Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.
|
|
- Linda Morton
- 5 years ago
- Views:
Transcription
1 Securing the Smart Grid Understanding the BIG Picture The Power Grid The electric power system is the most capital-intensive infrastructure in North America. The system is undergoing tremendous change that will unfold over a number of years. As the grid is modernized, it will become highly automated, leverage information technology more fully, and become more capable in managing energy from a variety of distributed sources. In this process of becoming increasingly smarter, the grid will expand to contain more interconnections that may become portals for intrusions, error-caused disruptions, malicious attacks, and other threats. 2 The Power Grid The convergence of the information and communication infrastructure with the electric power grid introduces new security and privacy-related challenges. The introduction of these technologies to the electric sector also presents opportunities to increase the reliability of the power system, to make it more capable and more resilient to withstand attacks, equipment failures, human errors, natural disasters, and other threats. These greatly improved monitoring and control capabilities must include cyber security solutions in the development process rather than as a retrofit. 3 Corporate Risk Solutions, Inc. 1
2 The Power Grid Interoperability of Components Interoperability can be defined as the ability of two or more systems or components to exchange information and to use the information that has been exchanged. The second part of this definition is very important: not only must computer systems exchange information, but they must also be able to understand that information. 4 Advanced Metering Infrastructure (AMI) AMI will provide two-way communications between customers and utilities. This is really what the smart grid is all about. AMI is widely considered to consist of several components. These include: Smart Meter Customer Gateway AMI Communication Network AMI Headend 5 Advanced Metering Infrastructure (AMI) Lesser versions of AMI systems include automated meter reading (AMR) systems that allow remote reading of measurement registers, and automatic meter management (AMM) systems that extend AMR capability with the ability to manage meters remotely. Such devices will allow for numerous advanced capabilities. Several of these that have been proposed include: track customer usage such as total energy consumption remotely connect and disconnect customers send out alarms in case of problems provide real-time pricing send power quality data remotely receive firmware upgrades in order to update software and incorporate new functionality such as providing customers the ability to manage their own energy consumption more accurately. 6 Corporate Risk Solutions, Inc. 2
3 Smart Grid Domains Although most Smart Grid issues impact all aspects of electric energy delivery, it is convenient to separate the issues into different domains. These domains are: Central generation (and storage), including traditional power plants, renewable energy plants, and other large sources of energy Distributed energy resources, consisting of smaller sources of generation and storage predominantly interconnected at the distribution level, such as photovoltaics, small wind, and plug-in hybrid electric vehicles Transmission system, including ISOs, transmission operations, planning, and maintenance, as well as substation automation and synchrophasor measurements 7 Smart Grid Domains Distribution system, including distribution operations, automation, planning, and maintenance Customer utility interactions, covering utility to customer interactions with respect to metering, energy services, PHEVs, and interfaces to customer gateways (with sub-domains of C&I customers and residential/small commercial customers) Market operations, including energy market, ancillary services, demand response, load management, feed-in tariffs, pollutant cap-and-trade, and other market-based approaches Building, homes, and industries, covering building management systems, home area networks, industrial energy management systems, and other customer systems. 8 Smart Grid Domains 9 Corporate Risk Solutions, Inc. 3
4 The Smart Grid Characteristics Self-healing Empowers and incorporates the consumer Resilient to physical and cyber attacks Provides power quality needed by 21st century users Accommodates a wide variety of generation options Fully enables maturing electricity markets Optimizes assets Source: The US National Energy Technology Laboratory 10 Smart Grid Technology Sensors Monitoring and detecting the data Communications Moving the data through the build of networks First-level integration Collecting the data Centralized control Using the data for visualization and control Security Protecting the data with Security Services & Solutions Full integration Integrating the data with the rest of the business Services and Applications Using the data in new ways Source: The Emerging Smart Grid, Global Environment Fund - Centre for Smart Energy 11 Smart Grid Cyber Security Drivers Increasing Interconnection and Integration Increasing Use of COTS Hardware and Software New 2-Way Systems (e.g. AMI, DSM) New Customer Touch Points into Utilities Control Systems Not Designed with Security in Mind Increasing Number Of Systems and Size of Code Base Increased Attack Surface Increased Risk to Operations 12 Corporate Risk Solutions, Inc. 4
5 Potential Cyber Security Issues to the Smart Grid Include: Increasing complexity that could introduce vulnerabilities and increase exposure to potential attackers; Without proper planning, a natural- or man-made event could disable the communications infrastructure, rendering the smart grid ineffective at coping with an emergency situation; A cyber intruder could compromise electricity use data and send false information to the utility and either lower or increase the billing, depending upon the motivation; Linked networks can introduce common vulnerabilities; 13 Potential cyber security issues to the Smart Grid include: Increasing vulnerabilities to communication disruptions and introduction of malicious software that could result in denial of service or compromise the integrity of software and systems; Increased number of entry points and paths for potential adversaries to exploit; Potential for compromise of data confidentiality, including the breach of customer privacy; and 14 Potential cyber security issues to the Smart Grid include: Compromise of the automated device/service control functionality of the Smart Grid devices, in such a way that significantly disrupts, impairs, or destroys the self-sensing and monitoring, self-adaptive, self-healing electricity generation, transmission, and distribution infrastructure. 15 Corporate Risk Solutions, Inc. 5
6 Functional Requirements for Cross- Cutting Areas Cyber and Physical Security Security policies, as well as training and enforcement Security risk assessment Security requirements Security specifications Identify establishment Authentication Confidentiality Integrity Availability Non-repudiation / Accountability Intrusion detection Audit logging and reporting 16 Functional Requirements for Cross- Cutting Areas Network and System Management Network design to meet performance and security requirements System design with embedded security tools and mechanisms Specifications and Engineering Specifications need to map the business or functional requirements into engineering requirements Engineering design and implementation is needed to develop products and systems from the specifications Integration is needed to interconnect all the equipment and systems into a functioning whole. 17 Functional Requirements for Cross- Cutting Areas Conformance and Interoperability Testing Conformance testing for vendors against standards Interoperability testing of two or more systems with each other to ensure interoperability 18 Corporate Risk Solutions, Inc. 6
7 Cyber Solutions - Defense in Depth Perimeter Protection Firewall, IPS, VPN, AV Host IDS, Host AV DMZ Physical Security Interior Security Firewall, IDS, VPN, AV Host IDS, Host AV IEEE P1711 (Serial Connections) NAC IDS Intrusion Detection System Scanning IPS Intrusion Prevention System Monitoring DMZ DeMilitarized Zone Management VPN Virtual Private Network (encrypted) AV Anti-Virus (anti-malware) Processes NAC Network Admission Control 19 Recommendations View cyber security as a critical element of your Smart Grid deployment Apply the defense in depth concept isolating and segregating systems and applications, then allow selected connectivity Best accomplished at the foundational / design level Establish a security management system you can t manage what you can t measure Involve your vendors and interconnected partners Embed into your corporate governance systems Develop and track business case: Project by project basis Integrated system 20 References Study of Security Attributes of Smart Grid Systems Current Cyber Security Issues Idaho National Labs April 2009 Cyber Security and the Smart Grid Ontario Smart Grid Forum November 2008 Cyber Security Issues for Advanced Metering Infrastructure - IEEE T&D Conference - April 2008 Proposed Smart Grid Reference Arch & Roadmap - NIST - March 15, 2009 Guidelines for Smart Grid Cyber Security NIST - NISTIR 7628 August 2010 Smart Grid Standards Overview Erich W. Gunther February Corporate Risk Solutions, Inc. 7
8 Phil Sobol CISSP,CISA,CSSA,C EH,CNA 22 Corporate Risk Solutions, Inc. 8
EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use
EPRI Research Overview IT/Security Focus November 29, 2012 Mark McGranaghan VP, Power Delivery and Utilization Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use Transmission
More informationSmart Grid vs. The NERC CIP
Smart Grid vs. The NERC CIP Tobias Whitney, MBA GE Smart Grid Center of Excellence 1 First The Bottom Line Security & Privacy are paramount Smart Grid concerns of regulators and the public Currently every
More informationSecurity and Privacy Issues In Smart Grid
Security and Privacy Issues In Smart Grid J. Liu and Y. Xiao, S. Li, W. Liang, C. Chen IEEE COMMUNICATIONS SURVEYS & TUTORIALS, to appear Wednesday, September 26, 2012 Mohamed M. E. A. Mahmoud PhD, PDF,
More informationSummary of Cyber Security Issues in the Electric Power Sector
Summary of Cyber Security Issues in the Electric Power Sector Jeff Dagle, PE Chief Electrical Engineer Energy Technology Development Group Pacific Northwest National Laboratory (509) 375-3629 jeff.dagle@pnl.gov
More informationTABLE OF CONTENTS. Section Description Page
GPA Cybersecurity TABLE OF CONTENTS Section Description Page 1. Cybersecurity... 1 2. Standards... 1 3. Guides... 2 4. Minimum Hardware/Software Requirements For Secure Network Services... 3 4.1. High-Level
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationLESSONS LEARNED IN SMART GRID CYBER SECURITY
LESSONS LEARNED IN SMART GRID CYBER SECURITY Lynda McGhie CISSP, CISM, CGEIT Quanta Technology Executive Advisor Smart Grid Cyber Security and Critical Infrastructure Protection lmcghie@quanta-technology.com
More informationFuture Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group
Future Challenges and Changes in Industrial Cybersecurity Sid Snitkin VP Cybersecurity Services ARC Advisory Group Srsnitkin@ARCweb.com Agenda Industrial Cybersecurity Today Scope, Assumptions and Strategies
More informationSEGRID storyline. Workshop SEGRID November 14 th, 2016, Barcelona, Spain
Workshop SEGRID November 14 th, 2016, Barcelona, Spain SEGRID storyline This project has received funding from the European Union s Seventh Framework Programme for research, technological development and
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationProtecting Control Systems from Cyber Attack: A Primer on How to Safeguard Your Utility May 15, 2012
Protecting Control Systems from Cyber Attack: A Primer on How to Safeguard Your Utility May 15, 2012 Paul Kalv Electric Director, Chief Smart Grid Systems Architect, City of Leesburg Doug Westlund CEO,
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationi-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS
i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS siemens.com/ruggedcom INTERACTIVE REMOTE ACCESS INTELLIGENT ELECTRONIC DEVICES Intelligent Electronic Devices (IEDs) Devices that can provide real-time
More informationSmart Grid Task Force
Smart Grid Task Force Workshop meeting Mladen Kezunovic Texas A&M University it Coordinator PSerc Workshop August st10-13, 13 2009 Breckenridge CO Agenda 1:30-3:00pm PSerc Smart Grid Task Force PSerc Smart
More informationDmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices
Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices Against Cyber Attacks (CODEF) Cyber Security of the
More informationFirewalls (IDS and IPS) MIS 5214 Week 6
Firewalls (IDS and IPS) MIS 5214 Week 6 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part
More informationExpanding Cyber Security Management for Critical Infrastructure
Expanding Cyber Security Management for Critical Infrastructure ISSE Wednesday 15 th November 17, Brussels Dr Andrew Hutchison, Telekom Security andrew.hutchison@t-systems.com OVERVIEW Attack Surface expands
More informationCisco Smart Grid. Powering End-to-End Communications. Annette Winston Sr. Mgr., Product Operations Customer Value Chain Management
Cisco Smart Grid Powering End-to-End Communications Annette Winston Sr. Mgr., Product Operations Customer Value Chain Management 21 October 2010 What is the Smart Grid? A digital superstructure which uses
More informationCyber Criminal Methods & Prevention Techniques. By
Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation
More informationCyber Security Update. Bennett L. Gaines Senior Vice President, Corporate Services, CIO, FirstEnergy 2012 Summer Seminar August 5-7, 2012
Cyber Security Update Bennett L. Gaines Senior Vice President, Corporate Services, CIO, FirstEnergy 2012 Summer Seminar August 5-7, 2012 Agenda Timeline Regulatory / Compliance Environment Smart Grid Threats
More informationVirtustream Cloud and Managed Services Solutions for US State & Local Governments and Education
Data Sheet Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education Available through NASPO ValuePoint Cloud Services VIRTUSTREAM CLOUD AND MANAGED SERVICES SOLUTIONS
More informationTRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID TCIPG.ORG
FROM SECURITY TO RESILIENCY: OPPORTUNITIES AND CHALLENGES FOR THE SMART GRID S CYBER INFRASTRUCTURE APRIL 20, 2015 BILL SANDERS UNIVERSITY OF ILLINOIS DARTMOUTH COLLEGE UC DAVIS WASHINGTON STATE UNIVERSITY
More informationMeasurement Challenges and Opportunities for Developing Smart Grid Testbeds
Measurement Challenges and Opportunities for Developing Smart Grid Testbeds 10th Carnegie Mellon Conference on the Electricity Industry April 1, 2015 Paul Boynton boynton@nist.gov Testbed Manager Smart
More informationCyber Security for Renewable Energy Systems
Cyber Security for Renewable Energy Systems Asia Pacific Clean Energy Summit August 31, 2010 Juan J. Torres Manager, Energy Systems Analysis Sandia National Laboratories jjtorre@sandia.gov Sandia is a
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationOpenWay by Itron Security Overview
Itron White Paper OpenWay by Itron OpenWay by Itron Security Overview Kip Gering / R. Eric Robinson Itron Marketing / Itron Engineering 2009, Itron Inc. All rights reserved. 1 Executive Summary 3 Intent
More informationRealizing the Smart Grid - A Solutions Provider's Perspective David G. Hart July Elster. All rights reserved.
Realizing the Smart Grid - A Solutions Provider's Perspective David G. Hart July 2009 2009 Elster. All rights reserved. What is the Smart Grid? 2009 Elster. All rights reserved. 2 Smart Grid Two Way Communications..Sensors...Distributed
More informationMethods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment
S&L Logo Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment Date: October 24, 2017 Authors/Presenters: J. Matt Cole, PE
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationIdentity-Based Cyber Defense. March 2017
Identity-Based Cyber Defense March 2017 Attackers Continue to Have Success Current security products are necessary but not sufficient Assumption is you are or will be breached Focus on monitoring, detecting
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationThe Next Generation Grid: Electric Power T & D
The Next Generation Grid: Electric Power T & D Kurt Yeager www.galvinpower.org April 20, 2009 Forward to Fundamentals Electricity is the engine of prosperity and quality of life Electricity is a consumer
More informationBUILDING A SMARTER SMART GRID: COUNTERACTING CYBER-THREATS IN ENERGY DISTRIBUTION
BUILDING A SMARTER SMART GRID: COUNTERACTING CYBER-THREATS IN ENERGY DISTRIBUTION INNOVATORS START HERE. EXECUTIVE SUMMARY Energy providers have arrived at a new frontier. Behind them lies the existing
More informationPotential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group
Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group Submitted on behalf of the U.S. Department of Energy National
More informationIndustry Best Practices for Securing Critical Infrastructure
Industry Best Practices for Securing Critical Infrastructure Cyber Security and Critical Infrastructure AGENDA - Difference between IT and OT - Real World Examples of Cyber Attacks Across the IT/OT Boundary
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationThe role of ICT in managing the complex Smart Grid Infrastructure. Nampuraja Enose Infosys Labs
The role of ICT in managing the complex Smart Grid Infrastructure Nampuraja Enose Infosys Labs Smart Grid The Smart Grid isn t a thing, but rather a Vision for the power system of the future Its a mix
More informationProtecting productivity with Industrial Security Services
Protecting productivity with Industrial Security Services Identify vulnerabilities and threats at an early stage. Take proactive measures. Achieve optimal long-term plant protection. usa.siemens.com/industrialsecurityservices
More informationGreen California Summit. Paul Clanon Executive Director California Public Utilities Commission April 19, 2011
Green California Summit Paul Clanon Executive Director California Public Utilities Commission April 19, 2011 1 Presentation Overview What is Smart Grid Why Smart Grid California s Commitment to Smart Grid
More informationInnovation policy for Industry 4.0
Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering Committee Confindustria Digitale Director Strategy & Technologies - Security & IS Division, Leonardo Agenda
More informationCyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies
Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies lwihl@scalable-networks.com 2 The Need OT security particularly in the
More informationSecurity analysis and assessment of threats in European signalling systems?
Security analysis and assessment of threats in European signalling systems? New Challenges in Railway Operations Dr. Thomas Störtkuhl, Dr. Kai Wollenweber TÜV SÜD Rail Copenhagen, 20 November 2014 Slide
More informationTop 10 ICS Cybersecurity Problems Observed in Critical Infrastructure
SESSION ID: SBX1-R07 Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure Bryan Hatton Cyber Security Researcher Idaho National Laboratory In support of DHS ICS-CERT @phaktor 16 Critical
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More informationGrid Modernization Challenges for the Integrated Grid
Grid Modernization Challenges for the Integrated Grid Mark McGranaghan VP, Distribution and Utilization Electric Power Research Institute Wednesday 21 JUN 2017 PowerTech 2017 Manchester The Vision An Integrated
More informationToward All-Hazards Security and Resilience for the Power Grid
Toward All-Hazards Security and Resilience for the Power Grid Juan Torres Associate Laboratory Director, Energy Systems Integration National Renewable Energy Laboratory December 6, 2017 1 Grid Modernization
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationRisk-Based Cyber Security for the 21 st Century
Risk-Based Cyber Security for the 21 st Century 7 th Securing the E-Campus Dartmouth College July 16, 2013 Dr. Ron Ross Computer Security Division Information Technology Laboratory NATIONAL INSTITUTE OF
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationDigital Wind Cyber Security from GE Renewable Energy
Digital Wind Cyber Security from GE Renewable Energy BUSINESS CHALLENGES The impact of a cyber attack to power generation operations has the potential to be catastrophic to the renewables industry as well
More informationFailure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data
Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data Anurag Srivastava, Bo Cui, P. Banerjee Washington State University NASPI March 2017 Outline
More informationChanging face of endpoint security
Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L
More informationBoston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018
Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your
More informationCyber Security and Privacy Issues in Smart Grids
Cyber Security and Privacy Issues in Smart Grids Acknowledgement: Slides by Hongwei Li from Univ. of Waterloo References Main Reference Liu, J. and Xiao, Y. and Li, S. and Liang, W. and Chen, C. Cyber
More informationSecurity
Security +617 3222 2555 info@citec.com.au Security With enhanced intruder technologies, increasingly sophisticated attacks and advancing threats, your data has never been more susceptible to breaches from
More informationLanguage for Control Systems
Cyber Security Procurement e Language for Control Systems Rita Wells Idaho National Laboratory Program Sponsor: National Cyber Security Division Control Systems Security Program Agenda Background Foundation
More informationControl Systems Cyber Security Awareness
Control Systems Cyber Security Awareness US-CERT Informational Focus Paper July 7, 2005 Produced by: I. Purpose Focus Paper Control Systems Cyber Security Awareness The Department of Homeland Security
More informationNW NATURAL CYBER SECURITY 2016.JUNE.16
NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING
More informationBridging The Gap Between Industry And Academia
Bridging The Gap Between Industry And Academia 14 th Annual Security & Compliance Summit Anaheim, CA Dilhan N Rodrigo Managing Director-Smart Grid Information Trust Institute/CREDC University of Illinois
More informationProcess System Security. Process System Security
Roel C. Mulder Business Consultant Emerson Process Management Sophistication of hacker tools, May 2006, Slide 2 Risk Assessment A system risk assessment is required to determine security level Security
More informationCoreMax Consulting s Cyber Security Roadmap
CoreMax Consulting s Cyber Security Roadmap What is a Cyber Security Roadmap? The CoreMax consulting cyber security unit has created a simple process to access the unique needs of each client and allows
More informationДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT
ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT ENERGY AUTOMATION - SMART GRID Restricted Siemens AG 20XX All rights reserved. siemens.com/answers Frederic Buchi, Energy Management Division, Siemens AG Cyber
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationInstitute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11
AUDITING ROBOTICS AND THE INTERNET OF THINGS (IOT) APRIL 9, 2018 PRESENTERS Kara Nagel Manager, Information Security Accenture Ryan Hopkins Assistant Director, Internal Audit Services Packaging Corp. of
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationWho Goes There? Access Control in Water/Wastewater Siemens AG All Rights Reserved. siemens.com/ruggedcom
WEAT Webinar Who Goes There? Access Control in Water/Wastewater Siemens AG 2018. siemens.com/ruggedcom ACCESS CONTROL WEBINAR TABLE OF CONTENTS TOPIC Why Access Control? Risks If Not Used Factors of Authentication
More informationHOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS
HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS Danielle M. Zeedick, Ed.D., CISM, CBCP Juniper Networks August 2016 Today s Objectives Goal Objectives To understand how holistic network
More informationThe five questions I am being asked by National Policy Makers and Utility CEOs; My Best Answers; And Where the Questions Don't Have Answers
The five questions I am being asked by National Policy Makers and Utility CEOs; My Best Answers; And Where the Questions Don't Have Answers The 7th Annual North American SCADA and Process Control Summit
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationForecast to Industry 2016
Forecast to Industry 2016 Cyber Portfolio COL Brian Lyttle Program Executive Officer, Cyber 17 November 2016 UNCLASSIFIED 1 Our Mission Develop, integrate, and assure cyber capabilities in order to enable
More informationRun the business. Not the risks.
Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.
More informationInteroperability and Standardization: The NIST Smart Grid Framework
Interoperability and Standardization: The NIST Smart Grid Framework GridWeek Asia George W. Arnold, Eng.Sc.D. National Coordinator for Smart Grid Interoperability National Institute of Standards and Technology
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationSECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS
SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS PROTECT YOUR DAILY OPERATIONS FROM BEING COMPROMISED In today s data-driven society, connectivity comes with a cost.
More informationAddressing Cyber Threats in Power Generation and Distribution
Addressing Cyber Threats in Power Generation and Distribution VEO, Asko Tuomela o Bachelor of Science in Electrical Power Engineering o Over 6 years experience in power projects, PLCs and supervision systems
More informationCyber Security for Process Control Systems ABB's view
Kaspersky ICS Cybersecurity 2017, 2017-09-28 Cyber Security for Process Control Systems ABB's view Tomas Lindström, Cyber Security Manager, ABB Control Technologies Agenda Cyber security for process control
More informationCyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.
Cyber Security For Utilities Risks, Trends & Standards IEEE Toronto March 22, 2017 Doug Westlund Senior VP, AESI Inc. Agenda Cyber Security Risks for Utilities Trends & Recent Incidents in the Utility
More informationIntelligent Building and Cybersecurity 2016
Intelligent Building and Cybersecurity 2016 Landmark Research Executive Summary 2016, Continental Automated Buildings Association Presentation Contents 1. About CABA, Compass Intelligence & This Research
More informationProtect Your Organization from Cyber Attacks
Protect Your Organization from Cyber Attacks Leverage the advanced skills of our consultants to uncover vulnerabilities our competitors overlook. READY FOR MORE THAN A VA SCAN? Cyber Attacks by the Numbers
More informationInformation Technology Enhancing Productivity and Securing Against Cyber Attacks
Information Technology Enhancing Productivity and Securing Against Cyber Attacks AGENDA Brief Overview of PortMiami Enhancing Productivity Using Technology Technology Being Using at the Port Cyber Attacks
More informationSmart utility connectivity
8 th ITU Symposium ICTs, Environment and Climate Change (Turin, Italy, 6-7 May 2013) Smart utility connectivity Paolo Gemma, WP3/5 Chairman Senior Expert, Huawei paolo.gemma@huawei.com Turin,Italy, 6-7
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationMeeting PCI DSS 3.2 Compliance with RiskSense Solutions
Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business
More informationCA Security Management
CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate
More informationTHE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS
THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS By Bill Graham and Michael Weinstein WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Driven by the convergence of cloud technology, rapidly
More informationCybersecurity for the Electric Grid
Cybersecurity for the Electric Grid Electric System Regulation, CIP and the Evolution of Transition to a Secure State A presentation for the National Association of Regulatory Utility Commissioners March
More informationToronto Hydro-Electric System Limited EB Exhibit G1 Tab 1 Schedule 1 ORIGINAL Page 1 of 15 SMART GRID PLAN
EB-00-0 Exhibit G Tab Schedule Page of 0 SMART GRID PLAN INTRODUCTION This Exhibit presents THESL s plans for development of the smart grid in keeping with the Green Energy and Green Economy Act, 00 (
More informationProtecting Your Cloud
WHITE PAPER Protecting Your Cloud Maximize security in cloud-based solutions EXECUTIVE SUMMARY With new cloud technologies introduced daily, security remains a key focus. Hackers and phishers capable of
More informationCyberspace : Privacy and Security Issues
Cyberspace : Privacy and Security Issues Chandan Mazumdar Professor, Dept. of Computer Sc. & Engg Coordinator, Centre for Distributed Computing Jadavpur University November 4, 2017 Agenda Cyberspace Privacy
More informationIntelligent Buildings and Cybersecurity
Intelligent Buildings and Cybersecurity March 14-18,2017 Frankfurt, Germany Ron Zimmer CABA President & CEO www.caba.org Connect to what s next 1 CABA Board of Directors and Vision CABA Vision Statement
More informationN-Dimension n-platform 340S Unified Threat Management System
N-Dimension n-platform 340S Unified Threat Management System Firewall Router Site-to-Site VPN Remote-Access VPN Serial SCADA VPN Proxy Anti-virus SCADA IDS Port Scanner Vulnerability Scanner System & Service
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationOpenWay Security Overview
OpenWay Security Overview Scott Palmquist Sr. Product Manager Ido Dubrawsky Sr. Principal Systems Engineer 2011, Itron Inc. All rights reserved. 1 Introduction 3 Regulatory and Industry Drivers 4 NISTIR
More informationNew Guidance on Privacy Controls for the Federal Government
New Guidance on Privacy Controls for the Federal Government IAPP Global Privacy Summit 2012 March 9, 2012 Dr. Ron Ross Computer Security Division, NIST Martha Landesberg, J.D., CIPP/US The Privacy Office,
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More information