Critical Energy Infrastructure Protection. LLNL CEIP Approach

Similar documents
How AlienVault ICS SIEM Supports Compliance with CFATS

SAND No C Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department

Workshop on Threat Assessment and Design Basis Threat (DBT) Session 6 Developing and Maintaining a DBT

Chemical Facility Anti-Terrorism Standards. T. Ted Cromwell Sr. Director, Security and

SM05: Risk Analysis: A Comparison in Quantifying Asset Values, Threats, Vulnerabilities and Risk. Doug Haines Haines Security Solutions 9 April 2013

Presented by Joe Burns Kentucky Rural Water Association July 19, 2005

Nuclear Power Plant Security

Physical Security. Introduction. Brian LeBlanc

Securing Data Centers: The Human Element

Summary of Cyber Security Issues in the Electric Power Sector

INFCIRC/225/Rev 5 Implementation at a Facility Level: Common Issues and Best Practices. Oleg Bukharin U.S. Nuclear Regulatory Commission

Department of Homeland Security

CYBER ASSISTANCE TEAM OVERVIEW BRIEFING

PALANTIR CYBERMESH INTRODUCTION

Electronic Security Systems Process Overview

Science & Technology Directorate: R&D Overview

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Continuous protection to reduce risk and maintain production availability

New Guidance on Privacy Controls for the Federal Government

Vulnerability of U.S. Chemical Facilities to Terrorist Attack

CIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra

PREVENTIVE AND PROTECTIVE MEASURES AGAINST INSIDER THREATS

Next Generation Distribution Automation Phase III, Intelligent Modern Pole (IMP) Field Demonstration

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Joint ICTP-IAEA School of Nuclear Energy Management November 2012

Physical Protection of Nuclear Material and Facilities

Advanced IT Risk, Security management and Cybercrime Prevention

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Your One Source for Critical Infrastructure Protection Solutions

Understanding CFATS: What It Means to Your Business Chemical Facility Anti-Terrorism Standards John C. Fannin III, CPP, LEED AP

Microsoft Advance Threat Analytics (ATA) at LLNL NLIT Summit 2018

ELECTRIC UTILITY SECTOR PHYSICAL THREATS (DBT) & RESPONSE PLANNING

Cyber Security for Renewable Energy Systems

EPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS

Critical Infrastructure Security Vulnerability Assessment. A New Approach. Norman Bird - Senior Technical Lead - Nuclear Security

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Defence services. Independent systems and technology advice that delivers real value. Systems and Engineering Technology

ELECTRICAL ENGINEERING & INSTRUMENTATION MECHANICAL ENGINEERING BIOLOGICAL & INDUSTRIAL ENGINEERING NUCLEAR ENGINEERING STRUCTURAL & CIVIL

TEL2813/IS2621 Security Management

An Update on Security and Emergency Preparedness Standards for Utilities

Courses. X E - Verify that system acquisitions policies and procedures include assessment of risk management policies X X

Mitigation Controls on. 13-Dec-16 1

Threat and Vulnerability Assessment Tool

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Critical Information Infrastructure Protection Law

Railroad Infrastructure Security

OPTIMIZATION OF ACTIVITIES TO IMPROVE THE NUCLEAR MATERIAL AND FACILITIES SECURITY

L18: Integrate Control Disciplines to Increase Control and Save Money

Industry role moving forward

Security Guidelines for the Electricity Sector

The Office of Infrastructure Protection

IAEA Division of Nuclear Security

Introduction to Business continuity Planning

Domestic Nuclear Detection Office (DNDO) DNDO Overview

INHERENT SECURITY: PROTECTING PROCESS PLANTS AGAINST THREATS

Live Webinar: Best Practices in Substation Security November 17, 2014

June 5, 2018 Independence, Ohio

International Atomic Energy Agency Meeting the Challenge of the Safety- Security Interface

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Global Security Operation Center GSOC

Simulation of the effectiveness evaluation process of security systems

Cyber resilience, information security and operational continuity

Business Continuity Planning Keeping Pace with New Technology

Port Facility Cyber Security

Electric Facility Threats and Violence

Safety Systems are the New Target Design Security Using Safety Methods

Security Master Planning to Protect Water Resources Lara Kammereck John Saunders May 1, 2015

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Security Guideline for the Electricity Sub-sector: Physical Security Response

The Perfect Storm Cyber RDT&E

Port Facility Cyber Security

MASP Chapter on Safety and Security

Internet of Things (IoT) Securing the Connected Ecosystem

Protecting Canada s Nuclear Industry THE

Professional in Critical Infrastructure Protection

Performance- Based Approach to the Security of Radioactive Sealed Sources: A Canadian Perspective

For more information: FONETRAC - FULL INTEGRATION WITH GLOBAL MONITORING

ipcgrid 2015 March 26, 2015 David Roop Director Electric Transmission Operations Dominion Virginia Power

align security instill confidence

EMERGENCY SUPPORT FUNCTION (ESF) 13 PUBLIC SAFETY AND SECURITY

IIoT cyber security simulation

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

V A Physical Security Assessments LESSONS LEARNED

PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Approaches and Tools to Quantifying Facility Security Risk. Steve Fogarty, CSO

Systems Engineering and System Security Engineering Requirements Analysis and Trade-Off Roles and Responsibilities

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

Chapter 1. Chapter 2. Chapter 3

Management. Port Security. Second Edition KENNETH CHRISTOPHER. CRC Press. Taylor & Francis Group. Taylor & Francis Group,

Canadian Chemical Engineering Conference Edmonton, Alberta October 30, 2007

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

Security in Depth Webinar

The Office of Infrastructure Protection

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

TERRORISM LIAISON OFFICER OUTREACH PROGRAM - (TLOOP)

Transcription:

Critical Energy Infrastructure Protection LLNL CEIP Approach LLNL-PRES-654239 This work was performed under the auspices of the U.S. Department of Energy by under Contract DE-AC52-07NA27344. Lawrence Livermore National Security, LLC

LLNL CEIP Background The LLNL CEIP team was created to support the Global Critical Energy Infrastructure Protection Program led by the U.S. Department of State and Department of Energy. Assist energy producing countries in securing energy facilities and infrastructure Team members have several decades of experience assessing and enhancing security at facilities of U.S. National Security interest, in high threat environments Electrical Gas Oil Chemical Nuclear Team disciplines include engineering, physical protection, cyber, safety and training personnel 2

LLNL CEIP Approach LLNL uses a performance based approach to assess security effectiveness. The LLNL approach is based on creation of a Design Basis Threat and assessing facility security against the defined threats using realistic scenarios. It is also based on a systematic graded approach. Identification of critical facilities and understanding cascading effects of attacks is key in defining consequences, as is deployment of protection strategies that integrate human and technology elements to mitigate risk. How critical infrastructure protection is viewed and managed, must now evolve to meet evolving threats. Systems approach Technologies and methods to enhance deterrence, detection, assessment, delay, ballistic protection and response Protection strategies Insider protection program Security culture 3

Fundamental Principles (1/7) Protection Planning Security Plan Protection Strategies Operational Protocols Response Plan LLEA Coordination/Liaison Suspicious Activity Reporting Testing & Maintenance Plan 4

Fundamental Principles (2/7) Balanced Protection The three primary PPS functions must work in synergy to be effective in preventing malicious acts Provide timely detection Provide adequate delay Provide effective response Each function must occur prior to the adversary s task completion 5

Fundamental Principles (3/7) Graded Approach Apply security resources in a proportional manner based on the impact of loss or destruction Tier 1 Tier 2 Tier 3 Tier 4 6

Fundamental Principles (4/7) Defense-in-Depth Adversary must defeat or avoid numerous varied types of overlapping protective devices to achieve objective Redundant equipment Complimentary sensors Complimentary barriers Guards and Local Law Enforcement 7

Fundamental Principles (5/7) System Integration All physical protection system elements must work together in a timely fashion in order to interrupt adversary Guards and/or Local law enforcement 8

Fundamental Principles (6/7) Insider Protection Access, Authority, Knowledge Time, Tools, Test, Colluding Group by various operational factors Understand sensitive operations Separation of duties Two person validation Security culture Don t assume, Not in my organization 9

Fundamental Principles (7/7) Human Element Selection Training Knowledge Procedures Trustworthiness Situational awareness 10

Performance Based Analysis 1) Develop Adversary Capabilities List and Design Basis Threat, 2) Characterize Facility, 3) Identify Targets, 4) Develop Attack Scenarios, 5) Validate Attack Scenarios, 6) Identify Mitigation Measures, 7) Validate Measures, 8) Model Attack with Mitigation Measures, 9) Develop Upgrade Cost Benefit Analysis 11

Adversary Capabilities List Separate description of each Adversary Group Type 1) General Characteristics 2) Adversary Size Definitions 3) Objectives 4) Tactical Competency 5) Operational Techniques 6) Knowledge Level 7) Equipment 8) Weaponry The Adversary Capabilities List is a sensitive document and not releasable to public 12

Example Low Threat Vandal Overt No Sensor Knowledge No Target Knowledge 1 Person Small arms Objective Malicious Damage Material theft 13

Example Medium Threat Overt / Covert Standoff attack strategy or site penetration to conduct sabotage Some sensor, target, communications, and control system knowledge Assault rifles Limited night vision capability Limited knowledge of LLEA response tactics 1-4 Attackers Violent Radicals, Saboteurs, Extremists Willing to endanger personnel but not typically prepared to kill Use of flammable liquids or Molotov cocktails Multiple man portable HME charges (10 lbs TNT equivalent) Basic surveillance skills and passive insider information LLEA Diversion Single facility attacks Motivation Facility shutdown or catastrophic damage Rudimentary small unit tactics, command and control capabilities 14

Example High Threat 1 VBIED Up to 1K lbs HE Multiple man portable HE charges (50 lbs TNT equivalent) Detailed sensor and target knowledge Multiple moderately skilled assault teams, coordinated Communication jamming Cyber attacks on control systems LLEA Diversion 2-5 Attackers Terrorists Prepared to kill Motivation System and /or regional grid shutdown 15

Example Generic Design Basis Threat Low Vandal Medium Violent Radicals, Saboteurs, Extremists High Terrorists Overt No Sensor Knowledge No Target Knowledge 1 Person Small arms Objective Malicious Damage Material Theft Overt / Covert Standoff attack strategy or site penetration to conduct sabotage Some sensor, target, communications, and control system knowledge Assault rifles Limited night vision capability Limited knowledge of LLEA response tactics 1-4 Attackers Willing to endanger personnel but not typically prepared to kill Use of flammable liquids or Molotov cocktails Multiple man portable HME charges (10 lbs TNT equivalent) Basic surveillance skills and passive insider information LLEA Diversion Single facility attacks Motivation Facility shutdown or catastrophic damage Rudimentary small unit tactics, command and control capabilities 1 VBIED Up to 1K lbs HE Multiple man portable HE charges (50 lbs TNT equivalent) Detailed sensor and target knowledge Multiple moderately skilled assault teams, coordinated Communication jamming Cyber attacks on control systems LLEA Diversion 2-5 Attackers Prepared to kill Motivation System and /or regional grid shutdown Exponentially increasing security costs 16

Facility / Target Characterization Facility tours Architectural diagrams Management/worker interviews Maintenance and operating procedures Safety analysis reports Previous assessments/audits Prioritize targets based on consequence, most difficult, costly, and time-intensive to replace and adversary s objective and tactical capabilities Consider insider knowledge 17

Scenario / Path Analysis (1/2) Define attack scenarios and task times Scenarios should address major security components Design scenarios that are uniquely different at each threat level, so it is clear which adversary techniques pose the greatest threat to the facility Consider adversaries using a combination of tactics including force, stealth, and deceit, as well as cyber. Pathways may include fences, personnel and vehicle portals, doors, walls, roofs, etc. 18

Scenario / Path Analysis (2/2) Validate that scenarios/pathways are plausible (with utility SMEs Validate timelines for tasks (LLNL data bases or SMEs) 19

Identify Mitigation Measures Deterrence Detection & Assessment Early detection Known detection Command and control system Delay Barriers Ballistic protection Response Guards Local law enforcement Operations Procedures Tactics 20

Validate Measures Model attacks again with measures in place Validate that results of scenarios/pathways are credible (with utility SMEs) Validate that values (detection or delay) for measures are credible (LLNL data bases or SMEs) 21

Refine Upgrades and Costs Upgrades Technologies, People, Operational Procedures Costs Define initial costs Define lifecycle costs Operational considerations 22

Develop Upgrade Packages Determine the base case risk value for each level of threat, using a realistic and plausible worst-case stand-off scenario & worst-case site penetration scenario, for each level of threat. Determine the most efficient and cost-effective set of upgrades (e.g., technologies, people, operational procedures) that would be expected to lower the risk to an acceptable level This may serve as the desired end state if resources permit. Determine sub-sets of these upgrade packages which can serve as practical milestones, while in the process of completing the full set of upgrades. 23

Example Upgrade Cost Benefit Analysis 24

LLNL CEIP Tools PP Software Data Bases Delay, Penetration Values Sensor Detection Probability Values Software Modeling Tools Pathway analysis algorithms 25

Physical-Cyber Security Nexus Physical and cyber protection are often organized as two completely separate areas. In reality, the two must work in synergy. Defense against cyber attack is achievable only if networks are secured and managed through physical means and securely managed through physical and operational controls. Comprehensive security requires continual assessment of all potential adversarial pathways 26

Overall Risk Management Physical and cyber security are both inputs to overall risk management Modeling overall risk utilizing comprehensive risk modeling software enables the organization to identify various sources of risk, "quantify" overall risk, and quantify losses, including: financial losses business operations losses Capital property losses Requires incorporation of the organizations valuation of services and operations Modeling allows measurement of incremental losses/consequences Approach of "buying down risk : creates cost efficiencies unattainable absent this modeling approach in regards to best physical-cyber security control measures extends naturally to include both the physical and cyber domains when evaluating human borne risk and supports integrated training and assessment sessions 27

Points of Contact Contact: Michael O Brien, 925-423-8028, obrien10@llnl.gov or Byron Gardner, 505-550-5348 gardner45@llnl.gov for further information about LLNL CEIP Support 28

Conclusion Questions? 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback