Welcome to the webinar! We will start within a few minutes

Similar documents
Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

Industrial Defender ASM. for Automation Systems Management

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Distributed Energy Resource (DER) Cyber Security Working Group

ДОБРО ПОЖАЛОВАТЬ SIEMENS AG ENERGY MANAGEMENT

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Security in grid control centers: Spectrum Power TM Cyber Security

POWER-ONE ITALY, 5 TH JUNE 2018 Cloud, Big Data & Cyber Security. Business, Opportunities and Risks

Industry Classification Methodology Guide. ISE Cyber Security Industry Classification

FUNDAMENTALS OF CYBER SECURITY FOR UTILITIES

Cyber and Physical Security: An Integrated Approach Tim Rigg Managing Director, Enterprise Protective Services

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

Cyber Threats? How to Stop?

Davidson Technologies: A Medium Sized Business Experience with DFARS 7012/NIST

Cybersecurity Training

OPERATIONS CONTROL CENTER

Position Title: IT Security Specialist

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

playbook OpShield for NERC CIP 5 sales PlAy

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

NW NATURAL CYBER SECURITY 2016.JUNE.16

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Cyber Security for Process Control Systems ABB's view

Protecting Control Systems from Cyber Attack: A Primer on How to Safeguard Your Utility May 15, 2012

CIP V5 Implementation Study SMUD s Experience

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Cybersecurity for the Electric Grid

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

ISE North America Leadership Summit and Awards

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

Designing and Building a Cybersecurity Program

Security Management Seminar

Avanade s Approach to Client Data Protection

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Membership Categories and Benefits

COMPASS FOR THE COMPLIANCE WORLD. Asia Pacific ICS Security Summit 3 December 2013

Smart Grid vs. The NERC CIP

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Designing Secure Remote Access Solutions for Substations

TRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

OPUC Workshop March 13, 2015 Cyber Security Electric Utilities. Portland General Electric Co. Travis Anderson Scott Smith

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Digital Wind Cyber Security from GE Renewable Energy

Cyber Security Update. Bennett L. Gaines Senior Vice President, Corporate Services, CIO, FirstEnergy 2012 Summer Seminar August 5-7, 2012

Cyber Security for Renewable Energy Systems

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Title. Critical Infrastructure Protection Getting Low with a Touch of Medium. CanWEA Operations and Maintenance Summit 2018.

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

THE TRIPWIRE NERC SOLUTION SUITE

CISO as Change Agent: Getting to Yes

CCISO Blueprint v1. EC-Council

NERC Monitoring and Situational Awareness Conference: Loss of Control Center Procedures and Testing Practices

Converged Security - Protect your Digital Enterprise May 24, Copyright 2016 Vivit Worldwide

Critical Cyber Asset Identification Security Management Controls

FUNDAMENTALS OF CYBER SECURITY FOR UTILITIES

Security Program Design:

Innovation policy for Industry 4.0

Education Network Security

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

Management Frameworks

DRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1

10 Things Every Auditor Should Do Before Performing a Security Audit

Role of BC / DR in CISRP. Ramesh Warrier Director ebrp Solutions

2015 VORMETRIC INSIDER THREAT REPORT

Control Systems Cyber Security Awareness

Security Standards for Electric Market Participants

Les joies et les peines de la transformation numérique

Cyber security for digital substations. IEC Europe Conference 2017

Statement for the Record

Cyber Security Technologies

Managing SCADA Security. NISTIR 7628 and the NIST/SGIP CSWG. Xanthus. May 25, Frances Cleveland

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

PIPELINE SECURITY An Overview of TSA Programs

i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Solar without Limits. Overcoming Market Constraints to Unleash Distributed Solar. Arno Harris, CEO Recurrent Energy 16 July 2008

Improving Cybersecurity through the use of the Cybersecurity Framework

Standard CIP 005 2a Cyber Security Electronic Security Perimeter(s)

Back to the Future Cyber Security

Medical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

EU General Data Protection Regulation (GDPR) Achieving compliance

Interactive Remote Access FERC Remote Access Study Compliance Workshop October 27, Eric Weston Compliance Auditor Cyber Security.

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

CIP Cyber Security Configuration Change Management and Vulnerability Assessments

About NitroSecurity. Application Data Monitor. Log Mgmt Database Monitor SIEM IDS / IPS. NitroEDB

NYDFS Cybersecurity Regulations

Industrial Security Co-Sourcing: Shifting from CapEx to OpEx Presented by Vinicius Strey Manufacturing in America 03/22-23/2017

Cyber Security. It s not just about technology. May 2017

Cisco Smart Grid. Powering End-to-End Communications. Annette Winston Sr. Mgr., Product Operations Customer Value Chain Management

STRATEGY STATEMENT OF QUALIFICATIONS

Addressing NERC-CIP Compliance Challenge for Utilities through IT Service Management. Patrik Ringqvist Principal Solution Consultant

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Cyber Security of Industrial Control Systems (ICSs)

Transcription:

Welcome to the webinar! We will start within a few minutes

Agenda Introduction Solarplaza Presentations Threat assessment - Tom Tansy SunSpec Alliance Cyber Security & Solar A consultant s view - John Franzino GridSME Building Security into Product Design - Allan Daly NEXTracker Q&A End of the webinar

Q&A time Kostis Tzanakakis Email / skype: kostis@solarplaza.com Phone: +31 10 302 7903 Website: www.solarassetmanagement.us

About Solarplaza "To positively impact the world by accelerating the sustainable energy transition" Established in 2004 100+ events organized In 30+ countries worldwide Network of 60.000+ solar PV professionals

Solar Asset Management North America 13-14 March 2018 /// San Francisco The leading conference focused on the operational phase of solar plants and portfolios THE must-attend event fully dedicated to the operational phase of PV assets 500+ attendees, representing the value chain from service provider to asset manager and investor 90+ leading experts on stage sharing their vision, expertise and experience 40+ sponsors and exhibitors profiling themselves and their leading products/services

Attendees 2018

Sponsors

Solar Asset Management North America Special Webinar Promotional Discount First 10 registrants to use the code WEBINAR20 are eligible for a 10% discount on the registration fee. https://solarassetmanagement.us/register-now/

Practical notes Technical issues? Use chatbox The presentation slides will be available afterwards

Tom Tansy CHAIRMAN - SUNSPEC ALLIANCE In SunSpec Alliance he leads the distributed energy industry's efforts to establish data and communication standards that enable seamless integration of solar PV and storage into the Smart Grid. The SunSpec Alliance has more than 100 stakeholders across the globe, including leading fleet operators, component suppliers, software developers, and utilities.

John Franzino DIRECTOR OF GRID SECURITY GRIDSME John and the cyber security team assist clients with all aspects of Critical Infrastructure Protection (CIP), as well as general cybersecurity support outside the scope of CIP. John manages both day-to-day operations and long-term projects, while simultaneously building out the supporting business processes and strategic goals. He has hands-on experience implementing security controls in the field, conducting vulnerability assessments in production SCADA environments, network monitoring, and incident response.

Allan Daly VP SOFTWARE ENGINEERING NEXTRACKER Allan Daly leads the software team and is lead product manager for the Company's TrueCapture smart software control system. In this capacity, he leads a team of 10 software engineers to design and develop intelligent, connected industrial software to enhance the NEXTracker customer experience. He has always been an energy guy, with a life-long interest in energy and buildings. He brings together his broad experience from policy-work, research, teaching, and consulting to inform the design and operation of innovative and sustainable mechanical systems.

Threat assessment: what should asset managers be thinking about? Tom Tansy SunSpec Alliance www.sunspec.org

Security required for all PV systems State-level mandates specify secure networks for all systems C&I and Residential California (Rule 21) and Hawaii (Rule 14H) effective now National mandate to securely network ALL DER systems Specified in IEEE 1547-2018 Considerations are different Scale: 720 total utility-scale vs. 300K small systems per year in CA Operations: local vs. remote Regulations: NERC CIP vs. state interconnection rules

Why worry about small systems? http://www.bbc.com/news/amp/technology-40861976 http://www.forbes.com/sites/thomasbrewster/2016/08/01/1000- solar-panels-tigo-vulnerable-hackers

Considerations for asset managers Risk management: proportional responses Regulatory: rules that apply differ by system size Equipment: products that work Finance: budgets that scale Personnel: training & record keeping

Discussion

Upcoming Events Solar Asset Management North America 13-14 March 2018 San Francisco www.solarassetmanagement.us Solar Asset Management Asia 24-25 May 2018 Tokyo, Japan www.solarassetmanagement.asia

Cyber Security and Solar PV Solar Asset Management North America January 31, 2018 John Franzino Director of GridSecurity

Observing the Fact of the Matter ICS-CERT 2016 Annual Report Number of Vulnerabilities 2 2/5/2018

Observing You re Not Too Small 3 2/5/2018

Observing You re Not Too Small 4 2/5/2018

Observing Threats in Real-Time 1 min 5 2/5/2018

Orienting Business Constraints & Opportunities 6 2/5/2018

Deciding Impacts Annual Loss Expectancy = [Likelihood, expressed as "# of incidents per year"] * [Impact, expressed as "$ loss per incident"] 7 2/5/2018

Deciding Budgets PPA $40/MWh Nameplate 100 MW Capacity Factor 25% 4 hours = $12,000 8 hours = $24,000 2 days = $48,000 7 days = $168,000 8 2/5/2018

Guiding Decisions NERC CIP CIS Top 20 CSC NIST SP 800-53 9 2/5/2018

Compliance Pause NERC CIP is meant to be the floor not the ceiling 10 2/5/2018

Cyber Security Framework & Solutions for Utility-Scale and Commercial/Industrial Systems Allan Daly, VP Software, January 31, 2018 Copyright 2017 NEXTracker

CYBER SECURITY Careful planning and implementation of many little things make Secure Connectivity at Scale possible and achievable. It's the little details that are vital. Little things make big things happen. ᅳ John Wooden It has long been an axiom of mine that the little things are infinitely the most important. ᅳ Arthur Conan Doyle 2017 2

SECURE BI-DIRECTIONAL DATA PIPELINE SECURE DATA CENTER REMOTE SERVICES SECURE COMPONENTS AND SYSTEMS Proprietary and Confidential 2017 3

OUR WORLD @ NEXTRACKER KEY METRICS & GOALS 11 GW trackers delivered & in fulfillment N. America: > 7.5 GW Offices (9) S. America: > 1 GW Manufacturing (7) India & MENA > 1 GW Australia > 1 GW 175 MW weekly manufacturing capacity #1 market share, 2 years Parent company Flex, $24Bn revenue Connect to, and acquire data from, every component and every system every 5 minutes across the world Create meaningful value with this data and connectivity 2017 4

TOP 7 QUESTIONS OWNER/OPERATORS ASK: 1 2 3 4 5 6 7 How do you handle security with your Zigbee wireless network? How do you protect power plants from hackers if there is remote access? What protocols do your equipment use and what protections does your equipment have? What data do you use? What platforms are your SCADA systems and your web dashboard built on? What s your patch management scheme and how often do update your systems? Are your technicians vetted? Do they have a background check and training? What customer data policies do you have? 2017 5

CASE STUDY: C&I (DG) CYBER SECURITY Bi-Directional Data Connector security measures encryption Authentication authorization Internet Firewall REMOTE NOC (NETWORK OPERATIONS CENTER) NOC cyber security boundary Remote NOC security measures access control incident response patch management virus management access logging Firewall Solar Power Plant security measures SOLAR POWER PLANT Router/ Switch encrypted communication configuration management Field Gateway Field Gateway Field Gateway Field Controllers 2017 Power Plant cyber security boundary 6

CASE STUDY: UTILITY-SCALE CYBER SECURITY Data Center security measures access control incident response plan data management virus management access logging Bi-Directional Data Connector security measures encryption Authentication authorization DATA CENTER Firewall Firewall Internet Data center cyber security boundary Firewall REMOTE NOC (NETWORK OPERATIONS CENTER) NOC cyber security boundary Remote NOC security measures access control incident response patch management virus management access logging Solar Power Plant security measures encrypted communication configuration management SOLAR POWER PLANT Field Gateway Field Gateway Router/ Switch Field Gateway Site Control Room security measures Site control room access control incident response patch management virus management access logging Field Controllers 2017 Power Plant cyber security boundary 7

TYPICAL SECURITY PLATFORM RECURRING TASKS Activity Frequency Activity Frequency Physical Security Plan Audit Annually System Recovery Plan Audit Annually Cyber Awareness Training Annually Change Management Plan Audit Annually Electronic Security Perimeter (ESP) Plan Audit Annually Configuration Monitoring Plan Audit Annually System Access Plan Audit Annually Configuration Change Report Monthly Threat Deterrence & Detection Plan Audit Annually Vulnerability Plan Audit Annually Event Monitoring & Notification Plan Audit Annually Paper Vulnerability Assessment Annually System Access Plan Audit Annually Operational Health Check Monthly Incident Response Plan Audit Annually Security Patch Evaluation & Application Report Monthly System Recovery Plan Test Annually Backup and Recovery Performance Monthly 2017 8

CONTACT: Allan Daly VP Software Engineering Email: adaly@nextracker.com THANK YOU Copyright 2017 NEXTracker, Proprietary and Confidential

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback