Critical Energy Infrastructure Protection. LLNL CEIP Approach
|
|
- Mervin Griffith
- 6 years ago
- Views:
Transcription
1 Critical Energy Infrastructure Protection LLNL CEIP Approach LLNL-PRES This work was performed under the auspices of the U.S. Department of Energy by under Contract DE-AC52-07NA Lawrence Livermore National Security, LLC
2 LLNL CEIP Background The LLNL CEIP team was created to support the Global Critical Energy Infrastructure Protection Program led by the U.S. Department of State and Department of Energy. Assist energy producing countries in securing energy facilities and infrastructure Team members have several decades of experience assessing and enhancing security at facilities of U.S. National Security interest, in high threat environments Electrical Gas Oil Chemical Nuclear Team disciplines include engineering, physical protection, cyber, safety and training personnel 2
3 LLNL CEIP Approach LLNL uses a performance based approach to assess security effectiveness. The LLNL approach is based on creation of a Design Basis Threat and assessing facility security against the defined threats using realistic scenarios. It is also based on a systematic graded approach. Identification of critical facilities and understanding cascading effects of attacks is key in defining consequences, as is deployment of protection strategies that integrate human and technology elements to mitigate risk. How critical infrastructure protection is viewed and managed, must now evolve to meet evolving threats. Systems approach Technologies and methods to enhance deterrence, detection, assessment, delay, ballistic protection and response Protection strategies Insider protection program Security culture 3
4 Fundamental Principles (1/7) Protection Planning Security Plan Protection Strategies Operational Protocols Response Plan LLEA Coordination/Liaison Suspicious Activity Reporting Testing & Maintenance Plan 4
5 Fundamental Principles (2/7) Balanced Protection The three primary PPS functions must work in synergy to be effective in preventing malicious acts Provide timely detection Provide adequate delay Provide effective response Each function must occur prior to the adversary s task completion 5
6 Fundamental Principles (3/7) Graded Approach Apply security resources in a proportional manner based on the impact of loss or destruction Tier 1 Tier 2 Tier 3 Tier 4 6
7 Fundamental Principles (4/7) Defense-in-Depth Adversary must defeat or avoid numerous varied types of overlapping protective devices to achieve objective Redundant equipment Complimentary sensors Complimentary barriers Guards and Local Law Enforcement 7
8 Fundamental Principles (5/7) System Integration All physical protection system elements must work together in a timely fashion in order to interrupt adversary Guards and/or Local law enforcement 8
9 Fundamental Principles (6/7) Insider Protection Access, Authority, Knowledge Time, Tools, Test, Colluding Group by various operational factors Understand sensitive operations Separation of duties Two person validation Security culture Don t assume, Not in my organization 9
10 Fundamental Principles (7/7) Human Element Selection Training Knowledge Procedures Trustworthiness Situational awareness 10
11 Performance Based Analysis 1) Develop Adversary Capabilities List and Design Basis Threat, 2) Characterize Facility, 3) Identify Targets, 4) Develop Attack Scenarios, 5) Validate Attack Scenarios, 6) Identify Mitigation Measures, 7) Validate Measures, 8) Model Attack with Mitigation Measures, 9) Develop Upgrade Cost Benefit Analysis 11
12 Adversary Capabilities List Separate description of each Adversary Group Type 1) General Characteristics 2) Adversary Size Definitions 3) Objectives 4) Tactical Competency 5) Operational Techniques 6) Knowledge Level 7) Equipment 8) Weaponry The Adversary Capabilities List is a sensitive document and not releasable to public 12
13 Example Low Threat Vandal Overt No Sensor Knowledge No Target Knowledge 1 Person Small arms Objective Malicious Damage Material theft 13
14 Example Medium Threat Overt / Covert Standoff attack strategy or site penetration to conduct sabotage Some sensor, target, communications, and control system knowledge Assault rifles Limited night vision capability Limited knowledge of LLEA response tactics 1-4 Attackers Violent Radicals, Saboteurs, Extremists Willing to endanger personnel but not typically prepared to kill Use of flammable liquids or Molotov cocktails Multiple man portable HME charges (10 lbs TNT equivalent) Basic surveillance skills and passive insider information LLEA Diversion Single facility attacks Motivation Facility shutdown or catastrophic damage Rudimentary small unit tactics, command and control capabilities 14
15 Example High Threat 1 VBIED Up to 1K lbs HE Multiple man portable HE charges (50 lbs TNT equivalent) Detailed sensor and target knowledge Multiple moderately skilled assault teams, coordinated Communication jamming Cyber attacks on control systems LLEA Diversion 2-5 Attackers Terrorists Prepared to kill Motivation System and /or regional grid shutdown 15
16 Example Generic Design Basis Threat Low Vandal Medium Violent Radicals, Saboteurs, Extremists High Terrorists Overt No Sensor Knowledge No Target Knowledge 1 Person Small arms Objective Malicious Damage Material Theft Overt / Covert Standoff attack strategy or site penetration to conduct sabotage Some sensor, target, communications, and control system knowledge Assault rifles Limited night vision capability Limited knowledge of LLEA response tactics 1-4 Attackers Willing to endanger personnel but not typically prepared to kill Use of flammable liquids or Molotov cocktails Multiple man portable HME charges (10 lbs TNT equivalent) Basic surveillance skills and passive insider information LLEA Diversion Single facility attacks Motivation Facility shutdown or catastrophic damage Rudimentary small unit tactics, command and control capabilities 1 VBIED Up to 1K lbs HE Multiple man portable HE charges (50 lbs TNT equivalent) Detailed sensor and target knowledge Multiple moderately skilled assault teams, coordinated Communication jamming Cyber attacks on control systems LLEA Diversion 2-5 Attackers Prepared to kill Motivation System and /or regional grid shutdown Exponentially increasing security costs 16
17 Facility / Target Characterization Facility tours Architectural diagrams Management/worker interviews Maintenance and operating procedures Safety analysis reports Previous assessments/audits Prioritize targets based on consequence, most difficult, costly, and time-intensive to replace and adversary s objective and tactical capabilities Consider insider knowledge 17
18 Scenario / Path Analysis (1/2) Define attack scenarios and task times Scenarios should address major security components Design scenarios that are uniquely different at each threat level, so it is clear which adversary techniques pose the greatest threat to the facility Consider adversaries using a combination of tactics including force, stealth, and deceit, as well as cyber. Pathways may include fences, personnel and vehicle portals, doors, walls, roofs, etc. 18
19 Scenario / Path Analysis (2/2) Validate that scenarios/pathways are plausible (with utility SMEs Validate timelines for tasks (LLNL data bases or SMEs) 19
20 Identify Mitigation Measures Deterrence Detection & Assessment Early detection Known detection Command and control system Delay Barriers Ballistic protection Response Guards Local law enforcement Operations Procedures Tactics 20
21 Validate Measures Model attacks again with measures in place Validate that results of scenarios/pathways are credible (with utility SMEs) Validate that values (detection or delay) for measures are credible (LLNL data bases or SMEs) 21
22 Refine Upgrades and Costs Upgrades Technologies, People, Operational Procedures Costs Define initial costs Define lifecycle costs Operational considerations 22
23 Develop Upgrade Packages Determine the base case risk value for each level of threat, using a realistic and plausible worst-case stand-off scenario & worst-case site penetration scenario, for each level of threat. Determine the most efficient and cost-effective set of upgrades (e.g., technologies, people, operational procedures) that would be expected to lower the risk to an acceptable level This may serve as the desired end state if resources permit. Determine sub-sets of these upgrade packages which can serve as practical milestones, while in the process of completing the full set of upgrades. 23
24 Example Upgrade Cost Benefit Analysis 24
25 LLNL CEIP Tools PP Software Data Bases Delay, Penetration Values Sensor Detection Probability Values Software Modeling Tools Pathway analysis algorithms 25
26 Physical-Cyber Security Nexus Physical and cyber protection are often organized as two completely separate areas. In reality, the two must work in synergy. Defense against cyber attack is achievable only if networks are secured and managed through physical means and securely managed through physical and operational controls. Comprehensive security requires continual assessment of all potential adversarial pathways 26
27 Overall Risk Management Physical and cyber security are both inputs to overall risk management Modeling overall risk utilizing comprehensive risk modeling software enables the organization to identify various sources of risk, "quantify" overall risk, and quantify losses, including: financial losses business operations losses Capital property losses Requires incorporation of the organizations valuation of services and operations Modeling allows measurement of incremental losses/consequences Approach of "buying down risk : creates cost efficiencies unattainable absent this modeling approach in regards to best physical-cyber security control measures extends naturally to include both the physical and cyber domains when evaluating human borne risk and supports integrated training and assessment sessions 27
28 Points of Contact Contact: Michael O Brien, , obrien10@llnl.gov or Byron Gardner, gardner45@llnl.gov for further information about LLNL CEIP Support 28
29 Conclusion Questions? 29
How AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationSAND No C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department
SAND No. 2012-1606C S 0 606C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy s National Nuclear Security Administration
More informationWorkshop on Threat Assessment and Design Basis Threat (DBT) Session 6 Developing and Maintaining a DBT
Workshop on Threat Assessment and Design Basis Threat (DBT) Session 6 Developing and Maintaining a DBT Based on Chapter 6 of the IAEA Nuclear Security Series No.10 Implementing Guide Developing a DBT Learning
More informationChemical Facility Anti-Terrorism Standards. T. Ted Cromwell Sr. Director, Security and
Chemical Facility Anti-Terrorism Standards T. Ted Cromwell Sr. Director, Security and NJ ELG Operations Meeting Today s Presentation ACC Action Major Rule Components Select Risk-Based Performance Standards
More informationSM05: Risk Analysis: A Comparison in Quantifying Asset Values, Threats, Vulnerabilities and Risk. Doug Haines Haines Security Solutions 9 April 2013
SM05: Risk Analysis: A Comparison in Quantifying Asset Values, Threats, Vulnerabilities and Risk Doug Haines Haines Security Solutions 9 April 2013 The Broad Picture Learning Objectives Know the differences
More informationPresented by Joe Burns Kentucky Rural Water Association July 19, 2005
Infrastructure Security for Public Water and Wastewater Utilities Presented by Joe Burns Kentucky Rural Water Association July 19, 2005 Public Health Security and Bioterrorism Preparedness and Response
More informationNuclear Power Plant Security
Nuclear Power Plant Security Plant Security s Primary Mission Nuclear Plant Safety and Security All plants have comprehensive measures for safety and security Comprehensive emergency and security plans
More informationPhysical Security. Introduction. Brian LeBlanc
Physical Security Introduction 1 Physical Security Provides for the protection of property, personnel, facilities, and material against unauthorized entry, trespass, damage, sabotage, theft, or other criminal
More informationSecuring Data Centers: The Human Element
Securing Data Centers: The Human Element Michael Rozin Zvi Kremer April 12, 2018 Perpetrators, Threat Actors Security Personnel Targets, Enablers Securing Data Centers: The Threat Verizon London, Dec 6,
More informationSummary of Cyber Security Issues in the Electric Power Sector
Summary of Cyber Security Issues in the Electric Power Sector Jeff Dagle, PE Chief Electrical Engineer Energy Technology Development Group Pacific Northwest National Laboratory (509) 375-3629 jeff.dagle@pnl.gov
More informationINFCIRC/225/Rev 5 Implementation at a Facility Level: Common Issues and Best Practices. Oleg Bukharin U.S. Nuclear Regulatory Commission
INFCIRC/225/Rev 5 Implementation at a Facility Level: Common Issues and Best Practices Oleg Bukharin U.S. Nuclear Regulatory Commission Why INFCIRC/225 facility-level evaluations? INFCIRC/225 is a recommendations
More informationDepartment of Homeland Security
Department of Homeland Security Science & Technology Directorate Emergency Preparedness & Response Christopher Doyle Deputy Program Director A Roadmap for Integrated Modeling & Simulation for Emergency
More informationCYBER ASSISTANCE TEAM OVERVIEW BRIEFING
CYBER ASSISTANCE TEAM OVERVIEW BRIEFING By Mr. Derek Fleischmann Cyber Assistance Team Missile Defense Agency May 16, 2018 Agenda Introduction MDA CAT Operations MDA CAT Deployment Expectations Administrative
More informationPALANTIR CYBERMESH INTRODUCTION
100 Hamilton Avenue Palo Alto, California 94301 PALANTIR CYBERMESH INTRODUCTION Cyber attacks expose organizations to significant security, regulatory, and reputational risks, including the potential for
More informationElectronic Security Systems Process Overview
US Army Corps Infrastructure Systems Conference Electronic Security Systems Process Overview Electronic Security Center 4 August 2005 Outline About the Electronic Security Center Physical Security System
More informationScience & Technology Directorate: R&D Overview
Science & Technology Directorate: R&D Overview August 6 th, 2012 UNCLASSIFIED//FOUO DHS S&T Mission Strengthen America s security and resiliency by providing knowledge products and innovative technology
More informationCOUNTERING IMPROVISED EXPLOSIVE DEVICES
COUNTERING IMPROVISED EXPLOSIVE DEVICES FEBRUARY 26, 2013 COUNTERING IMPROVISED EXPLOSIVE DEVICES Strengthening U.S. Policy Improvised explosive devices (IEDs) remain one of the most accessible weapons
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationNew Guidance on Privacy Controls for the Federal Government
New Guidance on Privacy Controls for the Federal Government IAPP Global Privacy Summit 2012 March 9, 2012 Dr. Ron Ross Computer Security Division, NIST Martha Landesberg, J.D., CIPP/US The Privacy Office,
More informationVulnerability of U.S. Chemical Facilities to Terrorist Attack
PDHonline Course K106 (2 PDH) Vulnerability of U.S. Chemical Facilities to Terrorist Attack Instructor: Robert B. Coulter, PE 2012 PDH Online PDH Center 5272 Meadow Estates Drive Fairfax, VA 22030-6658
More informationCIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra
CIP-014 JEA Compliance Approach FRCC Fall Compliance Workshop Presenter Daniel Mishra Acronyms & Terminologies DHS Department of Homeland Security JEA It s not an acronym JSO Jacksonville Sheriff's Office
More informationPREVENTIVE AND PROTECTIVE MEASURES AGAINST INSIDER THREATS
NUCLEAR SECURITY SERIES NO. XX NST01 DRAFT, November 01 STEP : Submission to MS for comment Interface Document: NSGC, all SSCs PREVENTIVE AND PROTECTIVE MEASURES AGAINST INSIDER THREATS (REVISION OF NUCLEAR
More informationNext Generation Distribution Automation Phase III, Intelligent Modern Pole (IMP) Field Demonstration
Next Generation Distribution Automation Phase III, Intelligent Modern Pole (IMP) Field Demonstration EPIC Workshop Fresno California November 09, 2018 Southern California Edison Background (Innovation
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationJoint ICTP-IAEA School of Nuclear Energy Management November 2012
2374-20 Joint ICTP- School of Nuclear Energy Management 5-23 November 2012 Establishing National Nuclear Security Infrastructure (Module 9 Topics 3 & 4) EVANS Rhonda International Atomic Energy Agency,
More informationPhysical Protection of Nuclear Material and Facilities
BNSR, OAP Physical Protection of Nuclear Material and Facilities ISCN/JAEA Regional Training Course, Tokai, Japan (October 19-31, 2015) Miss Jarunee Kraikaew, Senior Professional Nuclear Chemist 11/30/2015
More informationAdvanced IT Risk, Security management and Cybercrime Prevention
Advanced IT Risk, Security management and Cybercrime Prevention Course Goal and Objectives Information technology has created a new category of criminality, as cybercrime offers hackers and other tech-savvy
More informationSOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)
SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationYour One Source for Critical Infrastructure Protection Solutions
WESCO Distribution 5 W. Station Square Drive, Suite 00 WESCO Distribution Pittsburgh, PA 151 5 W. scip@wesco.com Station Square Drive, Suite 00 Pittsburgh, PA 151 buy.wesco.com/resources/government scip@wesco.com
More informationUnderstanding CFATS: What It Means to Your Business Chemical Facility Anti-Terrorism Standards John C. Fannin III, CPP, LEED AP
TRANSPORTATION LOGISTICS PETROCHEMICal Commercial Industrial Retail Federal Systems Banking Understanding CFATS: What It Means to Your Business Chemical Facility Anti-Terrorism Standards John C. Fannin
More informationMicrosoft Advance Threat Analytics (ATA) at LLNL NLIT Summit 2018
Microsoft Advance Threat Analytics (ATA) at LLNL NLIT Summit 2018 May, 22, 2018 John Wong wong76@llnl.gov Systems & Network Associate This work was performed under the auspices of the U.S. Department of
More informationELECTRIC UTILITY SECTOR PHYSICAL THREATS (DBT) & RESPONSE PLANNING
ELECTRIC UTILITY SECTOR PHYSICAL THREATS (DBT) & RESPONSE PLANNING Helping to keep the lights on, businesses running and communities strong 1 Objectives The Utility Business has Changed Methodology Program
More informationCyber Security for Renewable Energy Systems
Cyber Security for Renewable Energy Systems Asia Pacific Clean Energy Summit August 31, 2010 Juan J. Torres Manager, Energy Systems Analysis Sandia National Laboratories jjtorre@sandia.gov Sandia is a
More informationEPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS
EPRO Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS The Role of Systems Engineering in Addressing Black Sky Hazards
More informationCritical Infrastructure Security Vulnerability Assessment. A New Approach. Norman Bird - Senior Technical Lead - Nuclear Security
Critical Infrastructure Security Vulnerability Assessment A New Approach Norman Bird - Senior Technical Lead - Nuclear Security Critical Infrastructure Protection and Resilience Europe (CIPRE) Securing
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationDefence services. Independent systems and technology advice that delivers real value. Systems and Engineering Technology
Defence services Independent systems and technology advice that delivers real value Systems and Engineering Technology Frazer-Nash Consultancy Working in the UK and internationally, Frazer-Nash is making
More informationELECTRICAL ENGINEERING & INSTRUMENTATION MECHANICAL ENGINEERING BIOLOGICAL & INDUSTRIAL ENGINEERING NUCLEAR ENGINEERING STRUCTURAL & CIVIL
ELECTRICAL ENGINEERING & INSTRUMENTATION MECHANICAL ENGINEERING BIOLOGICAL & INDUSTRIAL ENGINEERING NUCLEAR ENGINEERING STRUCTURAL & CIVIL ENGINEERING SYSTEMS INTEGRATION ELECTRONIC DATA MANAGEMENT PROJECT
More informationTEL2813/IS2621 Security Management
TEL2813/IS2621 Security Management James Joshi Associate Professor Lecture 4 + Feb 12, 2014 NIST Risk Management Risk management concept Goal to establish a relationship between aggregated risks from information
More informationAn Update on Security and Emergency Preparedness Standards for Utilities
An Update on Security and Emergency Preparedness Standards for Utilities Linda P. Warren, Launch! Consulting Safety and Security in the Workplace March 28, 2013 Overview 1 Review of AWWA Standards in Water
More informationCourses. X E - Verify that system acquisitions policies and procedures include assessment of risk management policies X X
4016 Points * = Can include a summary justification for that section. FUNCTION 1 - INFORMATION SYSTEM LIFE CYCLE ACTIVITIES Life Cycle Duties No Subsection 2. System Disposition/Reutilization *E - Discuss
More informationMitigation Controls on. 13-Dec-16 1
Mitigation Controls on 13-Dec-16 1 An organization s users are its greatest assets and its most challenging adversaries. one of the vulnerabilities posed by insiders is their knowledge of the quality of
More informationThreat and Vulnerability Assessment Tool
TABLE OF CONTENTS Threat & Vulnerability Assessment Process... 3 Purpose... 4 Components of a Threat & Vulnerability Assessment... 4 Administrative Safeguards... 4 Logical Safeguards... 4 Physical Safeguards...
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationCritical Information Infrastructure Protection Law
Critical Information Infrastructure Protection Law CCD COE Training 8 September 2009 Tallinn, Estonia Maeve Dion Center for Infrastructure Protection George Mason University School of Law Arlington, Virginia.
More informationRailroad Infrastructure Security
TRB Annual Meeting January 14, 2002 Session 107 - Railroad Security William C. Thompson william.thompson@jacobs.com 402-697-5011 Thanks to: Bob Ulrich Dr. William Harris Byron Ratcliff Frank Thigpen John
More informationOPTIMIZATION OF ACTIVITIES TO IMPROVE THE NUCLEAR MATERIAL AND FACILITIES SECURITY
OPTIMIZATION OF ACTIVITIES TO IMPROVE THE NUCLEAR MATERIAL AND FACILITIES SECURITY Vadim Prostakov Vienna 02.04.2009 OPTIMIZATION OF ACTIVITIES TO IMPROVE THE NUCLEAR MATERIAL AND FACILITIES SECURITY 1.
More informationL18: Integrate Control Disciplines to Increase Control and Save Money
L18: Integrate Control Disciplines to Increase Control and Save Money Kathleen Lucey, FBCI Montague Risk kalucey@montaguetm.com tel: 1.516.676.9234 Connections Information Security (computer security,
More informationIndustry role moving forward
Industry role moving forward Discussion with National Research Council, Workshop on the Resiliency of the Electric Power Delivery System in Response to Terrorism and Natural Disasters February 27-28, 2013
More informationSecurity Guidelines for the Electricity Sector
Security Guidelines for the Electricity Sector 116-390 Village Blvd. Princeton, NJ 08540 609-452-8060 609-452-9550 www.nerc.com Security Guidelines for the Electricity Sector Overview Vulnerability and
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Coordination Division Overview MTIA St Louis 03 MAY 2016 Role of
More informationIAEA Division of Nuclear Security
IAEA Division of Nuclear Security Computer Security Activities Overview Donald Dudenhoeffer 25 May 2017 Computer and Information Security The Division of Nuclear Security (NSNS) seeks to support Member
More informationIntroduction to Business continuity Planning
Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources
More informationDomestic Nuclear Detection Office (DNDO) DNDO Overview
Domestic Nuclear Detection Office (DNDO) DNDO Overview Summer 2008 Outline DNDO Mission, Objectives and Organization Defining the radiological and nuclear threat Multi-layered approach to security Global
More informationINHERENT SECURITY: PROTECTING PROCESS PLANTS AGAINST THREATS
INHERENT SEURITY: PROTETING PROESS PLANTS AGAINST THREATS by Paul Baybutt Primatech Inc., 50 Northwoods Blvd., olumbus, OH 43235 paulb@primatech.com This paper has been accepted for publication in hemical
More informationLive Webinar: Best Practices in Substation Security November 17, 2014
Live Webinar: Best Practices in Substation Security November 17, 2014 1 Agenda & Panelists Welcome & Introduction - Allan Wick, CFE, CPP, PSP, PCI, CBCP Enterprise Security Manager-CSO Tri-State Generation
More informationJune 5, 2018 Independence, Ohio
June 5, 2018 Independence, Ohio The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Securing the Nation at the Community Level 2018 Cuyahoga
More informationInternational Atomic Energy Agency Meeting the Challenge of the Safety- Security Interface
Meeting the Challenge of the Safety- Security Interface Rhonda Evans Senior Nuclear Security Officer, Division of Nuclear Security Department of Nuclear Safety and Security Outline Introduction Understanding
More informationDHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017
DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.
More informationGlobal Security Operation Center GSOC
Global Security Operation Center GSOC Best of Breed Opinion Basic requirements for a best in class Global Security Operation Center. CONSULTING AND INVESTIGATIONS DIVISION The Consulting and Investigations
More informationSimulation of the effectiveness evaluation process of security systems
IOP Conference Series: Materials Science and Engineering PAPER OPEN ACCESS Simulation of the effectiveness evaluation process of security systems To cite this article: A V Godovykh et al 2016 IOP Conf.
More informationCyber resilience, information security and operational continuity
Cyber resilience, information security and operational continuity Global Payments Week Torino, September 20/2016 Introduction The CPMI published earlier this year the Guidelines for cyber resiliency for
More informationBusiness Continuity Planning Keeping Pace with New Technology
Business Continuity Planning Keeping Pace with New Technology Old issues, new threats Force Majeure Increasing severe weather incidents, terrorist attacks Legacy modernization Cutover issues, system crashes,
More informationPort Facility Cyber Security
International Port Security Program Port Facility Cyber Security Cyber Risk in the Marine Transportation System MAR'01 1 Objectives IDENTIFY motivations behind a cyber attack. IDENTIFY various types of
More informationElectric Facility Threats and Violence
Electric Facility Threats and Violence Louis Dabdoub Entergy Services, Inc. October 20, 2011 COMPANY FACTS Entergy Corporation is an integrated energy company engaged primarily in electric power production
More informationSafety Systems are the New Target Design Security Using Safety Methods
SESSION ID: SBX4-W4 Safety Systems are the New Target Design Security Using Safety Methods Marty Edwards Director of Strategic Initiatives International Society of Automation (ISA) @ICS_Marty Disclaimer
More informationSecurity Master Planning to Protect Water Resources Lara Kammereck John Saunders May 1, 2015
Security Master Planning to Protect Water Resources Lara Kammereck John Saunders May 1, 2015 Who is Cascade Water Alliance? Joined together in 1999 350,000 residents 20,000 businesses City of Bellevue
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationMike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS
Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Can You Answer These Questions? 1 What s my company s exposure to the latest industrial cyber threat? Are my plants
More informationSecurity Guideline for the Electricity Sub-sector: Physical Security Response
Security Guideline for the Electricity Sub-sector: Physical Security Response Preamble: This guideline addresses potential risks that can apply to some electricity sub-sector organizations and provides
More informationThe Perfect Storm Cyber RDT&E
The Perfect Storm Cyber RDT&E NAVAIR Public Release 2015-87 Approved for public release; distribution unlimited Presented to: ITEA Cyber Workshop 25 February 2015 Presented by: John Ross NAVAIR 5.4H Cyberwarfare
More informationPort Facility Cyber Security
International Port Security Program Port Facility Cyber Security Cyber Security Assessment MAR'01 1 Lesson Topics ISPS Code Requirement The Assessment Process ISPS Code Requirements What is the purpose
More informationMASP Chapter on Safety and Security
MASP Chapter on Safety and Security Daniel Watzenig Graz, Austria https://artemis.eu MASP Chapter on Safety & Security Daniel Watzenig daniel.watzenig@v2c2.at Francois Tuot francois.tuot@gemalto.com Antonio
More informationInternet of Things (IoT) Securing the Connected Ecosystem
Internet of Things (IoT) Securing the Connected Ecosystem June 2018 Making sense of the buzzwords: What is the Internet of Things Internet of Things (IoT) refers to a world of intelligent, connected devices
More informationProtecting Canada s Nuclear Industry THE
Protecting Canada s Nuclear Industry THE EVOLUTION OF NUCLEAR SECURITY AND ARMED RESPONSE FORCES AT DESIGNATED NUCLEAR FACILITIES Mr. Terry Jamieson Vice-President Technical Support Branch Canadian Nuclear
More informationProfessional in Critical Infrastructure Protection
Professional in Critical Infrastructure Protection The world is rapidly changing. Our critical infrastructure is at risk on many fronts. Key services that were once taken for granted are now being affected
More informationPerformance- Based Approach to the Security of Radioactive Sealed Sources: A Canadian Perspective
Performance- Based Approach to the Security of Radioactive Sealed Sources: A Canadian Perspective Abstract Raphaël Duguay, M.Sc., PSP Nuclear Security Division Canadian Nuclear Safety Commission, Canada
More informationFor more information: FONETRAC - FULL INTEGRATION WITH GLOBAL MONITORING
FONETRAC - FULL INTEGRATION WITH GLOBAL MONITORING For more information: http://fonetrac-go.com 1995-2018 IMG GlobalSecur, Inc. All Rights Reserved. GlobalSecur & FoneTrac are registered trademarks of
More informationipcgrid 2015 March 26, 2015 David Roop Director Electric Transmission Operations Dominion Virginia Power
Substation Security and Resiliency Update on Accomplishments thus far ipcgrid 2015 March 26, 2015 David Roop Director Electric Transmission Operations Dominion Virginia Power Dominion Profile Leading provider
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationEMERGENCY SUPPORT FUNCTION (ESF) 13 PUBLIC SAFETY AND SECURITY
EMERGENCY SUPPORT FUNCTION (ESF) 13 PUBLIC SAFETY AND SECURITY PRIMARY AGENCY: SUPPORT AGENCIES: Savannah-Chatham Metropolitan Police Department Armstrong-Atlantic Campus Police Department Bloomingdale
More informationIIoT cyber security simulation
IIoT cyber security simulation Prepare for cyber incident response in the Industrial Internet of Things (IIoT) KPMG International kpmg.com In the Industrial Internet of Things (IIoT) era, visionary concepts,
More informationISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard
Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing
More informationV A Physical Security Assessments LESSONS LEARNED
1 V A Physical Security Assessments LESSONS LEARNED 2 Program Goals What threats should be guarded against? How best to evaluate healthcare, cemetery, as well as office facilities against these threats?
