Bridging The Gap Between Industry And Academia

Similar documents
Protecting Control Systems from Cyber Attack: A Primer on How to Safeguard Your Utility May 15, 2012

PJM Interconnection Smart Grid Investment Grant Update

SmartSacramento Distribution Automation

In-Field Programming of Smart Meter and Meter Firmware Upgrade

Systems Integration Tony Giroti, CEO Bridge Energy Group

Entergy Phasor Project Phasor Gateway Implementation

PJM Interconnection Smart Grid Investment Grant Update

Southern Company Smart Grid

Washington DC October Consumer Engagement. October 4, Gail Allen, Sr. Manager, Customer Solutions

KCP&L SmartGrid Demonstration

Intelligent Grid and Lessons Learned. April 26, 2011 SWEDE Conference

CHANGING THE WAY WE LOOK AT NUCLEAR

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Real Time Price HAN Device Provisioning

On Demand Meter Reading from CIS

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

PIPELINE SECURITY An Overview of TSA Programs

Integrated Volt VAR Control Centralized

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Advanced Synchrophasor Protocol DE-OE-859. Project Overview. Russell Robertson March 22, 2017

Statement for the Record

Dmitry Ishchenko/Reynaldo Nuqui/Steve Kunsman, September 21, 2016 Collaborative Defense of Transmission and Distribution Protection & Control Devices

ENCS The European Network for Cyber Security

The Office of Infrastructure Protection

Opportunity to Participate in NRECA s RC3 SANS Voucher Program for FREE Cybersecurity Online Courses

Energy Assurance Plans

Development of Web Applications for Savannah River Site

Shaping the Department of Defense Engineering Workforce

Implementing Executive Order and Presidential Policy Directive 21

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Go SOLAR Online Permitting System A Guide for Applicants November 2012

ALAMO: Automatic Learning of Algebraic Models for Optimization

Annual Industry Workshop March 27-29, Session Abstracts

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

5G Security. Jason Boswell. Drew Morin. Chris White. Head of Security, IT, and Cloud Ericsson North America

Building a Resilient Security Posture for Effective Breach Prevention

Cybersecurity. Securely enabling transformation and change

NATIONAL GEOSCIENCE DATA REPOSITORY SYSTEM

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

DERIVATIVE-FREE OPTIMIZATION ENHANCED-SURROGATE MODEL DEVELOPMENT FOR OPTIMIZATION. Alison Cozad, Nick Sahinidis, David Miller

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Energy Assurance Energy Assurance and Interdependency Workshop Fairmont Hotel, Washington D.C. December 2 3, 2013

CALIFORNIA CYBERSECURITY TASK FORCE

Staff Subcommittee on Electricity and Electric Reliability

Vehicle & Transportation Infrastructure Cyber Security Discussions. IQMRI

Firewalls (IDS and IPS) MIS 5214 Week 6

Power Grid Resilience, Reliability and Security Research at Idaho National Laboratory

Security in India: Enabling a New Connected Era

Challenges and Opportunities in Cyber Physical System Research

Interoperability and Standardization: The NIST Smart Grid Framework

Authentication Protocol for Industrial Control Systems without Encryption

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Government IT Modernization and the Adoption of Hybrid Cloud

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

Big Data Computing for GIS Data Discovery

NIF ICCS Test Controller for Automated & Manual Testing

Cybersecurity Overview

Run the business. Not the risks.

Industrial control systems

Smart Grid Security Illinois

The threat landscape is constantly

ASREN Arab States Research and Education Network

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

MISO. Smart Grid Investment Grant Update. Kevin Frankeny NASPI Workgroup Meeting October 17-18, 2012

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Designing and Building a Cybersecurity Program

Chapter X Security Performance Metrics

WEI Conference SDG&E TCRI Project April 25, 2018 Mark Fowler, CISSP

How to Create, Deploy, & Operate Secure IoT Applications

Israel and ICS Cyber Security

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

Planning and investing in critical utility infrastructure with public consultation

CYBERSECURITY AND THE MIDDLE MARKET

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Next Generation Distribution Automation Phase III, Intelligent Modern Pole (IMP) Field Demonstration

The five questions I am being asked by National Policy Makers and Utility CEOs; My Best Answers; And Where the Questions Don't Have Answers

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

ESNET Requirements for Physics Reseirch at the SSCL

The Perfect Storm Cyber RDT&E

Cisco Smart Grid. Powering End-to-End Communications. Annette Winston Sr. Mgr., Product Operations Customer Value Chain Management

TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID TCIPG.ORG

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Better skilled workforce

CIP Security Pull Model from the Implementation Standpoint

Mesh Networking Principles

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

HPH SCC CYBERSECURITY WORKING GROUP

Adding a System Call to Plan 9

NISTCSF Enterprise Training Solutions. By David Nichols & Rick Lemieux December 2018

Industrial Defender ASM. for Automation Systems Management

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

Measurement Challenges and Opportunities for Developing Smart Grid Testbeds

DOE s Roles and Responsibilities for Energy Sector Cybersecurity

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations. Arkansas Joint Committee on Energy March 16, 2016

Transcription:

Bridging The Gap Between Industry And Academia 14 th Annual Security & Compliance Summit Anaheim, CA Dilhan N Rodrigo Managing Director-Smart Grid Information Trust Institute/CREDC University of Illinois at Urbana-Champaign

I will discuss The challenge Growing threat to the nation s critical energy delivery system (EDS) Importance of collaboration between industry and academia Why cutting edge research is needed Examples of when I-A collaboration worked well Hope for the future.. Value proposition Acknowledgment - This material is based upon work supported by the Department of Energy under Award Number DE-OE0000780. Disclaimer - This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof. cred-c.org 2

About CREDC Multidisciplinary research and development Ten academic research institutions Two national labs Industrial advisory board and participation Cybersecurity and cyber-resiliency of Energy Delivery Systems (EDS) Supports Roadmap to Achieve Energy Delivery Systems Cybersecurity R&D ecosystem that leads directly to applications and methodologies that are validated in realistic contexts Funding U.S. Department of Energy Office of Electricity Delivery & Energy Reliability U.S. Department of Homeland Security Science & Technology Directorate Industry Membership Support cred-c.org 3

CREDC Partners cred-c.org 4

Lets Talk Priorities Different priorities and motivators for industry and academia? cred-c.org 5

The Challenge The U.S. electric grid covers of over 700,000 miles of transmission lines and over 55,000 substations linking over 7,000 power plants to around 150 million customers The U.S. energy pipeline network covers over 2.9 million miles of pipeline transporting natural gas, oil, and hazardous liquids These vast networks are the critical backbone of U.S. energy supply, supporting the vast majority of U.S. economic activity and playing a vital role in national defense Physical threats to the U.S. power grid and pipelines have long worried policymakers, cyber threats to the computer systems that operate this critical infrastructure are an increasing concern Over the past decade, cyber threats against energy infrastructure have grown in frequency and severity. While most of these threats have been against the electric subsector, pipeline systems have also faced growing risk to their information communications technology cred-c.org 6

The Challenge Surveys indicate a shortage of cybersecurity skills Millennials consider utilities last century organizations Hacking the Skills Shortage-McAfee Bureau of Labor Statistics cred-c.org 7

Why cutting edge research is needed The landscape is changing and evolving.. cred-c.org 8

Collaborative R&D Ecosystem cred-c.org 9

Examples of when I-A collaboration worked well cred-c.org 10

Technology Transition under TCIP/TCIPG AMILYZER Monitors traffic among meters and access points at the network, transport, and application layers to ensure that devices are running in a secure state and that their operations respect a specified security policy Has been successfully deployed by a utility partner since December 2012 and is currently monitoring a 100,000-meter AMI deployment NETWORK PERCEPTION Tool that analyzes security vulnerabilities in networked systems Developed and commercialized the NP-View tool to help power utilities prepare for NERC CIP audits cred-c.org 11

Hope for the Future INCREASING CYBER-RESILIENCE OF LARGE-SCALE AND LONG-LIVED ENERGY DELIVERY INFRASTRUCTURE (EDI) How to protect against 0-days and forever-day vulnerabilities? Developing open source automated parser generator for general use by industry Early industry partner incorporating secured DNP3 parser to their technology Potential for wide spread impact on security products by multiple vendors cred-c.org 12

Hope for the Future FAST AND SCALABLE AUTHENTICATION IN ENERGY DELIVERY SYSTEMS Focused on authenticating communications using sound cryptography and key-related techniques between the field devices and control room Multiple industrial partners involved from beginning Macaroon-based lightweight TLS replacement tool and demonstration on its effectiveness on the MQTT protocol with industry partner cred-c.org 13

Benefits of working with Academia Exposure to a knowledge base larger than a single organization leading to: More informed decisions about technology investments Foreknowledge of emerging threats Discovery and use of tools that give better insight into what systems are doing Access to future employees and workforce development Influence development of technology that address specific problems Gives a sounding board for questions about emerging technologies Low cost high quality research Lower risk exposure Helping the nation! Cyber-security of critical infrastructure is a team sport cred-c.org 14

Thank You! http://cred-c.org @credcresearch info@cred-c.org drodrigo@illinois.edu facebook.com/credcresearch/ www.linkedin.com/company/credcresearch/ cred-c.org 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback