd Street, PO Box 194, Inland NE 68954 5506 SW 31stPh: 402-461-5575 Terrace Topeka
More informationCyber Security. June 2015
Cyber Security June 2015 Table of contents Section Pages Introduction and methodology 3 Key findings 4 Respondent profile 5-9 Cyber security practices 10-25 Resources for monitoring cyber security events
More informationIS Today: Managing in a Digital World 9/17/12
IS Today: Managing in a Digital World Chapter 10 Securing Information Systems Worldwide losses due to software piracy in 2005 exceeded $34 billion. Business Software Alliance, 2006 Accessories for war
More informationSCADA Security: How Do I Know If I ve Already Been Owned?
SESSION ID: SOP-W04 SCADA Security: How Do I Know If I ve Already Been Owned? Gib Sorebo Chief Cybersecurity Technologist Leidos @gibsorebo 17-Leidos-0918-1850 Overview Reasons for Concern Cybersecurity
More informationPractical SCADA Cyber Security Lifecycle Steps
Practical SCADA Cyber Security Lifecycle Steps Standards Certification Jim McGlone CMO, Kenexis Education & Training Publishing Conferences & Exhibits Bio Jim McGlone, CMO, Kenexis GICSP ISA Safety & Security
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More information