Securing Buildings & Facilities From Emerging Cyber Threats
|
|
- Kenneth Stevens
- 6 years ago
- Views:
Transcription
1 Session 5: [Session Title] Securing Buildings & Facilities From Emerging Cyber Threats Michael Mylrea Manager, Cybersecurity & Energy Technology Pacific Northwest National Lab August 10, 2016 Rhode Island Convention Center Providence, Rhode Island
2 DOE PNNL Buildings Cybersecurity Framework Energy Exchange: Federal Sustainability for the Next Decade
3 DOE PNNL Buildings Cybersecurity Maturity Model (B C2M2)
4 Buildings Cybersecurity Maturity Model (B C2M2) & Application Maturity Indicator Levels Defined progression of goals Each cell contains the defining practices by goal for domain for that maturity indicator level. If performing those practices, you earn this maturity level. DOE and PNNL developed a tool and visualization platform to measure cybersecurity maturity for energy utilities. This tool has been adapted to buildings, but its current form does not compare maturity levels of buildings and is difficult to distribute A tool and data set for measuring and comparing nation s buildings cybersecurity maturity does not exist PNNL conducted various B C2M2 pilot tests to inform the development of the B C2M2 app Need: Tool and data sets to quickly identify and compare buildings
5 Cybersecurity Maturity Model (B C2M2) Application Web and mobile based cybersecurity maturity model Obfuscate identity of users, but collects valuable information and data set Provide online and offline sharing solution A tool and data set for measuring and comparing cybersecurity maturity of energy infrastructure PNNL conducted various B C2M2 pilot tests to inform the future development of an application Need: Tool and data sets to quickly identify and compare cybersecurity maturity
6 Assessment Findings Building Control System Vulnerabilities Smart building control systems often prioritize ease of use and interoperability before security Energy Exchange: Federal Sustainability for the Next Decade
7 Building Cybersecurity Mitigation Illustrative/Assessment Findings Recommendations Build security into your smart building design criteria Introduce a security program to promote cyber best practices Introduce a cyber security training program. Introduce cyber security policies and standard operating procedures. Maintain a list of staff members and contractors. Use procurement guidelines NIST Cyber Security Framework DOE Cyber Energy Maturity Model Energy Exchange: Federal Sustainability for the Next Decade
8 Building Control System Risk Matrix Heat Map Energy Exchange: Federal Sustainability for the Next Decade
9 Cyber Secure Facility Energy Decision System
10 Cyber Secure Facility Energy Decision System (CS FEDS) Challenges Challenge 1: Cybersecurity solutions often times increase costs, reduce functionality and lack a clear value proposition. Challenge 2: Networking and digitizing energy technology and controls can reduce costs, increase functionality and efficiency, but often times increases cyber vulnerabilities. Challenge 3: A turn key tool to improve energy efficiency and cybersecurity does not exist Proposed Solution PNNL have beta tested a tool called the Cyber Secure Facility Energy Decision System (CS FEDS) that could potentially help building owners reduce their energy consumption, while increasing their cybersecurity maturity and situational awareness. Key Features Models energy and cost performance of heating, cooling, ventilation, lighting, motors, plug loads, building shell, and hot water systems, plus central plants and thermal loops. Models buildings systems interoperability and inventories critical cyber assets Identifies cybersecurity vulnerabilities in building automation systems Turn Key buildings cybersecurity and energy efficiency tool 10
11 CS FEDS Energy Efficiency and Security Training Modeling both energy and cost performance and cyber vuns in buildings Modeling buildings systems interoperability and inventories critical cyber assets Identifies critical cybersecurity assets in building automation systems and controls Combined energy efficiency and cybersecurity training targeted at IT and OT professionals Helped increase cybersecurity situational awareness, overview of cyber physical threats, vulnerabilities and mitigation Upcoming training with operations managers, cybersecurity professional and senior policy makers from USG interagency PNNL conducted various B C2M2 pilot tests to inform the development of training curriculum
12 Risk Management Cycle for Building Automation Systems
13 Risk Management Cycle for Building Automation Systems Building Automation Systems (BAS) Building energy efficiency Safety systems Gird level controls integration BAS Vulnerabilities (select) IT/OT separation Patch management Roles and responsibilities Cyber attack impacts Safety (Buildings/Occupants) Property damage (Equipment) Operational costs (Campus) Energy security (Campus/Utility) Credit Sri Nikhil Gourisetti/Brooke Brisbois Need: A systematic approach to identify requisite security enhancements to prevent/mitigate impact
14 Cybersecurity Risk Assessment for Building Automation Systems Cybersecurity Risk Assessment for Building Automation Systems Adapted from All Hazards Power Grid Risk Framework developed for OE 40 (Veeramany, 2015) Framework for power grid was developed to model natural hazards and manmade threats Adapted to systematically formulate and quantify attack scenarios for risk informed decision making based on NIST and Buildings Cybersecurity Frameworks Risk mitigation Identify, protect, detect, respond, and recover
15 Resilient Controllers for Campus Building Management Systems
16 Resilient Controllers for Campus BMS Demand Side Management Schedulable/controllable loads Distributed energy resources Transactive energy schemes Utility contracts Increasing cyber threats Vulnerable, insecure controllers Cyber attack impacts Safety (Buildings/Occupants) Property damage (Equipment) Operational costs (Campus) Energy security (Campus/Utility) Need: Resilient Controllers for schedulable loads in a campus to detect and mitigate cyber attacks.
17 Resilient Controllers for Campus BMS Proposed Solution: Cyber Anomalies Local measurements (Voltage, Current, PV, Weather) Load level, resilient controllers using a combination of machine learning techniques and cyber physical alert correlation algorithms for control validation. Machine learning to baseline physical system behavior ON/OFF Command s Resilient Controller Alerts to BMS Schedules/ Pricing Signals Spatial & Temporal Measurement Correlation Baselines Local voltage measurements Spatial & Temporal correlation across RCs Additional sources Weather, Solar irradiance Cyber physical alert correlation to fuse Cyber anomalies from IDS Physical anomalies from learnt patterns in machine learning Relevant stakeholders/clients DOE FEMP Tim Unrue DOE BTO Joe Hagerman DOE CEDS Carol Hawk
18 Human in the Loop Virtual Reality Cyber Security and Building Operations Trainer (VCS BOT)
19 Human In The Loop Virtual Reality Cyber Security And Building Operations Trainer (VCS BOT) Approach Scientific Challenges BC2M2 Cyber Security and building operations training methodologies need to adapt with evolving buildings infrastructure and smart grid Can we design human action based adaptive models? Can such enhanced immersive approach lead to incorporating cyber secure practices in IT & OT? Can we improve repeatability? Best Practices BCF Evaluation Assessment Oculus Human in the loop VR App Javascript C# Unity 3D Holo Lens Concept An augmented/virtual reality based adaptive building environment application enabling human in the loop for immersive and enhanced training experience Impact Strengthen Building Cyber Security practices Next-generation BCF based training framework Novel combination of unsupervised ML, AR/VR, and AI Situational models with realistic attack-action scenarios Deliverables Design Train Explore Software with AR/VR CS scenarios Cyber physical Training Curriculum Pilot training for buildings managers Train the trainers workshop Cyber Physical training landscape Enhanced human action area Papers Patent BCF Visibility Energy Exchange: Federal Sustainability for the Next Decade
Protecting Buildings Operational Technology (OT) from Evolving Cyber Threats & Vulnerabilities
Cybersecurity Basics For Energy Managers Protecting Buildings Operational Technology (OT) from Evolving Cyber Threats & Vulnerabilities Michael Mylrea Manager, Cybersecurity & Energy Technology Pacific
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationCybersmart Buildings: Securing Your Investments in Connectivity and Automation
Cybersmart Buildings: Securing Your Investments in Connectivity and Automation Jason Rosselot, CISSP, Director Product Cyber Security, Johnson Controls AIA Quality Assurance The Building Commissioning
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce
More informationUnited States Energy Association Energy Technology and Governance Program REQUEST FOR PROPOSALS
United States Energy Association Energy Technology and Governance Program REQUEST FOR PROPOSALS UTILITY CYBER SECURITY INITIATIVE (UCSI) CYBERSECURITY CAPABILITY MATURITY MODEL (C2M2) ASSESSMENT FOR THE
More informationInformation Security Continuous Monitoring (ISCM) Program Evaluation
Information Security Continuous Monitoring (ISCM) Program Evaluation Cybersecurity Assurance Branch Federal Network Resilience Division Chad J. Baer FNR Program Manager Chief Operational Assurance Agenda
More informationCyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.
Cyber Security For Utilities Risks, Trends & Standards IEEE Toronto March 22, 2017 Doug Westlund Senior VP, AESI Inc. Agenda Cyber Security Risks for Utilities Trends & Recent Incidents in the Utility
More informationEPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use
EPRI Research Overview IT/Security Focus November 29, 2012 Mark McGranaghan VP, Power Delivery and Utilization Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use Transmission
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationForeScout Extended Module for Splunk
Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look
More informationBonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology
Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology It s a hot topic!! Executives are asking their CISOs a LOT of questions about it Issues are costly, from a financial and a reputational
More informationNW NATURAL CYBER SECURITY 2016.JUNE.16
NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationEPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS
EPRO Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS The Role of Systems Engineering in Addressing Black Sky Hazards
More informationCYBERSMART BUILDINGS. Securing Your Investments in Connectivity and Automation
CYBERSMART BUILDINGS Securing Your Investments in Connectivity and Automation JANUARY 2018 WELCOME STEVE BRUKBACHER Application Security Manager Global Product Security Johnson Controls 1 WHY ARE WE HERE
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity November 2017 cyberframework@nist.gov Supporting Risk Management with Framework 2 Core: A Common Language Foundational for Integrated Teams
More informationMike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS
Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Can You Answer These Questions? 1 What s my company s exposure to the latest industrial cyber threat? Are my plants
More informationSmart Grid Standards and Certification
Smart Grid Standards and Certification June 27, 2012 Annabelle Lee Technical Executive Cyber Security alee@epri.com Current Environment 2 Current Grid Environment Legacy SCADA systems Limited cyber security
More informationCYBERSECURITY RESILIENCE
CLOSING THE IN CYBERSECURITY RESILIENCE AT U.S. GOVERNMENT AGENCIES Two-thirds of federal IT executives in a new survey say their agency s ability to withstand a cyber event, and continue to function,
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationDEVELOP YOUR TAILORED CYBERSECURITY ROADMAP
ARINC cybersecurity solutions DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP Getting started is as simple as assessing your baseline THE RIGHT CYBERSECURITY SOLUTIONS FOR YOUR UNIQUE NEEDS Comprehensive threat
More informationPanelists. Moderator: Dr. John H. Saunders, MITRE Corporation
SCADA/IOT Panel This panel will focus on innovative & emerging solutions and remaining challenges in the cybersecurity of industrial control systems ICS/SCADA. Representatives from government and infrastructure
More informationSupporting Strategic Customers Needs
Session: Partnering with Utilities for Energy Resiliency Supporting Strategic Customers Needs Daniel Tunnicliff Southern California Edison August 9, 2016 Rhode Island Convention Center Providence, Rhode
More informationSecurity Metrics. February 25, Annabelle Lee Senior Technical Executive
Security Metrics February 25, 2015 Annabelle Lee Senior Technical Executive alee@epri.com Cybersecurity Capability Maturity Model (C2M2) Overview Expansion Project and Comparative Analysis Framework Implementation
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationEmerging Issues: Cybersecurity. Directors College 2015
Emerging Issues: Cybersecurity Directors College 2015 Agenda/Objectives Define Cybersecurity Cyber Fraud Trends/Incidents FFIEC Cybersecurity awareness initiatives Community Bank expectations FFIEC Cybersecurity
More informationTechnical Conference on Critical Infrastructure Protection Supply Chain Risk Management
Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management Remarks of Marcus Sachs, Senior Vice President and the Chief Security Officer North American Electric Reliability
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationImplementing Executive Order and Presidential Policy Directive 21
March 26, 2013 Implementing Executive Order 13636 and Presidential Policy Directive 21 Mike Smith, Senior Cyber Policy Advisor, Office of Electricity Delivery and Energy Reliability, Department of Energy
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationCybersecurity for Health Care Providers
Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationCybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment
Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment SWG G 3 2016 v0.2 ISAO Standards Organization Standards Working Group 3: Information Sharing Kent Landfield, Chair
More informationMarine Transportation System Resilience: A Federal Agency Perspective
Marine Transportation System Resilience: A Federal Agency Perspective Katherine Touzinsky, USACE-ERDC TRB-CMTS Biennial Conference, June 21-23 rd, 2016 Resilience Integrated Action Team: Mission and Objectives
More informationNext Generation Distribution Automation Phase III, Intelligent Modern Pole (IMP) Field Demonstration
Next Generation Distribution Automation Phase III, Intelligent Modern Pole (IMP) Field Demonstration EPIC Workshop Fresno California November 09, 2018 Southern California Edison Background (Innovation
More informationTrends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk
Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk Standards Certification Education & Training Publishing Conferences & Exhibits Steve Liebrecht W/WW Industry
More informationCYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS
CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS WILLIAM (THE GONZ) FLINN M.S. INFORMATION SYSTEMS SECURITY MANAGEMENT; COMPTIA SECURITY+, I-NET+, NETWORK+; CERTIFIED
More informationCybersecurity for Department of Defense Microgrids: An Army Perspective
Cybersecurity for Department of Defense Microgrids: An Army Perspective Lori Ross O Neil with Cliff Glantz, David McKinnon, Fleur DePeralta, Mark Watson, Paul Boyd, Emily Barrett and Darlene Thorsen Pacific
More informationCyber Security for Renewable Energy Systems
Cyber Security for Renewable Energy Systems Asia Pacific Clean Energy Summit August 31, 2010 Juan J. Torres Manager, Energy Systems Analysis Sandia National Laboratories jjtorre@sandia.gov Sandia is a
More informationEstablishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security
Establishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security Michael John SmartSec 2016, Amsterdam www.encs.eu European Network for Cyber Security The European
More informationCyber Risk in the Marine Transportation System
Cyber Risk in the Marine Transportation System Cubic Global Defense MAR'01 1 Cubic.com/Global-Defense/National-Security 1 Cubic Global Defense Global Security Team Capabilities Program Management Integration
More information*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***
Introduction and Bio CyberSecurity Defined CyberSecurity Risks NIST CyberSecurity Framework References *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *** Chapter 3. Framework Implementation Relationship
More informationBreaking the Blockchain: Real-World Use Cases, Opportunities and Challenges
SESSION ID: BAC-W12 Breaking the Blockchain: Real-World Use Cases, Opportunities and Challenges Dr. Michael Mylrea Senior Advisor for Cybersecurity & Blockchain Lead Pacific Northwest National Laboratory
More informationCyber Security & Homeland Security:
Cyber Security & Homeland Security: Cyber Security for CIKR and SLTT Michael Leking 19 March 2014 Cyber Security Advisor Northeast Region Office of Cybersecurity and Communications (CS&C) U.S. Department
More informationCapturing the benefits of Distributed Energy Resources through a holistic and integrated data and automation/control based approach.
Capturing the benefits of Distributed Energy Resources through a holistic and integrated data and automation/control based approach siemens.com/intersolar Microgrid control and automation is at the heart
More informationCybersecurity & Privacy Enhancements
Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their
More informationFuture Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group
Future Challenges and Changes in Industrial Cybersecurity Sid Snitkin VP Cybersecurity Services ARC Advisory Group Srsnitkin@ARCweb.com Agenda Industrial Cybersecurity Today Scope, Assumptions and Strategies
More informationGrid Modernization at the Department of Energy
Grid Modernization at the Department of Energy Kevin Lynn, Director of the Grid Integration Initiative Office of Energy Efficiency and Renewable Energy November 17, 2014 Electricity Plays a Vital Role
More information2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager
2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National
More informationCyber Security Requirements for Supply Chain. June 17, 2015
Cyber Security Requirements for Supply Chain June 17, 2015 Topics Cyber Threat Legislation and Regulation Nuts and Bolts of NEI 08-09 Nuclear Procurement EPRI Methodology for Procurement Something to think
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program
More informationGrid Technologies Panel
Grid Technologies Panel 12 November 2013 Susan Van Scoyoc, PMP Director, Power & Energy Solutions Pitt Electric Power Industry Conference Who We Are CTC s capabilities include: Advanced Engineering and
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationUsing Operations Dashboard for ArcGIS: An Introduction
FedGIS Conference February 24 25, 2016 Washington, DC Using Operations Dashboard for ArcGIS: An Introduction Ken Gorton Carmella A. Burdi, GISP Solution Engineer Esri National Government Team kgorton@esri.com
More informationSpace Cyber: An Aerospace Perspective
Space Cyber: An Aerospace Perspective USAF Cyber Vision 2025 AFSPC 19-21 March 2012 Frank Belz and Joe Betser The Aerospace Corporation Computers and Software Division 20 March 2012 frank.belz@aero.org
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationFFIEC Cybersecurity Assessment Tool
FFIEC Cybersecurity Assessment Tool Cybersecurity Controls & Incidence Mappings for Splunk Enterprise, Enterprise Security, User Behavior Analytics Curtis Johnson Senior Sales Engineer & Security SME September
More informationGRID MODERNIZATION INITIATIVE SMARTGRID INDIA
GRID MODERNIZATION INITIATIVE SMARTGRID INDIA BETHANY SPEER National Renewable Energy Laboratory, a U.S. Department of Energy lab India Smart Grid Forum, 2017 March 16, 2017 1 At a Glance Developing the
More informationCyber Hygiene: A Baseline Set of Practices
[DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationIntroducing Cyber Observer
"Organizations are failing at early breach detection, with more than 92% of breaches undetected by the breached organization. The situation can be improved with stronger threat intelligence, the addition
More informationSTATE ENERGY RISK ASSESSMENT INITIATIVE ENERGY INFRASTRUCTURE MODELING AND ANALYSIS. National Association of State Energy Of ficials
STATE ENERGY RISK ASSESSMENT INITIATIVE ENERGY INFRASTRUCTURE MODELING AND ANALYSIS Alice Lipper t Senior Technical Advisor Of fice of Electricity Deliver y and Energy Reliability (OE) US Depar tment of
More informationUpdates to the NIST Cybersecurity Framework
Updates to the NIST Cybersecurity Framework NIST Cybersecurity Framework Overview and Other Documentation October 2016 Agenda: Overview of NIST Cybersecurity Framework Updates to the NIST Cybersecurity
More informationSaving Energy and Reducing Costs Through Better Use of Building Automation Systems
Session: Low/No Cost Solutions Through BAS Saving Energy and Reducing Costs Through Better Use of Building Automation Systems Mark M. Duszynski Johnson Controls Federal Systems August 9, 2016 Rhode Island
More informationDHS Election Task Force Updates. Geoff Hale, Elections Task Force
1 DHS Election Task Force Updates Geoff Hale, Elections Task Force Geoffrey.Hale@hq.dhs.gov ETF Updates Where we ve made progress Services EI-ISAC/ National Cyber Situational Awareness Room What we ve
More informationINFRASTRUCTURE. A Smart Strategy Global Water Asset Management Lead, Ove Arup NYC FORUM -
SMART INFRASTRUCTURE A Smart Strategy Ian.gray@arup.com Global Water Asset Management Lead, Ove Arup FORUM - NYC What I ll Cover Context Developing a Smart Strategy Step 1 Develop a resilience strategy
More informationEuropean Union Agency for Network and Information Security
Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationThe Road Ahead for Healthcare Sector: What to Expect in Cybersecurity Session CS6, February 19, 2017 Donna F. Dodson, Chief Cybersecurity Advisor,
The Road Ahead for Healthcare Sector: What to Expect in Cybersecurity Session CS6, February 19, 2017 Donna F. Dodson, Chief Cybersecurity Advisor, National Institute of Standards and Technology 1 Speaker
More informationDoD Strategy for Cyber Resilient Weapon Systems
DoD Strategy for Cyber Resilient Weapon Systems Melinda K. Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering NDIA Systems Engineering Conference October 2016 10/24/2016 Page-1
More informationCyber Risk and Networked Medical Devices
Cyber Risk and Networked Medical Devices Hot Topics Deloitte & Touche LLP February 2016 Copyright Scottsdale Institute 2016. All Rights Reserved. No part of this document may be reproduced or shared with
More informationNCSF Practitioner Certification
NCSF Practitioner Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Advisors and Special Event Domestic Incident Tracker Overview Federal
More informationBest Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security
Best Practices in Healthcare Risk Management Balancing Frameworks/Compliance and Practical Security Our industry is full of jargon terms that make it difficult to understand what we are buying To accelerate
More informationFramework for Improving Critical Infrastructure Cybersecurity. and Risk Approach
Framework for Improving Critical Infrastructure Cybersecurity Implementation of Executive Order 13636 and Risk Approach June 9, 2016 cyberframework@nist.gov Executive Order: Improving Critical Infrastructure
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationToward All-Hazards Security and Resilience for the Power Grid
Toward All-Hazards Security and Resilience for the Power Grid Juan Torres Associate Laboratory Director, Energy Systems Integration National Renewable Energy Laboratory December 6, 2017 1 Grid Modernization
More informationTABLE OF CONTENTS. Section Description Page
GPA Cybersecurity TABLE OF CONTENTS Section Description Page 1. Cybersecurity... 1 2. Standards... 1 3. Guides... 2 4. Minimum Hardware/Software Requirements For Secure Network Services... 3 4.1. High-Level
More informationThreat and Vulnerability Assessment Tool
TABLE OF CONTENTS Threat & Vulnerability Assessment Process... 3 Purpose... 4 Components of a Threat & Vulnerability Assessment... 4 Administrative Safeguards... 4 Logical Safeguards... 4 Physical Safeguards...
More informationFAA Cybersecurity Test Facility (CyTF) By: Enterprise Information Security Team ANG-B31 Patrick Hyle, William J Hughes Technical Center
FAA Cybersecurity Test Facility (CyTF) By: Enterprise Information Security Team ANG-B31 Patrick Hyle, William J Hughes Technical Center Date: 08 August, 2016 1 2 3 4 5 6 7 8 2 FAA Provides Aviation Portion
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationModernizing the Grid for a Low-Carbon Future. Dr. Bryan Hannegan Associate Laboratory Director
Modernizing the Grid for a Low-Carbon Future Dr. Bryan Hannegan Associate Laboratory Director Aspen Energy Policy Forum July 5, 2016 40 YEARS OF CLEAN ENERGY RESEARCH Founded as Solar Energy Research Institute
More informationSecuring the Grid and Your Critical Utility Functions. April 24, 2017
Securing the Grid and Your Critical Utility Functions April 24, 2017 1 Securing the Grid Effectively and Efficiently Recent threats to the Electric Grid and the importance of security Standards and Requirements
More informationInnovation policy for Industry 4.0
Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering Committee Confindustria Digitale Director Strategy & Technologies - Security & IS Division, Leonardo Agenda
More informationCYBERSECURITY MATURITY ASSESSMENT
CYBERSECURITY MATURITY ASSESSMENT ANTICIPATE. IMPROVE. PREPARE. The CrowdStrike Cybersecurity Maturity Assessment (CSMA) is unique in the security assessment arena. Rather than focusing solely on compliance
More informationCALIFORNIA CYBERSECURITY TASK FORCE
CALIFORNIA CYBERSECURITY TASK FORCE Advancing California s cybersecurity priorities through public, private, corporate, and academic sector collaboration. Agenda Task Force Overview California Cybersecurity
More informationHow to Align with the NIST Cybersecurity Framework
How to Align with the NIST Cybersecurity Framework 1 Title Table of Contents Identify (ID) 4 Protect (PR) 5 Detect (DE) 6 Respond (RS) 7 Recover (RC) 8 visibility detection control 2 SilentDefense Facilitates
More information2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report
Nationwide Cyber Security Review: Summary Report Nationwide Cyber Security Review: Summary Report ii Nationwide Cyber Security Review: Summary Report Acknowledgments The Multi-State Information Sharing
More informationThe Perfect Storm Cyber RDT&E
The Perfect Storm Cyber RDT&E NAVAIR Public Release 2015-87 Approved for public release; distribution unlimited Presented to: ITEA Cyber Workshop 25 February 2015 Presented by: John Ross NAVAIR 5.4H Cyberwarfare
More informationExecutive Order on Coordinating National Resilience to Electromagnetic Pulses
Executive Order on Coordinating National Resilience to Electromagnetic Pulses The Wh... Page 1 of 11 EXECUTIVE ORDERS Executive Order on Coordinating National Resilience to Electromagnetic Pulses INFRASTRUCTURE
More informationTRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID TCIPG.ORG
FROM SECURITY TO RESILIENCY: OPPORTUNITIES AND CHALLENGES FOR THE SMART GRID S CYBER INFRASTRUCTURE APRIL 20, 2015 BILL SANDERS UNIVERSITY OF ILLINOIS DARTMOUTH COLLEGE UC DAVIS WASHINGTON STATE UNIVERSITY
More informationInfrastructure & Building Risk Assessment on New and Existing Buildings
Infrastructure & Building Risk Assessment on New and Existing Buildings E. Scott Tezak, PE, BSCP Security Practice Lead, TRC Companies Lawrence Fitzgerald, CPP, PSP Security Group Leader, TRC Companies
More informationDisaster Risk Management Unit 2015
Disaster Risk Management Unit 2015 Earthquakes Tsunami Floods Landslides Forest Fires Wars and armed conflicts Explosions Major Hazards that Threaten Lebanon Needs Assessment The UNDP / Presidency of Council
More informationWelcome to Tomorrow... Today
Copyright 2016 Splunk Inc. Welcome to Tomorrow... Today The need and benefit of merging of IT and Security in today's ever connected world of security and IT Tim Lee CISO, City of LA Ernie Welch Sales
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More information