CYBERSECURITY TRAINING EXERCISE KMU TRAINING CENTER NOVEMBER 7, 2017

Similar documents
Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

The Office of Infrastructure Protection

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Global Security Advisor

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Cyber Security Strategy

Homeland Security Institute. Annual Report. pursuant to. Homeland Security Act of 2002

Business Continuity Management Standards A Side-by-Side Comparison

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Chapter X Security Performance Metrics

Awareness and training programs OPTUS MACQUARIE UNIVERSITY CYBER SECURITY HUB

Cybersecurity Overview

Scope Cyber Attack Task Force (CATF)

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

National Policy and Guiding Principles

Sage Data Security Services Directory

Steps to Take Now to be Ready if Your Organization is Breached Thursday, February 22 2:30 p.m. 3:30 p.m.

Implementation Strategy for Cybersecurity Workshop ITU 2016

The Office of Infrastructure Protection

Incident Response Services

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Department of Management Services REQUEST FOR INFORMATION

Security and Privacy Governance Program Guidelines

Security Director - VisionFund International

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Vice President and Chief Information Security Officer FINRA Technology, Cyber & Information Security

Department of Homeland Security Updates

Information Technology Branch Organization of Cyber Security Technical Standard

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

FERC Reliability Technical Conference Panel III: ERO Performance and Initiatives ESCC and the ES-ISAC

Statement for the Record

Chapter X Security Performance Metrics

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

ISACA MOSCOW CHAPTER Chapter meeting 22 September 2016

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

FDIC InTREx What Documentation Are You Expected to Have?

ENISA s Position on the NIS Directive

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

Cybersecurity and the Board of Directors

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Regional Resilience: Prerequisite for Defense Industry Base Resilience

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

Member of the County or municipal emergency management organization

ASEAN COOPERATION ON DISASTER MANAGEMENT. Disaster Management & Humanitarian Assistance Division, ASEAN Secretariat

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

MEASURES TO ENHANCE MARITIME SECURITY. Cyber risk management in Safety Management Systems. Submitted by United States, ICS and BIMCO SUMMARY

CYBER RESILIENCE & INCIDENT RESPONSE

2018 National Homeland Security Conference Preliminary Conference Agenda

SOLUTION BRIEF Virtual CISO

Section 1 Metrics: Community Adoption

GENERIC CONTROL SYSTEM ARCHITECTURE FOR CRITICAL INFRASTRUCTURE PROTECTION

Inter-American Port Security Cooperation Plan

Overview of the Federal Interagency Operational Plans

Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013

MNsure Privacy Program Strategic Plan FY

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

GridEx IV Initial Lessons Learned and Resilience Initiatives

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment

U.S. Department of Homeland Security Office of Cybersecurity & Communications

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

POSITION DESCRIPTION

Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

Office of Infrastructure Protection Overview

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

NERC Staff Organization Chart

Executive Summary and Overview

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

Hazard Management Cayman Islands

Cyber Security Program

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Protecting Control Systems from Cyber Attack: A Primer on How to Safeguard Your Utility May 15, 2012

300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ POLICY NO: SUPERSEDES: N/A VERSION: 1.0

Section One of the Order: The Cybersecurity of Federal Networks.

Building a BC/DR Control Library and Regulatory Response Program

NERC Staff Organization Chart Budget 2018

TEL2813/IS2820 Security Management

The rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

FEMA Update. Tim Greten Technological Hazards Division Deputy Director. NREP April 2017

The Office of Infrastructure Protection

An Introduction To Security Planning

UNITED STATES OFFICE OF PERSONNEL MANAGEMENT

NERC Staff Organization Chart Budget 2019

Critical Infrastructure Protection Committee Strategic Plan

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

The Office of Infrastructure Protection

Chapter 1. Chapter 2. Chapter 3

Utilizing Terrorism Early Warning Groups to Meet the National Preparedness Goal. Ed Reed Matthew G. Devost Neal Pollard

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Business continuity management and cyber resiliency

Effective Practices for Insider Threats and Third-Party Risk Management Thursday, February 22 10:00 a.m. 11:00 a.m.

DHS Cybersecurity: Services for State and Local Officials. February 2017

Transcription:

CYBERSECURITY TRAINING EXERCISE KMU TRAINING CENTER NOVEMBER 7, 2017 Sponsored by: Kansas Municipal Utilities Kansas Municipal Energy Agency Kansas Power Pool

CYBERSECURITY TRAINING EXERCISE DATE November 7, 2017 SPONSORS Kansas Municipal Utilities (KMU) Kansas Municipal Energy Agency (KMEA) Kansas Power Pool (KPP) LOCATION KMU Training Center 2090 East Avenue A, McPherson, KS, 67460 CONTACT Colin Hansen, Executive Director 620.241.1423 (office) AUDIENCE Participation is limited to 30 KMU member cities. Cities and utilities are encouraged to bring 2 representatives: 1 city or utility manager and 1 technical/it representative. The afternoon is split into tracks, 1 aimed for utility and city managers and 1 for technical IT staff. More than 2 city representatives may attend, but will only be able to observe. COST $125 for 2 people to attend HOW TO REGISTER www.kmunet.org MORNING EXERCISE Cyber and Physical Security Preparedness Exercise Cyber and physical security attacks are increasing threats for public power organizations. Through a cooperative agreement with the U.S. Department of Energy (DOE), the American Public Power Association (Association) has committed to assisting its members in developing a culture of cybersecurity awareness and preparedness at their respective organizations. As part of this commitment, the Association is supporting member organizations in conducting Cyber and Physical Security Preparedness Exercises. The exercise scheduled at KMU on November 7 will include a discussion of current cybersecurity threats to municipal utilities and recent case studies of cyber incidents affecting municipal utilities, information on the various resources the Association can provide in improving cyber security, and a scenario that will allow participants to identify problems and possible solutions to a cybersecurity issue through facilitated group discussions. The exercise will provide an opportunity for participants to evaluate their current capabilities in preventing and responding to cyberrelated issues, to raise perceived gaps in cybersecurity among the industry and at respective organizations, and to identify further resources that can assist to improve cybersecurity awareness and preparedness at respective organizations.

MORNING EXERCISE Cyber and Physical Security Preparedness Exercise GOALS Understand the roles of the American Public Power Association (APPA), and utility members during a cyber or physical attack Understand coordination and communication processes between APPA, and utility members Provide members with an opportunity to discuss lessons learned from the Ukraine cyber-attack Provide members with an opportunity to discuss the Burlington, VT media incident OBJECTIVES Identify specific opportunities to improve coordination and communication between, member utilities and the Association for cyber or physical threats or attacks Identify specific opportunities for the Association to provide value to members in preparing for and responding to cyber and physical threats or attacks Provide members with threat and vulnerability information to consider in regards to their current or future technology use TRAINERS Jon Sawicki, Lead Facilitator, Witt O Brien s Jon Sawicki is a Director at Witt O Brien s with a focus on physical and cybersecurity risk management. Jon has facilitated four cybersecurity exercises on behalf of the Association in Arizona, Florida, Virginia and Wisconsin. Mr. Sawicki has shared his expertise in a variety of theatres including serving the US State Department Anti-Terrorism Assistance Program in Bogota, Colombia, delivering formal testimony to the House Homeland Security Committee on the status of cybersecurity at U.S. ports and developing effective security programs throughout the Americas and West Africa to secure global maritime trade. Carla Poole, Facilitator/Evaluator, Witt O Brien s Ms. Poole brings her years of experience in providing presentations, training, and exercises for a variety of audiences. Ms. Poole has completed the Homeland Security Exercise and Evaluation Program (HSEEP), after which she has provided support and expertise in different exercises; including workshops, drills, tabletops, functional, and full-scale; conducted with our past and current clients. Ms. Poole has supported on several American Public Power Association Projects, including the Tabletop Exercise in a Box toolkit and Cybersecurity Engagement Plan, which are resources available to all Association members. Ms. Poole has also supported on several other exercises as part of the Association s Cyber and Physical Preparedness Facilitator-Led Exercises (CAPP-FLEX). Ms. Poole is an emergency management professional with ten years of hands-on experience in disaster planning and preparedness, emergency response, public sector, and public safety and security. She graduated with summa cum laude honors and a Bachelor of Science in Emergency Management from the University of Maryland University College. She has a Master in Public Administration from the University of Baltimore and is currently pursuing a Juris Doctorate at the University of Baltimore School of Law.

AFTERNOON TRAINING TRACK 1: Executive/Management Level Cyber Security Training Designed for Executives and Management-level Staff, this training is intended to support the development of a holistic cyber and physical security program and aims to help members get started in creating the necessary building blocks specific for your utility. Participants receive knowledge of the fundamental concepts of cyber security, threat vectors, and risks to their utility. Training provides an understanding of key elements integral to adoption and implementation of sound cyber security practices and any cyber security framework and/or standards that may become applicable. Intended to build awareness and knowledge, an important feature of the training is an active participant workshop review of a utility case study. An outline of the topics covered will include the following: Fundamental understanding of crucial cyber & physical security concepts and a holistic cyber security program Realize the specific cyber risks, trends and recent incidents in the utility industry An overview of the necessary philosophy, culture of security and involvement of teams, including roles and responsibilities Best practices for using a security blueprint for effective cyber risk management A high level roadmap for cyber security program and mitigation plan Guidance for developing a next steps plan with headcount and budgeting. TRAINER Doug Westlund, Senior Vice President, AESI Inc. An experienced executive with over 30 years experience in the utility and telecommunications markets with a passion for developing technologybased solutions that solve difficult problems. Business expertise in the areas of strategic planning, business development and team leadership. Technical expertise in the areas of utility automation, communications and cyber security. Has developed and maintains strong relationships with leading technology, industry, and government organizations. At AESI, Doug leads the strategic planning services for the firm including operational risk management with a focus on cyber security. Active in training and guiding Board members and executive teams on cyber security risk management and governance. Active in developing comprehensive cyber security and technology plans for clients. Efforts led to selection by Hometown Connections (subsidiary of the American Public Power Association) of AESI as their partner for cyber and physical security consulting services for US public power. TRACK 2: IT-OT Manager Cyber Security High-Level Technical Overview This training seminar has been developed specifically for IT/OT managers, and offers an overview of technical considerations and a recommended cyber and physical blueprint for implementing a cyber security program. In support of an interconnected IT/OT cyber security program, at a highlevel, the seminar will provide a synopsis of risk management concepts as it applies to cyber security policies and governance structures, regulatory requirements, also asset and information management practices. As well, a technical summary of a vital network architecture of the systems, appropriate controls, and host/endpoint security. Most notably, the seminar should enable IT/OT managers to appraise if any additional APPA endorsed training sessions will benefit their operations, and with gauging next steps to implementing cyber security measures.

AFTERNOON TRAINING TRACK 2: IT-OT Manager Cyber Security High-Level Technical Overview (continued) An outline of the topics covered will include the following: Risk Management Basics with an emphasis on Cyber Security risk Differences between IT and OT security risks & the impact of IT/OT integration Defining sound security policy and governance models based on risk assessment Integrating risk based policies with legal and regulatory requirements Driving on-going risk management through asset management strategies Strategies for deploying cyber security governance and policy TRAINER Kim Grosskurth, AESI Inc. Kim is a results-driven professional with extensive experience in Regulatory Compliance and Legislation Enforcement for cyber security addressing NERC CIP and NIST standards. Kim has a broad perspective that supports business operations from investigating and developing business and functional requirements, to the development and execution of program assessments/audits, developing business continuity plans and crisis management procedures. Her strong project management capabilities supports detailed execution involving risk identification and mitigation strategy development, while meeting strict timelines and budgets. Her extensive background supports informative training that not only instills good cyber security practices, but also relatable utility applications and case studies that come from her tenure at a large transmission and distribution power utility, as well as a consultant.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback