Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

Size: px
Start display at page:

Download "Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1."

Transcription

1 Securing the Smart Grid Understanding the BIG Picture The Power Grid The electric power system is the most capital-intensive infrastructure in North America. The system is undergoing tremendous change that will unfold over a number of years. As the grid is modernized, it will become highly automated, leverage information technology more fully, and become more capable in managing energy from a variety of distributed sources. In this process of becoming increasingly smarter, the grid will expand to contain more interconnections that may become portals for intrusions, error-caused disruptions, malicious attacks, and other threats. 2 The Power Grid The convergence of the information and communication infrastructure with the electric power grid introduces new security and privacy-related challenges. The introduction of these technologies to the electric sector also presents opportunities to increase the reliability of the power system, to make it more capable and more resilient to withstand attacks, equipment failures, human errors, natural disasters, and other threats. These greatly improved monitoring and control capabilities must include cyber security solutions in the development process rather than as a retrofit. 3 Corporate Risk Solutions, Inc. 1

2 The Power Grid Interoperability of Components Interoperability can be defined as the ability of two or more systems or components to exchange information and to use the information that has been exchanged. The second part of this definition is very important: not only must computer systems exchange information, but they must also be able to understand that information. 4 Advanced Metering Infrastructure (AMI) AMI will provide two-way communications between customers and utilities. This is really what the smart grid is all about. AMI is widely considered to consist of several components. These include: Smart Meter Customer Gateway AMI Communication Network AMI Headend 5 Advanced Metering Infrastructure (AMI) Lesser versions of AMI systems include automated meter reading (AMR) systems that allow remote reading of measurement registers, and automatic meter management (AMM) systems that extend AMR capability with the ability to manage meters remotely. Such devices will allow for numerous advanced capabilities. Several of these that have been proposed include: track customer usage such as total energy consumption remotely connect and disconnect customers send out alarms in case of problems provide real-time pricing send power quality data remotely receive firmware upgrades in order to update software and incorporate new functionality such as providing customers the ability to manage their own energy consumption more accurately. 6 Corporate Risk Solutions, Inc. 2

3 Smart Grid Domains Although most Smart Grid issues impact all aspects of electric energy delivery, it is convenient to separate the issues into different domains. These domains are: Central generation (and storage), including traditional power plants, renewable energy plants, and other large sources of energy Distributed energy resources, consisting of smaller sources of generation and storage predominantly interconnected at the distribution level, such as photovoltaics, small wind, and plug-in hybrid electric vehicles Transmission system, including ISOs, transmission operations, planning, and maintenance, as well as substation automation and synchrophasor measurements 7 Smart Grid Domains Distribution system, including distribution operations, automation, planning, and maintenance Customer utility interactions, covering utility to customer interactions with respect to metering, energy services, PHEVs, and interfaces to customer gateways (with sub-domains of C&I customers and residential/small commercial customers) Market operations, including energy market, ancillary services, demand response, load management, feed-in tariffs, pollutant cap-and-trade, and other market-based approaches Building, homes, and industries, covering building management systems, home area networks, industrial energy management systems, and other customer systems. 8 Smart Grid Domains 9 Corporate Risk Solutions, Inc. 3

4 The Smart Grid Characteristics Self-healing Empowers and incorporates the consumer Resilient to physical and cyber attacks Provides power quality needed by 21st century users Accommodates a wide variety of generation options Fully enables maturing electricity markets Optimizes assets Source: The US National Energy Technology Laboratory 10 Smart Grid Technology Sensors Monitoring and detecting the data Communications Moving the data through the build of networks First-level integration Collecting the data Centralized control Using the data for visualization and control Security Protecting the data with Security Services & Solutions Full integration Integrating the data with the rest of the business Services and Applications Using the data in new ways Source: The Emerging Smart Grid, Global Environment Fund - Centre for Smart Energy 11 Smart Grid Cyber Security Drivers Increasing Interconnection and Integration Increasing Use of COTS Hardware and Software New 2-Way Systems (e.g. AMI, DSM) New Customer Touch Points into Utilities Control Systems Not Designed with Security in Mind Increasing Number Of Systems and Size of Code Base Increased Attack Surface Increased Risk to Operations 12 Corporate Risk Solutions, Inc. 4

5 Potential Cyber Security Issues to the Smart Grid Include: Increasing complexity that could introduce vulnerabilities and increase exposure to potential attackers; Without proper planning, a natural- or man-made event could disable the communications infrastructure, rendering the smart grid ineffective at coping with an emergency situation; A cyber intruder could compromise electricity use data and send false information to the utility and either lower or increase the billing, depending upon the motivation; Linked networks can introduce common vulnerabilities; 13 Potential cyber security issues to the Smart Grid include: Increasing vulnerabilities to communication disruptions and introduction of malicious software that could result in denial of service or compromise the integrity of software and systems; Increased number of entry points and paths for potential adversaries to exploit; Potential for compromise of data confidentiality, including the breach of customer privacy; and 14 Potential cyber security issues to the Smart Grid include: Compromise of the automated device/service control functionality of the Smart Grid devices, in such a way that significantly disrupts, impairs, or destroys the self-sensing and monitoring, self-adaptive, self-healing electricity generation, transmission, and distribution infrastructure. 15 Corporate Risk Solutions, Inc. 5

6 Functional Requirements for Cross- Cutting Areas Cyber and Physical Security Security policies, as well as training and enforcement Security risk assessment Security requirements Security specifications Identify establishment Authentication Confidentiality Integrity Availability Non-repudiation / Accountability Intrusion detection Audit logging and reporting 16 Functional Requirements for Cross- Cutting Areas Network and System Management Network design to meet performance and security requirements System design with embedded security tools and mechanisms Specifications and Engineering Specifications need to map the business or functional requirements into engineering requirements Engineering design and implementation is needed to develop products and systems from the specifications Integration is needed to interconnect all the equipment and systems into a functioning whole. 17 Functional Requirements for Cross- Cutting Areas Conformance and Interoperability Testing Conformance testing for vendors against standards Interoperability testing of two or more systems with each other to ensure interoperability 18 Corporate Risk Solutions, Inc. 6

7 Cyber Solutions - Defense in Depth Perimeter Protection Firewall, IPS, VPN, AV Host IDS, Host AV DMZ Physical Security Interior Security Firewall, IDS, VPN, AV Host IDS, Host AV IEEE P1711 (Serial Connections) NAC IDS Intrusion Detection System Scanning IPS Intrusion Prevention System Monitoring DMZ DeMilitarized Zone Management VPN Virtual Private Network (encrypted) AV Anti-Virus (anti-malware) Processes NAC Network Admission Control 19 Recommendations View cyber security as a critical element of your Smart Grid deployment Apply the defense in depth concept isolating and segregating systems and applications, then allow selected connectivity Best accomplished at the foundational / design level Establish a security management system you can t manage what you can t measure Involve your vendors and interconnected partners Embed into your corporate governance systems Develop and track business case: Project by project basis Integrated system 20 References Study of Security Attributes of Smart Grid Systems Current Cyber Security Issues Idaho National Labs April 2009 Cyber Security and the Smart Grid Ontario Smart Grid Forum November 2008 Cyber Security Issues for Advanced Metering Infrastructure - IEEE T&D Conference - April 2008 Proposed Smart Grid Reference Arch & Roadmap - NIST - March 15, 2009 Guidelines for Smart Grid Cyber Security NIST - NISTIR 7628 August 2010 Smart Grid Standards Overview Erich W. Gunther February Corporate Risk Solutions, Inc. 7

8 Phil Sobol CISSP,CISA,CSSA,C EH,CNA 22 Corporate Risk Solutions, Inc. 8

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use EPRI Research Overview IT/Security Focus November 29, 2012 Mark McGranaghan VP, Power Delivery and Utilization Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use Transmission

More information

Smart Grid vs. The NERC CIP

Smart Grid vs. The NERC CIP Smart Grid vs. The NERC CIP Tobias Whitney, MBA GE Smart Grid Center of Excellence 1 First The Bottom Line Security & Privacy are paramount Smart Grid concerns of regulators and the public Currently every

More information

Security and Privacy Issues In Smart Grid

Security and Privacy Issues In Smart Grid Security and Privacy Issues In Smart Grid J. Liu and Y. Xiao, S. Li, W. Liang, C. Chen IEEE COMMUNICATIONS SURVEYS & TUTORIALS, to appear Wednesday, September 26, 2012 Mohamed M. E. A. Mahmoud PhD, PDF,

More information

Summary of Cyber Security Issues in the Electric Power Sector

Summary of Cyber Security Issues in the Electric Power Sector Summary of Cyber Security Issues in the Electric Power Sector Jeff Dagle, PE Chief Electrical Engineer Energy Technology Development Group Pacific Northwest National Laboratory (509) 375-3629 jeff.dagle@pnl.gov

More information

TABLE OF CONTENTS. Section Description Page

TABLE OF CONTENTS. Section Description Page GPA Cybersecurity TABLE OF CONTENTS Section Description Page 1. Cybersecurity... 1 2. Standards... 1 3. Guides... 2 4. Minimum Hardware/Software Requirements For Secure Network Services... 3 4.1. High-Level

More information

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

LESSONS LEARNED IN SMART GRID CYBER SECURITY

LESSONS LEARNED IN SMART GRID CYBER SECURITY LESSONS LEARNED IN SMART GRID CYBER SECURITY Lynda McGhie CISSP, CISM, CGEIT Quanta Technology Executive Advisor Smart Grid Cyber Security and Critical Infrastructure Protection lmcghie@quanta-technology.com

More information

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group Future Challenges and Changes in Industrial Cybersecurity Sid Snitkin VP Cybersecurity Services ARC Advisory Group Srsnitkin@ARCweb.com Agenda Industrial Cybersecurity Today Scope, Assumptions and Strategies

More information

SEGRID storyline. Workshop SEGRID November 14 th, 2016, Barcelona, Spain

SEGRID storyline. Workshop SEGRID November 14 th, 2016, Barcelona, Spain Workshop SEGRID November 14 th, 2016, Barcelona, Spain SEGRID storyline This project has received funding from the European Union s Seventh Framework Programme for research, technological development and

More information

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government

More information

Protecting Control Systems from Cyber Attack: A Primer on How to Safeguard Your Utility May 15, 2012

Protecting Control Systems from Cyber Attack: A Primer on How to Safeguard Your Utility May 15, 2012 Protecting Control Systems from Cyber Attack: A Primer on How to Safeguard Your Utility May 15, 2012 Paul Kalv Electric Director, Chief Smart Grid Systems Architect, City of Leesburg Doug Westlund CEO,

More information

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic

More information

Security by Default: Enabling Transformation Through Cyber Resilience

Security by Default: Enabling Transformation Through Cyber Resilience Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,

More information

i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS

i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS siemens.com/ruggedcom INTERACTIVE REMOTE ACCESS INTELLIGENT ELECTRONIC DEVICES Intelligent Electronic Devices (IEDs) Devices that can provide real-time

More information

Smart Grid Task Force

Smart Grid Task Force Smart Grid Task Force Workshop meeting Mladen Kezunovic Texas A&M University it Coordinator PSerc Workshop August st10-13, 13 2009 Breckenridge CO Agenda 1:30-3:00pm PSerc Smart Grid Task Force PSerc Smart

More information

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices Against Cyber Attacks (CODEF) Cyber Security of the

More information

Firewalls (IDS and IPS) MIS 5214 Week 6

Firewalls (IDS and IPS) MIS 5214 Week 6 Firewalls (IDS and IPS) MIS 5214 Week 6 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part

More information

Expanding Cyber Security Management for Critical Infrastructure

Expanding Cyber Security Management for Critical Infrastructure Expanding Cyber Security Management for Critical Infrastructure ISSE Wednesday 15 th November 17, Brussels Dr Andrew Hutchison, Telekom Security andrew.hutchison@t-systems.com OVERVIEW Attack Surface expands

More information

Cisco Smart Grid. Powering End-to-End Communications. Annette Winston Sr. Mgr., Product Operations Customer Value Chain Management

Cisco Smart Grid. Powering End-to-End Communications. Annette Winston Sr. Mgr., Product Operations Customer Value Chain Management Cisco Smart Grid Powering End-to-End Communications Annette Winston Sr. Mgr., Product Operations Customer Value Chain Management 21 October 2010 What is the Smart Grid? A digital superstructure which uses

More information

Cyber Criminal Methods & Prevention Techniques. By

Cyber Criminal Methods & Prevention Techniques. By Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation

More information

Cyber Security Update. Bennett L. Gaines Senior Vice President, Corporate Services, CIO, FirstEnergy 2012 Summer Seminar August 5-7, 2012

Cyber Security Update. Bennett L. Gaines Senior Vice President, Corporate Services, CIO, FirstEnergy 2012 Summer Seminar August 5-7, 2012 Cyber Security Update Bennett L. Gaines Senior Vice President, Corporate Services, CIO, FirstEnergy 2012 Summer Seminar August 5-7, 2012 Agenda Timeline Regulatory / Compliance Environment Smart Grid Threats

More information

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education Data Sheet Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education Available through NASPO ValuePoint Cloud Services VIRTUSTREAM CLOUD AND MANAGED SERVICES SOLUTIONS

More information

TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID TCIPG.ORG

TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID TCIPG.ORG FROM SECURITY TO RESILIENCY: OPPORTUNITIES AND CHALLENGES FOR THE SMART GRID S CYBER INFRASTRUCTURE APRIL 20, 2015 BILL SANDERS UNIVERSITY OF ILLINOIS DARTMOUTH COLLEGE UC DAVIS WASHINGTON STATE UNIVERSITY

More information

Measurement Challenges and Opportunities for Developing Smart Grid Testbeds

Measurement Challenges and Opportunities for Developing Smart Grid Testbeds Measurement Challenges and Opportunities for Developing Smart Grid Testbeds 10th Carnegie Mellon Conference on the Electricity Industry April 1, 2015 Paul Boynton boynton@nist.gov Testbed Manager Smart

More information

Cyber Security for Renewable Energy Systems

Cyber Security for Renewable Energy Systems Cyber Security for Renewable Energy Systems Asia Pacific Clean Energy Summit August 31, 2010 Juan J. Torres Manager, Energy Systems Analysis Sandia National Laboratories jjtorre@sandia.gov Sandia is a

More information

IC32E - Pre-Instructional Survey

IC32E - Pre-Instructional Survey Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into

More information

OpenWay by Itron Security Overview

OpenWay by Itron Security Overview Itron White Paper OpenWay by Itron OpenWay by Itron Security Overview Kip Gering / R. Eric Robinson Itron Marketing / Itron Engineering 2009, Itron Inc. All rights reserved. 1 Executive Summary 3 Intent

More information

Realizing the Smart Grid - A Solutions Provider's Perspective David G. Hart July Elster. All rights reserved.

Realizing the Smart Grid - A Solutions Provider's Perspective David G. Hart July Elster. All rights reserved. Realizing the Smart Grid - A Solutions Provider's Perspective David G. Hart July 2009 2009 Elster. All rights reserved. What is the Smart Grid? 2009 Elster. All rights reserved. 2 Smart Grid Two Way Communications..Sensors...Distributed

More information

Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment

Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment S&L Logo Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment Date: October 24, 2017 Authors/Presenters: J. Matt Cole, PE

More information

ANATOMY OF AN ATTACK!

ANATOMY OF AN ATTACK! ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable

More information

Identity-Based Cyber Defense. March 2017

Identity-Based Cyber Defense. March 2017 Identity-Based Cyber Defense March 2017 Attackers Continue to Have Success Current security products are necessary but not sufficient Assumption is you are or will be breached Focus on monitoring, detecting

More information

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational

More information

The Next Generation Grid: Electric Power T & D

The Next Generation Grid: Electric Power T & D The Next Generation Grid: Electric Power T & D Kurt Yeager www.galvinpower.org April 20, 2009 Forward to Fundamentals Electricity is the engine of prosperity and quality of life Electricity is a consumer

More information

BUILDING A SMARTER SMART GRID: COUNTERACTING CYBER-THREATS IN ENERGY DISTRIBUTION

BUILDING A SMARTER SMART GRID: COUNTERACTING CYBER-THREATS IN ENERGY DISTRIBUTION BUILDING A SMARTER SMART GRID: COUNTERACTING CYBER-THREATS IN ENERGY DISTRIBUTION INNOVATORS START HERE. EXECUTIVE SUMMARY Energy providers have arrived at a new frontier. Behind them lies the existing

More information

Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group

Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group Submitted on behalf of the U.S. Department of Energy National

More information

Industry Best Practices for Securing Critical Infrastructure

Industry Best Practices for Securing Critical Infrastructure Industry Best Practices for Securing Critical Infrastructure Cyber Security and Critical Infrastructure AGENDA - Difference between IT and OT - Real World Examples of Cyber Attacks Across the IT/OT Boundary

More information

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security

More information

The role of ICT in managing the complex Smart Grid Infrastructure. Nampuraja Enose Infosys Labs

The role of ICT in managing the complex Smart Grid Infrastructure. Nampuraja Enose Infosys Labs The role of ICT in managing the complex Smart Grid Infrastructure Nampuraja Enose Infosys Labs Smart Grid The Smart Grid isn t a thing, but rather a Vision for the power system of the future Its a mix

More information

Protecting productivity with Industrial Security Services

Protecting productivity with Industrial Security Services Protecting productivity with Industrial Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. usa.siemens.com/industrialsecurityservices

More information

Green California Summit. Paul Clanon Executive Director California Public Utilities Commission April 19, 2011

Green California Summit. Paul Clanon Executive Director California Public Utilities Commission April 19, 2011 Green California Summit Paul Clanon Executive Director California Public Utilities Commission April 19, 2011 1 Presentation Overview What is Smart Grid Why Smart Grid California s Commitment to Smart Grid

More information

Innovation policy for Industry 4.0

Innovation policy for Industry 4.0 Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering Committee Confindustria Digitale Director Strategy & Technologies - Security & IS Division, Leonardo Agenda

More information

Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies

Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies lwihl@scalable-networks.com 2 The Need OT security particularly in the

More information

Security analysis and assessment of threats in European signalling systems?

Security analysis and assessment of threats in European signalling systems? Security analysis and assessment of threats in European signalling systems? New Challenges in Railway Operations Dr. Thomas Störtkuhl, Dr. Kai Wollenweber TÜV SÜD Rail Copenhagen, 20 November 2014 Slide

More information

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure SESSION ID: SBX1-R07 Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure Bryan Hatton Cyber Security Researcher Idaho National Laboratory In support of DHS ICS-CERT @phaktor 16 Critical

More information

Verizon Software Defined Perimeter (SDP).

Verizon Software Defined Perimeter (SDP). Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.

More information

Grid Modernization Challenges for the Integrated Grid

Grid Modernization Challenges for the Integrated Grid Grid Modernization Challenges for the Integrated Grid Mark McGranaghan VP, Distribution and Utilization Electric Power Research Institute Wednesday 21 JUN 2017 PowerTech 2017 Manchester The Vision An Integrated

More information

Toward All-Hazards Security and Resilience for the Power Grid

Toward All-Hazards Security and Resilience for the Power Grid Toward All-Hazards Security and Resilience for the Power Grid Juan Torres Associate Laboratory Director, Energy Systems Integration National Renewable Energy Laboratory December 6, 2017 1 Grid Modernization

More information

Security+ SY0-501 Study Guide Table of Contents

Security+ SY0-501 Study Guide Table of Contents Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators

More information

External Supplier Control Obligations. Cyber Security

External Supplier Control Obligations. Cyber Security External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place

More information

Risk-Based Cyber Security for the 21 st Century

Risk-Based Cyber Security for the 21 st Century Risk-Based Cyber Security for the 21 st Century 7 th Securing the E-Campus Dartmouth College July 16, 2013 Dr. Ron Ross Computer Security Division Information Technology Laboratory NATIONAL INSTITUTE OF

More information

The Common Controls Framework BY ADOBE

The Common Controls Framework BY ADOBE The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.

More information

Internet of Things Toolkit for Small and Medium Businesses

Internet of Things Toolkit for Small and Medium Businesses Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors

More information

Digital Wind Cyber Security from GE Renewable Energy

Digital Wind Cyber Security from GE Renewable Energy Digital Wind Cyber Security from GE Renewable Energy BUSINESS CHALLENGES The impact of a cyber attack to power generation operations has the potential to be catastrophic to the renewables industry as well

More information

Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data

Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data Anurag Srivastava, Bo Cui, P. Banerjee Washington State University NASPI March 2017 Outline

More information

Changing face of endpoint security

Changing face of endpoint security Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L

More information

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018 Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your

More information

Cyber Security and Privacy Issues in Smart Grids

Cyber Security and Privacy Issues in Smart Grids Cyber Security and Privacy Issues in Smart Grids Acknowledgement: Slides by Hongwei Li from Univ. of Waterloo References Main Reference Liu, J. and Xiao, Y. and Li, S. and Liang, W. and Chen, C. Cyber

More information

Security

Security Security +617 3222 2555 info@citec.com.au Security With enhanced intruder technologies, increasingly sophisticated attacks and advancing threats, your data has never been more susceptible to breaches from

More information

Language for Control Systems

Language for Control Systems Cyber Security Procurement e Language for Control Systems Rita Wells Idaho National Laboratory Program Sponsor: National Cyber Security Division Control Systems Security Program Agenda Background Foundation

More information

Control Systems Cyber Security Awareness

Control Systems Cyber Security Awareness Control Systems Cyber Security Awareness US-CERT Informational Focus Paper July 7, 2005 Produced by: I. Purpose Focus Paper Control Systems Cyber Security Awareness The Department of Homeland Security

More information

NW NATURAL CYBER SECURITY 2016.JUNE.16

NW NATURAL CYBER SECURITY 2016.JUNE.16 NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING

More information

Bridging The Gap Between Industry And Academia

Bridging The Gap Between Industry And Academia Bridging The Gap Between Industry And Academia 14 th Annual Security & Compliance Summit Anaheim, CA Dilhan N Rodrigo Managing Director-Smart Grid Information Trust Institute/CREDC University of Illinois

More information

Process System Security. Process System Security

Process System Security. Process System Security Roel C. Mulder Business Consultant Emerson Process Management Sophistication of hacker tools, May 2006, Slide 2 Risk Assessment A system risk assessment is required to determine security level Security

More information

CoreMax Consulting s Cyber Security Roadmap

CoreMax Consulting s Cyber Security Roadmap CoreMax Consulting s Cyber Security Roadmap What is a Cyber Security Roadmap? The CoreMax consulting cyber security unit has created a simple process to access the unique needs of each client and allows

More information

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT ENERGY AUTOMATION - SMART GRID Restricted Siemens AG 20XX All rights reserved. siemens.com/answers Frederic Buchi, Energy Management Division, Siemens AG Cyber

