Securing the North American Electric Grid
|
|
- Adele Francis
- 5 years ago
- Views:
Transcription
1 SESSION ID: TECH-R02 Securing the North American Electric Grid Marcus H. Sachs, P.E. SVP and CSO North American Electric Reliability
2 Critical Infrastructure s Common Denominator Most critical infrastructures depend on cyber networks for data exchange Likewise, the cyber infrastructures depend on the physical world for the movement of the data Fiber optic cables Copper wires Microwave and satellite systems But all infrastructures depend on electricity The power grid is the real common denominator 2
3 Energy Grids Energy was originally produced and consumed in the same geographic area Water power Gas and oil heat Electricity generators Since the mid-20th century, most nations have moved towards a grid-based system Energy management and distribution efficiencies are gained through grids Grid distribution systems also have vulnerabilities 3
4 US/Canadian Electric Power Grid The US/Canadian domestic power grid is divided into two major regions: The Eastern Interconnection The Western Interconnection...and three minor regions: The Alaska Interconnection The Québec Interconnection The Texas Interconnection 4
5 NERC Regional Entities and Interconnections Florida Reliability Coordinating Council Midwest Reliability Organization Northeast Power Coordinating Council, Inc. ReliabilityFirst Corporation SERC Reliability Corporation Southwest Power Pool, Inc. Texas Reliability Entity Western Electricity Coordinating Council 5
6 NERC Reliability Coordinators 6
7 Energy Balance Power Generated Power Imported Demand Power Exported Losses MW Daily Load Curve Hour Frequency in Hz 7
8 NERC Balancing Authorities 8
9 345kv+ US Electricity Grid 9
10 Electric Power Control Systems SCADA Supervisory Control and Data Acquisition EMS Energy Management System Also ECS - Energy Control System, TMS Transmission Management System GMS Generation Management System DCS Distributed Control System Distributed processing closer to inputs and outputs Generally, at a generating plant SA Substation Automation At a transmission substation DA Distribution Automation At a distribution substation or on a distribution pole top 10
11 Substation Automation Control System Source: gration%20considerations%20for%20large%20scale%20iec% %20systems.pdf (modified) 11
12 Control Rooms at Control Centers 12
13 Electricity Threat Landscape
14 Threat Defense/Mitigation
15 Most Common Threat Agents 15
16 Natural Threats - Lightning 16
17 Natural Threats Floods, Wind, Ice 17
18 Operational Threats Fire 18
19 Targeted Threats Pipe Bombs 19
20 Targeted Threats IEDs 20
21 Targeted Threats Gun Shots 21
22 Criminal Threats - Copper Theft 22
23 Cy bear Threats 23
24 Most Common Cyber Threat to Utilities 24
25 Some Cyber Threats Result in Power Loss 25
26 Notice to Customers of a Cyber Attack 26
27 Ukraine s Electric Grid 27
28 The Targets Four of a total of 23 Oblenergos in Ukraine, each primarily providing power distribution (as well as some generation and transmission functions) were targeted The attacks were synchronized and coordinated, and likely were preceded by extensive reconnaissance On December 23, 2015 breaker controls at three of the four electricity distribution providers came under remote control of the attackers The fourth provider thwarted the attack by removing remote access functionality 28
29 The Fourth Target One of the four victim Oblenergos did not lose power What did they do right? Weeks before the event, the Ukraine CERT ( issued a warning about malware being used to harvest credentials for falsifying remote access authentication The fourth Oblenergo acted on that information and removed remote access to their control systems Attackers were unable to gain remote access on December 23 rd This action reinforces the need for all entities to both share timely information, as well as act quickly on information received 29
30 Sequence of Events Pre Attack Nine months before the December 2015 event - Spear phishing Microsoft Office attachments Macros pulled down additional tools including BlackEnergy Additional similar phishing reported in January, 2016 November 21, Transmission towers blown up Months or weeks before the event Credential harvesting User names and passwords used to gain additional access and move laterally VPN logins using harvested credentials enabled remote access to control systems Unknown whether intruders use BlackEnergy or some other remote access program like DropBear or Kryptik 30
31 Defense Use Case TLP WHITE document Available to general public via 31
32 Prevention Recommendations Follow and implement industry best practices (Top 20 Controls) Develop and exercise contingency plans for safe shutdown Use application whitelisting (AWL) when available to detect and prevent attempted execution of unauthorized software HMI, historian, and similar systems are good candidates for AWL RTUs, PLCs, and similar devices may not be compatible with AWL Isolate ICS and SCADA networks from all untrusted networks, especially the Internet Turn off unused ports and services Reduce or eliminate any data paths between control networks and public networks Limit remote two-way access functionality as much as possible Use multi-factor authentication when remote access is necessary Audit and monitor any trusted external connections 32
33 Latest Issue: IoT Devices 33
34 Apply What You Have Learned Today Next week you should: Identify electric utility dependencies within your organization Identify any control systems in your organization In the first three months following this presentation you should: Develop plans for business continuity during lengthy power outages Examine your own control system perimeter for weaknesses Within six months you should: Hold at least one table-top exercise to work through a multi-day power outage Review your organization s business continuity plans and revise as needed 34
35 Learn More About Us! Sign up online at Download our how to guides Brochure Understanding Your E-ISAC Engaging the E-ISAC 35
36 36
Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016
Grid Security & NERC Council of State Governments The Future of American Electricity Policy Academy Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016 1965 Northeast blackout
More informationGrid Security & NERC
Grid Security & NERC Janet Sena, Senior Vice President, Policy and External Affairs Southern States Energy Board 2017 Associate Members Winter Meeting February 27, 2017 Recent NERC History Energy Policy
More informationBILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers
This document is scheduled to be published in the Federal Register on 07/28/2016 and available online at http://federalregister.gov/a/2016-17854, and on FDsys.gov BILLING CODE 6717-01-P DEPARTMENT OF ENERGY
More informationCyber and Physical Security: Lessons Learned From the Electric Industry. Joel dejesus Dinsmore & Shohl LLP Washington, DC
Cyber and Physical Security: Lessons Learned From the Electric Industry Joel dejesus Dinsmore & Shohl LLP Washington, DC joel.dejesus@dinsmore.com For the Energy and Mineral Law Foundation, Kentucky Mineral
More informationMethods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment
S&L Logo Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment Date: October 24, 2017 Authors/Presenters: J. Matt Cole, PE
More informationTitle. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.
Critical Infrastructure Protection Getting Low with a Touch of Medium Title CanWEA Operations and Maintenance Summit 2018 January 30, 2018 George E. Brown Compliance Manager Acciona Wind Energy Canada
More informationPROTECTING MANUFACTURING and UTILITIES Industrial Control Systems
PROTECTING MANUFACTURING and UTILITIES Industrial Control Systems Mati Epstein Global Sales Lead, Critical Infrastructure and ICS [Internal Use] for Check Point employees 1 Industrial Control Systems (ICS)/SCADA
More informationNovember 29, ECE 421 Session 28. Utility SCADA and Automation. Presented by: Chris Dyer
ECE 421 Session 28 November 29, 2018 Utility SCADA and Automation Presented by: Chris Dyer Utility SCADA & Automation Chris Dyer, P.E. BSEE University of Idaho, 1997 SCADA & Automation Engineer POWER Engineers,
More informationLow Impact Generation CIP Compliance. Ryan Walter
Low Impact Generation CIP Compliance Ryan Walter Agenda Entity Overview NERC CIP Introduction CIP-002-5.1, Asset Classification What Should Already be Done CIP-003-7, Low Impact Requirements Tri-State
More informationIEC in Digital Substation and Cyber security
ABB GRID AUTOMATION IEC 61850 in Digital Substation and Cyber security 72 nd Annual Georgia Tech Protective Relaying Conference Steven Kunsman, May 4, 2018 The digital systems Communication services SV,
More informationCyber Security of Industrial Control Systems (ICSs)
Cyber Security of Industrial Control Systems (ICSs) February 23, 2016 Joe Weiss PE, CISM, CRISC, ISA Fellow Managing Partner Applied Control Solutions, LLC (408) 253-7934 joe.weiss@realtimeacs.com Applied
More informationJuly 12, Order No. 822, Revised Critical Infrastructure Protection Reliability Standards, 154 FERC 61,037, at P 64 (2016).
!! July 12, 2017 VIA ELECTRONIC FILING Veronique Dubois Régie de l'énergie Tour de la Bourse 800, Place Victoria Bureau 255 Montréal, Québec H4Z 1A2 Re: Remote Access Study Report Dear Ms. Dubois: On June
More informationOctober 05, ECE 421 Session 12. Utility SCADA and Automation. Presented by: Chris Dyer
ECE 421 Session 12 October 05, 2017 Utility SCADA and Automation Presented by: Chris Dyer Utility SCADA & Automation Chris Dyer, P.E. BSEE University of Idaho, 1997 SCADA & Automation Engineer POWER Engineers,
More informationDRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1
DRAFT Cyber Security Communications between Control Centers Technical Rationale and Justification for Reliability Standard CIP-012-1 March May 2018 NERC Report Title Report Date I Table of Contents Preface...
More informationCyber security for digital substations. IEC Europe Conference 2017
Cyber security for digital substations IEC 61850 Europe Conference 2017 Unrestricted Siemens 2017 siemens.com/gridsecurity Substation Digitalization process From security via simplicity 1st generation:
More informationIndustry Best Practices for Securing Critical Infrastructure
Industry Best Practices for Securing Critical Infrastructure Cyber Security and Critical Infrastructure AGENDA - Difference between IT and OT - Real World Examples of Cyber Attacks Across the IT/OT Boundary
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 10 Chapter X Security Performance Metrics Background For many years now, NERC and the electricity industry have taken actions to address cyber and physical
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 9 Chapter X Security Performance Metrics Background For the past two years, the State of Reliability report has included a chapter for security performance
More informationWhite Paper. The North American Electric Reliability Corporation Standards for Critical Infrastructure Protection
White Paper The North American Electric Reliability Corporation Standards for Critical Infrastructure Protection February, 2017 Introduction The North American Electric Reliability Corporation (NERC) maintains
More informationEssential Reliability Services NERC Staff Report
Essential Reliability Services NERC Staff Report Mark Lauby, Senior Vice President and Chief Reliability Officer Annual Meeting of the National Conference of State Legislators August 20, 2014 About NERC
More informationWide-Area Reliability Monitoring and Visualization Tools
OE Visualization and Controls Peer Review Wide-Area Reliability Monitoring and Visualization Tools Carlos Martinez CERTS - Electric Power Group 21 October 2008 Washington, D.C. Presentation Outline Research
More informationWhy Should You Care About Control System Cybersecurity. Tim Conway ICS.SANS.ORG
Why Should You Care About Control System Cybersecurity Tim Conway ICS.SANS.ORG Events Example #1 Dec 23, 2015 Cyber attacks impacting Ukrainian Power Grid Targeted, synchronized, & multi faceted Three
More informationCyber Security Brian Bostwick OSIsoft Market Principal for Cyber Security
Cyber Security Presented by Brian Bostwick OSIsoft Market Principal for Cyber Security Cyber Security Trauma in the News Saudi Aramco Restores Network After Shamoon Malware Attack Hacktivist-launched virus
More informationNORTH AMERICAN ELECTRIC RELIABILITY CORPORATION
NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION NARUC Energy Regulatory Partnership Program The Public Services Regulatory Commission of Armenia and The Iowa Utilities Board Janet Amick Senior Utility
More informationStandards. Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016
Standards Howard Gugel, Director of Standards Board of Trustees Meeting February 11, 2016 Balancing Authority Reliability-based Controls Reliability Benefits Data requirements for Balancing Authority (BA)
