Build Your Cybersecurity Program in Minutes: Click, Copy, Modify, Implement
|
|
- Brittney Daniels
- 5 years ago
- Views:
Transcription
1 FEMP Cybersecurity Program Review Build Your Cybersecurity Program in Minutes: Click, Copy, Modify, Implement Daryl Haegley GISCP, OCP OASD EI&E / ODASD IE August 15, 2017 Tampa Convention Center Tampa, Florida
2 Resources/Demonstration-Plans/Cybersecurity-Guidelines 2
3 3
4 4
5 Which Best Practice is Right for You? a security patch caused monitoring equipment in a large engineering oven to stop running, resulting in a fire that destroyed spacecraft hardware inside the oven. The computer reboot caused by the software upgrade also impeded alarm activation, leaving the fire undetected for 3.5 hours before it was discovered. 5
6 DHS ICS-CERT Cyber Security Evaluation Tool 8.0
7 Training UNCLASSIFIED Web - Based Training available on the ICS-CERT Virtual Learning Portal Operational Security (OPSEC) for Control Systems (100W) - 1 hour Cybersecurity for Industrial Control Systems (210W) - 15 hours Instructor Led Format - Introductory Level Introduction to Control Systems Cybersecurity (101) - 1 day or 8 hrs Instructor Led Format - Intermediate Level Intermediate Cybersecurity for Industrial Control Systems (201), lecture only - 1 day or 8 hrs Hands-On Format - Intermediate Level Intermediate Cybersecurity for Industrial Control Systems (202), with lab/exercises - 1 day or 8 hrs Hands-On Format - Technical Level ICS Cybersecurity (301) 5 days 7
8 Other Training and Much More!! SANS ICS ICS410: ICS/SCADA Security Essentials ICS515: ICS Active Defense and Incident Response CYBATI ISA (International Society of Automation) ISA Red Tiger Security YouTube (ISA) Wireless Security for Water/Waste Water Networks Joe Weiss' lecture at Stanford 8
9 NDAA 18 Selected DRAFT Proposed Bills DHS: Cyber Vulnerability Disclosure Reporting Act Cyber Training and Talent Management (increased training for cyber protection of critical infrastructure) Pilot Projects to Streamline DoD Authorization of ICS and Nontraditional IT Devices New Collar Jobs Act (re-educate workforce in cyber) Measuring DoD Compliance Cybersecurity Requirements for Securing ICS (SECDEF Scorecard) Kaspersky Lab Product Ban 9
10 Simplified System Model & Mission Heat Map Fuel System Fire and Alarm System Water System HVAC Automatic Metering Lighting Control System LMR Physical Security Threat LOE High Low 1 Low High Mission Impact
11 Sample LoE & Mission Impact Chart 1 Threat LOE High Low Low High Mission Impact
12 Illustrative Scenario: Disruption Fuel System 1. Phishing attack via the Internet 2. Reconnaissance on NIPRNet to identify PLC controller of pump 3. Persistent normal PLC shutdown commands stop fuel delivery Specific Attack: Internet phishing attack targets unpatched system Level of Effort: Script Kiddies to access CS systems Impact: Lack of ability to execute MISSION
13 Illustrative Scenario: Fuel System Dependency Model 13
14 Illustrative Scenario Mitigation: Fuel System 14
15 Cyber Trust Rating What s Yours? Rating # Correlates to Breach Potential Detailed Event and Configuration Information via External Parties 15
16 Which Companies Will You Trust? Analysis of 27,458 companies reveals companies with ratings >400 are 5X more likely to have experienced a publicly disclosed breach 16
17 Discussion UNCLASSIFIED Reinventing the wheel is sometimes the right thing, when the result is the radial tire. Jonathan Gilbert 17
18 Resources UNCLASSIFIED Strategic Environmental Research and Development Program (SERDP) and Environmental Security Technology Certification Program (ESTCP) [info & funding solicitations] Risk Management Framework (RMF) Knowledge Service (KS) -DoD's official site for enterprise RMF policy and implementation guidelines Department of Defense Advanced Control System Tactics, Techniques, and Procedures (TTPs) Revision 1, 2017: UFC CYBERSECURITY OF FACILITY-RELATED CONTROL SYSTEMS Sept UFGS CYBERSECURITY OF FACILITY-RELATED CONTROL SYSTEMS Feb DoD OASD(EI&E) and Federal Facilities Council (FFC), under the National Research Council (NRC) sponsored a 3-day Building Control System Cyber Resilience Forum in Nov '15. DoDI Cybersecurity in the Defense Acquisition System Jan Office of the Assistant Secretary of Defense for Energy, Installations, and Environment Installation Energy (IE) IEC STANDARDS AND ISASECURER CERTIFICATION: APPLICABILITY TO BUILDING CONTROL SYSTEMS each subpage offers a PDF document: Audit of Industrial Control System Security within NASA's Critical and Supporting Infrastructure (IG ) Whole Building Design Guide website cyber references National Initiative for Cybersecurity Careers and Studies - free cyber training Industrial Control Systems Joint Working Group (ICSJWG) DHS Cyber Security Evaluation Tool: DoDI Cybersecurity 14 March DoDI Risk Management Framework 12 March DoDI Cybersecurity Activities Support to DoD Information Network Operations 7 March NIST SP r2 Guide to Industrial Control Systems (ICS) Security May GAO Improvements in DOD Reporting and Cybersecurity Implementation Needed to Enhance Utility Resilience Planning GAO 15-6 DHS and GSA Should Address Cyber Risk to Building and Access Control Systems GAO SU Defense Cybersecurity: DOD Needs to Better Plan for Continuity of Operations in a Degraded Cyber Environment and Increased Oversight (For Official Use Only) Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure 18
Cybersecurity: Hope is Not a Strategy Daryl Haegley GISCP, OCP OASD EI&E / ODASD IE August 15, 2017
Cybersecurity Basics for Energy Managers Cybersecurity: Hope is Not a Strategy Daryl Haegley GISCP, OCP OASD EI&E / ODASD IE August 15, 2017 Tampa Convention Center Tampa, Florida Smart Phones UNCLASSIFIED
More informationProtecting Buildings Operational Technology (OT) from Evolving Cyber Threats & Vulnerabilities
Cybersecurity Basics For Energy Managers Protecting Buildings Operational Technology (OT) from Evolving Cyber Threats & Vulnerabilities Michael Mylrea Manager, Cybersecurity & Energy Technology Pacific
More informationPanelists. Moderator: Dr. John H. Saunders, MITRE Corporation
SCADA/IOT Panel This panel will focus on innovative & emerging solutions and remaining challenges in the cybersecurity of industrial control systems ICS/SCADA. Representatives from government and infrastructure
More informationEnergy Control Systems Cybersecurity Considerations
Track 4 Session 5 Energy Control Systems Cybersecurity Considerations Daryl Haegley Office of the Assistant Secretary of Defense (Energy, Installations, & Environment) August 10 2016 Rhode Island Convention
More informationDoD Terminology Decision In Progress: PIT, CS, PIT-CS, ICS,OT, SCADA, CPS, IoT, IIoT
DoD Terminology Decision In Progress: PIT, CS, PIT-CS, ICS,OT, SCADA, CPS, IoT, IIoT PIT = Platform Information Technology CS = Control Systems PIT-CS = PIT Control Systems ICS = Industrial Control Systems
More informationLooking Forward: USACE MILCON Cybersecurity Integration
Energy Exchange 2017 - Track 4 - Cyber and Control System Technologies, Session 2 - Understanding and implementing the RMF Process Looking Forward: USACE MILCON Cybersecurity Integration Mr. Daniel Shepard
More informationRocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency
Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency Mr. Ed Brindley Acting Deputy Cyber Security Department of Defense 7 March 2018 SUPPORT THE WARFIGHTER 2 Overview Secretary Mattis Priorities
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationAn Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)
An Operational Cyber Security Perspective on Emerging Challenges Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL) Johns Hopkins University Applied Physics Lab (JHU/APL) University
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationIMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION
IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION Briefing for OFPP Working Group 19 Feb 2015 Emile Monette GSA Office of Governmentwide Policy emile.monette@gsa.gov Cybersecurity Threats are
More informationMeasuring and Evaluating Cyber Risk in ICS Components, Products and Systems
Measuring and Evaluating Cyber Risk in ICS Components, Products and Systems Copyright 2018 UL LLC. All rights reserved. No portion of this material may be reprinted in any form without the express written
More informationYour Control Systems Have Been Hacked, Now What?
AABC Commissioning Group AIA Provider Number 50111116 Your Control Systems Have Been Hacked, Now What? Course Number: CXENERGY1717 Michael Chipley, Ph.D., GICSP, PMP, LEED AP The PMC Group LLC Eric Nickel,
More informationAir Force Civil Engineer Center. Director s View. Randy Brown Director 4 May Battle Ready Built Right! 1
Air Force Civil Engineer Center Director s View Randy Brown Director 4 May 2017 Battle Ready Built Right! 1 AFCEC Organization Local Partners AFCEC Director AFLOA/JACE Deputy (JBSA-Lackland) Deputy (Tyndall)
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense : February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 7: Operational Systems Development
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationDoD Environmental Security Technology Certification Program (ESTCP) Tim Tetreault DoD August 15, 2017
DoD Energy Testbed DoD Environmental Security Technology Certification Program (ESTCP) Tim Tetreault DoD August 15, 2017 Tampa Convention Center Tampa, Florida About ESTCP Established in 1995 to: Improve
More informationCritical Infrastructure Sectors and DHS ICS CERT Overview
Critical Infrastructure Sectors and DHS ICS CERT Overview Presented by Darryl E. Peek II REGIONAL INTELLIGENCE SEMINAR AND NATIONAL SECURITY FORUM 2 2 Authorities and Related Legislation Homeland Security
More informationUnited States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cybersecurity and the Marine Transportation System.
United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cybersecurity and the Marine Transportation System Overview Coast Guard Cyber Strategy Cyber Framework (CSF) What does it mean
More informationWelcome to the Second Annual Intelligence & National Security Forum
Welcome to the Second Annual Intelligence & National Security Forum Today s Agenda 0800 0900 Registration and Light Breakfast 0900 0910 Opening Remarks Mr. Paul J. Geraci, Senior Director Intelligence
More informationDoD Advanced Control Systems Tactics, Techniques and Procedures
DoD Advanced Control Systems Tactics, Techniques and Procedures Michael Chipley, PhD GICSP PMP LEED AP President Daryl Haegley, OCP CCO DRH Consulting September 14, 2016 1 In the Beginning.2010 Smart Installations
More informationSoftware & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management
Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management Joe Jarzombek, PMP, CSSLP Director for Software & Supply
More informationCyber Security What Do I Need to Do Now?
Cyber Security What Do I Need to Do Now? PA AWWA 2016 Annual Conference Thursday, May 12, 2016 2:45 3:15 PM Presented by Dick McDonnell Authored by Jeff M. Miller, PE, ENV SP WARNING! Schneider Electric
More informationICS Breach, what to do after oh no, frameworks and issues of IM/IT. Dr. Samuel Liles
ICS Breach, what to do after oh no, frameworks and issues of IM/IT Dr. Samuel Liles http://selil.com Agenda Through the lens of risk Cybery thoughts From ICS to IoT Threats Vulnerabilities Frameworks Just
More informationCybersecurity (CS) (as a Risk Based Approach) & Supply Chain Risk Management (SCRM) (Levels of Assurance for HwA, SwA & Assured Services?
Cybersecurity (CS) (as a Risk Based Approach) & Supply Chain Risk Management (SCRM) (Levels of Assurance for HwA, SwA & Assured Services?) Don Davidson Deputy Director, CS Implementation and CS/Acquisition
More informationICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team
ICS-CERT Year in Review Industrial Control Systems Cyber Emergency Response Team 2012 What s Inside Welcome 1 Organization 3 Outreach 4 Industrial Control Systems Joint Working Group 5 Advanced Analytical
More informationDFARS Defense Industrial Base Compliance Information
DFARS 252.204-7012 Defense Industrial Base Compliance Information Protecting Controlled Unclassified Information (CUI) Executive Order 13556 "Controlled Unclassified Information, November 2010 Established
More informationSmart Grid Standards and Certification
Smart Grid Standards and Certification June 27, 2012 Annabelle Lee Technical Executive Cyber Security alee@epri.com Current Environment 2 Current Grid Environment Legacy SCADA systems Limited cyber security
More informationUnderstanding Holistic Effects of Cyber Events on Critical Infrastructure
Understanding Holistic Effects of Cyber Events on Critical Infrastructure Shane Cherry Infrastructure Analysis and Technology Development National and Homeland Security Directorate March 20, 2018 INL/CON-17-42513
More informationAdvanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin
Advanced Technology Academic Research Council Federal CISO Summit Ms. Thérèse Firmin Acting Deputy DoD CIO Cyber Security Department of Defense 25 January 2018 2 Overview Secretary Mattis Priorities Cybersecurity
More informationEnterprise Risk Management (ERM) and Cybersecurity. Na9onal Science Founda9on March 14, 2018
Enterprise Risk Management (ERM) and Cybersecurity Na9onal Science Founda9on March 14, 2018 Agenda Guiding Principles for Implementing ERM at NSF (Based on COSO) NSF s ERM Framework ERM Cybersecurity Risk
More informationVulnerability Disclosure
Vulnerability Disclosure Rita Wells National SCADA Test Bed DoE-OE September 09, 2008 Department of Energy-Office of Electricity Delivery and Energy Reliability: National SCADA Test Bed Program Mission
More informationNW NATURAL CYBER SECURITY 2016.JUNE.16
NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING
More informationCyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation
Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation COL Michael R. Corpening Deputy Chief, Operations Division (CCJ6-O) 1 December 2014 The overall classification of this brief is UNCLASSIFIED
More informationCybersecurity & Privacy Enhancements
Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their
More informationIndustrial Control Systems November 18, 2015
Industrial Control Systems November 18, 2015 ABOUT SANS - TRAINING SANS provides intensive, hands-on, immersion training Highest quality 70+ courses covering basic security skills to cutting edge topics
More informationCOMPASS FOR THE COMPLIANCE WORLD. Asia Pacific ICS Security Summit 3 December 2013
COMPASS FOR THE COMPLIANCE WORLD Asia Pacific ICS Security Summit 3 December 2013 THE JOURNEY Why are you going - Mission Where are you going - Goals How will you get there Reg. Stnd. Process How will
More informationThe Water Sector Approach to Cybersecurity
The Water Sector Approach to Cybersecurity Standards Certification Education & Training Publishing Conferences & Exhibits Kevin M. Morley, PhD American Water Works Association 2016 ISA Water / Wastewater
More informationISA 201 Intermediate Information Systems Acquisition
ISA 201 Intermediate Information Systems Acquisition 1 Lesson 8 (Part A) 2 Learning Objectives Today we will learn to: Overall: Apply cybersecurity analysis throughout acquisition lifecycle phases. Analyze
More informationNAVAL DISTRICT WASHINGTON SMARTSHORE CASE STUDY Jeff Johnson NDW CIO (N6)
NAVAL DISTRICT WASHINGTON SMARTSHORE CASE STUDY Jeff Johnson NDW CIO (N6) 1 Creating Cyber Secure Enterprise Control Systems Networks Agenda US Navy, NDW Industrial Controls overview The new cyber threat
More informationStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening
More informationSafety System Cyber Security A Practical Approach
Safety System Cyber Security A Practical Approach Kelly Mahoney Protection Systems Team Leader ORNL/SNS ORNL is managed by UT-Battelle for the US Department of Energy Acronyms I would rather not know Cyber-physical
More informationAwareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology
Awareness as a Cyber Security Vulnerability Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology Background TSA Cyber Security Awareness and Outreach (CSAO)
More informationICS-CERT Year in Review
ICS-CERT Year in Review Industrial Control Systems Cyber Emergency Response Team 2014 National Cybersecurity and Communications Integration Center What s Inside Welcome 1 ICS-CERT Introduction 2 ICS-CERT
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationISA99 - Industrial Automation and Controls Systems Security
ISA99 - Industrial Automation and Controls Systems Security Committee Summary and Activity Update Standards Certification Education & Training Publishing Conferences & Exhibits September 2016 Copyright
More informationplaybook OpShield for NERC CIP 5 sales PlAy
playbook OpShield for NERC CIP 5 sales PlAy OpShield for NERC CIP 5 The Problem U.S. bulk power entities are federally mandated to comply with NERC CIP requirements that dictate industrial security and
More informationIncident response to a breach: Right of boom you find ashes
Incident response to a breach: Right of boom you find ashes Dr. Samuel Liles http://selil.com Opinions, or other information expressed are presenters and do not reflect current, former, future, or unaffiliated
More informationCyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber
CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber Initiatives 30 January 2018 1 Agenda Federal Landscape Cybersecurity
More informationIntroduction to ICS Security
Introduction to ICS Security Design. Build. Protect. Presented by Jack D. Oden, June 1, 2018 ISSA Mid-Atlantic Information Security Conference, Rockville, MD Copyright 2018 Parsons Federal 2018 Critical
More informationManaging Supply Chain Risks for SCADA Systems
Managing Supply Chain Risks for SCADA Systems Nadya Bartol, Vice President of Industry Affairs and Cybersecurity Strategist, UTC Nadya.bartol@utc.org 2014 Utilities Telecom Council Agenda Problem Definition
More informationUpdates to the NIST Cybersecurity Framework
Updates to the NIST Cybersecurity Framework NIST Cybersecurity Framework Overview and Other Documentation October 2016 Agenda: Overview of NIST Cybersecurity Framework Updates to the NIST Cybersecurity
More informationCyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security
CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships About SANS The SANS (SysAdmin, Audit, Network, Security) Institute Established in 1989 Cooperative research
More informationFederal Mobility: A Year in Review
Federal Mobility: A Year in Review Link: https://www.dhs.gov/csd-mobile Link: https://www.dhs.gov/publication/csd-mobile-device-security-study Vincent Sritapan Cyber Security Division Science and Technology
More informationPIPELINE SECURITY An Overview of TSA Programs
PIPELINE SECURITY An Overview of TSA Programs Jack Fox Pipeline Industry Engagement Manager Surface Division Office of Security Policy & Industry Engagement May 5, 2014 TSA and Pipeline Security As the
More informationPresidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure EXECUTIVE ORDER [13800] - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationMaintaining Efficiency using Your Building Controls and Automation
Session: Building Controls and Automation Maintaining Efficiency using Your Building Controls and Automation Carl E. Lundstrom, PE, CCP Dewberry Design Builders Inc. August 10, 2016 Rhode Island Convention
More informationU.S. FLEET CYBER COMMAND U.S. TENTH FLEET Managing Cybersecurity Risk
U.S. FLEET CYBER COMMAND U.S. TENTH FLEET Managing Cybersecurity Risk Neal Miller, Navy Authorizing Official December 13, 2016 UNCLASSIFIED 1 Some Inconvenient Truths The bad guys and gals still only work
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Risk Monitoring Risk Monitoring assesses the effectiveness of the risk decisions that are made by the Enterprise.
More informationCyber Attacks & Breaches It s not if, it s When
` Cyber Attacks & Breaches It s not if, it s When IMRI Team Aliso Viejo, CA Trusted Leader with Solution Oriented Results Since 1992 Data Center/Cloud Computing/Consolidation/Operations 15 facilities,
More informationRisk Assessments, Continuous Monitoring & Intrusion Detection, Incident Response
Risk Assessments, Continuous Monitoring & Intrusion Detection, Incident Response Michael Chipley, PhD PMP LEED AP President January 6, 2014 mchipley@pmcgroup.biz 1 Risk Assessments Multiple Standards and
More informationCybersecurity Challenges
Cybersecurity Challenges Protecting DoD s Information NAVSEA Small Business Industry Day August 8, 2017 1 Outline Protecting DoD s Information DFARS Clause 252.204-7012 Contractor and Subcontractor Requirements
More informationSecuring Buildings & Facilities From Emerging Cyber Threats
Session 5: [Session Title] Securing Buildings & Facilities From Emerging Cyber Threats Michael Mylrea Manager, Cybersecurity & Energy Technology Pacific Northwest National Lab August 10, 2016 Rhode Island
More informationAppendix 2B. Supply Chain Risk Management Plan
Granite Telecommunications, LLC. 100 Newport Ave. Ext. Quincy, MA 02171 Appendix 2B Supply Chain Risk Management Plan This proposal or quotation includes data that shall not be disclosed outside the Government
More informationCISO as Change Agent: Getting to Yes
SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch
More informationDFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com
DFARS Compliance SLAIT Consulting SECURITY SERVICES Mike D Arezzo Director of Security Services Introduction 18+ year career in Information Technology and Security General Electric (GE) as Software Governance
More informationThink Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe
Think Oslo 2018 Where Technology Meets Humanity Oslo Felicity March Cyber Resilience - Europe Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity
More informationCybersecurity in Acquisition
Kristen J. Baldwin Acting Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)) Federal Cybersecurity Summit September 15, 2016 Sep 15, 2016 Page-1 Acquisition program activities must
More informationNavigate IT Security with a Framework as Your Guide
Navigate IT Security with a Framework as Your Guide October 7 th, 2016 Background George Lazarou 16 years security experience in various roles both technical and non-technical AT&T Labs Research, Army,
More informationAn Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist
An Overview of ISA-99 & Cyber Security for the Water or Wastewater Specialist Standards Certification Education & Training Publishing Conferences & Exhibits Speakers: Bryan L. Singer, CISM, CISSP, CAP
More informationFederal Civilian Executive branch State, Local, Tribal, Territorial government (SLTT) Private Sector (PS) Unclassified / Business Networks
Brownsville Public Utilities Board Cyber Security Initiative A result of the BPUB IT Strategic Plan implemented a Cyber Security Framework (CSF) that utilizes : Security standards Tools and Best practices
More informationYou knew the job was dangerous when you took it! Defending against CS malware
You knew the job was dangerous when you took it! Defending against CS malware Presented By: Doug Cavit Microsoft Where PI geeks meet 9/23/2010 NERC HILF 6/10 Adequately addressing vulnerabilities will
More informationCYBERSECURITY FEDERAL UPDATE. NCSL Cybersecurity Task Force
CYBERSECURITY FEDERAL UPDATE NCSL Cybersecurity Task Force FY 2018 BUDGET BLUEPRINT President s Management Agenda Identifies cybersecurity as a critical area to improving the federal government Department
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationAddressing Cybersecurity in Infusion Devices
Addressing Cybersecurity in Infusion Devices Authored by GEORGE W. GRAY Chief Technology Officer / Vice President of Research & Development Ivenix, Inc. INTRODUCTION Cybersecurity has become an increasing
More informationDHS Cybersecurity Services and Resources
DHS Cybersecurity Services and Resources September 18 th, 2018 Harley D. Rinerson Chief of Operations Central U.S. Cyber Advisor Program Cybersecurity Advisor Program Department of Agenda Cyber Advisor
More informationBird of a Feather Automated Responses
Bird of a Feather Automated Responses Energy-Sec Summit 2017 13 Th Security and Compliance www.inl.gov August 2017 INL s Position Nationally A network of 17 DOE national labs DOE s lead lab for nuclear
More informationDEFENSE LOGISTICS AGENCY
DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY Cyber Resilience Integration Mr. Linus Baker DLA Information Operations Director, Cybersecurity 1 Mission Assurance/Cybersecurity Concern
More informationGreg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security
1 Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security 2 Government Services 3 Business Education Social CYBERSPACE
More informationBILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers
This document is scheduled to be published in the Federal Register on 07/28/2016 and available online at http://federalregister.gov/a/2016-17854, and on FDsys.gov BILLING CODE 6717-01-P DEPARTMENT OF ENERGY
More informationFFIEC Cyber Security Assessment Tool. Overview and Key Considerations
FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain
More informationOverview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive
More informationEffective Practices for the Protection of Transportation Infrastructure from Cyber Incidents. Transportation Research Board Webinar November 17, 2015
Effective Practices for the Protection of Transportation Infrastructure from Cyber Incidents Transportation Research Board Webinar November 17, 2015 Webinar Presenters David Fletcher Western Mgmt and Consulting,
More informationCyber Security Maturity Model
Cyber Security Maturity Model Robert Lentz Former DoD CISO / Deputy Assistant Secretary Cyber Facts Facts About About Intrusions Intrusions 2 Verizon 2010 Data Breach Investigation Report WHO IS BEHIND
More informationIndustrial Defender ASM. for Automation Systems Management
Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping
More information2017 SAME Small Business Conference
2017 SAME Small Business Conference Welcome to Cybersecurity Initiatives and Speakers: Requirements: Protecting DOD s Unclassified Information Vicki Michetti, Director, Defense Industrial Base Cybersecurity
More informationRethinking Cybersecurity from the Inside Out
Rethinking Cybersecurity from the Inside Out An Engineering and Life Cycle-Based Approach for Building Trustworthy Resilient Systems Dr. Ron Ross Computer Security Division Information Technology Laboratory
More informationJune 5, 2018 Independence, Ohio
June 5, 2018 Independence, Ohio The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Securing the Nation at the Community Level 2018 Cuyahoga
More informationCYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA
CYBER SECURITY BRIEF Presented By: Curt Parkinson DCMA September 20, 2017 Agenda 2 DFARS 239.71 Updates Cybersecurity Contracting DFARS Clause 252.204-7001 DFARS Clause 252.239-7012 DFARS Clause 252.239-7010
More informationAddressing Challenges in Federal Facilities from Cyber Risk to Operational Performance
Addressing Challenges in Federal Facilities from Cyber Risk to Operational Performance Presented by Ryan M. Colker, J.D. Director, Consultative Council/Presidential Advisor National Institute of Building
More informationNew Guidance on Privacy Controls for the Federal Government
New Guidance on Privacy Controls for the Federal Government IAPP Global Privacy Summit 2012 March 9, 2012 Dr. Ron Ross Computer Security Division, NIST Martha Landesberg, J.D., CIPP/US The Privacy Office,
More informationHPH SCC CYBERSECURITY WORKING GROUP
HPH SCC A PRIMER 1 What Is It? The cross sector coordinating body representing one of 16 critical infrastructure sectors identified in Presidential Executive Order (PPD 21) A trust community partnership
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationSecuring Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection
Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection Azure Active Directory 3 rd Party IaaS IaaS Rights Management Services
More informationTEL2813/IS2621 Security Management
TEL2813/IS2621 Security Management James Joshi Associate Professor Lecture 4 + Feb 12, 2014 NIST Risk Management Risk management concept Goal to establish a relationship between aggregated risks from information
More informationDavid Missouri VP- Governance ISACA
David Missouri VP- Governance ISACA Present-Senior Agency Information Security Officer (SAISO) @GA DJJ 2012-2016 Information System Security Officer (ISSO) @ US DOL WHD 2011-2012 Network Administrator
More informationTHE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :
THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY 18 2017: INFORMATION SYSTEM AUDIT AND SECURITY MANAGEMENT ( 2 DAYS) MAY 15 AND 16 o INFORMATION
More information