More information

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements

More information

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry

More information

Institute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11

Institute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11 AUDITING ROBOTICS AND THE INTERNET OF THINGS (IOT) APRIL 9, 2018 PRESENTERS Kara Nagel Manager, Information Security Accenture Ryan Hopkins Assistant Director, Internal Audit Services Packaging Corp. of

More information

Designing and Building a Cybersecurity Program

Designing and Building a Cybersecurity Program Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity

More information

Who Goes There? Access Control in Water/Wastewater Siemens AG All Rights Reserved. siemens.com/ruggedcom

Who Goes There? Access Control in Water/Wastewater Siemens AG All Rights Reserved. siemens.com/ruggedcom WEAT Webinar Who Goes There? Access Control in Water/Wastewater Siemens AG 2018. siemens.com/ruggedcom ACCESS CONTROL WEBINAR TABLE OF CONTENTS TOPIC Why Access Control? Risks If Not Used Factors of Authentication

More information

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS Danielle M. Zeedick, Ed.D., CISM, CBCP Juniper Networks August 2016 Today s Objectives Goal Objectives To understand how holistic network

More information

The five questions I am being asked by National Policy Makers and Utility CEOs; My Best Answers; And Where the Questions Don't Have Answers

The five questions I am being asked by National Policy Makers and Utility CEOs; My Best Answers; And Where the Questions Don't Have Answers The five questions I am being asked by National Policy Makers and Utility CEOs; My Best Answers; And Where the Questions Don't Have Answers The 7th Annual North American SCADA and Process Control Summit

More information

Securing Industrial Control Systems

Securing Industrial Control Systems L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting

More information

Forecast to Industry 2016

Forecast to Industry 2016 Forecast to Industry 2016 Cyber Portfolio COL Brian Lyttle Program Executive Officer, Cyber 17 November 2016 UNCLASSIFIED 1 Our Mission Develop, integrate, and assure cyber capabilities in order to enable

More information

Run the business. Not the risks.

Run the business. Not the risks. Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.

More information

Interoperability and Standardization: The NIST Smart Grid Framework

Interoperability and Standardization: The NIST Smart Grid Framework Interoperability and Standardization: The NIST Smart Grid Framework GridWeek Asia George W. Arnold, Eng.Sc.D. National Coordinator for Smart Grid Interoperability National Institute of Standards and Technology

More information

CCISO Blueprint v1. EC-Council

CCISO Blueprint v1. EC-Council CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance

More information

Building Resilience in a Digital Enterprise

Building Resilience in a Digital Enterprise Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.

More information

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS PROTECT YOUR DAILY OPERATIONS FROM BEING COMPROMISED In today s data-driven society, connectivity comes with a cost.

More information

Addressing Cyber Threats in Power Generation and Distribution

Addressing Cyber Threats in Power Generation and Distribution Addressing Cyber Threats in Power Generation and Distribution VEO, Asko Tuomela o Bachelor of Science in Electrical Power Engineering o Over 6 years experience in power projects, PLCs and supervision systems

More information

Cyber Security for Process Control Systems ABB's view

Cyber Security for Process Control Systems ABB's view Kaspersky ICS Cybersecurity 2017, 2017-09-28 Cyber Security for Process Control Systems ABB's view Tomas Lindström, Cyber Security Manager, ABB Control Technologies Agenda Cyber security for process control

More information

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc. Cyber Security For Utilities Risks, Trends & Standards IEEE Toronto March 22, 2017 Doug Westlund Senior VP, AESI Inc. Agenda Cyber Security Risks for Utilities Trends & Recent Incidents in the Utility

More information

Intelligent Building and Cybersecurity 2016

Intelligent Building and Cybersecurity 2016 Intelligent Building and Cybersecurity 2016 Landmark Research Executive Summary 2016, Continental Automated Buildings Association Presentation Contents 1. About CABA, Compass Intelligence & This Research

More information

Protect Your Organization from Cyber Attacks

Protect Your Organization from Cyber Attacks Protect Your Organization from Cyber Attacks Leverage the advanced skills of our consultants to uncover vulnerabilities our competitors overlook. READY FOR MORE THAN A VA SCAN? Cyber Attacks by the Numbers

More information

Information Technology Enhancing Productivity and Securing Against Cyber Attacks

Information Technology Enhancing Productivity and Securing Against Cyber Attacks Information Technology Enhancing Productivity and Securing Against Cyber Attacks AGENDA Brief Overview of PortMiami Enhancing Productivity Using Technology Technology Being Using at the Port Cyber Attacks

More information

Smart utility connectivity

Smart utility connectivity 8 th ITU Symposium ICTs, Environment and Climate Change (Turin, Italy, 6-7 May 2013) Smart utility connectivity Paolo Gemma, WP3/5 Chairman Senior Expert, Huawei paolo.gemma@huawei.com Turin,Italy, 6-7

More information

Data Security and Privacy Principles IBM Cloud Services

Data Security and Privacy Principles IBM Cloud Services Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer

More information

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business

More information

CA Security Management

CA Security Management CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate

More information

THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS

THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS By Bill Graham and Michael Weinstein WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Driven by the convergence of cloud technology, rapidly

More information

Cybersecurity for the Electric Grid

Cybersecurity for the Electric Grid Cybersecurity for the Electric Grid Electric System Regulation, CIP and the Evolution of Transition to a Secure State A presentation for the National Association of Regulatory Utility Commissioners March

More information

Toronto Hydro-Electric System Limited EB Exhibit G1 Tab 1 Schedule 1 ORIGINAL Page 1 of 15 SMART GRID PLAN

Toronto Hydro-Electric System Limited EB Exhibit G1 Tab 1 Schedule 1 ORIGINAL Page 1 of 15 SMART GRID PLAN EB-00-0 Exhibit G Tab Schedule Page of 0 SMART GRID PLAN INTRODUCTION This Exhibit presents THESL s plans for development of the smart grid in keeping with the Green Energy and Green Economy Act, 00 (

More information

Protecting Your Cloud

Protecting Your Cloud WHITE PAPER Protecting Your Cloud Maximize security in cloud-based solutions EXECUTIVE SUMMARY With new cloud technologies introduced daily, security remains a key focus. Hackers and phishers capable of

More information

Cyberspace : Privacy and Security Issues

Cyberspace : Privacy and Security Issues Cyberspace : Privacy and Security Issues Chandan Mazumdar Professor, Dept. of Computer Sc. & Engg Coordinator, Centre for Distributed Computing Jadavpur University November 4, 2017 Agenda Cyberspace Privacy

More information

Intelligent Buildings and Cybersecurity

Intelligent Buildings and Cybersecurity Intelligent Buildings and Cybersecurity March 14-18,2017 Frankfurt, Germany Ron Zimmer CABA President & CEO www.caba.org Connect to what s next 1 CABA Board of Directors and Vision CABA Vision Statement

More information

N-Dimension n-platform 340S Unified Threat Management System

N-Dimension n-platform 340S Unified Threat Management System N-Dimension n-platform 340S Unified Threat Management System Firewall Router Site-to-Site VPN Remote-Access VPN Serial SCADA VPN Proxy Anti-virus SCADA IDS Port Scanner Vulnerability Scanner System & Service

More information

Statement for the Record

Statement for the Record Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before

More information

OpenWay Security Overview

OpenWay Security Overview OpenWay Security Overview Scott Palmquist Sr. Product Manager Ido Dubrawsky Sr. Principal Systems Engineer 2011, Itron Inc. All rights reserved. 1 Introduction 3 Regulatory and Industry Drivers 4 NISTIR

More information

New Guidance on Privacy Controls for the Federal Government

New Guidance on Privacy Controls for the Federal Government New Guidance on Privacy Controls for the Federal Government IAPP Global Privacy Summit 2012 March 9, 2012 Dr. Ron Ross Computer Security Division, NIST Martha Landesberg, J.D., CIPP/US The Privacy Office,

More information

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002 ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION

More information