More informationHigh performance monitoring & Control ACE3600 Remote Terminal Unit
High performance monitoring & Control ACE3600 Remote Terminal Unit Empower Your SCADA Network Utilities, now more than ever, are facing newer and greater hurdles. Multiple wired and wireless communication
More informationNERC Overview and Compliance Update
NERC Overview and Compliance Update Eric Ruskamp Manager, Regulatory Compliance August 17, 2018 1 Agenda NERC Overview History Regulatory Hierarchy Reliability Standards Compliance Enforcement Compliance
More informationEnergy Security: A Global Challenge
A presentation from the 2009 Topical Symposium: Energy Security: A Global Challenge Hosted by: The Institute for National Strategic Studies of The National Defense University 29-30 September 2009 By SCOTT
More informationIndustrial Security - Protecting productivity. Industrial Security in Pharmaanlagen
- Protecting productivity Industrial Security in Pharmaanlagen siemens.com/industrialsecurity Security Trends Globally we are seeing more network connections than ever before Trends Impacting Security
More informationVulnerabilities in the North American Power Grid
Global Security Studies, Fall 2016, Volume 7, Issue 4 Vulnerabilities in the North American Power Grid Gabrielle Vianna Conflict Management and Resolution Graduate Program University of North Carolina
More informationCyber Security Incident Report
Cyber Security Incident Report Technical Rationale and Justification for Reliability Standard CIP-008-6 January 2019 NERC Report Title Report Date I Table of Contents Preface... iii Introduction... 1 New
More informationSECURING THE SUPPLY CHAIN
SECURING THE SUPPLY CHAIN BY Jerome Farquharson, CISSP, Donald Dustin Williams, PE, AND Courtney Buser The advance of smart grids, smart devices and increasingly interconnected systems provides exceptional
More informationBuilding a resilient ICS
Building a resilient ICS By Dr Jules Pagna Disso, @julesdisso Building a resilient Industrial Control System (ICS) 1: From ICS to Critical National Infrastructure 2: Thenatureof the problem 3: Building
More informationIowa State University
Iowa State University Cyber Security Smart Grid Testbed Senior Design, Final Report Dec 13-11 Derek Reiser Jared Pixley Rick Sutton Faculty Advisor: Professor Manimaran Govindarasu 1 Table of Contents
More informationEvolution of Control for the Power Grid
Evolution of Control for the Power Grid Anjan Bose Washington State University Pullman, WA, USA PaiFest In Honor of Prof. M. A. Pai Urbana-Champaign, IL October 15, 2015 The Past (before 1960s) Hard
More informationChapter X Security Performance Metrics
DRAFT February 19, 15 BES Security s Working Group Page 1 of 7 Chapter X Security Performance s 1 3 3 3 3 0 Background The State of Reliability 1 report noted that the NERC PAS was collaborating with the
More informationA Statistical Method for Synthetic Power Grid Generation based on the U.S. Western Interconnection
A Statistical Method for Synthetic Power Grid Generation based on the U.S. Western Interconnection Saleh Soltan, Gil Zussman Columbia University New York, NY Failures in Power Grids One of the most essential
More informationSecuring the Grid and Your Critical Utility Functions. April 24, 2017
Securing the Grid and Your Critical Utility Functions April 24, 2017 1 Securing the Grid Effectively and Efficiently Recent threats to the Electric Grid and the importance of security Standards and Requirements
More informationComprehensive Cyber Security Features in SIPROTEC & SICAM. SIPROTEC Dag 11. Mei 2017
Comprehensive Cyber Security Features in SIPROTEC & SICAM SIPROTEC Dag 11. Mei 2017 siemens.tld/keyword Changes to Substation Automation and Protection over Time Evolving Threat Landscape (tomorrow today...)
More informationControl Systems Cyber Security Awareness
Control Systems Cyber Security Awareness US-CERT Informational Focus Paper July 7, 2005 Produced by: I. Purpose Focus Paper Control Systems Cyber Security Awareness The Department of Homeland Security
More informationSCADA Security: How Do I Know If I ve Already Been Owned?
SESSION ID: SOP-W04 SCADA Security: How Do I Know If I ve Already Been Owned? Gib Sorebo Chief Cybersecurity Technologist Leidos @gibsorebo 17-Leidos-0918-1850 Overview Reasons for Concern Cybersecurity
More informationSecuring IEDs against Cyber Threats in Critical Substation Automation and Industrial Control Systems
Securing IEDs against Cyber Threats in Critical Substation Automation and Industrial Control Systems Eroshan Weerathunga, Anca Cioraca, Mark Adamiak GE Grid Solutions MIPSYCON 2017 Introduction Threat
More informationElectricity for Free? The Dirty Underbelly of SCADA and Smart Meters
sorry Electricity for Free? The Dirty Underbelly of SCADA and Smart Meters Jonathan Pollet, CISSP, CAP, PCIP July 2010 Table of Contents Introduction...3! Power Generation, Transmission, and Distribution...4!
More informationAddressing Cyber Threats in Power Generation and Distribution
Addressing Cyber Threats in Power Generation and Distribution VEO, Asko Tuomela o Bachelor of Science in Electrical Power Engineering o Over 6 years experience in power projects, PLCs and supervision systems
More informationSecuring the Network: Understanding CIA, Segmentation, and Zero Trust. Jacek Szamrej VP of Cybersecurity SEDC
Securing the Network: Understanding CIA, Segmentation, and Zero Trust Jacek Szamrej VP of Cybersecurity SEDC Jacek Szamrej VP of Cybersecurity SEDC C? A I What are we protecting? Confidentiality DATA Availability
More informationEssentials of Cyber Security Intelligence for Protecting ICS
November 3, 2016 Essentials of Cyber Security Intelligence for Protecting ICS Jeffery S. Bridgland Advisory Board Member N-Dimension Solutions jeff.bridgland@n-dimension.com Lots of Ground to Cover ICS
More informationplaybook OpShield for NERC CIP 5 sales PlAy
playbook OpShield for NERC CIP 5 sales PlAy OpShield for NERC CIP 5 The Problem U.S. bulk power entities are federally mandated to comply with NERC CIP requirements that dictate industrial security and
More informationThe five questions I am being asked by National Policy Makers and Utility CEOs; My Best Answers; And Where the Questions Don't Have Answers
The five questions I am being asked by National Policy Makers and Utility CEOs; My Best Answers; And Where the Questions Don't Have Answers The 7th Annual North American SCADA and Process Control Summit
More informationPresenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.
Presenter Jakob Drescher Industry Cyber Security 1 Cyber Security? Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks. Malware or network traffic
More informationCybersecurity for Energy Delivery Systems. Michael Assante & Tim Conway (Under contract to DOE through Idaho National Laboratory)
Cybersecurity for Energy Delivery Systems Michael Assante & Tim Conway (Under contract to DOE through Idaho National Laboratory) October, 2016 Agenda 1. Event deconstruction 2. Mitigations 3. Discussion
More informationFirewalls (IDS and IPS) MIS 5214 Week 6
Firewalls (IDS and IPS) MIS 5214 Week 6 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationMultistage Cyber-physical Attack and SCADA Intrusion Detection
Multistage Cyber-physical Attack and SCADA Intrusion Detection Workshop on European Smart Grid Cybersecurity: Emerging Threats and Countermeasures Belfast, 26 th August, 2016 Kieran McLaughlin, BooJoong
More informationCyber Security of Industrial Control Systems and Potential Impacts on Nuclear Power Plants
Cyber Security of Industrial Control Systems and Potential Impacts on Nuclear Power Plants IEEE NPEC April 18, 2006 Joe Weiss, PE, CISM KEMA, Inc. Joe.weiss@kema.com (408) 253-7934 2 Why are we here? Ostensibly:
More informationJim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas
Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas Facts expressed in this presentation are Facts Opinions express in this presentation are solely my own The voices I
More informationLesson Learned CIP Version 5 Transition Program
Lesson Learned CIP Version 5 Transition Program CIP-002-5: BES Cyber Assets Version: December 7, 2015 This document is designed to convey lessons learned from NERC s various CIP version 5 transition activities.
More informationExpanding Cyber Security Management for Critical Infrastructure
Expanding Cyber Security Management for Critical Infrastructure ISSE Wednesday 15 th November 17, Brussels Dr Andrew Hutchison, Telekom Security andrew.hutchison@t-systems.com OVERVIEW Attack Surface expands
More informationCIP Version 5 Evidence Request User Guide
CIP Version 5 Evidence Request User Guide Version 1.0 December 15, 2015 NERC Report Title Report Date I Table of Contents Preface... iv Introduction... v Purpose... v Evidence Request Flow... v Sampling...
More informationWhere to Start in Cyber Security
Where to Start in Cyber Security A guide for how to plan, implement and maintain an effective cyber security program for energy industries. Contents 01 Today s threat and vulnerability landscape 03 Where
More informationTop 10 ICS Cybersecurity Problems Observed in Critical Infrastructure
SESSION ID: SBX1-R07 Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure Bryan Hatton Cyber Security Researcher Idaho National Laboratory In support of DHS ICS-CERT @phaktor 16 Critical
More informationGridEx IV Initial Lessons Learned and Resilience Initiatives
GridEx IV Initial Lessons Learned and Resilience Initiatives LeRoy T. Bunyon, MBA, CBCP Sr. Lead Analyst, Business Continuity 2017 GridEx IV GridEx is a NERC-sponsored, North American grid resilience exercise
More informationCLICK TO EDIT MASTER TITLE RECENT STYLE APT CAMPAIGN TARGETING ENERGY SECTOR ASSETS
National Cybersecurity and Communications Integration Center (NCCIC) Hunt and Incident Response Team (HIRT) CLICK TO EDIT MASTER TITLE RECENT STYLE APT CAMPAIGN TARGETING ENERGY SECTOR ASSETS Jonathan
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationAbout NitroSecurity. Application Data Monitor. Log Mgmt Database Monitor SIEM IDS / IPS. NitroEDB
About NitroSecurity NitroEDB IDS / IPS SIEM Log Mgmt Database Monitor Application Data Monitor Born from the INL Highly Optimized Core Architecture, Using Patented Technology - 8 unique mechanisms to improve
More informationCritical Infrastructure Analysis and Protection - A Case for Secure Information Exchange. August 16, 2016
Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange Dennis Denham Ssempereza - CISA, CISM, CRISC August 16, 2016 About me! Involved in Risk Management and Security
More informationSOUTH TEXAS ELECTRIC COOPERATIVE, INC.
SOUTH TEXAS ELECTRIC COOPERATIVE, INC. P.O. Box 119 Nursery, Texas 77976 (361) 575-6491 Fax (361) 576-1433 Transmission Interconnection Requirements Table of Contents I. Introduction II. Interconnection
More informationAutomation Services and Solutions
Automation Services and Solutions Automate substation data acquisition and control to improve performance Maintain uninterrupted power services with proactive grid monitoring and controlling features.
More informationENERGY: ENABLING RELIABILITY, SECURITY, AND COMPLIANCE
ENERGY: ENABLING RELIABILITY, SECURITY, AND COMPLIANCE January 2010 Prepared for WatchGuard Technologies, Inc. by ReymannGroup, Inc. Table of Contents Introduction... 2 The Largest Productivity Machine
More informationHistory of NERC January 2018
History of NERC January 2018 Date 1962 1963 The electricity industry created an informal, voluntary organization of operating personnel to facilitate coordination of the bulk power system in the United
More informationInteractive Remote Access FERC Remote Access Study Compliance Workshop October 27, Eric Weston Compliance Auditor Cyber Security.
Interactive Remote Access Compliance Workshop October 27, 2016 Eric Weston Compliance Auditor Cyber Security 2 Agenda Interactive Remote Access Overview Review of Use Cases and Strategy 1 Interactive Remote
More informationCybersecurity Overview
Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where
More informationSmart Grid vs. The NERC CIP
Smart Grid vs. The NERC CIP Tobias Whitney, MBA GE Smart Grid Center of Excellence 1 First The Bottom Line Security & Privacy are paramount Smart Grid concerns of regulators and the public Currently every
More informationOPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith
OPUC Workshop March 13, 2015 Cyber Security Electric Utilities Portland General Electric Co. Travis Anderson Scott Smith 1 CIP Version 5 PGE Implementation Understanding the Regulations PGE Attended WECC
More informationNERC Request for Data or Information: Protection System Misoperation Data Collection August 14, 2014
Request for Data or Information Protection System Misoperation Data Collection August 14, 2014 3353 Peachtree Road NE Suite 600, North Tower Atlanta, GA 30326 404-446-2560 www.nerc.com 1 of 15 Table of
More informationIDEA Campus Energy UNIVERSITY OF MARYLAND Securing Our Networked Utility Infrastructure
IDEA Campus Energy 2018 UNIVERSITY OF MARYLAND Securing Our Networked Utility Infrastructure University of Maryland Presenters Mary-Ann Ibeziako, Director, Facilities Management Engineering & Energy Don
More informationCIP V5 Updates Midwest Energy Association Electrical Operations Conference
CIP V5 Updates Midwest Energy Association Electrical Operations Conference May 2015 Bob Yates, CISSP, MBA Principal Technical Auditor ReliabilityFirst Corporation Agenda Cyber Security Standards Version
More informationCompliance vs Competence: Cyber Security Management for Data Centers. Dr. Suku Nair University Distinguished Professor and Chair, SMU
Compliance vs Competence: Cyber Security Management for Data Centers Dr. Suku Nair University Distinguished Professor and Chair, SMU Cyber Landscape Technology Trends Organizations /Nation States Social
More informationi-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS
i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS siemens.com/ruggedcom INTERACTIVE REMOTE ACCESS INTELLIGENT ELECTRONIC DEVICES Intelligent Electronic Devices (IEDs) Devices that can provide real-time
More informationCyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations. Arkansas Joint Committee on Energy March 16, 2016
Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations Arkansas Joint Committee on Energy March 16, 2016 CenterPoint Energy, Inc. (NYSE: CNP) Regulated Electric and Natural Gas Utility
More informationDUKE ENERGY OHIO SMART GRID / GRID MODERNIZATION. Don Schneider GM, Smart Grid Field Deployment May 24, 2012
DUKE ENERGY OHIO SMART GRID / GRID MODERNIZATION Don Schneider GM, Smart Grid Field Deployment May 24, 2012 FACTS ABOUT DUKE ENERGY 150+ years of service 4 million customers Fortune 500 $50 billion in
More informationNERC History, Mission and Current Issues Southern States Energy Board. October 16, 2011
NERC History, Mission and Current Issues Southern States Energy Board October 16, 2011 Electricity Vital to America 2 RELIABILITY ACCOUNTABILITY Risk Curve with Actual Events Severity ( Log Base 10) 2003
More informationMike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS
Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Can You Answer These Questions? 1 What s my company s exposure to the latest industrial cyber threat? Are my plants
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationK. Eric Harper, Senior Principal Scientist, ABB US Corporate Research
10 NOVEMBER 2017 Cyber Security and Data Analytics CAPER IAB Meeting Session V Power System Data Applications K. Eric Harper, Senior Principal Scientist, ABB US Corporate Research CODEF video Agenda Cybersecurity
More informationWON Security Guideline
WON Security Guideline Data Exchange Work Group October 7, 2015 155 rth 400 West, Suite 200 Salt Lake City, Utah 84103-1114 WON Security Guideline 1 Table of Contents Purpose... 1 Background... 1 Security
More informationTechnical Conference on Critical Infrastructure Protection Supply Chain Risk Management
Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management Remarks of Marcus Sachs, Senior Vice President and the Chief Security Officer North American Electric Reliability
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationSecurity in grid control centers: Spectrum Power TM Cyber Security
Security in grid control centers: Spectrum Power TM Cyber Security Thomas Schmidt, Information Security Manager siemens.at/future-of-energy Spectrum Power TM 7 Historical Information System Table of content
More informationCyber Physical System Security
S2ERC Industry Outreach Workshop Cyber Physical System Security Manimaran Govindarasu Dept. of Electrical and Computer Engineering Iowa State University gmani@iastate.edu Outline Background CPS Security
More informationB O N N E V I L L E A D M I N I S T R A T I O N B O N N E V I L L E P O W E R A D M I N I S T R A T I O N
B O N N E V I L L E A D M I N I S T R A T I O N B O N N E V I L L E P O W E R A D M I N I S T R A T I O N NERC Monitoring and Situational Awareness Conference Bonneville Power Administration Self-Monitoring:
More informationCybersecurity for the Electric Grid
Cybersecurity for the Electric Grid Electric System Regulation, CIP and the Evolution of Transition to a Secure State A presentation for the National Association of Regulatory Utility Commissioners March
More informationProject Modifications to BAL Frequency Response and Frequency Bias Setting. Industry Webinar December 18, 2018
Project 2017-01 Modifications to BAL-003-1.1 Frequency Response and Frequency Bias Setting Industry Webinar December 18, 2018 Administrative Items North American Electric Reliability Corporation (NERC)
More informationPhysical Security Reliability Standard Implementation
Physical Security Reliability Standard Implementation Attachment 4b Action Information Background On March 7, 2014, the Commission issued an order directing NERC to submit for approval, within 90 days,
More informationCIP Cyber Security Security Management Controls. A. Introduction
CIP-003-7 - Cyber Security Security Management Controls A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-7 3. Purpose: To specify consistent and sustainable security
More informationIndustrial Control System Cyber Security
Industrial Control System Cyber Security Disaster Recovery Information Exchange Bruce Tyson June 28, 2017 Lunch and Learn Introduction Bruce Tyson is a certified engineering technologist (CET Telecommunications
More informationStrategies for a Successful Security and Digital Transformation
#RSAC SESSION ID: GPS-F02A Strategies for a Successful Security and Digital Transformation Jonathan Nguyen-Duy Vice President, Strategic Programs jnguyenduy@fortinet.com AGENDA 2017 Digital transformation
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationCyber Resilience Solution for Smart Buildings
Cyber Resilience Solution for Smart Buildings Integrated IT/OT Security Oren Aspir, Cyberbit, CTO 2017 by CYBERBIT 2017 by CYBERBIT Proprietary CYBERBIT Proprietary Buildings getting smarter IT systems
More informationWEI Conference SDG&E TCRI Project April 25, 2018 Mark Fowler, CISSP
WEI Conference SDG&E TCRI Project April 25, 2018 Mark Fowler, CISSP San Diego Gas & Electric Subsidiary of Sempra Energy 4100 Full-Time Employees Regulated public utility Providing clean, safe & reliable
More information