More informationPD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection
PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection December 17, 2003 SUBJECT: Critical Infrastructure Identification, Prioritization,
More informationPanelists. Moderator: Dr. John H. Saunders, MITRE Corporation
SCADA/IOT Panel This panel will focus on innovative & emerging solutions and remaining challenges in the cybersecurity of industrial control systems ICS/SCADA. Representatives from government and infrastructure
More informationCritical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.
Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach. By Christopher Ganizani Banda ICT Development Manager Malawi Communications Regulatory Authority 24-26th July,2016 Khartoum,
More informationApproaches and Tools to Quantifying Facility Security Risk. Steve Fogarty, CSO
Approaches and Tools to Quantifying Facility Security Risk Steve Fogarty, CSO ARES Security Corporation ARES is a high-performing Technology Solutions provider with more than 20 offices around the world.
More informationSystems Engineering and System Security Engineering Requirements Analysis and Trade-Off Roles and Responsibilities
Systems Engineering and System Security Engineering Requirements Analysis and Trade-Off Roles and Responsibilities Melinda Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering
More informationAdvanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018
Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018 The Homeland Security Systems Engineering and Development Institute (HSSEDI ) is a trademark of the U.S. Department of Homeland
More informationChapter 1. Chapter 2. Chapter 3
Contents Preface ix Chapter 1 Terrorism 1 Terrorism in General 2 Definition of Terrorism 3 Why Choose Terrorism 4 Goals of Terrorists 5 Selection of Targets and Timing of Attacks 6 Perpetrators 7 Weapons
More informationManagement. Port Security. Second Edition KENNETH CHRISTOPHER. CRC Press. Taylor & Francis Group. Taylor & Francis Group,
Port Security Management Second Edition KENNETH CHRISTOPHER CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an informa business Preface
More informationCanadian Chemical Engineering Conference Edmonton, Alberta October 30, 2007
US Chemical Facility Anti-Terrorism Standards (CFATS) Overview Canadian Chemical Engineering Conference Edmonton, Alberta October 30, 2007 Dorothy Kellogg AcuTech Consulting Group Alexandria, Virginia
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationBPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.
BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...
More informationSecurity in Depth Webinar
Security in Depth 050213 Webinar Welcome and thank you for standing by. All parties will be in a listen-only mode for the duration of today s conference call. Today s call is being recorded; if anyone
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Organisation for the Prohibition of Chemical Weapons September 13, 2011 Overall Landscape
More informationCYBERBIT P r o t e c t i n g a n e w D i m e n s i o n
CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n CYBETBIT in a Nutshell A leader in the development and integration of Cyber Security Solutions A main provider of Cyber Security solutions for the
More informationTERRORISM LIAISON OFFICER OUTREACH PROGRAM - (TLOOP)
To: Bay Area UASI Approval Authority From: Mike Sena, Director NCRIC/HIDTA Date: January 10, 2019 Re: Item 7: NCRIC Annual Report and Proposed FY19 Allocation Recommendation: Approve $4,454,066 from the
More information